ALLIED Telesis Network Access Control User Manual

Solutions | Network Access Control (NAC)
Allied Telesis provides advanced edge security
for enterprise networks
2 | Allied Telesis Solutions: Network Access Control (NAC)
The security issues facing enterprise networks have evolved over the years, with the focus moving from mitigating outward attacks to reducing internal breaches and the infiltration of malicious software.This internal defence requires significant involvement with individual devices on a network, which creates greater overhead on network administrators. Allied Telesis lower this overhead and provide an effective solution to internal network security by integrating advanced switching technology as a part of Network Access Control (NAC).
The evolution of network defences
For many years, the focus in enterprise network security was on defending against external threats. Firewalls were installed to protect the LAN from the hackers, worms, and spammers 'out there' in the lawless land of the Internet.
However, with the growth in mobile computing and the proliferation of Ethernet-capable devices, LAN-based attacks now outnumber external threats as the main security issues facing network administrators. Attention has turned towards the enemy within.
Malicious software, known as malware, makes its way onto a network through employees, contractors, and visitors.Their laptops, wireless gadgets, and ever popular USB flash drives all provide excellent vectors through which malware can enter the workplace. Even careful employees can unwittingly bring in malware after using their equipment outside of the network. Visitors and contractors may be careless carriers of malware or, even worse, may be planning a malicious attack to steal data or cause disruption.
Defence against the enemy within
To effectively defend the network against internal threats, network administrators need secure LAN switches that provide protection against common attacks.They also need to implement policies that ensure that each device connecting to a network is as secure as possible. This combination of secure LAN switches and anti-malware policy can be very effective.
For some time now, Allied Telesis switches have provided a suite of defenses to combat internal attacks.These range from data stealing attacks such as ARP spoofing, to Denial of Service attacks such as Tear Drop or Ping of Death. Correct deployment of these defenses can create a network that is impermeable to most of the harm from these attacks.
Additionally, network administrators can institute a policy whereby network users are required to install and maintain anti-malware scanners, and to install security patches as they are released by Operating System vendors. However, this has required network administrators to spend time ensuring that users are adhering to policies, and even generated counter­productive tension between network administrators and the users.
Solutions | Network Access Control (NAC)
More detailed information on how Allied Telesis secure LAN switches defend against the various types of LAN threats can be found on our website.
http://www.alliedtelesis.com/solutions/category.aspx?5
This is where Network Access Control (NAC) provides a solution. NAC allows network administrators to automate policy enforcement - rather than requesting that users ensure their devices conform to anti-malware policies, let the network do the job instead.
Network Access Control has very quickly become an industry requirement and much more than a new buzzword for network professionals.
NAC offers an excellent way to control network access with automated policy enforcement, and manage network security without vast administration overhead.
Put simply, NAC enables you to define a comprehensive security policy for your network, implement that policy on a centralized server, and have the network automatically enforce that policy on all network users. NAC is much more than just user authentication, it is also designed to protect the network from users and devices that may be authorised, but pose other threats.The most sensible place for this to occur is at the edge of the network, removing security threats before they gain any form of access. A NAC solution including switches that act as enforcement points ensures a proactive approach to network security.
How NAC secures your network
Nowadays, network access for multiple device types or temporary users is an expectation, not an exception.With this in mind, today's enterprise network requirements include:
Some level of access no matter who or where you are
Access for guests such as sub-contractors, partners, remote
employees
Access control for a new range of network devices, such as
iPhone and BlackBerry devices, PDAs and digital cameras
Allied Telesis LAN switches meet these emerging requirements with NAC features and integration. Used in conjunction with appropriate server-side and client-side software tools, they can provide a remarkable level of control over the security status of the devices that connect to your network. Allied Telesis NAC implementation is TCG/TNC (Trusted Computing Group - Trusted Network Connect) standards-based to guarantee interoperability with the major third party suppliers of NAC software, such as Microsoft and Symantec.This provides customers with the confidence to create a comprehensive NAC solution from trusted vendors.
At the heart of using NAC for your network security are three key elements:
No (or very limited) access without identification
The quarantine and remediation of non-compliant devices
Setting the level of access to network resources based on a
device's authenticated identity
Allied Telesis Solutions: Network Access Control (NAC) | 3
NAC controls network access and security
with a minimum of staff overhead.
Loading...
+ 7 hidden pages