NETWORK ACCESS CONTROL. Secured Network Access for Persons and Devices



Similar documents
The Ultimate WLAN Management and Security Solution for Large and Distributed Deployments

The All-in-One, Intelligent NXC Controller

PortWise Access Management Suite

NXC5500/2500. Application Note. Captive Portal with QR Code. Version 4.20 Edition 2, 02/2015. Copyright 2015 ZyXEL Communications Corporation

Application Note Secure Enterprise Guest Access August 2004

Activity sectors of UCOPIA.

Cisco TrustSec Solution Overview

Bring Your Own Device (BYOD) and 1:1 Initiatives: What Questions Do You Need to Answer Before Jumping In?

Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks

Cisco Identity Services Engine

A Bring-Your-Own-Device (BYOD) Solution Brief

WiFiIT. Simply Web.

Cisco Mobile Collaboration Management Service

Entrust IdentityGuard Comprehensive

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

The All-in-One, Intelligent WLAN Controller

FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES

Protect Everything: Networks, Applications and Cloud Services

Developing Network Security Strategies

Efficient and easy-to-use network access control and dynamic vlan management. Date: F r e e N A C. n e t Swisscom

ClearPass: Understanding BYOD and today s evolving network access security requirements

Avaya Identity Engines Portfolio

solution brief ID Manager Leverage the Cloud to Simplify and Automate Enterprise Guest Management

Intelligent WLAN Controller with Advanced Functions

On-boarding and Provisioning with Cisco Identity Services Engine

This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview

MOBILITY BEYOND BYOD. Jonas Gyllenhammar. Consulting Engineer Junos Pulse solutions

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

PortWise Access Management Suite

Addressing BYOD Challenges with ForeScout and Motorola Solutions

Follow the instructions below for first-time users only

Delivering Control with Context Across the Extended Network

Using different Security Policies on Group Level for AD within one Portal. SSL-VPN Security on Group Level. Introduction

Mobile Device Strategy

ClearPass Policy Manager

An Intelligent Solution for the Mobile Enterprise

Mobility, Network Access Control and Convergence for Voice, Video and Data Applications on Corporate Wireless & Wired Networks. UCOPIA White Paper

Network Access Control (NAC)

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Models HP IMC Smart Connect Edition Virtual Appliance Software E-LTU

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

Deploy and Manage a Highly Scalable, Worry-Free WLAN

Managing Identities and Admin Access

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business.

ADDING STRONGER AUTHENTICATION for VPN Access Control

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

The open source enterprise solution pre-configured for the IT Asset Management

Network Virtualization Network Admission Control Deployment Guide

TECHNICAL WHITEPAPER. Author: Tom Kistner, Chief Software Architect. Table of Contents

use ready 2 The open source enterprise solution pre-configured for the IT Asset Management Tecnoteca Srl

SECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD

Cisco TrustSec How-To Guide: Guest Services

What We Do: Simplify Enterprise Mobility

Secure WiFi Access in Schools and Educational Institutions. WPA2 / 802.1X and Captive Portal based Access Security

AAA & Captive Portal Cloud Service TM and Virtual Appliance

Network Access Security It's Broke, Now What? June 15, 2010

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

Technical Note. CounterACT: 802.1X and Network Access Control

State of Tennessee. Questions and Answers. Pre-bid Conference Event # Held on October 8, ServiceNow SAAS IT Service Management

UCOPIA v5.1 NEW FEATURES

Conquering today s bring-your-own-device challenges

The All-in-One, Intelligent WLAN Controller

DYNAMIC SECURE MOBILE ACCESS

EFFICIENT COMMUNICATION WITH XPHONE UNIFIED COMMUNICATIONS

Securing Enterprise Mobility for Greater Competitive Advantage

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Public Internet Access Done the Right Way

Stefan Dürnberger. Consulting Systems Engineer Cisco Deutschland. sduernbe@cisco.com. Co-Author Bitkom Leitfaden BYOD

Symantec VIP Integration with ISE

Secure Compute Research Environment Data Security Plan (DSP)

Cisco Virtual Office Express

Multiple Solutions. Single Platform. Hotspot Management Solution. Hospitality Internet Access Solution

WLAN Security: Identifying Client and AP Security

Cisco Secure Network Server

Cisco Actualtests Exam Questions & Answers

The most advanced policy management platform available

Network Access Control ProCurve and Microsoft NAP Integration

Systems Manager Cloud-Based Enterprise Mobility Management

What is Driving BYOD Adoption? SOLUTION CARD WHITE PAPER

MetaDirectory. Easy search, fast results. Companywide. LDAP Server for fast access of contact data. // Database & Directory services

TrustSec How-To Guide: On-boarding and Provisioning

Network Security & Connection Policy

Cisco TrustSec How-To Guide: Planning and Predeployment Checklists

2016 macmon secure GmbH, Headquarters: Charlottenstraße 16, Berlin, Germany T: E:

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Cisco 526 Wireless Express Mobility Controller

Accessing the Media General SSL VPN

Transcription:

NETWORK ACCESS CONTROL Secured Network Access for Persons and Devices

The diversity of network-capable devices and related administrative efforts are taking on ever-increasing dimensions. To control the flood of communicating devices, a growing number of institutions introduce a company-wide network access control solution. Problem Devices and people connect via Ethernet, WLAN or VPN to the company's network. The challenge is to automatically provide each terminal with a suitable network access at any location: Company-owned devices which authenticate people and devices should get access via multi-level, most often certificate-based methods (e.g. 802.11x). Once successfully authenticated, the devices are assigned to the corresponding VLANs. Unfortunately, not all devices (like printers, surveillance cameras, medical devices, central building control system etc.) support 802.11x. In such a case, a based access control ensures an automatic device assignment to dedicated VLANs. challenging when employees even need access to internal company resources like file shares, ERP systems or databases. Guests, external employees, suppliers and further groups of people require a temporary and secured internet access. However, granting a secured and tailored access to every person should finally not result in enormous administrative efforts. Providing an appropriate and fully automated access for all different target groups affords a multi-level authentication solution which adapts to device capabilities and fulfills highest safety standards. Employees require access for their private devices to check their e-mail/calendar or for internet. The implementation of a "bring-your-own-device" (BYOD) strategy is particularly

Solution CloudGuard offers a unique and fully integrated network access control solution which runs totally independently of suppliers. It combines a variety of access methods so that user groups get the appropriate network access. The combination of the two innovative products called the MPP and the MPP results in a most flexible overall solution covering the needs of medium-sized and large companies in terms of network access control implementation. MACMAN: the multi-tenant NAC authentication and agement solution MPP: the flexible web authentication or guest access portal solution The product called the "MPP" is a guest access portal solution for user authentication via web browser. By means of individual authorization profiles and related router/firewall/proxy rules for different user groups, the MPP controls the network access in full detail and stores the legally required boundary data. The product called the "MACMAN" represents a Radius/LDAP server with additional connection options to inventory databases, CMDB, company-specific directories (e.g. Microsoft Active Directory, Open LDAP etc.) as well as to ERP systems such as SAP for settlement purposes. The devices are automatically linked to the correct network segment. The MPP stores the last access locations what facilitates the device localization. A multi-tenant device agement as well as user accounts make it possible to delegate the administrative overhead to departments or user groups. The MACMAN and the MPP communicate together so that once identified devices and persons can be authenticated via other procedures in future. File Server Radius Server

Secure and flexible at the same time Enterprise Core Network Access ONLY with 802.1x Authentication Dedicated VLANs Access allowed with MAC Authentication Access to the Internet or Email/Calendar ONLY Allowed with Web-Authentication (self-service) Other NAC solutions apply the "all or nothing" principle which means that a network access is either fully granted or denied. The NAC solution from CloudGuard, however, is based on a gradual approach. Each device gets as much access as it deserves trust. Thus, multi-level zone concepts are realizable. The only access to the heart of a company network is via an access procedure with highest security levels (mostly certificate-based) which authenticates both the device and the user. Non-802.1x capable devices are authenticated via addresses and routed into dedicated VLANs. Unknown devices (e.g. private smartphones / tablets of employees, visitors etc.) get a temporary internet access provided that the SMS authentication has been successfully executed. Yet, the NAC solution from CloudGuard can dynamically move devices into higher or lower trust zones: When an employee authenticates to the web authentication portal with his/her company password, the device can be automatically moved into a higher trust level (e.g. based authentication). This means that there is no need for the employee to ually authenticate each time he or she uses the device. The access is granted as long as the employee's company account is valid. In case a virus has been detected, the device can automatically be moved into the lowest trust zone. The user can then run the latest update of an anti-virus program. Your Benefits The NAC solution from CloudGuard represents a combination of its two products called the MACMAN and the MPP. It is currently the most flexible NAC solution on the market and allows the implementation of your BYOD strategy in an optimal way. All conventional authentication methods are supported: 802.1X EAP, authentication, web authentication, SMS authentication, voucher, credit cards etc. The NAC solution from CloudGuard can be easily implemented into existing environments by integrating the Active Directory, LDAP- or Radius Server, clinical information system (CIS), E-Gate, hotel reservation systems (Amadeus, Fidelio), CSV Import etc. Reduced administrative overhead regarding agement of devices, guests and external employees thanks to multi-tenant delegation of administration and various self-service applications. Real-time localization of connected devices Control remains with the network ager who benefits from overviews of authorized accesses and extensive logging capabilities for traceability purposes.

Conclusion The NAC solution from CloudGuard is the optimal access solution for complex company environments with a lot of requirements and devices. Furthermore, it is an ideal enhancement to existing solutions such as Cisco ACS, ISE. Hence, missing functionalities such as the integration into a company-specific ERP, CMDB systems or the multi-tenant agement delegation can be realized. Please contact us and let us show you how to meet your personal needs in an optimal way. Reference Project The Dolder Grand is a luxury-class city resort in Zurich including hotel suites, banqueting and seminar facilities. Wireless network connectivity must be impeccable, invisible and secure and should only involve minimal administrative efforts. However, different kinds of guests result in different communication needs which need to be fulfilled. In addition, the hotel operates many devices that range from mobile terminals, IP telephones, building control systems and surveillance cameras etc. that must be integrated into the communications network.

CloudGuard Software AG Huobstrasse 10 8808 Pfäffikon Tel: +41 55 214 18 00 Fax: +41 55 214 18 10 info@cloudguard.ch www.cloudguard.ch

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information