Beruflich Dokumente
Kultur Dokumente
Alcatel-Lucent offers a seamless, secure and scalable enterprise network access control solution through its
embedded network security framework. This framework includes a comprehensive security solution for
verifying endpoint integrity through host integrity checking (HIC). The solution is the result of integration
between InfoExpress CyberGatekeeper and the Alcatel-Lucent OmniSwitch™ 6400 Stackable Gigabit LAN
Switch (SGS), the Alcatel-Lucent OmniSwitch 6850 Stackable LAN Switch (SLS) and any edge switches using
the Alcatel-Lucent Operating System™ (AOS), Release 6.3.4 or later.
Identity Integrity
Authentication Host integrity check
• Employee: 802.1x • Integrated HIC (CyberGateKeeper)
• Guest: captive portal static or on-demand agents
• IP phone: 802.1x or Mac-based
• Printer: port-based
Visibility Privilege
2 Alcatel-Lucent Operating System for OmniSwitch LAN Switches with Integrated CyberGatekeeper Solution | Data Sheet
web server. From here the InfoExpress Figure 2. User network profile (UNP)
CyberGatekeeper web agent is automat- What?
ically downloaded onto the end-user’s RADIUS • This feature is to provide the capability to
have roles/profiles assigned to users during
device. This web agent communicates authentication
with the InfoExpress CyberGatekeeper • More than just a VLAN
Policy Server and performs an integrity UNP name • Eases implementation of central RADIUS
configuration
assessment. When complete, the agent • Scalable deployment with 8 distinct ACL/QoS
reports the endpoint’s status to the policy lists
policy server. If the endpoint complies UNP name attibuted:
• VLAN ID How?
with security policies, it is allowed • HIC flag • UNP name is stored in RADIUS and returned
access to the network. Otherwise it • QoS policy list to the switch
• The switch maps the UNP name to the actual
is directed to the remediation server profile attibutes
so it can be patched to meet security • Profiles determine
¬ VLAN ID (mandatory)
requirements. ¬ HIC flag (optional)
Guest user
¬ QoS/ACL Policy LIst Name (optional)
The endpoint HIC test is not a one-time
Employee Benefits
test; it is a periodic and continuous Simplify network access control management
process that provides constant surveil-
lance while the endpoint is connected the addition of the InfoExpress Simplifies network management
to the network. If at any time the CyberGatekeeper Policy Server, the
endpoint device fails the HIC test, its InfoExpress CyberGatekeeper Agent, The Alcatel-Lucent Access Guardian
access is automatically restricted to the and the creation of network security and InfoExpress CyberGatekeeper
remediation network. The InfoExpress policies. No modifications to the net- simplify network management of
CyberGatekeeper agent may be pre- work are needed, meaning deployment endpoints. The edge switch integrates
installed on Microsoft® Windows®, takes hours instead of days. authentication, device compliance and
Mac OS® X, or Linux® operating access control functions directly into
systems, or the user’s web browser can the hardware. Switch-based security
Saves time and money
be redirected to a download page to functions allow an administrator to
load a web-based on-demand version Once in place, the automated configure, manage and maintain the
of the agent. compliancy checking and updating entire security infrastructure more
means fewer support calls to apply efficiently and without additional
software upgrades and system patches. equipment. HIC provided by the
Easy to deploy
In addition, because each endpoint is InfoExpress CyberGatekeeper simplifies
The Alcatel-Lucent/InfoExpress solution more secure (endpoint access is restrict- network maintenance by automatically
is easily deployed. The authentication ed at the switch level until compliance managing the security fitness of
and HIC redirection are built into the is met), there is less chance of a endpoints.
Alcatel-Lucent Access Guardian, which security breach from malware being
is a function of the AOS, Release 6.3.4. introduced to the network.
Once turned on, all that is needed is
+
Figure 3 OmniSwitch + CyberGatekeeper integration
3 4
OmniSwitch 6400 or 6850 redirects traffic InfoExpress CyberGatekeeper policy server receives
to the InfoExpress CyberGatekeeper policy HIC report from CyberGatekeeper Agent and informs
server and the remediation servers the OmniSwitch 6400 or 6850 if the device has passed
or failed
2
OmniSwitch 6400 or 6850 provides
authentication and identifies user
profile. It ensures if HIC check
802.1x user is needed for this user InfoExpress
(802.1x, MAC, Captive Portal) CyberGatekeeper Remediation
1 Policy Server server(s)
Employee,
contractor or Regular
gular LAN u
user
guest connects 5
to the network OmniSwitch 6400 If HIC passed, OmniSwitch 6400 or 6850 selectively
or OmniSwitch 6850 Production allows device traffic to production network
Guest network following policy in user profile. If HIC failed,
OmniSwitch 6400 or 6850 restricts traffic to
remediation network only
Resident or on-demand agent
continuous surveillance
Alcatel-Lucent Operating System for OmniSwitch LAN Switches with Integrated CyberGatekeeper Solution | Data Sheet 3
Technical specifications
OmniSwitch products
supporting HIC integration
Alcatel-Lucent OmniSwitch 6400 SGS and OmniSwitch
6850 SLS families with AOS, Release 6.3.4 or later