Description
Veri-NAC 5250
Quick Facts
One-box network access control (NAC).
Control who can connect to your network. Unknown laptops and unauthorized wireless access points are no longer a problem.
Protect your network from dangers that firewalls can’t defend against, including hacks through printers, VoIP phones, wireless access points, bar-code scanners, smartphones, and more.
Agentless and non-inline design provides rock-solid security in an
easy-to-deploy appliance.
No infrastructure upgrade needed—Veri-NAC works with existing switches.
Further Details
Comply with requirements for GLBA, HIPAA, PCI, ISO 27001, and other security and privacy standards.
Detects malware on an infected device and reassigns that device to a quarantine VLAN until the problem is resolved.
Provides black holing and VLAN quarantining of untrusted assets.
Log in and manage IPs with Active Directory.
Use with both wired and wireless devices.
Part of the Veri-NAC family
VeriNAC™ 5250 is part of the Veri-NAC family of one-box NAC solutions, providing state-of-the-art network access control for networks of up to 500 nodes on two subnets. The Veri-NAC family consists of NAC solutions ranging in size from the Veri-NAC 5220 for small offices to the Veri-NAC 5800 for large enterprise networks with up to 100,000 nodes.
Can you afford a network breach?
A network breach is more than just embarrassing—it can expose your organization to all kinds of potential liabilities and expenses. Just look at these examples:
Recently a major hotel chain advised guests by way of letters and full-page newspaper ads that guests who stayed at their properties between November 2008 and May 2009 may have had their credit card numbers compromised.
In 2007, at least 45.7 million credit and debit card numbers were stolen from a number of retailers. The hacker was thought to have accessed the network through an unsecured wireless connection at a store.
In 2009, a hacker was charged with the greatest data theft ever seen—130 million debit and credit card numbers from a number of organizations.
In 2008, the Identity Theft Resource Center (ITRC) reported a 50% increase in reported data thefts and network breaches from the previous year.
Don’t be the next security breach headline!
You have a firewall to stop hackers, viruses, and malware at the network’s edge. A firewall is vital to safe network operation, but because it operates at the edge of your LAN, it can only protect you from threats coming from outside your network.
NAC devices, on the other hand, protect your network from threats originating on the inside. Unauthorized devices connected to your network are major threats to any organization. This is what a NAC appliance is designed to prevent, whether the vulnerability is a LAN port in a lobby or conference room, or a wireless access point.
Veri-NAC is a family of Network Access Control (NAC) appliances from Black Box that ensures that only authorized devices and users gain access to your network. It also screens for vulnerabilities in computers connected to your network, returning mobile users, wireless devices, and new devices. If Veri-NAC detects an untrusted asset, it responds instantly by shutting off network access for that device—protecting your network while keeping your trusted devices securely on-line.
Designed for simplicity
NAC solutions have been around for a while but have been slow to catch on because they’ve been expensive, time-consuming, and often require extensive equipment upgrades. In short, they were just too complicated to be worthwhile for most organizations.
Veri-NAC, on the other hand, is designed to provide maximum security in a simple, agentless design that’s also very affordable. There’s no need for extensive training or dedicated personnel, no need to install software agents, and no need to upgrade switches—Veri-NAC is easy to integrate into your network.
Only the trusted
Veri-NAC only lets computers and devices onto your network if they comply with standards that you specify.
All network devices have a unique, factory-installed MAC address. Veri-NAC assembles a profile of each device, including the user login, MAC address, as well as other information, and only lets known, trusted devices on the network. It can even detect and stop a machine trying to get in under a spoofed MAC address.
If Veri-NAC detects an untrusted asset, it will automatically send administration an alert to investigate and correct the problem.
Veri-NAC models 5250 and higher also include an endpoint vulnerability auditing engine featuring the common vulnerability and exposures (CVE) database, which checks to make sure each connected device complies with your standards, including up-to-date operating system patches. This auditing function works for all connected devices, not just PCs.
Protects continuously
Veri-NAC continuously scans your network, looking for unauthorized devices attempting to obtain an IP address. In addition, you can schedule Veri-NAC to scan attached devices to search for security vulnerabilities.
Detection and blocking feature
Quarantine or block malware-infested PCs—even zero-day malware that would otherwise go unchecked by standard virus-protection software. Then use the Data Rescue Engine (available separately) to retrieve important files safely without spreading the infection.
No agents
Unlike many other NAC systems, Veri-NAC doesn’t require that you install software agents on connected machines. This both simplifies installation and improves security because agents are vulnerable to hacking. Agentless design means that Veri-NAC also works with devices such as printers, smartphones, and wireless access points that can’t have agents installed on them.
Cost effective
Not only is the up-front cost for Veri-NAC often lower than other solutions, installation and ongoing maintenance are lower, too.
Veri-NAC works with yoru existing network and legacy infrastructure, so there's no need for expensive upgrades. Plus, Veri-NAC requres no formal training and minimal installation time, so even organization with a limited IT staff can easily add it to thir network security plan without straining resources.
Flexible
Veri-NAC offers a great deal of flexibility in how it responds to perceived threats. For instance, if Veri-NAC detects a device with an unknown user/MAC address, it can lock that device out entirely or limit it to only a guest VLAN that you set up.
Guests
Unknown users and devices—guests, for instance—can either be allowed on the network but flagged as an untrusted asset, or blocked entirely. If you have visitors who want to use their own laptops or smartphones to access the Internet, Veri-NAC can grant them access only to the Internet via a guest VLAN while restricting them from your organization’s intranet.
VLAN quarantining
Veri-NAC works with all 802.1q enabled switches to protect VLANs. It will permit users to connect to authorized VLANs, but will deny access if they attempt to access restricted VLANs. You can also assign trusted assets to multiple VLANs. Veri-NAC 5250 protects up to 20 VLANs. Other Veri-NAC models protect more.
Black holes and blocking
Veri-NAC provides additional methods for blocking untrusted assets. When used with ExtremeNetworks smart switches, Veri-NAC uses their secure API to facilitate communications. Veri-NAC can tell each switch about untrusted assets and “blackhole” it. This cuts off all traffic and the asset can't go anywhere. This also eliminates the need to Veri-NAC to keep streaming its agentless blocking.
The second method, switch port blocking, works with Cisco, 3Com®, HP® and ExtremeNetworks switches. If Veri-NAC detects an untrusted asset, it physically turns off the switch port by location so it is, in essence, “dead” until the administrators turn it back on.
Fast, straightforward setup
This capable NAC system takes just minutes to install. Veri-NAC is literally a turnkey network appliance—just plug it in, turn it on, and follow the simple on-screen instructions to configure it. There’s no need to upgrade your hardware or operating systems. The simplified user interface has practically no learning curve.
Detailed reports
To help you manage trusted and untrusted assets, Veri-NAC shows all assets by IP and MAC addresses, but also by user login name so you know exactly where a threat is coming from.
Veri-NAC displays network vulnerability information in colorful, easy-to-interpret graphs and charts. With one glance, you can view the status of your network and of each node within your network. Veri-NAC tracks and logs common vulnerabilities and exposures (CVEs), documenting end-user policies for regulatory compliance initiatives. In tracking vulnerabilities, Veri-NAC also assigns risk levels: low, medium, high, and serious, and issues alerts so the problems can be corrected.
Treads lightly in your network
Because Veri-NAC isn’t an in-line device, it won’t negatively affect network performance. Under normal conditions, Veri-NAC uses less than 10 kbps of bandwidth to block untrusted users and between 50 and 100 kbps while it’s auditing for vulnerabilities. This small amount of bandwidth isn’t enough to make a noticeable difference in network performance in most circumstances. In addition, when used with extreme network switches, Veri-NAC can blackhole untrusted assets using no network traffic.
Veri-NAC offers more ways to detect the bad guys.
Veri-NAC can do far more than just provide network access control. Daily Vulnerability and Malware Update software is available separately in one- and three-year packages. It enables Veri-NAC to check over the Internet for common vulnerabilities and exposures plus malware trying to call home. You can choose from one year or three year plans for all Veri-NAC models. See Related Products below.
Daily vulnerability updates
Veri-NAC uses Daily Vulnerability and Malware Updates to track and log common vulnerabilities and exposures (CVEs). It alerts you whenever an attached device has a problem that would leave it vulnerable to a hacker, so you can take steps to rectify the situation.
Daily malware updates
Veri-NAC now gives you two methods for detecting previously undetectable malware. It takes advantage of the fact that most malware tries to “call home.” In the first method, simply add a Network Tap (TS254A) near the firewall. The second method involves setting up a mirror port on your network switch. In both applications, Veri-NAC will keep watch for outgoing network traffic going to known malware repositories.
Sized for every network
Veri-NAC comes in models for every application from small-office networks to large enterprise networks containing thousands of devices.
Models 5400/5600/5800 include the Command Center for secure central management of multiple Veri-NAC appliances so you can protect your entire organization from edge to core. These models also include ISO 27001 Policy Tools to simplify your organization’s compliance efforts.