Every person managing a network needs to protect and secure it, but it is hard to figure out how to do it. People feel the need to implement network access control for their wireless networks, and would like to protect all of their network connections. There is a need to isolate infected PC’s before they can do much damage to other PC’s. Protecting networks from hacks, attacks, viruses and worms as well as ensuring that every PC that attaches to the network is clean and correctly configured is vital to optimal operation.
There are three specific problems in implementing a network security system:
- First, it is difficult to discover which of the hundreds of products on the market best answer these requirements and how they can be made to work seamlessly together.
- Second, adding end-to- end security on a network may result in radically more work for an already overwhelmed staff.
- Third, end-to-end security can be expensive. Comprehensive systems for 5,000 or more PC’s can cost more than $100,000
Putting in a system today is chancy because the network security business is rapidly changing. Microsoft, Cisco, Hewlett-Packard, Symantec and others are vying to establish industry-wide security systems. Waiting to act will only work until there is a security breach or a significant worm or virus attack. The chances of significant disruption increase beyond the ability of IT staffs to manually protect against them. It becomes only a matter of time before an attack finds your network.
MXN has assembled a unique security system using two complementary products working in a configuration sanctioned by Bradford Networks and StoneSoft. The system uses two or three customized network appliances installed in the core of the network. One appliance, from Bradford Networks, secures the outside edge of the network where users connect, the other, a StoneGate IPS, secures the connection on the inside of the network to the Internet. Special coding allows these appliances to communicate with each other and their combination does the following:
- Impose wired and wireless network access control using your existing security data base
- Find rogue DHCP servers and banish them from the network
- Keep Internet-based hackers, viruses and worms off your network
- Discover PC’s with virus and/or worm problems and automatically remove the PC’s from the network
In short, it does about 80% of what everyone needs in a comprehensive security system. We guarantee these results. The system is easy to administer once it is correctly installed and runs on any type of network equipment, managed and unmanaged, switches as well as hubs, wired and wireless. If you are looking to implement a system quickly with no expensive hardwire changes, you won’t have to install and maintain agents on your PC’s or have switches or wireless access points that support web authentication.
The system costs $25,000 for networks with up to 2,500 PC’s installed and configured with the first year’s support included. For networks with more than 2,500 and up to 5,000 PC’s, the cost is $32,500, and it’s $40,000 for networks with between 5,000 and 10,000 PC’s. The basic system covers Internet connections of up to 100 MBPS, for one or two connections.
You can size this appliance set according to your needs and budget. For example, you might have network access control for high school and administration facilities but not for elementary schools or you might use access control on just wireless networks. Protection against rogue DHCP and Internet hacking will cover the entire network in either case.
For efficient installation, your network must be made ready. IP addresses must be assigned to all the network switches that will be covered by the new system. Complete the pre-installation questionnaire detailing your current network configurations and IP settings and add configurations to your network to cover gaps. The configuration must include the creation of security VLANs and their assignment to all managed network devices. You must have a working security database (eDirectory, Active Directory, LDAP) that we can link the security system to.
We will spend an average of 3 days of on site installation, configuration and training to install and test the system. At the end of that time you will have the end-to-end security system providing the benefits specified above. Two to four weeks after the installation we will return for follow-up
fine-tuning and additional training.
Our intent is to deliver a system that provides about 80% of the security features you want for about 20% of the cost and management burden of a comprehensive system.
Need more information? Click here to contact us, and we’ll arrange a webinar, site visit, or send out additional information, at your request.
