Using NetCop to protect your VLANs

1 Comment

 

When you think about UTM, you can think about a security device installed at the network perimeter which controls outgoing traffic, most of the UTM provides security based on identity, IP address or MAC address. Have you ever thought about using UTM to protect your VLAN network? NetCop can be used to provide authentication based VLAN security for your network.

Using NetCop UTM you can save time and money by using single unmanageable switch or multiport hub to take advantage of VLAN. Many struggle with the concept of VLANs and never succeed in taking advantage of this technology. Once configured, NetCop dynamic VLANs can be deployed quickly without needing to add expensive hardware to your network. Let us show you how.

VLANs Explained

As you probably know, a VLAN is a Virtual LAN, or put another way: a partitioned switch. Imagine slicing a switch into four virtual pieces, or even gluing together four (or more) small switches. Each grouping is in a distinct broadcast domain, so devices in one VLAN cannot see broadcast traffic from others. The glued-together analogy works well, because it’s clear that you’re really talking about different layer 2 networks on each switch.

VLANs are extremely handy, and you’re probably using a separate VLAN for your server management network. Often, a VLAN is created with the idea that no router will live on that network. This keeps others from gaining access to the network unless they are physically

located on it. Common practice is to connect a server to both the management network and a regular subnet, so that after logging into that server you will have access to the management network. While this works well, it also means your server’s management interface will occupy a switch port (configured to live in the management network), in addition to the server’s normal network interface.

Traditional way to achieve hardware based VLAN configuration

image

In FIG 1, each of the 6 ports used have been configured for a specific VLAN. Ports 1, 2 and 6 have been assigned to VLAN 1 while ports 3, 4 and 5 to VLAN 2.

image

In the above diagram, this translates to allowing only VLAN 1 traffic in and out of ports 1, 2 and 6, while ports 3, 4 and 5 will carry VLAN 2 traffic. As you would remember, these two VLANs do not exchange any traffic between each other, unless we are using a layer 3

image

switches (or router) as shown in FIG 2 and we have explicitly configured the switch to route traffic between the two VLANs.

It is equally important to note at this point that any device connected to an Access Link (port) is totally unaware of the VLAN assigned to the port. The device simply assumes it is part of a single broadcast domain, just as it happens with any normal switch. During data transfers, any VLAN information or data from other VLANs is removed so the recipient has no information about them.

As shown, all packets arriving, entering or exiting the port are standard Ethernet II type packets which are understood by the network device connected to the port. There is nothing special about these packets, other than the fact that they belong only to the VLAN the port is configured for.

If, for example, we configured the port shown above for VLAN 1, then any packets entering/exiting this port would be for that VLAN only. In addition, if we decided to use a logical network such as 192.168.0.0 with a default subnet mask of 255.255.255.0 (/24), then all network devices connecting to ports assigned to VLAN 1 must be configured with the appropriate network address so they may communicate with all other hosts in the same VLAN.

Trunk Links

A Trunk Link, or ‘Trunk’ is a port configured to carry packets for any VLAN. These types of ports are usually found in connections between switches. These links require the ability to carry packets from all available VLANs because VLANs span over multiple switches.

Switches are connecting to the network backbone via the Trunk Links. This allows all VLANs created in our network to propagate throughout the whole network.

Again, previously described, these VLANs do not exchange any traffic between each other, unless we are using a layer 3 switch (or router) and we have explicitly configured the switch to route traffic between the VLANs.

Keeping your network simple with NetCop’s dynamic VLAN capabilities

Let’s say you have decided to use VLANs to achieve better control over your network and create logical network groups for easier management and control.

image

Given the options available, you have two choices;

First you use traditional way of configuring VLAN’s described earlier in which you need to deploy managed switches, configure L3 routing to make VLANs to communicate with each other.

Second choice is to implement NetCop based dynamic VLANs. It allows you to achieve better control over broadcast domains without spending fortune on network hardware like managed switches, L3 switches and routers.

NetCop in this configuration will act as VLAN manager, to achieve complex VLAN configurations. Following is a connectivity diagram of NetCop being used as VLAN management server. Unlike previous multi-VLAN
configuration, this setup does not require any L3 switch or Router to enable communication between VLANs.

All you need to do is to use unmanaged switches with uplink to build large network shown in diagram

Features of NetCop:

  • No L3 Switches or Router required
  • Easy to configure an maintain
  • Unlimited number of VLANs supported
  • Users must be authenticated to use outside VLANs

Benefits of NetCop:

  1. Cost effective
  2. Easy to manage
  3. Easy to design and configure

 

 

For more information on NetCop please E-mail on sanjay143u@gmail.com

(UTM)Unified Threat Management with Billing server

Leave a comment

For ISP(Internet Service Provider) , it is difficult to manage different software for internet security as well as billing server.

We at Whiteway infotech , comes with Unique,Cost-effective,   All-in-One solution for ISPs.  We’ve integrated UTM with Billing server especially for isp who wants to give internet in a secure and managed manner to their Clients.

With UTM they can get Content-filtering, parental control, Virus scanning, Authentication,Bandwidth Management, detailed usage report on identity based,ip based, time based. And with Billing Server they can create different plans e.g Monthly based, hourly based, Usage based.

According to these plans they can generate bills and charge the users.

Soon NetCop UTM cum Billing Server comes as OEM version.

Unique attractions of UTM

Leave a comment

Enterprises have been fed a constant diet of increasingly inadequate security technologies to solve their security problems. With increasing threats clearly looming over their networks and their business, they don’t want another box to solve their problems. Their needs are about leverage, simplicity and integrated management capabilities. Standalone solutions such as AV, AS, Firewall fail to protect against such threats. Enterprises are not only under pressure from cybercrime and insider abuse, but are facing increasing and evolving compliance demands – highlighting the importance of establishing effective and measurable security.

Reduced complexity, through Single security solution, Single Vendor, avoidance of multiple software installation and maintenance, Plug & Play architecture, Web-based GUI for easy management are some of the major reasons why many organizations, both big and small are fast switching to smart, UTM solutions. This, coupled with Zero-hour protection without comprising on performance translates into high ROI for customers who deploy UTMs.

For enterprises with remote networks  or distantly located offices, UTMs are the only means to provide centralized security with complete control over their globally distributed networks. Enterprises, thus get zero-hour protection at branch offices against security attacks despite the lack of technical resources at these locations

Key advantage of UTM

Leave a comment

  1. Reduced complexity: Single security solution. Single Vendor. Single AMC
  2. Simplicity: Avoidance of multiple software installation and maintenance
  3. Easy Management: Plug & Play Architecture, Web-based GUI for easy management
  4. Zero-hour protection without degrading the network performance
  5. Single point of contact – 24 × 7 vendor support
  6. Reduced technical training requirements, one product to learn.
  7. Regulatory compliance

Why UTM for Network Security ?

Leave a comment

In the past, securing a network requires multiple solutions. You need separate firewalls, anti-viruses, content filtering, spam filtering, VPN protection, anti-spyware, anti-penetration tools, and other security systems. Today, your network can take advantage of UTM(Unified Threat Management) appliance or unified threat management appliance.
This tool is an all in one security solutionthat integrates everything you need to protect your network. In fact, even if you have a WiFi network, a UTM system will have the capability for all round security protection and wireless penetration testing through WEP cracking simulations.

There is no doubt also that a unified threat management system is also a cost effective solution for network security. That is because you will eliminate the need to upgrade different security appliances of different vendors. You will only deal now with a single provider which will significantly cut the cost for system upgrades. Capability trainings of network administrators will be simpler also. With single user interface and a unified system, you need not spend for multiple training programs. This means more savings for your company and simpler administration processes for your network security personnel.