Enterasys® NAC/NetSight® v3.1.1 Released
Enterasys NAC and NetSight version 3.1.1 are now available, introducing the option to provide Enterasys end-point assessment for both agent-less and agent-based (dissolvable and permanently installed agent) security health posture. The assessment is an add-on license for the new in-line Enterasys NAC Controllers and the ITA version of the Enterasys NAC Gateway released with v3.1 in March 2008.
Agent-less assessment provides network-based scanning for any operating system and can be configured to assess end-systems at various levels of intensity for an extensive list of vulnerabilities. This assessment is configurable within NetSight NAC Manager.
Agent-based assessment supports Windows operating systems, and allows you to configure individual tests that you want the scan to perform, such as whether antivirus software is up-to-date and running, if the end-system’s firewall is enabled, if patches are up-to-date, and if P2P software is running. This assessment is also configurable within NetSight NAC Manager.
NetSight version 3.1.1 adds embedded ACL Management to simplify the management of ACLs on the Enterasys routers such as the Enterasys Matrix N-Series and X-Series. The new ACL Manager provides a mechanism to graphically define access control lists and apply them to logical interfaces. It uses the paradigm of Enforce and Verify, allowing you to modify ACL definitions and how they are applied to the network without making any configuration changes on the devices until you press the Enforce button. ACL Manager provides the following functionality:
- Separates the definition of ACLs from the specific logical interfaces that they can be applied to.
- Provides the ability to apply ACLs that have been defined to a logical interface or an Agent Service.
- Allows a user to document rules, ACLs, and interfaces.
- Keeps an audit trail of changes (with a date and time stamp as well as the user name of the person making modifications) to aid in troubleshooting problems across the enterprise.
- Queries for rules defined in an ACL that are obscured by previously defined rules.
- Reads and displays the currently configured ACLs on a router or set of routers.
- Imports and displays ACLs from a valid router configuration as a text file.
- Tests ACLs applied to a device by providing the characteristics of a packet of data and verifying that it will or will not pass through the device.
NetSight 3.1.1 also adds OSPF management in NetSight Console. This feature will use OSPF to show topology map information related to the status and connectivity between devices. It also provides an overlay functionality. Overlays add visual features to your map (e.g., link color, link weights, and endpoint symbols) that are meaningful to a particular logical view. For example, adding the Spanning Tree overlay causes root ports, active links, and root bridges to become more prominent in the map.
Finally, many improvements were made to Policy Manager including streamlined workflows for improved usability and new Policy Manager, Database (.pmd) files that provide ready-made workflows for common policy scenarios. Each .pmd file contains all the elements (roles, services, rules, VLAN membership, class of service) that define how network traffic is handled for each scenario. The files include default policies for general purpose networking, vertical services for the healthcare industry, device services for the Enterasys Matrix N-Series, VoIP services (ShoreTel), and iSCSI SAN services (LeftHand Networks).