Port Access Monitor (PAM) for Spectrum - Homeland Security

Many company data and systems are business-critical and therefore sensitive goods that must be protected against unauthorized access. To protect against attacks from outside, most corporate networks today look like a fortress.

But what if the attack is not from the outside, but from the inside of the company itself? In this case, firewalls, VPN access or proxy systems are useless. So what can you do to prevent such attacks from being completely powerless?

The solution is effective network access control systems such as the Port Access Monitor (PAM) from DICOS. It can be integrated into DX SPECTRUM and CA OneClick and enables the detection, alarming and blocking of unauthorized internal access. Even complex, branched network infrastructures can be protected against unauthorized internal access.

PAM – Functionality

Dicos PAM-Architektur

The PAM is in regular contact with all connected terminals, checks their port assignments and compares them with the assignment list stored in the internal database. In addition, it can react quickly to unauthorized access by evaluating LinkUp traps or MAC notifications. An unknown MAC address or a MAC address that is not allowed on this port is recognized immediately and the corresponding port is then either alarmed, blocked immediately or moved to a guest VLAN.

The PAM supports the port security mechanisms of all leading manufacturers. The port assignment history created by the PAM shows which MAC address had access to the network when and for how long at which port.

Administration and operation of the PAM are very easy due to the integration in DX SPECTRUM and are familiar to every CA user. The solution can also be used when DX SPECTRUM is not available. In addition, the PAM offers uplink detection via the discovery protocols CDP, NDP, FDP or a transfer from DX SPECTRUM. A centrally operated Port Access Monitoring protects even complex, distributed networks against unauthorized access. For networks with many larger sites, PAM can alternatively be operated as a distributed system with centralized or decentralized administration.

Various data is transferred from the DX SPECTRUM for this purpose:

  • Device configuration
    • IP address
    • SNMP parameters
    • Name, Type
    • client
    • NetworkLinkType for uplink detection
  • user configuration
    • access data
    • privileges
    • client
DICOS PAM-Container

The integration into the DX SPECTRUM delivers a new container.

DICOS PAM Information Tab

In the Information tab you can see the following information:

Contact

For further questions and information please contact us.
We will be happy to advise you.

Thomas Dirsch
amasol AG
Campus Neue Balan
Claudius-Keller-Straße 3 B
81669 München
Tel.: +49 89 1894743-11
thomas.dirsch@amasol.de


Resources