Aventail secures edge of SSL VPN network
Technology lets users access network apps through any Web browser
Aventail Corp., a Seattle vendor of SSL (secure sockets layer)
VPN appliances
and managed services, will introduce new technology later this month that will
let IT administrators find out more about a user device that is trying to gain
access to their network.
ADVERTISEMENT
"Initially everybody wanted 'anywhere access,'" said Chris Hopen, chief
technology officer of Aventail. "Now organizations are getting to the next
stage, and they are concerned about the [end-point] environment to which they
are exposing their information. They want to know things like how well the user
keeps his PC up to date, does he run anti-virus software, is the anti-virus
software up to date, what is his personal firewall, and what configuration is
that in."
Aventail positions its SSL VPN as an alternative to IPSec (IP Security Protocol)
VPNs. Its "clientless"
VPN technology allows users to access network
applications through any Web browser from a variety of devices including
Internet kiosks, on a broadband or wireless connection, Hopen said. The Aventail
software already has provisions for standard user and group-based access
control, he said.
The new end-point awareness and control technology will enable network
administrators to classify end-point devices based on categories such as whether
the device is managed by the organization, and whether it is an employee or a
business partner accessing the network, Hopen said. Nonemployees using managed
devices are a growing category of users. Another category would be unknown,
typically unmanaged, end-point devices such as Internet kiosks, he said.
Using this classification, administrators can arrive at an access policy for
users coming in from a variety of end-points with different environments.
If a machine passes a certain level of risk protection then the user can be
given access for a period of time, but perhaps only to a trimmed-down set of
resources, Hopen said.
To bring the technology to market, Aventail is partnering with other vendors to
ensure the integration and interoperability of its technology with their
software, and also to use components of their software in its own technology,
Hopen said.
A key challenge in implementing this technology is to protect the privacy of the
end user even as an IT administrator interrogates the device, Hopen said. "There
are ways to gather a lot of information on the [end-point] environment, but you
don't want to expose all that information to the administrator," he said. The
user will therefore be able to write private information and data to a private
vault that will not be accessible to the administrator.
Aventail has set up a research and development center in Bangalore that will
focus initially on development. In the next 12 to 18 months the center may also
offer product support and helpdesk services to the company's customers, Mark
English, vice president of engineering at Aventail said. The company is also
exploring the opportunity of offering managed services in Asia from a data
center in India.
Besides offering its own managed services, Aventail offers its equipment and
technology through managed service providers including New Jersey AT&T Corp and
Bell Canada, a business unit of Bell Canada Enterprises Inc. (BCE) in Montreal.
Aventail also sells its products to user organizations that prefer to manage
their own VPN infrastructure.
LATEST NETWORKING WHITE PAPERS
Network Physics - Troubleshooting Application Response Time
What is causing poor application performance? Is it the network? The server? The
application? A rogue application or user hogging all the bandwidth? How can you
quickly tell the difference? Can you prove it's not the network to other
managers? How do you defend against "the network is slow" claims? Download free
whitepaper & case studies to find out.
Fortinet - Protecting Networks Against Spyware, Adware, and Other Forms of
Grayware
Grayware is a new term that is starting to appear on IT and security
professionals' radar screens. With grayware, users don't even have to open an
attachment or execute a program to become infected. Just visiting a Web site
that harbors this technology is enough to become a victim.
Aventail - Comparing Secure Remote Access Options: IPSec vs. SSL VPNs
Your users now demand access to more applications, from more locations and
devices. This free paper describes 28 key decision criteria for choosing a VPN
for secure remote access and extranets. Compared to IPSec, SSL VPNs offer
clientless access from anywhere, greater security, simpler deployment and
administration, and lower costs.