Mirage NAC The Most Powerful Agent-less NAC

  • View

  • Download

Embed Size (px)


Mirage NAC The Most Powerful Agent-less NAC. 2008. 010-4842-9153 / comwoo@gmail.com : 010-5586-5534. CONTENTS. NAC (Network Access Control) The Market NAC Mirage NAC Mirage NAC Mirage NAC Mirage NAC Mirage NAC - PowerPoint PPT Presentation


  • Mirage NAC The Most Powerful Agent-less NAC2008 010-4842-9153 / comwoo@gmail.com : 010-5586-5534

  • CONTENTS NAC (Network Access Control) The Market NAC

    Mirage NAC Mirage NAC Mirage NAC Mirage NAC Mirage NAC Mirage NAC Products

    Mirage Networks

  • The MarketProtection is in place:90% antivirus software 88% 70% Firewall VPN

    But its not enough in 2004:Malware : $169B - $204BAffected: 200 115 80% 30% 100

    Per incident impact: : 17 hours : 24 days

  • The MarketAberdeen Research, 2006NAC IT

    Day-zero Network Infra End-point Remote Management Network Infra

  • The Market 2007 03 ?

  • The Market 2007 03 ?

  • The Market 2007 03 ?

  • NAC (Network Access Control) Network Access Control Network Admission Control

    Traffic zero-day

    Agent-based and Agent-less (Agent ) Switch-based and Appliance ( ) Switch vendor / Software vendor / NAC vendor ( )

    Network Access Control Network , Traffic ( ) ,

  • NAC (Network Access Control) Pre-Admission ()

    (Patch , , ) Quarantine &RemediationPost-Admission (Threat Prevention)

    (P2P , ) NAC

  • NAC (Network Access Control) NAC

    Agent Agent-base Agent Agent , Agent-less Agent Agent Switch-base Switch Switch Swtich Appliance Appliance In-line Out-of-band Out-of-band Swtich Pre-admission Post-admission Day-zero

  • Mirage NACPost-Admission( )Pre-Admission( )Quarantine & Remediation( ) Pre-Admission

    (AD, Radius, LDAP ) (Patch , , IP/MAC ) Post-Admission

    Quarantine & Remediation

    Full Cycle NAC

  • Mirage NAC Mirage NAC Full Cycle NAC MAP

  • Mirage NAC Agent Agent_less (2007 SC Magazine ) Dynamic ( , )

  • IP / MAC

    Network IP MAC Address IP IP Address

    IP / MAC Address IP MAC Address

    Mirage NAC IP/MAC IP / MAC Locking NOTE Profile Known

  • (ACS Server )

    IP MAC Address

    Agent (RADIUS, LDAP )

    Patch, Message , Customizing

    Mirage NAC -

  • Network Scanner

    Network Scanner (Foundstone) Scan Network Risk Scan Network Scan

    Risk Network Scanner Risk Network Network

    Mirage NAC Network Scanner

  • Behavioral Technology

    Packet Signature Signature Base Network Traffic ( ) Signature Update Day-Zero

    Behavioral Technology Worm Virus Traffic Traffic Traffic Rule Set Dark IP Address

    30Giga Traffic Network 23 (Network Magazine BMT )Mirage NAC

  • () Mirage NAC

  • Using Dark IP Space

    IP Address (Dark IP) (Linux, Windows 98, Windows XP ) ( Scan ) Dark IP Space IP Dark IP Block Mirage NAC Dark IP Space

  • Dark IP Space Decoy Decoy Linux, XP, Windows Port Open

    Dark IP Space Decoy Worm Scanning Decoy Mirage NAC Decoy

  • Mirage NAC (Decoy) MSS(Maximum Segment Size) ( ) Mirage NAC

  • ARP Table IP Address MAC NAC Setting Traffic NAC Traffic Mirage NAC DropMirage NAC

  • Network

    Customizing , ,



    Re-Scan Scanning

    Mirage NAC

  • Mirage NAC

  • Mirroring PortWriting PortManagement PortSwitchNAC Switch Mirroring Port Setting ( VLAN Mirroring port Trunk Port ) Setting Mirroring Port NAC Reading Port

    Mirroring Port ( ) ( 30) / Vendor , OS (Infra-Independent) Agents

    Mirage NAC - Switch

  • Main SwitchMirage NACMirage ACS (AD )PMS, Virus Server

    Web Server Patch Mirage NAC - MOC (Monitoring Console) VALN 01VALN 02

  • Profile Profile Profile Profile Zone Zone Profile AProfile BProfile CProfile DProfile EProfile FProfile GProfile HZone AZone BZone CZone D A B C D ) Profile FTP Profile Zone , 30 Mirage NAC - Profile

  • Mirage NAC - Profile Default Profile

    Base Behavioral ProfilesDenial Of ServiceICMP FloodDoS . Threshold IRC HeartbeatMass MailerDNS Mail LookupMail Worm Too Many SMTP HostsToo Many SMTP SynsProtocol ViolationBad Packet - all flags Packet Header Bad Packet - no flagsBad Packet - SYN|FINBad Packet - URG OnlyBad Packet - Xmas TreeReconnaissancehping Usage , .Dark IP Space .Snaring (Decoy ) .nmap UsagePort ScanTCP ScanToo Many ManagedToo Many UnmanagedToo Many UnusedUDP ScanUnused ContactBase NAC ProfilesDevice RolesFTP ServersAuthorized FTP Servers FTP Unauthorized FTP Servers FTP GatewaysAuthorized Gateways Unauthorized Gateways - Endpoints ( ) Unauthorized Gateways - RoutersMail ServersAuthorized Mail Servers Unauthorized Mail Servers PhonesAuthorized Phones IP Soft Phone Usage IP Unauthorized Phones IP Web ServersAuthorized Web Servers Unauthorized Web Servers Printers Network PropertiesRouting Devices Wireless Devices Operating SystemsLegacy Windows DevicesO/S .Unknown, Windows, Linux, Palm, Solaris, Nokia, Windows Mobile, MacOS X,MacOS Classic, Cisco, Embedded, Extreme Linux DevicesMac DevicesWindows DevicesMAC/IP Lock ViolationsMAC / IP .

  • Mirage NAC - Profile Profile

    , Profile Profile Profile AND OR Default Profile

    Device ListsConfigured Gateways , . Unknown Devices (FOUNDSTOME) . Stolen Device . FTP ServersIP Telephony ServersKnown DevicesKnown Devices - Manual InclusionKnown Devices - Manual ListMail ServersPhonesStolen DevicesUnknown DevicesWeb ServersInstant MessagingAIM/ICQ UsageAOL, ICQ, IRC, MSN, , Instant Messaging .P2P .Excessive AIM/ICQ UsageExcessive IRC MessageExcessive MSN Messenger UsageExcessive Yahoo! Messenger UsageIRC MessageMSN Messenger UsageYahoo! MessengerIP TelephonyH.323 CGQ Port FloodVoIP H323, SIP .Incoming Non-IP Tel ConnectionOutgoing Non-IP Tel ConnectionSIP Invite FloodSIP Registration FloodUnauthorized TFTP

  • Mirage NAC - Profile Profile Source Destination Packet offset

    Packet Application

  • Mirage NAC - MOC MOC Monitoring 5 Priority VLAN Stream IP Port Event IP MAC, Profile

    Address Space IP IP Scanning OS, Port

  • Central Management

    MOC NAC Activity Mirage NAC

  • ,


    ,, Mirage NAC

  • Mirage NAC Products NACNAC

    N-120 / N-125

    MODELN-245Supports 2,500 Active Endpoint Supports up to 1GB 1 Management port / 4 X 10/100/1000 Port2U Rack MountableServer ( 5 NAC )

    MODELN-145Supports ~1.000 Active Endpoint Supports up to 1GB 1 Management port / 4 X 10/100/1000 Port2U Rack MountableServer (Stand Alone )

    MODELN-120Supports ~ 50 Active Endpoint Supports up to 100M 1 Management port / 2 X 10/100/1000 Port1U Rack MountableSensor Mode ( ) / 07

    MODELN-125Supports 100 ~ 200 Active Endpoint Supports up to 100M 1 Management port / 2 X 10/100/1000 Port1U Rack MountableSensor Mode ( )

  • Mirage NAC Products Management Server & ACS

    Management ServerM-2060 NAC NAC NAC NAC

    ACSAdvanced Compliance Server Deep Scan (LDAP. ARDIUS ) Deep Scan Patch , , Anti Virus , Anti Spyware

  • ABMirage NACAgent Pre-Admission Protocol Vendor Agent Agent Java Applet Post-AdmissionDay-Zero XXODecoy XODecoy XXOBehavioral TechOProfile O XXO XXODynamic XXO

  • Mirage Networks AwardsAwardsInfo Security Hot Companies 2007Best Anti-Worm, Anti-Malware, SC Magazine/RSA 2006InfoSecurity Customer Trust Product Excellence Award, 2006 Software Development magazine: four star product review, May 2005

  • Mirage Networks Customers ( , ) (2006) 2007 ( 30 ) PMS IP / (2007) 2008 / , ( 15 ) VLAN /

  • Mirage Networks CustomersFinanceGovernmentProfessional ServicesHigher EducationK-12ManufacturingHealthcareOther

  • Mirage Networks PartnerAT&T resells Mirage NAC in its managed services portfolio. Marketed as AT&T Managed IPS, it represents the AT&T commitment to enabling business to be conducted effectively, efficiently and securely across both wired and wireless IP networks. (Signed March, 2005)Part of the Avaya DevConnect Program, Mirage works with Avaya to develop world-class interior network defense solutions, particularly for emerging IP telephony technology.Mitsui Bussan Secure Directions, a subsidiary of Mitsui & Co., Ltd. - one of the worlds most diversified and comprehensive trading and services companies - powers Mirage NAC sales in the Japanese marketplace. (Signed October, 2004)Extreme Networks provides organizations with the resiliency, adaptability and simplicity required for a truly converged network that supports voice, video and data over a wired or wireless infrastructure, while delivering high-performance and advanced security features. (Signed March, 2005)IBM Internet Security Systems (formerly ISS) has formed an al