26 Special Issue | October 2014

BARC NEWSLETTERFounder’s DaySECURE NETWORK ACCESS SYSTEM (SNAS)

Gigi JosephComputer Division

Abstract

Cyber-security has emerged as an important issue because of the sophisticated cyber attacks on information as-

sets and industrial assets which lead to serious threats to power plant control and critical information of our

organization. It is a well known fact that cyber security related products sourced from other countries may have

built-in trap doors. Hence development of indigenous security solutions are very important. In April 2012, SNAS

was launched as a commercial product at national level by Dr. Srikumar Banerjee in the presence of Dr. Rajagopala

Chidambaram in Delhi. ECIL is providing marketing and support of SNAS. This article details some of the major

highlights of SNAS.

Shri Gigi Joseph is the recipient of the DAE Homi Bhabha Science &Technology Award for the year 2012

Introduction

Secure Network Access System (SNAS) is an

indigenously developed integrated host-aware

network security appliance. It secures any enterprise

network by intelligently sensing security threats

and responding to them automatically. With next

generation portable devices, network access has

become trouble-free. Users can be simultaneously

connected to multiple networks. But this renders the

concept of perimeter firewall based network security

useless. In such a scenario, firewalls need to be aware

of the endpoint status and health to counter the

threats to organizational networks.

SNAS combines the features of a perimeter

firewall with those of an endpoint security

solution to provide a bird’s eye view of the entire

network as well as detailed information about

each entity connected to it. SNAS is a highly

scalable system which can be easily configured

to suit the requirements of any small, medium or

large enterprise with varying security concerns.

It identifies the “who, what and where” of the

devices connected in the network. SNAS can

identify everything on your network – the devices,

their operating systems, applications running on

them and their network activities.

Fig.1: SNAS Appliance BOX

Home

NEXTPREVIOUS ê ê

CONTENTS

Special Issue | October 2014 27

BARC NEWSLETTERFounder’s DaySNAS Subsystems

SNAS has got many subsystems which themselves can

also be implemented as independent systems.

number, installed and running software and services.

If the security state of the end-system is such that

it casts negative impact on other devices then SNAS

can isolate it from the internal network also. This way

NeTwork Admission ConTrol (iNTACT)

module of SNAS ensures that the

end-systems remain unharmed by

compromised systems.

Host AwaRE security Policy Enforcement FIREwal (HEAR-FiRE)

If an end-system complies with the

security policy, the firewall rules are

dynamically manipulated so that it can

only access the network services that it is

authorized to. Once an end system has

securely gained access to the network,

continuous monitoring, threat analysis

and policy enforcement are provided

through intelligent integration

with other SNAS components.

This capability makes SNAS a Host

AwaRE security Policy Enforcement

FIREwall (HEAR-FiRE). The acronym

HEAR-FiRE stands for the capability

of SNAS to listen to the state of

hosts, check their security compliance and configure

the firewall rules accordingly.

Fig.2: SNAS Subsystems

NeTwork Admission ConTrol (iNTACT)

SNAS offers a comprehensive solution

for proactive network security by

determining the policy compliance

of the connected end-systems. End-

systems are allowed to access network

services only if they are in compliance

with the security policy defined for

them. The identification and subsequent

authentication of the end-systems can

be based on a multitude of factors.

Among others, these include IP, MAC,

location, generated network traffic,

running operating system, open

application ports, disk-partition serial Fig.3: SNAS End Point Policy Enforcement Architecture

28 Special Issue | October 2014

BARC NEWSLETTERFounder’s DayCompLete SEcUrity viSualisation (CELSiUS)

SNAS provides a CompLete SEcUrity viSualisation

(CELSiUS) of all the entities present in the network.

It measures the security state of the end-systems in

the network using various parameters. The SNAS

dashboard enables administrators to monitor the status

of the network. It provides them with an interface to

know what processes and services are running, whether

they are trusted or not, what software have been

installed, when they have been installed, what network

application ports are open on the devices, which

devices have connected to those application ports and

the traffic that is being generated by the systems.

This functionality is a major advancement to that

provided by traditional Intrusion Detection and

Prevention System (IDS/ IPS). The approach used

by SNAS is capable of detecting and mitigating

even those attacks whose packets do not reach the

SNAS appliance. SNAS can identify any malicious

behavior of end points in terms of network traffic,

applications and threat propagation. Endpoints

causing Denial of service (DOS) attack are detected

and isolated from the network in near real-time.

SNAS approach of integrated network admission

control and anomaly detection provides a dynamic

intrusion response and proactive prevention against

zero-day attacks

Fig.4: SNAS dashboard

Network and hoST Anomaly DEtection (iNSTEAD)

Network and hoST Anomaly DEtection (iNSTEAD)

ensures that whatever happens in the network is

trusted and any non-trusted behaviour is isolated.

SNAS Network Management Suite (NMS)

SNAS Network Management Suite (NMS) provides

a mechanism to monitor and manage the various

network devices and end-systems present in the

Special Issue | October 2014 29

BARC NEWSLETTERFounder’s Day

network. It provides the details about the device,

their configuration, current status, their link with

other devices and status of those links. It also helps

administrators in managing IP address allocation,

device movement and generating periodic reports for

the purpose of network auditing.

Rogue Detection with Isolation (RiD)

The Rogue Detection with Isolation (RiD) module of

SNAS ensures that as soon as any unknown device

enters the network, it can be identified and isolated in

near real-time. This module is able to scan a sufficiently

large network and detect and isolate unknown systems

in less than a minute. True to its name, this module rids

administrators from the menace caused by unknown

entities.

Backdoor Detection

Users connected to internal networks can connect

to external networks simultaneously using wireless

Fig.5: SNAS Security Visualization and NMS dashboard

devices e.g. USB dongles, smart-phones etc. This can

not only compromise the confidentiality of information

present on that system, but it can also be used as a

point to attack the enterprise’s internal network. SNAS

can detect endpoints which are connected directly to

outside networks. They pose a threat to organizational

security as they bypass all network security systems

and act as a bridge between outside world and

internal secure networks. Such end-points can be

easily detected by SNAS and blocked from using the

internal network while they are connected to external

networks.

USB Storage Management

USB based storage devices are prominently used for

data transfer between different machines. But they

also act as hub for the spread of viruses and worms

and pose a threat to network security. SNAS can track

the movement and usage of USB-storage devices

within the network. It can ensure that only authorized

USB-based storage devices are used on an end-system.

30 Special Issue | October 2014

BARC NEWSLETTERFounder’s Day

This will help in ensuring that there is no unintended

data loss from PCs through removable media. Also,

once a pen-drive is registered, the user can get full

details about when and where his/her pen-drive has

been used.

Network Bridging Sensor

When multiple isolated networks are extended to

user’s end, there is a definite chance of network

bridging. SNAS detects any bridging immediately and

disconnects the devices to keep your networks isolated.

Trust Monitor

SNAS monitors and mitigates the impact of untrusted

programs and services on the network. SNAS builds a

profile of trusted applications and services running on

Fig.6: SNAS USB Module

the endpoints. Patterns of newly found processes can

be monitored and easily analyzed to handle threats.

Conclusions

SNAS can be deployed in enterprise networks to replace

the existing firewalls between intranet segments (LAN)

and various demilitarized zones and WAN. SNAS will

ensure that the devices in the user segment comply

with security policy and all internal network attacks

are identified and mitigated. The SNAS security suite

provides a comprehensive solution for mitigation of

internal and external attacks. As on today, SNAS is

the only Indian integrated network security solution

present in the country. The SNAS is being accepted

as an Intranet security solution at national level and

installation of SNAS in various organizations including

strategic ones is in progress.