Check Point intros next phase of SVN architecture

Check Point Software Technologies has introduced the second phase of its secure virtual network (SVN) architecture, providing security for eBusiness applications.

The strategy will encompass two new products: UserAuthority, an add-on module to the company’s VPN-1, and UserAuthority API.

One of the challenges companies have faced is that they thought of firewalls as literally being a big wall around the corporate network, impeding eBusiness, said Raymond Kruck, Open Platform for Security (OPSEC) alliance manager for Check Point. And the way to enable eBusiness was to either put a large hole through the firewall by opening a bunch of ports to get the custom applications through, proxy around the firewall, or to put the firewall off to the side.

“What we decided to do was address the problem of users being able to navigate from different networks that they may have authenticated with different mechanisms,” Kruck explained. “They may have come from a NT environment — how do they get over to a Unix environment? Or they may have come with various other applications that need a common infrastructure to be able to communicate with the other network.

“What we want to deliver with SVN is a common security language for applications and users to provide interoperability across different systems and to provide a seamless deployment for users.”

This second phase involves taking Check Point’s core architecture and extending it through an API up to the applications, he said.

The company explained that SVN II will enable unified communications across intranets, extranets and the Internet.

Check Point’s VPN-1/FireWall-1 gateways are able to share user authentication information with applications behind the firewall, and verify who the user is through things such as PKIs, tokens and passwords.

But it is UserAuthority that enables a company’s eBusiness applications to interoperate with security measures used by applications on other corporate networks.

“Now what we’re doing is making applications aware of the network security infrastructure, and turning it the other way around to truly provide an integrating point via the UserAuthority API — to integrate them to allow them to make intelligent user authorization decisions,” Kruck said. “We basically pass up user authentication data and network session data to the application to achieve this.”

Jeff Rykal is the director of PC network support for Chicago-based Equity Residential, a real estate investment company with offices across the U.S. The company currently uses the VPN-1 firewall, which means the only users that can securely access the network are people within the company, such as regional and area offices. Rykal said the SVN II is something that it is considering.

Because the company deals with so many other businesses — such as painters and carpenters — as well as with its other locations, the announcement is something that makes sense, he explained.

“It would be nice to be able to have interaction with our vendors, to come in and drop off invoices, for example, to make things a little more automated,” Rykal said.

Equity Residential is trying to find a fit for the offering right now, he explained.

“A lot of it would be working with the other vendors we work with to make sure they’re willing to jump on board. That’s probably the hardest part right now.”

Security is top priority, he added, especially as the company gets larger because it then becomes more of a target to hackers.

System requirements for the UserAuthority gateway include software — VPN-1/FireWall-1 v4.1 SP1 or higher –and Windows NT or Solaris. The UserAuthority Client runs on Windows NT, Solaris or HP-UX.

Check Point, in Redwood City, Calif., is at