|
A NAC firewall is a Network Access Control (NAC) appliance which acts like a firewall but instead of inspecting traffic, inspects network assets which come and go on and off the network and denies or permits limited or full access to the network based on a set of rules or policies.
Unlike NAC infrastructure solutions, a NAC firewall operates similarly to a network firewall in that you plug it in on your network without replacing any existing equipment such as switches and hubs. In addition, a NAC firewall, like a network firewall does not need to install or manage agents or client-based software to operate. Also, NAC firewalls, unlike INFOSEC firewalls, do not have to operate in-line, so if a NAC firewall device goes offline, there is no risk of network downtime due to the device malfunctioning.[http://www.networkworld.com/newsletters/vpn/2008/0211nac1.html?nlhtnacts_021208&nladname021208security:networkaccesscontrolal ]
History of NAC firewalls and their introduction into the market in 2008:
There are currently 246,000 Google entries on "NAC firewall" and growing daily, as of 3/24/08.
There are numerous shortcomings of network firewall appliances due to a dramatic increase in mobile computing, insider attacks and peer malware deployment. In addition, most endpoint defense software only partially protects those systems which are trusted and do not protect against attacks by those who are untrusted, yet able to gain inside access to a network. By early 2008, there were more than 3,000 pieces of malware launched over the Internet that are able to halt processes and kill protection software such as anti-virus tools from the leading anti-virus vendors.
Because of these perimeter and endpoint defense shortcomings, NAC firewalls were created and launched into the information security (INFOSEC) market in early 2008 to control network access and better manage trusted, weak and infected assets by deploying real-time inspection and quarantine technologies including using and fine tuning existing network infrastructure equipment such as firewalls, intrusion detection systems, intrusion prevention systems and smart switches with virtual local area networks (VLANs).
|
|
|