(1)Secure Network Construction

Question 1

What do Network Access Control (NAC) systems do?

Answer 1

NAC systems help to keep bad people out and to make sure that the system covers the bases of proper security

Question 2

What is the 802.1X protocol? What are two connection types that may use it?

Answer 2

The 802.1X protocol is a popular standard used with Network Access Control (NAC).

It is involved if a user connects to a network through a physical cable or a wireless network.

Question 3

In the 802.1X protocol, what is a supplicant?

Answer 3

A supplicant is a software program that is on a device that is used to tell a network that it would like to connect

Question 4

In the 802.1X protocol, what is the authenticator?

Answer 4

The authenticator is a service that is running on a wireless access point or a switch. It passes sign on requests to the Remote Authentication Dial-In User Service (RADIUS) protocol for full authentication

Question 5

What if a user tries to connect in 802.1X and fails authentication?

Answer 5

If a user tries to connect in 802.1X and fails authentication, then the user is denied access or may be put on a quarantine network until the issue can be resolved.

Question 6

What is the difference between an agentless and agent based approach to 802.1X within NAC?

Answer 6

Agent based approaches involve a special software (called an agent) to be on the NAC service.

Agentless do authentication in the web browser

Question 7

What is the difference between in band and out of band in terms of NAC solutions within 802.1X?

Answer 7

In band solutions use committed appliances that are in the way of devices and the resources that they want to get to. Devices that wish to access the network must pass NAC authentication.

Out of band solutions such as 802.1X use network infrastructure that is already in place and has network devices talk to the authentication servers and then reorient the network to give or reject network access as appropriate.

Question 8

Network Access Control (NAC) solutions often simply allow or deny access based on username/password and a couple other criteria. What other criteria may be involved in NAC?

Answer 8

Other criteria involved in NAC could include:

-Time of Day
-Role
-Location
-System Health

Question 9

If Network Access Control (NAC) solutions use the health of a system as a measuring unit to determine access to the network, what does the system health entail?

What is a system’s health is not sufficient based on NAC requirements?

Answer 9

System health includes if the device has proper firewalls configured, virus definitions, system updates, and other factors.

If a system health isn’t good enough for a network, then the system can be put on a quarantine network until the system has the proper configurations to be allowed full access to the production network