Bomara Associates Logo

GarrettCom Fiber and Copper Hardened Ethernet Products - Presented by Bomara Associates
GarrettCom Hardened Industrial Ethernet Networking Products - By Bomara

MNS-6k Security Features
Table of Contents


"For Magnum 6K Switches used in mission-critical applications, a full
complement of standard security software features is an important aspect
of Ethernet at Its Best"

 

MNS-6K Security Features

  • Port Security
  • SNMP Security
  • Remote Access Security
  • Password Security
  • Remote unit cut-off protection
  • VLANs for traffic security
  • Fiber Optic for Secure Data
  • Port Mirroring for traffic surveillance
  • IGMP for surveillance support


Port Security

  • Port Security functions on a per-port basis
  • Only authorized MAC addresses can send in-bound traffic through each port. All others are Intruders.
  • Authorized MACs are entered by CLI commands, or are "learned" during a safe period at set-up
  • Intruder Protection drops / disables in-coming packets from unauthorized devices
  • Intruder Log monitors protection and records attempted violations through the Event Log


Remote Access Security

  • Remote access via Telnet into MNS-6K can only come from authorized IP addresses
  • Only MNS-6K Managersare empowered toassign IP addresses (up to 25) and subnet masks authorizing Telnet remote users
  • Only one Telnet access session can be active at a given point in time
  • Attempts by unauthorized remote devices to enter will be logged into the Event Log


SNMP Security

  • SNMP Security limits the access to sensitive 6K Switch data and operations control tools that are part of the SNMP package.
  • CLI commands, used at configuration set-up, provides access only to specified IP addresses
  • For a specific station to have SNMP access requires its IP address to be configured when SNMP Manager IPis initialized at set-up


Password Security

  • MNS-6K CLI commands are only accepted from authorized persons who have passwords
  • Only MNS-6K Managersare empowered toassign passwords, and to authorize Operators
  • Operatorsmay access status data but may not enter MNS-6K configuration commands
  • Attempts by parties with invalid passwords to enter will be logged into the Event Log


Remote Unit Cut-Off: Protection

  • CLI commands from remote users have the potential to “cut-off”that user, necessitating a physical visit to the Switch to recover
  • Examples: Disable Port command, Start VLAN command, Changing authorized IP addresses or Port Security settings
  • Warning messages, command re-confirms, and flags in the MNS-6K software and documentation alert users to these dangers


VLANs Security

  • VLANs restrict traffic between designated ports, creating secure traffic domains
  • VLANs enable one physical switch to serve multiple groups of users, each of whose traffic is secure from other groups of users
  • VLANs are defined and administered by MNS-6K Managers, who understand the security requirements of the application


Fiber Optic for Secure Data

  • Fiber optic media carries the Ethernet traffic as light waves, no electromagnetic field is created.
  • Electromagnetic fields (present when data moves over copper cabling) can be used by spies to tap into and read the Ethernet traffic.
  • Government intelligence agencies require products with all fiber media to prevent spies from compromising the security of their information
  • The Magnum line includes many product models supporting all types of fiber media, suitable for “spook” applications in secure facilities


Port Mirroring Tool

  • Port Mirroring can be used as a Switch traffic surveillance tool by an MNS-6K Manager
  • With Port Mirroring, a specified Switch port can see (or sniff) the traffic on another port
  • The Port Mirroring software package is set up and operated by CLI commands as specified and authorized by MNS-6K Managers


IGMP Aids Surveillance

  • IGMP Snooping (and QoS) efficiently handle Multicast traffic streams
  • Some video cameras and IP broadcasts use Multicast traffic streams for their data
  • Where video surveillance is desired and where Ethernet is the choice to handle the data, MNS-6K has the features and the performance to meet the challenges


MNS-6K Security Features - Summary

  • Magnum 6K Switches are increasingly used in mission-critical applications
  • A full complement of standard network management security features and data security options in MNS-6K makes it a trusted base for sensitive and mission-critical applications


Bomara Associates Phone: 800.5BOMARA (800.526.6272) Phone: 978.452.2299 Fax: 978.452.1169 3 Courthouse Lane, Chelmsford, MA 01824 USA

Garrett Home Bomara Homepage Request Information


email: bobr@bomara.com      web: www.bomara.com
Serving the marketplace for over 35 years