ExtremeXOS & DHCP-based edge security

ExtremeXOS now strengthens policy enforcement to help keep the network free from attacks through switch-based enforcement that allows network administrators to securely deploy NAC using DHCP or 802.1x.

Until today, many enterprises deploying NAC to protect the network perimeter have used DHCP servers, which left vulnerabilities. Users that were denied access could simply configure a static IP address to gain entry into the network and get out of quarantine. Extreme Networks® removes this NAC exploit with ExtremeXOS, as the switch enforces all endpoints to only allow devices with valid DHCP assigned IP addresses into the network. Users that attempt to bypass NAC solutions will be automatically blocked by the switch and alert the administrator of the attempted breach.

ExtremeXOS has also introduced enhancements to 802.1x through the innovative Universal Port framework. Universal Port simplifies network operations by automatically provisioning network resources when new users and devices connect. When combined with 802.1x, Universal Port provides more granular policy enforcement including per-user Quality of Service (QoS), rate limiting of bandwidth, and dynamic ACLs.

Both of these enhancements in the latest ExtremeXOS release can be used in conjunction with Sentriant® AG, Extreme Networks NAC solution, to lock down the edge of the network and help ensure endpoints are free from threats and in compliance with company security policies before gaining access. Sentriant AG provides deep endpoint testing without requiring an agent and supports both DHCP and 802.1x enforcement modes allowing it to easily integrate with any network environment.

Introduced in 2003, ExtremeXOS is the industry’s first modular operating system with an extensible foundation for converged networks running voice and video services. Along with built-in security capabilities that provide network access control integrated with end point integrity checking, ExtremeXOS has been designed from the ground up to support the next-generation Internet Protocol.

Needless to say – this is what I am working on :).

[ Read more… ]

Advertisements
  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: