Securing Campus Network Environments
Next generation user authentication appliance and reporting solution
14th August 2002 (NISER)
By Gopal Nair Top Layer Networks, recently announced the development of the Secure Edge Controller, a security appliance that provides secure access to campus networks and enables effective classification of service for authorised users. The Secure Edge Controller, so called because it authenticates users at the edge of the network, is the first hardware product of its kind to enable campus network managers to assign network access rights at the application level. Universal client platform compatibility, fine-grained control of policies and security event reporting combine to further differentiate the Secure Edge Controller from any solution available for this type of environment today. The Secure Edge Controller is the latest low cost, easy to deploy, dedicated security appliance to be made available by Top Layer, whose range also includes the Attack Mitigator and IDS Balancer. All three products are designed to be so easy to use that little or no security training is required and support costs are kept to a minimum. By managing usage according to access privileges assigned to the user, the appliance empowers users to prevent unauthorized consumption of bandwidth, network resources and Internet access. When combined with Top Layer's Secure Watch management and reporting tool, the Secure Edge Controller enables logging of session data of authenticated network users. Accurate tracking of application usage is fundamental to network capacity planning and the most effective allocation of network resources. In addition to university campuses, service providers, hospitals and government municipal offices are among others who report similar issues as single sign on authentication is made more complex and challenging a departmentalized environment. According to Alex Turkington, Top Layer's Asia Pacific Vice President, the unique security requirements of open networks, like university campuses, are a result of the environment. "Often there is little physical security surrounding network access points located in public and semi-public areas. Combine this with the diverse mix of widely distributed computing resources, and a typically small IT staff, and you can understand why securing network resources from unauthorised use whilst allowing legitimate users access becomes a challenge". "The Secure Edge Controller can not only confirm or deny access to the network, it controls user access to particular applications and bandwidth depending on the security policies assigned to that individual. This makes for a powerful security and network management tool, that is truly tailor made for this environment, the likes of which are not matched in this market," continued Turkington. Based on the same custom chip set as Top Layer's flagship product, the AppSwitch/AppSafe, the Secure Edge Controller uses a Zone Application Interface (ZAPI) to dynamically configure and change user zones (a logical aggregation of network resources), disclosed to various authentication servers such as RADIUS and LDAP. Users logging onto the network will be authenticated at the application layer level from the authentication server. Upon receiving an authenticated user profile via ZAPI, the Secure Edge Controller then moves the user dynamically to the appropriate zone as prescribed by the profile. By using application level policy sets applied among zones, access rights to relevant content, denial of access and/or bandwidth can be assigned to each user. The Secure Edge Controller frees network administrators from the constraints of security policy configuration affecting the network as the grouping of users no longer depends on MAC or IP addresses. Rather, the configuration can be mapped to match a University's departmentalized organizational structure. The Secure Edge Controller will be available from September 2002. |
