SlideShare a Scribd company logo

Virtual private network

VINAY GATLA
VINAY GATLA

This document discusses virtual private networks (VPNs) and network access control (NAC). It defines VPNs as creating a secure "tunnel" across a public network like the internet to extend a private network. The two endpoints are the local and remote machines. NAC systems enforce network access policies to control which devices and users can access the network, placing non-compliant devices in quarantine if needed. NAC capabilities include policy management, profiling devices, guest networking access, security checks, and integration with other security systems.

1 of 20
Download to read offline
Fundamentals Of Virtual Private Network & Network Access Control Vinay@
• Virtual Private Network • Network Access Control INDEX/ Vinay@
A VPN is an extension of an enterprise's private intranet, across a public network (Ex:Internet), through the creation of a secure, authenticated and encrypted "tunnel" Virtual Private Network Vinay@
The two endpoints in deevice VPN are referred to as: • Local - First endpoint is the local machine itself. • Remote - Second endpoint is the remote peer - the machine you are trying to establish a VPN connection to, or the machine which is trying to establish a VPN connection with you. Virtual Private Network Note:VPN allows you to configure required IPsec, L2TP, PPTP and SSL VPN connections and connections with a ANY VPN Client Protocols:Internet Protocol Security (IPsec),Layer Two Tunneling Protocol (L2TP) Point-to-Point Tunneling Protocol (PPTP),Secure Socket Layer (SSL) Vinay@
Internet Virtual Private Network Remote Access Intranet 1 Intranet 3 Intranet 2 Secure-tunnel Vinay@
VPN ØEasy, secure access to enterprise networks and resources:Remote users and remote locations can access required information whenever they need to and from wherever they are ØInternet access is available worldwide, where other forms of connectivity may be either not available or may be more expensive Vinay@
Types VPN Connections • Remote Access – This type of VPN is a user-to-internal network connection via a public or shared network. Many large companies have employees that need to connect to the internal network from the field. These field agents access the internal network by using remote computers and laptops without a static IP address. • Site to Site – A Site to Site VPN connects an entire network (such as a LAN or WAN) to a remote network via a network-to-network connection. A network-to-network connection requires routers on each side of the connecting networks to transparently process and route information from one node on a local LAN to another node on a remote LAN. • Host to Host – Host to Host VPN connects one desktop or workstation to another station by way of a host-to-host connection. This type of connection uses the network to which each host is connected to create a secure tunnel between the two. Vinay@
Remote Access – Vinay@Vinay@
Site to Site Vinay@
host to host Vinay@
VPN Case Study Ex: 1. Remote Access Scenario Issue : High administrative workload cost, expensive 800 or long distance costs Solutions: VPNs exploit world-wide ISP reach and lower connectivity and administrative costs 2. Internet1 to Internet 2 Connection Scenario Issue: Expensive Leased Line connections or part-time dial connections to home office Solutions: VPNs provide 24-hour ease-of-use connectivity via inexpensive Internet links 3. Internet1 to Internet 2 and Internet1 to Internet 3 Issue: Set-up/operational cost prohibitively high for smaller business partners; geographic limitations Solutions: VPNs provide global, secure, cost-effective, end-to-end inter-company communication via Internet Vinay@
Network Access Control Network access control, solutions support network visibility and access management through policy enforcement on devices and users of corporate networks ------------------------------------------------------------------- A NAC system can deny network access to noncompliant devices, place them in a quarantined area, or give them only restricted access to computing resources, thus keeping insecure nodes from infecting the network. Network Access Control Vinay@
Network Access Control Support enterprises implement policies for controlling devices and user access to their networks. NAC can set policies for resource, role, device and location-based access and enforce security compliance with security and patch management policies, among other controls. Network Access Control Vinay@
NAC following capabilities Policy lifecycle management: Enforces policies for all operating scenarios without requiring separate products or additional modules. Profiling and visibility: Recognizes and profiles users and their devices before malicious code can cause damage. Guest networking access: Manage guests through a customizable, self-service portal that includes guest registration, guest authentication, guest sponsoring, and a guest management portal. Security posture check: Evaluates security-policy compliance by user type, device type, and operating system. Incidence response: Mitigates network threats by enforcing security policies that block, isolate, and repair noncompliant machines without administrator attention. Bidirectional integration: Integrate with other security and network solutions through the open/RESTful API. Vinay@
capabilities NAC v Dedicated policy management to define and administer security configuration requirements, and specify the access control actions for compliant and noncompliant endpoints v Ability to conduct a security state baseline for any endpoint attempting to connect and determine the suitable level of access v Access control so you can block, quarantine or grant varying degrees of access. v The ability to manage guest access v A profiling engine to discover, identify and monitor endpoints v Some method of easy integration with other security applications and components Vinay@
NCA For Guest Whether accounting for contractors, visitors, or partners, organizations use NAC solutions to make sure that non-employees have access privileges to the network that are separate from those of employees. Vinay@
NAC VIEW Network Access Control (NAC) is an industry-standard term used to describe methods and tools that selectively allow only authorized users, devices and applications to gain access to resources on the network. NAC is considered an important first line of security as it can dynamically provision the network and the access provided based on a number of administrator controlled factors. The Access Control diagram highlights the components of an access control solution. First and foremost, resources and access should be provisioned for authenticated users to provide them the appropriate access to accomplish their work without extending access unnecessarily. The organization may also want to extend guest access that allows users to reach the internet and external resources without compromising security. Many organizations also want a check of endpoint health before allowing users to access the network and potentially spread malware. Should these trusted users have a problem, they can be routed to a remediation network to address the issue. Lastly, the solution should have a management, reporting and verification component to insure compliance and appropriate operation. Vinay@
Access Control Vinay@
Basic Network Access Control list service Vinay@
Any ? Queries Vinay@

Recommended

Network access control (nac)
Network access control (nac)Network access control (nac)
Network access control (nac)
cyberlocke
 
Network Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsNetwork Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsIncheon Park
 
Presentacion nac
Presentacion nacPresentacion nac
Presentacion nac
Adriana Cardona
 
Network Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionNetwork Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionConor Ryan
 
Segmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the UglySegmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the Ugly
AlgoSec
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentation
Rasool Irfan
 
What is NAC
What is NACWhat is NAC
What is NACIsrael Marcus
 
en_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityen_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityBrian Kesecker
 

Recommended

Network access control (nac)
Network access control (nac)Network access control (nac)
Network access control (nac)
cyberlocke
 
Network Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsNetwork Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsIncheon Park
 
Presentacion nac
Presentacion nacPresentacion nac
Presentacion nac
Adriana Cardona
 
Network Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionNetwork Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionConor Ryan
 
Segmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the UglySegmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the Ugly
AlgoSec
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentation
Rasool Irfan
 
What is NAC
What is NACWhat is NAC
What is NACIsrael Marcus
 
en_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityen_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityBrian Kesecker
 
Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefits
Anthony Daniel
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
ColorTokens Inc
 
Datasheet over privileged_users
Datasheet over privileged_usersDatasheet over privileged_users
Datasheet over privileged_users
Cristian Garcia G.
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architecture
ijsrd.com
 
Wifi
WifiWifi
Wifinil65
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
jwpiccininni
 
cisco security training
cisco security trainingcisco security training
cisco security training
qosnetworking
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?
Mir Mustafa Ali
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
Anthony Daniel
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
Nac market
Nac marketNac market
Nac market
Sumit Bhat
 
NetGains Infrastructure Security
NetGains Infrastructure SecurityNetGains Infrastructure Security
NetGains Infrastructure Security
NetGains Technologies Pvt. Ltd.
 
DNS based distributed firewall
DNS based distributed firewallDNS based distributed firewall
DNS based distributed firewall
Kiran Vemuri
 
Virtual private network feature and benefits
Virtual private network feature and benefitsVirtual private network feature and benefits
Virtual private network feature and benefits
Anthony Daniel
 
Secure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your Data
Great Wide Open
 
Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security Control
Aruj Thirawat
 
The how and why of patch management by N-able
The how and why of patch management by N-able The how and why of patch management by N-able
The how and why of patch management by N-able
Solarwinds N-able
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined Perimeter
Vishwas Manral
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
DLT Solutions
 
Chapter 6 Presentation
Chapter 6 PresentationChapter 6 Presentation
Chapter 6 Presentation
Amy McMullin
 
Ch11 Vpn
Ch11 VpnCh11 Vpn
Ch11 Vpnphanleson
 
The Virtual Private Network
The Virtual Private NetworkThe Virtual Private Network
The Virtual Private NetworkAbhinav Dwivedi
 

More Related Content

What's hot

Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefits
Anthony Daniel
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
ColorTokens Inc
 
Datasheet over privileged_users
Datasheet over privileged_usersDatasheet over privileged_users
Datasheet over privileged_users
Cristian Garcia G.
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architecture
ijsrd.com
 
Wifi
WifiWifi
Wifinil65
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
jwpiccininni
 
cisco security training
cisco security trainingcisco security training
cisco security training
qosnetworking
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?
Mir Mustafa Ali
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
Anthony Daniel
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
Nac market
Nac marketNac market
Nac market
Sumit Bhat
 
NetGains Infrastructure Security
NetGains Infrastructure SecurityNetGains Infrastructure Security
NetGains Infrastructure Security
NetGains Technologies Pvt. Ltd.
 
DNS based distributed firewall
DNS based distributed firewallDNS based distributed firewall
DNS based distributed firewall
Kiran Vemuri
 
Virtual private network feature and benefits
Virtual private network feature and benefitsVirtual private network feature and benefits
Virtual private network feature and benefits
Anthony Daniel
 
Secure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your Data
Great Wide Open
 
Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security Control
Aruj Thirawat
 
The how and why of patch management by N-able
The how and why of patch management by N-able The how and why of patch management by N-able
The how and why of patch management by N-able
Solarwinds N-able
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined Perimeter
Vishwas Manral
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
DLT Solutions
 
Chapter 6 Presentation
Chapter 6 PresentationChapter 6 Presentation
Chapter 6 Presentation
Amy McMullin
 

What's hot (20)

Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefits
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
 
Datasheet over privileged_users
Datasheet over privileged_usersDatasheet over privileged_users
Datasheet over privileged_users
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architecture
 
Wifi
WifiWifi
Wifi
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
 
cisco security training
cisco security trainingcisco security training
cisco security training
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
Nac market
Nac marketNac market
Nac market
 
NetGains Infrastructure Security
NetGains Infrastructure SecurityNetGains Infrastructure Security
NetGains Infrastructure Security
 
DNS based distributed firewall
DNS based distributed firewallDNS based distributed firewall
DNS based distributed firewall
 
Virtual private network feature and benefits
Virtual private network feature and benefitsVirtual private network feature and benefits
Virtual private network feature and benefits
 
Secure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your Data
 
Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security Control
 
The how and why of patch management by N-able
The how and why of patch management by N-able The how and why of patch management by N-able
The how and why of patch management by N-able
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined Perimeter
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
 
Chapter 6 Presentation
Chapter 6 PresentationChapter 6 Presentation
Chapter 6 Presentation
 

Similar to Virtual private network

The Virtual Private Network
The Virtual Private NetworkThe Virtual Private Network
The Virtual Private NetworkAbhinav Dwivedi
 
Implementing vpn using direct access technology
Implementing vpn using direct access technologyImplementing vpn using direct access technology
Implementing vpn using direct access technology
ferasfarag
 
Authentic Assessment Project (AAP) Jan 2017Background Informat.docx
Authentic Assessment Project (AAP) Jan 2017Background Informat.docxAuthentic Assessment Project (AAP) Jan 2017Background Informat.docx
Authentic Assessment Project (AAP) Jan 2017Background Informat.docx
rock73
 
Background Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docxBackground Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docx
ikirkton
 
Vpn alternative whitepaper
Vpn alternative whitepaperVpn alternative whitepaper
Vpn alternative whitepaper
Cristian Garcia G.
 
Lan Virtual Networks
Lan Virtual NetworksLan Virtual Networks
Lan Virtual Networks
Nicole Gomez
 
WWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docxWWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docx
ericbrooks84875
 
my presentation on vpn
my presentation on vpnmy presentation on vpn
my presentation on vpnjadeja dhanraj
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRajan Kumar
 
Describe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docxDescribe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docx
earleanp
 
2010fall ch31 naymka
2010fall ch31 naymka2010fall ch31 naymka
2010fall ch31 naymka
Bayarmaa GBayarmaa
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
Richa Singh
 
Buildvpn1.pdf
Buildvpn1.pdfBuildvpn1.pdf
Buildvpn1.pdf
NarcisIlie1
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Honeywell
 
Comparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdfComparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdf
ImamBahrudin5
 

Similar to Virtual private network (20)

Ch11 Vpn
Ch11 VpnCh11 Vpn
Ch11 Vpn
 
The Virtual Private Network
The Virtual Private NetworkThe Virtual Private Network
The Virtual Private Network
 
Implementing vpn using direct access technology
Implementing vpn using direct access technologyImplementing vpn using direct access technology
Implementing vpn using direct access technology
 
Authentic Assessment Project (AAP) Jan 2017Background Informat.docx
Authentic Assessment Project (AAP) Jan 2017Background Informat.docxAuthentic Assessment Project (AAP) Jan 2017Background Informat.docx
Authentic Assessment Project (AAP) Jan 2017Background Informat.docx
 
The vpn
The vpnThe vpn
The vpn
 
Background Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docxBackground Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docx
 
Vpn alternative whitepaper
Vpn alternative whitepaperVpn alternative whitepaper
Vpn alternative whitepaper
 
Lan Virtual Networks
Lan Virtual NetworksLan Virtual Networks
Lan Virtual Networks
 
WWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docxWWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docx
 
All About VPN
All About VPNAll About VPN
All About VPN
 
my presentation on vpn
my presentation on vpnmy presentation on vpn
my presentation on vpn
 
Allaboutvpn
AllaboutvpnAllaboutvpn
Allaboutvpn
 
Shradhamaheshwari vpn
Shradhamaheshwari vpnShradhamaheshwari vpn
Shradhamaheshwari vpn
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Describe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docxDescribe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docx
 
2010fall ch31 naymka
2010fall ch31 naymka2010fall ch31 naymka
2010fall ch31 naymka
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Buildvpn1.pdf
Buildvpn1.pdfBuildvpn1.pdf
Buildvpn1.pdf
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
 
Comparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdfComparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdf
 

Recently uploaded

Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 

Recently uploaded (20)

Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 

Virtual private network

  • 1. Fundamentals Of Virtual Private Network & Network Access Control Vinay@
  • 2. • Virtual Private Network • Network Access Control INDEX/ Vinay@
  • 3. A VPN is an extension of an enterprise's private intranet, across a public network (Ex:Internet), through the creation of a secure, authenticated and encrypted "tunnel" Virtual Private Network Vinay@
  • 4. The two endpoints in deevice VPN are referred to as: • Local - First endpoint is the local machine itself. • Remote - Second endpoint is the remote peer - the machine you are trying to establish a VPN connection to, or the machine which is trying to establish a VPN connection with you. Virtual Private Network Note:VPN allows you to configure required IPsec, L2TP, PPTP and SSL VPN connections and connections with a ANY VPN Client Protocols:Internet Protocol Security (IPsec),Layer Two Tunneling Protocol (L2TP) Point-to-Point Tunneling Protocol (PPTP),Secure Socket Layer (SSL) Vinay@
  • 5. Internet Virtual Private Network Remote Access Intranet 1 Intranet 3 Intranet 2 Secure-tunnel Vinay@
  • 6. VPN ØEasy, secure access to enterprise networks and resources:Remote users and remote locations can access required information whenever they need to and from wherever they are ØInternet access is available worldwide, where other forms of connectivity may be either not available or may be more expensive Vinay@
  • 7. Types VPN Connections • Remote Access – This type of VPN is a user-to-internal network connection via a public or shared network. Many large companies have employees that need to connect to the internal network from the field. These field agents access the internal network by using remote computers and laptops without a static IP address. • Site to Site – A Site to Site VPN connects an entire network (such as a LAN or WAN) to a remote network via a network-to-network connection. A network-to-network connection requires routers on each side of the connecting networks to transparently process and route information from one node on a local LAN to another node on a remote LAN. • Host to Host – Host to Host VPN connects one desktop or workstation to another station by way of a host-to-host connection. This type of connection uses the network to which each host is connected to create a secure tunnel between the two. Vinay@
  • 11. VPN Case Study Ex: 1. Remote Access Scenario Issue : High administrative workload cost, expensive 800 or long distance costs Solutions: VPNs exploit world-wide ISP reach and lower connectivity and administrative costs 2. Internet1 to Internet 2 Connection Scenario Issue: Expensive Leased Line connections or part-time dial connections to home office Solutions: VPNs provide 24-hour ease-of-use connectivity via inexpensive Internet links 3. Internet1 to Internet 2 and Internet1 to Internet 3 Issue: Set-up/operational cost prohibitively high for smaller business partners; geographic limitations Solutions: VPNs provide global, secure, cost-effective, end-to-end inter-company communication via Internet Vinay@
  • 12. Network Access Control Network access control, solutions support network visibility and access management through policy enforcement on devices and users of corporate networks ------------------------------------------------------------------- A NAC system can deny network access to noncompliant devices, place them in a quarantined area, or give them only restricted access to computing resources, thus keeping insecure nodes from infecting the network. Network Access Control Vinay@
  • 13. Network Access Control Support enterprises implement policies for controlling devices and user access to their networks. NAC can set policies for resource, role, device and location-based access and enforce security compliance with security and patch management policies, among other controls. Network Access Control Vinay@
  • 14. NAC following capabilities Policy lifecycle management: Enforces policies for all operating scenarios without requiring separate products or additional modules. Profiling and visibility: Recognizes and profiles users and their devices before malicious code can cause damage. Guest networking access: Manage guests through a customizable, self-service portal that includes guest registration, guest authentication, guest sponsoring, and a guest management portal. Security posture check: Evaluates security-policy compliance by user type, device type, and operating system. Incidence response: Mitigates network threats by enforcing security policies that block, isolate, and repair noncompliant machines without administrator attention. Bidirectional integration: Integrate with other security and network solutions through the open/RESTful API. Vinay@
  • 15. capabilities NAC v Dedicated policy management to define and administer security configuration requirements, and specify the access control actions for compliant and noncompliant endpoints v Ability to conduct a security state baseline for any endpoint attempting to connect and determine the suitable level of access v Access control so you can block, quarantine or grant varying degrees of access. v The ability to manage guest access v A profiling engine to discover, identify and monitor endpoints v Some method of easy integration with other security applications and components Vinay@
  • 16. NCA For Guest Whether accounting for contractors, visitors, or partners, organizations use NAC solutions to make sure that non-employees have access privileges to the network that are separate from those of employees. Vinay@
  • 17. NAC VIEW Network Access Control (NAC) is an industry-standard term used to describe methods and tools that selectively allow only authorized users, devices and applications to gain access to resources on the network. NAC is considered an important first line of security as it can dynamically provision the network and the access provided based on a number of administrator controlled factors. The Access Control diagram highlights the components of an access control solution. First and foremost, resources and access should be provisioned for authenticated users to provide them the appropriate access to accomplish their work without extending access unnecessarily. The organization may also want to extend guest access that allows users to reach the internet and external resources without compromising security. Many organizations also want a check of endpoint health before allowing users to access the network and potentially spread malware. Should these trusted users have a problem, they can be routed to a remediation network to address the issue. Lastly, the solution should have a management, reporting and verification component to insure compliance and appropriate operation. Vinay@
  • 19. Basic Network Access Control list service Vinay@