Deutsch (DE-CH-AT)English (United Kingdom)
PNAC - Port based network access control
In the past years security attacks steadily increased. New and high sophisticated kinds of viruses and worms find ways to infect PCs and servers despite common security measures (firewall and antivirus software). The main reason for this problem is that the malware gets introduced on your network behind the firewall by an unsecured computer or memory stick. Usually there are hardly any security measures against internal attacks. The virus spreads through the corporate network rapidly. This might result in an downtime of the entire IT for days, the production is stopped. High costs for virus removal and repair of the network are to bear, and even higher costs by the loss of production and damage to your public image.

The hs2n security solution prevents at one hand the network access of non-registered foreign devices and checks on the other hand if the patch state of the internal clients (desktop PCs, notebooks) is up to date. If the requesting device is not registered, it will be forwarded in a separate guest VLAN which is for example directly connected to the Internet. If an authenticated client fulfills the defined security standard, it gets connected to the server. If missing patches or available updates are detected, the client is immediately moved to a quarantine network. Alerts inform the IT department. An agent on the client recognizes that the PC is now in the quarantine network and forces the automatic update function of Windows. Additionally the antivirus software is updated to the latest version. After updating the client is forwarded to the regular corporate network after just one reboot.
Optimized check conditions reduce the time lost by updating and make PNAC user friendly.

Integration in XEOX
PNAC is deeply integrated in XEOX. It uses the central database of XEOX - an ITIL compliant CMDB . In the CMDB all devices (beside computers, printer or server, for example) are assigned to VLAN groups. On each client a XEOX agent is installed, which requests the database to which VLAN the client should be moved. The request and the forwarding is done via RADIUS. Therefore on the Linux-based RADIUS server another database is installed, which is filled by the XEOX CMDB. The CMDB and the separate RADIUS database are synchronous at any time. The splitting to a second database increases the reliability of the solution. High availability can be achieved by several synchronized RADIUS servers.