1. Network Access Control (NAC):
   1. An approach to computer security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement.
   2. These solutions support network visibility and access management through policy enforcement on devices and users of corporate networks.
   3. A basic form of NAC is the IEEE 802.1X standard.
2. Capabilities:
   1. Policy Lifecycle Management:
      1. Enforces policies for all operating scenarios without requiring separate products or additional modules.
   2. Profiling and Visibility:
      1. Recognizes and profiles users and their devices before malicious code can cause damage.
   3. Guest Networking Access:
      1. Manage guests through a customizable, self-service portal that includes guest registration, guest authentication, guest sponsoring, and a guest management portal.
   4. Security Posture Check:
      1. Evaluates security-policy compliance by user type, device type, and operating system.
   5. Incidence Response:
      1. Mitigates network threats by enforcing security policies that block, isolate, and repair noncompliant machines without administrator attention.
   6. Bidirectional Integration:
      1. Integrate with other security and network solutions through the open/RESTful API.
3. Agent:
   1. Code that performs a function on behalf of a remote application.
   2. NAC Agent:
      1. The code that performs user, device, and message authentication, and allows network access based on defined policies.
      2. Typically, agents perform functions for an application from the device on which the function is to be performed. However, NAC agents may reside in different places, or may operate without an agent:
         1. Persistent Agent:
            1. The NAC agent is on the device, where it performs authentication and compliance checking before allowing network access.
            2. The persistent agent may be an uncomfortable choice for some users because it is installed directly on the device. Some trust must exist between the NAC vendor and the end users for this solution to work.
         2. Dissolvable Agent:
            1. Also known as a Portal-Based Agent. An alternative to the Persistent Agent. Users download the agent via a web link. The agent then performs these actions:
            2. Authenticates the user and device
            3. Checks the device for compliance
            4. Authorizes network access
            5. Disappears until the user runs it again.
            6. This model provides peace of mind for users wary about installing an agent on their device. However, because this approach only provides one-time authentication, rather than the continuous protection, it is less useful.
         3. Agentless:
            1. NAC is embedded within an Active Directory domain controller (central server).
            2. When a device joins the domain, a user logs into the domain, or a user logs off, the NAC code verifies that the end station complies with the access policy as part of the process, using the Active Directory to scan the device.
         4. Security Infrastructure-Based:
            1. Other network monitoring devices and software, such as firewalls, perimeter routers, NIDS/NIPS, and UTM, perform their normal functions. If suspicious behavior is detected, those devices are configured to notify the NAC device, which will then remove the source of the traffic from the network.