all rights reserved © alcatel-lucent 2010 1 | dynamic enterprise tour – safe nac solution | 2010...
TRANSCRIPT
All Rights Reserved © Alcatel-Lucent 2010• 1 | Dynamic Enterprise Tour – Safe NAC Solution | 2010
Protect your information with intelligent Network Access Control
Fabrice Lieuvin
Director, Business Development EMEA – Data & Security Division
All Rights Reserved © Alcatel-Lucent 2010• 2 | Safe NAC Solution - DET | 2010
1.Enterprise strategy
2.SafeNAC
3.Conclusion
All Rights Reserved © Alcatel-Lucent 2010• 3 | Safe NAC Solution - DET | 2010
Enterprise strategy1
All Rights Reserved © Alcatel-Lucent 2010• 4 | Safe NAC Solution - DET | 2010
Alcatel-Lucent Enterprise Network Infrastructure
SIP Conversation Engine
choice
User Centric Experience
Contact Center & Customer
Service applications
Communication& Collaboration
applications
On premises in Cloud
Application Fluent Network
• Provides Application Fluent Networks that uniquely enable a high quality user experience with reduced operations
complexity
All Rights Reserved © Alcatel-Lucent 2010• 5 | Safe NAC Solution - DET | 2010
Introducing Alcatel-Lucent’s Application Fluent Network
OperationsControl
• Convergence Without Complexity
Architecture
Architecture
A simplified, optimized and resilient network with market-
class leading capacity and built-in security
Control
Provides unique dynamic tuning of network performance to
ensure high quality real-time application delivery
Operations
Reduced complexity through automation, consistency of
features, and integrated troubleshooting tools
All Rights Reserved © Alcatel-Lucent 2010• 6 | Safe NAC Solution - DET | 2010
SafeNAC2
All Rights Reserved © Alcatel-Lucent 2010• 7 | Safe NAC Solution - DET | 2010
PRODUCTIVITY ENHANCED
DEPLOYMENT IS SIMPLE
THREAT PROTECTION
ENTERPRISE IS SECURE
NAC Challenges
• Endpoints are Compliant
• Malware is Contained
• No Rogue Endpoints
• Continuous Surveillance
• Secured Guest Access
• Secured Partner Access
• Secured Contractor Access
• Services are Available
• Supports Existing Infrastructure
• Multi-Vendor Networks
• Multiple Endpoint platforms
• Multiple Authentication Methods
• Reduced Help Desk Costs
• Reduced Management Costs
• Enterprise is Compliant
• Data is Protected
4. KNOWLEDGE 3.PROCESS
1. NETWORK 2.PEOPLE
All Rights Reserved © Alcatel-Lucent 2010• 8 | Safe NAC Solution - DET | 2010
Introducing Safe NAC
• Key Features• Access Control for Guests, LAN & Wireless
• Endpoint Malware Protection• Verify OS and End Point Configuration• Controls Automatic Remediation• Role-based Post Admission Control• Audit Reports for Compliance
Differentiation • Non Disruptive Multi-vendor Deployment• Support for Multi-authentication, Multi-endpoint environments
• Integration with Multiple Network Elements Provides Reduced Cost
• Centralized Management
• Trusted Dynamic Enterprise
All Rights Reserved © Alcatel-Lucent 2010• 9 | Safe NAC Solution - DET | 2010
Key Benefits End-to-End LAN/WLAN Security solution
Role Based Access policy tailored to your business
Can be deployed on existing infrastructure
Simple deployment scenarios
Cost effective, based on open standards
Authentication, Authorization, Accounting
Works with Existing Directory Services
Host Integrity Check
Clientless and Light Client Based
Role Based Accessmap user’s profile to
security policies
Quarantine and RemediationIsolate and fix problematic users
Anomaly Detection–IPS/IDS
Stop malwares with behavioral detection Zero-day protection, no
signature updates
Monitoring/ComplianceUnique ability to log users
activities and monitor access to sensitive information
Safe NAC: User Aware Network Security Solution
All Rights Reserved © Alcatel-Lucent 2010• 10 | Safe NAC Solution - DET | 2010
Safe NAC: Solution’s components
All Rights Reserved © Alcatel-Lucent 2010• 11 | Safe NAC Solution - DET | 2010
OmniSwitch – Secure LAN Switches
Embedded Network Access Control
Granular per-user profiling (User Network Profiles)
Host Integrity Policy Enforcement
Tight integration with CyberGatekeeper
Broad Range of Security Features
Port Mapping, Learned Port Security, DHCP Snooping, ARP Poisoning Detection,
Traffic Anomaly Detection – Threat mitigations
All Rights Reserved © Alcatel-Lucent 2010• 12 | Safe NAC Solution - DET | 2010
Access Guardian Key Advantages
Devices and Users Authentication • Identifies devices based on location and MAC @ or 802.1x standard• Bann or quarantine network access when not authenticated
Integrated Guest Access Web Portal• Visitors can be authenticated via the integrated Captive Portal• No limitation of number of users or MAC @ • Works seamlessly with connected WiFi access points
User Network Profile Simplifies Network Access Management• Roles and profiles assigned to users during authentication• Profiles include VLAN, ACL, QOS and Mobility Parameters
Verify Endpoint Compliance Before Network Access• Policy enforcement is performed by the OmniSwitch• Compliance enforcement is independent of authentication
Stronger Edge Security• Integrated automatic Traffic Anomalies Detection based on traffic behavior• Simple Access Control List and Quarantine Management
All Rights Reserved © Alcatel-Lucent 2010• 13 | Safe NAC Solution - DET | 2010
OmniSwitch and 8950 AAA Process
Group Mobility
VLAN ID
UNP
Captive
Portal
8950 AAA
eDIR / LDAP
Other Radius
• Guests
802.1x
Yes
MAC@
No
FailFail
Group Mobility
VLAN ID
UNP
Group Mobility
VLAN ID
UNP
Group Mobility
VLAN ID
UNP
Quarantine
Fail
• Supplicant
• Managed Users
Access Policy Parameters are pushed to the OmniSwitch
Bandwidth enforcement and Anomaly Detection
All Rights Reserved © Alcatel-Lucent 2010• 14 | Safe NAC Solution - DET | 2010
Safe NAC and Compliance Enforcement Scenario
802.1x User
Regular LAN User
Guest
Remediation Server(s)
Production Network
1
Employee, contractor or guest
connects to the network
OmniSwitch provides authentication and
identifies user profile. It checks if HIC check is needed for this user.
(802.1x, MAC, captive portal)
OmniSwitch redirects traffic to the CyberGatekeeper Policy Server and the remediation
servers.
CyberGatekeeper policy server receives HIC report from CyberGatekeeper Agent and informs the OnmiSwitch if the device
has passed or failed.
If HIC passed, OmniSwitch selectively allows device traffic to
production network following policy in user profile.
If HIC Failed, OmniSwitch restricts traffic to remediation network
only
CyberGatekeeperPolicy Server
2
Alcatel-Lucent OmniSwitch
3 4
Resident or on-demand agentContinuous surveillance
5
• 8950 AAA + Directory
All Rights Reserved © Alcatel-Lucent 2010• 15 | Safe NAC Solution - DET | 2010
Conclusion3
All Rights Reserved © Alcatel-Lucent 2010• 16 | Safe NAC Solution - DET | 2010
User Centric Security
Allowing Flexible Deployments throughout multiple environments
All Rights Reserved © Alcatel-Lucent 2010• 18 | Safe NAC Solution - DET | 2010
Evaluation of this sessionA
All Rights Reserved © Alcatel-Lucent 2010• 19 | Safe NAC Solution - DET | 2010
Evaluation of this session
Please take 2 minutes to fill out the evaluation form, distributed to you by the speaker
Please fill out as title of this presentation: « Safe NAC»
Submit the form when leaving the room or put it in one of the boxes that you find everywhere in the venue
THANK YOU
All Rights Reserved © Alcatel-Lucent 2010• 20 | Safe NAC Solution - DET | 2010
User Centric Security
Allowing Flexible Deployments throughout multiple environments
www.alcatel-lucent.com