IT Infrastructure Transformation – VPN Services 0 Enterprise VPN Don Kendrick, VITA Senior Manager, Security Operations August 25, 2009.

Slides:



Advertisements
Similar presentations
| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.
Advertisements

McAfee One Time Password
Guide to Network Defense and Countermeasures Second Edition
Module 5: Configuring Access for Remote Clients and Networks.
The Remote Workplace Designing, deploying, and supporting the remote workplace environment Presented by: John Milhoan Information Technology Cooperative,
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Information Security in Real Business
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)
Network security policy: best practices
Virtual Private Network
Change Advisory Board COIN v1.ppt Change Advisory Board ITIL COIN June 20, 2007.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
DrayTek VPN Solution. Outline What is VPN What does VPN Do Supported VPN Protocol How Many Tunnels does Vigor Support VPN Application Special VPN Application.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Course 201 – Administration, Content Inspection and SSL VPN
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 IPSec or SSL VPN? Decision Criteria.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
Barracuda Load Balancer Server Availability and Scalability.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
Securing Microsoft® Exchange Server 2010
New Facilities & Disaster Recovery Solutions 0 February 20, 2007 Agency IT Resources Communications Exchange Meeting Facilities and Disaster Recovery Solutions.
DHCH IT Orientation Introduction to DHCH Computer and Information Systems.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Review of NWS IT Consolidation Efforts For HIC Meeting July 2006 Tom Schwein Team Leader of Desktop Management Tiger Team SOD CRH.
Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
A Web Based Workorder Management System for California Schools.
…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
BZUPAGES.COM. What is a VPN VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection "tunnel" path from a user's.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Information Systems Security
Session 7 - Maintenance - contract and day-to-day Maintenance Support Presenter  Grenville Powell (Managing Director - of Shokaz Integrated Computing.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003 Relatore: MCSE - MCT.
Summary - Part 2 - Objectives The purpose of this basic IP technology training is to explain video over IP network. This training describes how video can.
The Right Access for the Right People to the Right Applications under the Right Circumstances.
Implementing Microsoft Exchange Online with Microsoft Office 365
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Policies and Security for Internet Access
Secure Access Link (SAL): Supporting Cost Savings and Improving Secure Access.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
VIRTUAL PRIVATE NETWORKS Lab#9. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,
Agenda Current Network Limitations New Network Requirements About Enterasys Security Branch Office Routers Overall Enterprise Requirements Proposed Solution.
Avtec Inc Virtualization - Securely Moving to the Cloud.
Virtual Private Networks
Case Study: Cisco VPN Client
Getting Connected to NGS while on the Road…
Contents Software components All users in one location:
Session
Don Kendrick, VITA Senior Manager, Security Operations
Securing the Network Perimeter with ISA 2004
Configuring and Troubleshooting Routing and Remote Access
MCSA VCE
Real Microsoft Exam Questions and Answers
Disaster Recovery AITR Meeting Aug 25, 2009.
Disaster Recovery AITR Meeting Aug 25, 2009.
Microsoft Virtual Academy
Firewalls Routers, Switches, Hubs VPNs
VPN What, where, who, why when?.
Getting Connected to NGS while on the Road…
Presentation transcript:

IT Infrastructure Transformation – VPN Services 0 Enterprise VPN Don Kendrick, VITA Senior Manager, Security Operations August 25, 2009

IT Infrastructure Transformation – VPN Services 1 This document explains the ITP’s plan to improve network security by providing agencies with single and two-factor VPN options The presentation will cover:  Overview of VPN Offerings  Benefits  Deployment Approach

IT Infrastructure Transformation – VPN Services 2 VPN (Virtual Private Network) offers remote agency sites and users a secure internet connection to the VITA Enterprise Network A VPN connects remote sites and users together by securely routing remote private networks over the Internet without the need for end-users to acquire additional hardware or software As part of the ongoing transformation, the IT Infrastructure Partnership will begin transitioning all legacy VPN (Virtual Private Network) users to an Enterprise VPN Enterprise VPN access rights that can be tailored to individual users, such as employees, contractors, and/or partners to provide the right level of access to the VITA Enterprise Network Note: VPN offerings are subject to governing policies SEC501 and SEC511

IT Infrastructure Transformation – VPN Services 3 Security Related Benefits of VPN Single Point of Contact SOC Intrusion Detection Least Privileged Well-Defended Strong Cisco & Juniper support

IT Infrastructure Transformation – VPN Services 4 Non-Security Related Benefits of VPN Reduces Site Costs – Workers can work from home or other locations allowing agencies to lease smaller facilities Supports Telework Initiatives – Promotes the Commonwealth of Virginia’s telework initiative, helps the environment, provides the option of allowing employees to work from home or remotely, and reduces strain on the transportation infrastructure Supports Remote Business Meetings -- Bring services to your customers and extend geographic connectivity. Bring the power of your office to a client’s kitchen table, bedside, or work site Improves Productivity – Enable employees to work after hours more easily

IT Infrastructure Transformation – VPN Services 5 The ITP offers agencies single and two-factor authentication options for VPN access to the VITA Enterprise Network… This option is recommended for medium or low security data and application access. It only requires one factor to enable network access: the ID and password. Single-factor Authentication This is the most secure option. It requires two-factors to enable network access: ID and password plus key fob verification. Two-factor Authentication …agencies can choose one, both or a combination of the two options to meet differing levels of employee data security needs For low to medium data security needsFor high data security needs Factors UsedSingle = User ID and Password DeviceMust be partnership-provided Services* All applications that were accessible by http or https prior to Enterprise VPN migration will also be available under the single factor solution Additional Requirements Cisco VPN client, Centrally Managed Firewall Current virus definitions High Speed Internet Connection CostNo additional cost Factors Used Two = User ID and Password plus key fob DeviceMust be partnership-provided Services Full range of services that are not accessible with single factor, including access to agency “killer apps” Additional Requirements Cisco VPN client, Centrally Managed Firewall Current virus definitions High Speed Internet Connection CostTBD additional cost *See appendix for complete list of ports supported by the single-factor solution

IT Infrastructure Transformation – VPN Services 6 Most users are upgraded to enterprise VPN during transformation Deploy VPN Across the Full Enterprise Deployment Approach  IT Infrastructure Partnership will begin transitioning most legacy VPN (Virtual Private Network) users to the Enterprise VPN following their agency’s messaging and network transformations  In order for single-factor or two-factor VPN to be installed, agencies must be cross-connected to the MPLS network  Single-factor VPN also requires a synchronized agency user base directory, with COV accounts for those receiving VPN services  Two-Factor Processes  Initial request, approval, and support processes  Catalog process  Other  AITRs will need to identify VPN needs within their agencies and approve all VPN requests  Migration will consist of an initial “bulk migration” to single-factor authentication at the agency sites  Post-transformation requests for single-factor VPN should be routed through the VCCC Service Desk by calling Token requests, a requirement for the two-factor solution, must be entered in eVA. Single-Factor Pilots and Evaluations Transform Top 20 Agencies

IT Infrastructure Transformation – VPN Services 7 Single-factor Enterprise VPN Agency Migration Process Responsibilities Transformation Project Objective Convert legacy VPN users to CESC-based single-factor VPN or add new users to this solution PRE-MIGRATION Agency Provide list of all people getting VPN IT Partnership Team Verify data accuracy Agency Provide list of all people getting VPN IT Partnership Team Verify data accuracy POST- MIGRATION Agency Sign acceptance documents IT Partnership Team Add individual users as required Agency Sign acceptance documents IT Partnership Team Add individual users as required DURING MIGRATION Agency Distribute job aids to users IT Partnership Team Establish accounts Distribute Cisco VPN software to target machines Test connectivity Notify VCCC that agency has transitioned Agency Distribute job aids to users IT Partnership Team Establish accounts Distribute Cisco VPN software to target machines Test connectivity Notify VCCC that agency has transitioned

IT Infrastructure Transformation – VPN Services 8 Two-factor Enterprise VPN Agency Migration Process Responsibilities Transformation Project Objective To migrate existing agency-based two-factor users to the CESC-based system or to add new two- factor users as appropriate PRE-MIGRATION Agency Decide how many agency end-users will need two-factor authentication so that the correct number of key fobs are provided to the agency Identify any legacy VPN users Provide a list of users who need new key fobs and the key fob serial numbers from any legacy users IT Partnership Team Verify data accuracy with agency personnel Agency Decide how many agency end-users will need two-factor authentication so that the correct number of key fobs are provided to the agency Identify any legacy VPN users Provide a list of users who need new key fobs and the key fob serial numbers from any legacy users IT Partnership Team Verify data accuracy with agency personnel POST- MIGRATION Agency Sign acceptance documents IT Partnership Team Add individual users as required Agency Sign acceptance documents IT Partnership Team Add individual users as required DURING MIGRATION Agency Distribute appropriate training materials and job aids Provide testers to ensure correct operation Agency ISO distributes key fobs to end-users IT Partnership Team Load key serials Set up user accounts Load Cisco VPN client on all target machines Test functionality Notify VCCC that agency has been cut over Agency Distribute appropriate training materials and job aids Provide testers to ensure correct operation Agency ISO distributes key fobs to end-users IT Partnership Team Load key serials Set up user accounts Load Cisco VPN client on all target machines Test functionality Notify VCCC that agency has been cut over

IT Infrastructure Transformation – VPN Services 9 Questions?

IT Infrastructure Transformation – VPN Services 10 Appendix

IT Infrastructure Transformation – VPN Services 11 The single-factor solution will allow users to access systems operating under the following ports: permit tcp any any eq 80permit tcp any any eq 143 permit tcp any any eq 443permit tcp any any eq 993 permit tcp any any eq 53permit tcp any any eq 110 permit udp any any eq 53permit tcp any any eq 995 permit tcp any any eq 389permit tcp any any eq 25 permit udp any any eq 389permit udp any any eq 25 permit tcp any any eq 135permit tcp any any eq 88 permit tcp any any eq 445permit udp any any eq 88 permit udp any any eq 138permit udp any any eq 123 permit tcp any any eq 139permit tcp any any eq 123 permit udp any any eq 137

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.