This month we explore tools to help us wrangle our users and separate them from the herd of bad guys trying to enter our enterprise without authorization. These tools come in two flavors: identity management and network access control or NAC. Both of these tools are important because they allow us to manage some very important aspects of access.
First, we need to know who our users are. That is not as simple as it sounds, especially for large enterprises. When you have a lot of users, and you want to make certain that you have the important information about them, you are faced with, at best, a logistical challenge. At worst, you may have no idea who is or is not authorized to access various aspects of your enterprise.
Second, we need to manage those users’ access to various resources on the enterprise. This becomes a challenging application of identification, authentication and authorization. That challenge is what this month’s products are all about.
Identity management includes – or can include – several functions. Most important, it needs a way to provision users to the network. That means accepting the new user, managing the password creation process and making the connections that the user is authorized to have. These tasks need to be coordinated with some sort of database so that there is a central authentication mechanism when the user logs back in. That database usually is something such as Active Directory.
Once the user is provisioned, there needs to be some method of managing the user on an ongoing basis. That is where NAC enters the picture. NAC is used to perform several tasks. First, the NAC recognizes the legitimate user and checks for a profile. The profile tells the NAC what the user is allowed to do once they are allowed onto the enterprise.
This month’s products help you do all of these things. Contributing writer Nathan Ouellette takes you through the intricacies of network access control, while SC Lab Manager Mike Stephenson steers the identity management products. Thinking of these two important product groups together will help one gain perspective on user management. Applying them will help actually manage those users more efficiently and securely.