Extreme Networks IP and Ethernet services Manuale Utente Scaricare il pdf (Pagina 6)

Extreme Networks Data Sheet: Summit X450a Series

Comprehensive Security Management

Implementing a secure network means providing protection at the network perimeter as well as the core.

Summit X450a switches use advanced security functions in protecting your network from known or potential threats.

User Authentication and Host

Integrity Checking

Network Login and Dynamic Security Proﬁle

SummitX450aseriesswitchessupportacomprehensiverange

ofNetworkLoginoptionsbyprovidingan802.1xagent-based

approach,aWeb-based(agent-less)logincapability,anda

MAC-basedauthenticationmodel.WiththesemodesofNetwork

networkandbeassignedtotheappropriateVLAN.TheUniversal

PortfeatureavailableinSummitX450aletsyouimplement

DynamicSecurityProleswithNetworkLoginandallowsyouto

implementne-grainedandrobustsecuritypolicies.Upon

authentication,theswitchcanloaddynamicACL/QoSproles

forauserorgroupofuserstodeny/allowaccesstotheapplica-

tionserversorsegmentswithinthenetwork.

Multiple Supplicant Support

Convergednetworkdesignsofteninvolvetheuseofshared

portsthatrepresentapotentialvulnerabilityinanetwork.

Multiplesupplicantcapabilitiesonaswitchallowittouniquely

recognizeandapplytheappropriatepoliciesforeachuseror

deviceonasharedport.

Media Access Control (MAC) Lockdown

MACsecurityallowsthelockdownofaporttoagivenMAC

addressandlimitingthenumberofMACaddressesonaport.

Thiscanbeusedtodedicateportstospecichostsordevices

suchasVoIPphonesorprinters,andavoidabuseoftheport—a

capabilitythatcanbeespeciallyusefulinenvironmentssuchas

hotels.Inaddition,anagingtimercanbeconguredforthe

MAClockdown,protectingthenetworkfromtheeectsof

attacksusing(oftenrapidly)changingMACaddresses.

IP Security

ExtremeXOSIPsecurityframeworkprotectsthenetwork

infrastructure,networkservicessuchasDHCPandDNS,and

hostcomputersfromspoongandman-in-the-middleattacks.

Italsoprotectsthenetworkfromstaticallyconguredand/or

spoofedIPaddresses.Itbuildsanexternaltrusteddatabaseof

MAC/IP/portbindingssoyouknowwheretracfromaspecic

addresscomesfromforimmediatedefense.

Identity Manager

IdentityManagerallowsnetworkmanagerstotrackuserswho

accesstheirnetwork.Useridentityiscapturedbasedon

NetLoginauthentication,LLDPdiscoveryandKerberos

snooping.ExtremeXOSusestheinformationtothenreporton

theMAC,VLAN,computerhostname,andportlocationofthe

user.Further,IdentityManagercancreatebothrolesand

policies,andthenbindthemtogethertocreaterole-based

prolesbasedonorganizationalstructureorotherlogical

groupings,andapplythemacrossmultipleuserstoallow

appropriateaccesstonetworkresources.Inaddition,support

forWideKeyACLsfurtherimprovessecuritybygoingbeyond

thetypicalsource/destinationandMACaddressasidentica-

tioncriteriaaccessmechanismtoprovidelteringcapabilities.

Host Integrity

Hostintegritycheckingkeepsinfectedornon-compliant

machinesothenetwork.SummitX450aseriessupportahost

andendpointintegritysolutionthatisbasedonamodel

promotedbytheTrustedComputingGroup.

Threat Detection and Response

CLEAR-Flow Security Rules Engine

CLEAR-FlowSecurityRulesEngineprovidesrstorderthreat

detectionandmitigation,andmirrorstractoappliancesfor

furtheranalysisofsuspicioustracinthenetwork.

sFlow

sFlow®isasamplingtechnologythatprovidestheabilityto

sampleapplicationleveltracowsonallinterfaces

simultaneously.

Port Mirroring

Toallowthreatdetectionandprevention,SummitX450a

switchessupportmany-to-oneandone-to-manyportmirror-

ing.Thisallowsthemirroringoftractoanexternalnetwork

appliancesuchasanintrusiondetectiondevicefortrend

analysisorforutilizationbyanetworkadministratorfor

diagnosticpurposes.Portmirroringcanalsobeenabledacross

switchesinastack.

1 2 3 4 5 6 7 8 9 10 11 ... 16 17

Commenti su questo manuale

Nessun commento

Extreme Networks IP and Ethernet services Manuale Utente Pagina 6

Commenti su questo manuale

Prodotti e manuali riguardandi Networking Extreme Networks IP and Ethernet services