ViaScope Integrated IP Network Management Solution ProviderAgentless Network Access Control & IPAM Solution

By nForce Security System AP

2

Reference

Samsung Electronics (HQ, Semi-conductor , Mobile phone, LCD, Appliance etc. 300,000 license ), LG Electronics ( worldwide 53 countries ), KT ( Korea Telecom nation-wide network, 800 sites), LG-Philips , Philips Electronics, Citi Bank, Allianz, Prudential, ING life, Kookmin Bank, Shinhan Bank(1,100 sites), Samsung Securities, LG-Caltex Oil, Hyundai Heavy Industries, SK C&C, Hynix-Semiconductor, LG Telecom, Korea Telecom FreeTel, University, 200 Government offices, etc.(1,000 customers)

Korea

More than 1400 customers are already using IPScan

Toyota Motor Corporation(100,000 license), Matsushita Electronic Industrial Co., Ltd (Panasonic), Sony EMCS Corporation,., Mottox Inc., NYK Systems Research Institute, Denso, Nabtesco Corporation , Gihuken Police, Arakawa Chemical Industries Ltd., Aichi Steel Corporation, Toukei Computer Co., Ltd., Jupiter Programming Co., Ltd., Nissho Electronics Corporation, Daiko, Argo21 Corporation, Nomura Living Support Center, Eizo Nanao Corp, Aisin AI Co., Ltd. PFU Limited, Nihon University, Matsushita Electric Works, Nipro Corp, Misawa Home Holding.

Japan

South East Asia

Alcatel Lucent, LG China, Mega International Commercial Bank, B&Q Corporation, Shinkwong Fabric, Chinese Gamer International, Ministry of Foreign Affairs, Japan Research Institute, Misawa Homes, Fujitsu Chubu Systems, Toppan ChungHwa University, Shanghai Stock Center, Beijing Institute of Petrochemical Technology, etc. ( 200 customers)

China/Taiwan/Hong Kong

Philippines : Bank of Commerce, Bureau of Treasure, LG Electronics, Allied Bank /Thailand : EGAT (Electricity Generating

Authority of Thailand), MWA ( Metropolitan Water Authority of Thailand), BankThai, WDC, Road Accident Victims Protection,

NCB, PAT (Thailand),Tun Hussein Malaysia : WDC Malaysia, Denso Malaysia, Malaysia National Security Division/Prime

Minister Department, IPPM, INSPEN, MASTIC, UKM / Singapore : Philips Electronics, Walton International, BSC / Indonesia :

AMFG, BIN / Hong Kong : WKK Corporation, Emperor Group, HUKM, TNT Express, WKK Holdings / Brunei : Ministry of Foreign

Affair, Bani Islam bank, etc.

America / EuropeUSA : Deluxe Digital Studio, City of Los Angeles , Station Casinos/ Las Vegas, HanmiBank, ScanHealthPlan , Samsung America, Mexico : Samsung Mexico, Dynamic Communication, etc / Brazil : Samsung Brazil / Norway : Norwegian Customs and Excise, BKK, Norwegian School of Veterinary Science, Ministry of Defense, Norwegian Defense Logistics Organization, Government Administration Services, Ministry of Culture and Church, Ministry of Education and Research, Elis AS, Hejmme Mortensen, The Norwegian Public Service Pension Fund, Norwegian Ministry of Fisheries and Coastal Affairs, Diakonhjemmet Hospital, Sweden : Sanofi-Synthelabo AB, Lesjofors AB, Swedish Institute for Infectious Disease Control, etc.

3

Reference Sites- More than 500 customers are already using IPScan

HUKM

Thailand Reference Sites

In your network

Authorized Clients DHCP or Fixed mode

AD Server192.168.0.2

Mail Server192.168.0.1

VAM Server192.168.0.3

Guest (Static address)192.168.0.2

Guest under policy

IP Conflict

IPAM Server found IP Conflict

Not BLOCK !!!

Best practices

Authorized Clients

AD Server192.168.0.2

Mail Server192.168.0.1

VAM Server192.168.0.3

Guest (Static address)192.168.0.2

BLOCKING

IPScan

BLOCKING

New MAC

IP Conflict

Unauthorized ClientsWith Access Time Control

Static VS Dynamic

Static DHCP DHCP + Secure

User can change IP Address Yes Yes No

Real time data update (MAC, IP, Host) No Yes Yes

Easy to change and deploy address to clients No Yes Yes

IP conflict monitor No Yes Yes

Stop IP Conflict No No Yes

Easy to find source / destination of IP Conflict No No Yes

Block to new Host connection No No Yes

Limited time for connection No No Yes

Host registration No Yes Yes

Switch Port Monitor No Optional

Yes

9

• How many active devices connected to your network ?

• How do you manage your IP addresses? (Spreadsheet, paper based, etc)

• How many devices do not use anymore? Relocated? Offline? Can you keep track of the changes?

• Do you assign static IP to users? What happen if the users change the IP?

• Can you keep track the changes? Can you prevent the user from changing IP addresses?

• What happen if the user start conflicting IP with each other?

Questions for IP Management

10

Current Problems

There are some IP address management solutions in the market, but no solutions for Static IP address or Static/DHCP mixed environments.

It is painful to manage IP/MAC manually based on spreadsheet such as excel sheet.

IP managers are facing more difficulties to update IP/MAC address usage status for all devices in network (Online/Offline, unused, change, add, etc,)

Common DHCP problem: • Unauthorized multi DHCP Server issues • Static IP address in the DHCP pool causes problem.• DHCP Server based solution cannot control each IP/MAC address. It is just an IP assignment device• DHCP Server can assign the same IP to the same MAC each time, but, this policy is not effective when

there is IP conflict, etc.• It is critical when DHCP Server has failure, etc.

Static IP problem• Cannot prevent PC users from changing IP address• Cannot prevent “ IP duplication” problem , and it causes big problems sometimes• Unused IP address space creates security problems, but cannot disable this.• Long time NO used device, etc.

IP address Management problems

IP address Management problems

Current Problems

11

DHCP IP

Unused IP

DHCP IP

Temporary IP

Unauthorized User

Static IP

DHCP Pool area

DHCP IP

DHCP Server

Unauthorized DHCP Server

Static IP assigned area

IP conflict

Unused IP

Static IP

Static IP

Static IP IP change

NAC problems

NAC Current Problems

Non 802.1X agent

Network Servers and devices

Router

802.1 X Agent installation issueHealth Check Agent

NAC In-line

Internet

802.1X Switch required

802.1 XAgent

OK

Anti Virus Server

Patch Server

AAA

Too complicated, Too expensive, Too difficult to implement

13

Current Problems

• No single set of standards – many approaches to NAC

• Low adoption rates of NAC related Technology such as 802.1X - Complexity

• Cost of replacements or upgrades of major network components is too high

• Agent installation issue in Host based NAC

• Difficult to manage non 802.1x devices such as printers/non windows

• Inline installation or Port mirroring requirement in Network based NAC

• Difficult to integrate with Anti-virus, Patch management, etc,

NAC problems

NAC Comparison Inline Agent Agent

lessIPScan

Require 801.X No No Yes No

Need to Install agent to clients No Yes No No

Easy to deploy to un-management switch Yes Yes No Yes

Require to Switch port Mirror No No Yes No

Control all devices (PC, Notebook , Network device)

No No Yes Yes

Protection to IP/MAC of important device No No No Yes

Block static address access to network No Optional Optional Yes

Limited Broadcast packet No Yes No Yes

Need to Join Domain Controller No Yes No No

IP / MAC blocking by administrator No No No Yes

Out of Range Blocking No Yes No Yes

Limited time control No Yes No No

Products of Viascope

IPScanXE5.0 (Enterprise Solution for distributed environment)

Integrated IP/MAC Management & Secure DHCP Server * Control Unauthorized IP/MAC Prevent IP duplication * Layer 2 Network Access control* Ideal for both Static & DHCP IP • Target from small to large enterprise (more than 100,000 users can be managed by Single IPScan Server)

IPAM + DHCP Server + Layer 2 Network Access Control System(Server + Management Console + DBMS + Probe)

Viascope Smart IP1000(Appliance type for SMB)

IPAM + DHCP Server + Layer 2 Network Access Control Appliance(manage up to 1000 user / Distributed environment is not supported )

18

Viascope Smart IP - IPScan appliance model for SMB

All-In-One Appliance

- Manage up to 1000 users

- IP/MAC Management/ DHCP Server/ LAN Access Control Network Inventory

- Simple Deploy (Plug&Play) & Easy GUI (Web Access )

- Cost Effective

Viascope Smart IP

19

IPScan XE5.0

IPScanXE 5.0Enterprise Solution for distributed environment

- Management Software that controls all IPScanProbe in IT Center

- Deigned for Enterprise Environment / Comprehensive Features

- Sell by Number of Intranet IP address (250 users to 100,000 license)

- Full Redundant Configuration (Server/ Probe) support

IPScan Server

Communication Server program for IPScan Console, IPScan DB Server, IPScan Probe connection

Send out IPScanConsole defined IP policies to IPScan ProbeNeed to buy : a bundle of 250 online user license (Perpetual)

Continued on next page

20

User Interface program for administration

Multiple Console support / User permission control

Enforce Network Policy & IP/MAC monitoring information

It comes with IPScan Server license

DBMS with PC Server (Not provided by ViaScope)

Support MySQL, MS SQL2000/2003/2008 Server(Recommended), Oracle 9i,10g

IPScan Console

IPScan Components

Database Storage for IP/MAC address table, Policy, IPScan Change History, IP Conflict, User Data, and various event storage

IPScan ServerCommunication Server program for IPScan Console, IPScan DB Server, IPScan Probe connection

Send out IPScanConsole defined IP policies to IPScan Probe

Need to buy : a bundle of 250 online user license (Perpetual)

22

- Dedicated H/W with embedded engine to collect information within the segment & enforce policies.- Multi Probe type support for HQ, Regional office and Branch .

IPScanXE 5.0 Probe

IPScan Components

IPScan Probe Model

IPScan Probe 50Up to 50 Online device

IPScan Probe 100AUp to 500 Online device

IPScan Probe 200Up to 1,000 Online device

IPScan Probe 600RUp to 2,500 Online device

IPScan Probe 1000RUp to 5,000 Online device

Server VLAN

23

Network Diagram

IPScan Probe 1000R( Up to 5,000 Users)Built-In DHCP Server

IPScan Server with DBMS and IPScan Console

UnauthorizedUser

User

Probe 50(Less than 50 users)

Server

Probe 100A(Less than 500 users)

Access Point

BLOCKING

User

Router

User VLAN

LAN / Wireless LAN

Router

Router

Router

24

How to Implement?

Do not change existing network environment

Do not install any agent software

Do not use ID & Password

Do not depend on any network vendors

Do not affect to the network when IPScan has a problem

port1 port2 port3 port4 port5 port6 port7 port8

Uplink to RouterWireless

Access Point ( Bridge mode)

Just connect IPScan Probe into normal switch port in Flat Network (no VLAN)

Enable “802.1Q trunk” in connected switch port to monitor/control Multi VLAN, or connect Probe in each VLAN

25

Connectivity

Unmanaged / Managed Switch (Core, Distribution, Edge) or Hub

IPScan Probe

IPScan Server with DBMS and IPScan Console

ARP Monitoring/ARP Control

26

IPScan Probe

192.168.0.100AA:BB:CC:DD:EE:11(IP Protection)Server/Static IP

192.168.0.101AA:BB:CC:DD:EE:22

(MAC block)Manual LAN Access block

192.168.0.102AA:BB:CC:DD:EE:33DHCP client or Non

Policy enabled IP/MAC

192.168.0.100BB:CC:DD:11:22:33New MAC orIP conflicting device

192.168.0.100 AA:BB:CC:DD:EE:11 Protection192.168.0.101 AA:BB:CC:DD:EE:22 MAC block

192.168.0.102 AA:BB:CC:DD:EE:33 None192.168.0.103 None IP Block New MAC block

IPScan Server & Console

IPScan Memory: IP/MAC address Registration DB

How IPScan works?

ARPARPARP

IPScan IP/MAC table Policy

IPScanProbe 100A

Built – in DHCP Server

BLOCKINGBLOCKING

Logical Broadcast Domain

ARP monitoringARP control

ARP

Registered DHCP client

New MAC

Static IP protectionUnused IP address blocking IP-MAC binding

27

Easy implementation for the current DHCP Serverenvironment with visitor control

IPScan Probe

DHCP Server

IP Management without DHCP server

DHCP Request

How IPScan works?

IPScan with 3rd Party DHCP Server

DHCP Request

DHCP Request

DHCP Request

BLOCKING

Static IP area

IPScan Probe

DHCP

BLOCKING DHCP

DHCP

DHCP

Built-in Secure DHCP Server

28

Registered DHCP client

Need to replace existing DHCP Server,but, it provides more managedand secured DHCP environment

Built-In DHCP Server

Instant New MAC BlockingOR Temp IP allocation

Mission critical IP protection(IP conflict protection)Unused IP address blocking IP-MAC binding, etc.

Authorized DHCP Pool Unauthorized DHCP Pool

New DHCP client

How IPScan works?

Static IP area

Only supported In IPScan

29

Summary Perfect inventory solution for all network IP devices

Protect mission critical systems from IP conflict : server farm,

manufacturing device, static IP address, etc.

Increase wired/wireless network access security

Increase DHCP network security

Quick & Easy action for worm-virus infected PC

Remote branch network access monitoring & access control

Easy PC management: All users have to follow up network policy

30

All-in-One solution IPAM (Static/DHCP) + NAC Enforcement + Duplicate IP

protection + Net device Inventory + Switch Port Monitoring/Control + more…

Easy-to-Deploy Agentless, Unmanaged Switch Support, Vender independent

Less Investment with more features

Technically proven with 1,600 large companies since 2001

Summary

31

Case Study

Distribution Switch VLAN1

VLAN2

VLAN3

VLAN

VLAN

R&D / Office CenterProbe100 ( Old model)

(Less than 250 Active IP address)

802.1Q trunkBackbone switch

/Router

Distribution Switch

VLAN

VLAN 6

Probe600(Less than 2,500 Active IP address)

VLAN 1

Factory

Backbone switch/Router

VLANVLAN

VLANVLAN

VLANVLAN 7

802.1Q trunk

- Samsung Electronics (150,000 user licenses)

32

Auto IP/MAC Inventory: Online, Offline, Unused IP/MAC address

Features

33

Real-time IP/MAC events

User Description:

Features

34

IP/MAC Details

Features

35

Unused IP Blocking

Features

36

Unauthorized / Rogue IP/MAC Detection & Blocking

Features

37

Blocked IP/MAC list details and easy unblocking

Features

38

IP/MAC Grouping:

Logical GroupingPhysical Grouping

IP based GroupingMAC based Grouping

Features

39

SwitchPort( L1)- MAC (L2)– IP(L3)

Features

40

Authorized / Unauthorized DHCP Pools

Temp user control, New MAC blocking, etc

Features

41

Access Time Control

Access time for MAC / IP Expired IP/MAC blocking

Features

42

Customized Blocking Message

Features

43

IP Change Control

Broadcast storm detection

Features

44

MAC Authorization

Out of Range IP blocking

Policy Simulation mode

Features

45

THANK YOU

www.viascope.com

www.nForcesecure.com

IPScan XE VS SmartIP 1000

IPScanXE SmartIP1000

Agentless Yes Yes

Component DB/Server/Console/Probe

All-in One appliance

User Interface Client-Server Web-base (SSL)

Network Setting Serial port / GUI Serial port/GUI/ LCD

Coverage Unlimited users 1000 users / unit

Switch port Control Yes No

DHCP IP pool Authorized / Un- authorized

Authorized

WAB support Yes No

Centralized Management Yes No