Juniper SA6500 FIPS SA6500FIPS 데이터 시트
제품 코드
SA6500FIPS
3
Features and Benefits
Worldwide Government-Certified Security
The IC6500 FIPS UAC Appliance is a proven, commercial off-the-shelf (CoTS) access control appliance that provides security via a
dedicated FIPS 140-2 Level 3 certified hardware security module (HSM), compliant with robust U.S. government security standards also
recognized by other nations around the world.
dedicated FIPS 140-2 Level 3 certified hardware security module (HSM), compliant with robust U.S. government security standards also
recognized by other nations around the world.
Table 1: Government-Certified Security
Feature
Feature Description
Benefit
FIPS 140-2 Level 3
certified hardware
security module
(HSM)
certified hardware
security module
(HSM)
• Handles all cryptographic processing as well as key and certificate
management.
• Complies with the latest best security practices and mandates of the
U.S. government.
• Recognized by CESG, the U.K. government’s National Technical Authority
for Information Assurance (IA), as meeting security criteria for use in data
traffic categorized as “Private.”
traffic categorized as “Private.”
• Relieves the appliance CPU of the rigors of
cryptographic processing, increasing overall
appliance performance while simultaneously
delivering a powerful layer of security.
appliance performance while simultaneously
delivering a powerful layer of security.
• Enables government agencies worldwide to
deploy comprehensive, secure, scalable network
access control.
access control.
Tamper-evident
labels
labels
Provides a visual alert to and assurance of the appliance’s integrity.
Helps to deter and alleviate physical security
breaches.
breaches.
Identity-Aware Security
UAC delivers identity-aware, granular network and application access control and security, ensuring that only the “right” people can
access the network, vital applications, and sensitive data.
access the network, vital applications, and sensitive data.
Table 2: Identity-Aware Security
Feature
Feature Description
Benefit
Identity-Enabled
Profiler
Profiler
Correlates user identity and role information to network and application
usage.
usage.
• More effectively track and audit network and
application access.
• Know who is accessing your network and
applications, when they are accessing them,
and what they are accessing.
and what they are accessing.
• Directly addresses regulatory compliance and
auditing.
Coordinated Threat
Control
Control
Leverages the robust features and capabilities of the IDP Series Intrusion
Detection and Prevention Appliances to deliver broad Layer 2–7 visibility
into application traffic, providing the ability to isolate a network threat to
the user or device level and then—via UAC and the IC6500 FIPS—employ a
specific, configurable policy action against the offending user or device.
Detection and Prevention Appliances to deliver broad Layer 2–7 visibility
into application traffic, providing the ability to isolate a network threat to
the user or device level and then—via UAC and the IC6500 FIPS—employ a
specific, configurable policy action against the offending user or device.
• Addresses and mitigates network insider threats
quickly.
• Minimizes network and user downtime.
Role-based,
application-level
enforcement
application-level
enforcement
• Leverages deep packet, application-level threat intelligence of
standalone IDP Series appliances as enforcement points.
• Enables application-specific policy rules to be enforced based on a
user’s role.
• Policies can also be defined to control time of day and bandwidth
restrictions per application or per role.
• First access control solution to support full
Layer 2 - 7 enforcement.
• Enables access control and security policies to
be applied to the application-level granularly,
protecting your network, applications, and data
protecting your network, applications, and data
• Ensures that users adhere to application usage
policies.
Identity-enabled
firewalling
firewalling
• The identity-aware capabilities of UAC are combined with the robust
networking and security services of SRX Series Services Gateways,
employed as UAC enforcement points.
employed as UAC enforcement points.
• Available on all SRX Series Services Gateways running Junos oS 9.4
software.
Drastically increases scale for data center
environments, allowing government agencies
and organizations to leverage enforcement in the
world’s most demanding and high-performance
data centers.
environments, allowing government agencies
and organizations to leverage enforcement in the
world’s most demanding and high-performance
data centers.
EX Series
Ethernet Switch
interoperability
Ethernet Switch
interoperability
• The EX3200 Series and EX4200 Series Ethernet switches interoperate
with and serve as enforcement points for UAC using standards-based
802.1X port-level access control and Layer 2-4 policy enforcement.
802.1X port-level access control and Layer 2-4 policy enforcement.
• When deployed with UAC, EX Series switches can enforce user-based
QoS policies or mirror user traffic to a central location for logging,
monitoring, or threat detection.
monitoring, or threat detection.
• Delivers a complete, standards-based, best-in-
class NAC solution.
• Allows government agencies and organizations
to enjoy value-added features and economies
of scale for support and service.
of scale for support and service.