Aruba ClearPass NAC Overview

Aruba ClearPass NAC Overview

In this article, we will talk about Aruba ClearPass Network Access Control Features. Network Access Control is the top priority for most of the organization today. Organizations need to manage secure access to the network and support BYOD requirements and Guest Access environment. 

Latest trends like allowing personal devices and connecting IoT devices on the network make the administrator’s job challenging. Aruba ClearPass is there to manage all these requirements and more using Identify, Enforce, and Protect.

⭐ Identify 👇

There is a saying - you cannot manage what you don’t see or know. As an administrator, one of your responsibilities is to know what devices are connected to the network, who owns those devices, and where these devices are connected to the network. Identify feature of NAC, allows the administrator to know users, their devices connected to the network, and their location.

Figure 1: Identify users, their device and location

⭐ Enforce 👇👇

Identifying users and granting or denying network access based on username and password is the traditional approach and does not meet the agile network access requirements. As an administrator, you must be able to enforce strict network access policies based on the user and device rules. In addition to username & password, today device type, location, and user collectively provide context, and this context is used in rules.

Figure 2: Enforce User & Device Policies

Not only this, trends like IoT & BYOD adoption challenge security approaches – where the perimeter is slowly dissolving or disappearing. Traditionally perimeter firewalls were used to secure the network from external threats but now these devices need direct internet access and may increase the attack surface. 

Therefore, now implementing the security at the network access level and controlling the access is the MUST. Aruba ClearPass allows network administrators to implement consistent and strong enforcement policies.

⭐ Protect 👇👇👇

Today industry is talking about zero trust, just providing, or controlling the network access is not enough. You need to ensure the constant behavior analysis of the devices on the network react to these behavior changes, and finally, impose the appropriate restrictions on the activities. 

For example, let’s say an IoT sensor like an HVAC sensor is sending a print request to a network printer or a desktop is connected to the network with anti-virus disabled. The administrator should be able to identify these trends, enforce restrictions, and notify admins about them.

Figure 3: Protect against potential internal threats.

Aruba ClearPass uses dynamic network policies that control and implement the proper network protection framework. It can remove or quarantine the device in case of abnormal behavior and notify the administrator. This way administrator gets the complete control over the network.

This concludes the brief introduction of the Network Access Control feature of ClearPass. Hope you find this informative.

 Continue Reading...

• Aruba EdgeConnect: Aruba EdgeConnect Appliance on VMware
• Aruba EdgeConnect (SD-WAN) - 1st to attain ICSA Lab Secure SD-WAN Certification!
• Aruba EdgeConnect: Ruggedize First Mile Connectivity
• Aruba EdgeConnect: Initialize ECV Appliance (Day 0 Config)
• A Quick Intro - Aruba EC-10104 Appliance
• Aruba EdgeConnect: BOOST in Action!
• Aruba SD-WAN: BOOST in Action - 2
• Aruba EdgeConnect: FEC in Action!
• Aruba EdgeConnect: Path Conditioning
• Aruba SD-WAN: BOOST Feature
• Aruba SD-WAN: Dynamic Path Control
• An Introduction to Aruba SD-WAN: Business Intent Overlays
• Aruba EdgeConnect Enterprise : An overview of Traffic Handling Features