Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2005,2006 NeoAccel Inc. Training Endpoint Security.

Published byHarvey Phelps Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2005,2006 NeoAccel Inc. Training Endpoint Security."— Presentation transcript:

1 © 2005,2006 NeoAccel Inc. Training Endpoint Security

2 © 2005,2006 NeoAccel Inc. Helen of Troy Troy had the strongest walls and hence it was impossible to break into the city Trojans were led by Hector, best of many sons of Priam ! Trojans had employed defending parameters to protect enemies to break the gate and wall !

3 © 2005,2006 NeoAccel Inc. Troy and Trojans The only point of access into the city was through the “Gate” Greeks fought for 10 years, but could not get through the Troy defense !

4 © 2005,2006 NeoAccel Inc. Break into perimeter security Trojan Horse !!! Sinon mislead Trojans by telling them Odysseus is his enemy now.

5 © 2005,2006 NeoAccel Inc. Come to 21 st Century Corporate Network Access to only known services Managed LAN hosts accessing managed server and resources 24X7 managed control and corporate policy compliance Perimeter Security

6 © 2005,2006 NeoAccel Inc. A Hole in Perimeter Security Corporate Network Remote access to authorized users Remote Access Server, right there sitting in your LAN, providing access to your managed resources Unmanaged or out of control access point

7 © 2005,2006 NeoAccel Inc. What’s the security risk? User may be authorized, but the medium of access- ’The host machine’ may not be! “We have strong authentication mechanisms. Only authorized users can access the network. What’s the security risk?” An authentic authorized user will run only authorized applications, but other hidden programs like virus, trojans, spy-wares are free birds ! They can access what the user should not be accessing.

8 © 2005,2006 NeoAccel Inc. Example… An authorized user, knowingly or unknowingly, may lead to a security breach Of course you are carrying a passport, you need to get through security check Just Authentication is not enough for secure remote access. Showing your passport at airport

9 © 2005,2006 NeoAccel Inc. Then what! Need a mechanism to deploy effective Endpoint Security Policy Management and Compliance NeoAccel SSL VPN-Plus has this feature and we call it EndPoint Security (EPS)

10 © 2005,2006 NeoAccel Inc. End Point Security: Introduction EPS is meant for user’s machine’s security, hence securing corporate network EPS checks if the user’s machine complies to corporate policies and can be allowed to connect to corporate network e.g. It should have Anti Virus Software running, Firewall running, Latest security patches, Etc. Your luggage is checked on airport for Explosives, Sharp objects, Your health status is also checked

11 © 2005,2006 NeoAccel Inc. End Point Security: Introduction EPS scans user’s machine and decides the trust (security) level (or zone) of your machine and you are provided access based on the zone your machine fall into. EPS is authorization of your machine. Trust level set by your identity is always overridden by Trust level of your machine.

12 © 2005,2006 NeoAccel Inc. Scan host machine for required software and cleanliness User logs in using NeoAccel SSL VPN-Plus Client SSL VPN-Plus: Endpoint Security Check for Firewall Check for OS Patches Check for Anti-Spy Wares Check for Desktop Search engine Check for Browser Security Settings Check for Key loggers Check for IP-forwarding & network bridging Check for Antivirus Check for customized files/process/service/port Real time End-point security checks keeps the host safe. NeoAccel SSL VPN Plus Gateway Security level of host machine is calculated and is sent to gateway. Depending upon security level, Gateway decides how much access to be given to remote user. Remote desktop Web-mail (http) File sharing FTP Private network resources Remote user Next

13 © 2005,2006 NeoAccel Inc. NeoAccel Management Server Endpoint Security Zone Definition File Zone name, Zone Trust Level, Associated EPS policy list, Associated ACL list Endpoint Security Policy Database Rules to scan host machine User information database Group, password (if local database) Group Definition File Group name, Group ID, Associated Users, Associated ACL list, Authentication server type and address Access Control Policy Database Input to Gateway Input to Client through gateway Endpoint security Client DAT file EPS policy and Zone levels Level 1- Endpoint host integrity based authorization mechanism. Highest priority Level 2- User identity based authorization mechanism. Lower priority System Architecture

14 © 2005,2006 NeoAccel Inc. NeoAccel Gateway Module Host Scanning DAT file NeoAccel Client Application Host Scanning Engine User Login challenge handshake protocol Start Scan the host and calculate security level Read rules to execute Update DAT file from gateway Login Client Sends Security level of machine Apply Access control over this connection Endpoint Security Zone Definition File Zone name, Zone Trust Level, Associated EPS policy list, Associated ACL list Endpoint security Client DAT file EPS policy and Zone levels Access Control Policy Database If new version DAT file is available, send EPS DAT file. Client Sends Client information: Client Version EPS DAT Version If upgraded client is available, gateway sends upgrade notification Query Access Control Policies for current zone level. TCP & SSL Handshake Gateway Queries Current Security level of host machine Endpoint Host machine integrity based Level 1 Authorization

15 © 2005,2006 NeoAccel Inc. Two level of authorization –Level 1: Trust level of machine –Level 2: Identification of user Endpoint Security Policy Management Capabilities Can create 40 security zone profiles Most intuitive and easiest interface to create EPS policies Check for system security settings and status and security software or custom policies Browser cache cleanup, visited URL cleanup, cookies cleanup, downloaded program files, Java cache Blocks printing, copy-paste, saving file from browser to disk Factory default rules and policies for quick deployment Fine grained custom policy creation UI Auto update of EPS policies Support on windows and Linux Timely updates for EPS policy database with release of new software and service packs EPS: Features

16 © 2005,2006 NeoAccel Inc. Option to specify information for users to troubleshoot or raise security level of machine Automatic enabling of certain mandatory services Sense presence/absence of specified applications/processes –Notify user to install required applications –Blocks black listed applications Real time scanning On the fly updating of ACLs in case change in security zone is detected Provides architecture for Endpoint Vulnerability Checking for administrators Completely transparent to user EPS: Features…contd

17 © 2005,2006 NeoAccel Inc. Endpoint Security policies EPS policies can be added/modified/deleted from here EPS Policy Definition Screen

18 © 2005,2006 NeoAccel Inc. Creating an EPS policy as a set of already existing EPS policies EPS Policy as set of EPS policies

19 © 2005,2006 NeoAccel Inc. EPS Policy as set of new rules Add process/files/port/registry base rules

20 © 2005,2006 NeoAccel Inc. EPS Zone Creation screen Lower the security level, more stringent will be the EPS policies Associate EPS policies. a machine will fall in this zone if all the checked policies are satisfied Associate Access Control Policies which will be applied to connections from host machine falling in this zone

21 © 2005,2006 NeoAccel Inc. Can create custom policies for –Files Modification time Size Version (binaries) –Process Existence Owner Status –Registry Values Existence –Open ports State; open/close/listen –Service State –Digital signatures Existence based on parameters; CN, private key Validity –Loaded drivers –Key loggers EPS: Custom Policies

22 © 2005,2006 NeoAccel Inc. Policies exist for –System security settings: Browser type and version Browser security level IP forwarding Bridging –System status OS version Service packs Security patches Auto-update service status –Security software: Anti virus; TrendMicro, AVG, McAfee, Symantec, Sophos, Alladin Firewall; McAfee, TrendMicro, AVG, Zone alarm Anti-spyware; Microsoft, McAfee, AVG, TrendMicro Desktop Search Engines; Google And many more… EPS: Factory defined policies

23 © 2005,2006 NeoAccel Inc. Complete system monitoring to track the application cache or files saved from private network to local machine. Either the user is disallowed to save the data or is cleaned after logout based upon type of data stored. This feature is normally not present for full access clients or is implemented using third party secure desktop products. EPS: Cache Cleanup

24 © 2005,2006 NeoAccel Inc. Scanning Status This dialog may appear at the time of login (before authentication). The dialog shows that client machine does not satisfies all security policies. User should enable the policies that has failed to get maximum access rights. Next Enable Windows firewall for each physical adapter to pass endpoint security check.

25 © 2005,2006 NeoAccel Inc. Virtual Keyboards Virtual Keyboard to mitigate Key-logger threats. Next Though OS take care of not displaying password in plain text but it is still hack-able. SSL VPN-Plus Client never passes password to OS GUI. Hence mitigate threat from password crackers.

Download ppt "© 2005,2006 NeoAccel Inc. Training Endpoint Security."

Similar presentations

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
AVG Internet Security 7.5 Product presentation.

AVG Internet Security 7.5 Product presentation.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Software SSL VPN Solutions Technical Overview Thorsten Schuberth Technical.

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Software SSL VPN Solutions Technical Overview Thorsten Schuberth Technical.
Remote Access Network Management Kelly Given Allison Traina.

Remote Access Network Management Kelly Given Allison Traina.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
14.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
NETOP ONDEMAND What’s new in version 2.1? DECEMBER 09 NETOP ONDEMAND1.

NETOP ONDEMAND What’s new in version 2.1? DECEMBER 09 NETOP ONDEMAND1.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.

Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.
© 2005,2006 NeoAccel Inc. Training Access Modes. © 2005,2006 NeoAccel Inc. Agenda 2. Access Terminals 6. Quick Access Terminal Client 3. SSL VPN-Plus.

© 2005,2006 NeoAccel Inc. Training Access Modes. © 2005,2006 NeoAccel Inc. Agenda 2. Access Terminals 6. Quick Access Terminal Client 3. SSL VPN-Plus.
Installing Samba Vicki Insixiengmay Jonathan Krieger.

Installing Samba Vicki Insixiengmay Jonathan Krieger.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.

11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Similar presentations

Ads by Google