Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Regulatory Compliance

Check Point and LDAP

To protect access to sensitive information, it is essential to properly authenticate all users connecting to the corporate network and to assign each user the proper privileges for access to resources and information. As such, user authentication is central to all regulatory requirements (HIPPA, SOX, etc.).

Businesses increasingly need to provide employees with easy and cost-effective mobile and remote access to corporate applications and resources. The need to ensure that only authorized users are granted access is mission critical. To provide true network security, the access method itself must be bulletproof, and controls must be put in place to manage the identity of the individual who is accessing network resources.

Check Point VPN-1supports internal user groups and external user groups. Internal users are defined on the local database. VPN-1 can also work with groups of users defined on external authorization servers, such as LDAP, RADIUS and ACE servers. VPN-1 maps these external groups and associates them with authorization Policies.

For organizations with large numbers of users, employing external databases is a more scalable solution for user management. It makes sense to use these external databases where available. By utilizing these external databases, VPN-1 simplifies the process of building an access control Policy for remote users. Once these groups, internal or external, have been created or mapped in VPN-1, they can be assigned an access control Policy. Providing the users meet the sensitivity demands of the resource, access is given.

While VPN-1 is capable of authenticating and authorizing LDAP users and groups, it cannot manage users and groups directly to the LDAP server. Users and groups must first be configured in LDAP. VPN-1's LDAP client then handles authentication and examines the specified LDAP branches to retrieve the user's groups. Once the LDAP group has been retrieved, VPN-1 maps the LDAP group to the appropriate VPN-1 group and adds a group Policy. The group Policy supplies access restrictions and a unique portal with appropriate bookmarks for that user group.

When a remote user makes an access request to the VPN-1 Gateway, the VPN-1 Gateway uses its LDAP client to verify the remote user's identity with the LDAP server. The authenticated user is assigned a group or number of groups. VPN-1 enforces an access control Policy for each group. The connections between VPN-1 Gateway and LDAP server can be in clear text or encrypted.

LDAP integration highlights

  • Delivers clientless SSL VPN access to enterprise resources
  • Stops identity, password, and data theft on remote endpoints
  • Secure Database of user credentials
  • Protects internal resources from attacks from insecure endpoints
  • Delivers authentication scalability
  • Integrates with existing network and security infrastructure
  • Scalable use of employees credentials, large user base.

LDAP Partners

  • Microsoft - Active Directory
  • Mirapoint - Mirapoint Internet Directory
  • Novell - Novell Directory Services
  • Siemens AG - DirX Directory Server
  • Open LDAP

Check Point VPN-1 Pro
VPN-1 Pro, an integrated VPN-1 and FireWall-1 gateway, offers management capability, attack protection and traffic shaping technology. VPN-1 Pro utilizes INSPECT, the industry's most adaptive and intelligent inspection technology, to protect the privacy of business communications over the Internet while securing critical network resources against unauthorized access.

VPN-1 pro is a tightly integrated software solution combining the market leading FireWall-1 security suite with sophisticated VPN technologies. The cornerstone of Check Point's intelligence security solutions, VPN-1 pro meets the demanding requirements of Internet, intranet and Extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, branch offices, and business partners. VPN-1 Pro solutions are available on the industry's broadest range of platforms and security appliances meeting the price/performance of any size organization.

More on LDAP Partners