IT'S NOVICOM
Novicom is a Czech company with a major position in the development of tools for monitoring, managing and ensuring the security of information technology(IT) and communications. It focuses on developing tools for the efficient, reliable and secure operation of large and distributed networks.
Novicom also offers a wide range of services, such as expert analysis, consulting or customer-oriented product development, implementation and support, and user and customer training.
Novicom is a rapidly growing company. It was founded in 1994 with an initial focus on selling IT components. In 1996, in response to market demand caused by the Internet boom, the company focused on security and reliability issues of information and communication systems on the Unix platform.
Backed by years of experience, Novicom’s team has developed a number of proprietary security tools, ranging from specialized enterprise infrastructure-oriented products for managing large IT systems to advanced solutions for monitoring and managing IP adrs and network access control.
Our goal is to maintain our position in the Czech Republic – especially in terms of the quality, range of solutions and services we offer – and to expand our offerings to markets in other countries.
nac - network access control
Enhance network security using 802.1x/MAC authentication and authorization.
AddNet secures network access through integrated support for 802.1x authentication and authorization based on MAC address. AddNet can enable network communication to an authenticated device and assign the device to appropriate VLANs depending on the policies implemented based on the MAC address.
The NAC functionality in Novicom’s solution is vendor-independent and enables the implementation of secure network access regardless of the origin of the switches. However, to take full advantage of AddNet NAC, it is necessary that the network infrastructure supports the 802.1x / MAC authentication standard. This requirement is currently met by most switches from all major vendors.
The advantage of AddNet NAC is the simple implementation in large and distributed networks. It is also possible to deploy NAC at remote locations allowing secure access even if the central location is not accessible. This was achieved by integrating the Radius server on remote AddNet workservers.
802.1x/MAC authentication
For NAC functionality, AddNet uses the standard RADIUS protocol, which supports the 802.1x / MAC authentication option. Implementing full 802.1x in the traditional way brings many additional difficulties related to supplicants for all network devices and maintaining up-to-date certificates. There are also additional risks, such as the need to manage exceptions – not all platforms and devices have supplicants available for them. Often for this reason, the network ports of such devices are placed outside the 802.1x service. The possible connection of another device to this port involves exposure to unauthorized access to the organization’s network resources.
Most AddNet users prefer the option of using NAC mechanisms in the form of MAC address authentication with additional protection. This means that devices are authenticated by their MAC addresses. Effective monitoring is able to keep track of many parameters and thus notifies the administrator of a device with a changed MAC. This approach for NAC is very close to the full functionality of 802.1x without the need to implement administration and management of long-term exceptions.
The implementation of AddNet MAC authentication is part of a standard DDI deployment and there are no additional requirements other than network hardware configuration. Adding a few more lines in the network equipment configuration allows you to use NAC functionality immediately. From the AddNet perspective, it is only necessary to set the communication parameters for RADIUS servers.
Authorization
Another important feature of AddNet is authorization management. Once the device has been authenticated – the device’s access to network communications is based on its identity, the next step is the authorization process, which determines which network (VLAN) the device should be assigned to. The right port of the switch takes the settings as the access port to the corresponding VLAN. The device can therefore only communicate with the VLAN assigned to it.
Authentication, like 802.1 /MAC authentication, is controlled by Radius, which is part of the AddNet workserver. The advantage of this model is that there is no need to configure a VLAN for each switch. Switches are dynamically controlled by AddNet and the device is added to a specific network as needed. Thanks to this, we achieve a state in which it does not matter which switch a device is connected to, however, this device will always get its IP address and be assigned to the appropriate VLAN.
l2 layer monitoring
Effective real-time network monitoring
AddNet provides a real-time view of network devices, giving the administrator an accurate knowledge of which device (IP/MAC), where it is located on the network (specific port and physical location). This information is also available and stored in the historical data repository. If an incident occurs or the situation requires it, it is possible to quickly find information on where the device is connected and the specific time of connection.
If an accurate description of cable connections in the system is implemented, AddNet is able to provide not only information about the switch port to which the device is connected, but also the physical location of the selected device (building, floor, room, plug).
In addition, information from DHCP services is also available and can provide more information about the device
ddi - integrated management of ip address space and basic network services
Facilitate IP administration – IPAM and DHCP/DNS
IPAM – IP address space management tool with integrated control of all necessary services (DHCP/DNS/NAC). Enables simplified addition of a new device or changing network parameters for current devices. Addressing planning using AddNet allows IP addressing policies to be changed in minutes, even in large and dispersed organizations. Users have access to up-to-date data related to network administration. It is possible to browse the network using a detailed list or through a tree structure.
DHCP – Integrated DHCP services, specifically designed to operate in large and distributed networks where maximum operational reliability and performance are required. Include many additional features through integration with L2 monitoring. In addition, they provide an easy way to set up DHCP IP address assignment rules according to known MAC addresses or internal policies. Managing DHCP options is another strong advantage of AddNet. It is possible to create complex policies for specific network segments or device types. This feature is highly valued by administrators who have reached the limits of their current DHCP systems, for example, when trying to implement IP telephony.
DNS – Integrated DNS services are able to provide reliable operation in distributed networks with multiple interfaces. Using the flexibility of the AddNet solution, it is possible to integrate an organization’s current DNS services on a single platform. In this case, AddNet takes control of controlling the current DNS infrastructure through dynamic DNS updates and ensures full consistency of the environment – IPAM, DHCP and DNS. This feature is typically used by Microsoft customers who require maintenance of the current DNS infrastructure for a cluster or domain.
byod and mobile device management
Full IP administration (DDI/NAC) for mobile devices on a Wi-Fi network
AddNet provides full IP management for Wi-Fi networks. The conventional DDI/NAC management model is also complemented by an automated way to manage BYOD devices. It is also possible to create dedicated areas for guest networks.
The current requirement of managers to create a network accessible to employees’ mobile devices is met with two different opinions from network administrators and security administrators. Network administrators tend to make network access for such devices as simple as possible – often by creating Wi-Fi networks with a known WPA/WPA2 key. Security administrators, on the other hand, require a solution that leads to the exclusion of unknown devices from network communications.
AddNet is able to resolve this conflict. It has a self-service area for one-time authentication and authorization (assignment to the appropriate VLAN) for just such employee devices.
The administrator has the ability to make guest network access segments. Such zones are a simple way to create one-time access with limited time to enter the network.
The advantage of AddNet’s BYOD solution is that it supports all user devices, regardless of the operating system and device environment. There is no need to install anything on the user’s devices, practically it doesn’t even require any additional effort on the part of network administrators. Security administrators speak highly of monitoring the device’s presence on the network, as well as the fact that the device’s user is known through an authentication process, allowing them to assign the device to the appropriate VLAN based on the user in question.
