Media

« Home Tuesday August 31st, 2010

Secured ethernet access

RTL Belgium controls access to its network

rtl_gebouw_groot

By implementing its NAC (Network Access Control) through a Juniper Infranet UAC solution integrated into its Active Directory, the media group has opted for security with a capital ‘S’. Major catastrophes are now out of the question.

“We are concentrating our energy on security projects that use mature technologies and which, like the seatbelt, can ’save lives’. Providing security for our Ethernet access, which has been operational since late January, was one of the essential needs,” begins Didier Martin, IT Infrastructure Manager at RTL Belgium.

To start with, because of the highly critical nature of this network: “it’s our lifeblood. Not only because it is shared by all the applications under the roof and it contains all of our digitized archives. But because it is necessary for our audio and video production: the files are stored on disks and servers connected with each other and with our 750  workstations via the network.” What’s more, production and broadcast naturally have to be as reactive as possible in relation to current events: having our network down due to a security problem caused by the connection of an unauthorized device is unthinkable!

At the same time, the NAC should protect the infrastructure from the dangers potentially posed by independent contractors, freelancers and consultants. “All of these ‘floating’ people may attempt to easily connect to our network since there are Ethernet outlets all over the place… inluding behind our IP telephones. We give temporary access to technical consultants who of course have to be able to carry out their work on the IT systems, while others can access the public Internet via WiFi or an insulated WLAN, and they can use one of RTL’s PCs if they need to connect to internal resources.”

Testing from every angle

Telindus, the long-standing network partner of RTL Belgium, quickly pointed them towards a Juniper solution, which was mature and interoperable with its  Avaya telephony. Specifically, 2 UAC (user access control) Infranet 4000 Controllers in cluster mode for redundancy, integrated with Cisco switches and the Active Directory. The installation was preceded by a proof-of-concept in which every possible scenario was validated: connection on a port, behind a telephone, on a mini-switch, etc.

“We especially appreciated the professionalism of Telindus during the PoC, as well as the efforts they made to find solutions for any problems,” notes Didier Martin, recalling the complexity of the project: “It involved 4 levels of systems. The Windows OS  of the client PC, in which the Juniper software  has to be embedded deep enough; the switching part, in which Cisco dialogues with the PC and Juniper; and then the UAC part, in which Juniper dialogues with the switches, the PC and the Active Directory. And on top of that, you still have to add the telephony part!”.

Concretely, when a device is connected through an Ethernet port, the switch verifies that it belongs to the Active Directory or that it has a local account on the Infranet controllers. If this is the case, a port is opened and the Ethernet traffic is authorized. In order to have full access to the network, the Infranet controller nevertheless has to verify the compliance criteria for the connected device:  that the anti-virus is on, that the device can be accessed by the management systems (inventory, updates…) etc. If not all of the criteria are met, it is isolated from the rest of the servers and from the storage in a remedial VLAN in order to correct the problem remotely.

Company Profile

RTL Belgium SA (RTL group) produces and broadcasts TV channels (RTL-TVI, Club RTL, Plug RTL ) and radio stations (Bel RTL, Radio Contact) that it manages. Its New Media division provides content for VOD, smartphones and other emerging media.

Business benefits

-       “Who/what is connecting to my LAN, and where?” is under control
-       No non-authorized PCs on the network
-       Easy diagnostic and remediation when connection is rejected: a PC is brought into compliance; detection of a faulty anti-virus; providing temporary access
-       Consolidation of logs in an interface allowing bugs to be detected
-       Transparent solution for end users

More info?

For more information on Inside Security, visit Belgacom Inside Security or contact your account manager.

Posted by: One Editorial Team

Category: Business, Customer cases, Media

Comments: 0

VN:F [1.7.7_1013]
Rating: 0.0/5 (0 votes cast)

Post a new comment

Please contact me on this subject

Tags

, , , , , , ,

Leave a Comment


Your e-mail address will not be published and will not be used for commercial purposes

ipad13_en

Archives

Digital versions One Magazine (PDF)