Network Access Control
In order to efficiently operate, business today must build and enforce access control policies for vendors and third parties requiring administrative privileges to important IT infrastructure. Securing access to network assets isn’t new, but with the growing usage of VLANs, Cloud-base solutions, and more web-facing assets, what’s the best way to control vendor access?
Out-of-Band Management has several benefits for use in Network Access Control (NAC). Here are a few things to keep in mind when you’re defining parameters:
- Vendors should not be allowed to directly access your appliances; smart deployment routes vendors to the NOC giving you much greater visibility and control. Do you have granularity in your ability to control access to devices? Can you say, assign a single port on a switch to, Vendor A, and, access power cycle capabilities to, Network Consultant B?
- How does your third party access the NOC? Do you allow VPN or have other methods of access?
- Are you able to track who visited remote locations, when the access occurred, and what machines (or ports) were touched?
- Do you use a third-party to manage security at any of your remote sites? If so, do they have continuity to access your assets if network is compromised or unavailable? This is important if you expect agreed upon SLA’s to be met.
An efficient roll-based security system is paramount to any successful network access control. You cannot allow third parties admission to critical network and security elements without proper control capabilities.
Be an informed advocate for your NAC, check to make sure you are able to secure the proper access to remote site locations with or without network connectivity. Ensure that your business (or business partner) is watching and recording all remote access to network assets. The potential for security holes here is prevalent, particularly because this may be an area businesses consider, “under control”. Protect yourself, sample policies and procedures then take corrective action.