Juniper Networks - Unified Access Control


You already know the problem: Guests, contractors, consultants and uninvited visitors plug into your corporate networks without your authorization and wreak havoc. The problem is real, the alternatives are few and the choices are confusing. Welcome to NAC (Network Access Control).

NAC is probably one of the least understood and abused terms we face today in IT. Many claim to have a solution to NAC, but most seem to be taking very creative license in the definition of the problem and the solution.

In its' simplest form, NAC (Network Access Control) is about restricting access to the network, often viewed as a layer 2 problem and therefore layer 2 solution. Some solutions include locking down ports on switches, others include loading a list of MAC addresses on some central solution, others have the concept of quarantine VLANs and patch compliance. Standards are evolving for 802.1x and the use of supplicants (even the word sends shivers up our spines), but they all miss the point! It's an incomplete picture and they're fraught with investments in new hardware and massive deployment issues.

Along comes Juniper... Juniper Networks understands from their extensive years of experience with SSL VPN that it isn't a device issue, it's a user issue! Sure, you want to make sure the device is secure, but you really want to understand who the person is on the other end of the wire, authenticate them, assign a role and then, based upon their role, define where they can go. This is where Unified Access Control comes into play. Don't replace your existing switch infrastructure if you don't need to, don't ask contractors to install software on their systems (in many cases they don't even have rights to do so), don't limit your world view to just PCs running Windows, instead take a holistic view of the problem.
  • Control access at layer 2 if you want to
  • Use existing authentication services to identify the user
  • Make use of existing enforcing points and deploy others where needed to protected essential resources
  • Embrace standards, such as TCG TNC
  • Create an environment of dynamic access based upon roles
  • Assess the endpoint, if desired, and assure compliance
  • Dynamically vary the access based upon time of day and device security posture along with a checklist of compliance and act accordingly

UAC from Juniper offers:
  • Advanced network protection via granular and dynamic policies
  • Application and network control
  • Visibility and monitoring
  • Simple, flexible, DEPLOYABLE and scalable access control

Picture 16
For more information, get datasheets, contact us or visit the Juniper website.