AEP rethinks its NAC strategy

Clarifying issues surrounding this emerging security architecture

When Lockdown Networks went belly up earlier this year, AEP Networks had to rethink its NAC strategy.

The company had been reselling Lockdown’s NAC gear under the AEP label, and that clearly couldn’t continue.

Rather than seek another OEM partner, AEP came up with a new appliance built on its own technology that approximates some of what NAC does and tries to do so simply.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

When Lockdown Networks went belly up earlier this year, AEP Networks had to rethink its NAC strategy.

The company had been reselling Lockdown’s NAC gear under the AEP label, and that clearly couldn’t continue.

Rather than seek another OEM partner, AEP came up with a new appliance built on its own technology that approximates some of what NAC does and tries to do so simply.

AEP IDpoint, is an access control appliance that sits between data centers and the network. IDpoint enforces policies based on user identity, network layer restrictions and some application layer limitations.

IDpoint requires a client on the end-user’s machine that can be sent as an executable file or downloaded directly from the appliance. Users authenticate to the device and the device enforces policies that have been set for that user.

The client encrypts a user ID within the payload of every packet the user sends, giving the appliance the ability to reject traffic based on the unique ID rather than header information. AEP calls this marker PacketTag. The device also logs any activity by an authorized user and also logs any attempt from any source to access designated, critical resources.

Log reports are designed to meet the demands of auditors that might seek proof that a business complies with regulatory requirements about data security and confidentiality.

The device requires no addressable IP address, so does not disrupt existing network architecture. IDpoint costs $52,000 for the appliance itself with 99 licenses.

This isn’t NAC, most notably because it doesn’t do any endpoint configuration checking. But it does offer targeted access controls that can supplement an endpoint-checking NAC product. (Compare NAC products)

Read more about security in Network World's Security section.

Tim Greene is senior editor at Network World.