secure ip address management layer 2 network access control … · 2016-03-09 · ipam + agentless...

8
Secure IP Address Management Layer 2 Network Access Control Solution

Upload: others

Post on 11-Mar-2020

2 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Secure IP Address Management Layer 2 Network Access Control … · 2016-03-09 · IPAM + Agentless NAC + DHCP server IPScan XE is an agentless network access control solution that

Secure IP Address ManagementLayer 2 Network Access Control Solution

Page 2: Secure IP Address Management Layer 2 Network Access Control … · 2016-03-09 · IPAM + Agentless NAC + DHCP server IPScan XE is an agentless network access control solution that

BenefitsIPScan XE is a high-performance solution (a must-have for the network administrator who wants to manage end-point communications) and an agentless network access control solution that provides network administrators withessential tools, including IP address management.

▶ Increases security against internal network breaches▶Prevents costly downtime associated with IP address conflicts▶Enhances regulatory and best practices compliance▶Streamlined IT and network engineering operations▶Effective centralized management▶Dedicated probe for large scale distributed networks▶Secured stability with enhanced network control▶Reinforced security against unauthorized IP/MAC control▶Real-time notifications and reporting▶Easy deployment & operation▶Lowers total cost of ownership

Case StudiesSamsung Challenges

Unable to control external and/or internal guests accessing the network under DHCP environment.Needs to protect automated factory devices which use fixed IP addresses. IP duplications on any of the factory devices will lead tothe factory downtime (unable to calculate the loss!).

Why IPScan?Extensive reference sites which prove its stability and technology. Does require neither network reconfiguration nor agentinstallation (transparent deployment).

After DeploymentEffectively controls external and/or internal guests by pre-assigning network access period (increased network security).Protects IP addresses of factory devices to minimize the factory downtime caused by IP duplications.After the initial deployment, they have integrated with HR resource database to control ex-employees’ accessing the network to stealcompany confidential information.Defined, deployed, and settled and strict network access policies applied to internal employees increases work efficiency for ITmanagers.

LG Challenges

Problems with video conference system between HQ and regional offices due on IP management.Needs to analyze IT resource status in each branch office (relied on branch manager’s report).Security issues in a number of branch offices with wireless LAN.Security issues on unknown and/or unauthorized devices accessing the network.

Why IPScan?Prompt technical support and knowledge on deploying and designing network access policies.

After DeploymentPrevents IP duplication on video conferencing devices ensuring the system uptime.Increases security under WLAN allowing only the authorized devices.Creates accurate IT resource inventory system (e.g. number of PC, network and system devices, printers and etc.) for each branchoffice to find out the current status, based on which, IT device purchase decision and expansion plan were made.

With IPScan XE, we could manage our resources more efficiently with less effort, less time and less expense“

Why IPScan XE for Your IP Management ?

Layer 2 Network Access Control Solution Benefits

Page 3: Secure IP Address Management Layer 2 Network Access Control … · 2016-03-09 · IPAM + Agentless NAC + DHCP server IPScan XE is an agentless network access control solution that

IPScan XEAgentless network access control with secure DHCP server

IPScan is an IP/MAC resource management and network security solution that enables IT managers to automatethe IP/MAC resource management process.IPScan controls network access of any device that uses IP addresses. Utilizing a powerful blocking technology,IPScan ensures that unknown and unauthorized IP/MAC addresses are prevented from accessing the network.By deploying IPScan into your network, you can centrally manage distributed IP/MAC address resources moresafely, effectively and efficiently. IPScan provides IP-enabled organizations with valuable security, availability,compliance and operational efficiency benefits & ROI.

If You have these kind of issues, we can make it better

IP Address Management

DHCP IP Management

Layer 2 Network Access Control Solution Solution Overview

Manually update daily changed IP allocation or online status.Difficult to manage real-time online IP/MAC status.Unable to prevent IP duplication in real-time.Unable to control unauthorized IP/MAC in use.

Network Access ControlDifficulty of implementing.Installing PC agent program.IP-phone, etc.High deployment cost.

IP allocation failure in rush hour.High cost for HA or/and relay server.Monitoring only DHCP IP pool.

Unable to manage static IP range.Unable to manage the IPs of server or network devices.Unknown DHCP server allocates unauthorized DHCP IPs.

Changing network devices.Unable to control non-supported O/S such as network printer,Not easy to control non 802.1x devices.

Everywhere

Page 4: Secure IP Address Management Layer 2 Network Access Control … · 2016-03-09 · IPAM + Agentless NAC + DHCP server IPScan XE is an agentless network access control solution that

IPAM + Agentless NAC + DHCP serverIPScan XE is an agentless network access control solution that providesnetwork administrators with essential tools manage IP/MAC devices

Agentless & out of bandNon 802.1x basedReal-time layer 2 IP/MAC controlUnauthorized device blockingTime-based usage controlUser identification management by IP/MACSwitch port control & management

Authorized pool management for internal usersUnauthorized pool managementfor external & temporary usersFixed DHCP IP allocationAccess time control for temporary usersAuto blocking Static IP in DHCP IP range

Static IP device controlIP conflict protectionIP changing protectionUnused IP blockingTime-based IP usage control

Network Diagram

DHCP serverAgentless NACIPAM

Easy implementation for the current DHCP serverenvironment with visitor control

Need to replace the existing DHCP server,but, it provides more managed and secured DHCP environment

New MAC Blocking

Built-InDHCP server

IPScan Probe

IPScan Probe

Static IP area

Static IP area

Static IP protectionUnused IP address blocking IP-MAC binding

Mission critical IP protection (IP conflict protection)Unused IP address blocking IP-MAC binding, etc.

DHCP serverDHCP Request

DHCP Request DHCP RequestDHCP Request

DHCP DHCPDHCP

DHCP

Registered DHCP client

Registered DHCP client New DHCP clientInstant New MAC Blockingor Temp IP Allocation

Authorized DHCP Pool Unauthorized DHCP Pool

New MAC

Blocking

Blocking

IPScan with 3rd Party DHCP server

Built-in Secure DHCP server

Page 5: Secure IP Address Management Layer 2 Network Access Control … · 2016-03-09 · IPAM + Agentless NAC + DHCP server IPScan XE is an agentless network access control solution that

IPScan XE FeaturesDynamic IP management (secure DHCP server) - Quarantine unauthorized DHCP client- Network access time control for visitor- MAC address filtering for access security- Static IP address control in DHCP pool- Unknown DHCP server detection

Secure IP/MAC managementStatic IP address management- Real-time IP/MAC status update for entire network: online/offline/

unused/expired, IP change, new IP, new MAC, IP conflict, etc.- Unused IP reservation- IP-MAC binding - Group & description

LAN access control & L2 security- Appliance based NAC policy enforcer (non 802.1X) - Improve vulnerability management process - L2 Security : controlling access by MAC address filtering - Manual / automatic network access control : IP blocking / MAC blocking- Increase wireless network access security (AP bridge mode)

IP conflict management- IP protection on mission critical devices

Automatic IP/MAC inventory- Online, offline, unused IP/MAC address

No need to apply PC based agent programNo need of network upgrade (802.1x)Easy control of user interface.Supports 802. 1q to manage multi-VLANenvironment.

Attempt to access to the network

Protection Protection Protection

Controls devices regardless of operating system.Agentless control solution.Controls network devices (Switch, Router, IPT, etc.).

Embedded DHCP functionControls entire IP devices regardless ofIP management environment.

Easyimplementation

Layer 2 access control

solution

Providingadvanced

DHCP serverfeatures

Real-time IP/MAC inventory status.Real-time alarming events.Real-time blocking and authentication.Real-time IP conflict monitoring.

Real-timemanagement

IPScan XE Major Functions

IP : 192.168.100.10Factory Line IP Device

IP : 192.168.100.11Internet Banking Server

IP : 192.168.100.12Network IP Device

Protection from IP Conflicts

Access Network

Blocking Blocking Blocking

IP : 192.168.100.10 IP : 192.168.100.12

Access Network

IP : 192.168.100.11

Access Network

Page 6: Secure IP Address Management Layer 2 Network Access Control … · 2016-03-09 · IPAM + Agentless NAC + DHCP server IPScan XE is an agentless network access control solution that

IPScan XEIPScan is deployed by hundreds of large enterprises, service providers, governments and military agencies and educationalinstitutions. IPScan consists of four components: (1) administrative console software, (2) centralized server, (3) database,and (4) distributed hardware; probes.IPScan is the only solution that provides complete control over all IP/MAC access onto the network. IPScan automaticallydetects and documents every ethernet and IP address that attempts the network access, and enforces centrally definedpolicies in real-time, with the ability to block unauthorized devices from communicating on the network.IPScan helps secure networks against internal breaches, prevents inadvertent network disruptions from address conflicts,mitigates the risks of non-compliance with regulatory requirements for securing and controlling customer, corporatefinancial and gaming operation information, and increases IT's operational efficiency in delivering information service.

1. IPScan ConsoleInstalled on the IT manager's PC, it connects to the IPScanServer to view, monitor and define IP/MAC policies.

2. IPScan Server Installed in the main data center, it communicates withprobes to receive and store collected data and forwardsthe IP policies defined by IT manager.It supports MS-SQL 2000~2012 Server, Oracle and MySQL

3. IPScan DatabaseCollected data and policies are stored in the RDBMS.MS-SQL 2000 ~ 2012 Server, Oracle and MySQL Server arecompatible. DB Server and IPScan Server can be installedin the same hardware platform if there are fewer than5,000 active IP's. For more than 5,000 active IP networks, aseparate hardware platform is required for each.

4. IPScan ProbeA software-technology-embedded hardware probedesigned to control small to large size network. Implements the policies defined by the IPScan ConsoleSupports 802.1q to manage multiple VLANs from a singledevice.Built-in DHCP server (Probe 50, 100A, 200, 600R, 1000R)

Technical AdvantageLAN access security: Non-802.1X based. Agentless. No port mirroring required, Out of band control>> less cost, less complexity, easy operation

Unique static IP address management : IP-MAC binding,unused IP blocking, IP change control>> IPAM with IP control, IP protection

Secure DHCP server: Non-DHCP client detection andblocking. Static & DHCP mixed environment management.Unauthorized DHCP client management>> Advanced DHCP server with non-DHCP client control

ARP based real-time monitoring and control: Easy-to-deploy>> IP/MAC monitoring/control for any Layer 2 environment

(Just connect to any switch/hub port)>> Vendor independent, device independent

(Unmanaged switch, managed switch, HUB, AP, PC with PC Firewall)

>> Multi-VLAN environment supported (Using 802.1Q)

High capacity: >> HA support, 100,000 devices control in a Server

Simple & Cost Effective

Layer 2 Network Access Control SolutionSolution Review

IPScan Components Solution Advantages

Securing More with Less

Page 7: Secure IP Address Management Layer 2 Network Access Control … · 2016-03-09 · IPAM + Agentless NAC + DHCP server IPScan XE is an agentless network access control solution that

IPScan XE

CPU

Memory

Flash

Interface

Size(mm)

Weight

Operating Environment

Input Voltage

Power

Trunk Protocol

DHCP server

RMI AU 1550 MIPS Core(333MHz) 64M DDR RAM 2Mbyte NOR Flash1GBbyte NAND Flash Ethernet 10/100Mbps, (RJ-45 ) 1Port. RS-232 Console 1Port. 118(W)x30(H)x118(D) 440g Temperature : 0-40C' Humidity : 0%-90% AC 100V~240V 50~60Hz 5WIEEE 802.1q Supports Yes

IPScan Probe 50 CPU

Memory

Flash

Interface

Size(mm)

Weight

OperatingEnvironment

Input Voltage

Power

Trunk Protocol

DHCP server

RMI AU 1550 MIPS Core(333MHz) 64M DDR RAM 2Mbyte NOR Flash1GBbyte NAND Flash Ethernet 10/100Mbps, (RJ-45 ) 1Port. RS-232 Console 1Port. 200mm(W) X 44mm(H) X 196mm(D) 1.3Kg Temperature : 0-40C' Humidity : 0%-90% AC 100V~240V 50~60Hz 6W IEEE 802.1q Supports Yes

IPScan Probe 100A

CPU

Memory

Flash

Interface

Size(mm)

Weight

Operating

Environment

Input Voltage

Power

Trunk Protocol

DHCP server

Intel Celeron 2GHz 1GB DDR2 RAM 2GBbyte CF Flash Module Ethernet 10/100Mbps, (RJ-45 ) 6Port.RS-232 Console 1Port.430mm(W)x44mm(H)x285mm(D) 4.4Kg Temperature : 0-40C' Humidity : 0%-90% AC 100V~240V 50~60Hz 68W IEEE 802.1q Supports Yes

IPScan Probe 600R CPU

Memory

Flash

Interface

Size(mm)

Weight

Operating

Environment

Input Voltage

Power

Trunk Protocol

DHCP server

RMI AU1550 MIPS Core (500MHz) 128MB DDR RAM 2Mbyte NOR Flash1GBbyte NAND Flash Ethernet 10/100Mbps, (RJ-45 ) 2Port. RS-232 Console 1Port. 200mm(W) X 44mm(H) X 196mm(D) 1.3Kg Temperature : 0-40C' Humidity : 0%-90% AC 100V~240V 50~60Hz 6W IEEE 802.1q Supports Yes

IPScan Probe 200

CPU

Memory

Flash

Interface

Size(mm)

Weight

Operating Environment

Input Voltage

Power

Trunk Protocol

DHCP server

Intel Dual Core 1.8GHz 1GB DDR3 RAM 2GBbyte CF Flash Module Fibre-optic SFP module 2 slots RJ-45 10/100/1000 Base TX 6ports RJ-45 Console 1Port (RS-232 converter included) 430mm(W)x44mm(H)x385mm(D) 5.6Kg Temperature : 0-40C' Humidity : 0%-90% AC 100V~240V 50~60Hz 74W IEEE 802.1q Supports Yes

IPScan Probe 1000R

Layer 2 Network Access Control SolutionSpecification

Page 8: Secure IP Address Management Layer 2 Network Access Control … · 2016-03-09 · IPAM + Agentless NAC + DHCP server IPScan XE is an agentless network access control solution that

ViaScope International Inc.3rd Floor Hwangjae Bldg., 20, Songpa-dong, Songpa-gu, Seoul 138-170, KoreaTel. 82-2-3412-9700 Fax. 82-2-3412-9800www.viascope.comE-mail: [email protected]