Network Access Control

Network Access Control (NAC) is the best proactive technology for protecting the corporate network. Working alongside other network security solutions, a NAC solution validates the integrity of PCs by taking measurements to ensure that they are in a proper state before they connect to a corporate network. In simple terms, the PCs must be healthy to access the network so they don't infect it.

NAC Attack

A weakness in NAC solutions occurs when malicious root-kits modify the in-memory state of programs executing on a PC, or endpoint, to hide themselves from the NAC security software. This attack is referred to as a "lying endpoint." These attacks negatively affect NAC systems that depend on the trustworthiness of this software.  As more NAC systems are deployed, the number of root-kits that attack them will also increase dramatically.

Preventing Lying Endpoints

Wave software and the Trusted Platform Module (TPM) complement NAC systems by securing PC health measurements and the NAC system itself through security hardware — in essence, any tampering that could affect the NAC system or its measurements is detected and reported.

Protection for NAC Solutions

Wave's EMBASSY® Endpoint Enforcer acts as the protector of the NAC solution. With the EMBASSY Endpoint Enforcer, the NAC solution can trust the data it is receiving and make informed access decisions for the PC.

TPM-Secured NAC System

• Physical hardware, the TPM, combines with Wave's software to protect and validate the integrity of the NAC system
• Integration with the NAC system ensures compatibility
• Uses standards-based protocols for interoperability

TPM-Secured NAC Measurements

• Individual measurements, such as whether a virus signature file is the correct version, can also be protected and validated

TPM-Based Machine Authentication

• Use the TPM to verify that only authorized machines are accessing sensitive network resources
• A simple precursor to NAC and an easy way to get started

Contact us or your NAC solution provider for more information on how to protect your NAC solution and your endpoints with TPM hardware.