The National Security Agency (NSA) recently released a guide on network infrastructure security. In the report, the NSA advises the implementation of a Network Access Control (NAC) solution to protect the network from unauthorized physical connections. While a necessary tool, NAC solutions are limited in their abilities due to visibility challenges, and this weakness gets exploited by covert spoofing devices.
NAC lacks: visibility
NAC is a traffic-based solution that monitors Layer 2, relying on a MAC address or the 802.1x standard to authenticate devices. However, NAC controls get bypassed by MAC-less devices or devices with a spoofed MAC address. This is a significant risk as non 802.1x compliant devices, such as IoTs, get identified by their MAC address, thus creating a large hole in security defenses.
Malicious actors exploit the visibility gap with hardware attack tools that impersonate legitimate HIDs by spoofing their MAC address. Without the Layer 1 visibility necessary to detect the true identity of spoofing devices, the NAC solution authenticates them, granting access to the network. Once inside, these covert attack tools can carry out a variety of harmful attacks, ranging from espionage and data theft to ransomware and man-in-the-middle attacks.
NAC and HAC-1: a perfect match
Sepio’s HAC-1 solution provides a panacea to the gap in device visibility by covering Layer 1. HAC-1 uses Layer 1 data to generate a digital fingerprint of all assets to provide complete asset visibility. The solution identifies all hardware devices for what they truly are – not just what they claim to be – and instantly detects spoofing devices. The enhanced visibility provided by HAC-1 supports NAC solutions in securing the network infrastructure by offering a more robust dataset. HAC-1 integrates with existing NAC implementations through the 3rd party REST API option without affecting the performance of the NAC solution.
network access control problems
First of all, Sepio’s Hardware Access Control HAC-1, provides 100% hardware device visibility.
HAC-1 enables Hardware Access Control by setting rules based on the devices characteristics.
Further, HAC-1 instantly detects any devices which breach the set rules and automatically block them to prevent malicious attacks.