Extreme Networks IP and Ethernet services Bedienungsanleitung PDF herunterladen (Seite 6)

Extreme Networks Data Sheet: Summit X450a Series

Comprehensive Security Management

Implementing a secure network means providing protection at the network perimeter as well as the core.

Summit X450a switches use advanced security functions in protecting your network from known or potential threats.

User Authentication and Host

Integrity Checking

Network Login and Dynamic Security Proﬁle

SummitX450aseriesswitchessupportacomprehensiverange

ofNetworkLoginoptionsbyprovidingan802.1xagent-based

approach,aWeb-based(agent-less)logincapability,anda

MAC-basedauthenticationmodel.WiththesemodesofNetwork

networkandbeassignedtotheappropriateVLAN.TheUniversal

PortfeatureavailableinSummitX450aletsyouimplement

DynamicSecurityProleswithNetworkLoginandallowsyouto

implementne-grainedandrobustsecuritypolicies.Upon

authentication,theswitchcanloaddynamicACL/QoSproles

forauserorgroupofuserstodeny/allowaccesstotheapplica-

tionserversorsegmentswithinthenetwork.

Multiple Supplicant Support

Convergednetworkdesignsofteninvolvetheuseofshared

portsthatrepresentapotentialvulnerabilityinanetwork.

Multiplesupplicantcapabilitiesonaswitchallowittouniquely

recognizeandapplytheappropriatepoliciesforeachuseror

deviceonasharedport.

Media Access Control (MAC) Lockdown

MACsecurityallowsthelockdownofaporttoagivenMAC

addressandlimitingthenumberofMACaddressesonaport.

Thiscanbeusedtodedicateportstospecichostsordevices

suchasVoIPphonesorprinters,andavoidabuseoftheport—a

capabilitythatcanbeespeciallyusefulinenvironmentssuchas

hotels.Inaddition,anagingtimercanbeconguredforthe

MAClockdown,protectingthenetworkfromtheeectsof

attacksusing(oftenrapidly)changingMACaddresses.

IP Security

ExtremeXOSIPsecurityframeworkprotectsthenetwork

infrastructure,networkservicessuchasDHCPandDNS,and

hostcomputersfromspoongandman-in-the-middleattacks.

Italsoprotectsthenetworkfromstaticallyconguredand/or

spoofedIPaddresses.Itbuildsanexternaltrusteddatabaseof

MAC/IP/portbindingssoyouknowwheretracfromaspecic

addresscomesfromforimmediatedefense.

Identity Manager

IdentityManagerallowsnetworkmanagerstotrackuserswho

accesstheirnetwork.Useridentityiscapturedbasedon

NetLoginauthentication,LLDPdiscoveryandKerberos

snooping.ExtremeXOSusestheinformationtothenreporton

theMAC,VLAN,computerhostname,andportlocationofthe

user.Further,IdentityManagercancreatebothrolesand

policies,andthenbindthemtogethertocreaterole-based

prolesbasedonorganizationalstructureorotherlogical

groupings,andapplythemacrossmultipleuserstoallow

appropriateaccesstonetworkresources.Inaddition,support

forWideKeyACLsfurtherimprovessecuritybygoingbeyond

thetypicalsource/destinationandMACaddressasidentica-

tioncriteriaaccessmechanismtoprovidelteringcapabilities.

Host Integrity

Hostintegritycheckingkeepsinfectedornon-compliant

machinesothenetwork.SummitX450aseriessupportahost

andendpointintegritysolutionthatisbasedonamodel

promotedbytheTrustedComputingGroup.

Threat Detection and Response

CLEAR-Flow Security Rules Engine

CLEAR-FlowSecurityRulesEngineprovidesrstorderthreat

detectionandmitigation,andmirrorstractoappliancesfor

furtheranalysisofsuspicioustracinthenetwork.

sFlow

sFlow®isasamplingtechnologythatprovidestheabilityto

sampleapplicationleveltracowsonallinterfaces

simultaneously.

Port Mirroring

Toallowthreatdetectionandprevention,SummitX450a

switchessupportmany-to-oneandone-to-manyportmirror-

ing.Thisallowsthemirroringoftractoanexternalnetwork

appliancesuchasanintrusiondetectiondevicefortrend

analysisorforutilizationbyanetworkadministratorfor

diagnosticpurposes.Portmirroringcanalsobeenabledacross

switchesinastack.

1 2 3 4 5 6 7 8 9 10 11 ... 16 17

Kommentare zu diesen Handbüchern

Keine Kommentare

Extreme Networks IP and Ethernet services Bedienungsanleitung Seite 6

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Vernetzung Extreme Networks IP and Ethernet services