Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Web Security

Check Point and LDAP Partners

Businesses increasingly need to provide users with easy and cost-effective mobile and remote access to corporate applications and resources. Moving to SSL VPN is a logical step to reduce administrative overhead. At the same time, the need to ensure that only authorized users are granted access is mission critical. To provide true network security, the access method must be bulletproof, and controls must be put in place to manage the identity of the individual who is accessing network resources. Check Point has partnered with LDAP (Lightweight Directory Access Protocol) vendors providing secure solutions for external user group authentication needs.

The Check Point Connectra Web security gateway, integrated with any LDAP server, ensures that only properly authenticated users can access the corporate LAN remotely. Here is how.

Proper Authentication for Access
Connectra has two kinds of user groups, internal and external. (It gives access to internal resources based on user groups, instead of individual users.) Internal users are defined on the local database. External user groups include groups defined on LDAP authorization servers (as well as on RADIUS and ACE servers).

For organizations with large numbers of users, employing external databases is a more scalable solution for user management. It makes sense to use these external databases where available. By utilizing these external databases, Connectra simplifies the process of building an access control policy for remote users. Once these groups, internal or external, have been created or mapped in Connectra, they can be assigned an access control policy. Providing the users meet the sensitivity demands of the resource, access is given.

While Connectra is capable of authenticating and authorizing LDAP users and groups, it cannot manage users and groups directly to the LDAP server. Users and groups must first be configured in LDAP. Connectra's LDAP client then handles authentication and examines the specified LDAP branches to retrieve the user's groups. Once the LDAP group has been retrieved, Connectra maps the LDAP group to the appropriate Connectra group and adds a group Policy. The group Policy supplies access restrictions and a unique portal with appropriate bookmarks for that user group.

When a remote user makes an HTTPS request, the Connectra gateway uses its LDAP client to verify the remote user's identity with the LDAP server. The authenticated user is assigned a group or number of groups. Connectra enforces an access control policy for each group. The connections between Connectra gateway and LDAP server can be in clear text or encrypted.

LDAP integration highlights

  • Delivers clientless SSL VPN access to enterprise resources
  • Stops identity, password, and data theft on remote endpoints
  • Provides a secure database of user credentials
  • Protects internal resources from attacks from insecure endpoints
  • Delivers authentication scalability
  • Integrates with existing network and security infrastructure
  • Scalable use of employee credentials, large user base.

LDAP Partners

  • Microsoft Active Directory
  • Mirapoint Internet Directory
  • Novell Directory Services
  • Siemens AG DirX Directory Server
  • Sun One Directory Server
  • Open LDAP

Check Point Connectra (SSL VPN)
Check Point Connectra is a complete Web Security Gateway that provides SSL VPN access and integrated endpoint and application security in a single, unified solution. By combining both connectivity and security in a single solution from the industry’s most relied on provider of intelligent security solutions, organizations can effectively deploy SSL VPNs safely and securely to a diverse set of users. Integrating SSL VPN with Check Point’s Application Intelligence, Web Intelligence, and SMART (Security Management Architecture), Connectra provides Web connectivity with unmatched security.

With the integration of a clientless version of Check Point Integrity, the industry’s most trusted endpoint security solution, Connectra enforces endpoint security compliance before granting access to the network. Your security policy for SSL VPN connection to the network is enforced, session confidentiality is ensured, and your organization remains secure.

EASY DEPLOYMENT AND MANAGEMENT
As a standalone solution that can be deployed in a network DMZ or on a trusted LAN, Connectra is easy and simple to install and manage. For deployments with an existing authentication database, Connectra can integrate with LDAP, RADIUS, or SecureID/ACE database. Connectra also includes an internal database for organizations without existing authentication databases. For existing Check Point customers, a SmartCenter™ management server can be used to centrally monitor Connectra logs and events.

Included with Connectra are Check Point’s own Web Intelligence features including:

  • Malicious Code Protector
    Patent-pending technology that catches buffer overflow attacks and other malicious code.
  • Advanced Streaming Inspection
    Extends the inspection and reconstruction capabilities of the INSPECT architecture by adding active traffic control of live traffic streams.
  • Simple Deployment and Management
    Built to be quickly deployed to protect Web servers without complex tuning and configuration.
  • Seamless Integration with Check Point Products
    Provides protection for the entire Web environment. Together with this and Application Intelligence Check Point’s Connectra is the most advanced and secure SSL VPN offering available to customers today.

More on LDAP Partners