NAICE: access to corporate network under control
26 December 2024 NAICE is a new Eltex software system for managing access to corporate networks. It provides comprehensive connection control for both wired and wireless devices using flexible access policies.We are actively developing NAICE, the current version is 0.7. A wide range of functions is already supported, making the system a universal and convenient tool for effective control of connections to the corporate network.
Multi-vendor compatibility. NAICE is compatible with Eltex and other vendors' equipment. The solution allows you to flexibly configure device policies and profiles for use with different network solutions.
Centralized management. Access and connection management is carried out via a user-friendly web interface. Administrators can create access policies, monitor connections in real time, and manage user rights.
Built-in documentation. Detailed documentation is available in the web interface of the system, administrators can quickly find the necessary information.
Fault tolerance. The system supports clustering according to the 1+1 (Active-Active) scheme for high availability. In case of a failure of one server, another takes over its functions, ensuring smooth operation.
Integration with MS CA. Microsoft Certificate Authority is supported, which allows you to verify the authenticity of certificates and block access to devices with revoked or expired certificates.
Network segmentation. NAICE enables network segmentation based on connection parameters such as VLAN and ACL, which simplifies access control and increases network security.
Event log. The system logs all access events. This allows administrators to audit and monitor authentications and identify connection problems.
Authentication and authorization. For a high level of security, the equipment is connected using the RADIUS and 802.1x protocols (EAP-TLS, EAP-PEAP), as well as MAB for devices without 802.1x support.
Integration with corporate databases. NAICE works with external corporate Active Directory and LDAP directories, which makes it possible to use existing accounts for access control.
Access rights configuration. Administrators can set access rights based on policies that include many parameters, such as groups or user attributes.
Development plans
We plan to expand the capabilities of NAICE next year. At the moment, the development of the following functions is considered a priority:
- control of access to equipment using the TACACS+ protocol;
- RADIUS CoA – change of access rights without having to reconnect equipment;
- self-registration portal (BYOD);
- portal authentication by SMS or phone call.