Network Access Control for corporate LAN / WAN environments. It enables authentication, authorization and audit policy-based all access to network. It supports different network vendors like Cisco, Alcatel, 3Com or Extreme Networks, and different clients like PCs with Windows or Linux, Mac, devices like smartphones and tablets.
Our solution (E-NAC) is based on industry standards such as FreeRadius, 802.1x, AD and LDAP. It is very extensible, new features can be incorporated on demand. Easily integrated with existing systems. It also provides value added services such as Configuration Management, Network backup, Network Discovery and ‘mini’ Network Monitoring.
AUTHENTICATION & REGISTRATION
Wireless and wired 802.1X is supported through a RADIUS module which is included in our solution. PEAP-TLS, EAP-PEAP and many more EAP mechanisms can be used.
Also called IP Telephony (IPT), VoIP is fully supported (even in heterogeneous environments) for multiple switch vendors (Cisco, Edge-Core, HP, LinkSys, Nortel Networks and many more).
Our solution supports an optional registration mechanism similar to “captive portal” solutions. Our solution remembers users who previously registered and can automatically give them access without another authentication.
Our solution integrates perfectly with wireless networks through a RADIUS module. This support multi-vendor architecture and secure your wired and wireless networks using the same captive portal, providing a consistent user experience.
While doing a 802.1X user authentication, it can perform a complete posture assessment of the connecting device using the TNC Statement of Health protocol. For example, it can verify if an antivirus is installed and up-to-date, if operating system patches are all applied and much more – all without any agent installed on the endpoint device
E-NAC integrates with security agent solutions such as Symantec SEPM, OPSWAT Metadefender Endpoint Management and others. E-NAC can also check the endpoint’s posture and isolate it from any other endpoints if non-compliant.
With WMI support, E-NAC allows an administrator to perform audits, execute commands and even more on any domain-joined Windows computers. It can also verify if some unauthorized software are installed and/or running before granting network access.
Proactive Vulnerability Scans
Using Nessus or OpenVAS vulnerability scanners, E-NAC can scan the end-points upon registration, scheduled or on an ad-hoc basis. E-NAC correlates the Nessus/OpenVAS vulnerability ID’s of each scan to the violation configuration, returning content specific web pages about which vulnerability the host may have.
Once trapped, all network traffic is terminated by the E-NAC system. Based on the nodes current status (unregistered, open violation, etc), the user is redirected to the appropriate URL. In the case of a violation, the user will be presented with instructions for the particular situation he/she is in, reducing costly help desk intervention.
E-NAC’s operation is completely out-of-band which allows the solution to scale geographically and to be more resilient to failures. When using the right technology (like port security), a single E-NAC server can be used to secure hundreds of switches and many thousands nodes connected to them.
While out-of-band is the preferred way of deploying E-NAC, an inline mode is also supported for unmanageable wired or wireless equipment. Deploying E-NAC using the inline mode can also be accomplished in minutes! Both deployment mechanism can coexist very well together.