In collaboration with NTT Data Intellilink Corporation (Head office: Chuo-ku, Tokyo, President and CEO: Kou Miyake, hereinafter referred to as NTT Data Intellilink), Hitachi Cable, Ltd. has developed a quarantining LAN system that protects internal networks against infection by worms or viruses introduced via private computers owned and operated by employees. This solution arose from the integrated deployment of the user authentication function of our Apresia(R) authentication switches (*1) and NTT Data Intellilink's NOSiDE(R) Inventory Sub System 2004, an integrated operating management system for consolidating computer system management. The new solution is slated for launch on May 13.

While heightened network security awareness at companies has helped reduce virus infections caused by accesses to the Internet from within the company, the number of infections via private computers owned by employees has rapidly increased. This is attributable to widespread use of laptop computers, which allow increasing numbers of employees to access the Internet from outside the company workplace, including within and outside their homes. In other words, adequate security measures have not been taken outside the company, as this depends on individual users. When an employee accesses an internal network via a private computer infected with a virus, the virus will spread throughout the internal network. According to surveys, this is how Sasser, a recent and widespread worm, and the Blaster and Welchia worms, which caused significant damage, all spread. Since firewalls and antivirus system at mail servers cannot prevent virus infections via private computers, this is a critical issue for operations managers.

The newly developed quarantining LAN system can prevent virus infections via private computers, based on the integration of Apresia(R) and NOSiDE(R). In this system, private computers through which employees access a Local Area Network are first connected to the quarantine area on the network and are required to undergo a security inspection performed by the NOSiDE(R) component and management server within the quarantined area. Only when the private computers are confirmed to be authentic user-safe terminals are they allowed to access wider-area networks. If the component and management server of NOSiDE(R) determines certain computers to be unauthorized or vulnerable, Apresia(R) denies them access to the internal network.

This quarantining LAN system applies to both wired and wireless LAN access. In addition, with respect to the methods for assigning IP addresses, the system is compatible with fixed IP addresses as well as the Dynamic Host Configuration Protocol (DHCP: a protocol that automatically assigns necessary information such as IP addresses to computers briefly accessing the Internet). Apresia(R) can control accesses from up to 300 clients per unit, while ensuring that printers, which lack authentication functions, are securely connected.

Apresia(R) is available at an open price. Used in combination with NOSiDE(R) Inventory Sub System 2004, it enables implementation of a quarantining LAN system for approximately 8,000 yen per client (assuming number of managed clients exceeds 1,000). (*2)

Hitachi Cable plans to work aggressively to expand sales of the Apresia(R) system with the new quarantine solution feature as a value-added product bundled in with NOSiDE(R). Overall sales of the box-type Apresia(R) authentication switch are expected to reach approximately 3 billion yen in fiscal 2005.

Major network authentication functions of Apresia(R), an L2 authentication switch

*1	With browser-based authentication, Apresia(R) offers network authentication to any browser-equipped terminal.
*2	Shared port mode, in which several terminals can connect to a single port, and designated port mode, in which VLANs can be dynamically assigned to switch ports, can coexist at the ports of a single Apresia(R) unit.
*3	Apresia(R) enables terminals without authentication functions, such as printers, to be connected securely through MAC address registration.
*4	Apresia(R) is configured for most RADIUS servers. (Certificate authorities are not required.)
*5	Apresia(R) has various log-out functions. Disconnecting a network cable without logging off automatically logs off that user. This function also works in a wireless LAN environment. Major functions of NOSiDE(R) Inventory Sub System 2004 except the quarantining LAN system
*6	Security management function NOSiDE(R) offers a function for consolidating management of the detailed security settings for each personal computer. Security reporting is also available.
*7	Security patch distribution function NOSiDE(R) offers a function for consolidating management of the detailed security settings for each personal computer. Security reporting is also available.
*8	Security patch distribution function NOSiDE(R) offers a security patch distribution function based on integration with the Microsoft(R) Software Update Services (SUS). The NOSiDE(R) policy management function makes it possible to distribute patches based on different rules for different groups.
*9	Antivirus software management function NOSiDE(R) can consolidate the management of the settings for antivirus applications and automatically update virus definition files.
*10	Asset management function In addition to security management functions, NOSiDE(R) improves the efficiency of IT asset management by offering asset management functions for software and hardware.

* To obtain product photos and data, please contact the Corporate Communication Section.

Note 1: An authentication switch is an L2 switch equipped with a built-in user authentication function that controls access to the network at client terminals. A user authentication function is provided in the Apresia(R)2000 series.
Note 2: Server machines, OS, and DBMS are excluded. The final cost depends on the number of managed clients and the network system.

* Apresia(R) is a registered trademark of Hitachi Cable, Ltd.
* NOSiDE(R) is a registered trademark of NTT Data Corporation.