CHARACTERISTICS
Distributed and modular
Portable
from the simplest embedded system to more complex systems such as Cloud Computing or NFV
Compatible
with any Dataplane technology through APIs
Standard
Standard compliant: No client modification is needed
TECHNOLOGY COMPONENTS
Improved AAA system (compatible with other authentication systems)
Identity-aware DHCP server
Secure encrypted VPN connection to Tecteco’s Cloud to enable advanced security services
architecture
APPLICATIONS
FEATURES
CORE TECHNOLOGY
Parental control | Active IoT protection | vCPE maximun security | Secure WIFI for SME | Secure public WIFI (hotels, cafeterías,..) |
WIPS |
Unspoofable identity | Granular security polícies | Traceable and monitorable communications |
4 factor bond | |
AAA in 1st network segment | L2 network controller |
APPLICATIONS |
|
FEATURES |
|
TECH. CORE |
4FB + AAA + |
functionalities
Tecteco’s technology relies on a new authentication paradigm: UDB (User-Device-Bond) authentication.
Built on top standards:
- 802.1X
EAP-PEAP
EAP-TLS - WPA2-PSK
PPSK or Personal – PSK: each user-device has a unique password.
No modifications or software needed in the client
Based on the well-known FreeRADIUS + hostapd projects.
- TecOS database contains registered devices
- The administrator controls who/what connects to its network
- First access control check where only registered MACs are allowed and unregistered MACs are denied
- Early protection avoids further processing
Tecteco’s technology enforces several identifiers before, during and after the authentication process
Multifactor
- Automatic and dynamic process
- Without additional manual assistance
Identity-based Authorization
- Immutable due to the combination of identities
- It enables the identification of communications (legitimate and illegitimate)
TECTECO’s technology enhances the traditional DHCP service with the concept of role
- Intra-role level 2 forwarding
- Inter-role level 3 routing
- Based on the well-known KEA DHCP server
- UDB extension: Identity-aware DHCP service
Authorization of communications:
- Deploys policies controlling negotiation processes, e.g: EAPoL and DHCP transactions
- Early monitoring and detection of anomalies in the network
Dynamic protection
- Tecteco Rule Set (TRS) from L2 to L7 of OSI model, for both ingress and egress
- Enforces granular security policies
- Adaptive functional isolation: asymmetric and bidirectional
- Characterization of communications
- Active mitigation based on the source of the communications (e.g. shutdown of the port)
User experience is key for technology adoption. That’s why TecOS can be used by any user even with no technology background
Isolated and secured registration network
TecOS automatically retrieves UDB parameters
Tecteco’s Cloud provides client
certificates and configuration profiles