EA-STD-031 Network Access Control

Architectural Classification

Technology \ Networks \ Security

Standard Specification

All devices connecting to the University network shall be subject to Network Access Control (NAC) in order to enforce authentication, compliance and allow for remediation of incidents.  This standard addresses the over-arching strategy with a view to providing an enterprise NAC solution which is interoperable between multiple vendors and solutions.

 

Baseline (Today) Emerging (To track)
  • Manual network access control
  • Ad-hoc network access control
  • MAC address filtering
  • Switch level port security
  • Industry wide standardised NAC
Tactical (0-3 years) Strategic (3-6 years)
Over-arching strategy

  • Automated Network Access Control

Network Management Protocol

  • 802.1X protocol support
  • SNMP protocol support

Access encryption protocol

  • Protected Extensible Authentication Protocol (PEAP) support
  • Tunnelled Transport Layer Security (TTLS) protocol support
  • Reporting
  • Ability to produce and forward syslogs to enterprise Security Information and Event Management tool.
 Over-arching strategy

  • Automated Network Access Control

Network Management Protocol

  • 802.1X protocol support
  • SNMP protocol support

Access encryption protocol

  • Protected Extensible Authentication Protocol (PEAP) support
  • Tunnelled Transport Layer Security (TTLS) protocol support
  • Reporting
  • Ability to produce and forward syslogs to enterprise Security Information and Event Management tool.
Retirement (to be removed) Containment (No new development)
  • Manual network access control
  • Ad-hoc network access control
  • MAC address filtering
  • Switch level port security

 

Author: Paul Ferrier Date: 24/10/2014 Version: 1.0
Document Security Level: PUBLIC 
Document Approvals: Technical Architecture Group

Enterprise Architecture Practice

Enterprise Architecture Board

IT Director

 08/08/2014

August 2014

September 2014

23/10/2014
Review Date: October 2015

Network Access Control Roadmap

Network Access Control