Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Nac macmon secure_2014

422 views

Published on

NAC - G

Published in: Technology
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Nac macmon secure_2014

  1. 1. „Why IT Security fails without NAC“
  2. 2. macmon secure GmbH German vendor of the technology – leading NAC-solution macmon  Experienced team with development, support and sales located in Berlin, Germany  Development of security technologies and - standards  Cooperating with research institutes and universities  A lot of experience earned and integrated out of a lot of NAC-projects with customers of different sectors and different sizes  Cooperating with further more leading vendors of security technologies  Member of
  3. 3. You already know, what NAC is about! “… old hat, that never fit right, or a security enhancement you won't miss and that by the way, makes your live easier?” Targets of NAC: Systems used in the network have access to LAN-resources,  if they have the right to use them and  if they are compliant to the actual security policies NAC Compliance Network Access Control – NAC
  4. 4. Network Access Control – NAC Why should you implement NAC? Compliance demands  Bundesdatenschutzgesetz (BDSG)  Sarbanes-Oxley Act  EuroSox (EU Directive No. 8 )  Basel II  KonTraG  MaRisk  DIN EN 80001-1 ISO IT security standard IEC 27001/17799 11.4.3 Equipment identification in networks „Automatic equipment identification should be considered as a means to authenticate connections from specific locations and Equipment“ BSI IT-Security baseline catalogue Approval procedure for IT components (Measurement 2.216): „The installation and using of not approved IT- components has to be permitted and the adherence of the restraining has to be monitored.“
  5. 5. Network Access Control – NAC You already know, why you should implement NAC! …which systems are connected to you LAN? …that all systems in your LAN are yours? …that nobody is sniffing your VoIP- Calls ? …that all your systems are secured and none of them is an entry point for attacks? Do you know for sure…
  6. 6. Nearly funny: Spy activities, which not could have happened… WLAN in a Tupperware  Outside of the building buried  Not recognized  Lasting for years Replaced printers  „faked“ service partner  Printer with hard disc replaced  Copy of any printouts with macmon immediately recognized as new device through macmon shown as new „MAC“ and by policy blocked
  7. 7. Do you know all systems in your network? Trend: „Bring your own Device“ (BYOD) Everyone loves to work with “his” device:  Employees  Guests, Visitors  Service provider, service engineers, consultants... Dream Nightmare?or
  8. 8. Two different interpretations of „ByoD“ Handling of smartphones and other mobile devices Network Access Control „NAC“ + ByoD Portal for registration Mobile Device Management „MDM“  Configuring the devices  Control the data  Admin – access  Remote Wipe  Company property  Executive demand  No remote access  Grant Network access  Protect the network  Offering dedicated resources  No company property  Executive demand
  9. 9. Network Access Control – NAC The meaning of NAC in the daily business  The largest part of organizations/companies do not have established any or not sufficient security measurements.  The meaning mainly increases through „Bring Your Own Device“.  The more and more comprehensive and complex becoming networks are often not manageable any more without using suitable control systems.
  10. 10. Network Access Control – NAC So why is NAC being used so sparely?  Extensive changes in the infrastructure  High investments  High need for administrative support  Small benefit or hard to determine it  complex subject – high invest for education  Fear for locking out the wrong person / system
  11. 11. macmon NAC – smartly simple  No agents or sensors needed  No need for changes in the network structure  Office branches can easily be included  Vendor independent  Event based setting of rules  Mixed operation with & without 802.1X  Time savings through automatisms  Protection & Network visibility Detection and management of devices connected to switch ports – (SNMP, Telnet/ SSH or 802.1X)
  12. 12. NAC – advanced security functions IP-address- identification by ARP Network- services DNS and DHCP Enhanced Device identification  Footprinting Protection against attacks  Address-falsification  Attacks to switches  ARP-Spoofing / MAC-Spoofing SNMP
  13. 13. macmon vlan manager „Dynamic VLANs“ The VLAN is defined through the Device (MAC-address ► VLAN-ID). The users always have the correct access to the network, independent of the physical port.  Simple care, no reconfiguring by movements or mobile users  No switch-knowhow needed by the caring administrator VLAN 2 Produktion VLAN 99 Besucher Guest VLAN Office-VLAN Production-VLAN
  14. 14. macmon IEEE 802.1X  Switch authorizes through RADIUS protocol − MAB (MAC Authentication Bypass) − Identity and Password as well AD Accounts − Certificates  Establishing Security Levels  VLAN management is done by macmon!  Incidents for unsuccessful attempts! SNMP EAP/ 802.1X
  15. 15. macmon 802.1X macmon does things differently:  Smartly simple linking with AD / LDAP and other Identity sources through a completely new „mapping“  Possible mixed operation – with and without 802.1X  Combination of MAB with macmon „Foot printing“  Configuring groups results in automatic rule settings  Intuitive and dynamic setting of rules for exceptions  Focusing on endpoint devices results in a minimum of administrative effort  Automatic „learning“ of Devices
  16. 16. Implementing macmon NAC  Creating a Whitelist  „learning“ through Active Directory connection (802.1X)  Communicate with all switches  Only known systems in the network  Blocking unknown systems / Guest-LAN  Appropriate systems switched into defined VLAN  smart GUI – intelligence in the backend  Time savings through automatisms  Protection & Network visibility overview, control & comfort
  17. 17. macmon graphical topology „effective graphical overview“ macmon has all information just by working as usual:  automatic arrangement and complementing of new devices  filtering by properties such as IP-Address, name, VLAN, e.g.  save, load and export as .SVG  find misconfigurations and maintain manual uplinks
  18. 18. macmon guest service You should call it „Access-Portal“  Individual layout of the captive portal  Implementing distributed entities with different layouts  Independent of the WLAN infrastructure vendor  Localization of the devices (which access-point)  Reactive disconnecting of devices  Self registering with mobile no. and user-name  Voucher code per SMS on the mobile phone  Creating voucher-lists to be stored at the Reception  Sponsor Portal & BYOD-Portal  AD / LDAP integration
  19. 19. macmon „agentless multiple“ compliance  Open API for connecting with, vendor independent data sources  antivirus connector – Linking with leading anti-virus systems  Active measurement with the macmon compliance agent  Integrated IF-MAP Technology  Instant raise of the ROI by using all already implemented security solutions Endpoint security systems e.g. WSUS or SCCM Everything else, which „knows“ a compliance status IDS/IPS, Firewall Systems Vulnerability-, SIEM Systems
  20. 20. macmon client compliance compliance agent macmon client compliance option scan results compliant non-compliantscan jobs
  21. 21. Reducing use of energy & raising productivity macmon switches the energy profiles & wackes up the PC‘s through WakeOnLan − operated by time: e. g. working days from 6:00 pm / 8:00 am − operated by event through the physical access control − operated by the user with the macmon energy calender » Holidays, time of absence etc. may be configured - to avoid risky situations such as: » attacks, virus outbreaks, exploit as bot − For executing automatic maintenance and support tasks such as: » software-updates, full virus scans, backups macmon energy
  22. 22. macmon NAC – Technology partner / Linking
  23. 23. macmon product family
  24. 24. Customers Landratsamt Augsburg Landesamt für Steuern und Finanzen Landratsamt Sigmaringen
  25. 25. Customers about the… …advantages of macmon-NAC:  Instant network overview with graphical reports & topology  Implementation within 1 day & easy daily operating  Mixed operating with and without 802.1X  Intelligent AD integration with a dynamic setting of rules  Highly flexible „guest“ - portal  Useful integrations with other leading security products  Vendor independent  Excellent vendor support
  26. 26. Customer – Production Important facts  Proprietary communication systems (Feldbus, Interbus, Profibus,…) are replaced by Ethernet because of the associated costs  Robots and machines can not be protected with normal techniques (no patch-management, virus protection, password protection, login)  Consultants need to have network access for maintenance and repair jobs  Security incidents may cause personal and physical damage
  27. 27. Customer - Finance & Insurance Important facts  MaRisk is in place since 1st January 2008 (Through BSI- and ISO- standards – high security demand)  Protection of public area with guest access is needed  ATMs and other “NAC-GAP” systems in the network have to be involved into security measures  The wide area of branch offices can be controlled effectively through out the live monitoring
  28. 28. Customer - Government Important facts  Strict requirements from BSI and others have to be fulfilled  Through out the handling of sensitive and often personal data, a very high need for security results  The live monitoring enables and facilitates the control and management in large organizational structures – even world wide  macmon allows the administration with very small personal effort Landratsamt Augsburg Landesamt für Steuern und Finanzen Landratsamt Sigmaringen
  29. 29. Customer - Healthcare Important facts  The IT-network, throughout the integration of medical devices, becomes into a medical IT-network and thereby is covered by medical product laws  Medical IT-network and common IT-network have to be separated (DIN EN 80001-1, Risk management for IT-networks with medical devices).  Protection of patient data and patient – doctor relationship  For private institutes: Coming with the rating with Basel II (in the future as well EURO-SOX), the IT-infrastructure is related directly to the grant of financial resources; deficits in the security will reduce the bank line
  30. 30. Customer - Media Important facts  Many mobile working places, which often are used outside or even in foreign countries  Many guests and external employees on the company area  The live monitoring enables and facilitates the control and management in large organizational structures – even world wide  macmon allows the administration with very small personal effort
  31. 31. Contact We are looking forward to talking to you! macmon secure GmbH Charlottenstr. 16 D-10117 Berlin Fon +49 30 23257770 Fax +49 30 2325777-200 sales@macmon.eu www.macmon.eu

×