This article can also be found in the Premium Editorial Download "Information Security magazine: Lessons learned from good and bad NAC implementations."
Download it now to read this article plus other related content.
Price: Starts at $1,500 for Altor Center Enterprise and $500 per agent
The explosive growth of virtualized x86 environments over the past several years has challenged traditional security vendors to adapt their appliance/server mentality to a radically different computing environment. The existing approaches to network segmentation, intrusion detection and traffic monitoring have to be rethought. It is an especially daunting task to secure potentially hundreds of virtualized switches sitting on dozens of physical servers connecting hundreds, if not thousands, of virtual machines when there is no guarantee that these virtual switches have any sort of physical connection to the enterprise data center.
Altor Networks seeks to address this problem with Virtual Network Security Analyzer (VNSA) product. Altor has an intriguing concept with VNSA and the as yet unreleased Virtual Network Firewall (VNF), but while it works very well as far as it goes, the concept is not yet ready for prime time.
Altor is clearly aiming at enterprise-level VMware deployments and requires a VMware Virtual Infrastructure 3 (VI3) install. This makes sense, given the market dominance of VMware, but you'll have to search for a Citrix XenServer or Microsoft Hyper-V solution.
Installation is almost childishly simple and consists of simply creating a port group in promiscuous mode on the virtual switches you wish to monitor (to allow network sniffing by the VNSA appliance) and the installation of a VM with the complete Altor VNSA application. You can install the VM either by unpacking a complete image from a standard zip archive or by downloading an Open Virtual Machine Format (OVF) file directly from within Virtual Center.
Once the VM is installed, you must assign the VNSA NICs to the preconfigured promiscuous mode port groups, then power on the VM to perform the expected basic network configuration (IP address, time zone, etc) and assign passwords to the local Altor accounts. The entire process takes minutes and is a perfect example of how virtual appliances should be packaged and distributed.
Altor worked like a charm and didn't cause any conflicts with our existing setup.
This was first published in September 2008