1 / 19

Protect your information with intelligent Network Access Control

Protect your information with intelligent Network Access Control. Fabrice Lieuvin Director, Business Development EMEA – Data & Security Division fabrice.lieuvin@alcatel-lucent.com. Enterprise strategy SafeNAC Conclusion. Enterprise strategy. 1. Application Fluent Network.

hoang
Download Presentation

Protect your information with intelligent Network Access Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Protect your information with intelligent Network Access Control Fabrice Lieuvin Director, Business Development EMEA – Data & Security Division fabrice.lieuvin@alcatel-lucent.com

  2. Enterprise strategy • SafeNAC • Conclusion

  3. Enterprise strategy 1

  4. ApplicationFluentNetwork Alcatel-Lucent Enterprise Network Infrastructure Contact Center & Customer Service applications Communication& Collaborationapplications User Centric Experience SIP Conversation Engine On premises in Cloud  choice  • Provides Application Fluent Networks that uniquely enable a high quality user experience with reduced operations complexity

  5. Introducing Alcatel-Lucent’s Application Fluent Network Architecture • A simplified, optimized and resilient network with market-class leading capacity and built-in security Control • Provides unique dynamic tuning of network performance to ensure high quality real-time application delivery Operations • Reduced complexity through automation, consistency of features, and integrated troubleshooting tools Architecture Operations Control • Convergence Without Complexity

  6. SafeNAC 2

  7. 4. KNOWLEDGE NAC Challenges • Secured Guest Access • Secured Partner Access • Secured Contractor Access • Services are Available • Endpoints are Compliant • Malware is Contained • No Rogue Endpoints • Continuous Surveillance 1. NETWORK 2.PEOPLE PRODUCTIVITY ENHANCED THREAT PROTECTION • Supports Existing Infrastructure • Multi-Vendor Networks • Multiple Endpoint platforms • Multiple Authentication Methods • Reduced Help Desk Costs • Reduced Management Costs • Enterprise is Compliant • Data is Protected 3.PROCESS ENTERPRISE IS SECURE DEPLOYMENT IS SIMPLE

  8. Trusted Dynamic Enterprise Introducing Safe NAC • Key Features • Access Control for Guests, LAN & Wireless • Endpoint Malware Protection • Verify OS and End Point Configuration • Controls Automatic Remediation • Role-based Post Admission Control • Audit Reports for Compliance • Differentiation • Non Disruptive Multi-vendor Deployment • Support for Multi-authentication, Multi-endpoint environments • Integration with Multiple Network Elements Provides Reduced Cost • Centralized Management

  9. Safe NAC: User Aware Network Security Solution Monitoring/Compliance Key Benefits • End-to-End LAN/WLAN Security solution • Role Based Access policy tailored to your business • Can be deployed on existing infrastructure • Simple deployment scenarios • Cost effective, based on open standards Unique ability to log users activities and monitor access to sensitive information Quarantine and Remediation Isolate and fix problematic users Anomaly Detection–IPS/IDS Stop malwares with behavioral detection Zero-day protection, no signature updates Role Based Access map user’s profile to security policies Host Integrity Check Clientless and Light Client Based Authentication, Authorization, Accounting Works with Existing Directory Services

  10. Safe NAC: Solution’s components

  11. OmniSwitch – Secure LAN Switches Embedded Network Access Control • Granular per-user profiling (User Network Profiles) Host Integrity Policy Enforcement • Tight integration with CyberGatekeeper Broad Range of Security Features • Port Mapping, Learned Port Security, DHCP Snooping, ARP Poisoning Detection, • Traffic Anomaly Detection – Threat mitigations

  12. Access Guardian Key Advantages • Devices and Users Authentication • Identifies devices based on location and MAC @ or 802.1x standard • Bann or quarantine network access when not authenticated • Integrated Guest Access Web Portal • Visitors can be authenticated via the integrated Captive Portal • No limitation of number of users or MAC @ • Works seamlessly with connected WiFi access points • User Network Profile Simplifies Network Access Management • Roles and profiles assigned to users during authentication • Profiles include VLAN, ACL, QOS and Mobility Parameters • Verify Endpoint Compliance Before Network Access • Policy enforcement is performed by the OmniSwitch • Compliance enforcement is independent of authentication • Stronger Edge Security • Integrated automatic Traffic Anomalies Detection based on traffic behavior • Simple Access Control List and Quarantine Management

  13. OmniSwitch and 8950 AAA Process • Managed Users • Guests • Supplicant No Yes Captive Portal MAC@ 802.1x Fail Fail Fail eDIR / LDAP 8950 AAA Quarantine Other Radius Group Mobility Group Mobility Group Mobility Access Policy Parameters are pushed to the OmniSwitch VLAN ID Group Mobility VLAN ID VLAN ID UNP VLAN ID UNP Bandwidth enforcement and Anomaly Detection UNP UNP

  14. Safe NAC and Compliance Enforcement Scenario 3 4 OmniSwitch redirects traffic to the CyberGatekeeper Policy Server and the remediation servers. CyberGatekeeper policy server receives HIC report from CyberGatekeeper Agent and informs the OnmiSwitch if the device has passed or failed. • 8950 AAA + Directory 2 OmniSwitch provides authentication and identifies user profile. It checks if HIC check is needed for this user. (802.1x, MAC, captive portal) CyberGatekeeper Policy Server Remediation Server(s) 1 802.1x User 5 Employee, contractor or guest connects to the network Alcatel-Lucent OmniSwitch If HIC passed, OmniSwitch selectively allows device traffic to production network following policy in user profile. If HIC Failed, OmniSwitch restricts traffic to remediation network only Regular LAN User Production Network Guest Resident or on-demand agent Continuous surveillance

  15. Conclusion 3

  16. User Centric SecurityAllowing Flexible Deployments throughout multiple environments

  17. Evaluation of this session A

  18. Evaluation of this session Please take 2 minutes to fill out the evaluation form, distributed to you by the speaker Please fill out as title of this presentation: « Safe NAC» Submit the form when leaving the room or put it in one of the boxes that you find everywhere in the venue THANK YOU

  19. User Centric SecurityAllowing Flexible Deployments throughout multiple environments www.alcatel-lucent.com

More Related