AEP Networks Monday announced an appliance that acts as a policy-enforcement engine and firewall for network use, monitoring packets end to end that are sent to an enterprise's critical data resources.

The AEP IDpoint is typically placed directly in front of an enterprise's most critical servers in the data center. It enforces network-layer and specific application-layer access policies by checking PacketTags, the unique cryptographic representation of user identity, to every IP packet sent to a network resource it protects. This identity check is added at client machines using AEP client software, a software token component that requires the user to authenticate identity.

"The tokens run on Windows machines, XP and Vista," says Howard Pressman, director of product management. "It tags every packet coming from a host to validate that the packet does come from that validated source."

The AEP IDpoint identity-based access-control gateway will deny unauthorized access by host address, subnet, port, protocol and user identity, and can be integrated into existing enterprise directories. (Compare access-control products.)

AEP IDpoint, which costs about $50,000, is expected to ship in mid-April.