growing revenues, a new emphasis on face-to-face sales, and a well-defined target market: medium-to-large-sized organizations that need help managing their networks in the era of mobile computing.
Enterasys has learned a lot of what it knows about wireless networking by working with universities, Waterhouse says. When staff or visitors at MIT log on to the campus wireless network, for example, it’s an Enterasys network controller and Enterasys security software handling their connection request.
Waterhouse says there are three phases to the logon process: assessment, authentication, and authorization. “The assessment phase is nothing more than the network scanning your computer or device to determine if you have any viruses, or operating system patches that haven’t been applied—anything that could be a potential problem if we were to allow that machine to connect to the network,” says Waterhouse. Authentication simply means checking the user’s ID or digital certificate against a directory of approved users’ logon credentials.
It’s the authorization stage that gets interesting. Enterasys specializes in what Waterhouse cals “what-you-need-is-what-you-get” networking. “If I know that you are John Smith from accounting, I am only going to allow you to talk on the network to the accounting servers and the accounting printers,” says Waterhouse. “If you decide to go off and try to connect to the sales or engineering server, you won’t be allowed. We make sure that only the right people have access to the right information, in the right place and at the right time.”
He really means it. Enterasys’s networks have the ability to restrict network access only to people in a certain location—for example, those who have badged their way into the the inner sanctums of a secure buildings—and to turn off access altogether at certain times, such as weekends (when people really shouldn’t be working anyway, right?).
But Enterasys’s system is more than a gatekeeper. Once users are inside a network, they may still be under the watchful eye of one of the company’s intrusion detection and prevention appliances, called Dragons. A Dragon holds thousands of examples in its memory of past hacker attacks and other scenarios that raise suspicion. If you’re not behaving as you normally do, or if what you’re doing reminds the system of something sinister, “that raises a flag, and we can automatically take steps to remove you from the network,” says Waterhouse. “For example, say we see what’s supposed to be a Voice-over-IP telephone start to talk printer protocols or file transfer protocols. We can say ‘That’s not supposed to happen’ and we’ll stop it.”
And the next time they decide to act up, Enterasys may even stop that army of iPhones.
