NEXT GENERATION SOLUTION FOR NETWORK ACCESS MANAGEMNT & CONTROL

Similar documents
Portnox CORE. On-Premise. Technology Introduction AT A GLANCE. Solution Overview

Security Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis

Reviewer s guide. PureMessage for Windows/Exchange Product tour

2013 InterWorks, Page 1

NETWORK ACCESS CONTROL OVERVIEW. CONVENIENCE. SECURITY.

Simplifying your 802.1X deployment

Enterprise Guest Access

Detecting MAC Spoofing Using ForeScout CounterACT

Deployment Guide. ForeScout CounterACT Deployment on Juniper Networks:Wired Post-Connect

RADIUS Configuration Note WINS : Wireless Interoperability & Network Solutions

WHY YOUR NAC PROJECTS KEEP FAILING: ADDRESSING PRODUCTS, PEOPLE, PROCESSES

ForeScout Extended Module for MaaS360

Technology Solution Guide

Deployment Guide. Best Practices for CounterACT Deployment: Wired Pre-Connect

Forescout. Configuration Guide. Version 2.4

Deployment Guide. ForeScout CounterACT Deployment on Juniper Networks: Wired Pre-Connect

August knac! 10 (or more) ways to bypass a NAC solution. Ofir Arkin, CTO

The Anatomy of the 802.1x "Sting"

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

How to set up Portnox with OPSWAT GEARS

Introduction to Network Discovery and Identity

ForeScout Extended Module for MobileIron

ForeScout Extended Module for Palo Alto Networks Next Generation Firewall

ClearPass Ecosystem. Tomas Muliuolis HPE Aruba Baltics lead

ForeScout Extended Module for Carbon Black

Networks with Cisco NAC Appliance primarily benefit from:

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

MOBILE NETWORK ACCESS CONTROL

Secure wired and wireless networks with smart access control

Introduction to Network Discovery and Identity

ForeScout Extended Module for Qualys VM

ISE Version 1.3 Hotspot Configuration Example

ForeScout Extended Module for VMware AirWatch MDM

The Aruba S3500 Mobility Access Switch

Intelligent Edge Protection

ForeScout Agentless Visibility and Control

Modular Policy Framework. Class Maps SECTION 4. Advanced Configuration

Identity Based Network Access

N exam.420q. Number: N Passing Score: 800 Time Limit: 120 min N CompTIA Network+ Certification

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.2

TECHNICAL NOTE CLEARPASS PROFILING QUICK START GUIDE

SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE

ONE POLICY. Tengku Shahrizam, CCIE Asia Borderless Network Security 20 th June 2013

Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access

Mobile Network Access Control Extending corporate security policies to mobile devices

Configure Posture. Note

Pulse Policy Secure X Network Access Control (NAC) White Paper

ForeScout Extended Module for Tenable Vulnerability Management

FortiNAC. HiPath. Enterasys. Siemens. Extreme. Wireless Integration. Version: 8.x. Date: 8/28/2018. Rev: B

ACCP-V6.2Q&As. Aruba Certified Clearpass Professional v6.2. Pass Aruba ACCP-V6.2 Exam with 100% Guarantee

TECHNOLOGY Introduction The Difference Protection at the End Points Security made Simple

Visibility, control and response

Pulse Policy Secure. Profiler. Deployment Guide 5.4R3. Product Release Document Version. Published

ForeScout CounterACT. Assessment Engine. Configuration Guide. Version 1.0

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

CounterACT 7.0 Single CounterACT Appliance

Vendor: Juniper. Exam Code: JN Exam Name: Junos Pulse Access Control, Specialist (JNCIS-AC) Version: Demo

Cisco TrustSec How-To Guide: Phased Deployment Overview

Add and Organize Devices

Monitor Mode Deployment with Cisco Identity Services Engine. Secure Access How -To Guides Series

Support Device Access

USP Network Authentication System & MobileIron. Good for mobile security solutions

User Identity Sources

Forescout. eyeextend for Carbon Black. Configuration Guide. Version 1.1

Stratix Industrial Ethernet Switch. Features and Benefits

Question: 1 The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?

Get Success in Passing Your Certification Exam at first attempt!

HP0-Y13. ProCurve Network Management. Download Full Version :

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Wireless Integration Overview

ForeScout Extended Module for ServiceNow

SailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities

A. Post-Onboarding. the device wit be assigned the BYOQ-Provision firewall role in me Aruba Controller.

WhatsConnected v3.5 User Guide

Test - Accredited Configuration Engineer (ACE) Exam - PAN-OS 6.0 Version

Tanium Discover User Guide. Version 2.x.x

Cisco Network Admission Control (NAC) Solution

Interoperability guide Phoenix Contact WLAN clients with Cisco Wireless LAN Controllers (WLC) Published:

Manage Your Inventory

ForeScout CounterACT. Single CounterACT Appliance. Quick Installation Guide. Version 8.0

CISCO EXAM QUESTIONS & ANSWERS

ForeScout Extended Module for ServiceNow

Features > 10/100/1000 Mbps Gigabit Ethernet Ports

Cisco NAC Network Module for Integrated Services Routers

WhatsUp Gold. Evaluation Guide

HiveManager Local Cloud

WiNG 5.x How-To Guide

WMS WLAN Management Solution

P ART 3. Configuring the Infrastructure

Cisco TrustSec How-To Guide: Monitor Mode

Gigabit SSL VPN Security Router

White Paper February McAfee Policy Enforcer. Securing your endpoints for network access with McAfee Policy Enforcer.

CISCO EXAM QUESTIONS & ANSWERS

Implementing Network Admission Control

ForeScout CounterACT. Configuration Guide. Version 4.3

ISE Version 1.3 Self Registered Guest Portal Configuration Example

Symbols. Numerics I N D E X

Network Configuration Example

HP IMC Smart Connect Virtual Appliance Software

Network Performance Monitor

Transcription:

PORTNOX PLATFORM NEXT GENERATION SOLUTION FOR NETWORK ACCESS MANAGEMNT & CONTROL Portnox s Network Access Control Platform traverses across all network layers, whether physical, virtual or in the cloud to illuminate, visualizes, analyze and control all connected devices and users. Its unmatched ability to reach every fragment of the network regardless of layer or location results in the most accurate and real-time view of any network, allowing organizations to make smarter, more efficient and more secure decisions. Portnox.com 3/6

Portnox Key Features agentless, port-level monitoring & enforcement integrates with managed & unmanaged access layers; supports standard protocols (SNMP, SSH, HTTP) no traffic manipulation, no changes to topology Integration of corporate directories, domain & PBX databases 100% access coverage. supports all the various access layers using multiple authentication profiles software based solution (Win2008 R2) fail open architecture role based access control for the UI deployment driven seamless clustering & high availability How Portnox Communicates with Managed Switches: Portnox uses SNMP version 1, 2 or 3 to communicate, gather and display basic information of the connected network devices of your switch infrastructure. Through the addition of SNMP Traps we get a real time view of what is connected to the ports, which ports are currently active along with their status. We can view also additional information for each port such as the VLAN configuration. With the help of a layer 3 device (such as a router or firewall), we can start retrieving the IP addresses from the Arp table of each device which is connected to the switching infrastructure. With this information we can also display information of the device such as the MAC address, hostname and operating system. Portnox does not require port mirroring or routing changes in order to implement NAC capabilities. 4/6

How Portnox communicates with wireless network equipment: Portnox is capable of providing 100% coverage of the wireless network to allow a full scale NAC solution to the client. Portnox is able to integrate with all Cisco Wireless controllers, along with their associated access points, offering the ability to view the wireless devices connected to these. All the access point information is automatically retrieved from the controller. Portnox can also integrate with other uncontrolled access points via a generic wireless module which provides syslog and/or SSH capabilities to perform illumination and enforcement on connected devices. How Portnox covers unmanaged parts of the network: In some cases, various parts of the network are considered unmanaged. This is usually due to unmanaged network switch infrastructure or when administrative access is denied to a managed switch due to other limitations. In such cases, portnox will construct a virtual switch (a virtual representation of the IP scope defined), for which portnox performs layer 3 and layer 2 scans to fully illuminate devices on this layer. Portnox will also be able to enforce policies on such devices using ARP poisoning techniques or on the fly configuration of ACL on routers if applicable. How Portnox authenticate devices: Portnox uses a wide array of authentication methods for devices including; Windows authentication, Domain Authentication, SSH and telnet. This combined with the ability to correlate these authentication methods to a specific time period, Geographic location, group of devices and specific vlan gives the ability to enforce incredibly granular policies. Portnox also uses an inbuilt fingerprint tool to collect more extensive information on the devices connected to your switches. We are able to see information of the device, in addition to the port configuration it is connected to. If the device is part of the domain, we can integrate with an active directory to identify which user is currently logged onto that device. For IP phones we can display the extension numbers for each IP phone by integrating with the corporate PBX database. 5/6

How Portnox check compliance level of devices: Portnox is an agentless NAC solution all compliance checks are performed via standard WMI and remote registry capabilities. Detailed compliancy checks (running services, processes, file systems and registry checks) can be run on Windows machines. Compliance policies can be created based on either black or white lists as required. This provides the ability to act upon systems that do not meet a certain system baseline, for example, up to date corporate AV or the corporate software deployment tool. Portnox provides dozens of preconfigured compliance checks. How Portnox enforces NAC policy on devices: If a device fails authentication because it is not a corporate device or is a guest device, Portnox can either alert the appropriate personnel / helpdesk or shutdown the device s port altogether. Portnox can also move the device onto an isolated vlan we call a Phase vlan eg: guest vlan with only internet access. The Phase vlan is normally an isolated guest vlan. This is used to fix devices that have failed compliance checks or to isolate unknown devices from the network. Portnox additionally offers a Captive Portal. When a device has been moved to the Phase vlan, the Captive Portal (a web page) appears and can be customised by the customer. Using a Captive Portal we induce the user to undergo Captive Authentication where authorised users need to enter their credentials to allow their guest device onto the corporate network for a specified amount of time. Users are authorised based on a corporate directory such as Active-Directory / compliant directory or with any other local user DB store. How Portnox performs device remediation: If a device fails authentication by not passing the authentication scheme or failed a compliancy check, we can move this device onto an isolated vlan. For example, if a device fails the AV compliancy check since it is out of date, Portnox will move the device onto a remediation vlan for updates, then move it back onto its correct vlan when Portnox attempts to re-authenticate the device. 6/6

Portnox can than alert the 3rd party server about the device which requires remediation by sending a syslog message or executing an action script to trigger the process. The time intervals in which Portnox re-checks a device that has failed a certain policy can be configured. Additional resolutions provided by Portnox NAC: Portnox supports both layer 2 and layer 3 and has the ability to employ policies per vlan and even per specific devices. Portnox also allows grouping of specific ports from various switches to a location which can have different policies as well. An example could be a location set to all ports representing conference rooms which usually have different (stricter) NAC enforcement policies or any other public ports which might be more exposed to foreign access. Portnox also allows setting different policies per different types of device (e.g. operating system of a specific version). Portnox can produce dynamic vlan rules configuration based on; type of device (specific OS type, printer, voice IP phone, logical grouping of devices etc) or user logged into device. This enables both security and management capabilities based on predefined corporate policies. User Experience: The end user (both wired and wireless) experience will depend on the situation. During the process of authentication the user will not notice anything different. If they pass authentication, the user will be able to work as normal. If the device fails authentication for whatever reason, they will notice the following depending on configuration: Failed Authentication: Port Blocked The user will lose network access. Failed Authentication or compliance: portnox display a customized popup balloon on windows OS to inform the user of current situation and/or further action required. 7/6

Failed Authentication or compliance: Phase The user s device will be moved to an isolated vlan. This could be a remediation vlan or a guest vlan with just internet access. Captive Portal Alternatively the user will be presented with a captive portal web page. This can be altered and changed to suit the customer. The user will typically see a message displayed that their device has moved to the isolated/guest vlan due to authentication failure. This can also include a help desk number. Captive Authentication The user will be able to enter authorized domain credentials to authenticate and allow the device onto the network. 2013 Portnox Access Layers. all rights reserved 8/6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback