What is Role-based Access Control (RBAC)?
RBAC focuses on the identity of the user—the “who”—as the principle means of making an access control decision. This provides much more security and accurate access control than solutions that determine access solely based on the device that’s trying to gain access, such as a laptop or desktop computer, which are often being used by different people at different times.
Why is RBAC on the network important?
Most other network approaches focus on checking patches and other host security controls. They do this through scanning the device or using an agent resident on the host. While this is a valuable, it doesn’t add much value beyond the capabilities of the host security alone. RBAC allows users to be put in particular partitions of the network that addresses several emerging business problems such as guest management and regulation compliance.
How does the Identity Engines RBAC solution compare with Cisco, Microsoft, & Juniper NAC initiatives?
The Cisco, Juniper, and Microsoft NAC initiatives all assume that you use their products for some significant element of your infrastructure: for Microsoft, the servers and workstations; for Cisco, the switches, routers, VPN gateways, WLAN APs, AAA servers, and client supplicant; for Juniper, their client supplicant, firewalls, and AAA servers.
Identity Engine RBAC affords compatibility with all types of vendor equipment, and our system supports RBAC standards as they emerge beyond the current RADIUS, 802.1X, and EAP. Furthermore, only Ignition™ has the policy flexibility and directory integration necessary to support today’s complex policies and tomorrow’s.
Why is vendor-neutral RBAC important?
The standards for RBAC are still emerging, so whatever system you deploy should be flexible enough to meet those standards as they emerge.
Networks and computing in general are by their very definition heterogeneous since they are built over time and no one vendor can supply everything your network needs. The techniques by which you authenticate and authorize access to those computing resources must be heterogeneous as well to afford the most flexibility in deployment and operation—it just doesn’t make sense to be locked in with only one vendor.
How does Identity Engines’ solution fit into existing security frameworks?
Identity Engines solution can act as an entire RBAC solution in itself, or it can augment the limited policy capabilities of alternate security approaches. In the latter role, Ignition provides policy services and authentication focused on the user through rich integration with an organizations current back-end directory stores. This allows decisions around access based on country of citizenship, job title, location, and a host of other attributes, mixed in whatever combination makes sense for an organization.
Want a policy that only lets accounting users on the financial system during business hours, and only when coming in via the wired network? With Ignition®, such a policy is just a few mouse clicks away. With other solutions, such a policy is cumbersome, if indeed it can be configured at all.
Still have unanswered questions? Let us put you in touch with a solutions specialist today that can answer all your questions about the Identity Engines' solutions for Role-based Access Control.
