BRADFORD'S OUT-OF-BAND ARCHITECTURE
|
|
Network managers who want to add NAC capabilities to their
networks have three options:
-
Replace existing network equipment with switch-based solutions
-
Install in-line solutions that cause disruptions and bottlenecks
-
Choose an out-of-band solution that leverages existing network
infrastructure and enforces NAC policy at the edge of network.
Most networks are multi-vendor, multi-platform
with a combination of hardware and software releases. In this
environment, flexibility and choice are crucial when implementing
network access control. To address the inherent complexity
of heterogeneous networks, Bradford Networks offers an integrated
and comprehensive NAC architecture that works with the existing
infrastructure, allowing network administrators to identify
security issues – viruses, network policy infractions,
unauthorized access – and take action immediately.
|
Benefit
|
Out-of-Band
|
In-Line
|
Switch-based
|
| Enforces NAC policy at the edge of network |
 |
|
|
| No changes to existing infrastructure
necessary |
|
|
|
| Integration with embedded network security
features |
|
|
|
| Multi-vendor interoperability |
|
|
|
| Decouple network and security infrastructure decisions |
|
|
|
| Bandwidth management control |
|
|
|
| Pre- and post-admission NAC |
|
|
|
| Appropriate for wired, VPN and wireless
traffic |
|
|
|
| Switch-port level control |
|
|
|
Unlike in-line solutions, which work from
a particular point in the network, Bradford’s architecture
brings NAC functionality to the edge of the network, monitoring
user behavior, network policies and network access in real-time.
And compared to forklift solutions, which require network equipment
replacement and significant investment, Bradford’s solution
can be deployed cost-effectively and efficiently by leveraging
existing network hardware and software investments.
How does it work?
Bradford’s approach includes extensive
automated network device discovery, providing a complete logical
representation of the network – including network infrastructure,
operating systems, stand-alone and embedded security applications
and security infrastructure. The device discovery process uses
a protocol independent process (SNMP, CLI over SSH, CLI over
Telnet) to access each device in the network and identify its
unique security features – such as Alcatel’s group
mobility or Cisco’s private, isolated VLANs. By utilizing
multiple protocols, Bradford’s NAC solutions leverage
the unique features and properties of all network devices.
Bradford’s products then correlate
this data with user identity and usage policy information.
When violations occur, the system determines the policy-based
actions needed and executes corrective action via CLI, SNMP,
or RADIUS commands to the corresponding network equipment.
|
