Apollo’s user-authentication process uses EAP (Extensible Authentication Protocol) in conjunction with the TLS (Transport Layer Security) protocol. Together these protocols provide a means for mutual authentication between the Anywhere Client and the PAS authentication server using digital certificates. Because authentication is conducted immediately after the L2TP encrypted tunnel has been established, none of the authentication packets are transferred in plain text.
The Apollo Platform has full certificate based logon and can support many authentication schema including EAP-TLS, Certificate, SecurID, Soft Token, Active Directory, RADIUS and many more. It also supports device level authentication for managing Layer 2 access to bearers such as Wi-Fi and WiMAX as well as PPPoE for bearers such as IP Wireless modems or DSL routers.
Apollo Anywhere Clients manage the authentication certificate and certificate store and can be revoked at any time. If the certificate is allowed to expire the authentication process will fail unless the client has received a new valid certificate. Other certificate management features include single sign on for a user across multiple devices and networks, integration with Active Directory (Multiple X509 Certificate Management), Smartcard auto logon/logoff, Windows Gina for device lockdown, remote device KILL for compromised devices before an IP address is issued and full device security.
Apollo also has a built-in firewall which gives added security benefits to the network. The Apollo Anywhere system is fully capable of operating across networks employing Networks Address/Port Translation commonly found in home, public and mobile carrier networks and which is useful for protecting private networks. The Apollo solution can use any IP address schema for its client pools including none routable reserved address space.
Apollo's device authentication is performed using encoded MAC addresses which is, in turn, used to perform session validation before user-level credentials are submitted. This provides early warning and detection of black-listed clients prior to any authentication-layer processes occurring Learn More
Apollo employs an extremely efficient and high performance AES 256 VPN dynamic tunnel that adds security to data moving across any wide area network. It works with NAT and PAT environments and does not fail in out of coverage situations. Dynamic session keys ensure the highest level of security. Apollo is able to manage split tunnel authentication supporting sessions over multiple simultaneous bonded bearers Learn More