International Journal of Computer Applications (0975 – 8887) Volume 106 – No.6, November 2014 28 A Review of Opensource Network Access Control (NAC) Tools for Enterprise Educational Networks Henry Nunoo-Mensah Department of Computer Engineering Kwame Nkrumah University of Science and Technology Emmanuel Kofi Akowuah Department of Computer Engineering Kwame Nkrumah University of Science and Technology Kwame Osei Boateng Department of Computer Engineering Kwame Nkrumah University of Science and Technology ABSTRACT In enterprise networks, the concept of bringing your own devices (BYOD) to work and also allowing guest nodes to connect to the network is encouraged. As a factor the need to control access to the network is critical as visibility of nodes attached to the network is paramount in determining potential threats. The use of opensource technology is not mostly patronized by the corporate world because of the steep learning curve and the assumed complexities involved in the use of these software. This paper throws more light on the need for the use of opensource for enterprise networks especially for such networks for developing economies. Three major open source tools (OpenNAC, PacketFence and FreeNAC) are reviewed to provide a mechanism for assessing and selecting an opensource option for your educational network. General Terms Opensource Network Access Control Tools Keywords Opensource, Network Access Control (NAC), Enterprise Networks, Educational Networks, Developing Countries 1. INTRODUCTION Educational networks can be undoubtedly categorized as an educational network because it follows the architecture of enterprise networks. Educational networks mainly for tertiary institutions are large and complex with a wide array of network contrivances found on them. It also has dynamic users of its network; this encourages the integration of seamless access to certain areas of the network. Enterprise networks have the ability to integrate all systems, such as Windows and Apple contrivances and operating systems, UNIX systems, mainframes and cognate contrivances like smartphones and tablets. A firmly incorporated enterprise network efficaciously conglomerates and uses different contrivance and system communication protocols. The major challenge of enterprise networks is the lack of congruous overtness needed to comprehend what is running on the network, where it is being run and how to meritoriously troubleshoot and resolve performance quandaries when they transpire. Network management procedures and solutions were conventionally built around contrivance management, but that is no longer sufficient. Modern networks have grown in involution and must compete with incipient types of traffic such as streaming video and voice; which are very sensitive to latency. The exposure of private corporate networks to the public Internet has engendered incipient end-user engendered traffic and security issues. Thus, network monitoring must now incorporate everything from end-user activities, applications, network traffic, networking protocols, servers, and network contrivances [1]. This is essential so as to obtain a holistic end-to-end view of what is transpiring and where on the network it is transpiring. Some security requirements pertaining to enterprise networks are the exposure of malicious software; any malicious software needs to be branded, removed or secluded. Auditing tools are needed to keep logs of all activities on the network, passwords must be hard to guess; there ought to be in place a one-way encryption form for application used on the networks and passwords should be changed at least once every six months. There should also be access control in place to give access rights and should be revised at regular interims, inactive accounts should be locked. Network access such as traffic inward and outward flow should be maintained. Through Bring-Your-Own-Device (BYOD), individuals in an organization can use their own devices in business activities. It also helps in anticipating improved productivity, the main reason being that institutions do not burden themselves with the acquisition of contrivances and also most of these contrivances introduced onto the network are smart contrivances that have the ability to carry out productive or efficient work. In as much as it is beneficial it also comes with some security concerns. A major concern is corporate information leak since these personal contrivances have access to the internal network infrastructures of a company and due to frequent loss and theft coupled with the low security of these contrivances they become easy target for hacker wanting to attack our network. The Honey Stick project conducted by Symantec, discovered that access to internal company infrastructure through lost or stolen personal contrivances is occurring at a fast pace. Due to this [2] stated that establishing security is the topmost priority in introducing BYOD systems. With the growing need to secure enterprise networks, educational networks especially those in developing countries are at the disadvantage due to their limited financial resources. The paper focuses on bringing to bear the strengths of opensource alternatives for authentication and conditioning contrivances before they are admitted onto the network. The investigations were carried out based on the following requirement metrics; posture analysis, contrivance authentication, bandwidth management, network vendor support, its support for both wireless and wired infrastructure, software integration, software community support, software administrative interface and reporting functionalities. The contribution of this paper is to provide an in-depth analysis of popular opensource tools used for Network Access Control. It further acts as a platform providing unbiased information to aid in the selection of NAC tools by network administrators. The tools being considered in the review are OpenNAC, PacketFence and FreeNAC; this is because they are the most widely used opensource tools being [3].