Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

W&M 2009 – NAC – creating the inherently secure cross platform network

250

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
250
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. NAC – creating the inherently secure cross platform network
  • 2. Who are we?
    • Identity Management / Network Access Control
    • 3. Wired and Wireless (Incl. RFID / RTLS)
    • 4. Security and Compliance Solutions
    • 5. Designing, Implementing and supporting LAN/WAN
    • 6. Security / Health / Vulnerability Audits
    • 7. Training (Manufacturer & Bespoke)
    • 8. Data and Voice (VoIP) Solutions
    • 9. Fully Managed Services (24x7x365)
    • 10. BS7799 / ISO 27001 Compliance
    • 11. Network Management and Monitoring
    • 12. Bespoke and Tailored Services
  • NAC – creating the inherently secure cross platform network
    What does that mean?
  • 13. Anyone know what this is?
    NAC Version 1
    Lockdown Network – Power off at 18:00
    Open Network – Power on at 09:00
  • 14. “They say NAC is”
    Goal of NAC
    Limit access to network resources based on a user’s business needs and the real-time security risk of the user or networked device
    Components of NAC
    Assess Identity: sets access privileges based on dynamic user-centric criteria so that policies move with the user and are not bound to specific ports or hardware
    Ensure Compliance: ensures that all communications are authenticated, authorized, and free from viruses, worms, and malware
    Enforce Policy:allows entry by only valid users, and quarantines/remediates unauthorized and/or harmful devices on the basis of stateful-firewall roles
    5
  • 15. In Reality NAC Solutions are
  • 16. In Reality it’s
    • Very Difficult to prevent Staff from plugging in their own devices especially in multi-site environments
    • 17. About Audits / Compliance; Present Network Information i.e. devices or users, where they are, when they were on, are they authorised?
    • 18. Do they connect Wired and Wireless?
    • 19. Difficult to allow temporary access for guests, visitors and contractors
    • 20. Difficult To solve, traditionally you need;
    • 21. Independent Solutions on wired & wireless networks =
    • 22. Multiple Platforms to Manage/Support =
    • 23. Increased Support / Maintenance Costs =
    • 24. Inefficiency in resolving problems!
  • Business needs to be easier not harder
    Devices HAVE to connect easily
    Networks must be SECURE by design
    Users have to be able to use their systems
    Access has to be FLEXIBLE
    NAC should be about improving resource access
  • 25. Anywhere, Anyhow, Anyone
    Imagine a world ;
    • Any device can connect to any wired port on your network
    • 26. Any device can connect to your wireless network
    • 27. Irrespective of whether it belongs to staff / visitor
    • 28. The device and user is identified and authorised
    • 29. The device can be checked it is safe to connect
    • 30. The user and device are given the relevant access
    • 31. Details of the device and user Access is logged
    • 32. You can find and control every device & user across your network
  • More than NAC
    Corporate Network
    Easy for wired / wireless users to connect
    Auto provision of printers, CCTV, Servers, Scanners, VoIP
    Security Team
    Confidence the Network is Secure
    IT Dept
    Full visibility of network devices & users. The ability to delegate some tasks
    Unwanted Users / Devices
    Reception / Department Mgrs
    Can create temp users and allocate roles (i.e. Contractor / Visitor etc)
    Audit and Compliance
    Full audit trail
  • 33. It’s about
    • VISIBILITY;
    • 34. Automatically Identify and Track ‘every’ device on wired / wireless networks
    • 35. Automatic Inventory of what has been and is on your network
    • 36. Automatically Scan devices for compliance
    • 37. CONTROL
    • 38. Automatically Block, Alert and Record Unauthorised Access Attempts
    • 39. Automatically Register devices by department (if allowed)
    • 40. Automatically Register devices if they meet a “confidence” level
    • 41. Automatically Enforce ‘global’ or department policies
    • 42. Enable ‘guest’ access without compromising security
    • 43. AUDIT
    • 44. Real-Time & Historical Audit of ‘ALL’ activity
    • 45. Audit & Regulatory Compliance (PCI, CoCo, etc)
  • 100% Out of Band Architecture
    12
  • 46. The Bradford Networks Product Range
    13
  • 47. Licensing
    There are various elements available for licensing:-
    You can buy limited functionality and build up to a full NAC Product
    A brief summary is shown below –
  • 48. Unmatched Interoperability
    Interoperability with over 300 models of networking equipment from 20 leading vendors
    15
  • 49. Quick Status
  • 50. Client View
    Seven points of identity
    Filter returns 44 clients out of a total of 475
    Data can be exported to .csv
  • 51. Contractor User
    Department Manager
    IT Manager
    Guest User
    Receptionist
    Multi-User Conference
    Guests and Conferences
    Sponsor for:
    • Contractors
    IT Manager can empower non-technical employees to set up network access for specific visiting users.
    Sponsor for:
  • • Simple discovery mechanism
    • Multiple profiling parameters to establish type of device
    • Automated control actions per device type
    Automate Network Provision
    19
  • 53. • Network service by device type
    • Multiple edge control options (Role/VLAN, Port Location, Port CLI/ACLs, etc.)
    • Device without a matching profile kept off the network
    Confidence = Network Access
    20
  • 54. • Visibility, tracking and access control rights passed down to functional groups
    • Automated access rules defined in device templates help maintain IT control
    Workflow
    21
  • 55. Example: Adding a Printer
    22
  • 56. Setting Confidence
    23
  • 57. Visibility
    SWITCH VIEW
    Rogue Device Plugged into Switch Port
    Rogue Device could be - persons own laptop, a NAT device - wireless / wired router , printer - ANYTHING
  • 58. Control
    EMAIL ALARM
    Email Alarms Fully Customisable “Rogue Connected”
    Email Alert with full details
    Email with full details of alarm; Rogue Device Detected; Mac Address, IP Address, Time, Date, Location
    Email sent to Groups, Individuals etc
  • 59. Auto-Enforcement
    SWITCH VIEW
    Rogue Device Immediately Disabled / Removed from Network
    LOCKING DOWN & SECURING YOUR networks
  • 60. Audit
    EVENT VIEW
    “Rogue Connection” Event Recorded
    Search in real-time and historically
  • 61.
  • 62. Microsoft Vista NAP
    DHCP
    RADIUS
    RADIUS
  • 63. Trusted Network Connect
    (TNC) Architecture
  • 64. “More than NAC”
    KEY FEATURES
    • Full Visibility of entire network (all sites) and connected devices
    • 65. Real-Time and Historical audit trail
    • 66. Security and Control; Block unknown / unauthorised ‘rogues’
    • 67. Distributed and Automated Device Management
    • 68. Foundation to build a full Network Access Control Architecture;
    • 69. End Point Policy Enforcement (Client-less / Client Scanning)
    • 70. Allow Secure Guest / Visitor Access
    • 71. Remote Scan – check device before arrival
  • “Minimal Impact”
    KEY BENEFITS
    • Fits ‘ANY’ Network Design
    • 72. Network Independent (wired or wireless)
    • 73. “Out of Band” (not “In-Line”) solution;
    • 74. NO Network Re-Design
    • 75. NO Single Point of Failure
    • 76. NO Network Downtime during implementation
    • 77. Phased Roll Out: Granular – Port By Port
    • 78. Client-less Policy Enforcement
    • 79. Scalable;
    • 80. One system secures up to 12,000 devices, across multiple sites
    • 81. Cost effective and ‘proven’ solution
    • 82. Over 600 customers worldwide, 100 UK & Ireland
  • “Why customers buy”
    GOVERNMENT ORGANISATION (CANNOT BE NAMED BUT REFERENCE AVAILABLE)
    PROBLEM / REQUIREMENTS
    • Required visibility of all remote sites (7 across the UK)
    • 83. Unauthorised Network Access forbidden but not easily enforced
    • 84. Complex to secure different Vendor devices (including hubs)
    • 85. Roaming staff / devices needed to be controlled / VLAN’d off
    • 86. Solution MUSTnot disrupt network / users
    KHIPU’S SOLUTION
    • Single Central system, securing all remote devices
    • 87. Phased and Controlled Roll Out with NO downtime
    • 88. Prevents ‘Rogue’ device access
    • 89. Manages devices by switching them into appropriate VLAN’s
    • 90. Completely ‘locked down’ network
  • We should probably talk!
    Questions and Answers
    Come and see us at stand 1816
    T: +44 (0) 845 2720900 Khipu Networks Limited
    Infineon House
    Minley Road
    Fleet
    http://www.khipu-networks.com Hampshire GU51 2RD
    United Kingdom

×