![Page 1: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/1.jpg)
NAC – creating the inherently secure cross platform network
![Page 2: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/2.jpg)
Identity Management / Network Access Control
Wired and Wireless (Incl. RFID / RTLS)
Security and Compliance Solutions Designing, Implementing and supporting LAN/WAN
Security / Health / Vulnerability Audits
Data and Voice (VoIP) Solutions
Fully Managed Services (24x7x365) BS7799 / ISO 27001 Compliance
Network Management and Monitoring
Bespoke and Tailored Services
Who are we?
Training (Manufacturer & Bespoke)
![Page 3: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/3.jpg)
NAC – creating the inherently secure cross platform network
What does that mean?
![Page 4: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/4.jpg)
Anyone know what this is?
NAC Version 1
Lockdown Network – Power off at 18:00
Open Network – Power on at 09:00
![Page 5: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/5.jpg)
5
Goal of NAC– Limit access to network
resources based on a user’s business needs and the real-time security risk of the user or networked device
Components of NAC– Assess Identity: sets access privileges based on
dynamic user-centric criteria so that policies move with the user and are not bound to specific ports or hardware
– Ensure Compliance: ensures that all communications are authenticated, authorized, and free from viruses, worms, and malware
– Enforce Policy: allows entry by only valid users, and quarantines/remediates unauthorized and/or harmful devices on the basis of stateful-firewall roles
“They say NAC is”
![Page 6: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/6.jpg)
In Reality NAC Solutions are
![Page 7: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/7.jpg)
Very Difficult to prevent Staff from plugging in their own devices especially in multi-site environments
About Audits / Compliance; Present Network Information i.e. devices or users, where they are, when they were on, are they authorised?
Do they connect Wired and Wireless?
Difficult to allow temporary access for guests, visitors and contractors
Difficult To solve, traditionally you need; Independent Solutions on wired & wireless networks =
Multiple Platforms to Manage/Support = Increased Support / Maintenance Costs =
Inefficiency in resolving problems!
In Reality it’s
![Page 8: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/8.jpg)
Business needs to be easier not harder
Devices HAVE to connect easily
Networks must be SECURE by design
Users have to be able to use their systems
Access has to be FLEXIBLE
NAC should be about improving resource access
![Page 9: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/9.jpg)
Anywhere, Anyhow, Anyone
Imagine a world ;
• Any device can connect to any wired port on your network• Any device can connect to your wireless network• Irrespective of whether it belongs to staff / visitor • The device and user is identified and authorised• The device can be checked it is safe to connect• The user and device are given the relevant access• Details of the device and user Access is logged• You can find and control every device & user across your
network
![Page 10: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/10.jpg)
Corporate Network
Easy for wired / wireless users to connect
Auto provision of printers, CCTV, Servers, Scanners, VoIP
Reception / Department Mgrs
Can create temp users and allocate roles (i.e. Contractor / Visitor etc)
IT Dept
Full visibility of network devices & users. The ability to delegate some tasks
Security Team
Confidence the Network is Secure
Audit and Compliance
Full audit trail
Unwanted Users / Devices
More than NAC
![Page 11: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/11.jpg)
VISIBILITY; Automatically Identify and Track ‘every’ device on wired / wireless networks Automatic Inventory of what has been and is on your network Automatically Scan devices for compliance
CONTROL
Automatically Block, Alert and Record Unauthorised Access Attempts Automatically Register devices by department (if allowed) Automatically Register devices if they meet a “confidence” level Automatically Enforce ‘global’ or department policies Enable ‘guest’ access without compromising security
AUDIT Real-Time & Historical Audit of ‘ALL’ activity Audit & Regulatory Compliance (PCI, CoCo, etc)
It’s about
![Page 12: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/12.jpg)
12
100% Out of Band Architecture
![Page 13: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/13.jpg)
13
The Bradford Networks Product Range
![Page 14: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/14.jpg)
Licensing
There are various elements available for licensing:-You can buy limited functionality and build up to a full NAC Product
A brief summary is shown below – Functionality Full NAC NAC Lite User Tracking GCS
Register Devices Limited
Custom Device Option
Authenticate Users Limited
Policy Scan Limited
Dissolvable Agent
Persistent Agent
Track Devices
Track Users
Enable/Disable Devices
Connection Audit Trail
Guest / Conference Service
3rd Party Security Integration
![Page 15: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/15.jpg)
15
Interoperability with over 300 models of networking equipment from 20 leading vendors
Unmatched Interoperability
![Page 16: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/16.jpg)
Quick Status
![Page 17: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/17.jpg)
Client View
Seven points of identity
Filter returns 44 clients out of a total of 475 Data can be exported to .csv
![Page 18: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/18.jpg)
IT Manager
Department Manager
Contractor User
Receptionist
Guest User
Multi-User Conference
IT Staff Employee “Sponsors” Visiting Users
IT Manager can empower non-technical employees to set up network access for specific visiting users.
Sponsor for: • Contractors
Sponsor for: • Guests
• Conferences
Guests and Conferences
![Page 19: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/19.jpg)
19
• Simple discovery mechanism
• Multiple profiling parameters to establish type of device
• Automated control actions per device type
Automate Network Provision
![Page 20: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/20.jpg)
20
• Network service by device type
• Multiple edge control options (Role/VLAN, Port Location, Port CLI/ACLs, etc.)
• Device without a matching profile kept off the network
Confidence = Network Access
![Page 21: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/21.jpg)
21
• Visibility, tracking and access control rights passed down to functional groups
• Automated access rules defined in device templates help maintain IT control
Workflow
![Page 22: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/22.jpg)
22
Example: Adding a Printer
![Page 23: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/23.jpg)
23
Setting Confidence
![Page 24: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/24.jpg)
Rogue Device Plugged into Switch Port
SWITCH VIEW
Rogue Device could be - persons own laptop, a NAT device - wireless / wired router , printer - ANYTHING
Visibility
![Page 25: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/25.jpg)
Email Alert with full details
Email with full details of alarm; Rogue Device Detected; Mac Address, IP Address, Time, Date, Location
EMAIL ALARM
Email Alarms Fully Customisable “Rogue Connected”
Email sent to Groups, Individuals etc
Control
![Page 26: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/26.jpg)
Rogue Device Immediately
Disabled / Removed from Network
SWITCH VIEW
LOCKING DOWN & SECURING YOUR NETWORKS
Auto-Enforcement
![Page 27: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/27.jpg)
“Rogue Connection” Event Recorded
Search in real-time and historically
EVENT VIEW
Audit
![Page 28: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/28.jpg)
Future NAC
Trusted Network Connect
Microsoft NAP
Bradford Networks
![Page 29: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/29.jpg)
DHCP
RADIUS
RADIUS
Microsoft Vista NAP
![Page 30: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/30.jpg)
Trusted Network Connect(TNC) Architecture
![Page 31: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/31.jpg)
Full Visibility of entire network (all sites) and connected devices
Real-Time and Historical audit trail
Security and Control; Block unknown / unauthorised ‘rogues’
Distributed and Automated Device Management
Foundation to build a full Network Access Control Architecture; End Point Policy Enforcement (Client-less / Client Scanning) Allow Secure Guest / Visitor Access Remote Scan – check device before arrival
KEY FEATURES“More than NAC”
![Page 32: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/32.jpg)
• KEY BENEFITS
Fits ‘ANY’ Network Design Network Independent (wired or wireless) “Out of Band” (not “In-Line”) solution;
NO Network Re-Design NO Single Point of Failure NO Network Downtime during implementation Phased Roll Out: Granular – Port By Port
Client-less Policy Enforcement Scalable;
One system secures up to 12,000 devices, across multiple sites Cost effective and ‘proven’ solution
Over 600 customers worldwide, 100 UK & Ireland
“Minimal Impact”
![Page 33: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/33.jpg)
• GOVERNMENT ORGANISATION (CANNOT BE NAMED BUT REFERENCE AVAILABLE)
• PROBLEM / REQUIREMENTS
Required visibility of all remote sites (7 across the UK) Unauthorised Network Access forbidden but not easily enforced Complex to secure different Vendor devices (including hubs) Roaming staff / devices needed to be controlled / VLAN’d off Solution MUST not disrupt network / users
• KHIPU’S SOLUTION
Single Central system, securing all remote devices Phased and Controlled Roll Out with NO downtime Prevents ‘Rogue’ device access Manages devices by switching them into appropriate VLAN’s Completely ‘locked down’ network
“Why customers buy”
![Page 34: W&M 2009 – NAC – creating the inherently secure cross platform network](https://reader034.vdocuments.mx/reader034/viewer/2022052507/55845109d8b42afc4e8b4fdb/html5/thumbnails/34.jpg)
Questions and Answers
Come and see us at stand 1816
T: +44 (0) 845 2720900 Khipu Networks LimitedInfineon HouseMinley RoadFleet
http://www.khipu-networks.com Hampshire GU51 2RDUnited Kingdom
We should probably talk!