Brocade Communications Systems LS-STK Instrukcja Użytkownika Pobierz pdf (Strona 4)

Comprehensive

Enterprise-Class Security

FastIron LS switches are powered by the

Brocade IronWare operating software,

which offers a rich set of Layer 2 switching

services and Layer 3 routing functionality,

an advanced security suite for network

access control (NAC) and denial of service

protection, and QoS. IronWare embedded

security features include protection against

Denial of Service (DOS) attacks via TCP

SYN, ICMP smurf attack prevention, and

broadcast and multicast packet rate limiting.

The FastIron LS also supports key security

features such as Spanning Tree Root

Guard and BPDU Guard to protect network

spanning tree operation. In non-stacking

congurations, the FastIron LS series offers

additional security features, including

dynamic ARP inspection and DHCP snooping

to protect against address spoong and man-

in-the middle attacks.

Network Access Control

Network managers can rely on features

such as multi-device and 802.1X

authentication with dynamic policy

assignment to control network access and

perform targeted authorization on a per-

user level. FastIron LS switches also support

enhanced MAC policies with the ability to

deny trafc to and from a MAC address on

a per-VLAN basis. This powerful tool allows

network administrators to control access

policies for each endpoint device.

Standards-based NAC enables network

operators to deploy best-of-breed NAC

solutions for authenticating network users

and validating the security posture of a

connecting device. Support for policy-

controlled MAC-based VLANs provides

additional control of network access,

allowing for policy-controlled assignments of

devices to Layer 2 VLANs.

Trafc Monitoring and

Lawful Intercept

In response to today’s heightened security

environment, organizations may be

required to set up trafc intercept (lawful

intercept). For example, in the United

States, the Communications Assistance

for Law Enforcement Act (CALEA) requires

that businesses be able to intercept and

replicate data trafc directed to a particular

user, subnet, port, etc. This capability

is particularly essential in networks

implementing IP telephony. The FastIron

LS provides the capability necessary to

support this requirement through ACL-based

Mirroring, MAC Filter-based Mirroring, and

VLAN-based Mirroring. Network managers

can apply a “mirror ACL” on a port to mirror a

trafc stream based on IP source/destination

address, TCP/UDP source/destination ports,

and IP protocols such as ICMP, IGMP, TCP,

and UDP. A MAC lter can be applied on a

port to mirror a trafc stream based on a

source/destination MAC address. VLAN-

Based mirroring is another option for CALEA

compliance. Many enterprises have service-

specic VLANs, such as voice VLANs. With

VLAN mirroring, all trafc on an entire VLAN

within a switch can be mirrored, or specic

VLANs can be transferred to a remote server.

Threat Detection and Mitigation

Support for embedded, hardware-based

sFlow trafc sampling extends the Brocade

IronShield 360 security shield to the

network edge. This unique and powerful

closed loop threat mitigation solution

uses best-of-breed intrusion detection

systems to inspect sFlow trafc samples

for possible network attacks. In response

to a detected attack, IronView

Network

Manager (INM) can apply a security policy

to the compromised port. This automated

threat detection and mitigation stops

network attacks in real time, without

human intervention. This advanced security

capability provides a network-wide security

umbrella without the added complexity and

cost of ancillary sensors.

1 2 3 4 5 6 7 8 9 10 11 12

Komentarze do niniejszej Instrukcji

Brak uwag

Brocade Communications Systems LS-STK Instrukcja Użytkownika Strona 4

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Networking Brocade Communications Systems LS-STK