1. The document compares the security features of HDN switches and Cisco switches. HDN switches contain integrated security capabilities like detecting and blocking malware packets without port blocking.
2. HDN switches automatically detect anomalies and generate alerts. They support monitoring via VNM and include logging. In comparison, Cisco uses separate security appliances like CSA and Cisco Prime LMS.
3. HDN switches are managed through the VNM management tool while Cisco uses its own management systems.
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
1. SO SÁNH SWITCH BẢO MẬT
CỦA HanDreamnet(HDN) VÀ
SWITCH CỦA CISCO
Namviet Telecom Ltd
Song Tran
+84 903212322.
1
www.namviettelecom.com
2. Spec comparison – Cisco(excluding security)
SG2024G
Power
4
4
48 Gbps / 71.4 Mpps
176 Gbps / 42 Mpps
Flash / DRAM
64M / 256M
64M / 128M
32k
8k
Yes
Yes
Smart Port Redundancy
Flexbile Link
Voice VLAN
Yes
Yes
Ring Protocol
Yes
No
UDLD, Cable diagnostic (TDR)
Yes
Yes
Queue per port
8
4
L2/L3/L4 ACL , ACL, Time based ACL,
VLAN ACL
Yes
Yes
DHCP Snooping, IPSG
Yes
Yes
802.1x (Multi user, MAC bypass…)
Yes
Yes
Stacking
Management
24
Port Redundancy
Security
24
STP/RSTP/MSTP/PVST+ / PVRST+
QoS
10/100/1000Base-T
MAC address
Layer 2
External RPS
Capacity/Forwarding Rate
Performance
Internal power redundancy
1000 Base-X
Hardware &
Interface
Catalyst 2960S-24TS
No
Yes
CDP, DHCP Server, SNMPv1/2/3,
TACACS+, RADIUS, IPv6 management,
LLDP, LLDP-MED
Yes
Yes
Flow Monitoring
sFlow
No
2
3. Security features comparison – Cisco
SG2024G
DoS, DDoS, Flooding, Scan Attack
OK
N.A.
Set up/Release security policy automatically
OK
N.A.
Real time report while Drop Attack traffic
OK
N.A.
Real time log & history for dropping attack on
CLI
OK
N.A.
IP Spoofing attack
Security
features
Catalyst 2960S-24TS
OK
N.A.
ARP Spoofing attack
OK
N.A.
NetBios flooding attack
OK
N.A.
Worm_port_Attack attack
OK
N.A.
TCP/UDP/ICMP DoS/DDoS_Attack
OK
N.A.
TCP SCAN_Attack
OK
N.A.
TCP/UDP/ICMP Flood_Attack
OK
N.A.
TCP Syn Flood Attack
OK
N.A.
Loop detection
OK
N.A.
3
5. Detectable Attack List by Security Switch
No.
Attack Type
Protocol
Description
DoS Attack
Attacker kept sends bunch traffic to a specific target
based on well known port
IGMP
1
TCP
UDP
ICMP
Attack Name
Attacker kept sends multicast traffic to the pier fast.
2
IP Spoofing Attack
-
3
IP Spoofing Attack
ARP
4
Host scan attack
(IP Scanning)
5
DoS Attack
Attacker sends packet after falsifying SRC IP.
Attacker sends ARP Packets with reliable IP and
attacker MAC.
DDoS(IP Spoofing)
TCP
UDP
ICMP
Attacker sends TCP, UDP, ICMP request to all
reachable Host on the network.
Scan Attack
Scan Flooding
Port Scan Attack
TCP
UDP
Sending port scan packet to the target host.
Port Scan
Host Random
Flooding Attack
TCP
UDP
ICMP
Sending packets with any IP address to the target UDP,
TCP ports.
Random Attack
Flooding packets which are abnormal value on
destination port / source port of TCP or UDP.
Random Flooding
7
ICMP Redirect
Attack
ICMP
Sending ICMP redirect packet to the target host
ICMP Redirect Attack
8
ARP Attack
ARP
9
Broadcast Attack
10
MAC Flooding
-
Sending random source MAC Address to run out ARP
table
MAC Flooding
11
Self-Loop
-
Packet Loop
Self_Loop
12
HOST Drop
-
An attacker kept making 10 different attack
HOST Drop
6
IP
Attacker kept sending ARP Packet to the destination
fast.
Sending Broadcast packet fast to all host on the
network
5
ARP Spoofing
ARP Attack
Broadcast Attack
6. HDN Security Switch vs Cisco NAC
Cisco CSA Solution
HDN Solution
Security
Switch
CSA
Zero Update Protection
Switch features
Dynamic protection for unknown
Reduce downtime through applying
the urgent patch
Common
PoE/PoE+
threat
L2/L3 Switch
Looping detection
Detect/Drop harmful traffic
Behavior based protection
Run at the access level
Block the user access who is not
Block un-authorized user etc.
ARP Spoofing attack
Scanning / Flooding attack
Smart Protection
Check all application’s behavior
VNM(Visual Node Manager) –
Need company policy in-advance
DoS/DDoS attack
complied to company policy
Others
total management tool
Protect from malicious code through
Signature-Based Antivirus
6
7. HDN Security Switch vs Cisco NAC
Network Admission Control (NAC) is a solution that uses the network infrastructure
to ensure all devices seeking network access comply with an organization’s security
policy
• Cxx Clean Access Server
identity
Serves as an in-band or out-of-band device for
network access control
Please enter username:
device
security
NAC
network
security
• Cxx Clean Access Manager
Centralizes management for administrators, support
personnel, and operators
• Cxx Clean Access Agent
Si
Si
Optional lightweight client for device-based registry
scans in unmanaged environments
CSACS1121-K9
$14,995
NAC3315100-K9
NAC Appliance
3315 Server max 100 users
$8,990
NACMGRLTE-K9
7
ACS 1121
Appliance With
5.x SW And
Base license
NAC Appliance
3315 Manager max 3 Servers
$8,990
9. TẠI SAO NÊN CHỌN SWITCH CỦA HDN?
Là giải pháp bảo mật cứng cho Access Layer sử dụng công nghệ xử lý tiên tiến
nhất hiện nay MDS Security ASIC (Multi-Dimension Security engine)
Tự động phát hiện và chặn các gói tin chứa mã độc -> không chặn Port
Tự động phát cảnh báo khi phát hiện sự cố bất thường
Ghi log và hỗ trợ giám sát qua VNM
Hiệu suất tuyệt vời với tính năng bảo mật giúp mạng LAN ổn định 24/7
Dễ dàng quản lý và giám sát tình trạng mạng LAN theo thời gian thực.
Chi phí hợp lý (không đắt hơn Switch thường của Cisco)
Ngoài việc bảo vệ thông tin an toàn, chống xâm nhập và đánh cắp thông tin bởi
Attacker/Hacker thiết bị còn tự động cảnh báo và cô lập khi cáp bị loop.
Nếu mạng máy tính của Công ty bạn thường xuyên gặp tình trạng khi vào mạng
rất chậm, ứng dụng mạng chạy cứ đơ đơ… thì là lúc bạn nên quan tâm tới giải
pháp của HDN. Need more ? Please contact songk38@gmail.com
9