The AEP Netilla Security Platform -- The Simple, Secure Solution

AEP’s Netilla Security Platform (NSP) helps companies satisfy one of their most pressing needs: Making business applications remotely available to employees and partners.

With the NSP, remote users can quickly and securely reach the varied resources found in today's IT environment, including Microsoft Outlook, Windows Terminal Servers and server-based applications, and client/server applications over an SSL tunnel.

Netilla Security Platform at a Glance:

• Access ANY application, from any location, simply and securely through a web browser
• Secure portal-based access to Windows Terminal Servers, UNIX/Linux, and mainframes
• Client Integrity tools protect the private network and eliminate data theft (cache cleaning, secure desktop, host integrity and adaptive policies)
• Powerful, ICSA Labs-approved security at the network edge
• Fast installation and little ongoing management
• Sophisticated V-Realms™ authentication and authorization architecture - supports different group access policies via leading protocols (LDAP, ActiveDirectory, RADIUS, and more)
• High productivity: Print, move files, leverage high-color applications (like CAD/CAM, X-Ray and imaging) and work seamlessly from anywhere
• Lower costs - As much as 20% less than alternative SSL VPN solutions

NSP Access Features

The NSP SSL VPN offers 3 Versatile Ways to Access Your Network

The NSP differs from other SSL VPN solutions by providing the choice of three application-access technologies in a single gateway device. With three SSL access technologies in a single appliance, the NSP provides a full-spectrum remote-access solution that meets every application access type:

• Thin access for Windows Terminal Servers, UNIX/Linux & Mainframes
• Web access for web applications and portals
• SSL Tunnel connectivity for network and client/server application access

Thin/Application Access to Server-based Applications (Layer 7)
Applications residing on Windows, UNIX/Linux, mainframes and AS/400 machines form a vital core of the business applications used today. The challenge facing enterprises is to leverage these crucial applications in way that allows remote users to safely and simply access these resources over the Internet.

The NSP solves this dilemma, providing remote access to remote applications by incorporating Web-enabling technology directly within the platform. With no application client software required, and with just a Web browser, users can interact with actual applications that reside in the data center, in the same format as in the office – but within a browser window securely over the Web. This integrated approach, unique to AEP among SSL VPN vendors, means simply secure access to Windows Terminal Servers, UNIX, Linux, and 3270 mainframe applications quickly and easily, and without third-party server-based software.

• Drive mapping for seamless interactivity with local and remote data
• Session persistence for workflow continuity
• Supports both local or remote printing
• 24-bit color for Windows and X Window applications
• Requires only a Web browser on local PC

Access Remote Intranet and Web-based Applications
With the NSP, organizations can overcome the security and access challenges associated with deploying public-facing Web servers for remote-user access., while intranet Web servers and network topology remain safely protected within the organization's private intranet.

With this approach, a single point of entry over the Internet – the NSP itself – lets remote users access back-end, intranet Web servers securely through a Web browser.

Authorized remote users thus gain instant, clientless access to a wide range of internal Web applications from any location, allowing internal DNS addresses that do not resolve publicly to be accessed securely over the Internet. Company Web servers remain safe behind the firewall, in a highly secure portion of the private network, without the cost and maintenance of locking each server down for public access, while administrators gain granular access control to directories, servers, and paths on a user or group basis. At no time is the enduser directly connected to a “private side” network resource.

• Access any internal Web application, corporate intranet, or portal securely through HTTP reverse proxy technology
• Gateway portal protection hides network topology from unauthorized viewing Session persistence for workflow continuity
• Granular access controls to directories, servers, and paths
• Powerful Java Applet Re-write Module for greater security
• Strong Web application security mitigates network threats

Remote Access for Client/Server Applications
Users who work offline on their local PC-based TCP and UDP applications - such as Outlook, CRM, sales tools, and other client/server programs - can update their files and exchange data with corporate servers through the NSP’s network layer access mode.

For maximum control over a user’s access capabilities, the NSP distinguishes itself by incorporating a dynamic session-based firewall for additional protection between users and central servers. The dynamic firewall opens and closes specific application ports between the NSP and application servers, as defined by policy tools for particular users. In this way, the NSP effectively “locks-down” application access on a per-user basis, providing powerful control over a user’s ability to launch local client/server applications.

• SSL-based Layer 3 tunnel connectivity for network and client/server application access
• On-demand, automatic virtual adapter installation
• No end user configuration or installation required
• Granular policy enforcement with stateful packet inspection firewall

NSP Security Features

The NSP’s breadth of security features means that you gain the efficiency and financial rewards brought by simple, timely remote access, while your business-critical resources remain safe from risks. This overview of SSL and VPN network security features is designed to give IT security professionals the high-level technical detail they need to make an informed decision.

Protection of internal network resources with the Netilla Security Platform (NSP) begins with the browser-embedded SSL (secure sockets layer) protocol for encryption, site authentication, and session integrity. Once a secure connection is established, the NSP offers increased protection to the network in a variety of ways:

• SSL VPN technology secures access at the application layer
• Dynamic enforcement of external authentication and rule-based policies that define user privileges
• Configurable session timeouts
• Client Side Certificates with revocation list support
• Stateful Packet Inspection Firewall (SPI) protects SGA and network resources
• Netilla Secure Desktop, Host Integrity Verification and Adaptive Policies (by V-Realm)
• Broad authentication leverages all leading protocols (Windows® SMB/Active Directory, LDAP, RADIUS®, RSA SecurID®, Kerberos, VASCO®, Aladdin®, ActivCard®)

Application Layer Proxy for Maximum Network Protection
The NSP is able to deliver its rich set of application access modes by functioning as an “Application Layer Proxy”. Application-layer proxies protect internal data from direct exposure to the Internet in two important ways. First, web and application servers are never directly “touched” by remote users. Access is only through a “proxy” – the NSP itself – that terminates and translates application protocols before they are allowed to reach the internal network.

Second, an application-layer proxy boosts security by applying authentication and policy before allowing connections to application servers. Because termination occurs at the NSP, security can be applied before data requests are transmitted to private network application servers.

This powerful story means that an organization can extend applications to remote users over the Internet without having to place application servers in a publicly accessible area. Placing application servers in such a “Demilitarized Zone” (DMZ) would require much hardening to lock down and protect. Instead, with the NSP, application servers can remain safe on the private network behind the firewall, and are never exposed to the public network.

By providing secure, simple, Web-based access to remote applications and data, the NSP gives organizations of all sizes the productivity edge they require to excel.