Secure Network Connectivity Claus Jespersen Solution Architect (the new) HP

Secure Connected Infrastructure Comprehensive Security Management & Operations Secure Network Connectivity Integrated Solution for Identity Management Directory Services (AD & MMS)Directory Services (AD & MMS) Authentication (PKI, Kerberos, Passport)Authentication (PKI, Kerberos, Passport) Authorization (ACLs, Roles, Federation)Authorization (ACLs, Roles, Federation) Policy based management (GP, and GPMC)Policy based management (GP, and GPMC) Secure Internet connectivitySecure Internet connectivity Secure remote accessSecure remote access Secure wireless networksSecure wireless networks Tools (MBSA, MSUS)Tools (MBSA, MSUS) Guidance (MOC, PAGs, Security Best Practices)Guidance (MOC, PAGs, Security Best Practices) Services (MSQS, PSS, & professional services)Services (MSQS, PSS, & professional services)

Network Access Challenges High management overhead  Multiple points of network access  Multiple user databases & identities  Desktop intelligence, network presence Vulnerable to unauthorized access  Data encryption over open networks  Weak credentials on VPN  Weak wireless security via WEP LAN Wireless LAN VPNGateway Firewall Identity Repository Shift from traditional networks to bubble networks

Business objective for Bubble networks Easier B2B communication Easier B2B communication Compartmentalize risk Compartmentalize risk Make applications/solutions available inside and outside of company xyz. Make applications/solutions available inside and outside of company xyz. Reorganize, acquire, rapid ajust access to network resources Reorganize, acquire, rapid ajust access to network resources Desktop users can collaborate directly with business partners (netmeeting etc.) Desktop users can collaborate directly with business partners (netmeeting etc.)

High Network Security Low Host Security One Compartment Company wide risk TodayTomorrow Balanced Network and Host Security Several compartments Localized risk.NET supports this new way of thinking

Secure Internet Connectivity Firewall Challenges:  How to control Internet access based on userid  How to control the use of bandwith  How to control external access to internal resources  How to manage multiple Internet access points  How to secure client desktops accessing the Internet  How to protect your internal assets ICSA certified Firewall (ISA server) Software Update Server Service.NET extended authentication Software Restriction policies

Secure Remote Access Home Office or hotspot Wireless LAN VPN client VPNGateway Firewall Challenges  How to authenticate remote users and business partners  How to force policies on corporate desktop clients  How to control use of personal firewalls and anti virus  How to keep up with security updates  How to handle dynamic ”client location” (standby/hybernate)  How to separate home office lan and access to corporate network  How to integrate smart cards, access tokens VPN Server (RRAS), Radius Server (IAS), Personal Firewall, PKI and SmartCard support Software Restriction Policies.NET extended policies AuthenticationServer

Secure Wireless Networks Home Office or hotspot Wireless LAN VPN client Firewall Challenges  How to force policies on desktop clients  How to control use of personal firewalls and anti virus  How to keep up with security updates Certificates (PKI) x support in.NET Radius (proxy) server Client -> Server VPN on top of wireless Support for Smartcards Built-in Personal firewall VPNGateway AuthenticationServer