Extreme Networks IP and Ethernet services Instrukcja Użytkownika Pobierz pdf (Strona 6)

Extreme Networks Data Sheet: Summit X450a Series

Comprehensive Security Management

Implementing a secure network means providing protection at the network perimeter as well as the core.

Summit X450a switches use advanced security functions in protecting your network from known or potential threats.

User Authentication and Host

Integrity Checking

Network Login and Dynamic Security Proﬁle

SummitX450aseriesswitchessupportacomprehensiverange

ofNetworkLoginoptionsbyprovidingan802.1xagent-based

approach,aWeb-based(agent-less)logincapability,anda

MAC-basedauthenticationmodel.WiththesemodesofNetwork

networkandbeassignedtotheappropriateVLAN.TheUniversal

PortfeatureavailableinSummitX450aletsyouimplement

DynamicSecurityProleswithNetworkLoginandallowsyouto

implementne-grainedandrobustsecuritypolicies.Upon

authentication,theswitchcanloaddynamicACL/QoSproles

forauserorgroupofuserstodeny/allowaccesstotheapplica-

tionserversorsegmentswithinthenetwork.

Multiple Supplicant Support

Convergednetworkdesignsofteninvolvetheuseofshared

portsthatrepresentapotentialvulnerabilityinanetwork.

Multiplesupplicantcapabilitiesonaswitchallowittouniquely

recognizeandapplytheappropriatepoliciesforeachuseror

deviceonasharedport.

Media Access Control (MAC) Lockdown

MACsecurityallowsthelockdownofaporttoagivenMAC

addressandlimitingthenumberofMACaddressesonaport.

Thiscanbeusedtodedicateportstospecichostsordevices

suchasVoIPphonesorprinters,andavoidabuseoftheport—a

capabilitythatcanbeespeciallyusefulinenvironmentssuchas

hotels.Inaddition,anagingtimercanbeconguredforthe

MAClockdown,protectingthenetworkfromtheeectsof

attacksusing(oftenrapidly)changingMACaddresses.

IP Security

ExtremeXOSIPsecurityframeworkprotectsthenetwork

infrastructure,networkservicessuchasDHCPandDNS,and

hostcomputersfromspoongandman-in-the-middleattacks.

Italsoprotectsthenetworkfromstaticallyconguredand/or

spoofedIPaddresses.Itbuildsanexternaltrusteddatabaseof

MAC/IP/portbindingssoyouknowwheretracfromaspecic

addresscomesfromforimmediatedefense.

Identity Manager

IdentityManagerallowsnetworkmanagerstotrackuserswho

accesstheirnetwork.Useridentityiscapturedbasedon

NetLoginauthentication,LLDPdiscoveryandKerberos

snooping.ExtremeXOSusestheinformationtothenreporton

theMAC,VLAN,computerhostname,andportlocationofthe

user.Further,IdentityManagercancreatebothrolesand

policies,andthenbindthemtogethertocreaterole-based

prolesbasedonorganizationalstructureorotherlogical

groupings,andapplythemacrossmultipleuserstoallow

appropriateaccesstonetworkresources.Inaddition,support

forWideKeyACLsfurtherimprovessecuritybygoingbeyond

thetypicalsource/destinationandMACaddressasidentica-

tioncriteriaaccessmechanismtoprovidelteringcapabilities.

Host Integrity

Hostintegritycheckingkeepsinfectedornon-compliant

machinesothenetwork.SummitX450aseriessupportahost

andendpointintegritysolutionthatisbasedonamodel

promotedbytheTrustedComputingGroup.

Threat Detection and Response

CLEAR-Flow Security Rules Engine

CLEAR-FlowSecurityRulesEngineprovidesrstorderthreat

detectionandmitigation,andmirrorstractoappliancesfor

furtheranalysisofsuspicioustracinthenetwork.

sFlow

sFlow®isasamplingtechnologythatprovidestheabilityto

sampleapplicationleveltracowsonallinterfaces

simultaneously.

Port Mirroring

Toallowthreatdetectionandprevention,SummitX450a

switchessupportmany-to-oneandone-to-manyportmirror-

ing.Thisallowsthemirroringoftractoanexternalnetwork

appliancesuchasanintrusiondetectiondevicefortrend

analysisorforutilizationbyanetworkadministratorfor

diagnosticpurposes.Portmirroringcanalsobeenabledacross

switchesinastack.

1 2 3 4 5 6 7 8 9 10 11 ... 16 17

Komentarze do niniejszej Instrukcji

Brak uwag

Extreme Networks IP and Ethernet services Instrukcja Użytkownika Strona 6

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Networking Extreme Networks IP and Ethernet services