3.6 Explain the purpose of various network access control models - Paiet/Tech-Journal-for-Everything GitHub Wiki

3.6 Explain the purpose of various network access control models

  • 802.1x
    • Based on EAP (Extensible Authentication Protocol)
    • 3 components of EAP
      • Supplicant (Client-device or user requesting authentication)
      • Authenticator (Encapsulates authentication request of Supplicant to the Authentication Server)
      • Authentication Server (Answers supplicant with a challenge (token password combo)
    • Can support client-only authentication or mutual authentication.
  • Posture assessment
    • Evaluation of the system security based on applications and settings currently in use.
    • This is the basis for authorization in Network Access Control.
    • Most require 802.1x supplicant "agent" (client) to be installed.
    • Agent-less Posture assessment used to accommodate BYOD
      • Fingerprints network devices that are attached
      • Determines if devices is a threat or vulnerable to attack
      • Quarantines rogue devices and infected devices.
  • Guest network
  • Persistent vs non-persistent agents
    • Persistent Agent--remains installed to do all user login and compliance functions
    • Non-persistent agent--user installed at login but not visible after session is over.
  • Quarantine network
    • Also called a "Remediation Network"
    • Devices that are not meeting the compliance policies are placed into this quarantine network and the end user is notified as to why and what should be done for normal network access to be restored.
    • This provides for the node to be isolated from the remaining network while the non-compliant machine is dealing with the issue.
  • Edge vs access control
    • Edge control includes
      • Safe onboarding: users self-registering their devices securely
      • Device profiling: identifying and classifying every device
      • Endpoint compliance: every device is compliant before accessing resources and joining network
      • Network automation: Access based on policy based on location, device and user
      • Security automation: execute compliance scan and polices automatically
      • Rapid Response: reduce the time for containment
    • Access controls include
      • Models
        • Mandatory
          • Policy is administratively defined, users do not modify policy
          • Users are assigned clearance level
          • Objects are classified at a security level
          • Clearance = security level for access
          • NIST Guidelines
        • Discretionary
          • User has control over object user creates and programs that he executes.
          • Access must be explicitly assigned to users
          • "Not on the list" = "No Soup For YOU!"
        • Role Based
          • Administrator creates roles and users are assigned to roles.
          • These roles are pre-assigned access to objects.
          • Users are granted access because they are assigned to that role.
        • Rule Based
          • e.g. Access Control Lists on routers
          • e.g. Firewall Rules
  • A few Solution Providers