Friend or Foe – Can NAC save your network?

Monday 11th February, 2013

How confident are you that you know who and what is connecting to your network?

  • Even with 802.1x, you don’t know what is connecting to your network.
  • User authentication is not enough.
  • Data Protection Act All steps should be taken to secure confidential data.

Our customers requirements for Network Access Control (NAC) are simple and straight to the point;

  1. To accurately identify “friend” and “foe” e.g. visibility of their own authorised devices and users, against unknown and unauthorised devices.
  2. To Alert and Block “foes” e.g. if an unknown, unauthorised device is connected to the network, immediately block its access and alert appropriate IT staff.
  3. To leverage existing network infrastructure (wireless and wired) and not require refresh or redesign (which equates to disruption and more cost!).

As simple as they sound but to actually address in practice can often be expensive, complex to implement and labour intensive, making the decision for such a solution difficult to justify and deploy. A badly implemented “NAC” or similar security concept is a wasted investment. For example; our experience across Healthcare, Education, Government, Finance and Retail has identified that many organisations implementing wireless rely on 802.1x (including secure token authentication) to secure their new widely available network. This often fails to take into consideration what devices are being connected and authenticated, potentially opening up the network for significant data leakage, cyber threats (Virus / Trojan / Spyware or other malicious activity) as well as putting the organisation at risk of prosecution for failing to comply with industry regulation. With over 5 years of “NAC” experience, Khipu can provide a low cost, passive and unobtrusive approach to Network Access Control enabling our customers to have complete visibility of their entire wireless and wired networks, whilst securing against unknown and unauthorised devices. If you are trying to address such requirements, we can provide an onsite demonstration to show how simple and straightforward this concept can be, providing the following;

Network Discovery and Visibility; who, what, where and when

From a single view, show devices connected to your network:

  • Device: IP address, Mac address, type including browser-less devices such as Building Management Systems, CCTV, Printers etc.
  • Location: Switch, switch port, wireless access point
  • Time: Connect and disconnect

Lock down the Network; “Friend” or “Foe”

Automatically Identify, Alert and Block unauthorised device access! Please refer to the following links on how we address the wide range of requirements for Network Access Control for different user and device types;

  • Addressing customer problems with NAC datasheet; Click Here
  • Lock down your network from the “Foes”; Click Here
  • Simplifying secure guest access; Click Here
  • Addressing regulatory compliance with NAC
  • SC Magazine chooses Bradford NAC 2nd year round

Key benefits to our solution include;

  • It is Network Independent (wired or wireless) therefore does not rely on any particular switch or wireless vendor make or model
  • Out of Band solution (i.e. not in-line), therefore you do not need to re-design your network or organise down time for installation
  • The system is completely client-less therefore, software / agents do not need to be installed on to any devices
  • Manages and secures all of your sites from a single system
  • A ‘tried’ and ‘tested’ scalable and cost effective solution with over 250 implementations in the UK/Ireland (over 1000 worldwide).

If you are looking to address such requirements or require further information, please contact the KHIPU team;


T: 0845 272 0900

About Khipu Networks

Khipu Networks core business is to provide secure and dynamic network solutions into public sector and corporate organisations, providing the following;

  • ACCESS – Wireless and Remote Mobility, LAN Infrastructures and Core Network Services Solutions
  • VISIBILITY – Device Visibility, User, Content and Threat Identification and Network Behaviour Analysis
  • CONTROL – Network Access Control, Next Generation Firewalls and Intrusion Prevention Solution