Network Access Control (NAC) works by enforcing security policies on devices attempting to access a network.

Here’s a breakdown of how it operates:
1. Device Identification: NAC identifies devices trying to connect to the network. This can include
laptops, smartphones, tablets, and IoT devices. It uses methods like MAC addresses, certificates, or agent-based software to recognize devices.

2. Authentication: Once a device is identified, NAC authenticates it to ensure it is allowed to access the network. This can involve verifying user credentials, device certificates, or other authentication methods.

3. Compliance Check: NAC checks if the device complies with the organization’s security policies. This includes verifying if the device has up-to-date antivirus software, operating system patches, and other security configurations.

4. Access Control: Based on the authentication and compliance check, NAC determines the level of access the device should have. It can grant full access, limited access, or deny access altogether.
For example, a compliant corporate laptop might get full access, while a personal smartphone
might only get access to the guest network.

5. Monitoring and Enforcement: NAC continuously monitors devices on the network for any
suspicious activity or policy violations. If a device becomes non-compliant or exhibits unusual
behavior, NAC can take actions such as quarantining the device, restricting its access, or notifying administrators.

6. Remediation: If a device is found to be non-compliant, NAC can guide the user through steps to bring the device into compliance. This might involve updating software, installing patches, or
configuring security settings.
By implementing these steps, NAC helps maintain a secure network environment, ensuring that only authorized and compliant devices can access network resources.

Network Access Control (NAC) handles guest devices by providing secure, temporary access to the network while ensuring these devices do not compromise security. Here’s how it typically works:
1. Guest Registration: Guests are often required to register their devices through a self-service
portal. This can include providing personal information and agreeing to the organization’s
terms of use.

2. Authentication: Once registered, guests receive temporary credentials (such as a username and password) to access the network. This ensures that only authorized guests can connect.

3. Compliance Check: NAC performs a compliance check on guest devices to ensure they meet basic security requirements, such as having up-to-date antivirus software and patches2.
Non-compliant devices may be denied access or given limited access.

4. User Experience: Customizable captive portals allow organizations to create a branded and
user-friendly experience. They can include logos, colors, and custom messages that align
with the organization’s branding.

5. Network Segmentation: Guest devices are typically placed on a separate network segment or VLAN. This segmentation ensures that guest devices can only access specific resources,
such as the internet, and are isolated from sensitive internal systems.

6. Monitoring and Enforcement: NAC continuously monitors guest devices for any suspicious activity or policy violations. If a guest device is detected to be a threat, NAC can isolate it from the network or restrict its access.

7. Access Expiry: Guest access is usually time-limited. Once the access period expires, the guest device is automatically disconnected from the network.
By implementing these measures, NAC ensures that guest devices can access the network securely without posing a risk to the organization’s internal resources.

Certainly! A captive portal is a web page that users are automatically directed to when they attempt to connect to a network. This page typically requires users to authenticate themselves or agree to terms of service before they can access the internet or other network resources.

Here’s how captive portals work within the context of Network Access Control (NAC):

1. Redirection: When a user connects to the network, their HTTP traffic is intercepted and
redirected to the captive portal. This happens before they can access any other web pages.

2. Authentication and Registration: The captive portal presents a web page where users must authenticate themselves. This can involve entering a username and password,
registering their device, or agreeing to the network’s terms of service.

3. Compliance Check: The captive portal can also perform compliance checks, ensuring that the user’s device meets the network’s security requirements. This might include checking for up-to-date antivirus software, operating system patches, and other security
configurations.

4. Access Control: Once the user has authenticated and their device has passed the compliance check, the captive portal grants them access to the network. This access can be full or limited, depending on the user’s role and the network’s policies.

5. Monitoring and Enforcement: The NAC system continues to monitor the user’s device
and network activity. If any suspicious behavior or policy violations are detected, the NAC can take action, such as redirecting the user back to the captive portal for
remediation.
Captive portals are commonly used in public Wi-Fi networks, hotels, airports, and corporate guest networks to ensure that only authorized users can access the network and that their devices are secure.

The Endpoint Protector module focuses on securing endpoints, which are often the most vulnerable parts of a network.

1. Device Management: Provides comprehensive control over devices, including remote
control, location tracking, and notifications for hardware changes.
2. Advanced Verification: Uses a two-layer management and verification system to
enhance security and operational efficiency.
3. Command Flexibility: Supports various command interfaces such as WMI, PowerShell,
SSH, and CMD, allowing for versatile data management.
4. Hardware Inventory: Collects and monitors hardware inventory, instantly detecting any
changes in devices on the network.
5. Health Check: Conducts thorough health and posture checks to ensure devices meet
predefined security standards before granting network access.
6. Hybrid NAC Technology: Combines agent-based and agentless structures to leverage
their strengths and provide a robust security framework
These modules work together to provide a secure and efficient network environment, ensuring that only authorized users and compliant devices can access the network.