• Introduction
  • Features
  • Strengths
  • Structure

NAC (Network Access Control)

Wired and Wireless Network
Access Control System

Tgate is a Network Access Control (NAC) system that checks
the security condition of all the wire and wireless endpoints that
have access to the network in order to protect company network
the and all endpoints completely.

Unsecured endpoints are the source

of the problem for your internal security.

Tgate allows accelerated installation of required software
on all endpoints within the network.

- Various types of wired and wireless endpoints
that may access your network

Since the 03.20 network attack situations on both South Korea and Bank-N, which were caused by uncontrolled endpoints,
ground-breaking solution is in demand. In order to prevent such security accidents in advance, an introduction
of NAC (Network Access Control) system can be established. This allows strong main control. Tgate allows implementation
of good anti-virus program (most current anti-virus software) to all company PCs in a shortest amount of time.

I thought installing anti-virus
vaccine was enough.

I thought installing anti-virus vaccine on PCs are enough.
I am constantly implementing security patch.
But, I keep having PCs accidents.
What is the problem?

The problem is at the order!

Vaccine and security-patch are both installed by
the company network.
The problem is, in order to
cure installed PCs from malignant code, PCs first need to
be connected to the company server.
This is the mechanism why malignant program
always operate before the vaccine.
Regardless of how good the anti-virus program,
because the order is wrong, the problem cannot be solved.

NAC security, think concept
of castle wall!

The concept of NAC security is like a castle wall.
Therefore, all the devices that have access to network are
completely separated before security check-up.
By allowing only good PCs with fair security condition to
have access to internal network, the safest internal
network can be maintained.

Tgate real-time NAC interlocks endpoint security threats to
a network security equipment(IPS, UTM, Security switch, APT..) to detect and
block threats in real-time. Integrated control is not an individual management,
but an effective and powerful system built to operate security management
through real-time policy to be in compliance to numerous security
related legislations including personal information protection act,
copyright protection act. Real-time NAC should be mandatory, not an option.

Tgate is a solution where all the connected devices can be controlled
according to main security policy, and only approved and quarantined device
may have internal access. This technology has logical network
separation to keep the company's internal network safe from
external network that work likes a buffer zone.

NAC Network Access Control Fucntion

NAC has a solid foundation. Approval > Quarantine > Access

PRE-ADMISSION Authorization

Wireless Endpoint Authorization

Detect and authorize all wireless Endpoints that use wireless Wi-Fi such as Android phones,
iPhone and iPad.

Wired Endpoint Authorization

Detect and authorize all wired Endpoints that are connected through wire such as notebooks,
desktop PCs, Printers and Internet telephones.

User Authorization

Check and authorize all wire and wireless endpoint users that are trying to have access to the
company’s network. User check may be done only once at the first usage.
Every morning, reauthorization request is possible as well.

Proper ID(Authentication)issuance

We create and operate proper ID (authentication) that combine various discriminable values such as
IP, MAC, HDD Serial number and user name. This lets only the authorized endpoint owner using
the end point and connect to internal server. Therefore, replication or falsification is impossible.

Various types of HR DB Connection Possible

We support the company’s own Human Resources DB, Active Directory, LDAP
and various HR account system’s inter-connection.

Single-time / Multiple user PC

Non-user Addition Function – we can authorize use of specific additional Endpoints.

Visitors use internet only

For visitors that want to merely use internet, internal access connection is blocked,
and only internet access is given. This allows secured internal infrastructure
and convenience at the same time.

PRE-ADMISSION Check-up

Install required software / Mandate removal of malignant software

Before accessing the internal network, installation of required security program
such as vaccine is mandated. The system also mandates deleting programs
that may incur malignant code such as P2P program.

Use of various methods to check the existence of file/software

The system has various methods such as file name, process name, service name
and registry value in order to check the existence software and files

Block illegal wireless sharing device

Wireless sharing device that the employees installed without the company’s authorization
may work as a security hole and gateway to malignant code. Wireless sharing device
installed without authorization is detected and blocked.

Distinguish actual PC from virtual machine

Our system detects operation system run by Virtual Machine. By distinguishing it from
actual PC, the systems decides whether the endpoint is security threat subject or not.

Synergy through linking Patch Management System
and Common Software Management

By connecting with MLsoft’s Patch Management System (TCO!hotpatch), newest Security Patch
can be applied conveniently to maximize security optimization. Furthermore, by connecting with
common SW management system (TCO!sam), unauthorized common SW user can be restricted in advance.

POST-ADMISSION

Regular Software Check-up after Authorization

Even the endpoints that are already connected to internal network are regularly checked-up for security.
Therefore, upon finding an endpoint that does not adhere to the company’s security policy i.e.
suspending vaccine process, the system immediately segregate the endpoint
to protect the company’s infrastructure.

Security Level Differentiation / Department-based Access Control

Even the endpoints that are already connected to internal network are regularly checked-up for
security. Therefore, upon finding an endpoint that does not adhere to the company’s security policy i.e.
suspending vaccine process, the system immediately segregate the endpoint to
protect the company’s infrastructure.

Automatic Communication Shut-down upon irregular traffic occurrence

Upon finding PC that generate traffic that is above the standard, the PC’s communication
is immediately cut off and isolated from internal network.

Window Lock Function during absense

When the PC user is absent for a designated period of time, window screen is automatically
locked so that others cannot access the PC without permission.

Tgate Main function

Real time terminal control Real time terminal user identification
Real time terminal log monitoring
Real time threat detection response ( Warning/ Blocking)
Realtime terminal log threat search
Realtime PC based traffic block
Real time network based control
Automatic terminal information collection Real time IP/Mac detection
Terminal endpoint detection (PC, android, Iphone, Ipad, VoIP phone..)
Terminal On/Off status detection
Hardware information collection (CPU, RAM, HDD, Video card, Monitor, CDROM, Soundcard)
Software information collection
Terminal Operating system detection (Microsoft, Mac, Linux..)
IP management IP user mapping (IP real name)
IP collision protection
Fixed DHCP server
IP traceability
IP-enabled application / system approval
User Authentication PC based authentication agent (Supports Windows)
Web based authentication screen (Windows PC / Mac / Linux / mobile devices supported)
Interlocks Active Directory, LDAP, SSO, RADIUS and other authentication method
Existing personnel DB linkage (Oracle, MySQL, MSSQL, AD, LDAP etc.)
Software integrity check Network control for failed sofware integrity check (warning / blocking )
Mandatory Software Inspection inspection (non compliant PC Downloads)
Malicious software installation inspection
Latest patch compliance inspection
Illegal software installation inspection
Vaccine sofware instllation inspection

Tgate Optional Features

PC Advanced Security Enforce automatic OS update
Enforce Windows Firewall settings
Remove trash
Remove Security tab of a file / folder
Block CMD usage (more than 30 advanced OS control functions)
Terminal network management Block Tethering
Block unlicensed Wireless AP
Block bluetooth, T-login, Wibro connection
Gather open port terminal information
Group network access control
Device use restriction Monitor / block USB port
Monitor / block CD-ROM
Monitor / block network drive
Control serial port/ parallel port/ infrared port/ MTP port (more than 10 communication function)
Privacy protection Personal information inspection (Social security number/ email address/ cellphone number/ credit card number/ including 10 other patterns)
Specific file inspection ( microsoft office, zip file, mail..)
User custom pattern inspection
Encrypt detected personal information file

Out-of-band method does not require reconfiguration of network equipment. Even in the occurrence of error,
it does not affect other networks at all.


Our system supports both the Agentless and Agent Method. Depending on the stage of authorization,
decision can be made to whether or not to install the Agent


By seamlessly connecting already installed IP Management Solution (TCO!secuIP), Asset Management Solution
(TCO!stream), Patch Management Solution, we maximize the use of existing infrastructure without additional
installation or removal. Therefore, installation is simple and installation cost can be minimized as well.

With just a simple click of a button, you can easily manage policy setting on the UI. This makes the solution easy to use.


We got rid of management complication through connected policy operation of PC Security management, IP management and asset management.


According to purpose of introducing NAC, we provide various forms of solution catered to each company’s situation. This allows tailored control.


Our system enable to check the condition of all wire and wireless endpoints connected to the network in real-time.

Our technology has its base in approved core system with the experience of controlling the largest scale PCs in Korea
(single serve standard of 200,000 PCs).


Network Access Control(NAC), IP Management System (IPMS), Desktop Management System (DMS) and
Patch Management System (PMS)are all self-developed. Therefore, strong control management is possible.


Safely control all the endpoints that are connected to network including PCs, smartphones, iPads.

Through a logical network separation technology, it can secure the corporate’s internal network from the external network
that act as a buffer zone, internal network is protected from unauthorized users or devices.

Regardless of the types of endpoints such as PC, notebook, smartphone and tablet PC, all the connected network devices
undergo authorization

Tgate’s safety is approved by numerous success cases. Furthermore, all the technology for NAC is self-developed by
research staff. This allows us to provide service support and customization.

Concept is easy but realizing difficult.
NAC should be chosen after carefully weighing various factors.
So, why do leading companies choose Tgate?

To effectively operate Network Access Control (NAC), IP Management System (IPMS) collects applicable subject,
Cental PC Management System (DMS) maintains integrity and manages security condition,
and Patch Management System (PMS)is needed.
All these system interlocks to control and manage endpoints effectively.

NACS : Network Access Control System

IPMS : IP Management System

PMS : Patch Management System

DMS : Desktop Management System

For over 20 years, MLsoft has provided IP Management System (IPMS), Desktop Management System (DMS),
SW Management Sytem and Patch Management System (PMS) to around 2000 public institutions and companies.
MLsoft’s is being recognized by many organization’s for its technology and stability. Also, MLsoft is a specialized
company that provides endpoint control system to a large scale clients of more than 150,000 PCs.


It is the only Korean company that self-develops all of IPMS, DMS, PMS and NAC system and seamlessly operates
every system. Therefore, safer and stronger endpoint control and management is made possible.

Tgate operating environment

Blog
Location
Email Contact
Cutomer Center

+

···