Network Defense Options

• Virtual Private Network (VPN) enabled router - provides a secure connection to remote users across a public network into the enterprise network
• Next-Generation Firewall (NGFW) - provides stateful packet inspection, application visibility and control, a next-generation intrusion prevention system (NGIPS), advanced malware protection (AMP), and URL filtering
• Network Access Control (NAC) - includes authentication, authorization, and accounting (AAA) services

Various network security devices are required to protect the network perimeter from outside access. These devices could include the following:

In larger enterprises, NAC services might be incorporated into an appliance that can manage access policies across a wide variety of users and device types