Policy Creation Using FlowsAllows you to create policy filters from data available in an application flow. CSV/HTML Report GeneratorAllows you to create customized reports with server-side Scheduler; these reports can be e-mailed and printed easily. Real-time Incident DashboardDisplays total number of users, authenticated and unauthenticated, device health, and policy, posture, and malware incidents. Also displays incidents for unauthenticated users and top user roles with incidents/incident counts. Administrators can remove offending machines off the network and revoke user privileges by de-authenticating users. Real-time User Incident DashboardDisplays authentication failures by users, users with policy, posture, and malware incidents, and top user roles with incidents. Real-time Awareness DashboardDisplays top 10 user sessions by bandwidth, top 10 destinations, top 10 Web Sites, top 10 applications by flow count, bottom 10 applications by flow count, or top 10 applications by bandwidth. Audit LogsProvides logs that indicate who did what and when and on which device. These logs are for user and device operations and can be helpful for auditing purposes. Device and Server HealthAllows you to collect, view, and store statistics relating to device or server health. These statistics are helpful in analyzing each devices performance and its current connections. Software UpgradeAllows you to upgrade the software version on the device. File DistributionAllows you to manage files in a repository and distribute as necessary. RebootThis feature allows you to reboot the selected device(s). Online HelpThe online help feature is available using the F1 function key.
The OmniVista SafeGuard Manager command center has client and server components. The server runs on a Windows server system, and the client runs on a Windows client system using Internet Explorer. The client can be deployed directly from the server using the Java Web Start technology. To quickly get started with OmniVista SafeGuard Manager, you need the following:
System Requirements OmniVista SafeGuard Manager Client Requirements Starting the Server Starting the Server Installing the Client Logging In to the Client Dashboards Menus Adding a Device

Action Bar

The Action Bar allows you to access commands, as you need them, by a simple click of a button. To use the Action Bar, do any of the following:
To choose a command from the bar, click the command button or Actions > command To view what a command does, position the mouse over the command button to see its tooltip. To close the Action Bar, choose View > Toolbars > Actions.

Viewing Tips

The following tips expedite your navigation through the OmniVista SafeGuard Manager Manager panels and windows:
Buttons in the Action Bar are used to execute actions. Select a row and then click the action button. If an action is not applicable for the selected row, the corresponding button is disabled. In the table views, some information about the table size is displayed above the table (the number of rows) and the alarm and infection status is displayed in the status bar below the table. You can search the data from the visualization database using filters. To view filters, click Find in the Action Bar. A free-form search field is displayed where you can type keywords to search data displayed in table views. To search the data from the database, click Database Search. A new search and sort header opens at the top of the table header. Click on the search bar of the column to specify the filtering criteria for that column. Click on the sort bar for the column to specify the sort criteria for that column. You can select multi-column sort order. After you have finished setting filters for one or more columns, click Refresh to see the new results. To clear all filters, click Clear. For more information on how to use the search and sort features, see General Navigation. Select a row to view detailed information on the selected row. Right-click on a row to display applicable actions.

Modifying Your Password

The Account Management feature of OmniVista SafeGuard Manager allows an administrator to perform basic modifications to user accounts, such as adding users, changing passwords, and configuring dual-admin. To modify your password: 1 Select Tools > OmniVista SafeGuard Manager Users > User Accounts. The Account Management window (Figure 5) displays. Account Management Window

Click Next. The Alcatel-Lucent license agreement displays (Figure 10).
Figure 10 Alcatel-Lucent License Agreement
Accept the licensing terms and click Next. The Directory Location screen displays (Figure 11).
Figure 11 OmniVista SafeGuard Manager Alcatel-Lucent Installation Directory Location
Accept the default location to which the installation files will be downloaded for the Install Location, or click Browse to choose a different directory. The default location is C:\Alcatel-Lucent\OmniVistaSafeGuardManager. Specify a data directory where all application, application flow, and visualization data is saved. The data directory allows you to save data when you uninstall or upgrade to a newer version of OmniVista SafeGuard Manager.
If a previous version of OmniVista SafeGuard Manager already exists on your system, a warning is displayed and you are given an option to exit the installation. Click Exit Installation to quit the installation process. Uninstall OmniVista SafeGuard Manager and then re-install. If a previous version is not installed, click Next. The Summary screen displays giving you a summary of where the installation files will be downloaded and the size of the files for the server and client installation.
Figure 12 Installation Summary
Click Next. The installation process begins. You can see the progress bar as the files are downloaded. A console window displays informing you of services and database being started.
10 After installation is completed, the OmniVista SafeGuard Manager Successfully Installed screen displays. Click Finish. OmniVista SafeGuard Manager server and client are now installed on your system. The server is installed as a Windows service. An icon for the OmniVista SafeGuard Manager client is created on your desktop. 11 Server start screen displays asking if you want to start the server. Click Yes to restart the server. Figure 13 Server Start
Upgrading the OmniVista SafeGuard Manager Server
When the appliance is shipped from Alcatel-Lucent it comes pre-installed with OmniVista SafeGuard Manager. You need to uninstall OmniVista SafeGuard Manager and then re-install to upgrade. For more information on installing, upgrading, and uninstalling the server, see Installation and Setup. WARNING: When you upgrade the OmniVista SafeGuard Manager server, the existing database and reports are overwritten. Make sure that you make a backup copy of the database and the reports.

Pre-Upgrade Tasks

When upgrading the OmniVista SafeGuard Manager server from version 2.x to 3.0, 2.x data is not upgraded. Before performing an uninstall, administrators must export the device data using the following procedure, this will help them import back all the previously added devices: Execute cimExportData.bat. This creates a file called devices.txt under the C:\Alcatel-Lucent\OmniVistaSafeGuardManager|ExportData directory. Uninstall the older version of the OmniVista SafeGuard Manager server. Install the newer version of the OmniVista SafeGuard Manager server. Import all devices through using the Add Multiple Devices > Import from File option. For more information, see Adding Multiple Devices.

The OmniVista SafeGuard Manager server runs in the background. If you now reboot the system, the server should come up automatically.

Shutting Down the Server

To shut down the server: 1 From the Start menu, click Programs > OmniVista SafeGuard Manager > Stop Server. The OmniVista SafeGuard Manager server is stopped along with the Windows services. NOTE: When you shut down the OmniVista SafeGuard Manager appliance, the OmniVista SafeGuard Manager server is stopped automatically.
Installing the OmniVista SafeGuard Manager Client
The OmniVista SafeGuard Manager client is based on Java Web Start technology, allowing you to install the client automatically over the network with a single click. NOTE: If the client machine has a JRE version that is earlier than 1.5, then the client is automatically upgraded to JRE 1.5.
To install the client: 1 Launch Internet Explorer.
NOTE: Currently, only Internet Explorer version 6.0 or higher is supported.
Access the OmniVista SafeGuard Manager system by typing the following URL:
If the client does not have Java Web Start already installed, you are prompted to install Java Runtime Environment (JRE). Follow the on-screen prompts using the default options to install JRE. Java Web Start is included with JRE. NOTE: The automatic installation of JRE requires ActiveX controls to be enabled on your Internet Explorer. If ActiveX controls are not enabled, a download Java Web Start link displays. Internet Explorer also alerts you if ActiveX controls are not enabled and gives you an option to enable ActiveX controls. You can choose to enable ActiveX controls for automatic installation of Java Web Start, or you can download JRE version 1.5.0 by going to the download link. If you manually install Java Web Start, repeat Step 2. After Java Web Start is installed, the OmniVista SafeGuard Manager client code is downloaded and installed when you access the OmniVista SafeGuard Manager server (Step 2). Java Web Start displays a dialog box informing you that the application is authored by Alcatel-Lucent and needs some privileges on your client system.
Figure 17 Security Warning
Click Start. A prompt appears asking if you want to create a shortcut on the desktop. Select Yes to create a shortcut. If you select No, you can still launch the client using the URL from Step 2. The client launches. See Logging into the OmniVista SafeGuard Manager Client for information on logging in procedures. NOTE: Every time the OmniVista SafeGuard Manager client is launched, it compares its version with the OmniVista SafeGuard Manager server. If the client version is different than that of the server, the client automatically updates itself with the new version of the server.
Logging into the OmniVista SafeGuard Manager Client
To log into the client: 1 Launch the client using either of the following methods: Double-clicking on the shortcut that was created on your desktop when you first installed the client. Invoking from the Internet Explorer by typing the URL (http://ip-address-ofOmniVistaSafeGuardManager-server). NOTE: If you are launching the client from the server for the first time, you might be prompted to install certain applications. See Installing the OmniVista SafeGuard Manager Client for more information. The Login screen displays (Figure 18). Figure 18 OmniVista SafeGuard Manager Client Login Screen

Figure 53 Other Table Views from a Selected User View
Click Refresh to view the updated visualization data.
Click Export to export the table details into a CSV file that can easily be exported into an Excel worksheet.
10 Click Print to print the data to a networked printer.
Viewing Application Types
The application view displays the type of application being used (HTTP, FTP, and so forth). To view all application types: 1 Click the View Applications icon from the Page Bar or select View > Go To > Applications (Ctrl + 5) menu item. The All Application Type screen displays with the following information:

Table 15

Attribute

Application Attributes

Description Application type. Protocol the application is using: TCP or UDP. Identifier for the application. Bandwidth that the application is using.
Application Protocol Application ID Bandwidth
Search the data displayed locally in the table view by clicking the Find icon in the Action Bar. A free-form text search field is displayed. Enter a keyword in the text field to define your search. To search the database, click the Database Search button in the Find field. For more information on using the search and sort features, see Chapter 3, General Navigation. To view specific incidents by status, location, role, or category, use the attributes in the left column. For more information on using the left column fields, see Chapter 3, General Navigation. Highlight a row to get detailed information on the selected application type. The details appear in the bottom-half of the screen. Select a row and click an Action Bar icon to display a different table view for the selected application. Figure 54 shows the different views you can access from the Applications view.
Figure 54 Other Table Views from Application View
Click Refresh to view the updated visualization data. Click Export to export the table details into a CSV file that can easily be exported into an Excel worksheet. Click Print to print the data.
Viewing Application Instances
To view all application instances: 1 Click the View Application Instances icon from the Page Bar or select View > Go To > Application Instances (Ctrl + 6) menu item. The All Application Instances screen displays with the following information:

Table 16

Application Instances Attributes
Description Name of the user for whom the instance is recorded. Application type. Protocol the application is using: TCP or UDP. IP address where the application instance originated. Destination IP address for the application instance. Destination port for the application instance. Total number of incoming bytes. Total number of outgoing bytes.

Figure 56 Create New Policy Filter
Enter the information as follows:
Table 17 New Policy Filter Attributes
Attribute Device/Template Policy Type Policy Name Description From the dropdown list, select either a device or a template for which you want to define a new policy filter. Select the type of policy for which you are creating this filter: user, malware, or override. Select the policy name to which the filter is to be applied.
Attribute Select choice of filter Description From the dropdown list, select the type of filter. Valid values are:
None Block user Deny traffic originating from user Deny traffic to user Deny traffic from user to network IP Deny traffic from network-side IP to user Deny traffic from network-side IP Deny traffic to network-side IP
Name Action Enable Log Enable Mirror Direction
Specify a brief name for the new policy filter. Select an action: Deny, Reset TCP, or Permit. Select this checkbox if you want a log entry to be created.
Select the direction in which the policy filter is to be applied, bi-directional, flow-in, or flow-out. For more information on traffic direction, see Traffic Flow.
Click OK to create the filter.

Viewing Time-based Data

OmniVista SafeGuard Manager allows you to apply time filters in the navigational views. Using these time filters, you can specify a time range for which you want to view data. These navigational views also allow you to view data that can be active or inactive and is within the time range specified. To view data within a specific time range: 1 Click on a Page Bar icon to get a table view (Figure 57).
Figure 57 View All User Sessions
In the left column, set the Status as Active to view active data or Inactive to view historical data. You can also select Active or Inactive to view all data. Use the Time Range dropdown list to specify a time period for which you want to view data. Current Hour is selected as the default. Select Custom in the Time Range field to activate the To and From fields. Clicking on this dropdown list brings up a calendar and timestamp that allows you to select a specific date and time for which the data is to be displayed. Use the Time Filter dropdown list to specify the time filter. Connected During Time Range is selected as the default; therefore, whatever you specify in the Time Range field will impact the data displayed.
Click Refresh to update the view.
Additional Time-based Filtering
For certain views (application and users), you can apply additional time filters to exclude or include data from the original time-based query. For example, if your initial query was to show users logged in between 4:00pm to 5:00pm, you can use the additional exclude filters to show users not logged in between 3:00pm to 4:00 pm. To apply additional filtering: 1 Click on the And. toggle button in the Time Range specification panel of the navigation tree (Figure 57). The time filters are expanded (Figure 58).

Figure 58 Additional Time Filters
Select the Not checkbox to exclude the data from the original time range, compared to the data specified in the new time range. The Time Filter that you selected previously is displayed as a read-only field. If you need to change the Time Filter, see Viewing Time-based Data. Select a new time range using the Time Range dropdown list. OmniVista SafeGuard Manager validates this selection to ensure that the time range selected is not the same as the original time range. Refresh the page to apply the new time filters.
Viewing Active Data Against Historical Data
Active data is generated while the user is logged in. Data is considered history (inactive) when the user logs out. Whenever any data or events are cleared, they also become part of history. NOTE: Malware and Posture events are host based; therefore, they are not considered history when the user logs out. These events must be cleared for them to be history.
Searching Active or Inactive Data within a Specified Time Range
OmniVista SafeGuard Manager allows you to search for active or inactive data within a specified time range (Figure 57). This example uses a search for active applications and application instances within a specified time range. Figure 59 Search Active or Inactive Data within Specified Time Range

Search Time Range

App fl 1 t5

t4 App fl 2 t8

t7 t9 App fl4

App fl3 t10

Figure 59 shows that a search for an active application App between t1 and t2 time period results in a sum of bandwidth (bytes, packets) of all the application flows (fl1 fl4). The start time of the application comes up as t3 and the last occurrence time shows up as t4. At this point, what users might expect (given the search time range of t1 t2) is to see data within the time range specified. However, search crosses the time boundaries and displays aggregate data for all the flows of the application App which either started or ended (or could be both), or active between t1 and t2 times.

Device Configuration

Managing Devices Configuring Device Objects Templates Editing Device Objects Deleting an Existing Device Synchronizing a Device Device Actions Other Actions Understanding Device Management Display Recommended Device Management Workflow

Edit Device Attributes (continued)
Attribute Name Device Settings: Malware Mode
From the dropdown list, select one of the following malware modes:
DisabledDisables malware detection in the switch. Malware processing will be bypassed. Log OnlyEnables malware detection in the device but no action is taken. Only logs are created. Block HostBlocks the entire host. Block ApplicationBlocks only the application group (destination ports) on the host. The rest of the application groups running on the host will have network access as determined by the users policy.
Protection Mode (only for switches)
From the dropdown list, select one of the following protection mode:
Pass-ThruPerforms no monitoring. MonitorMonitors for policy visualization based on userdefined policy controls; however, no enforcement actions are taken. ProtectMonitors and enforces policies on user-defined policy controls.
Update Interval (seconds)
Use the up and down arrows to specify the update interval.
Select an object in the navigation tree and click New create a new object of the selected type. See Configuring Device Objects for more information on creating and configuring new objects. Select an object in the navigation tree and click Edit to modify an existing object. OmniVista SafeGuard Manager allows you to edit multiple objects (of the same type). To edit objects of the same type, highlight multiple objects (Figure 80) and click Edit. The Edit Object dialog box displays. If the objects that you selected are not of the same type, the error message, There are no common editable fields for the selected objects displays.
Figure 80 Editing or Deleting Multiple Device Objects
Highlight multiple objects of the same type to perform a multi edit or deletion.
To delete objects of the same type, highlight multiple objects (Figure 80) and click Delete. The Confirm Deletion dialog box displays. If the objects that you selected for deletion are not of the same type, the error message, There are no common editable fields for the selected objects displays.

Editing Interfaces

Interface is the slot or port associated with the device. To edit an interface: 3 Select the Device Configuration icon from the Page Bar or select the View > Go To > Config Management menu item. Select Interfaces in the navigation bar and highlight a port that you want to edit. Click the Edit icon from the Action Bar. The Edit Interface (Figure 79) dialog box displays. Edit Interface

Figure 81

Edit the attributes as follows:
Table 32 Edit Interface Attributes
Attribute Name Name Administrative Status Type Protect Mode Description Name of the port you want to modify. From the dropdown list, select an administrative status for the port: up or down. From the dropdown list, select the type of the interface to be edited: Host or Network. From the dropdown list, select a protect mode. Applicable for Controllers only.

Select Device Device Local Changes Network Changes Action Status Action Details
Click Execute to refresh the roles or policies. Click Cancel to cancel refreshing roles or policies. Click Get Status to get the current device status. Click Clear Details to clear the status details.

Other Actions

You can execute show commands, delete visualization, create or update templates, using the Other Actions menu available through Config Management. To access the pull-down Other Actions menu: Select the Device Configuration icon from the Page Bar or select the View > Go To > Config Management menu item. Click the down arrow next to the Other Actions menu in the Action Bar to see the menu items. The following menu items are available: Table 39 Other Actions Menu
Menu Item Execute Show Command ICS Admin Delete Visualization Data Create Template Update Template Discard Non-template changes Show Device Health Show Interface Statistics Available Actions Execute a show command on a selected device. For more information, see Execute Show Commands. Save the ICS portal configuration. For more information, see ICS Admin. Delete visualization records. For more information, see Delete Visualization Data. Create a new template. For more information, see Creating a New Template. Update an existing template. For more information, see Update Template. Ignore non-template changes made to the device. For more information, see Discard Non-template Changes. Displays device health and statistics. For more information, see Viewing Device Health Statistics. Displays interface statistics. For more information, seeViewing Server Health Statistics.

Execute Show Commands

OmniVista SafeGuard Manager allows you to execute a show command on any of the selected devices. To execute a show command: 1 Select Other Actions > Execute Show Command from the Config Management window. Or, right-click on the device for which you want to execute a show command to access the Other Actions menu. The Show Command dialog box displays (Figure 96). Show Command

Figure 96

Select a show command from the dropdown list. NOTE: Certain show commands are not available if 4-eye mode is enabled. These commands are only visible if the administrator logs in the 4-eye mode. For more information on 4-eye mode, see Enabling Dual-Admin or 4-Eye Mode.
Click Execute. The show command results display in the text area in the bottom half of the screen. An error message will display if OmniVista SafeGuard Manager is unable to communicate to the selected device.

ICS Admin

When you first reboot the device, OmniVista SafeGuard Manager uploads the ICS portal configuration along with the device configuration. This configuration persists in the OmniVista SafeGuard Manager server as a file that allows you to deploy the configuration at a later stage. To change the ICS configuration: Select the device for which you want to save the ICS configuration file. Select Other Actions > ICS Admin. OmniVista SafeGuard Manager takes a few seconds to connect to the device and a web page is displayed where you can directly change the ICS configuration for the selected device.

Click Test DB Connection to verify database connectivity. Click Export Now to export the database immediately. The bottom-half of the screen (Last Action Status) shows the status of the last export or if you used Export Now, the status of the current export. Click OK to apply the settings.

Purging the Database

Database purge performs a cleanup of user data, application usage details, flow and Layer 7 data. To cleanup or purge the database: Select Tools > Server Settings. The Edit Server Settings screen displays. Select the Purge Database tab (Figure 122).
Figure 122 Edit Server Settings - Purge Database
Select the Enable checkbox to enable the database purge. The checkbox is selected as the default. Use the Purge Data Older than (days) up/down arrows to specify (in number of days) the data that you want to purge. Range is 130 days and the default is 14 days. Click OK to enable the purging process. The bottom half of the screen (Last Action Status) shows the status of the last purge.

Backing Up the Database

The Database Backup feature allows you to backup Visualization data that includes user details, user application usage details, flow data, Layer 7 data, devices and corresponding ports details and any generated reports. You may want to back up your database periodically to protect its integrity or for historical purposes. Data can be backed up to the OmniVista SafeGuard Manager server or an outside server as long as it is accessible to the OmniVista SafeGuard Manager server. Database backup is performed to save a known good state of the system in case of disaster recovery. To back up the database: Select Tools > Server Settings. The Edit Server Settings screen displays. Select the Backup Database tab (Figure 123).
Figure 123 Edit Server Settings - Backup Database
Specify the settings as follows:
Table 48 Backup Database Settings
Setting Name Enable Destination Directory Interval Description Select the Enable checkbox to enable backups. The checkbox is not selected as a default. Specify the location of the directory on the server where the backed up files are to be stored. Use the up/down arrows to specify whether data is to be backed up daily, weekly, and so forth.

Figure 128 Audit Logs

You can choose to view audit logs either by status or by category by highlighting the appropriate logs in the navigation tree. The following information is displayed:
Table 50 Audit Log Attributes
Attribute Time Category Description Time the entry was logged. Type of log message: authentication, OmniVista SafeGuard Manager action, device action. For more information on message type, see OmniVista SafeGuard Manager Log Messages. Type of operation executed. Success/Failed to indicate the status of the operation performed. If it is not applicable, no value will be shown.

Operation Status

Attribute System/Device User Short Message Description Provides the context of the operation. User ID. Brief message description of the log.
In the details panel, you can view the details of the message logged in by the operation. Click Print in the Action Bar to print the log data or click Export to export the log into a CSV format.
OmniVista SafeGuard Manager Log Messages
Following list shows some of the type (category) of messages that OmniVista SafeGuard Manager logs:
Authentication Login Enable or disable 4-eye mode Add, modify, or delete user
OmniVista SafeGuard Manager Actions Database purge Database export Database import Clear policy incidents Delete policy incidents Change configuration of server settings
Device Actions Any device action executed in Config Management Clear user Refresh user role Clear malware incident(s) White list malware incident(s)
Delete visualization records Delete device Manage or unmanage a device Communication status change (SNMP, ICC, CLI/GSOAP)
Reports Definition: Add/Modify/Delete Schedule: Add/Modify/Delete Report generation Report email
Dashboards Configuration change

Device Health

OmniVista SafeGuard Manager allows you to collect, view, and store statistics relating to device health. These statistics are helpful in analyzing each devices performance and its current connections. Administrators can use this drill-down capability to view device CPU and memory performance, fan or power failure, and any device operation success or failure messages. For more information on enabling device health statistics and the collection interval, see General. The following parameters are collected as part of device health:

Current CPU Usage Current memory usage Disk I/O Hardware status (fan failure, power supply failure, temperature
You can view device health in one of the following ways:
Click on the View Statistics icon in the Page Bar. This view displays the statistics for both OmniVista SafeGuard Manager server health and device health. Click on the Device Heath Statistics node in the navigation tree. You can expand this node to view all devices. Select an individual device to view the most recent statistics or statistics for a specified time range. Select the Health tab from on the Device Configuration screen. This tab displays the most recent device health statistics for the selected device. Once the tab is active, data is automatically refreshed every 5 minutes.
Viewing Device Health Statistics
To view device health: 1 From the Config Management view, click on the Device Health Statistics node in the navigation tree, or from the Page Bar, select Other Actions > Show Device Health. The Device Health Statistics screen displays (Figure 129).
Figure 129 Device Health Statistics
The following statistics are displayed:
Table 51 Device Health Statistics
Attribute Timestamp User CPU System CPU Idle CPU Total Memory Free Memory Used Memory System Internal Temperature Total memory in MB. Total free memory in MB. Total used memory in MB. System internal temperature measured in Celsius. Description Time the statistics were collected. CPU utilization for the user. CPU utilization by the system.
Attribute Fan 1 Speed - Fan 6 Speed Power Supply 1 Power Supply 2 Message Description Speed of the various fans from fan 1 to fan 6. Status of the primary power supply. Status of the secondary power supply. Message relating to the device operation performed.
These values are collected periodically from each device and stored in the database. 3 Specify times in the Time Range field to view statistics for a specific time. NOTE: You can further fine tune statistics collection interval and other configuration using Tools > Server Settings > General Tab. For more information, see General. 4 Click Refresh to see the updated device health and statistics.

Server Health

OmniVista SafeGuard Manager allows you to collect, view, and store statistics relating to server health. These statistics are helpful in analyzing server performance. Administrators can use this drill-down capability to view server CPU and memory performance, OmniVista SafeGuard Manager client connections, Layer 7 events, and any application or flows processed. The following parameters are collected as part of server health:

Alcatel-Lucent OmniAccess SafeGuard
A P P L I C AT I O N L E V E L N E T W O R K AC C E S S C O N T R O L
Alcatel-Lucents OmniAccess Safeguard products enable enterprises to secure their LANs by controlling which users may access the LAN and restricting what they can do while on the LAN. In addition, the OmniAccess SafeGuard products characterize trafc patterns and identify intrusions based on pre-congured heuristics resulting in user and network protection against known or unknown attacks. These Alcatel-Lucent purpose-built devices can be deployed in-line over an existing and mixed network infrastructure without the need to recongure any network elements. The OmniAccess SafeGurad appliances, which are based on custom silicon, offer LAN speed performance and can be deployed in High Availability mode to guarantee overall network availability. The OmniAccess SafeGuard makes it easy for IT to embed security within the LAN with minimal disruption and without compromise on performance or availability.
COMPLETE SET OF CAPABILITIES TO PROTECT ENTERPRISE ASSETS
Network Admission Control (NAC) user authentication and host integrity check to control who may enter the LAN Visibility incident- and exceptionbased information at layer 7, including attributes, such as le name, tied back to the user User-based access role-based provisioning to control user activities on the LAN, which includes control over what resources are accessible and what applications can be used by a given user based on the users credentials. Intrusion detection and quarantine anomaly-based detection and containment of worms and other malware to prevent network meltdown and protect network hosts Visibility logging of user activity all the way to the application layer (layer 7), including application attributes, such as le name, or URL accessed by the user
The OmniAccess SafeGuard Appliance works with existing LAN infrastructure and authentication databases to provide these control capabilities. The Alcatel-Lucent OmniAccess SafeGuard silicon architecture provides the foundation for the SafeGuard Appliances capabilities. This custom hardware includes a 128core processor and two programmable ASICs that work together to perform deep packet inspection at 10 Gbps. The programmability of the hardware enables Alcatel-Lucent to keep pace with changes in applications and security requirements.
Support for Key IT projects
G U E S T / C O N T R AC TO R AC C E S S
Most enterprises are struggling today to provide expected networking services for guests, such as access to the Internet. In addition, contract workers are increasingly present in the enterprise, and these users need a greater level of LAN access than just basic Internet services. The IT department has to support these users without compromising the security of the LAN. The OmniAccess SafeGuard product family makes it easy to enable guest and contractor access by performing the following:
automatically recognize guests vs. contractors vs. employees coming onto the LAN automatically apply access controls based on user role "guest", "contactor" scan guest and contactors machines for malware using a dissolvable agent restrict the network zones guests can access restrict which servers contractors can reach limit the applications guests can run (such as blocking IM) limit the applications contractors can run (such as allowing only key business applications and the application the contractor is helping to manage)
Alcatel-Lucent OmniAccess SafeGuard Appliances
L A N S E G M E N TA T I O N

LAN segmentation is a valuable tool for separating various user groups and restricting access to critical resources. The OmniAccess SafeGuard product family offers a highly granular, application level LAN segmentation solution. The identity-based control at the foundation of the OmniAccess SafeGuard architecture provides the following: authenticate users to determine appropriate access to the network automatically learn user role during authentication enforce access control, to applications and servers for example, based on role track the activities of all users easily tie incidents to policies for compliance and troubleshooting LAN segmentation can be implemented with no changes to the LAN. All features are delivered by a single, integrated platform for ease of operations and troubleshooting.
R E M OT E V P N AC C E S S
automatically identify a users role during authentication deploy role-based access controls apply universal or location-specic policies (e.g., reduce access to remote vs. local users)
R E G U L ATO RY C O M P L I A N C E
and untrusted onramps to the Internet make the LAN susceptible to the propagation of malware. With the OmniAccess SafeGuard product family, IT gets a powerful tool in the ght against malware. The OmniAccess Safeguard platforms can: run a scan for malware prior to LAN admission use custom algorithms to detect malware after a user is on the LAN have algorithms tuned for anomalies based on application enable IT to block just an infected application or all trafc from an infected user prevent the spread of malware that can affect overall LAN availability
Deployment Transparency, High Availability
Many regulatory bodies require access control as part of their compliance. Whether its S-Ox, HIPAA, or PCI, these regulations present the following challenges: IT must control access to key data and document those controls user-based auditing
access is typically spread out across multiple servers, applications
IT must complement granular application-level controls with basic network-level allow or deny access controls The OmniAccess SafeGuard product line helps IT with the segmentation, access control, and auditing needs demanded by many regulations. The OmniAccess SafeGuard platforms let IT: authenticate users for access to the LAN tie users to addresses and applications apply role-based controls for who can access which data document that policies are in place provide an audit trail by user, application, or server
M A LW A R E C O N T R O L
One of the groups that presents a particular risk for enterprises is remote users accessing the LAN over a VPN. The OmniAccess SafeGuard product family provides IT with a number of ways to ensure appropriate access for VPN users. The OmniAccess SafeGuard platforms: authenticate users over the VPN by providing a second login via a captive portal perform a posture check to ensure the device is free of malware

The OmniAccess SafeGuard Appliance sits between access switches and the distribution or core layer, aggregating uplinks from the wiring closets and enforcing access policies on all trafc. It is a transparent device that does not require changes to the network design or user behavior, thus simplifying deployment and ITs cost of operations. The OmniAccess SafeGuard Appliance supports high availability and resiliency modes. For example, enterprises that have dual-homed their wiring closet switches can deploy two OmniAccess SafeGuard Appliances as peers the two platforms share authentication state and will preserve user authentication in case of failover. In addition, the appliance itself supports two failure modes. IT
Frequent hosting of guests and contractors as well as the continuous migration of laptops between trusted
can set the device to fail to pass through, where all LAN trafc will traverse the appliance untouched, or fail to block, where all trafc is stopped. The appliance also includes redundant power supplies and fans.
Operation User-based Visibility, Central Configuration and Management
The OmniAccess SafeGuard appliances use deep packet inspection to admit users onto the LAN, provide visibility into LAN activities, control access based on identity, and contain malware and other attacks. The Alcatel-Lucent OmniVista SafeGuard Manager provides IT with the means for capturing and viewing all the data as well as for setting policies. OmniVista SafeGuard Manager aggregates all trafc capture data and presents IT with actionable information, showing key security incidents in at-a-glance summaries and drilldown, detailed views. OmniVista SafeGuard Manager also enables rapid forensic troubleshooting, auditing, and reporting.
OmniVista SafeGuard Managers GUI-based tools simplify policy creation and distribution. InSight includes templates that make it easy for IT to create policies and deploy them on OmniAccesss SafeGuard devices. The OmniAccess SafeGuard platforms automatically derive users roles, and OmniVista SafeGuard Manager uses that role information as the basis for security policies. OmniVista SafeGuard Manager also supports lters that let IT treat policies as building blocks and layer on multiple levels of control more easily. The exible exception rules, combined with the policy lters, let IT create unique controls by role without creating a separate policy for each variation. The OmniAccess SafeGuard appliances also integrate into the OmniVista 2500 through topology and event applications. Furthermore, the OmniAccess SafeGuard conforms to OmniVista 2770 Quarantine Managers Syslog API to report security threats. Integration of the OmniAccess SafeGuard into OmniVista 2500 adds another simplication to the network management tasks.

Product Family

The Alcatel-Lucent OmniAccess SafeGuard Appliance is available in two models the OmniAccess 1000 SafeGuard (OAG-1000) and the OmniAccess 2400 SafeGuard (OAG2400). The OAG-1000 supports up to 800 authenticated users across four gigabit uplinks, with deep packet inspection at 4 Gbps. The OAG-2400 supports up to 2,000 authenticated users across ten gigabit uplinks, with 10 Gbps of deep packet inspection.

T E C H N I C A L

Security Features Leveraging OmniAccess SafeGuard Software
USER / MACHINE AU T H E N T I C AT I O N
S P E C I F I C A T I O N S

V I S UA L I Z AT I O N

Authentication via captive portal or MAC address Active directory authentication snooping 802.1x RADIUS authentication snooping
R O L E D E R I VAT I O N
Ties usernames to applications and security violations Identifies applications and application content Reports application details to centralized policy
CENTRALIZED V I S UA L I Z AT I O N
Physical Features Optimized for High Density Resilient Installation
S TA N D A R D S A N D P R OTO C O L S

L AT E N C Y

Average 30 microseconds
A P P L I C AT I O N S CLASSIFIED
300+ at Layer 4 30+ at Layer 7

DIMENSIONS

RADIUS attributes Active directory attributes Physical location Combination of above

ROLE-BASED POLIC

Ties into Alcatel-Lucent OmniVista SafeGuard Manager User and application usage repository Real-time alert dashboard Fully drillable forensics capability Reporting with scheduler Full policy and role-derivation configuration GUI

LOGGING AND REPORTING

802.1D bridging 802.3 10BaseT 802.3u 100BaseTX 802.3z 1000BaseSX/T
L AY E R - 2 F E A T U R E S
17.5 in. x 17 in. x 1.7in - 1U (44.5 x 43.2 x 3.8 cm)

WEIGHT

15 lbs. (6.9 kg)
O P E R AT I N G REQUIREMENTS

4,096 VLANs

D ATA I N T E R FA C E P O R T S
OAG-1000: 4 secure SFP port pairs OAG-2400: 10 secure SFP port pairs

S F P S AVA I L A B L E

Temperature: Humidity: 5% to 90%, non-condensing
C E RT I F I C AT I O N S
Control access by: User group Application Select application attributes Destination port Resource (e.g., servers)

HOST INTEGRITY CHECK

Direct syslog reporting Detailed security log messages Formatted for SIEM integration

MANAGEMENT AND CONTROL

Single-mode or multimode 1 Gbps fiber, 10/100/1000 copper
N O N - D A TA I N T E R FA C E P O R T S
Dissolvable agent Scans for known threats, anti-virus definition, service packs, and custom registry keys and files
T H R E AT D E T E C T I O N / M I T I G AT I O N
Zero-hour threat detection No signature updates necessary Drops malformed packets Block by: physical port, SRC MAC, offending application

ENFORCEMENT ACTIONS

Industry-standard command line interface (CLI) Managed by Alcatel-Lucent OmniVista SafeGuard Manager SNMP v1/v2c Formatted syslog to multiple destinations Telnet SSH TFTP Standard and privileged access modes

A D M I N I S T R ATO R AU T H E N T I C AT I O N
OAG-1000: Two extensibility ports for packet mirroring or HA and one rear management port OAG-2400: Four extensibility ports for packet mirroring or HA and one rear management port
SECURED PROCESSING THROUGHPUT

Emissions FCC Part 15, sub part B (USA) Class A, ICES-003 (Canada) EN55022 (CE Mark) Class A, EN55024 (CE Mark) VCCI Class A (Japan)

SAFETY

OAG-1000: 4 Gbps OAG-2400: 10 Gbps
AU T H E N T I C AT E D U S E R S
UL 60950-1 (USA) CSA C2.22 No. 60950-1 (Canada) EN 60950-1 (CE Mark) IEC 60950-1 (International) NOM (Mexico) C-TICK (Australia)
Allow Deny TCP reset Mirroring, logging

RADIUS authentication

OAG-1000: 400 users base model, 800 users via upgrade license OAG-2400: 1000 users base model, 2000 users via upgrade license Resiliency Dual active-active highavailability mode Fail pass-through (open) Fail block (closed)
Dual redundant 180W 90264VAC full range, 47-63Hz

COOLING

Front-to-back air flow

www.alcatel-lucent.com

Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners. Alcatel-Lucent assumes no responsibility for the accuracy of the information presented, which is subject to change without notice. 2007 Alcatel-Lucent. All rights reserved. P/N 031917-00 Rev. B 4/07