OVERVIEW
Network Access Control (NAC) is a security solution designed to manage and enforce policies for network access, ensuring that only compliant and authorized devices can connect to the network. By leveraging ClearPass OnGuard solutions, NAC provides robust protection against vulnerabilities and enhances overall network security.
DETAILS
Benefits:
- Enhanced Security: NAC with ClearPass OnGuard ensures that only compliant devices can securely access the network, reducing the risk of unauthorized access and potential security breaches
- Comprehensive Visibility: Real-time monitoring and reporting provide complete visibility into endpoint compliance and network access activities
- Simplified Management: Centralized management of health-check settings and policies simplifies troubleshooting and compliance reporting.
NAC FAQs
What is Network Access Control (NAC)?
NAC is a security enhancement tool that ensures only authenticated users and authorized, compliant devices can access SFU’s network, protecting your data and work. NAC strengthens SFU’s defenses against cyber threats and aligns with the goals of What’s Next: the SFU Strategy and the SFU IT Plan.
See the network flow diagram for Surrey. The diagram is subject to change as NAC is rolled out to Vancouver and Burnaby.
When will NAC be implemented?
Can I opt out?
If you are on a managed PC or MAC, NAC will automatically roll out to your machine. This is an essential security service.
Am I being tracked?
Only your managed machine is verified on the SFU network; no data is being tracked – NAC does not view your files or web traffic.
Will this affect my ability to connect to SFU’s network?
You will experience no changes in accessing the SFU network at this time. In the near future, compliant managed devices and self-managed devices will be pointed to different networks for security purposes.
What is a managed device?
Managed devices refers to desktops and laptops that are managed by IT Services. Staff and faculty can enroll their devices purchased through SFU's Procurement Services into managed devices, to benefit from standards that ensure the device is secure, license compliant, connected to enterprise resources, and regularly updated and maintained. Managed devices can also be found in offices, lecture rooms, labs, and libraries on campuses.
How does nac impact sfu managed devices?
You don’t need to take any action and won’t notice any changes on your managed device unless there’s a network compliance issue. NAC operates quietly in the background, ensuring secure access to SFU’s network. You may notice a new NAC icon in the menu bar or system tray of your device. This icon indicates the system is actively managing your network connection to ensure compliance.
What if I don’t have an SFU managed device?
Self-managed devices will move to a different network and may have future network limitations.
Who should I contact if I have questions or encounter issues?
Please contact the Network Services team at
ns-help@sfu.ca if you have questions.
To report an issue, you or your local IT admin can create a ticket in
TDNext.
For Local IT Staff:
What actions are required from Local IT?
No independent actions are required. Central IT will initiate and coordinate all necessary changes. Please wait for specific instructions before making any system modifications.
Will NAC affect our faculty's specialized equipment?
Central IT will work directly with Local IT teams to ensure proper configuration and continuity of service for specialized equipment.
What about systems with fixed IP addresses?
Central IT will manage the transition to DHCP and provide specific instructions when action is needed. Do not make any IP configuration changes until directed.