Tipping POint Network Access Control
Security Brigade Logo
Services | Products | Compliance | Training | Home | Clients | Contact Us
Menu
Services
Products
Training
Compliance
Whitepapers
Case-Studies
News
Media
Contact Us

Clients / Partners

Search
Datasheet Datasheet

Overview

The TippingPoint NAC solution enables enterprises to enforce device and user policies to ensure endpoint compliance and granular network compliance even after initial network entry. TippingPoint NAC provides multiple enforcement options, including inline enforcement with the TippingPoint NAC Enforcer, and out-of-band options using 802.1x or DHCP, with support for various vendors and network topologies. The integration of device, user and IPS-based traffic classification and enforcement provides much greater control over network access and usage, reducing network vulnerabilities while improving policy and regulatory compliance.

In a TippingPoint NAC environment, access policies subject each device and user pair to rigorous authentication, authorization, posture compliance checks and enforcement. Non-compliant devices are directed to remediate based on policy class. User access rights are controlled through integration with existing rights management systems including Active Directory, LDAP and RADIUS. TippingPoint NAC, including the NAC Policy Enforcer and the NAC Policy Server, then interoperates with the TippingPoint IPS to ensure all malicious traffic is blocked from each endpoint and suspect or non-compliant traffic triggers other policy-controlled actions, including blocking, quarantining, alerting or rate shaping. Now, network and security personnel have unprecedented control over the entire network perimeter with integrated policy-based visibility and control of users, devices and traffic flows.

While network access control combined with the IPS is the ideal protection path, the TippingPoint NAC Policy Enforcer and Policy Server can also be deployed without an IPS.

 

Features

As enterprise networks evolve, 10Gbps network links have become relatively low in cost and increasingly more widespread. Core network upgrades driven by data center consolidation, high performance computing and high bandwidth applications like video on demand and file sharing contribute to the adoption of 10Gbps networks. The need to inspect and remove malicious traffic at high throughput traffic points is now greater than ever. Network and security engineers realize intrusion prevention systems (IPS) must be implemented not only at the traditional WAN perimeter, but also between major network segments within core networks and data centers. The TippingPoint Core Controller enables 10Gbps links to be protected by the industry-leading TippingPoint IPS solution in a scalable, economical manner while ensuring the high availability, performance, low latency and security accuracy that are the hallmarks of TippingPoint IPS solutions.

  • In-Line 10Gbps IPS Protection.
  • Carrier-Class Reliability and Redundancy.
  • Scalable IPS Capacity for Changing Bandwidth Requirements.
  • Use a Single Security Management System for Core Controllers and IPS’s.
  • Deploys in Minutes / Easy to Manage.
  • 10Gbps IPS Traffic Inspection for Up To Three Network Segments.
  • Flow Management Across Multiple IPS’s.
  • Maintain Network Reliability for 10Gbps Network Segments.
  • Flexible Core Controller and IPS Redundancy Configurations.
  • Hot Swappable XFP’s and Zero Power High Availability (Smart ZPHA).
  • Hot Swappable Power Supplies.
  • Pay As You Grow IPS Capacity.
  • Utilize Existing TippingPoint IPS Units.
  • Multiple Flow Management Algorithms Cater to a Variety of Traffic Profiles.
  • Intelligent Learning Mode Enables Rapid Deployment.

Benefits

TippingPoint’s Core Controller provides continuous benefits in any network environment:

  • Protect Network Resources and Critical Applications on 10Gbps Networks The TippingPoint Core Controller enables automated, in-line 10Gbps inspection to protect network devices, operating systems and applications from attack.
  • Malicious and unwanted traffic is blocked, and clean traffic is returned to the Core Controller for distribution to the appropriate 10Gbps egress link, allowing organisations to scale security traffic inspection and enforcement.
  • The TippingPoint Core Controller balances traffic inspection loads across multiple IPS units, allowing you to effectively use only the amount of IPS capacity required.
  • The Core Controller utilizes multiple hash functions, so the likelihood of hot spots or hash collisions found in some load-balancing solutions is reduced immensely. The unit guarantees flow affinity so that all associated traffic goes through the same IPS segment.
  • All TippingPoint appliances are purpose built with the reliability to go in-line within enterprise and service provider networks. In addition, the TippingPoint Core Controller has sophisticated high availability features, including redundant Core Controller configurability, built-in zero power bypass (Smart ZPHA), IPS heartbeat monitoring, link down synchronization and hardware watchdogs.
  • Smart ZPHA is an optional, modular component available for the Core Controller’s 10GbE segments which enables optical traffic bypass in the event of system power loss – providing an additional level of network uptime assurance. Smart ZPHA modules may be removed from the Core Controller without impacting traffic on the 10GbE segment.
  • The Core Controller supports redundant, hot swappable power supplies – allowing modules to be replaced without affecting system performance, impacting network availability, or security coverage.
  • Start small with IPS capacity and minimize the cost of entry for 10GbE protection. Buy only the IPS units initially required, and add more to the pool as traffic inspection needs increase.
  • With the Core Controller, customers gain the peace of mind of continuing to use already proven IPS technology. Further, units that have been purchased for lower speed network links can easily be redeployed behind the Core Controller.
  • The actual traffic mix that traverses a given 10Gbps link can vary significantly from one network to another. Some links may see a greater mix of large frames of file and video content while others may see a greater mix of smaller packets associated with VoIP or other latency sensitive traffic.
  • The Core Controller’s system software contains several flow management algorithms enabling the optimization of throughput performance and security inspection based on the nature of the actual traffic traversing the link.

Specifications

INTERFACES

  • 6 x 10GbE fiber interfaces (3 segments)
  • 48 x 10/100/1000 Base T iLink Interfaces
  • Optional 3 x 10GbE Smart ZPHA modules (supports short and long range)
  • 1 x 10/100/1000 Base T Mgmt Port
  • 1 x RJ-45 Console Port

PHYSICAL DIMENSIONS

  • Height (cm): 8.9 cm
  • Width (cm): 48.26 cm
  • Depth (cm): 55.88 cm
  • Weight (kg): 20.64

POWER

  • Amps (Max. Fused Power): 8/5
  • Volts: 100/240
  • Freq. Range (Hz): 50/60

SAFETY

  • UL1950, UL60950 Standard for Safety of Information Technology Equipment
  • CSA 22.2-60950
  • EN60825: Safety of Laser Products
  • EN60950
  • IEC60950
  • ROHS Compliance

IMMUNITY

  • EN-61000-3-2: Harmonic Emissions
  • EN-61000-3-3: Voltage Fluctuations and Flicker
  • EN-61000-4-2: ESD Immunity
  • EN-61000-4-3: Radiated Immunity
  • EN-61000-4-4 EFT: Burst Transients
  • EN-61000-4-5: Surge Protection
  • EN-61000-4-6: Injected RF
  • EN-61000-4-11: Dips and Sags

EMISSIONS

  • FCC Class A: Regulations for Radio Frequency Devices for Electromagnetic Compliance
  • ICES-003, Class A
  • EN 55022 Class A
  • VCCI Class A
  • AS/NZS-3548 Class A
Copyright 2006 Security Brigade