Broadcom announced a new generation of multi-layer Gigabit Ethernet (GbE) switches designed to improve enterprise network security.
Broadcom' new StrataXGS III BCM56510 series of multi-layer Gigabit Ethernet switches are a follow-on series to the company's widely deployed BCM56500 series. A key feature will be the new "BroadShield" security technology, which enables network admission control (NAC) and supports Microsoft's Network Access Protection policy enforcement technology to achieve dramatically improved network security and manageability when compared to existing solutions. The key security features include standards-based authentication, user quarantine, denial of service (DoS) attack prevention, "man in the middle" attack prevention, spoofing prevention, and support for advanced access control lists (ACLs).
Broadcom said its technology utilizes a unique flow-based user-classification framework that allows IT managers to enforce secure policies on a packet-by-packet basis without complicated administration of a large numbers of rules. The overriding benefit is the ease at which these secure profiles are implemented and proliferated through the network, regardless of the scale of the user base.
Network Access Protection is a policy enforcement technology built into the Windows Vista and Windows Server, codenamed "Longhorn" operating systems that allows customers to better protect network assets from unhealthy computers by enforcing compliance with network health policies.
Network admission control (NAC) governs how security policies are enforced on any device on the network with the goal of minimizing the damage from emerging security threats. IT managers employing NAC have the ability to control network access for any client that accesses the network (for example, a PC, PDA or other endpoint device), granting the appropriate level of access based on the classification of the endpoint device.
Additional features include:
- Advanced Layer 2 (L2) switching and Layer 3 (L3) routing, including IPv4/IPv6
- BroadShield security technology addresses enterprise security with ContentAware-based scalable ACLs, port-level L2 and L3 security, integrated and enhanced DOS prevention mechanism, and L3 traffic virtualization
- Microsoft Network Access Protection support enables robust network admission control (NAC)
- Virtual router technology provides secure virtualization of network traffic
- Tunneling schemes such as IPv6 over IPv4, ISATAP, IP over IP, etc., provide a variety of transition mechanisms
- High-end IP multicast for video/audio distribution, web conferencing, etc.
- Supports eight classes of service (CoS) with sophisticated scheduling mechanism
- Robust 802.1ad support enables scalable carrier access