NAC Director. Out-of-Band Network Access Control for Wired, Wireless and VPN Networks. DataSheet

Similar documents
Campus Manager. Out-of-Band Network Access Control for Wired, Wireless and VPN Networks. DataSheet

Networks with Cisco NAC Appliance primarily benefit from:

Cisco Identity Services Engine

Cisco NAC Network Module for Integrated Services Routers

Cisco Network Admission Control (NAC) Solution

Symantec Network Access Control Starter Edition

Reviewer s guide. PureMessage for Windows/Exchange Product tour

Symantec Network Access Control Starter Edition

Cisco 3300 Series Mobility Services Engine. Open, Appliance-Based Platform for Delivering Mobility Services

Symantec Network Access Control Starter Edition

HP ProCurve Network Access Controller 800

Cisco Secure Network Server

Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access

Symantec Network Security 7100 Series

Cisco Secure Network Server

IBM Internet Security Systems Proventia Management SiteProtector

Cisco 3300 Series Mobility Services Engine

Network Service Appliances

TECHNICAL SPECIFICATIONS

Meraki MX Family Cloud Managed Security Appliances

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

VirtualWisdom SAN Performance Probe Family Models: ProbeFC8-HD, ProbeFC8-HD48, and ProbeFC16-24

Symbols. Numerics I N D E X

Cisco MCS 7845-H1 Unified CallManager Appliance

Meraki MX Family Cloud Managed Security Appliances

Cisco UCS C200 M2 High-Density Rack-Mount Server

Cisco MCS 7825-I1 Unified CallManager Appliance

McAfee Network Security Platform

McAfee Network Security Platform

Cisco MCS 7815-I2 Unified CallManager Appliance

Infoblox Trinzic DDI Appliances

Enterprise Guest Access

ExtremeWireless WiNG NX 9500

Cisco MCS 7825-H3. Supported Cisco Applications

Cisco UCS C210 M1 General-Purpose Rack-Mount Server

ARUBA CLEARPASS POLICY MANAGER

Cisco UCS C210 M2 General-Purpose Rack-Mount Server

CONNECTRIX MDS-9132T, MDS-9396S AND MDS-9148S SWITCHES

QuickSpecs. Models HP TippingPoint S8010F Next Generation Firewall Appliance

Meraki Z-Series Cloud Managed Teleworker Gateway

Portnox CORE. On-Premise. Technology Introduction AT A GLANCE. Solution Overview

Network Access Control (NAC)

VIRTUAL EDGE PLATFORM 4600 Next Generation Access

Cisco Nexus 9500 R-Series

Cisco MCS 7816-H3. Supported Cisco Applications. Key Features and Benefits

NX 9500 INTEGRATED SERVICES PLATFORM SERIES FOR THE PRIVATE CLOUD

Cisco MCS 7815-I1 Unified CallManager Appliance

QuickSpecs. Aruba ClearPass OnGuard Software. Overview. Product overview. Key Features

MR Cloud Managed Wireless Access Points

Integrated Ultra320 Smart Array 6i Redundant Array of Independent Disks (RAID) Controller with 64-MB read cache plus 128-MB batterybacked

Cisco SCE 2020 Service Control Engine

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

Scalar i500. The Intelligent Midrange Tape Library Platform FEATURES AND BENEFITS

HPE Intelligent Management Center

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Enterasys. Design Guide. Network Access Control P/N

Secure IP Address Management Layer 2 Network Access Control Solution

Cisco UCS C24 M3 Server

VirtualWisdom Performance Probes are VirtualWisdom Fibre Channel SAN Performance Probe

NetSight End to end application visibility and control

Cisco Meraki MS400 Series Cloud-Managed Aggregation Switches

Altos T310 F3 Specifications

Oracle Database Appliance X6-2S / X6-2M

The SonicWALL PRO Series

WHITE PAPER: BEST PRACTICES. Sizing and Scalability Recommendations for Symantec Endpoint Protection. Symantec Enterprise Security Solutions Group

Cisco UCS B230 M2 Blade Server

N-Dimension n-platform 340S Unified Threat Management System

Cisco ACE30 Application Control Engine Module

Cisco UCS C250 M2 Extended-Memory Rack-Mount Server

Wireless LAN Solutions

Solution Overview Vectored Event Grid Architecture for Real-Time Intelligent Event Management

Infoblox Trinzic DDI Appliances. Trinzic Appliances Deliver Actionable Network Intelligence. A Scalable Family of Hardware and Software Appliances

During security audits, over 15,000 vulnerability assessments are made, scanning the network IP by IP.

Meraki MS22 / MS42 Cloud Managed Gigabit PoE Switch Family

Pinnacle3 Professional

SECURE 6. Secure64 Appliances Purpose-built DNS appliances for the most demanding environments DNS APPLIANCES DATA SHEET. Appliance Descriptions

CONNECTRIX DS-6500B SWITCHES

Cisco 3900 Series Router Datasheet

InfiniBand Switch System Family. Highest Levels of Scalability, Simplified Network Manageability, Maximum System Productivity

CONNECTRIX MDS-9250I SWITCH

The power of centralized computing at your fingertips

VeloCloud SD-WAN Subscription

Alcatel-Lucent OmniAccess 4x50 Series Mobility Controllers Service Multi-tenant Network Management

Cisco Mobility Services Engine: An Open, Appliance-Based Platform for Delivering Mobility Services

IBM Proventia Management SiteProtector Installation Guide

Data Sheet. DriveScale Overview

Acme Packet Net-Net 9200

Infoblox Reporting and Analytics Appliances

Delivers fast, accurate data about security threats:

Cisco MCS 7815-I2. Serviceable SATA Disk Drives

PacketShaper WAN Application Performance Solutions

Oracle Database Appliance X6-2L

Understanding Network Access Control: What it means for your enterprise

TALK. agalaxy FOR THUNDER TPS REAL-TIME GLOBAL DDOS DEFENSE MANAGEMENT WITH A10 DATA SHEET DDOS DEFENSE MONITORING AND MANAGEMENT

ForeScout CounterACT Pervasive Network Security Platform Network Access Control Mobile Security Endpoint Compliance Threat Management

Configure Client Posture Policies

Imperva SecureSphere Appliances

Cisco UCS C250 M2 Extended-Memory Rack-Mount Server

Cisco UCS B440 M1High-Performance Blade Server

Cisco Data Center Network Manager 5.1

Transcription:

DataSheet Comprehensive Solution Identity Management Endpoint Compliance Usage Policy Enforcement Historical Auditing and Reporting Out-of-Band Network Access Control for Wired, Wireless and VPN Networks Out-of-Band Architecture Leverages existing network and security infrastructure Non-intrusive deployment and flexible implementation options Highly scalable: one appliance manages policy across wired, wireless and VPN networks Edge Enforcement Enforces access policies at the point of access to the network Distributes enforcement load across the network fabric Provides highest security, flexibility and scalability High Performance and Availability High-performance architecture Fully redundant appliances High-availability configurations is a comprehensive Network Access Control () solution offering enterprises role-based identity management, endpoint compliance verification and usage policy enforcement capabilities across wired, wireless or VPN connections. Easily integrated into existing network environments, s out-of-band architecture leverages the inherent security capabilities of existing network equipment along with standard or de fecto standard authentication and authorization technologies such as 802.1X, RADIUS, and Active y to control network access down to the point of access. By leveraging existing technology investments, enterprises can quickly add advanced capabilities to their current networks and avoid the need for expensive forklift upgrades or the scalability and management challenges of adding in-line equipment. Through an easy-to-use web interface, gives network and security administrators powerful tools to create 7-point identity profiles for users and devices on the network. Comprehensive access policies can be applied to users, including employees, contractors or guests, as well as devices including PCs, laptops, servers, printers, IP phones, and other network-attached devices. Utilizing either persistent or dissolvable agents, enables thorough posture assessment of Windows, Linux, and Apple OS devices. then uses this information to determine the appropriate level of network access for authorized users and devices, or the required remediation services for unauthorized users or non-compliant devices. By automating the process of authentication, assessment, authorization, and remediation, offers enterprises a comprehensive user-focused, network-based access control solution. s distributed, highly scalable, high availability architecture supports a broad range of wired, wireless, and VPN networks. Its inherent flexibility lets IT organizations gracefully evolve their projects from initial trials to pilot roll-outs to full deployments to ensure effective security policy implementations with minimal impact on user experience. www.bradfordnetworks.com

Datasheet DIRECTOR SOLUTION COMPONENTS Bradford s solution consists of appliances, an optional Network Security Manager (NSM) appliance, and agent software. These components are deployed in a variety of configurations based on the enterprise environment. Component Appliance Network Security Manager (NSM) Appliance Persistent or Dissolvable Agent Description Out-of-band appliance that provides enterprise-wide policy management and enforcement. (Larger enterprises may deploy multiple appliances, depending on the size of the user environment) Centralized management appliance that provides management and control for multiple distributed appliances via a common console. Used in larger enterprise environments where two or appliances are deployed. Lightweight client software used in assessing endpoint device posture. The persistent agent is installed on the host for continuous monitoring, while the dissolvable agent is a run-once executable. APPLIANCES offers comprehensive services identity management, endpoint compliance, and usage policy enforcement across the entire product family. These services can be deployed in phases moving from passive monitoring to active enforcement in settings as small as a branch office or as large as a multi-national enterprise s global network. s high performance architecture and enterprise-wide scalability deliver effective access control in any enterprise environment with complete implementation flexibility. The family includes the SX, MX, LX and GX platforms, allowing solutions to be tailored based on the number of concurrent users, the number of network devices, authentication methods used, and access policy complexity. SX and MX are each a single stand-alone appliance. LX and GX support higher capacities by splitting functionality between two paired appliances an Application Server and a Control Server allowing for increased performance and load sharing of functions. LX appliance pairs are available in both standard configurations and redundant configurations with RAID 10 and hot-swappable dual power supplies. GX pairs include RAID 10 and hot-swappable dual power supplies as part of the standard offering for appliance-level redundancy. MX, LX, and GX platforms also support optional high-availability, hot-failover configurations for environments requiring the highest levels of system uptime. December 12, 2007 2 BN-104-14-10002-01

Datasheet Platform Type Target Environment Concurrent Users SX, SXR Standalone Appliance Small/Branch Office Environments Up to 100 MX, MXR Standalone Appliance Medium/Regional Office Environments Up to 1,000 LX: LX-A and LX-C, LX-AR and LX-CR GX: GX-AR and GX-CR Standard Appliance Pair: Network Control Server / Network Application Server High-Performance Appliance Pair: Network Control Server / Network Application Server Large/Headquarters Office Environments Up to 6,000 Large/Headquarters Office Environments Up to 12,000 NSM, NSMR Management Appliance Multi-site Environments with multiple Network Sentry clusters Note: Redundant versions are designated with R added to the platform name, and include RAID 10 and hot-swappable dual power supplies. Greater than 12,000 s flexible hardware architecture allows enterprises to start with a single SX appliance and then expand to higher capacities with the MX, LX, or GX as needed via incremental software upgrades, rather than wholesale hardware replacement. This cost-effective approach ensures that initial capital investments in can easily scale to support larger environments. SX MX MX LXA LX-A LXC LX-C LXA GX-A LXC GX-C Larger enterprises can deploy any combination of appliances required to meet the needs of their particular environment, with centralized management and control provided by Network Security Manager (NSM). NSM LXA LXA LXA LX-ALXC LXC LXC LX-C SX MX MX LXA LX-A LXC LX-C LXA GX-A LXC GX-C Host Vulnerability Assessment Using Nessus Engine appliances seamlessly integrate Nessus vulnerability scans of host devices to assist with endpoint assessments. With native support for a Nessus client, enables Nessus scans for completely agent-less assessment of host vulnerabilities. can also combine Nessus scans with Bradford s agent technology to enable both network-based and agent-based assessment for detailed vulnerability and compliance checking. December 12, 2007 3 BN-104-14-10002-01

Datasheet AGENT TECHNOLOGY Bradford Networks solution offers both dissolvable and persistent agents for comprehensive host assessment. Dissolvable Agent: Available for Windows, Mac OS X* and Linux operating systems, the dissolvable agent is a run-once executable that is integrated into the registration and authorization process. The dissolvable agent can be customized to run based on a user s role, the network access method (e.g. wired or wireless LAN, VPN, etc.), as well as on a regularly scheduled interval. Persistent Agent: Available for Windows and Mac OS X operating systems, the persistent agent is installed on the host and provides additional functionality including non-intrusive user and device authentication and posture assessment. Comprehensive assessment capabilities of dissolvable and persistent agents: System Type, Patch Levels and Hotfixes Identify OS type (Windows, Mac OS X, Linux), along with patch or service pack (e.g. SP2) and/or hotfixes Anti-virus Applications, Engine and Definitions Version Identify AV applications status and ensure current definitions Anti-spyware Applications, Engine and Definitions Version Identify AS application status and ensure current definitions Required and Prohibited Applications Identify all applications, whether required or prohibited Active Processes Identify actively running processes File Presence and Status Identify specific filenames and present status Wireless drivers* Identify wireless driver being used (important as some drivers are known to have existing security vulnerabilities) Patch Management Integration Integrate with patch servers such as BigFix to verify endpoint posture and automatically remediate non-compliant devices Additional capabilities of the persistent agents include: Continuous Windows Monitoring* As a lightweight application installed on the host device, the Windows persistent agent can provide continuous monitoring of files, applications, and processes. Whereas pre-connect assessment provides a single snapshot view of host compliance, the ability for continuous post-connect monitoring enables greater control over host activity throughout the network session. Messaging and Emergency Notification The persistent agent can also be used as a means for communicating directly with users on the network, providing an effective method for quickly reaching the user community with important information or alerts. Messages configured and sent from a centralized management interface will instantaneously launch a customizable pop-up message box on the end user s computer screen. * Available in next major release. December 12, 2007 4 BN-104-14-10002-01

Datasheet SYSTEM FEATURES AND BENEFITS Feature Description Benefits IDENTITY MANAGEMENT Device registration Each device is forced to register prior to accessing the live network Maintains a comprehensive view of devices connected to the network at all times Standards-based authentication 7-point identity profile Get Out/Stay Out control Dynamic VLAN assignment Comprehensive role assignment Port-level role assignment Support for standards such as 802.1X, LDAP, RADIUS based authentication Identity profile with user name; user role; device name; MAC address; IP address; network access point; time Quickly locate and disable any user or device starting with a suspect IP address Assign appropriate VLAN based on user, device, location, time-of-day, etc. Assign all users to distinct groups with specific policies User roles can be mapped to individual network access ports Leverages existing infrastructure and widely deployed authentication technologies Enables precise identity definitions for granular policy assignment Removes suspicious users immediately and prevents them from reconnecting until vetted Ensures users access to appropriate resources based on pre-defined business rules Enforces policies by group, versus individual user, streamlining policy enforcement process Provides high degree of granularity in assigning role-based policies ENDPOINT COMPLIANCE Persistent and dissolvable agents Continuous endpoint posture analysis Self-remediation Lightweight client software to assess endpoint device posture Pre- and post-admission endpoint analysis Guide users with non-compliant devices to download new software updates/patches Enables assessment of campus-owned endpoints and visitor/guest devices Ensures endpoints remain compliant with policy throughout their network session Empowers users to update their own systems, reducing the need for helpdesk intervention NESSUS scanning Network-based device vulnerability scanner Allows agent-less assessment of endpoints for known security vulnerabilities Windows agent monitoring* Monitoring of file status, processes, registry keys Provides enhanced assessment of Windows endpoints for additional policy controls Patch integration* Integration with patch management systems such as BigFix Drives operational efficiencies for staff and users through patch automation Wireless driver checks* Checks Windows wireless drivers against known list of suspect drivers Reduces wireless network vulnerabilities and potential performance problems USAGE POLICY ENFORCEMENT Broad range of acceptable use policies Ability to define any number of acceptable use policies Quickly implement company-specific security policies MANAGEMENT OPERATIONS Four simultaneous user and device isolation methods Alarm and trap triggers Integration with deep packet inspection solutions 802.1X, MAC-based RADIUS authentication, DHCP and VLAN steering Taking automatic policy-based action upon alarm receipt Action mechanism for violations triggered by deep packet inspection solutions like IDS, IPS, etc. Enables consistent user and device isolation capabilities for multi-vendor environments Automates manual processes to stop unauthorized activity at network access point Enforces policy at the edge to block unwanted activities at the point of access to the network Phased policy activation Allows roll-out by port, device or location Enables phased, logical deployment of the solution to minimize business disruptions Intuitive management interface Consistent user experience Remote registration Powerful web-based system management homepage Common registration, authentication, and remediation functions across wired, wireless and VPN connections Allows users to register and verify endpoint devices before arriving on-site Drives operational efficiencies; enables quick troubleshooting capabilities Increases user satisfaction; reduces support burden Saves time for users and administrators; reduces load on network and IT staff during peak periods Standard reports Set of standard, out-of-the-box report formats Allows on-demand reporting for standard network performance metrics Customizable reports Sort data by deleted parameters, including time-of-day, user, location, etc. Allows administrators to generate custom reports on-demand Standard SQL logs Standard database infrastructure for data import/export Enables enhanced reporting for regulatory compliance, trend analysis, and other uses * Available in next major release. December 12, 2007 5 BN-104-14-10002-01

Datasheet TECHNICAL SPECIFICATIONS Standard Appliances ND-SX ND-MX ND-LX-A / ND-LX-C ND-NSM SYSTEM CPU CORE 2 DUO E8400 3.0 GHZ Memory Memory bus clock Hard disk 4 GB DDR II SDRAM (4 x 1 GB) 1333-MHz FSB ND-LX-A 4 GB DDR II SDRAM (4 x 1 GB) ND-LX-C 4 GB DDR II SDRAM (4 x 1 GB) 1x 160-GB Enterprise SATA drive Network Interface 3 x 10/100/1000 Ethernet, 3 x 10/100/1000 Ethernet, 8 GB DDR II SDRAM (4 x 2 GB) 2 x 10/100/1000 Ethernet, ENVIRONMENT Console Access Form factor Dimensions Weight Power supply Cooling Panel Display Non- 1x Fast UART 16550 serial port Rack-mountable 1 RU 16.8 Wx1.7 Hx22.6 D 426mmx43mmx574mm 26.5lbs (12.0kg) 2 x 10/100/1000 Ethernet, 300 W AC Power Supply, auto awitching 100-240VAC, 50-60Hz, 10A (115V) to 5 A (230V) maximum, 1120 BTUs/hr (for rated output power of 300W) 3 x 3-pin counter-rotating cooling fans, front/back airflow Power, Hard drive activity, 2x Network activity, System Overheat 10 to 35 C (50 to 95 F) -40 to 70 C (-40 to 158 F) Non- 8-90% non-condensing 5-95% non-condensing CERTIFICATION Emissions FCC Part 15, Subpart B, Class A, Canada ICES-003 (2004), Class A, Japan VCCI Class A, EN55022(1998)/CISPR 22(1997) Class A, EN55024 (1998), EN61000-3-2(2000) and EN61000-3-3(1995)+A1(2001) Safety UL 60950-1 1st Edition, 2006-07-07, CSA 22.2 No. 60950-1-03 1st Edition, 2003-11, IEC 60950-1:2001 1st Edition, EN 60950-1:2001 1st Edition December 12, 2007 6 BN-104-14-10002-01

Datasheet TECHNICAL SPECIFICATIONS Redundant Appliances ND-SXR ND-MXR ND-LX-AR SYSTEM CPU Dual-Core Intel Xeon 3000 2.66 GHz ND-LX-CR ND-NSMR Memory Memory bus clock 4 GB DDR II SDRAM (4 x 1 GB) 1066-MHz FSB 8 GB DDR II SDRAM (4 x 2 GB) Hard disk 4 x 160-GB Enterprise SATA drives, RAID 10 Network Interface 3 x 10/100/1000 Ethernet, 2 x 10/100/1000 Ethernet, ENVIRONMENT Media Console Access Form factor Dimensions Weight Power supply Cooling Panel Display Non- CD/DVD-ROM 1x Fast UART 16550 serial port Rack-mountable 1 RU 17.2 Wx1.7 Hx25.6 D 437mm x 43mm x 650mm 40 lbs (18.1 kg) Two (2) 450W redundant, hot swappable AC power supplies, 1+1 redundancy w/ PFC, 100-240VAC, 50-60Hz, 8A (115V) to 4A (230V) maximum, 2192 BTUs/hr (for rated output power of 450W) Three (3) 40mm heavy-duty counter-rotating fans, front/back airflow Power, Hard drive activity, 2x Network activity, System Overheat 10 to 35 C (50 to 95 F) -40 to 70 C (-40 to 158 F) Non- 8-90% non-condensing 5-95% non-condensing CERTIFICATION Emissions FCC Part 15, Subpart B, Class A, Canada ICES-003 (2004), Class A, Japan VCCI Class A, EN55022(1998)/CISPR 22(1997) Class A, EN55024 (1998), EN61000-3-2(2000) and EN61000-3-3(1995)+A1(2001) Safety UL 60950-1 1st Edition, 2006-07-07, CSA 22.2 No. 60950-1-03 1st Edition, 2003-11, IEC 60950-1:2001 1st Edition, EN 60950-1:2001 1st Edition Note: ND-SXR, ND-MXR, ND-LX-AR, ND-LX-CR and ND-NSMR appliances require software release 3.1.9 or higher December 12, 2007 7 BN-104-14-10002-01

Datasheet TECHNICAL SPECIFICATIONS High-Performance Appliances ND-GX-AR SYSTEM CPU 2 x Dual-Core Xeon 5150 2.66 GHz ND-GX-CR Memory 8 GB DDR II SDRAM (4 x 2 GB)) Memory bus clock 1333-MHz FSB 4 x 160-GB Enterprise SATA drives. RAID 10 Hard disk 2 x 10/100/1000 Ethernet, Media CD/DVD-ROM Console Access Form factor Dimensions 1x Fast UART 16550 serial port Rack-mountable 1 RU 17.2 Wx1.7 Hx25.6 D 437mm x 43mm x 650mm Weight 41 lbs (18.6 kg) Power supply Two (2) 650W redundant, hot swappable AC power supplies, 1+1 redundancy w/ PFC, 100-240VAC, 50-60Hz, 10A (115V) to 5 A (230V) maximum 3186 BTUs/hr (for rated output power of 650W) ENVIRONMENT Cooling Four (4) 40mm heavy-duty counter-rotating fans, front/back airflow Panel Display Non- Power, Hard drive activity, 2x Network activity, System Overheat 10 to 35 C (50 to 95 F) -40 to 70 C (-40 to 158 F) Non- 8-90% non-condensing 5-95% non-condensing CERTIFICATION Emissions FCC Part 15, Subpart B, Class A, Canada ICES-003 (2004), Class A, Japan VCCI Class A, EN55022(1998)/CISPR 22(1997) Class A, EN55024 (1998), EN61000-3-2(2000) and EN61000-3-3(1995)+A1(2001) Safety UL 60950-1 1st Edition, 2006-07-07, CSA 22.2 No. 60950-1-03 1st Edition, 2003-11, IEC 60950-1:2001 1st Edition, EN 60950-1:2001 1st Edition Note: ND-GX-AR and ND-GX-CR appliances require software release 3.1.9 or higher ABOUT BRADFORD NETWORKS Bradford Networks develops advanced network access control solutions for wireless, wired and VPN networks. Bradford s out-of-band appliances leverage existing network infrastructures and investments to deliver automated identity management, endpoint compliance and usage policy enforcement services. Bradford helps IT managers address the challenges of guest access, unmanaged devices and regulatory compliance. December 12, 2007 8 BN-104-14-10002-01

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback