SafeConnect works with your directory services (i.e. LDAP, MS Active Directory) to enable user authentication. The system also automatically identifies devices on the network. These two functions work automatically to match users to devices. This allows for security policies to be applied based on user groups (student, employee, guest, vendor, etc.), access method (wired, wireless, VPN) or by device type (Windows, MAC, gaming, mobile etc.)
The biggest challenge in managing network performance and security today is the dramatic increase in the number of mobile devices connecting to the network. SafeConnect can keep you one step ahead by being able to identify, authenticate, on-board and monitor these devices in an automated way.
SafeConnect is specifically designed as a vendor-independent solution that easily integrates into existing (or future) network architecture. No switch manipulation. No forklift upgrades. Fewer moving parts.
The SafeConnect system simply requires access to one or more Layer3 switch/router points of network aggregation that supports Policy Based Routing (PBR), and either NetFlow or sFlow. SafeConnect’s continuous posture assessment capability can also leverage technology to assign per-user quarantine roles for clients that are not compliant with security requirements, and participate in Single Sign-on (SSO) Authentication using 802.1x–WPA2 Enterprise.
SafeConnect is an appliance-based NAC solution that is implemented as a true “out-of-line” network device. The SafeConnect Policy Enforcer Appliance sits out-of-line with the core network and fails open—presenting no single point of failure, performance bottle-necks or maintenance-related or scheduled network outages. In the event of a failure all existing and new users to the network are unaffected and have uninterrupted access to network resources.
SafeConnect is network switch hardware and software vendor independent and integrates into the existing network architecture with no changes or continuous manipulation of Layer2 network switch devices, wireless access points, or VPN concentrators required.
SafeConnect utilizes directory services infrastructure (i.e. LDAP, MS Active Directory, RADIUS) to authenticate end user devices. The system can also apply identity- or role-based policies and enforcement rules based on how a user is defined within the directory system (student, employee, guest, vendor, etc.) Users who cannot be authenticated can be quarantined or blocked from accessing the network. SafeConnect also features a Single Sign-On (SSO) authentication capability that could allow existing AD managed users to maintain their existing login process user experience.
Impulse Point’s I-LAN quarantine technology isolates non-compliant endpoint devices from accessing Layer2 and Layer3 network resources. I-LAN also limits end user access to designated internal or Internet remediation domains, where it communicates the actions required to become compliant with the organization’s security policies and regain network access.
SafeConnect is delivered as an operationally managed service. The health of the system is monitored from the Impulse Support Center and Impulse Point is responsible for delivering all necessary hardware and software maintenance, problem determination and resolution, and ongoing feature enhancement. The organization maintains full control of managing their desired endpoint computing policies and enforcement rules via the SafeConnect Policy Management Console.
Click here to learn more about Impulse Point’s Services.
The SafeConnect Policy Enforcer is a pre-configured hardware and software appliance bundle. It is installed on the customer’s premises and connected to an organization’s existing Layer3 switch/router in an out-of-line network fashion. A single Policy Enforcer can manage network access policies for up to 10,000 concurrent endpoint devices. The entire system is managed locally by the organization through the SafeConnect Policy Management Console.
The SafeConnect Policy Management Console is a centralized portal that allows authorized users (typically a policy administrator) to set the acceptable use standards the Policy Enforcer will implement. Administrators can select from a series of pre-configured policies on authentication, anti-virus or anti-spyware protection, patch maintenance levels, and peer-to-peer file sharing, or create their own using the custom policy builder module. Network access can also be managed by group or location, or based on roles users occupy within the organization. For example, policies can be set for a particular building (i.e., residential dorm or remote office), a specific department (i.e., research or accounting), or by role (i.e., vendor, staff, student, or guest).
The dashboard also displays real-time policy status reporting to provide valuable insight into group or individual policy compliance. Help Desk personnel can quickly ascertain the security posture and network access condition of any device on the network by searching IP, MAC Address, or User Name. Granular historical database reporting is also available for trending analysis, compliance auditing, and archiving.
Organizations can completely customize the look and feel of the policy notification web pages to match company marketing efforts and enhance the end user experience.
The SafeConnect system provides the ability to build and assign unique/granular policies based on IP address range, VLAN segment, or subnet, or MAC Address. Assign policies by device type (Windows, Apple, Linux, PDA, Gaming Console, etc.) and by individual user identity based on their role/group membership as defined by the organization’s existing Directory Services (Active Directory, LDAP, etc.) infrastructure. Click here to see the modules that come standard with SafeConnect.
The SafeConnect architecture includes a Policy Key (NAC agent) that is non-intrusive and provides the distributed NAC functionality that affords the system its highly scalable attributes and real-time security assessment.
SafeConnect currently provides real-time Policy Key assessment support for Microsoft-based Windows (including Windows 7), and MAC OS 10.3 and forward (including Snow Leopard) devices. A Linux-based Policy Key is currently under development.
The Policy Key is typically automatically installed during the initial device registration process, and is updated in stealth-mode (no end user interaction required). The Policy Key can also be pre-distributed by a preferred software distribution method such as active directory group policies, SMS, or via physical media. The Policy Key may be provisioned so that it will self-dissolve after a specified period of time, if it has been inactive (such as 48 hours, or 30 days, etc.). Additionally, the Policy Key has a very small footprint (1Mb size) compared to competing approaches, and consumes less than 1% of system resources.
The Policy Key does not collect any personal information. Nor does it have the ability to act as spyware. The Policy Key strictly identifies and reports policy status (as can be answered with true/false questions) required for the operation of the Impulse Point SafeConnect NAC System. The Policy Key continually assesses the end user’s computer for compliance with your security policies.
If an end user is not in compliance with an organization’s network access policies, the SafeConnect solution delivers individualized remediation guidance and isolates the device from the network using Impulse Point’s I-LAN quarantine technology until the policy breach is resolved and the user returns to a state of compliance.
Impulse Point will never collect or store personal information from its customer’s constituents, and will never communicate directly with end user SafeConnect Policy Key-enabled devices that exist outside of a SafeConnect Managed Network environment. For more information, please click here.
6810 New Tampa Highway, Suite 400 Lakeland, Florida 33815
Copyright 2012, Impulse Point. All Rights Reserved.