Pre-connect NAC – The first building block of a controlled guarded enterprise LAN
For those of you who are confused by the different terms, pre-connect NAC is the phase in which the identity of the device and the identity of its user are to be verified.
With pre-connect NAC any device trying to access the Enterprise LAN must be authorized, and the identity of the user using this device must be authenticated.
Pre-connect NAC allows disallowing access from rogue devices (non-authorized devices), and from unauthorized users.
Proving the identities of those using our infrastructure is a major piece with the overall security and control NAC is bringing along (Just as a reminder, pre-connect NAC is followed, usually, with posture validation tests, and post-connect capabilities).
Pre-connect must also deal with devices such as printers, VoIP phones, etc, which an identity of their user cannot be verified. Instead parameters regarding the device are those who should be verified (type of device, purpose, capabilities, etc.). These devices need to be constantly monitored so they would not be abused for an attack.
As demonstrated, pre-connect NAC has an important rule with NAC, and its values cannot be dismissed.