Network Access Control (NAC) Solutions

Preventing Arbitrary Network Connections

Question

Which technology prevents client devices from arbitrarily connecting to the network without state remediation?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

B

The technology that prevents client devices from arbitrarily connecting to the network without state remediation is 802.1x.

802.1x is a port-based network access control (NAC) protocol that is used to provide authentication, authorization, and accounting (AAA) services to devices attempting to connect to a network. It is designed to prevent unauthorized access to a network by requiring users or devices to authenticate themselves before they are granted access.

802.1x works by requiring the client device to provide valid credentials, such as a username and password, before it is allowed to access the network. This authentication process is typically performed by a RADIUS (Remote Authentication Dial-In User Service) server, which validates the user's credentials and determines whether they are authorized to access the network.

Once the user or device has been authenticated, 802.1x can enforce policies that dictate what the user or device is allowed to do on the network. For example, it can restrict access to certain resources or require the installation of security software before granting access.

802.1x can also provide state remediation, which is the process of ensuring that the user or device is in compliance with network security policies before allowing access. This can include verifying that the device has the latest security patches installed or that it is running up-to-date antivirus software.

In contrast, 802.11n is a wireless LAN standard that specifies the maximum data transfer rate between wireless devices. MAC Authentication Bypass is a method of bypassing 802.1x authentication by allowing a device to be granted network access based on its MAC address. IP Source Guard is a security feature that prevents IP spoofing by only allowing IP packets with valid source IP addresses to be forwarded on a network.