ISSA Presentation. Agenda Remote Access Evolution SSL VPN Drivers Why SSL VPNs Basic Deployment Security vs. IPSec The New Security Concerns Addressing.

Slides:

Advertisements

Similar presentations

Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,

Advertisements

©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Best Practices to Secure the Mobile Enterprise Macy Torrey

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

Network Security Essentials Chapter 11

Enabling IPv6 in Corporate Intranet Networks

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Guide to Network Defense and Countermeasures Second Edition

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Mike Bayne 15 September 2011

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Module 5: Configuring Access for Remote Clients and Networks.

Dell SonicWALL E-Class Secure Remote Access (SRA) Overview

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Software SSL VPN Solutions Technical Overview Thorsten Schuberth Technical.

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Firewalls: General Principles & Configuration (in Linux)

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

© 2005,2006 NeoAccel Inc. Training Access Modes. © 2005,2006 NeoAccel Inc. Agenda 2. Access Terminals 6. Quick Access Terminal Client 3. SSL VPN-Plus.

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Computerized Networking of HIV Providers Networking Fundamentals Presented by: Tom Lang – LCG Technologies Corp. May 8, 2003.

Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

Course 201 – Administration, Content Inspection and SSL VPN

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Gavin Carius Architect Microsoft Services SVR311.

Clinic Security and Policy Enforcement in Windows Server 2008.

1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

Secure Mobility Mobile Connectivity with Network Integrity via SSL VPNs & Mobile Clients Raymond Cushman Territory Manager Great Lakes District.

Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential Policy and Configuration Compliance for Devices Connecting to the Wireless Network.

Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.

©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Network Access Technology: Secure Remote Access S Prasanna Bhaskaran.

Module 11: Remote Access Fundamentals

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

Module 5: Configuring Access for Remote Clients and Networks.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Securing Remote Access With SSL VPNs: A Best Practice Primer Sikhi Gundu and Kartik Kumar, Juniper Networks India Pvt Ltd.

Configuring Network Access Protection

NETWORK INFRASTRUCTURE SECURITY Domain 5. Computer Security “in short, the average computer is about as secure as a wet paper bag, and it is one of the.

SonicWALL SSL-VPN Series Easy Secure Remote Access Cafferata Cristiano SE Italia.

Security fundamentals Topic 10 Securing the network perimeter.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Asif Jinnah Field Desktop Services Enabling a Flexible Workforce, an insider’s view.

Ton den Braber Channel Manager Benelux Dell SonicWALL The Promises and Pitfalls of BYOD.

©2004 Check Point Software Technologies Ltd. Proprietary & Confidential Moving Beyond the Perimeter with Intelligent Security Alfredo Cusin Channel Mgr.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

TOP 5 Reasons to Migrate IPSec VPN to SSL VPN. 1)Reduce remote access costs by eliminating client software installation, configuration, and maintenance;

Security fundamentals

Barracuda SSL VPN 2012.

Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.

Secure Connected Infrastructure

IS4550 Security Policies and Implementation

Check Point Connectra NGX R60

Implementing Client Security on Windows 2000 and Windows XP Level 150

Designing IIS Security (IIS – Internet Information Service)

LM 5. Wireless Network Security

Presentation transcript:

ISSA Presentation

Agenda Remote Access Evolution SSL VPN Drivers Why SSL VPNs Basic Deployment Security vs. IPSec The New Security Concerns Addressing the Concerns What to Look for in a Vendor

The Evolution of Remote Access ThenNow A service for a select few A must-have utility for all Cost centerProductivity Lever Best effort performance and up-time Always up, high performing Carrier-based Network independent Anywhere there’s a phone line Anywhere

The Evolution of Remote Access ThenNow A PC you support Any PC Static Passwords One-Time Passwords Dial-Back Modems Device Profiling What’s a virus? Must address all malicious code “They have the Internet on computers?” “I know more about this than you do.”

Day Extenders Extranet Users Home Office Users Traveling Employees Kiosk Users Wireless LAN Users Pocket PC Users The Shift to SSL VPNs Enterprises are seeing a new kind of remote access: Harder to manage: Access from devices outside of IT’s control Demanded by more users: Broader employee access, partner access New devices and access points: Wireless hotspots, airport kiosks, home PCs Corporate Network

The Shift to SSL VPNs SSL Addresses the Emerging Demands Impervious to NAT Leverages a commonly open port (443) Indifferent to type of network Does not require a client Supports broad application types Easier to support and deploy Intuitive User Experience

Basic SSL VPN Deployment SSL VPN tied to authentication system, DNS and applications Presents web resources and available shares as links to the user Authenticates users, encrypts to the end node, applies granular ACLs to the user traffic, detailed audit All traffic goes over port 443, regardless of original protocol Uses browser-deployed agent to handle C/S applications Like an IPSec VPN, the SSL VPN is the point of security enforcement for in-bound users. Web Apps Client/Server Apps Legacy Apps File Shares Databases Terminal Services Mainframes SSL VPN Appliance Applications Directories DMZ SSL VPN Encrypted, Authenticated, and Authorized Traffic via the Internet Corporate Laptops Wireless Hotspots PDAs Home PCs Kiosks Partner Extranets

Security vs. IPSec Security Category Result moving to SSL VPN from IPSec EncryptionNo change AuthenticationNo change or Improved Access ControlImproved Perimeter ProfileImproved Logging and ForensicsImproved Web SecurityImproved End-Point SecurityImproved

The New Security Concerns Access from unmanaged locations Sensitive data inadvertently left on device Sensitive data intentionally captured Sensitive data saved by legitimate user Unmanaged device is virus vector Unmanaged device can be hijacked Device Anonymity Difficult to tell provisioned devices from others Access Modulation Authenticating the user alone is not enough to determine the appropriate level of access.

How the Threats Get Addressed Sensitive Data Inadvertently Left Behind Cache Clearing Technology Session File Encryption and Deletion Data Captured (Spyware, Keystroke Logger) Pre-auth Spyware Scan WholeSecurity, Zone Labs, Sygate Data Saved by Legitimate User Session File Encryption and Deletion Restrict Location for Certain Groups

How the Threats Get Addressed SSL VPN End-Point is Virus Vector A/V and PFW Policy Enforcement Built into SSL VPN Adjust ACLs when A/V is absent or not updated Remediate workstation when appropriate Deny connection in extreme cases

How the Threats Get Addressed Device Anonymity Restrict Source Domain Scan Device and Registry to Identify: Domain Membership O/S Search for Secret File Look for Watermark Use Digital Certificate Restrict by O/S

How the Threats Get Addressed Access Modulation Create “3-D” Security Policy User Device Location Adjust ACLs On-The-Fly Based on Combination of Factors   Trusted Device Application/Process Directory/File Registry key Windows domain Anti-Virus Personal Firewall Aventail Cache Control Aventail Secure Desktop Device Profile: IT-Managed in.xyz.seattle.com or in.xyz.phoenix.com Norton AV Sygate   Data Protection  Semi-Trusted Device Application/Process Directory/File Registry key Windows domain Anti-Virus Personal Firewall Aventail Cache Control Aventail Secure Desktop Device Profile: Home Machine  Norton AV   Sygate or Zone  …HKEY_LOCAL_MACHINE \SW\Symantec\SharedDefs    Un-Trusted Device Application/Process Directory/File Registry key Windows domain Anti-Virus Personal Firewall Aventail Cache Control Aventail Secure Desktop       Data Protection      

What to Deploy with SSL VPN Strong (True Two-Factor) Authentication Dynamic A/V and Malware Scanning Updated Acceptable Use Policy for Employees and Partners Web-Based Mail Logical Directory Groups

What to Look for in a Vendor Appropriate Scale Application Support Multiplatform Support Support for 3-D Security Model Device Scanning (Pre-Auth) End-Point Data Protection Cache Clearing Data Encryption and Deletion Application Detection

Thank You Scott Stanton

PDF Files Resources Aventail SSL VPN Technical Primer US Aventail Ex-Family Product DataSheet Aventail IPSec VPN vs SSL VPN WP-A4 Aventail End Point Control White Paper