Hitachi Cable recently confirmed the compatibility of its Apresia Authentication Switch *1 with the NASCenter Net-ADM *2 systems integration and management tool offered by NURI Telecom Co., Ltd. (Headquarters: Chiyoda-ku, Tokyo; President: Masayuki Suzuki; "NURI Telecom" hereafter). This solution enhances our line of PC quarantine LAN solutions for protecting corporate networks against virus infections originating from notebooks and other PCs brought in from outside company sites. NURI Telecom has also joined the Apresia security-alliance partner program, EnSEC *3, promoted by Hitachi Cable.

The recent growth in awareness of issues related to corporate information network security has prompted enterprises to strengthen in-house PC security measures, generally by introducing firewalls and antivirus software. Nevertheless, the widespread use of notebook PCs has increased the likelihood of virus infections on corporate networks. Notebook PCs are often infected through Internet connections outside the worksite on employee travel or when brought home, after which the viruses often spread to the corporate network when the employees return with infected PCs and connect them to the corporate network.

To protect corporate networks against such virus infections, growing numbers of enterprises and other organizations are adopting PC quarantine LAN systems. There are four primary methods for building such systems: based on authentication switches, DHCP servers *4, personal firewalls *5, or IPS *6. Among these methods, the authentication switch method uses an authentication switch that blocks connections to the corporate network until antivirus or other security checks (quarantines) have been performed on these PCs. This provides a more secure, reliable, robust system with less chance of false detection than the three other alternatives.

Hitachi Cable has provided authentication based on IEEE 802.1X *7, the international standard, and PC quarantine LAN solutions based on Apresia NA (Network Authentication), a unique authentication function of the Apresia system. In addition to the security provided by the authentication switch method, our solutions allow quarantines of terminals connected to desktop switches and wireless LAN access points implemented under Apresia. The solutions make it possible to establish PC quarantine LAN systems simply by replacing certain switches in the existing network *8 with the Apresia Authentication Switch, reducing implementation costs. Hitachi Cable is meeting a broad range of needs by expanding the compatibility of Apresia and quarantine systems and devices provided by other manufacturers, allowing customers to introduce Apresia-based PC quarantine LAN solutions.

Hitachi Cable and NURI Telecom recently confirmed the compatibility of Apresia and NURI Telecom's NASCenter Net-ADM.

An all-in-one systems integration and management tool that provides network monitoring, server monitoring, management of client PC hardware resources, and remote operations. The collaboration between the "admission service function *9" of NASCenter Net-ADM and Apresia makes it possible to establish a PC quarantine LAN system that can assess the conditions of security patches *10 or antivirus software in client PCs.

In the future, we intend to add a solution for detecting specific malware or abnormal packets in real-time by IDS *11 and IPS to forcibly isolate client terminals from networks, even if the client PC is connected to the corporate network following authentication.

Hitachi Cable plans to continue collaborating with our EnSEC partners, strengthen its security solutions products, and take advantage of sales routes opened through the Apresia sales partners to further expand our share in the Ethernet switch market for enterprises and service providers.

*1	Apresia is a registered trademark of Hitachi Cable, Ltd.
*2	NASCenter Net-ADM is a registered trademark of NURI Telecom Co., Ltd.
*3	EnSEC stands for Enforcement for Secure Connectivity, a security alliance program promoted by Hitachi Cable. We intend to meet rapidly diversifying security needs by ensuring compatibility between Apresia Authentication Switch and various devices, software applications, and services, including RADIUS servers and quarantine software. For information on EnSEC partners, please refer to the Supplementary Information given below.
*4	DHCP (Dynamic Host Configuration Protocol) server method: A method that implements quarantines by isolating pre-quarantine clients in a quarantine segment and changing IP addresses assigned to the client before and after the quarantine period. Users adopting DHCP can use this method simply by replacing their DHCP server with compliant devices. However, the system cannot provide quarantines if the user assigns fixed IP addresses to terminals.
*5	Personal firewall method: A method that implements quarantines by checking terminal status with a firewall installed on the terminal and by allowing communications only after confirming security. This method does not require servers and can be implemented simply by installing special software to terminals. However, PCs on which this special software is not installed are able to communicate when connected to the network.
*6	IPS (Intrusion Prevention System) method: A method that maintains security on in-house networks by checking communication status and blocking client communications exhibiting patterns identified as potential attacks. This method entails various issues, including false detections resulting from mistaken pattern interpretations, operational burdens such as periodic pattern updates, and relatively costly equipment.
*7	IEEE 802.1X: An authentication standard specified by the IEEE (Institute of Electrical and Electronics Engineers). The standard involves access control per port, primarily through RADIUS authentication. Windows 2000 and XP support IEEE 802.1X authentication by default.
*8	The Apresia NA's port-sharing mode allows quarantine of terminals connected to desktop switches and wireless LAN access points implemented under Apresia, enabling authentication of 300 terminals per Apresia switch.
*9	The admission service function is available in NASCenter NetADM version 2.4 or later.
*10	A patch refers to a file containing corrections made to fix problems in the OS or application software.
*11	IDS (Intrusion Detection System): A system that checks communication status. When it detects potentially abnormal communication patterns, it displays warnings on the administrator's terminal and collects and stores relevant communication records.

Supplementary Information

EnSEC Partner List (as of March 14, 2006)

Classification Product name Company name PC Quarantine LAN Solution NASCenter Net-ADM NURI Telecom Co., Ltd. [For example, protection against viruses on connected terminals]  SecureCube / PC Check (LAN-Blocker)  NRI Secure Technologies, Ltd. NOSiDE NTT Data Corp. F-Secure Quarantine Controller Japan F-Secure Corporation User authentication solutions Single Sign On (SSO) [Allows specific functions permitted after one-time authentication.] Single Sign On for Apresia Kyosai Create Co., Ltd. NSAS Sony Broadband Solutions Corp Fingerprint authentication [A type of biometric user authentication based on user fingerprints]  UB-Safe DDS, Inc. Hardware authentication [Authentication based on terminal hardware information] RegistGate NSI Co., Ltd. ROUD Oki Network Integration Co., Ltd. Signature authentication [A type of biometric authentication based on user-specific characteristics, such as handwriting]  C-Sign Server/Client Cyber SIGN Japan Inc. Matrix authentication [Authentication based on icons or other patterns displayed in a matrix] WisePoint Authenticator Falcon System Consulting, Inc. RADIUS (authentication) server full flex Accense Technology, Inc. Enterpras Standard Stellar Craft, Inc. Steel-Belted RADIUS Funk Software, Inc Terilogy Co., Ltd.