HIPclients and HIPservers
Tempered Networks provides application-based HIPservices called HIPclients and HIPservers, in addition to our hardware, vitual, and cloud-based HIPservices. They are designed for desktops, laptops, and servers to provide encrypted access from anywhere in the world, over any network. A HIPclient or HIPserver is like any other HIPservice except that it protects the device on which it is installed.
HIPclients (Windows, macOS, iOS, and Android)
A HIPclient enables granular remote access to the network resources for employees, contractors, and vendors, without complex management of certificates, ACLs or IPSec tunnels.
HIPservers (Windows and Linux)
Serving as the network boundary and security perimeter for its protected workload, the HIPserver can be deployed with little no changes to existing infrastructure and eliminates the complexity associated with traditionally separate network and security controls.
A workload protected by a HIPserver can be cloaked and made undiscoverable by unauthorized systems. Server access is then restricted to only other authenticated and authorized HIPservices connecting from any network, significantly reducing the network attack surface.
HIPclients and HIPservers are a better alternative to virtual private networks
A virtual private network (VPN), while providing a host-to-network tunnel, lacks segmentation once authenticated and inside the network. In contrast, a HIPclient or HIPserver allows secure access to mutually-authenticated and authorized machines only, making it easy to create private workgroups that are invisible and inaccessible to others, even from clients that may have valid user or application credentials. This allows devices to be logically segmented, connected, and protected in a manner that VPNs and firewalls cannot achieve.
Benefits
- Universal Mobility: Instant Access and Revocation from Anywhere
- Granting and revoking HIPclient access to individual resources on the network is simple and instant. The security context and ability to connect clients to specific resources never changes, regardless of where a user may be coming from – the LAN, WAN or Internet. The result is access from anywhere in the world, without the complexity and inflexibility of VPNs.
- HIP Invite: Automate Rapid Deployment and Access
- Automate user device access using HIP Invite to create secure and segmented access to individual resources, not entire networks. Provide email addresses, and as users download and add their machines, they’ll have access to only the specific systems they’re allowed and cannot see or access others, even if those systems reside on the same network. This significantly simplifies the time-consuming and complex process of getting people access to resources on the network.
- Seamless and Transparent Multi-Factor Authentication (MFA)
- Once the HIPclient is installed on a device, it now has an immutable and unique machine identity. Unlike port forwarding that enables arbitrary connections with no requirement for authentication, HIPclients are authenticated and authorized based on their trusted machine identity before a peer-to-peer encrypted connection is established and credentials used. User authentication can now be easily integrated with device-based authentication, overcoming much of the complexity associated with attempts to extend directory services to include device-based trust.
- Private Workgroup Networks: Protect Intellectual Property and Sensitive Data
- Our customers easily and quickly create overlay networks to isolate and control access to critical systems. For example, this includes controlling administrator access to network and security infrastructure to eliminate the threat of a hacker gaining access to those systems through a system’s local management interface. Another example is creating private workgroups for DevOps, Executive, HR, and PCI teams to protect intellectual property and sensitive data from being breached by unauthorized machines with access to the same network.