SSL VPN Security: AEP Networks
The FIPS-approved, ICSA Labs and VPNC-certified NSP has been designed to allow you to gain the efficiency and financial rewards
brought by simple, timely remote access, while
your business-critical resources remain safe from
risks.
Protecting Your Network Resources
Protection of internal network resources with
the NSP begins with
the browser-embedded SSL (secure sockets layer)
protocol for encryption, site authentication, and
session integrity.
Once a secure connection is
established, the NSP offers increased protection
to the network in a variety of ways:
| Application Layer Proxy protection - Security at the network's edge |
| Dynamic enforcement of authentication and rule-based policies to define granular user/group privileges |
| Session timeouts and optional forced re-authentication |
| Client Side Certificates with revocation lists |
| Stateful Packet Inspection Firewall (SPI) built-in |
Client Integrity: Secure Desktop, Host Integrity Verification and Adaptive Policies
(by V-Realm) |
| Broad authentication leverages all leading protocols (Windows® SMB/Active Directory, LDAP, RADIUS®, RSA SecurID®, Kerberos, VASCO®, Aladdin®, ActivCard®)
|
Endpoint Security – Enforcing Corporate Policy
Ensuring the integrity of a remote machines - particular when access occurs from non-corporate controlled PCs - forms a vital plank of any security strategy. That's why the NSP offers flexible, built-in endpoint security tools designed to enforce corporate policy and eliminate threats, while safeguarding mission-critical information.
| AEP Netilla Client Integrity Options |
Feature |
Description |
Benefit |
Host Integrity Checking |
Validates the presence and version of antivirus software, personal firewalls, service packs, patch levels, and custom objects |
Ensures compliancy with corporate policy |
Adaptive Policies |
Checks pre-defined end-station parameters; for example, registry entries or IP address |
Confirms the identity and location of remote devices |
Netilla Secure Desktop |
Creates encrypted virtual workspace and performs DoD wipe at session end. |
Prevents digital leakage and ensures the confidentiality of corporate information |
Cache Cleaning |
Deletes all traces of session data; for example, browser history or cookies |
Removes the danger of sensitive data being left behind at remote locations |
Application Layer Proxy: Maximum Network Protection
The NSP is able to deliver its rich set of application
access modes by functioning as an “Application
Layer Proxy”. Application-layer proxies
protect internal data from direct exposure to
the Internet in two important ways. First, web
and application servers are never directly “touched” by
remote users. Access is only through a “proxy” – the
NSP itself – that terminates and translates
application protocols before they are allowed
to reach the internal network.
Second, an application-layer proxy boosts security
by applying authentication and policy before allowing
connections to application servers. Because termination
occurs at the NSP, security can be applied before
data requests are transmitted to private network
application servers.
This powerful story means that an organization
can extend applications to remote users over the
Internet without having to place application servers
in a publicly accessible area. Placing application
servers in such a “Demilitarized Zone” (DMZ)
would require much hardening to lock down and protect.
Instead, with the NSP, application servers can
remain safe on the private network behind the firewall,
and are never exposed to the public network.
For more information about the NSP's security features, visit our Security Certification section, view our white papers, try an Online Demo, or visit our Datasheet download page.
|
