Policy Enforcement Module
Meru offers the industry's strongest security, with multiple layers of defense that can prevent attackers from detecting that a network exists, block unwanted packets in-flight and scan for rogue access points without disrupting voice traffic. The Policy Enforcement Module for System Director extends this protection even further, giving IT the power to authorize, segregate and control all wireless traffic. It ensures that users comply with all security policies even after they have authenticated to the network.
Benefits
- Per-User Firewall. Different users need to access different applications and different devices have different capabilities. The per-user firewall protects against insider threats and device theft by giving network administrators fine-grained control of security policies. Just as the Virtual Port gives each device a dedicated network link, the per-user firewall gives each one a dedicated firewall customized to its user's job function or identity.
- Rate Limiting. Firewall decisions don't have to be absolute. In addition to blocking traffic, the per-user firewall gives IT the flexibility to throttle packets or limit usage on either a per-user or per-application basis. The total bandwidth available to particular classes of users such as guests can also be restricted.
- GRE Tunneling. Guest traffic can be tunneled straight to the Internet so that guests are not given access to the internal network. Meru's implementation features multiprotocol support and monitoring of the end-to-end tunnel through Keepalive messages.
- Flow Signatures and Deep Packet Inspection. Most application firewalls use deep packet inspection to determine which application a packet represents. Meru uses this too, but can also classify traffic based on flow signatures – the individual characteristics of a particular application. This enables the firewall to classify even encrypted applications which are opaque to deep packet inspection.
