Enhancement of network access control architecture with virtualization

Abstract

The demand for protecting the enterprise network infrastructure from network security threats has shown an increase in recent years. Therefore, a security enforcement mechanism for the network is required to protect the network against the threats especially from internal. Generally, staffs and visitors that use their computer everywhere could bring a threat as it escape from the protective measures imposed by an organization. Therefore, it is necessary to secure enterprise network from being compromised by using endpoint security solution. Network Access Control (NAC) is capable to provide solution for determining the integrity of endpoints which serve as a basis for trustworthy communication. However, literature review reveals several types of NAC architecture that have been implemented by solution providers such as CISCO NAC and Microsoft NAP employs proprietary standard and the deployment method used is not comprehensive. In addition, previous architecture only complies with one of the NAC characteristic such as in-band or out-band, managed or unmanaged LAN, agent or agentless, pre-admission or postadmission and limited OS support. Hence, this study will focus on reviewing all those NAC architecture as a baseline to produce an enhanced NAC architecture which can cater for all NAC characteristics. The results shows that proposed NAC architecture which is combination of all the NAC characteristics can effectively control the network access by endpoint device. This proposed NAC architecture maybe useful as a basis for reference not only for researchers in this field but also for network administrator. It is necessary to review the NAC architecture from time to time to ensure that the security is remain intact.