A modified graphic of a computer network is the logo for AEP Networks, a provider of remote access and data security products, including public key infrastructure solutions and our award-winning SSL VPN internet security appliances.
Home Contact Us
 
 
home » products » identity-based access & resource control » IDpoint

AEP IDpoint: Advanced Identity-Based Access Control (IBAC)


AEP IDpoint™

Granular identity-driven access control to critical data center resources

AEP IDpoint is an advanced identity-based access control (IBAC) appliance that sits in-line in front of critical, high-value networked application resources/servers in the data center as a hardened policy enforcement point. It inserts a secure, unique cryptographic representation of user identity, called AEP PacketTag™, into every IP packet destined for a protected resource as proof of who accessed the resource.

Enforce policy and control access

Designed for the enterprise, IDpoint is placed directly in front of applications or servers containing sensitive information, and uses the identity of a user and/or machine to enforce access polices. Unauthorized network traffic is stopped from getting through. If your network contains confidential personal information, credit card data, medical records, account numbers, intellectual property, financial reports or any other critical business assets, IDpoint can help ensure that your users are restricted to specific assets on a “need to know” basis.

IDpoint's Web-based administration allows for centralized policy definition and management. User and group identity is harvested from existing directory systems without extensions (e.g. NTLM, Active Directory, LDAP, RADIUS, 2-factor, smartcards), while device identity is determined via AEP Client Machine Identity (CMID) technology.

Click to Enlarge

Network segmentation

IDpoint eliminates inappropriate viewing of the network topology making protected resources undetectable to unauthorized users. This allows organizations to segment their network and isolate critical resources from exposure - even unauthorized pings are dropped.

AEP PacketTag™ technology

PacketTag is deployed through the IDpoint token, which resides silently in the background on client machines that require access to protected resources. When needed, the token employs PacketTag technology to embed a secure, unique cryptographic representation of user identity – a “digital fingerprint” – into only those IP frames destined for protected resources guarded by IDpoint, enabling non-refutable logging and reporting functions. Only packets that meet IDpoint's policy rules are allowed to pass through to the protected data. Other traffic is blocked at the IDpoint interface and dropped from the network.

Auditing & regulatory compliance

Compliance and regulatory considerations force organizations in many industries – healthcare, financial, retail and government, among others – to prove that they have incorporated effective technology to protect confidential data. IDpoint provides proof of all access attempts – both successful and unsuccessful - with traceable, verifiable user identity in every packet. An extensive audit trail of identity-correlated logging and management reports shows who accessed what critical information resources from where, when and for how long. Also, because it enables network segmentation (“security zones”), IDpoint can limits the scope of costly audits.

Stealth-mode policy enforcement

IDpoint functions as a transparent “identity firewall” silently inspecting packets at wire-speed across two independent Gb/s enforcement paths. This makes IDpoint invulnerable to the exploits typically launched against network-based security devices, such as denial of service attacks.

Zero network reconfiguration

Designed without IP addresses on the enforcement paths, IDpoint can be placed anywhere on the network, independent of existing routers, subnets, switch infrastructure, authentication, firewall, IDS/IPS, IP address topology or other applications. With no IP addresses and a bump-in-the-wire architecture, IDpoint can be installed quickly and easily into virtually any network topology.

Targeted NAC endpoint integrity checks

Rather than imposing complex NAC across the network, IDpoint determines the health status (anti-virus, client firewall and malware) of devices as they attempt to access protected resources and incorporates that information into policy decisions before allowing access to critical systems.

Remote access identity enforcement

IDpoint tightly integrates with the AEP Netilla SSL VPN for remote access users. While other VPNs lose the user's identity in the DMZ, IDpoint extends identity enforcement from the WAN through to the network edge by injecting PacketTag information into the user's data stream at the remote endpoint. In this way, all members of an organization's user community (LAN, WAN & remote/mobile users) can be included in identity-driven access decisions.

For more information about AEP IDpoint, including detailed features and technical specifications, please refer to the IDpoint product datasheet.

 
Related Resources:
 
 
Datasheets
AEP IDpoint
White Papers
Envisioning Identity-Based Access Control for the Datacenter
   
Ensuring Security and Compliance Through Policy-based Networking
 
 
 
Other Resources
Secure Access Central
This security portal delivers comprehensive coverage of endpoint security and policy-based, access control including robust SSL VPN and NAC solutions.
   
     
    Products
 
Products Overview
High Assurance Networking
  Net
  Keyper
Remote Access
  SmartGate
  Netilla SSL VPN
Identity-Based Access Control
  Overview
 IDpoint
Datasheets
White Papers
Certification
Resources
   
 
 

About | News | Solutions | Products | Demo | Where To Buy | Partners | Support | Contact Us | Sitemap| Webmaster | Legal | Home