Professional Documents
Culture Documents
net/publication/277012927
CITATIONS READS
3 11,504
3 authors:
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Henry Nunoo-Mensah on 21 May 2015.
28
International Journal of Computer Applications (0975 – 8887)
Volume 106 – No.6, November 2014
This paper has been divided into eight sections. Section two referenced as end-devices, enforcers and verifiers. Network
looks at the related work carried out in the field of NAC tools Access Control (NAC), communications starts when an
for enterprise networks. Section three explains the need to endpoint validates and provides a reliable platform
adapt opensource tools for use in critical projects. Section four characteristic to the verifier. The user and machine validation
explains some fundamental concepts and workings of ought to be verified. Integrity measures are taken and are sent
Network Access Control (NAC). Section five briefly from the end-device to the verifier.
discusses OpenNAC, PacketFence and FreeNAC, section six
depicts the requirements used in analyzing the tools listed in This is where the felicitous protocols and message handling
section five. Section seven explains NAC implementation practices are vital. Integrity measures are captured and
strategies and finally section eight concludes the paper. provided to the verifier, it then decides if security policies are
achieved. If policies are not realized, remediation is needed
2. RELATED WORK and the verifier issues instructions to the end-device on how it
This section reviews related work carried out in the past. [4] should connect for a remediation process. The end-device
carried out a work analyzing opensource architectures and follows these instructions issued by the verifier to allow either
requirements. [4] presented in-depth requirement analysis for limited network access or to be placed on a secluded network
NAC. Key design and implementation choices that are needed so that remediation can occur.
based on stakeholder requirements were also identified. Also, after an end-device has been checked for integrity, the
Recommendations were further made to improve the security network administrator may need to apply policies to the end-
posture of the network. The analysis of the NAC products device prior to its acceptance on the network. [4]
carried out in [4] was performed in the following areas;
authentication, integrity measures, remediation, security,
functional and non-functional, system administration and
policy settings. The NAC products in the analysis were Cisco
Network Admission Control, Microsoft Network Access
Protection (NAP).
3. WHY OPENSOURCE
People prefer opensource software because they have more
control over the software. They can examine the code to
ascertain it's not doing anything they don't optate it to do, and
they can transmute components of it they don't relish. Users
who aren’t programmers additionally benefit from open
source software, because they can utilize this software for any
purport they optate, not merely the way someone else
cerebrates they should.
The active support by the opensource community on projects
makes it the ideal software for important, long-term projects.
Users can rely on software for crucial tasks knowing that their
tools would not have discontinued support once their original
developers discontinue work on them.
Others prefer opensource because it is considered as very
secure and stable as opposed to proprietary software. This is Fig 1: Network segregation used in NAC Solutions
because of the fact that the code is open and anyone can
identify and correct bugs missed by the original creators of the 5. REVIEW OF TOOLS
software. It is stable because there are a lot of programmers The opensource tools selected include OpenNAC,
that can work on it without seeking for permission from the PacketFence and FreeNAC; these tools were chosen because
originators of the software, this helps maintain it by keeping it of their popularity when it comes to opensource NAC tools.
fit generally fixed, updated and upgraded.
5.1 OpenNAC
Additionally others like opensource software because it avails OpenNAC is an open source network access control tool that
them to become enhanced coders. They can learn to make provides access for LAN/WAN. It works with a wide range of
more preponderant software by studying the source code operating system clients (Windows, Linux, Mac, etc.) and
others have indited. Coders additionally share their work with network contrivances such as Extreme Networks, Cisco,
others, welcoming comment and reproval. This spirit is self- 3Com and Alcatel. The software is developed based on well
motivating to always achieve or be the best. proven opensource components like FreeRadius, iTop, lcinga.
It is very flexible as it allows for user to add new
Importantly it affords educational institutions, especially in
functionalities like accounting, asset management, and
developing economies to use world class software tools. This
Network Intrusion Detection and authentication systems.
is because they get the service they would pay for free and
OpenNAC is also ideal for network configuration and
still be able to compete with other institutions in the
discovery, network contrivance configuration backup and
developed economies.
network monitoring aside the inherent access control.
4. NETWORK ACCESS CONTROL Other features of OpenNAC are that it enables authentication,
(NAC) FUNDAMENTALS authorization and audit policy-based access to the network; it
Network Access Control (NAC) offers end-device also provides real time monitoring of users and contrivances
management and compliance, identity management and on the network [5].
utilization policy enforcement. NAC components as
29
International Journal of Computer Applications (0975 – 8887)
Volume 106 – No.6, November 2014
30
International Journal of Computer Applications (0975 – 8887)
Volume 106 – No.6, November 2014
31
International Journal of Computer Applications (0975 – 8887)
Volume 106 – No.6, November 2014
32
International Journal of Computer Applications (0975 – 8887)
Volume 106 – No.6, November 2014
IJCATM : www.ijcaonline.org 33