Exclusive: ConSentry keeps a watchful eye on users

Network security is going through a paradigm shift. It is no longer enough to secure just the network edge against unknown attackers trying to break in; traffic inside the network must come under increased scrutiny, as well, to ensure that users are following established policy or meeting regulatory requirements. And when users misbehave, there must be a way to enforce the policy by denying access to sites, applications, and protocols.

One way to do this is with the Secure LAN Controller family of products from ConSentry Networks. The LAN Controller is an appliance that installs between network users and the core backbone switches in the wiring closet. It inspects -- in real time and at wire speed -- all LAN traffic from Layer 2 to Layer 7, associating users with applications and then applying access-control policies.

Two versions are available: a 10-port model that can handle as many as 200 concurrent users and 2Gbps of traffic, and another that has 24-ports, scales to 1,000 users, and handles 10Gbps traffic. The heart of the controller is the highly scalable proprietary LANShield ASICs. ConSentry designed this processor with 128 multithreaded cores on a single chip to handle the demanding traffic flows.

I had the opportunity to take an exclusive look at the ConSentry CS2400 Secure LAN Controller in my lab and found the system more than capable of enforcing various user

policies. Through the use of the InSight management tool, I was able to create a global policy that defined what resources were available for different groups of users.

I could also see, in real time, what my users were doing, the resources they were accessing, and the users who were violating my acceptable use policy. The amount of information decoded and logged per user was staggering.

I was impressed by how well the system sniffed out malicious traffic and quickly clamped down on it.

For example, I ran a simulated worm attack from a client PC. The attack was quickly detected based on a number of criteria by ConSentry and clamped down at the LAN Controller. Interestingly, the LAN Controller denied the worm’s traffic (blocked the port and application flow) but did not interrupt legitimate traffic from the same host. I was still able to browse the Internet and access shared resources even while the attack was in progress.

Many similar security systems would simply deny the PC access to the network, thereby stopping the worm, but ConSentry is much more granular and can block just the offending application.

Know thy user

Part of what makes the Secure LAN Gateway so powerful is its capability of positively identifying users. It does this by using the authentication systems already in place: Windows Domains (Active Directory) or RADIUS. The Secure LAN Controller decodes packets all the way to the application layer, and upon a successful user log-on, associates the user ID to the device’s MAC (media access control) address and IP address.

After authentication, ConSentry retrieves any group memberships from the authentication server and compares them against its own set of policies. Enforcement can be based on resource (which resources a user can access), application (which applications a user can use), or group (which groups of users can communicate with one another).