Extending Protection
Firewall User Authentication is designed to work with traffic that is passing through the Contivity in the clear or when the Contivity has a LAN-to-LAN VPN established between sites, authenticates users via an SSL-protected Web page at the Contivity firewall. To test this, I configured the Contivity 5000 to require authentication for access. Then I created users in the local database. As a user I pulled up the Web page from the Contivity and authenticated and was allowed into the VPN as expected. Once properly authenticated, all user traffic passes from the client to the Contivity. Users who fail to authenticate will be denied access at the Contivity firewall.
Contivity has always provided centralized client management. TunnelGuard extends protection and configuration and metes it out to the Contivity VPN Client. Through TunnelGuard, the Contivity client checks a Software Requirement Set (SRS), guaranteeing that the required programs or DLLs are loaded and running. To ensure that required files have not been modified or trojaned, TunnelGuard computes a hash of the target file and compares it to the SRS.
|
Good
Circuitless IP provides better integration with load balancers
Backup Interface Services provides more failover and redundancy TunnelGuard ensures required software is running on client computers Client authentication for non-VPN client-enabled desktops Bad
There aren't any
Vendor Info Contivity 5000 Secure IP Services Gateway, $45,000. Nortel Networks, (800) 4NORTEL. www.nortelnetworks.com |
I created SRS profiles for my test laptop by selecting key files from Norton Anti-Virus scanner. I then stopped the virus scanner and found that I couldn't connect to the VPN--TunnelGuard worked as advertised. Although TunnelGuard is not as full-featured as application-control client software, such InfoExpress, Nortel offers an SDK that can be used for tighter integration and subsequently enforce configuration features.
The improvements in Contivity 5000 and version 4.8 software add value to an already robust product. The increased CPU speed and available memory should provide improved performance. Additionally, the enhanced protection features make a good product even better.
Discover the benefits of scalable backbone and network services for application and cloud providers.
Network automation is gaining momentum. Here's how you can drive this powerful technology to its full potential.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
