HOME 
  IT SECURITY SOLUTIONS 
  Protection for Web applications 
  
  Protection for internal networks 
  
  FAQ NAC 
  
   Demo 
  
  Secure connections worldwide 
  
  
  ABOUT US 
  CUSTOMERS 
  PARTNERS 
  NEWS 
  NEWSLETTER 

Questions and answers on the USP Network Authentication System™, the secure solution for Network Access Control (NAC)



Why do I need access protection for an internal network? What are the most common risks?

Access protection or, more accurately speaking, access control enables a company to control all devices connected to its network. This blanket control makes it possible to identify sources of danger and therefore protect the network against malicious or unintentional attacks from public zones such as meeting rooms or training rooms.
The dangers of uncontrolled access are primarily on two levels: owners of external devices can inflict considerable damage on companies through data espionage or the destruction of data. In addition, devices that do not conform to internal corporate security guidelines can access the network and spread malware within the company. These two risks can be controlled by a NAC (Network Access Control) solution.

How can risks be reduced and dangers eliminated?

Since access to the network is only granted to those devices that have been checked against the security policy and recognized as having access authorization, the risks of data espionage and introducing malware are greatly reduced.

What is the USP Network Authentication System™ (NAS) and how does it work?

The NAS from United Security Providers is a central system for safeguarding both wired and wireless network access. The NAS recognises devices that connect to central network components (switches), and checks these using their Ethernet address (MAC address). This address is verified against a central inventory database.

Will the solution quarantine suspicious machines without risking cross-infection?

With Basic VLAN assignment devices can be moved to a seperate zone, where they can not inflict any damage.

Will the solution ensure end users understand why their access is being cut off and what to do about it?

No, information to end users is a task for the helpdesk, implemented through their own processes.

Will the solution protect all key parts of the network such as LAN, wireless and VPN entry points as well as the network interior?

The USP Network Authentication System™ protects everything except the VPN access.

How is my inventory database connected?

The NAS provides a standardised import interface for transferring flat files from source systems to the NAS server. This data can be transferred at any time, and is then promptly uploaded by NAS.

Is NAS a central solution?

NAS is an out-of-band product, and therefore a central solution.

Does NAS have any influence on my architecture?

No. All that is needed for the NAS is some configuration to network switches. The destinations for the MAC authentication traps and read/write authorizations for the NAS must be set up on the switches.

Will the solution work within a heterogeneous network infrastructure?

Yes.

Can I include all my locations in the solution? Are there any prerequisites?

Yes. An IP connection that permits SNMP traffic must exist.

What are the specific benefits of implementing a NAC (Network Access Control) solution?

  • Access control for all devices
  • Active prevention of unauthorised access to the corporate network
  • Near-to-realtime view of all devices connected to the network
  • Reports on all NAC-relevant information
  • Support for inventory data cleansing
  • Increased employee awareness

What does NAS protect me against?

Unauthorised access to the corporate network.

What prerequisites are needed in order to implement a USP Network Authentication System™?

IP data network and managed switches.

Can I obtain a test installation to check out the solution?

Yes, this is possible for a one-off charge to cover the costs of the test installation. A POC (proof of concept) helps customers to check the requirements they have specified for the NAC solution, and see the benefits of NAS in their live environment for themselves.

Can I also test NAS in my production environment?

A production environment test can be carried out in pure scan mode (device discovery mechanism).

How quickly can a USP Network Authentication System™ be installed and implemented?

In the case of the USP Network Authentication System™ appliance, you’re looking at a project with a few days effort. Integration and training are usually completed within one to two weeks, depending on the size of the network and the complexity of the external systems requiring connection.

Does a NAS installation enable future requirements to be integrated with minimal effort?

New versions of the NAS can be implemented very simply via an update mechanism. The USP Network Authentication System™ uses open standards. The open IF-TNCCS-SOH protocol makes it possible for update servers from different suppliers to be used specifically in the field of endpoint compliance for mitigation purposes. The IEEE 802.1x protocol, which is also a standard protocol and is supported by the major switch suppliers, is used to authenticate devices by means of certificates.

Will the NAS also equip me to face future threats?

The NAS has a roadmap detailing planned new features to combat future threats.

What interfaces does the NAS provide?

Existing network management and inventory systems (NMS) can be connected with minimal effort. This means, for example, that the switches and routers being monitored do not need to be maintained in an additional system if the data is already being managed in an NMS.

What external systems can I incorporate?

Network management and inventory systems.

Does the NAS have a reporting function? What information can be generated for individual offices at the press of a button?

The NAS has an integral reporting function, which can be used to create the following reports:

  • Inventory reports
  • Operational reports
  • Security reports

What procedure does United Security Providers follow when implementing a NAC project?

  • integrate and connect external systems
  • network scan
  • commission pilot
  • train customer
  • support, if required

Are there any situations in which it doesn’t make sense to implement a NAC solution?

In the case of very small network environments, a NAC solution may be overkill and could result in over-investment. However, in general, implementing a NAC solution to control network access is to be recommended.

Is the NAS compatible with the IEEEE 802.1x standard?

Yes.

Are there any plans for enhancements to the USP Network Authentication System™, and where is the product being developed?

According to the NAS roadmap, the next version includes the introduction of endpoint compliance, which will enable the client to be checked for OS patch level, up-to-date virus protection and personal firewall status. The USP Network Authentication System™ is being developed exclusively by United Security Providers developers at its two offices in Switzerland.

How are NAS systems managed/maintained? How much effort would be involved for my business?

The NAS has various roles via which it can be managed. The effort for Admin and Helpdesk staff is limited, which means it can be easily managed by existing resources. The amount of effort is primarily determined by the size of the network being monitored.

What makes NAS different from other NAC products?

The NAS covers all switches from major manufacturers currently on the market. With its well designed Web GUI, NAS is simple and easy to use. 802.1x and MAC address authentication give United Security Providers' NAS the ability to monitor the entire network using access control.

Can I cover 100% of my network with the NAS?

Yes. Using 802.1x and MAC address authentication means access control is provided for the entire network.

How many customers are already using the NAS?

Three major customers and several smaller companies are successfully using the USP Network Authentication System. The NAS is currently covering around 100,000 devices. United Security Providers will be pleased to provide references or organised contact with a reference customer on request.

Why does it make sense to implement the NAS as quickly as possible?

Now is a good time to implement a Network Access Control system. The earlier you start, the sooner you’ll have an overview of the many devices across your corporate network, thus increasing your security levels. It is advantageous to implement the access control component in an earlier phase before implementing endpoint compliance.

Do you have further questions on internal network access security?

If so, please e-mail us at solutionsales(at)united-security-providers.com or call us on +41 31 959 02 02.