Enterasys 7S4280-19-SYS Uživatelský manuál stáhnout pdf (Strana 2)

Page 2

launching attacks while in the quarantine state) on Enterasys switches.

Enterasys NAC is adaptable to any device using RADIUS for authorization

with conﬁgurable RADIUS attributes such as Login-LAT or Filter ID.

Enterprises can apply different policies depending on the RADIUS reject

attribute. For example a different policy may be applied to user with

an expired password than to a user who did not have an account. The

solution offers unmatched interoperability, provides the widest number

of authentication options, and supports Layer 2, Layer 3 and VPN access

technologies.

Enterasys NAC enables the homogeneous conﬁguration of policies across

multiple switch and wireless access point vendors. This capability

signiﬁcantly reduces the burden of policy lifecycle management

and eases NAC deployment in wired and wireless heterogeneous

infrastructures.

With Enterasys NAC’s ﬂexibility, organizations have phased deployment

options enabling immediate network protection and business value. For

example, an organization can start with simple endpoint detection and

location directory information, then add authentication/authorization and/

or assessment, and then automate remediation.

Fine-Grained Conﬁguration Options

Enterasys NAC conﬁguration options provide an unparalled range of

choices for ﬁne grained network control. These conﬁguration options

include time, location, authentication types and end system and user

groups. For example, enterprises can write and enforce policies that

grant a precise level of network access based on the type of system

connecting, an employee’s role in the organization, the location of a user

at the time the user is connecting, or the time of day. An enterprise’s

network is more secure with tighter control over who gains access, when

and from what location. The granularity of these conﬁguration options

also provides ﬂexibility for efﬁcient deployment in large heterogeneous

infrastructures.

Guest Account Services Included

Enterasys NAC includes automated guest registration access control

features to assure secure guest networking without burdening IT staff.

NAC capabilities automate or delegate guest access management.

Features such as expiration and account validity time control the guest

account without any IT involvement. Enterasys NAC provides a self

registration portal for users to register multiple devices themselves. NAC

offers advanced sponsorship capabilities such as email sponsorship and

a simple portal for sponsors to use to validate guest registration. LDAP

integration allows dynamic role assignment for authenticated registration.

Authenticated registration allows enterprise network users to register

devices and receive the proper role for non-802.1X capable devices.

Multiple registration groups allow administrators to give different levels of

access to different types of guests.

Identity-Aware Networking

In an identity-aware network a user’s capabilities are controlled based

on the user’s identity and the access policies attributed to the user.

Enterasys NAC provides user identity functionality including discovery,

authentication and role based access controls. Enterasys NAC integrates

with identity sources such as Siemens Enterprise Communications

HiPath DirX Identity and Microsoft Active Directory leveraging and

extending the organization’s existing directory investments. Users

are managed centrally in the identity system for the network and all

connected applications. The process of managing the user’s lifecycle

(e.g. enrollment, role changes, termination) can be automated and

linked to other business processes with LDAP and RADIUS integration.

Users can be automatically added or deleted when they join or leave the

organization. Enterasys identity-aware networking capabilities provide

stronger network security and lower operational cost.

Endpoint Baselining and Monitoring

All end systems in the network infrastructure should be incorporated

in the network access control system for control to be most effective.

Enterasys NAC provides agent-based or agent-less endpoint assessment

capabilities to determine the security posture of connecting devices.

Enterasys NAC, aligned with industry standards, works with multiple

assessment servers, authentication servers and security software agents

to match the needs of organizations who may have existing assessment

technology. The agent-less capability does not require the installation

of a software security agent on the end system and is typically used

for end systems such as guest PCs, IP phones, IP cameras or printers.

The Enterasys agent-less assessment scans for operating system and

application vulnerabilities. The agent-based capability requires the

installation of a software agent on the end system. The endpoint agent

scans for anti-virus status, ﬁrewall status, operating system patches and

peer-to-peer ﬁle sharing applications. The agent can look for any process

or registry entry and automatically remediate. This combination of agent

and agent-less capabilities in the Enterasys NAC solution enables more

efﬁcient management and reporting.

Notiﬁcations and Reporting

The advanced notiﬁcation engine in Enterasys NAC provides

comprehensive functionality and integrates with the workﬂows of other

alerting tools already in place. Enterprises can leverage and extend

their existing automated processes to further reduce operational costs.

Notiﬁcations occur for end-system state changes, guest registration and

end-system health results. Notiﬁcation is delivered through traps, syslog,

email or web service. The notiﬁcation engine has the ability to run a

program triggered by a notiﬁcation event. For example, integrated with

the help desk application, NAC notiﬁcation can be used to automatically

map changes in the infrastructure to actions.

End-system reporting is simple with Enterasys NAC web-based end-

system data views. NAC provides easy-to-use dashboards and detailed

views of the health of the end systems attached or trying to attach to the

network. Analysts responsible for monitoring end-system compliance can

easily tailor the views to present the information in their preferred format.

The reports can be generated as PDF ﬁles.

NMS NAC Manager

NMS NAC Manager software provides secure, policy-based NAC

management. From one centralized location, IT staff can conﬁgure

and control the NAC solution, simplifying deployment and on-going

administration. NAC Manager also aggregates network connectivity and

vulnerability statistics, audits network access activities, and provides

detailed reports on vulnerabilities in the network.

NMS NAC Manager provides additional value through its integration

with other Enterasys NMS applications and Enterasys security products.

For example, Enterasys NMS NAC Manager seamlessly integrates with

NMS Policy Manager to enable “one click” enforcement of role-based

access controls. The NMS NAC Manager IP-to-ID Mapping feature

1 2 3 4 5 6

Komentáře k této Příručce

Žádné komentáře

Enterasys 7S4280-19-SYS Uživatelský manuál Strana 2

Komentáře k této Příručce

Související produkty a manuály pro Síťové přepínače Enterasys 7S4280-19-SYS