Enterasys SNS-TAG-HPA Manual de usuario Pagina 3
- Pagina / 6
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Page 3
binds together the User, Hostname, IP address, MAC and location
(switch and port or wireless AP and SSID) along with timestamps for
each endpoint—a key requirement for auditing and forensics. IP-to-ID
Mapping is also used by NMS Automated Security Manager to implement
location-independent distributed intrusion prevention and by Enterasys
Security Information and Event Manager (SIEM) or other third party
SIEM/IPS solutions to pinpoint the source of a threat.
Enterasys NAC Inline Controller
The Enterasys NAC Inline Controller may be integrated into any network
from any vendor to provide network access control for wired LAN,
wireless LAN, and VPN users. The Enterasys NAC Inline Controller may
be deployed without reconfiguration of network edge infrastructure. An
in-line appliance, Enterasys NAC supports up to 2,000 endpoints and
addresses a number of out-of-band NAC deployment challenges:
• Out-of-band NAC requires intelligent edge switches that support IEEE
802.1X authentication and RFC 3580 quarantine. Enterasys and
some third party switches meet these requirements, but many older
edge switches do not. The Enterasys NAC Inline Controller provides
authentication and isolation for each user and application flow
regardless of the edge switch deployed.
• Out-of-band NAC often requires reconguration of edge switches. The
Enterasys NAC Inline Controller is installed in-line between the edge
and distribution layers, and does not require any reconfiguration at the
network edge.
Network performance and network fail-over availability are two important
issues to consider when deploying any in-line security appliance.
Because Enterasys NAC Inline Controllers take advantage of Enterasys
advanced switch technology, these appliances will not become
congestion points on the network. Dual Enterasys NAC Inline Controllers
can be deployed in a fail-over mode where redundancy is required. Each
communicates with the NMS NAC Manager application to replicate
status and configuration information.
Assessment for the NAC Inline Controller is separately licensed and
includes both agent-based and agent-less assessment.
Enterasys NAC Out-of-Band Gateway
The Enterasys NAC Out-of-Band Gateway controls endpoint
authentication, security posture assessment and network authorization.
For authentication services, the Enterasys NAC Out-of-Band Gateway
acts as a RADIUS proxy, or RADIUS server for MAC Authentication,
which communicates with the organization’s RADIUS authentication
services (e.g. interfaces with Microsoft Active Directory or another
LDAP-based directory service). The Enterasys NAC Out-of-Band Gateway
supports 802.1X (Extensible Authentication Protocol), MAC, Web-based
and Kerberos Snooping (with certain restrictions) authentication. For
endpoint assessment, the Enterasys NAC Out-of-Band Gateway connects
to multiple security assessment servers.
For authorization services, the Enterasys NAC Out-of-Band Gateway
communicates RADIUS attributes to the authenticating switch. This
allows the switch to dynamically authorize and allocate network resources
to the connecting endpoint based on authentication and assessment results.
The Enterasys NAC Out-of-Band Gateway appliance also stores NAC
configuration information and the physical location of each endpoint.
It easily scales to support redundancy and large NAC deployments.
Enterasys NAC Out-of-Band Gateway models are available to meet
the needs of different-sized implementations. It is also available as a
security module for popular Enterasys switches.
Assessment for the NAC Out-of-Band Gateway is separately licensed and
includes both agent-based and agent-less assessment.
Enterasys NAC Out-of-Band Gateway Virtual Appliance
Enterasys NAC Out-of-Band Gateway Virtual Appliance provides all the
powerful endpoint authentication, security posture assessment and
network authorization capabilities built on VMware®. Deploying NAC
Out-of-Band Gateway Virtual Appliance, enterprises gain all the benets
of network access control with the advantages of a virtual environment
—cost savings from using existing hardware and reduced time to value.
Available with different sizing options for central locations as well as
remote sites.
Assessment for NAC Virtual Appliance is separately licensed and includes
both agent-based and agent-less assessment.
Additional Features
• Proven interoperability with Microsoft NAP and Trusted Computing
Group TNC.
• Automatic endpoint discovery and location tracking by identifying
new MAC addresses, new IP addresses, new 802.1X / Web-based
authentication sessions, or Kerberos or RADIUS request from access
switches.
• Support for Layer 2 and Layer 3 deployment modes and support for
all five NAC deployment models: intelligent wired edge, intelligent
wireless edge, non-intelligent wired edge, non-intelligent wireless
edge, and VPN.
• Management options (in-band or out-of-band) can be tailored to
existing network management schemes and security requirements.
• Support for multiple RADIUS and LDAP server groups allows
administrators to identify the server to which a request is directed.
• Macintosh agent support for agent-based assessment.
• Open XML API’s support integration with IT workows for automated
streamlined operations
• Web-service based NAC API simplies integration with third party
applications.
• 1 + 1 Redundancy for both Layer 2 and Layer 3 deployment modes:
provides high-availability and eliminates the NAC Inline Controller or
NAC Out-of-Band Gateway as a single point of failure
• Risk level conguration allows exibility in determining threat
presented by the end system. Fine grained control allows NAC
administrator to define High Risk, Medium Risk, and Low Risk
thresholds based on local security policies and concerns.
• The Enterasys NAC Inline Controller and NAC Out-of-Band Gateway
are upgradable, allowing assessment to be integrated onto a single box
with the other NAC functions. The upgraded appliances are capable of
supporting both network-based and/or agent-based assessment.
Relacionado con productos y manuales para Redes Enterasys SNS-TAG-HPA
Redes Enterasys 2E253-49R Guía de usuario
(390 paginas)
(390 paginas)
Redes Enterasys VHSIM2-A6DP Guía de usuario
(436 paginas)
(436 paginas)
Redes Enterasys 802.1Q Manual de usuario
(24 paginas)
(24 paginas)
Redes Enterasys Matrix N7 7C107 Guía de instalación
(94 paginas)
(94 paginas)
Redes Enterasys 8000/8600 Manual de usuario
(32 paginas)
(32 paginas)
Redes Enterasys SSR-GLX70-01 Manual de usuario
(34 paginas)
(34 paginas)
Redes Enterasys 802 Manual de usuario
(5 paginas)
(5 paginas)
Redes Enterasys 2000 Especificaciones
(83 paginas)
(83 paginas)
Redes Enterasys 802.1Q Manual de usuario
(8 paginas)
(8 paginas)
Redes Enterasys VH-SMGMT Guía de usuario
(58 paginas)
(58 paginas)
Redes Enterasys 802.1Q Especificaciones
(116 paginas)
(116 paginas)
Redes Enterasys DFE-Platinum Series Guía de instalación
(110 paginas)
(110 paginas)
Redes Enterasys SNS-TAG-LPA Manual de usuario
(6 paginas)
(6 paginas)
Redes Enterasys 802 Guía de usuario
(49 paginas)
(49 paginas)
Redes Enterasys 802.1Q Especificaciones
(36 paginas)
(36 paginas)
Redes Enterasys XSR-1850 Manual de usuario
(17 paginas)
(17 paginas)
Redes Enterasys 802.11b PC Card Especificaciones
(12 paginas)
(12 paginas)
Redes Enterasys 2H23-50R Especificaciones
(808 paginas)
(808 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.227 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales