Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Web Security

Check Point and RADIUS Partners

Businesses increasingly need to provide users with easy and cost-effective mobile and remote access to corporate applications and resources. Moving to SSL VPN is a logical step to reduce administrative overhead. At the same time, the need to ensure that only authorized users are granted access is mission critical. To provide true network security, the access method must be bulletproof, and controls must be put in place to manage the identity of the individual who is accessing network resources. User authentication and tunnel authorization can be added to a SSL VPN solution via RADIUS.

RADIUS can manage both user authentication and tunnel authorization in VPN environments. Once users connect via an ISP, they can launch a VPN client to build a tunnel to the network. The VPN server on the enterprise network communicates with RADIUS to establish user credentials. After the user is authenticated and authorized, RADIUS can also provide VPN tunnel configuration detail such as the encryption protocol and tunnel endpoint to use. User credentials are controlled from a central location. No reconfiguration of the VPN server is required as user-access policies change. Your IT management costs are reduced, and you have better visibility into who is connected to your network.

The Check Point Connectra Web security gateway, integrated with any RADIUS server, ensures that only properly authenticated users can access the corporate LAN remotely. Here is how.

Proper Authentication for Access
Connectra has two kinds of user groups, internal and external. (It gives access to internal resources based on user groups, instead of individual users.) Internal users are defined on the local database. External user groups include groups defined on RADIUS authorization servers (as well as on LDAP and ACE servers).

After users and groups are configured in RADIUS, Connectra's RADIUS client then handles authentication and examines the specified RADIUS class to retrieve the user's groups. (The Radius attribute "class" holds the group name). Once the RADIUS group has been retrieved, Connectra maps the RADIUS group to the appropriate Connectra group and applies a group policy. The group policy supplies access restrictions and a unique portal, with appropriate bookmarks for that user group.

For organizations with large numbers of users, employing external databases is a scalable solution for user management. By utilizing these external databases, Connectra simplifies the process of building an access control policy for remote users. Once groups, internal or external, have been created or mapped in Connectra, they can be assigned an access control policy. Providing the users meet the sensitivity demands of the resource, access is given. Administrators can run audits on user connections and tailor authorization and accounting controls.

RADIUS integration highlights

  • Delivers clientless SSL VPN access to enterprise resources
  • Stops identity, password, and data theft on remote endpoints
  • Provides a secure database of user credentials
  • Protects internal resources from attacks from insecure endpoints
  • Delivers authentication scalability
  • Integrates with existing network and security infrastructure

RADIUS Partners

  • InfoBlox RADIUSone
  • ActivCard Activpack
  • Aladdin E-token
  • Arcot Systems Arcot for Check Point
  • CryptoCard CryptoADMIN
  • Secure Computing SafeWord

Check Point Connectra (SSL VPN)
Check Point Connectra is a complete Web Security Gateway that provides SSL VPN access and integrated endpoint and application security in a single, unified solution. By combining both connectivity and security in a single solution from the industry's most relied on provider of intelligent security solutions, organizations can effectively deploy SSL VPNs safely and securely to a diverse set of users. Integrating SSL VPN with Check Point's Application Intelligence, Web Intelligence, and SMART (Security Management Architecture), Connectra provides Web connectivity with unmatched security.

With the integration of a clientless version of Check Point Integrity, the industry's most trusted endpoint security solution, Connectra enforces endpoint security compliance before granting access to the network. Your security policy for SSL VPN connection to the network is enforced, session confidentiality is ensured, and your organization remains secure.

EASY DEPLOYMENT AND MANAGEMENT
As a standalone solution that can be deployed in a network DMZ or on a trusted LAN, Connectra is easy and simple to install and manage. For deployments with an existing authentication database, Connectra can integrate with LDAP, RADIUS, or SecureID/ACE database. Connectra also includes an internal database for organizations without existing authentication databases. For existing Check Point customers, a SmartCenter™ management server can be used to centrally monitor Connectra logs and events.

Included with Connectra are Check Point's own Web Intelligence features including:

  • Malicious Code Protector
    Patent-pending technology that catches buffer overflow attacks and other malicious code.
  • Advanced Streaming Inspection
    Extends the inspection and reconstruction capabilities of the INSPECT architecture by adding active traffic control of live traffic streams.
  • Simple Deployment and Management
    Built to be quickly deployed to protect Web servers without complex tuning and configuration.
  • Seamless Integration with Check Point Products
    Provides protection for the entire Web environment. Together with this and Application Intelligence Check Point's Connectra is the most advanced and secure SSL VPN offering available to customers today.

More on RADIUS Partners