NC Nov-Dec 2023

More documents

Recommendations

Info

CASE STUDY "MADE IN GERMANY" QUALITY, TWO TIMES OVER MACMON PARTNER NETPLANS HAS SECURED LEVELLING TECHNOLOGY SPECIALIST ARKU AGAINST MALWARE ATTACKS WITH MACMON NAC Founded in 1928, the family-owned company ARKU Maschinenbau GmbH has become the world market leader in levelling technology, with over 50 years of experience to call on. ARKU offers the largest selection of high-performance and high-precision leveling machines as well as deburring and rounding machines. In the last few years ARKU has faced an increasing number of malware attacks. However, by working closely with the Freiburg branch of the IT systems house NetPlans, it has introduced extensive measures to defend itself. It its search for reliable and scalable network protection, it quickly became clear that macmon NAC was the right option. NetPlans is a Platinum macmon partner with certified and continuously trained macmon experts who have provided first-class support for their customers - especially from the SME sector - with the implementation of a huge number of projects. RADIUS AUTHENTICATION PROVIDES EVEN MORE SECURITY To authenticate endpoints, ARKU uses macmon's integrated RADIUS server to make the decisions on granting access. As the ID or means of authentication, a number of different properties can generally be used, such as the MAC address, user name/password or certificate. Since the network is not accessed by the system until the RADIUS server has confirmed it, there are no unused or insecure ports, which increases security significantly. While granting access, the IT team can define and specify additional rules for the switch to implement. If the switch is technically capable of doing so (layer 3), a specific VLAN, defined ACLs or almost any other attributes can be assigned in this way. An access control list (ACL) limits access to data and functions. The ACL determines the extent to which individual users and system processes have access to certain objects such as services, files or registry entries. "We use a variety of security solutions in our company," said Felix Pflüger, IT & Digitisation Team Leader at ARKU. "Thanks to macmon NAC, we always have oversight over our extensive IT infrastructure. Our switches are administered via SNMP and RADIUS, meaning macmon sets the appropriate VLAN on the switch port, or the port is blocked if there are unknown devices. That prevents unauthorised devices from gaining access via network outlets, for example." VISITOR MANAGEMENT MADE EASY Frequent visits by customers and suppliers present companies with the challenge of preventing these users' end devices from accessing the company's internal network. The functions of the "Guest Service" module provide an intelligent and flexible management system for any external device with a granular guest ticket system for controlling temporary LAN and WLAN access. Since the number of external visitors was manageable during the Coronavirus period, the IT department was responsible for deciding whether or not visitors were granted access. In the future, however, this task will be delegated to authorised employees with the macmon guest portal. Without having to deal with the macmon NAC administration, they can generate access data directly in the portal or confirm visitors who have registered themselves. The resources shared and the duration of access can be defined while creating the access data, ensuring each visitor can access only the specific resources approved for them. For instance, a service technician who has to maintain machine equipment has different access rights than a customer who is visiting the company for a meeting. CONCLUSION "Using macmon NAC and the macmon guest portal has allowed us to significantly improve our network security and endpoint management," said Felix Pflüger. "In our region, the macmon Platinum partner NetPlans is our expert implementation and support partner for issues related to IT infrastructure and security, which have been improved over the years and maintained at the highest standard. Only by continuously optimising existing solutions can intelligent attacks be successfully repelled in the long term. The rollout of macmon NAC in the US was a success; further projects are in the pipeline." NC 14 NETWORKcomputing NOVEMBER/DECEMBER 2023 @NCMagAndAwards WWW.NETWORKCOMPUTING.CO.UK
PRODUCT REVIEW macmon NAC PRODUCT REVIEW PRODUCT REVIEWPRODUCT RE Despite the undeniable security benefits many businesses find implementing a network access control solution challenging, as all too many are complex and time consuming to install and difficult to manage. The German company macmon secure GmbH stands out from the crowd as its NAC product is designed to be simple to deploy and maintain while its smart agentless architecture means it can be protecting your network from day one. It doesn't require agents or sensors as it queries all your manageable switches and uses methods such as SNMP, REST or Telnet/SSH to find out which network devices and connected endpoints are in the network. The macmon NAC appliance also offers its own embedded RADIUS server for authentication to fully support the industry standard 802.1X while making it much simpler to adopt. The above mentioned protocols are also being used to enforce NAC controls, which is why it is not only compatible with informational technology but can also secure operational technology (OT) networks with all their legacy systems. This simple approach has major benefits in the battle to control what macmon classifies as UFOs (unidentified frightening objects). These could be an intruder, an employee's access point being used to build their own Wi-Fi network, or something as simple as a workstation. macmon NAC can see all endpoints regardless of whether they are a desktop PC, a BYOD, a controlling unit of an industrial facility, or the laptop of a service technician. This network overview is extremely valuable for both homogeneous and heterogeneous infrastructures and large non-transparent networks, which can often be found in the manufacturing or the automotive industry. Mobile user controls are particularly good as macmon NAC can identify them irrespective of which network switch or Wi-Fi device they access, and uses whitelists to determine what access levels they are allowed. Furthermore, macmon NAC is manufacturer-agnostic, so it'll work with any manageable switch, and can scale easily as the network expands, allowing it to work with the latest IT systems as well as long-established operational technologies. We found deployment swift as we installed macmon NAC on our VMware vSphere host in ten minutes. The web console is easy to use, and our first task was to create a list of credentials for our monitored switches where it defaults to SNMP. macmon NAC gathers information about all network devices and endpoints and their attributes such as MAC and IP addresses and their names using (amongst others) ARP, DNS and DHCP as well as OT specific protocols. These may be added to a list of 'known' endpoints in the console and assigned to groups such as PCs, mobiles and guest devices, which in the simple mode even enforce up to three levels of authentication and related authorisation. Any new endpoints that macmon NAC discovers are considered unauthorised and policies are used to determine what access levels they should have - if any. Predefined rules make this even easier as they can block these devices, dynamically manage VLAN membership and present guest users with custom captive web portals. The macmon VLAN Manager is a powerful instrument to roll out as it automatically maintains a zoning concept in big production facilities or other industrial contexts, which is a requirement of many security regulations such as IEC 62443 or even ISO 27001. The Premium bundle enables full compliance scans on endpoints and offers even more integration options to gain additional status from third-party tools. macmon NAC is very amenable as it generally integrates with a wide range of third-party security solutions and even offers a framework to simply add your own integrations. NC Product: macmon NAC Supplier: macmon secure GmbH Tel: +49 30 23257777-0 Web site: www.macmon.eu Sales: info@macmon.eu WWW.NETWORKCOMPUTING.CO.UK NOVEMBER/DECEMBER 2023 15 NETWORKcomputing @NCMagAndAwards
Page 1 and 2: NETWORKcomputing I N F O R M A T I
Page 3 and 4: COMMENT COMMENT MANAGING THE SKILLS
Page 6 and 7: INDUSTRY NEWS NEWSNEWS NEWS NEWS NE
Page 8 and 9: COMPANY PROFILE COMPANY PROFILE: NE
Page 10 and 11: OPINION: STORAGE ENSURING STORAGE S
Page 12 and 13: OPINION: SASE IS SD-WAN THE RIGHT F
Page 16 and 17: SECURITY UPDATE COMPLYING WITH THE
Page 18 and 19: OPINION: IOT IOT AND THE FUTURE OF
Page 20 and 21: OPINION: DATA CENTRES HOW DATA CENT
Page 22 and 23: OPINION: DATA CENTRES Hot and Cold
Page 24 and 25: CASE STUDY GLOBAL TRANSFORMATION AN
Page 26 and 27: OPINION: DDoS ATTACKS SPANNING SECU
Page 28 and 29: OPINION: NTNs TO 5G - AND BEYOND! K
Page 30 and 31: OPINION: CLOUD SECURITY BOOSTING YO
Page 32 and 33: OPINION: ESM ENGAGING AI FOR ENTERP
Page 34: OPINION: PROVIDERS NECESSARY PROVIS

NC Nov-Dec 2023

Create successful ePaper yourself

Delete template?

Save as template?