Homeדף בית Service SWAT -تأمين الوصول إلى الشبكة

SWAT -تأمين الوصول إلى الشبكة

SWAT هو NAC القائم على البرمجيات، مكرسة لسوق الشركات.

توفرها شركة النزاهة، وهي شركة لأمن الشبكات ورصدها.

تم إدخال سوات لأول مرة في عام 2004، فقد كان في التنمية منذ ذلك الحين و
الإصدار الحالي مستقرة هو 5.2

سوات هو حل قابل للتطوير، فقد وكيل وظيفة أقل باستخدام ومي عن بعد، سنمب
و سش وزعت العمارة مع تحقيقات عن بعد
لدعم الفروع النائية.

SWAT: Main features

  • Layer 2 enforcement
    • Disconnect/Change VLAN
    • Full layer2 mapping
  • Type based policy
    • Assign each device type using enhanced finger print
    • Time based NAC
  • Compliance Manager enables flexible policy
    • Type based policy
    • VLAN based policy
    • Switch group based policy
  • Multi vendor support
  • Network level policy
    • Assign a device to specific location by:
      • Switch Port
      • VLAN
      • SWITCH
      • Switch group
  • Dynamic VLAN support
    • Automatically configures connected port to the desired VLAN
    • based on connected MAC
  • Full active directory integration

SWAT GUI

  • Alert Console
    • Full management on alerts and system status
  • Switch Management
    • Multi-Vendor graphical interface
    • Switch remote control (SNMP based)
  • Reports
  • Policy Configuration

Switch Management

01_switchmanagment

SWAT Discovery & tagging

  • Using SNMP to discover switches and Routers
  • Manual/Automatic discovery
  • Using s dimensional finger print:
    • NMAP OS finger print
    • MAC address vendor
    • Open TCP ports
  • Enable type based policy

Analyze device interface

03_analyzedeviceinterface

SWAT – Enforcement

  • Using multiple protocols
    • SNMP – V1/2c/3
    • TELNET
    • SSH
  • Disconnect port
  • Change VLAN
  • Access lists

SWAT – Compliance

  • Consists of 3 levels definitions
    • Conditions
    • Policy
    • Rules
  • Each policy identified by several parameters:
    • IP range
    • Device type
    • Switch group
    • Active directory OU/Group
  • Rules identified by week day and time

SWAT – Conditions

  • WEB interface for configuration
  • Pre defined conditions
    • WMI
    • HTTP
    • TCP
      • Port grabbing
    • Telnet
      • Login
      • Banner
    • SNMP

SWAT – Conditions

  • WMI based conditions
    • NIC status
    • NIC types
    • Registry
    • Services
    • Processes
    • Domain
    • Disk status
    • File existence

SWAT – Policy management

  • Policy
    • Match device by several parameters:
      • IP range / VLAN
      • Device type
      • Connected switch group
      • Active directory OU/Group
    • Associated rules
      • Consist of one or more conditions
        • Boolean OR/AND relationship
      • Independent enforcement

Policy management

02_policymanagment

  • Enables the administrator a global status
  • All devices in network by check result:
    • Failure
    • Success
    • Unchecked
  • Complete details regarding compliance status
    • Policy
    • Rule
    • Condition

SWAT Notifications

  • Main console
    • Automatically refreshed
  • Send alerts by:
    • Mail
    • SMS
    • SNMP TRAP
    • SYSLOG
    • Event log

Reports

  • 3 sets of reports
    • Stations
    • Network
    • Statistics
  • Provide a complete network topology
  • Control all connected devices

SWAT – Roadmap

DHCP probe support

Netflow/Sflow discovery

Enhanced user based filtering