All Rights Reserved © Alcatel-Lucent 2010• 1 | Dynamic Enterprise Tour – Safe NAC Solution | 2010

Protect your information with intelligent Network Access Control

Fabrice Lieuvin

Director, Business Development EMEA – Data & Security Division

fabrice.lieuvin@alcatel-lucent.com

All Rights Reserved © Alcatel-Lucent 2010• 2 | Safe NAC Solution - DET | 2010

1.Enterprise strategy

2.SafeNAC

3.Conclusion

All Rights Reserved © Alcatel-Lucent 2010• 3 | Safe NAC Solution - DET | 2010

Enterprise strategy1

All Rights Reserved © Alcatel-Lucent 2010• 4 | Safe NAC Solution - DET | 2010

Alcatel-Lucent Enterprise Network Infrastructure

SIP Conversation Engine

choice

User Centric Experience

Contact Center & Customer

Service applications

Communication& Collaboration

applications

On premises in Cloud

Application Fluent Network

• Provides Application Fluent Networks that uniquely enable a high quality user experience with reduced operations

complexity

All Rights Reserved © Alcatel-Lucent 2010• 5 | Safe NAC Solution - DET | 2010

Introducing Alcatel-Lucent’s Application Fluent Network

OperationsControl

• Convergence Without Complexity

Architecture

Architecture

A simplified, optimized and resilient network with market-

class leading capacity and built-in security

Control

Provides unique dynamic tuning of network performance to

ensure high quality real-time application delivery

Operations

Reduced complexity through automation, consistency of

features, and integrated troubleshooting tools

All Rights Reserved © Alcatel-Lucent 2010• 6 | Safe NAC Solution - DET | 2010

SafeNAC2

All Rights Reserved © Alcatel-Lucent 2010• 7 | Safe NAC Solution - DET | 2010

PRODUCTIVITY ENHANCED

DEPLOYMENT IS SIMPLE

THREAT PROTECTION

ENTERPRISE IS SECURE

NAC Challenges

• Endpoints are Compliant

• Malware is Contained

• No Rogue Endpoints

• Continuous Surveillance

• Secured Guest Access

• Secured Partner Access

• Secured Contractor Access

• Services are Available

• Supports Existing Infrastructure

• Multi-Vendor Networks

• Multiple Endpoint platforms

• Multiple Authentication Methods

• Reduced Help Desk Costs

• Reduced Management Costs

• Enterprise is Compliant

• Data is Protected

4. KNOWLEDGE 3.PROCESS

1. NETWORK 2.PEOPLE

All Rights Reserved © Alcatel-Lucent 2010• 8 | Safe NAC Solution - DET | 2010

Introducing Safe NAC

• Key Features• Access Control for Guests, LAN & Wireless

• Endpoint Malware Protection• Verify OS and End Point Configuration• Controls Automatic Remediation• Role-based Post Admission Control• Audit Reports for Compliance

Differentiation • Non Disruptive Multi-vendor Deployment• Support for Multi-authentication, Multi-endpoint environments

• Integration with Multiple Network Elements Provides Reduced Cost

• Centralized Management

• Trusted Dynamic Enterprise

All Rights Reserved © Alcatel-Lucent 2010• 9 | Safe NAC Solution - DET | 2010

Key Benefits End-to-End LAN/WLAN Security solution

Role Based Access policy tailored to your business

Can be deployed on existing infrastructure

Simple deployment scenarios

Cost effective, based on open standards

Authentication, Authorization, Accounting

Works with Existing Directory Services

Host Integrity Check

Clientless and Light Client Based

Role Based Accessmap user’s profile to

security policies

Quarantine and RemediationIsolate and fix problematic users

Anomaly Detection–IPS/IDS

Stop malwares with behavioral detection Zero-day protection, no

signature updates

Monitoring/ComplianceUnique ability to log users

activities and monitor access to sensitive information

Safe NAC: User Aware Network Security Solution

All Rights Reserved © Alcatel-Lucent 2010• 10 | Safe NAC Solution - DET | 2010

Safe NAC: Solution’s components

All Rights Reserved © Alcatel-Lucent 2010• 11 | Safe NAC Solution - DET | 2010

OmniSwitch – Secure LAN Switches

Embedded Network Access Control

Granular per-user profiling (User Network Profiles)

Host Integrity Policy Enforcement

Tight integration with CyberGatekeeper

Broad Range of Security Features

Port Mapping, Learned Port Security, DHCP Snooping, ARP Poisoning Detection,

Traffic Anomaly Detection – Threat mitigations

All Rights Reserved © Alcatel-Lucent 2010• 12 | Safe NAC Solution - DET | 2010

Access Guardian Key Advantages

Devices and Users Authentication • Identifies devices based on location and MAC @ or 802.1x standard• Bann or quarantine network access when not authenticated

Integrated Guest Access Web Portal• Visitors can be authenticated via the integrated Captive Portal• No limitation of number of users or MAC @ • Works seamlessly with connected WiFi access points

User Network Profile Simplifies Network Access Management• Roles and profiles assigned to users during authentication• Profiles include VLAN, ACL, QOS and Mobility Parameters

Verify Endpoint Compliance Before Network Access• Policy enforcement is performed by the OmniSwitch• Compliance enforcement is independent of authentication

Stronger Edge Security• Integrated automatic Traffic Anomalies Detection based on traffic behavior• Simple Access Control List and Quarantine Management

All Rights Reserved © Alcatel-Lucent 2010• 13 | Safe NAC Solution - DET | 2010

OmniSwitch and 8950 AAA Process

Group Mobility

VLAN ID

UNP

Captive

Portal

8950 AAA

eDIR / LDAP

Other Radius

• Guests

802.1x

Yes

MAC@

No

FailFail

Group Mobility

VLAN ID

UNP

Group Mobility

VLAN ID

UNP

Group Mobility

VLAN ID

UNP

Quarantine

Fail

• Supplicant

• Managed Users

Access Policy Parameters are pushed to the OmniSwitch

Bandwidth enforcement and Anomaly Detection

All Rights Reserved © Alcatel-Lucent 2010• 14 | Safe NAC Solution - DET | 2010

Safe NAC and Compliance Enforcement Scenario

802.1x User

Regular LAN User

Guest

Remediation Server(s)

Production Network

1

Employee, contractor or guest

connects to the network

OmniSwitch provides authentication and

identifies user profile. It checks if HIC check is needed for this user.

(802.1x, MAC, captive portal)

OmniSwitch redirects traffic to the CyberGatekeeper Policy Server and the remediation

servers.

CyberGatekeeper policy server receives HIC report from CyberGatekeeper Agent and informs the OnmiSwitch if the device

has passed or failed.

If HIC passed, OmniSwitch selectively allows device traffic to

production network following policy in user profile.

If HIC Failed, OmniSwitch restricts traffic to remediation network

only

CyberGatekeeperPolicy Server

2

Alcatel-Lucent OmniSwitch

3 4

Resident or on-demand agentContinuous surveillance

5

• 8950 AAA + Directory

All Rights Reserved © Alcatel-Lucent 2010• 15 | Safe NAC Solution - DET | 2010

Conclusion3

All Rights Reserved © Alcatel-Lucent 2010• 16 | Safe NAC Solution - DET | 2010

User Centric Security

Allowing Flexible Deployments throughout multiple environments

All Rights Reserved © Alcatel-Lucent 2010• 18 | Safe NAC Solution - DET | 2010

Evaluation of this sessionA

All Rights Reserved © Alcatel-Lucent 2010• 19 | Safe NAC Solution - DET | 2010

Evaluation of this session

Please take 2 minutes to fill out the evaluation form, distributed to you by the speaker

Please fill out as title of this presentation: « Safe NAC»

Submit the form when leaving the room or put it in one of the boxes that you find everywhere in the venue

THANK YOU

All Rights Reserved © Alcatel-Lucent 2010• 20 | Safe NAC Solution - DET | 2010

User Centric Security

Allowing Flexible Deployments throughout multiple environments

www.alcatel-lucent.com