Homeדף בית Service SWAT – Secure Network Access Technology

SWAT – Secure Network Access Technology

SWAT is a software based NAC, dedicated to the enterprise market.
Provided by Integrity, a network security and monitoring solutions firm.

SWAT was first introduced in 2004, it has been in development since then and the
current stable version is 5.2

SWAT is a scalable solution, it has agent less functionality using remote WMI, SNMP
and SSH and has distributed architecture with remote probes
to support remote branches.

SWAT: Main features

  • Layer 2 enforcement
    • Disconnect/Change VLAN
    • Full layer2 mapping
  • Type based policy
    • Assign each device type using enhanced finger print
    • Time based NAC
  • Compliance Manager enables flexible policy
    • Type based policy
    • VLAN based policy
    • Switch group based policy
  • Multi vendor support
  • Network level policy
    • Assign a device to specific location by:
      • Switch Port
      • VLAN
      • SWITCH
      • Switch group
  • Dynamic VLAN support
    • Automatically configures connected port to the desired VLAN
    • based on connected MAC
  • Full active directory integration

SWAT GUI

  • Alert Console
    • Full management on alerts and system status
  • Switch Management
    • Multi-Vendor graphical interface
    • Switch remote control (SNMP based)
  • Reports
  • Policy Configuration

Switch Management

01_switchmanagment

SWAT Discovery & tagging

  • Using SNMP to discover switches and Routers
  • Manual/Automatic discovery
  • Using s dimensional finger print:
    • NMAP OS finger print
    • MAC address vendor
    • Open TCP ports
  • Enable type based policy

Analyze device interface

03_analyzedeviceinterface

SWAT – Enforcement

  • Using multiple protocols
    • SNMP – V1/2c/3
    • TELNET
    • SSH
  • Disconnect port
  • Change VLAN
  • Access lists

SWAT – Compliance

  • Consists of 3 levels definitions
    • Conditions
    • Policy
    • Rules
  • Each policy identified by several parameters:
    • IP range
    • Device type
    • Switch group
    • Active directory OU/Group
  • Rules identified by week day and time

SWAT – Conditions

  • WEB interface for configuration
  • Pre defined conditions
    • WMI
    • HTTP
    • TCP
      • Port grabbing
    • Telnet
      • Login
      • Banner
    • SNMP

SWAT – Conditions

  • WMI based conditions
    • NIC status
    • NIC types
    • Registry
    • Services
    • Processes
    • Domain
    • Disk status
    • File existence

SWAT – Policy management

  • Policy
    • Match device by several parameters:
      • IP range / VLAN
      • Device type
      • Connected switch group
      • Active directory OU/Group
    • Associated rules
      • Consist of one or more conditions
        • Boolean OR/AND relationship
      • Independent enforcement

Policy management

02_policymanagment

  • Enables the administrator a global status
  • All devices in network by check result:
    • Failure
    • Success
    • Unchecked
  • Complete details regarding compliance status
    • Policy
    • Rule
    • Condition

SWAT Notifications

  • Main console
    • Automatically refreshed
  • Send alerts by:
    • Mail
    • SMS
    • SNMP TRAP
    • SYSLOG
    • Event log

Reports

  • 3 sets of reports
    • Stations
    • Network
    • Statistics
  • Provide a complete network topology
  • Control all connected devices

SWAT – Roadmap

DHCP probe support

Netflow/Sflow discovery

Enhanced user based filtering