Subscribe

Network Access Control

Portnox

access layers’ portnox™ is the first NAC product that practically checks for the most important mandatory legitimate access factor: Is the device attempting access from within the network is a known and legitimate company device? is it approved to access the network?

At this point it should be crystal clear to any IT professional what they’ve known all along, that:

The main problem is the device connecting to the Network, and not its antivirus state or the patch it lacks. It is obvious then that first and foremost we need to identify the device attempting to connect the network before it is granted with access.

portnox™ support more than 10 different authentication schemes customized to your needs and therefore authenticates 100% of network members. Not a single device is ‘left behind’ unauthenticated. With portnox™ the authentication is determined by your needs rather than by the ever changing capabilities of the would be intruder.

portnox™ illuminates any network port and make sure that any device connecting to the network at the very basic and physical point ‘at the Ethernet port level’ is proven to be a corporate legitimate and approved device.

portnox

Why Portnox?

It looks just like your good ol’ port. As a matter of fact it is your old port but, with portnox it is no longer naked.  With portnox, none of your ports is naked. Your internal physical network is secured from unauthorized access even from inside the network.

Unlike the conventional LAN security products which focus on perimeter security only, and their capabilities are determined by the ever changing methods of the would be attackers; portnox allows you to be the one who defines and configures LAN access parameters and determine which devices are allowed LAN access and when.

portnox provides your network with a customized and mandatory extra layer of protection at the physical level of the network – at the port.   That’s where your network begins.

Having portnox is like having you own ‘homeland security department’ which in real-time monitors, regulates, administers, controls, audits, tracks, times and reports all access attempts and briches. portnox allows or disallows access to any attempts by IP devices according to the authentication of the devices and the authorization of access to your network as you determine.

Portnox is a unique and revolutionary approach to LAN access protection. It monitors your entire network and allows you to exercises complete on-line control of access at the end-point, that is at the port level. It is the mandatory extension of your existing security policies. Portnox allows the Administrator to configure access parameters for the physical network ports for any individual specific port location and for any identifiable individual device and only at the allocated times.

On one screen which maps the entire network, portnox provides the administrator with a real time information of any access violations or access problems and their physical location.

portnox was designed for those who have a business to run, it accomplishes all its tasks regardless of, and in cooperation with the perimeter security system you already have in place. You do not have to change a thing, nor do you have to buy any additional hardware, nor put your business on slow – down or hold because of cumbersome and complicated authentication process.

When your network is portnox’ed, all access to your ports is monitored, reported, regulated, supervised and most importantly – controlled.

The naked Port

They call it a ‘port’ for a very good reason.  Even though this one is only a little hole in the wall, it is just like its big brothers the ‘sea port’ and the ‘air port’.  The Port is the access point to the heart and soul of your business.  As it is with the big ports here too, if left unprotected anyone can get in and out of your network. Once they’ve gained access and entered, they can bring with them whatever they wish and carry out with them whatever they see fit.

As it is potentially hazardous for a country, it is potentially hazardous to your business having this access to your network unmonitored, unreported, unregulated, unsupervised and uncontrolled.   The lurking consequence if your network ports are left naked and unprotected is that your network and your business information with it, are exposed and vulnerable from the inside to any access of unauthorized devices.

Most of the assaults take place at the network level, far below the radar screen of the current ordinary security products which are concerned with perimeter security, concentrating on protecting only from intrusions originating outside of your corporate network. Thus, leaving your port like many of them in your company – naked and exposed to undesirable access from the inside.

You should know that once the offender, be it your or a staffer’s child, a member of the cleaning crew, an invited or uninvited guest, or an occasional visitor or . . . who knows,  plugs his IP device into your network port anywhere in your offices, they are inside your network.  No matter how advanced and sophisticated your security systems is, they’ve bypassed them all by plugging into the ‘naked port’ in your office.

Now, portnox provides your network with the mandatory extra layer of protection for your existing security policies. It allows your Administrator to configure access parameters for the physical network ports and determine which devices are allowed LAN access.

Access vs. Admin Control

Most of the NAC players changed their approach and marketing so that “Admission Control” morphed to “Access Control. The classic NAC was a concept invented by a ‘Networking Giant’ in 2003 to counter a problem caused by RPC Decom based worms such as MSBlaster. Even organizations with great firewalls and desktop security were getting damaged by infected laptops brought into work.

The concept was simple: have the network inspect those laptops to see if they were properly configured with software updates and virus signature updates before letting them on the network.

The basic model of remediation ordinary NAC is actually dead since it’s not realistically achievable in a working homogeny production environment! It’s extremely complicated consequently costly, partial consequently damaging to operational efficiency, not product agnostic and seeking to resolve a problem which is somehow forgotten.

If to achieve remediation you need to replace your networking equipment, deploy software agents, tie down to one vendor’s eco-system and integrate NAC supported anti-virus just to make sure antivirus is updated,  you’d be better off replacing the antivirus solution in use.

Network Admission Control violates first and only rule of network security “Thou shall not trust an end point to report its own state” Can I determine network security by it’s associates or members? Can I trust network security to it’s Members? Users? Visitors?

Six years ago antivirus software solutions weren’t inspecting IP traffic at all and were able to fetch virus updates from single local resources. Antivirus vendors didn’t stay behind; they filled the gap rather quickly.

Six years ago no one realized what is ‘patch management’. Today, any Win32 based systems constantly auto updates and each network manager host some sort of patch management mechanism, patching is common IT practice.

The Naked Port is the ‘Achilles’ Heel’ of the failed NAC theory. When your network is portnox’ed, all access to your ports is monitored, reported, regulated, supervised and most importantly – controlled.