World Wide Packets 

LightningEdge® Operating System (LE-OS)  

Security to Protect the Access Network

LE-OS delivers an advanced set of security features to protect the access point of the network and to be fully interoperable with security protocols in the core of the network. LE-OS implements security tools at the access point of the network, including user authentication and dynamic policy-based network access solutions. Advanced authentication protocols, such as IEEE 802.1x Port-based network access control, are based on password encryption and can be authenticated through a RADIUS server for comprehensive network-wide security coordination. Policy-based network access implements advanced Service Access Control that can be configured with dynamic or static access control lists. LE-OS supports both ingress and egress port filtering as well as Layer 2 + Layer 4 protocol filtering. In addition, LE-OS supports SSH2 for an encrypted management channel when connecting systems over an insecure network (such as the Internet).

LE-OS Security Features

  • Security features operate at full line-rate
  • SSH File Transfer Protocol (SFTP) for secure file transfer
  • VLAN ingress filtering prevents VLAN leakage
  • Egress port restriction eliminates customer cross-talk over a shared distribution infrastructure
  • Dynamic and static Service Access Control (Access Control Lists, ACLs)
  • User authentication
    • • Local or RADIUS authentication
    • • MD5 encryption of passwords
    • • 3 levels of privilege (Limited, Super, Diagnostic)
  • Ingress Protocol Filtering
    • • MAC address types
    • • TCP/UDP ports
    • • IP protocols
    • • User defined filters
    • • Per-port per-VLAN
  • Broadcast Containment and Unknown Multicast Filtering (UMF) prevents broadcast and multicast Denial of Service (DoS) attacks

Note: implementations vary by platform. Check platform data sheet for specific LE-OS feature support.

Continue