User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER

OmniAccess SafeGuard OS Administration Guide

26

Chapter 1: SafeGuard OS Overview

SafeGuard OS Overall Feature Summary

The following table summarizes SafeGuard OS features supported by SafeGuard devices.

User/Machine Authentication

■ Authentication via 802.1X or

MAC address

■ Passive Active Directory

authentication snooping

■ Passive RADIUS

authentication snooping

■ Captive portal

authentication

■ Trusted DHCP serve

Role Derivation

■ RADIUS attributes

■ Active Directory attributes

■ Physical location

■ Combination of above

Role-Based Policy (Access

Control By)

■ User group

■ Application

■ Select application attributes

■ Destination port

■ Resource (e.g. servers)

Host Posture Check

■ Dissolvable agent

■ Scan for known threats, anti-

virus definition, service

packs, and custom registry

keys and files

Enforcement Actions

■ Allow

■ Deny

■ TCP reset

■ Mirroring, logging

Threat Detection/Mitigation

■ Zero-hour threat detection

■ No signature updates

necessary

■ Drops malformed packets

■ Block by: physical port, SRC

MAC, offending application

Visualization

■ Ties usernames to

applications and security

violations

■ Identifies applications and

application content

■ Reports application details

to centralized policy center

Centralized Visualization

■ Ties into Alcatel-Lucent

OmniVista SafeGuard

Manager Command Center

■ User and application usage

repository

■ Real-time alert dashboard

■ Fully drillable forensics

capability

■ Reporting and scheduler

■ Full policy and role-

derivation configuration GUI

Logging and Reporting

■ Direct syslog reporting

■ Detailed security log

messages

■ Formatted for SIEM

integration

■ Formatted syslog to multiple

destinations

Management and Control

■ Industry-standard

Command Line Interface

(CLI)

■ Managed by Alcatel-Lucent

OmniVista SafeGuard

Manager Command Center

■ SNMP v1/v2

■ Telnet

■ SSH

■ TFTP

■ Standard and privileged

access modes

Administrator Authentication

■ RADIUS authentication

Performance (Switch Only)

■ Switching capacity: 101

million pps

■ Secure Switching Rate: 10

Gbps

Protocols (Switch Only)

■ 802.1D Bridging

■ 802.1D Spanning Tree

■ 802.1Q/p VLAN Tagging and

Priority

■ 802.1w Rapid Spanning Tree

■ 802.1S MSTP

■ 802.1X Port-based

authentication

■ 802.3 10Base-T

■ 802.3u 100Base-T

■ 802.3z 1000Base-SX/T

■ 802.3ae 10 Gbps Ethernet

■ 802.3af Power-over-Ethernet

Layer 2 Features (Switch Only)

■ 4,096 VLANs

■ 16,000 MAC Addresses

■ Protocol VLAN (802.1v)

■ Port Security (MAC address

locking)

■ Mirror/monitor ports

■ IGMP v1/v2 snooping

Layer 3 Features (Switch Only)

■ Static routing

■ Additional L3 capabilities

due in future software

releases