ALE OmniSwitch may be the most secure switch on the market

Steven Kleinpeter heashot
September 07, 2021

Security is a top priority in federal networks. OmniSwitch is the switch of choice to deliver the zero trust network security governments demand.

In today’s high-tech world, zero trust network security has become one of the federal government’s most critical concerns — particularly in light of the recent incursions into U.S. infrastructure by both state and rogue actors. In fact, cybersecurity has become so critical, advanced micro-segmentation zero trust network security architecture has become the “Gold Standard” for LAN networking. Whether it’s stealing subscriber, employee, customer, or taxpayer data, or holding entire company networks for ransom, the critical nature of network security has exploded before us and with it the recognition that networks once thought secure — are probably no longer.

For U.S. government departments and agencies, using the most secure equipment available, has become not only critical, but is now a matter of sustenance. For agencies to continue to operate and to support the missions they are assigned, cyber-attacks must be addressed head-on.

Fortunately, Alcatel-Lucent Enterprise has stepped to the forefront with the Alcatel-Lucent OmniSwitch® family of products, delivering the capabilities required to ensure federal and critical infrastructure networks have the security required to meet today’s challenges. The OmniSwitch family serves critical needs in civilian and defense networks supporting aircraft landing systems, nuclear power-plant operations, critical navigation systems and high- quality, real-time video surveillance for both security and new operational management models. Alcatel-Lucent OmniSwitches have been embedded in federal networks for more than 20 years without a single security incident being reported. Combined with the extreme durability of the OmniSwitch (confirmed by multiple destructive barge tests), these performance characteristics are just part of the reason the OmniSwitch is JITC Certified, on the DoD APL, and deployed throughout the U.S. Navy fleet. The OmniSwitch also provides critical functionality to support the development and deployment of micro-segmentation zero trust network security architectures.

The OmniSwitch is designed with a number of capabilities embedded to assure network security. One of the most critical is the Alcatel-Lucent Enterprise Secure Code.  Secure Code steps above and beyond required standards to deliver what may be the most secure switch available today. Critical steps include:

  • Independent third-party verification and validation: Source code analysis, white box, and black box testing by a company specializing in cybersecurity to eliminate  vulnerabilities including:
  • Back-door threats
  • Embedded malware
  • Exploitable vulnerabilities
  • Exposure of proprietary and/or classified information
  • IV&V addresses external interfaces:
  • HTTPS Interface
  • Login Interface
  • NTP Interface
  • Command Line Interface
  • IP Port Usage
  • SNMP Interface
  • Data Packet Interface
  • Software diversification: ALE software implements Address Space Layout Randomization (ASLR). Each switch boot dynamically generates a unique memory layout.
  • Secured delivery of products: The ALE U.S. supply chain process enables designation of OmniSwitch models as TAA Country of Origin (CoO) USA with all operational software loaded in a USA-based facility.  Additionally, the company performing the IVV testing retains the AOS code after validation testing and, over a secure connection, is able to provide the software directly to specific USG customers.

These steps — independent software verification, software diversification, and secure delivery of software products — which are unique to ALE, bring a new level of security and confidence to network switch standards.

Simplicity is a security feature

We believe the easier it is to operate and manage a network, the more automation that has been built into it, and the fewer steps or systems needed to support the network, the more secure the network will be. This is true because simplicity reduces the potential for errors which can leave areas vulnerable. The ALE OmniSwitch takes simplicity to the next level with:

  • Security by default: Administrators must enable remote access on the OmniSwitch, which is the opposite of most other switches where all accesses to the switches/routers is turned on by default and the administrators are left to figure out how to secure the device.
  • No software packages to purchase and track: Every feature and capability, even ALE secure code, is included with the price of the switch — no modules to add, no upgrades to purchase. All the software is included.
  • JITC, NDcPP, FIPS approved switches: Edge, hardened, core — use the same secure level code.
  • Protection of the OS and management module from a host of DDOS attacks that are typically used to cause the CPU to go 100% utilization.
  • All OmniSwitches on the network can be configured to block the addition of  unapproved devices to the network. ALE Internet of Things (IoT) containment, device fingerprinting, and intelligent Fabric  (IFab) automatically identify devices requesting access to the network and based on established permissions, can either allow access, block access, or allow restricted access to only a portion of the network. IoT containment provisions known devices into their own secure container, and places unknown devices into a restricted container within the network. This provides a secure way for all new IoT devices to be provisioned without administrator action and assures that the network is protected from unknown devices.
  • In a micro-segmentation zero trust security architecture, these already established capabilities allow the administrator to authenticate, classify and monitor users and devices based on their specific roles-defined in a Universal Network Profile- not just their functional group — providing access to only the specific elements in the network required for their roles.
  • Deep Packet Inspection (DPI): Network administrators can see and manage users, traffic, and applications on the network. Detailed information on who, or what is using network bandwidth allows greater administrator control and can help identify and block potential problem areas quickly.
  • The Alcatel-Lucent OmniVista® Network Management single management system manages the entire network including data center, edge, wireless, and other vendors’ switches. All ALE switches can be updated with the latest code at the same time — less complexity to manage—more systems  lead to more mistakes and more administration time.  The OmniVista Unified Policy Authentication Management module is a unified access management platform that includes both a customizable captive portal and a RADIUS server and can implement multiple authentication methods which are critical in a Zero Trust Network Architecture.
  • Operation at wire-rate speeds. The speed you buy is the full speed you get. This is essential in supporting and managing critical applications on the network.
  • Shortest Path Bridging (SPB) is a network protocol designed to support the building and operation of a less complex network. SPB dynamically builds and maintains the network typology between nodes, unlike some network protocols which require a stack of protocols to ‘touch provision’ every switch. SPB load shares and uses all available physical connections making more bandwidth available. SPB allows adds, removal and relocation of virtual machines using software configuration and supports automatic configurations to prevent human errors.
  • Combining the OmniSwitch multicast capability with SPB and wire-rate speeds, provides a top tier platform for supporting video applications including real-time video surveillance and real-time management of remote operations using video.

Many real-time networks, operating in extreme environments, have chosen the OmniSwitch — the best hardened switch on the market, and the only hardened switch supporting SPB. Today’s federal networks are likely to have multiple locations that require support in extreme environments. The OmniSwitch is a full-featured hardened switch — with all the capabilities of other switches in the network.

Keeping it simple for the Department of Defense and civilian agencies means one operating system, one management system, Secure Code, and durability. These elements have combined to support the U.S. Navy, where OmniSwitches have been deployed for more than 20 years, delivering the lowest Total Cost of Ownership (TCO), with what we believe may be the most secure switch on the market. Learn more about the Alcatel-Lucent OmniSwitch product family.

Steven Kleinpeter heashot

Steven Kleinpeter

Director of Alcatel-Lucent Enterprise US Federal Sales

Steven Kleinpeter has been the Director of Alcatel-Lucent Enterprise US Federal Sales for 11 years, and has over 30 years’ of experience in Federal Communication networking.

About the author

Latest Blogs

Cybersecurity blog featured image

A holistic security strategy optimises cybersecurity costs

Enterprises must assess their needs, reduce overlap and make a comprehensive plan to stretch their cybersecurity budgets.

Control room image for blog post
OmniPCX Enterprise Communication Server

Communications: The heart of an Operations Control Centre

Next-generation OCC enables mission-critical communications, improves efficiency and transport operators’ decision-making.

Building 5.0: Thinking outside the box blog image

Building 5.0: Thinking outside the box

Building as a Service expands building evolution with truly intelligent buildings, impacting smart cities and sustainability.

Rainbow Office-Teams blog callout image 400x226
Cloud Communications

Integrate Rainbow Office with Teams for advanced telephony

Improve user experiences and maximise investments with enterprise-grade telephony from Rainbow Office with Teams integration.