technology

Tec2OS, our system for secure networks, based on unspoofable identities

CHARACTERISTICS

Distributed and modular

Portable

from the simplest embedded system to more complex systems such as Cloud Computing or NFV

Compatible

with any Dataplane technology through APIs

Standard

Standard compliant: No client modification is needed

TECHNOLOGY COMPONENTS

Dynamic Dataplane-agnostic Network Controller

Improved AAA system (compatible with other authentication systems)

Identity-aware DHCP server

Secure encrypted VPN connection to Tecteco’s Cloud to enable advanced security services

architecture

 APPLICATIONS

  FEATURES

  CORE TECHNOLOGY

Parental control Active IoT protection vCPE maximun security Secure WIFI for SME Secure public WIFI
(hotels, cafeterías,..)		 WIPS
Unspoofable identity Granular security polícies Traceable and monitorable communications
4 factor bond
AAA in 1st network segment L2 network controller

APPLICATIONS

  • Parental control
  • Active IoT protection
  • vCPE maximun security
  • Secure WIFI for SME
  • Secure public WIFI

FEATURES

  • Unspoofable identity
  • Granular security polícies
  • Traceable and monitorable communications

TECH. CORE

4FB + AAA +
L2 network controller

functionalities

Extensive authentication system

Tecteco’s technology relies on a new authentication paradigm: UDB (User-Device-Bond) authentication.

Built on top standards:

  • 802.1X
    EAP-PEAP
    EAP-TLS
  • WPA2-PSK
    PPSK or Personal – PSK: each user-device has a unique password.

No modifications or software needed in the client

Based on the well-known FreeRADIUS + hostapd projects.

Implicit denegation

 

  • TecOS database contains registered devices
  • The administrator controls who/what connects to its network
  • First access control check where only registered MACs are allowed and unregistered MACs are denied
  • Early protection avoids further processing

Dynamic 4 Factor Bond enforcement

Tecteco’s technology enforces several identifiers before, during and after the authentication process

Multifactor

  • Automatic and dynamic process
  • Without additional manual assistance

Identity-based Authorization

  • Immutable due to the combination of identities
  • It enables the identification of communications (legitimate and illegitimate)

Secure DHCP role network gegmentation

TECTECO’s technology enhances the traditional DHCP service with the concept of role

  • Intra-role level 2 forwarding
  • Inter-role level 3 routing
  • Based on the well-known KEA DHCP server
  • UDB extension: Identity-aware DHCP service

Dynamic protection and authorization

Authorization of communications:

  • Deploys policies controlling negotiation processes, e.g: EAPoL and DHCP transactions
  • Early monitoring and detection of anomalies in the network

Dynamic protection

  • Tecteco Rule Set (TRS) from L2 to L7 of OSI model, for both ingress and egress
  • Enforces granular security policies
  • Adaptive functional isolation: asymmetric and bidirectional
  • Characterization of communications
  • Active mitigation based on the source of the communications (e.g. shutdown of the port)

Secure registration network device auto-enrollment

User experience is key for technology adoption. That’s why TecOS can be used by any user even with no technology background

 

Isolated and secured registration network

TecOS automatically retrieves UDB parameters

Tecteco’s Cloud provides client
certificates and configuration profiles

Request a presentation

CONTACT US