Network Access Control

Brocade is committed to delivering broad support for Network Access Control (NAC) by working with different vendors to ensure that Brocade products work in client admission-control environments. These environments include 802.1x supplicants and RADIUS servers, as well as those that use a NAC appliance approach. Brocade products are validated to ensure interoperability through an open, standards-based approach to delivering NAC solutions. This includes being able to automate the admittance of a compliant user; remediation; or restricting/blocking that user.

While 802.1x is an excellent protocol for securing access to the network based on username and password certificates, it has some limitations. The main limitation is that there is no way to validate that the client is healthy and running the necessary security software to safeguard both itself and the organization whose network resources the user is attempting to access.

Organizations that are serious about internal network security must have policies that ensure this security. Examples of policies that help ensure internal security might include:

• Clients must run a specific Windows version and Service Pack
• Clients must run specific anti-virus software
• Clients must run specific personal firewall software
• Clients must run specific intrusion detection and prevention software
• Clients must run spyware/adware protection software

While these IT policies help ensure the internal security of an organization, without policy enforcement they are simply guidelines rather than rules. To help enforce IT security policy and proactively ensure that clients connecting to the network are healthy and do not either accidentally or maliciously infect other systems in the network, Brocade has developed the industry’s most scalable, standards-based network admission control architecture.

Together with best-in-class partners McAfee, Microsoft, and Symantec, Brocade delivers proactive network admission control solutions that easily build onto existing 802.1x RADIUS-based authentication systems, ensuring that IT policies are met before clients are allowed to access network resources.

The open-standards support built into the Brocade security architecture ensures that clients meet IT policies before gaining access to the production network. If a policy compliance issue arises, the user can either be prevented from accessing the network at all or is provided limited access (e.g., to the Internet). Otherwise, the user is quarantined and a remediation action is enforced so that clients that are valid users, (but that are not compliant with IT security policy); can quickly determine why and how to patch their systems to get access to the production network.

In this architecture, several new components are added to the Brocade RADIUS/802.1x security model to provide this health check capability. This includes NAC clients and servers. The NAC client is installed on each client that is to be health checked before gaining access to the internal network. The NAC server can be an appliance that runs in conjunction with the RADIUS server, acting as a RADIUS proxy. Brocade, together with Impulse Point , McAfee, Microsoft, Symantec, and Check Point Software, has validated that its edge switch and wireless AP solutions are interoperable and easily deployable. Together, Brocade and partner products help organizations maintain and enforce IT security policies to provide proactive network security.

For more information on McAfee NAC capabilities click here.

• Solution Briefs

  • Brocade and Blue Coat Solutions: Optimizing SharePoint (1.5 MB)

  • Brocade and IBM Internet Security Systems Solutions (1.5 MB)

  • Brocade And Impulse Point (406.2 KB)

  • Brocade and McAfee: An Industry-Leading Enterprise Networking and Threat-Prevention Solution (1.5 MB)

  • Comprehensive Enterprise Security via Web, Messaging, and Gateway Best-of-Breed Solutions (631 KB)

  • Secure, Integrated, Scalable Solutions Deliver Rich Content in Large-Scale Deployments (729.7 KB)