Current page : Network Access Control > Network Access Control(Tgate) > Introduction
NAC (Network Access Control)
Wired and Wireless Network
Access Control System
Tgate is a Network Access Control (NAC) system that checks
the security condition of all the wire and wireless endpoints that
have access to the network in order to protect company network
the and all endpoints completely.
Unsecured endpoints are the source of the problem for your internal security.
Tgate allows accelerated installation of required software on all endpoints within the network
-Various types of wired and wireless endpoints
that may access your network
Since the 03.20 network attack situations on both South Korea and Bank-N, which were caused by uncontrolled endpoints,
a ground-breaking solution is in demand. In order to prevent such security accidents in advance, an introduction
of NAC (Network Access Control) system can be established. This allows strong main control. Tgate allows implementation
of good anti-virus program (most current anti-virus software) to all company PCs in a shortest amount of time.
I thought installing anti-virus vaccine was enough.
I thought installing anti-virus vaccine on PCs are enough. I am constantly implementing security patch. But, I keep having PCs accidents. What is the problem?
The problem is at the order!
Vaccine and security-patch are both installed by
the company network. The problem is, in order to
cure installed PCs from malignant code, PCs first need to
be connected to the company server. This is the
mechanism why malignant program always operate
before the vaccine. Regardless of how good
the anti-virus program, because the order is wrong,
the problem cannot be solved.
NAC security, think concept of castle wall!
The concept of NAC security is like a castle wall.
Therefore, all the devices that have access to network are
completely separated before security check-up.
By allowing only good PCs with fair security condition to
have access to internal network, the safest internal
network can be maintained.
Tgate real-time NAC interlocks endpoint security threats to a network security equipment
(IPS, UTM, Security switch, APT..) to detect and block threats in real-time.
Integrated control is not an individual management, but an effective and
powerful system built to operate security management through real-time policy to be
in compliance to numerous security related legislations including personal
information protection act, copyright protection act.
Real-time NAC should be mandatory, not an option.
Tgate is a solution where all the connected devices can be controlled according to main security policy, and only approved and quarantined device may have internal access. This technology has logical network separation to keep the company's internal network safe from external network that work likes a buffer zone. The result is strong protection of internal network from unapproved user or devices.
Current page : Network Access Control > Network Access Control(Tgate) > Features
NAC Network Access Control Fucntion
Internal and external employees' access to the company's network
Internal and external employees' access to the company's network
Tgate prevents the access
of those without authorization
by mandating ID/PW, IP,
MAC Address and cell phone
authentication of all the users.
Integrity check through
Administrators policy
Even after authorization, only
the endpoint devices that have
passed integrity policy may have
accessto the company’s network.
Devices thatgo against the integrity
policy are quarantined and
treated before accessing the
company’s network.
Utilize audit reports
The company’s internal system traffic can be written in reports. Therefore, statistic figure can be used as a report.
Critical server protection by
Right management
Even after the user authorization
and accessing internal network,
depending on the policy, different
authorities are given to allow
resource management and control
as well as safe internal
security environment.
Network permission
Access to company’s internal network.
NAC has a solid foundation. Approval > Quarantine > Access
PRE-ADMISSION Authorization
Wireless Endpoint Authorization
Detect and authorize all wireless Endpoints that use wireless Wi-Fi such as Android phones,
iPhone and iPad.
Wired Endpoint Authorization
Detect and authorize all wired Endpoints that are connected through wire such as notebooks,
desktop PCs, Printers and Internet telephones.
User Authorization
Check and authorize all wire and wireless endpoint users that are trying to have access to the
company’s network. User check may be done only once at the first usage. Every morning,
reauthorization request is possible as well.
Proper ID(Authentication)issuance
We create and operate proper ID (authentication) that combine various discriminable values such as
IP, MAC, HDD Serial number and user name. This lets only the authorized endpoint owner using the
end point and connect to internal server. Therefore, replication or falsification is impossible.
Various types of HR DB Connection Possible
We support the company’s own Human Resources DB, Active Directory, LDAP and various
HR account system’s inter-connection.
Single-time / Multiple user PC
Non-user Addition Function – we can authorize use of specific additional Endpoints.
Visitors use internet only
For visitors that want to merely use internet, internal access connection is blocked,
and only internet access is given. This allows secured internal infrastructure
and convenience at the same time.
PRE-ADMISSION Check-up
Install required software / Mandate removal of malignant software
Before accessing the internal network, installation of required security program
such as vaccine is mandated. The system also mandates deleting programs
that may incur malignant code such as P2P program.
Use of various methods to check the existence of file/software
The system has various methods such as file name, process name, service name
and registry value in order to check the existence software and files
Block illegal wireless sharing device
Wireless sharing device that the employees installed without the company’s authorization
may work as a security hole and gateway to malignant code. Wireless sharing device
installed without authorization is detected and blocked.
Distinguish actual PC from virtual machine
Our system detects operation system run by Virtual Machine. By distinguishing it from actual
PC, the systems decides whether the endpoint is security threat subject or not.
Synergy through linking Patch Management System and Common Software Management
By connecting with MLsoft’s Patch Management System (TCO!hotpatch), newest Security Patch
can be applied conveniently to maximize security optimization. Furthermore, by connecting with
common SW management system (TCO!sam), unauthorized common SW user can be restricted in advance.
POST-ADMISSION
Regular Software Check-up after Authorization
Even the endpoints that are already connected to internal network are regularly checked-up for security.
Therefore, upon finding an endpoint that does not adhere to the company’s security policy i.e.
suspending vaccine process, the system immediately segregate the endpoint
to protect the company’s infrastructure.
Security Level Differentiation / Department-based Access Control
Even the endpoints that are already connected to internal network are regularly checked-up for
security. Therefore, upon finding an endpoint that does not adhere to the company’s security policy i.e.
suspending vaccine process, the system immediately segregate the endpoint to
protect the company’s infrastructure.
Automatic Communication Shut-down upon irregular traffic occurrence
Upon finding PC that generate traffic that is above the standard, the PC’s communication
is immediately cut off and isolated from internal network.
Window Lock Function during absense
When the PC user is absent for a designated period of time, window screen is automatically
locked so that others cannot access the PC without permission.
TGATE Main function
Real time terminal control
Real time terminal user identification
Real time terminal log monitoring
Real time threat detection response ( Warning/ Blocking)
Realtime terminal log threat search
Realtime PC based traffic block
Real time network based control
Automatic terminal information collection
Real time IP/Mac detection
Terminal endpoint detection (PC, android, Iphone, Ipad, VoIP phone..)
Terminal On/Off status detection
Hardware information collection (CPU,RAM,HDD,Video card, Monitor,CDROM, Soundcard)
Software information collection
Terminal Operating system detection (Microsoft, Mac, Linux..)
IP managemen
IP user mapping (IP real name )
IP collision protection
Fixed DHCP server
IP traceability
IP-enabled application / system approval
User Authentication
PC based authentication agent (Supports Windows)
Web based authentication screen (Windows PC / Mac / Linux / mobile devices supported)
Interlocks Active Directory, LDAP, SSO, RADIUS and other authentication method
Existing personnel DB linkage (Oracle, MySQL, MSSQL, AD, LDAP etc.)
Software integrity check
Network control for failed sofware integrity check (warning / blocking )
Mandatory Software Inspection inspection (non compliant PC Downloads)
Malicious software installation inspection
Latest patch compliance inspection
Illegal software installation inspection
Vaccine sofware instllation inspection
PC Advanced Security
Enforce automatic OS update
Enforce Windows Firewall settings
Remove trash
Remove Security tab of a file / folder
Block CMD usage (more than 30 advanced OS control functions)
Terminal network management
Block Tethering
Block unlicensed Wireless AP
Block bluetooth, T-login, Wibro connection
Gather open port terminal information
Group network access control
Device use restriction
Monitor/ block USB port
Monitor/ block CD-ROM
Monitor/ block network drive
Control serial port/ parallel port/ infrared port/ MTP port (more than 10 communication function)
Privacy protection
Personal information inspection (Social security number/ email address/ cellphone number/ credit card number/ including 10 other patterns)
Specific file inspection ( microsoft office, zip file, mail..)
User custom pattern inspection
Encrypt detected personal information file
Current page : Network Access Control > Network Access Control(Tgate) > Strengths
Out-of-band method does not require reconfiguration of network equipment. Even in the occurrence of error,
it does not affect other networks at all.
Our system supports both the Agentless and Agent Method. Depending on the stage of authorization,
decision can be made to whether or not to install the Agent
By seamlessly connecting already installed IP Management Solution (TCO!secuIP), Asset Management Solution
(TCO!stream), Patch Management Solution, we maximize the use of existing infrastructure without additional
installation or removal. Therefore, installation is simple and installation cost can be minimized as well.
With just a simple click of a button, you can easily manage policy setting on the UI. This makes the solution easy to use.
We got rid of management complication through connected policy operation of PC Security management, IP management and asset management.
According to purpose of introducing NAC, we provide various forms of solution catered to each company’s situation. This allows tailored control.
Our system enable to check the condition of all wire and wireless endpoints connected to the network in real-time.
Our technology has its base in approved core system with the experience of controlling the largest scale PCs in Korea(single serve standard of 200,000 PCs).
Network Access Control(NAC), IP Management System (IPMS), Desktop Management System (DMS) and Patch Management System (PMS)are all self-developed. Therefore, strong control management is possible.
Safely control all the endpoints that are connected to network including PCs, smartphones, iPads..
Through a logical network separation technology, it can secure the corporate’s internal network from the external network that act as a buffer zone, internal network is protected from unauthorized users or devices.
Regardless of the types of endpoints such as PC, notebook, smartphone and tablet PC, all the connected network devices undergo authorization
Tgate’s safety is approved by numerous success cases. Furthermore, all the technology for NAC is self-developed by research staff. This allows us to provide service support and customization.
Concept is easy but realizing difficult.
NAC should be chosen after carefully weighing various factors.
So, why do leading companies choose Tgate?
To effectively operate Network Access Control (NAC), IP Management System (IPMS) collects applicable subject,
Cental PC Management System (DMS) maintains integrity and manages security condition,
and Patch Management System (PMS)is needed.
All these system interlocks to control and manage endpoints effectively.
NAC Technology
IP Control Technology
Security Patch Technology
PC Control Technology
For over 20 years, MLsoft has provided IP Management System (IPMS), Desktop Management System (DMS), SW Management Sytem and Patch Management System (PMS) to around 2000 public institutions and companies. MLsoft’s is being recognized by many organization’s for its technology and stability. Also, MLsoft is a specialized company that provides endpoint control system to a large scale clients of more than 150,000 PCs.
It is the only Korean company that self-develops all of IPMS, DMS, PMS and NAC system and seamlessly operates every system. Therefore, safer and stronger endpoint control and management is made possible.
Current page : Network Access Control > Network Access Control(Tgate) > Structure
