Advanced Security
The extra level of network security
macmon determines the operating systems of the end devices and, if possible, the domain, the name and open or closed ports. As soon as macmon is introduced, this expands the overall view of the network enormously and allows simple categorization and extended identification of end devices. In conjunction with NAC, the information obtained is synchronized in the background to completely prevent address manipulation and other attempted attacks.
macmon Advanced Security works with different technologies and is therefore an important component of effective network access control and is included in both the Network Bundle and the Premium Bundle.
Network device measurement data such as ARP caches, DHCP and DNS data are collected and correlated. End devices are scanned via WMI, SNMP, footprinting and fingerprinting to determine details for identification and to monitor for changes. In addition to identification, the sum of the information also allows security incidents such as ARP spoofing, MAC IP mismatch, MAC address flooding and MAC spoofing to be effectively combated.
Prevent MAC spoofing with WMI and SNMP
These two IP-based advanced security options allow additional information about a device to be collected. As a device can be uniquely identified using these two protocols, MAC spoofing can be reliably detected and prevented. The scans check whether it is possible to log on to the devices. After logging in, WMI checks the domain, the host name and the operating system. For SNMP, it is the sysDescription, the sysLocation and the sysName. The settings for these parameters are configured in groups in the macmon GUI.
Footprinting
Footprinting is another option of macmon's Advanced Security and can either be used in addition to WMI and SNMP or separately for devices that do not support the two protocols.
As part of footprinting, the IP protocol stack of all devices in the configured group in the network is examined. Using a port scan, further information on the MAC address is recorded and presented in the user interface. Settings can be made for the end device group. This makes it possible to define operating system and port specifications.
Secure cryptographic recognition through fingerprinting
Using SSH (Secure Shell) and TLS (Transport Layer Security), macmon NAC reads the public key or the public part of certificates of an end device, stores it and compares it by periodically querying it again. If the public key of the end device does not match the key stored in macmon NAC, the fingerprint_failed event is generated, as it must be assumed that the identity of the end device has changed - i.e. it is a different device. As usual, the event can be used to react to the situation as required.
Whitepaper Advanced Security
The operation of a network access control solution, such as macmon NAC, has two basic security requirements: The identification of end devices and the detection of attacks on the company network. With macmon Advanced Security, you have exactly the control you need to meet these requirements.
Case Study Rohrer Group
Smooth and Secure Network Access for High Employee Satisfaction
With the help of macmon NAC, the Rohrer Group is able to monitor and manage its heterogeneous, international IT infrastructure with just one tool.
Case Study Automotive
The Extra Level of OT Network Security and Control
The tried-and-tested, manufacturer-independent NAC solution from Belden secures the operating networks of one of the world's largest automobile manufacturers.