There is a critical need in the enterprise to control employee, guest and partner access to network and server resources in order to prevent unauthorized access and theft of information and to prevent malicious, destructive activities in the form of denial- of-service attacks and damaging viruses and worms. The network administrator needs the flexibility to configure and manage who has access, under what conditions, and the level of access to network and server resources. The administrator also needs the ability to deny access, either proactively or reactively, to unauthorized or misbehaving clients. Current compliance laws also require accurate reporting and monitoring of all activities related to access to critical resources.  What is available today is a mishmash of access control architectures and access enforcement technologies.

• Identify who is requesting access
• Evaluate its “posture” or “health”
• Permit or deny access based on some organizational policies
• Provide remediation services for non-compliant hosts
• Constantly re-evaluate posture
• Constantly monitor for mis-behavior

This may need to be done at multiple points along the communication path:

• At network access devices
• VPN gateways
• Datacenter access
• Application servers

eTIPS addresses the problem space of configuration and enforcement of network and service access.  Specifically:

• Control who has access, under what conditions, and what level of access
• Deny access, either proactively or reactively, to unauthorized or misbehaving clients

In order to

• Prevent unauthorized access to resources and theft of information
• Prevent malicious destructive activities such as DoS attacks and damaging viruses or worms

eTIPS is a policy decision system that was designed to directly address the problem space described above. eTIPS provides a single paradigm for policy configuration and management that can be applied to all the emerging access control architectures and mechanisms.  eTIPS implements the following high-level functions to address this problem:

• Contains user-defined policies for access control and rules for making access control decisions
• Implements industry standard protocols and mechanisms to exchange identity and posture credentials with devices
• Interacts with 3rd party identity systems and posture validation systems as part of the decision-making process
• Downloads decisions and enforcement rules to existing network and system infrastructure

The design philosophy behind eTIPS is to:

• Consolidate identity management, access control policies, trust determination under a single policy management system
• Integrate with existing systems and solutions to leverage other vendor functionality through well-defined APIs
• Enforce policies using mechanisms embedded in network devices and server systems
• Support both proactive and reactive evaluation and enforcement

The value provided by eTIPS to customers is to:

• Reduce operational complexity and cost by consolidating user and device authorization, access control, and trust determination under a single policy management system
• Eliminate the repetitive configuration on multiple systems avoiding potential inconsistent and unpredictable results
• Integrate with existing systems and solutions to leverage other vendor functionality through well-defined APIs
• Enforce policies using existing mechanisms embedded in network devices and server systems
• Support both proactive and reactive evaluation and enforcement
• Extensible architecture to support new frameworks and access, enforcement and threat mitigation technologies provides investment protection
• Unified policy interface for maximized IT staff productivity-level and rapid troubleshooting
• Significantly lower operational costs