Nevis adds cloaking feature

* New Nevis feature makes it impossible for devices/users to access resources they're not authorized to reach

Nevis Networks has a new feature to block devices from sending or receiving packets from other devices they are barred from by NAC policy.

Called cloaking, the new feature makes it impossible for devices and their users to access resources they are not authorized to reach, even if the devices and the resources are on the same virtual LAN.

If a device launched an attack at another resource on a VLAN, it would be picked off by the Nevis gear. New software for both the company’s LANenforcer appliance and Secure Access Switch enable the devices to drop packets that fall outside the policy definitions of individual users.

Before, parameters that Nevis gear could use to restrict access to resources included source/destination addresses, IP and MAC addresses and protocols. The new software adds application layer intelligence with an application firewall built in to the LANenforcer software.

Cloaking can be linked to protocols as well. So all the VoIP phones on a network can be restricted to sending and receiving only those protocols used for VoIP. If a VoIP phone tried to download an FTP file, for example, the request would be blocked.

This finer-grained filtering enables a much narrower definition of what resources are and are not available to users and user groups. This gives Nevis gear the ability to recognize applications and map policies to them.

Policies are set within the Nevis gear and imposed on groups or individuals as defined by existing directory systems.

The software upgrade that adds the application firewall to Nevis gear is available now.

Editor's Note: Starting Aug. 14, this newsletter will be renamed "Security: Network Access Control" to better reflect the focus of the newsletter. We thank you for reading Network World newsletters!

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.