Ethernet*1 switch-based user authentication prevents unauthorized access from within a network, providing an effective way to help build a secure LAN environment. Hitachi Cable offers an exclusive network authentication (hereafter abbreviated NA*2) solution based on a combination of the Apresia authentication switch and the RADIUS*3 authentication server. Based on a general approach to security called Enforcement for Secure Connectivity (EnSEC), this solution eliminates unauthorized terminals and other potential weaknesses to realize high security and operability. Use in conjunction with various security tools such as anti-virus or quarantine software applications and various authentication devices helps establish a secure environment that meets the needs of each particular user.
*1: Ethernet is a registered trademark of Fuji Xerox Co., Ltd.
*2: NA = Network Authentication
*3: RADIUS = Remote Authentication Dial-In User Service |
 |
 |
|
|
|
|
 |
|
Hitachi Cable's Apresia is a new-generation, mid-range multifunction switch capable of flexible response to the ever-diversifying and growing needs of enterprise networks. Despite versatility and reliability comparable to high-end products, it's priced at a level that will astonish those used to conventional products.
Apresia supports two authentication methods, NA and IEEE802.1x, which can be deployed individually or used together, depending on authentication servers available. If a network includes devices that do not support IEEE802.1x, the user for the time being can deploy an authentication system based on the field-proven NA method, upgrading to the international standard IEEE802.1x when the equipment is replaced or operating systems upgraded to expand functionality. This allows incremental investment in effective security solutions while making full use of existing network resources. |
|
 |
|
| NA method-based network authentication builds secure LAN environments by combining the Apresia authentication switch and the RADIUS authentication server. Apresia denies host connections to unauthenticated users, protecting networks and data against potential damage from unauthorized access. The NA method can perform user authentication via Web interfaces, independent of the client OS. Unlike IEEE802.1x, which generally supports only Windows XP/2000, the NA method helps realize effective security management even in mixed environments with Linux/Unix and Macintosh machines. And since the NA method can also perform authentication via MAC addresses assigned to each network device, it can be used to authenticate and manage printers, IP telephones, and POS terminals without browsers. |
|
 |
|
One of the most powerful tools in the Apresia suite is its capacity to eliminate suspicious terminals. Apresia is capable of flexible log-out processing while supervising the connection status of terminals. During its periodic polls, Apresia can log out any terminals that fail to respond continuously, exceed the connection time limits, or send/receive specific packets, helping to minimize potential damage from unauthorized access from within the company.
Used in combination with security solutions such as noncontact IC cards, fingerprint authentication units, and PC quarantine systems, Apresia also lets a company establish a comprehensive in-house security policy, even including measures that control inappropriate Web browsing or illegal use of file exchange software. Apresia makes it possible to devise an optimal security solution tailored to the user's specific network configuration and office environment. |
|
 |
|
The Apresia-based NA has two authentication modes -- Shared Port Mode, which permits multiple terminals to be connected under a port, and Designated Port Mode, which is capable of dynamic VLAN*4 assignment - enabling flexible setup to meet specific needs or an existing network environment. In Shared Port Mode, Apresia can authenticate all clients connected even through hub switches or wireless-LAN access points. Fixed-IP terminals and DHCP*5 terminals are allowed to coexist, and up to 300 clients per switch unit can be authenticated. Building a user authentication system is simply a matter of replacing switches and introducing an authentication server, with no need to modify most existing network configurations. In contrast, Designated Port Mode assigns VLAN dynamically to each client in a one client-per port environment. This mode is ideal for companies that make layout modifications or need to ensure network mobility in office areas.
*4: VLAN = Virtual LAN, a technology that makes it possible to establish network clusters within corporate networks, without the constraints of actual physical connection.
*5: DHCP = Dynamic Host Configuration Protocol, a protocol used to automatically assign IP addresses and other information to terminals connected to a network. |
|
 Shared Port Mode |
| Designated Port Mode |
|
