Home   |  Solutions   |  Authenticated Network Architecture  »

Identity Engines' Authenticated Network Architecture

A Comprehensive Framework for Identity-Centric Network Controls

Identity Engines' Authenticated Network Architecture (ANA) is a comprehensive and vendor-neutral framework for deploying the next-generation of identity-centric network controls. Built to add incremental value to your current network deployment, ANA provides a phased approach that doesn't require a forklift upgrade or the use of a specific vendor's network gear. This page provides a high-level overview of ANA, a link to download the complete white paper is found at the bottom of this page.

As needs and threats have evolved, IT teams have deployed a wide array of network security and authorization tools. This organic growth has left organizations with an ad hoc approach to network security, giving rise to two challenges: First, Identity information is stored in many different data stores. Second, network access rules are enforced by a disparate array of switches, access points, VPN concentrators, and other hardware.

The ANA Approach

The ANA approach addresses both challenges. The tangled knot of user stores is overcome by taking advantage of an organization's existing user directories to provide a network-relevant view of all users. The web of enforcement points is dealt with more incrementally by establishing a central policy decision service (called a policy decision point or PDP) and gradually connecting it to the existing enforcement devices on the network. The incremental ANA approach means that each phase adds functionality, and capabilities evolve as the organization gets familiar with the approach. The full ANA whitepaper details not only the phases described below but the technical considerations and best-practices in their deployment.

The ANA Phases are:

  • Phase 1: Secure Wireless with Guest Access
  • Phase 2: Contractor Access
  • Phase 3: Privileged User Role
  • Phase 4: Basic Wired Authentication
  • Phase 5: Comprehensive Role-based Access Control (RBAC)

Evolutionary Value-Add Across Five Phases

For most organizations, the best place to start an ANA rollout is on the wireless network. By design, wireless access points are fully 802.1X-capable, and because of the security risks of cleartext transmissions over the air, securing the wireless network with a key sent during the 802.1X handshake is a valuable function. Additionally, by broadcasting a second, open SSID, guests can be easily accommodated with the appropriate guest-management infrastructure on the PDP. Figure 1 showcases the secure wireless phase of ANA.

Phase 1 diagram

Figure 1: Phase 1 of an ANA deployment

After Phase 1, deployment progresses through the addition of contractor access in Phase 2; creation of the privileged-user role in Phase 3; rollout of wired user authentication (wired 802.1X) in Phase 4, and finally deployment of full roll-based access control (comprehensive RBAC) in Phase 5.

Comprehensive RBAC is the culmination of the ANA evolution. At this phase, all forms of network access are authenticated, and all forms of access support all desired roles. Roles are assigned via the PDP and are enforced equally across all access methods. Four roles are supported at this point of the ANA evolution: guest, contractor, employee, and privileged employee. More can be added as organizations get comfortable with their ANA deployment. Figure 2 shows this design.

Phase 5 diagram

Figure 2: Phase 5 of an ANA deployment

Conclusion

Adopting the ANA approach to security brings manageability to your network access policies and makes it much easier to restrict access to specific resources. The goal of ANA is not the wholesale replacement of the existing topology (further complicating the design) but rather the achievement of coherence in the infrastructure that's currently deployed. Download the ANA whitepaper to learn how you can achieve more coherent, consistent network security by implementing a central authority for policy decision making and auditing, and by connecting this central authority to your varied set of identity stores for authentication and authorization.

Read the Press Release »

Download the complete ANA Whitepaper »

View Webcast Series: ANA Overview and its evolutionary 5-phase deployment approach  »

Secure Network Access by Industry
» New Webcast Series:
ANA Overview and its 5-phase deployment approach

» ANA Press Release

» ANA Whitepaper

ANA solution in:

Enterprise
Prevent unauthorized users from accessing enterprise systems, corrupting corporate data, or consuming network bandwidth.
» Read more

Healthcare
Ensure confidential data and medical records are protected via secure wireless access.
» Read more

Education
Secure entire campus networks. Control laptop wireless access during regular classes, midterms and exams.
» Read more

Government
Launch a secure wireless instant area network in emergency situations, while maintaining network access control of diverse agency users with different needs.
» Read more
PRODUCTS | SOLUTIONS | INDUSTRIES | SUPPORT | RESOURCES | PARTNERS | NEWS & EVENTS | COMPANY
© 2008 Identity Engines, Inc. All Rights Reserved. Privacy Statement | Terms and Conditions