Four tricks teach you how to choose network access control products.

Generally speaking, considering the units that deploy the access control system, the informatization construction has reached a certain height, the network environment has been built, the network equipment is various and the terminal equipment is complex. As the choice of network access control system, it is necessary to consider whether the product supports a variety of network access enforcement technologies and whether it supports a variety of heterogeneous terminal identification (such as smart phones, tablet computers, character terminals, network printers, etc.). ) to adapt to various complex network environments. Therefore, the choice of access control products must be able to adapt to the diverse information system environment of users, and the manufacturer of access control system should be able to provide access control schemes in various environments and try to avoid large-scale network transformation.

2. Advanced framework and strong control.

1, software-based NAC； based on endpoint system architecture; Mainly the products of desktop manufacturers, using ARP interference, software firewall of terminal agent software and other technologies.

2.Infrastructure-basenac, an architecture based on the link of basic network devices; Mainly a variety of network equipment manufacturers and some desktop management manufacturers, using 802. 1X, PORTAL, EOU and other technologies.

3. Device-based architecture: mainly professional access control manufacturers, such as Furui Scott, Yinggaoke, SNAC Saisgate, etc. Techniques such as policy routing, MVG and VLAN control are adopted.

Looking at the evolution and development of these three frameworks, they are completely software-based frameworks with limited scope and control, and have not been accepted by users at present; At present, most network equipment manufacturers mainly admire the infrastructure-based architecture, which can promote the market sales of their network equipment, but the requirements for network equipment are very high, requiring equipment of specific models and manufacturers. There is the problem of setting up barriers to each other; At present, NAC equipment based on electrical infrastructure is relatively new abroad. This NAC device has almost no requirements for the types and models of network devices, which can reduce the deployment difficulty and achieve good control.

At present, the NAC scheme with good market acceptance is Appliance-base NAC, that is, the third generation access system architecture.

Three. Ensure high reliability of business continuity.

Once the user has built a network access control system, it means that all terminals enter the network every day and rely on the solution of this network access control system. At present, the network access control schemes on the market include pure software, pure hardware and the combination of software and hardware. Software system is usually installed on the server provided by users, which is relatively cheap, but its performance and stability are limited by the server and operating system. Because of the special hardware and operating system, the hardware system has high stability and controllable performance, but the price is usually higher. Users are advised to make reasonable choices according to their own network size and importance.

In addition, no matter which scheme you choose, you must have a perfect escape scheme with "failure open" mode and no single point of failure. The construction of network access control system shall not affect business continuity, resulting in the failure of normal office business.

4. Perfect supporting services and timely response.

The construction of network access control project is different from the deployment of gateway products, which are only deployed at one point. When you need to change, you can only change one point. The deployment of network access control system is related to every terminal and every user in the network. Lack of deployment experience and blind deployment will inevitably lead to a wide range of problems. Therefore, to build a good network access control project, we need a professional technical service team with rich experience in related projects and good risk management.

In the early stage of project construction, it is necessary to be able to plan an access control solution suitable for the user network. There should be a detailed plan from the aspects of safety, management, project construction cost and risk control. When the project is implemented, a complete project construction plan and a supporting project management system are needed. After the project runs, there must be a customer service system that responds in time. The quality of technical services is particularly prominent in access control projects.

The basis of intranet security lies in shielding all unsafe devices and personnel from accessing the network and standardizing users' access rights.