NAC & ENDPOINT SECURITY NEXT GENERATION
AddNet secures network access through integrated support for 802.1x authentication and authorization based on MAC address. AddNet can enable network communication to an authenticated device and assign the device to appropriate VLANs depending on the policies implemented based on the MAC address. The NAC functionality in Novicom’s solution is vendor-independent and enables the implementation of secure network access regardless of the origin of the switches. However, to take full advantage of AddNet NAC, it is necessary that the network infrastructure supports the 802.1x / MAC authentication standard. This requirement is currently met by most switches from all major vendors.
The advantage of AddNet NAC is the simple implementation in large and distributed networks. It is also possible to deploy NAC at remote locations allowing secure access even if the central location is not accessible. This was achieved by integrating the Radius server on remote AddNet workservers.
802.1x/mac authentication
For NAC functionality, AddNet uses the standard RADIUS protocol, which supports the 802.1x / MAC authentication option. Implementing full 802.1x in the traditional way brings many additional difficulties related to supplicants for all network devices and maintaining up-to-date certificates. There are also additional risks, such as the need to manage exceptions – not all platforms and devices have supplicants available for them. Often for this reason, the network ports of such devices are placed outside the 802.1x service. The possible connection of another device to this port involves exposure to unauthorized access to the organization’s network resources.
Most AddNet users prefer the option of using NAC mechanisms in the form of MAC address authentication with additional protection. This means that devices are authenticated by their MAC addresses. Effective monitoring is able to keep track of many parameters and thus notifies the administrator of a device with a changed MAC. This approach for NAC is very close to the full functionality of 802.1x without the need to implement administration and management of long-term exceptions.
The implementation of AddNet MAC authentication is part of a standard DDI deployment and there are no additional requirements other than network hardware configuration. Adding a few more lines in the network equipment configuration allows you to use NAC functionality immediately. From the AddNet perspective, it is only necessary to set the communication parameters for RADIUS servers.
authorization
Another important feature of AddNet is authorization management. Once the device has been authenticated – the device’s access to network communications is based on its identity, the next step is the authorization process, which determines which network (VLAN) the device should be assigned to.
The right port of the switch takes the settings as the access port to the corresponding VLAN. The device can therefore only communicate with the VLAN assigned to it.
Authentication, like 802.1 /MAC authentication, is controlled by Radius, which is part of the AddNet workserver. The advantage of this model is that there is no need to configure a VLAN for each switch. Switches are dynamically controlled by AddNet and the device is added to a specific network as needed.
Thanks to this, we achieve a state in which it does not matter which switch a device is connected to, however, this device will always get its IP address and be assigned to the appropriate VLAN.
Next Generation Network Access Control
MetaAccess prevents risky devices from accessing local networks and cloud applications such as Office 365, Salesforce and Dropbox. Leveraging – industry-leading endpoint protection – advanced threat prevention technology, MetaAccess performs extensive security and compliance testing on endpoint devices before allowing devices to access corporate data, while offering countermeasures in the event of a problem.
Ensure Device Security and Compliance
With the growth and popularity of (BYOD) and (SDP), corporate data is increasingly being obtained by unmanaged and potentially incompatible or risky devices. In this situation, MetaAccess enables organizations to enforce internal security standards and meet security and compliance requirements on all devices accessing corporate data, regardless of whether the devices are owned by the company or not.
Ensure Device Security and Compliance
- Detecting infections on devices with multiple antivirus engines using the MetaDefender platform
- Comprehensive verification of compliance with security policies
- Detection and tagging of more than 5,000 manufacturer-authorized applications
- User authentication and screen lock control
- Comprehensive verification of compliance with security policies
- Detection of gaps and vulnerabilities on the device
