Access protection or, more accurately speaking, access control enables a company to control all devices connected to its network. This blanket control makes it possible to identify sources of danger and therefore protect the network against malicious or unintentional attacks from public zones such as meeting rooms or training rooms.
The dangers of uncontrolled access are primarily on two levels: owners of external devices can inflict considerable damage on companies through data espionage or the destruction of data. In addition, devices that do not conform to internal corporate security guidelines can access the network and spread malware within the company. These two risks can be controlled by a NAC (Network Access Control) solution.

Since access to the network is only granted to those devices that have been checked against the security policy and recognized as having access authorization, the risks of data espionage and introducing malware are greatly reduced.

The NAS from United Security Providers is a central system for safeguarding both wired and wireless network access. The NAS recognises devices that connect to central network components (switches), and checks these using their Ethernet address (MAC address). This address is verified against a central inventory database.

With Basic VLAN assignment devices can be moved to a seperate zone, where they can not inflict any damage.

No, information to end users is a task for the helpdesk, implemented through their own processes.

The USP Network Authentication System™ protects everything except the VPN access.

The NAS provides a standardised import interface for transferring flat files from source systems to the NAS server. This data can be transferred at any time, and is then promptly uploaded by NAS.

NAS is an out-of-band product, and therefore a central solution.

No. All that is needed for the NAS is some configuration to network switches. The destinations for the MAC authentication traps and read/write authorizations for the NAS must be set up on the switches.

Yes.

Yes. An IP connection that permits SNMP traffic must exist.

• Access control for all devices
• Active prevention of unauthorised access to the corporate network
• Near-to-realtime view of all devices connected to the network
• Reports on all NAC-relevant information
• Support for inventory data cleansing
• Increased employee awareness

Unauthorised access to the corporate network.

IP data network and managed switches.

Yes, this is possible for a one-off charge to cover the costs of the test installation. A POC (proof of concept) helps customers to check the requirements they have specified for the NAC solution, and see the benefits of NAS in their live environment for themselves.

A production environment test can be carried out in pure scan mode (device discovery mechanism).

In the case of the USP Network Authentication System™ appliance, you’re looking at a project with a few days effort. Integration and training are usually completed within one to two weeks, depending on the size of the network and the complexity of the external systems requiring connection.

New versions of the NAS can be implemented very simply via an update mechanism. The USP Network Authentication System™ uses open standards. The open IF-TNCCS-SOH protocol makes it possible for update servers from different suppliers to be used specifically in the field of endpoint compliance for mitigation purposes. The IEEE 802.1x protocol, which is also a standard protocol and is supported by the major switch suppliers, is used to authenticate devices by means of certificates.

The NAS has a roadmap detailing planned new features to combat future threats.

Existing network management and inventory systems (NMS) can be connected with minimal effort. This means, for example, that the switches and routers being monitored do not need to be maintained in an additional system if the data is already being managed in an NMS.

Network management and inventory systems.

The NAS has an integral reporting function, which can be used to create the following reports:

• Inventory reports
• Operational reports
• Security reports

• integrate and connect external systems
• network scan
• commission pilot
• train customer
• support, if required

In the case of very small network environments, a NAC solution may be overkill and could result in over-investment. However, in general, implementing a NAC solution to control network access is to be recommended.

Yes.

According to the NAS roadmap, the next version includes the introduction of endpoint compliance, which will enable the client to be checked for OS patch level, up-to-date virus protection and personal firewall status. The USP Network Authentication System™ is being developed exclusively by United Security Providers developers at its two offices in Switzerland.

The NAS has various roles via which it can be managed. The effort for Admin and Helpdesk staff is limited, which means it can be easily managed by existing resources. The amount of effort is primarily determined by the size of the network being monitored.

The NAS covers all switches from major manufacturers currently on the market. With its well designed Web GUI, NAS is simple and easy to use. 802.1x and MAC address authentication give United Security Providers' NAS the ability to monitor the entire network using access control.

Yes. Using 802.1x and MAC address authentication means access control is provided for the entire network.

Three major customers and several smaller companies are successfully using the USP Network Authentication System. The NAS is currently covering around 100,000 devices. United Security Providers will be pleased to provide references or organised contact with a reference customer on request.

Now is a good time to implement a Network Access Control system. The earlier you start, the sooner you’ll have an overview of the many devices across your corporate network, thus increasing your security levels. It is advantageous to implement the access control component in an earlier phase before implementing endpoint compliance.

If so, please e-mail us at solutionsales(at)united-security-providers.com or call us on +41 31 959 02 02.