Network Access Control :NAC CAMPUS MANAGER

Bradford NAC Campus Manager is a user-centric, network-based solution with integrated identity management, endpoint compliance and usage policy enforcement capabilities for controlled network access. The solution actively monitors and controls network users and devices to provide enhanced security within the network. Through the enforcement of network usage policies, the solution ensures the network is safe and secure. 

Bradford Campus Manager will help solve important network issues such as:

• Controlling unwanted users
• Enforcing anti-virus and anti-spyware version control
• Enforcing network policies
• Controlling network access
• User and device management

NAC Campus Manager for Network Access Control collects information from the user, device and network, correlates that information with established policies, and effectively allows network administrators to take action.

Identity Management

Ensuring network integrity begins by enforcing robust policies and rules. Bradfords Campus Manager requires all users to register prior to allowing them access to the network which allows administrators to:

• Control network access for wired, VPN and wireless users
• Assist in tracking all users by location, name or address (MAC and/or IP)
• Provide role-based access and levels of service via dynamic VLAN assignment

All devices that connect to the network are placed in a Registration VLAN until the device is properly registered. Another layer of protection requires the user to authenticate before connecting to the network. Each user and device on the network is registered and tracked to enhance security and access control.

Role-based access functionality ensures that users are connected to specific VLANs depending on the type of service authorized. The result is tight control over the network and a consistent, real-time view of activity.

Endpoint Compliance

Bradfords NACCampus Manager can help ensure that the computing devices on your network meet your minimum required security standards and that your network is safe and secure. This security-management application will perform registry-based scans on each network device prior to being placed on the live network.

Devices that are ‘at risk’ are placed in a secure Quarantine VLAN where they can remediate the issues without helpdesk intervention (self-help). In addition, ongoing port-based vulnerabilites scans are performed by an embedded open-source Nessus application.

• Check operating system type and patch levels
• Check anti-virus application type and definition version levels
• Check to ensure anti-spyware applications are installed
• Connection-based scanning upon network access

Network Access Control NAC Campus Manager’s endpoint compliance functionality performs three significant functions:

• Every device is checked before being allowed to connect to the production network
• Non-compliant ‘at risk’ devices are isolated in a “Quarantine” area
• The Remediation Center provides ‘self-help’ services to resolve issues without helpdesk intervention

Usage Policy Enforcement

Campus Manager is a powerful tool to help enforce the network’s acceptable use policies. Whether it is tracking unwanted activities, such as gaming, music file sharing, or instant messaging, the functionality in Campus Manager will help to enforce specific network policies to ensure that clients on the network do not abuse services. Using scheduled scanning, the solution applies role-based identity information to ensure policies are user-specific. This approach integrates all identity management and endpoint compliance with usage policy to ensure optimum performance.

Campus Manager interfaces with third party solutions to gather critical information to determine if network violations are occurring. The result is identification, notification, problem isolation and corrective action. The solution allows network administrators to:

• Enforce acceptable network use policies
• Control chatting, gaming and file sharing
• Limit bandwidth usage
• Interface with IDS, traffic shapers, and other external device.