SlideShare a Scribd company logo

Fundamentals of VPN and NAC

VINAY GATLA
VINAY GATLA

This document discusses virtual private networks (VPNs) and network access control (NAC). It defines VPNs as creating a secure "tunnel" across a public network like the internet to extend a private network. The two endpoints are the local and remote machines. NAC systems enforce network access policies to control which devices and users can access the network, placing non-compliant devices in quarantine if needed. NAC capabilities include policy management, profiling devices, guest networking access, security checks, and integration with other security systems.

Technology
1 of 20
Download to read offline
Fundamentals Of Virtual Private Network & Network Access Control Vinay@
• Virtual Private Network • Network Access Control INDEX/ Vinay@
A VPN is an extension of an enterprise's private intranet, across a public network (Ex:Internet), through the creation of a secure, authenticated and encrypted "tunnel" Virtual Private Network Vinay@
The two endpoints in deevice VPN are referred to as: • Local - First endpoint is the local machine itself. • Remote - Second endpoint is the remote peer - the machine you are trying to establish a VPN connection to, or the machine which is trying to establish a VPN connection with you. Virtual Private Network Note:VPN allows you to configure required IPsec, L2TP, PPTP and SSL VPN connections and connections with a ANY VPN Client Protocols:Internet Protocol Security (IPsec),Layer Two Tunneling Protocol (L2TP) Point-to-Point Tunneling Protocol (PPTP),Secure Socket Layer (SSL) Vinay@
Internet Virtual Private Network Remote Access Intranet 1 Intranet 3 Intranet 2 Secure-tunnel Vinay@
VPN ØEasy, secure access to enterprise networks and resources:Remote users and remote locations can access required information whenever they need to and from wherever they are ØInternet access is available worldwide, where other forms of connectivity may be either not available or may be more expensive Vinay@
Types VPN Connections • Remote Access – This type of VPN is a user-to-internal network connection via a public or shared network. Many large companies have employees that need to connect to the internal network from the field. These field agents access the internal network by using remote computers and laptops without a static IP address. • Site to Site – A Site to Site VPN connects an entire network (such as a LAN or WAN) to a remote network via a network-to-network connection. A network-to-network connection requires routers on each side of the connecting networks to transparently process and route information from one node on a local LAN to another node on a remote LAN. • Host to Host – Host to Host VPN connects one desktop or workstation to another station by way of a host-to-host connection. This type of connection uses the network to which each host is connected to create a secure tunnel between the two. Vinay@
Remote Access – Vinay@Vinay@
Site to Site Vinay@
host to host Vinay@
VPN Case Study Ex: 1. Remote Access Scenario Issue : High administrative workload cost, expensive 800 or long distance costs Solutions: VPNs exploit world-wide ISP reach and lower connectivity and administrative costs 2. Internet1 to Internet 2 Connection Scenario Issue: Expensive Leased Line connections or part-time dial connections to home office Solutions: VPNs provide 24-hour ease-of-use connectivity via inexpensive Internet links 3. Internet1 to Internet 2 and Internet1 to Internet 3 Issue: Set-up/operational cost prohibitively high for smaller business partners; geographic limitations Solutions: VPNs provide global, secure, cost-effective, end-to-end inter-company communication via Internet Vinay@
Network Access Control Network access control, solutions support network visibility and access management through policy enforcement on devices and users of corporate networks ------------------------------------------------------------------- A NAC system can deny network access to noncompliant devices, place them in a quarantined area, or give them only restricted access to computing resources, thus keeping insecure nodes from infecting the network. Network Access Control Vinay@
Network Access Control Support enterprises implement policies for controlling devices and user access to their networks. NAC can set policies for resource, role, device and location-based access and enforce security compliance with security and patch management policies, among other controls. Network Access Control Vinay@
NAC following capabilities Policy lifecycle management: Enforces policies for all operating scenarios without requiring separate products or additional modules. Profiling and visibility: Recognizes and profiles users and their devices before malicious code can cause damage. Guest networking access: Manage guests through a customizable, self-service portal that includes guest registration, guest authentication, guest sponsoring, and a guest management portal. Security posture check: Evaluates security-policy compliance by user type, device type, and operating system. Incidence response: Mitigates network threats by enforcing security policies that block, isolate, and repair noncompliant machines without administrator attention. Bidirectional integration: Integrate with other security and network solutions through the open/RESTful API. Vinay@
capabilities NAC v Dedicated policy management to define and administer security configuration requirements, and specify the access control actions for compliant and noncompliant endpoints v Ability to conduct a security state baseline for any endpoint attempting to connect and determine the suitable level of access v Access control so you can block, quarantine or grant varying degrees of access. v The ability to manage guest access v A profiling engine to discover, identify and monitor endpoints v Some method of easy integration with other security applications and components Vinay@
NCA For Guest Whether accounting for contractors, visitors, or partners, organizations use NAC solutions to make sure that non-employees have access privileges to the network that are separate from those of employees. Vinay@
NAC VIEW Network Access Control (NAC) is an industry-standard term used to describe methods and tools that selectively allow only authorized users, devices and applications to gain access to resources on the network. NAC is considered an important first line of security as it can dynamically provision the network and the access provided based on a number of administrator controlled factors. The Access Control diagram highlights the components of an access control solution. First and foremost, resources and access should be provisioned for authenticated users to provide them the appropriate access to accomplish their work without extending access unnecessarily. The organization may also want to extend guest access that allows users to reach the internet and external resources without compromising security. Many organizations also want a check of endpoint health before allowing users to access the network and potentially spread malware. Should these trusted users have a problem, they can be routed to a remediation network to address the issue. Lastly, the solution should have a management, reporting and verification component to insure compliance and appropriate operation. Vinay@
Access Control Vinay@
Basic Network Access Control list service Vinay@
Any ? Queries Vinay@

Recommended

Network access control (nac)
Network access control (nac)Network access control (nac)
Network access control (nac)cyberlocke
 
Network Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsNetwork Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsIncheon Park
 
Presentacion nac
Presentacion nacPresentacion nac
Presentacion nacAdriana Cardona
 
Network Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionNetwork Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionConor Ryan
 
Segmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the UglySegmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the UglyAlgoSec
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
What is NAC
What is NACWhat is NAC
What is NACIsrael Marcus
 
en_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityen_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityBrian Kesecker
 

Recommended

Network access control (nac)
Network access control (nac)Network access control (nac)
Network access control (nac)cyberlocke
 
Network Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsNetwork Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsIncheon Park
 
Presentacion nac
Presentacion nacPresentacion nac
Presentacion nacAdriana Cardona
 
Network Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionNetwork Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionConor Ryan
 
Segmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the UglySegmenting your Network for Security - The Good, the Bad and the Ugly
Segmenting your Network for Security - The Good, the Bad and the UglyAlgoSec
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
What is NAC
What is NACWhat is NAC
What is NACIsrael Marcus
 
en_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityen_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityBrian Kesecker
 
Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsAnthony Daniel
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsColorTokens Inc
 
Datasheet over privileged_users
Datasheet over privileged_usersDatasheet over privileged_users
Datasheet over privileged_usersCristian Garcia G.
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architectureijsrd.com
 
Wifi
WifiWifi
Wifinil65
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Controljwpiccininni
 
cisco security training
cisco security trainingcisco security training
cisco security trainingqosnetworking
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
Nac market
Nac marketNac market
Nac marketSumit Bhat
 
NetGains Infrastructure Security
NetGains Infrastructure SecurityNetGains Infrastructure Security
NetGains Infrastructure SecurityNetGains Technologies Pvt. Ltd.
 
DNS based distributed firewall
DNS based distributed firewallDNS based distributed firewall
DNS based distributed firewallKiran Vemuri
 
Virtual private network feature and benefits
Virtual private network feature and benefitsVirtual private network feature and benefits
Virtual private network feature and benefitsAnthony Daniel
 
Secure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataGreat Wide Open
 
Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlAruj Thirawat
 
The how and why of patch management by N-able
The how and why of patch management by N-able The how and why of patch management by N-able
The how and why of patch management by N-able Solarwinds N-able
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterVishwas Manral
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
 
Chapter 6 Presentation
Chapter 6 PresentationChapter 6 Presentation
Chapter 6 PresentationAmy McMullin
 
Ch11 Vpn
Ch11 VpnCh11 Vpn
Ch11 Vpnphanleson
 
The Virtual Private Network
The Virtual Private NetworkThe Virtual Private Network
The Virtual Private NetworkAbhinav Dwivedi
 

More Related Content

What's hot

Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsAnthony Daniel
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsColorTokens Inc
 
Datasheet over privileged_users
Datasheet over privileged_usersDatasheet over privileged_users
Datasheet over privileged_usersCristian Garcia G.
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architectureijsrd.com
 
Wifi
WifiWifi
Wifinil65
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Controljwpiccininni
 
cisco security training
cisco security trainingcisco security training
cisco security trainingqosnetworking
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
DNS based distributed firewall
DNS based distributed firewallDNS based distributed firewall
DNS based distributed firewallKiran Vemuri
 
Virtual private network feature and benefits
Virtual private network feature and benefitsVirtual private network feature and benefits
Virtual private network feature and benefitsAnthony Daniel
 
Secure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataGreat Wide Open
 
Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlAruj Thirawat
 
The how and why of patch management by N-able
The how and why of patch management by N-able The how and why of patch management by N-able
The how and why of patch management by N-able Solarwinds N-able
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterVishwas Manral
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
 
Chapter 6 Presentation
Chapter 6 PresentationChapter 6 Presentation
Chapter 6 PresentationAmy McMullin
 

What's hot (20)

Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefits
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
 
Datasheet over privileged_users
Datasheet over privileged_usersDatasheet over privileged_users
Datasheet over privileged_users
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architecture
 
Wifi
WifiWifi
Wifi
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
 
cisco security training
cisco security trainingcisco security training
cisco security training
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
Nac market
Nac marketNac market
Nac market
 
NetGains Infrastructure Security
NetGains Infrastructure SecurityNetGains Infrastructure Security
NetGains Infrastructure Security
 
DNS based distributed firewall
DNS based distributed firewallDNS based distributed firewall
DNS based distributed firewall
 
Virtual private network feature and benefits
Virtual private network feature and benefitsVirtual private network feature and benefits
Virtual private network feature and benefits
 
Secure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your Data
 
Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security Control
 
The how and why of patch management by N-able
The how and why of patch management by N-able The how and why of patch management by N-able
The how and why of patch management by N-able
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined Perimeter
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
 
Chapter 6 Presentation
Chapter 6 PresentationChapter 6 Presentation
Chapter 6 Presentation
 

Similar to Fundamentals of VPN and NAC

The Virtual Private Network
The Virtual Private NetworkThe Virtual Private Network
The Virtual Private NetworkAbhinav Dwivedi
 
Implementing vpn using direct access technology
Implementing vpn using direct access technologyImplementing vpn using direct access technology
Implementing vpn using direct access technologyferasfarag
 
Authentic Assessment Project (AAP) Jan 2017Background Informat.docx
Authentic Assessment Project (AAP) Jan 2017Background Informat.docxAuthentic Assessment Project (AAP) Jan 2017Background Informat.docx
Authentic Assessment Project (AAP) Jan 2017Background Informat.docxrock73
 
Background Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docxBackground Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docxikirkton
 
Lan Virtual Networks
Lan Virtual NetworksLan Virtual Networks
Lan Virtual NetworksNicole Gomez
 
WWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docxWWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docxericbrooks84875
 
my presentation on vpn
my presentation on vpnmy presentation on vpn
my presentation on vpnjadeja dhanraj
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRajan Kumar
 
Describe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docxDescribe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docxearleanp
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRicha Singh
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsHoneywell
 
Comparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdfComparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdfImamBahrudin5
 

Similar to Fundamentals of VPN and NAC (20)

Ch11 Vpn
Ch11 VpnCh11 Vpn
Ch11 Vpn
 
The Virtual Private Network
The Virtual Private NetworkThe Virtual Private Network
The Virtual Private Network
 
Implementing vpn using direct access technology
Implementing vpn using direct access technologyImplementing vpn using direct access technology
Implementing vpn using direct access technology
 
Authentic Assessment Project (AAP) Jan 2017Background Informat.docx
Authentic Assessment Project (AAP) Jan 2017Background Informat.docxAuthentic Assessment Project (AAP) Jan 2017Background Informat.docx
Authentic Assessment Project (AAP) Jan 2017Background Informat.docx
 
The vpn
The vpnThe vpn
The vpn
 
Background Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docxBackground Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docx
 
Vpn alternative whitepaper
Vpn alternative whitepaperVpn alternative whitepaper
Vpn alternative whitepaper
 
Lan Virtual Networks
Lan Virtual NetworksLan Virtual Networks
Lan Virtual Networks
 
WWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docxWWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docx
 
All About VPN
All About VPNAll About VPN
All About VPN
 
my presentation on vpn
my presentation on vpnmy presentation on vpn
my presentation on vpn
 
Allaboutvpn
AllaboutvpnAllaboutvpn
Allaboutvpn
 
Shradhamaheshwari vpn
Shradhamaheshwari vpnShradhamaheshwari vpn
Shradhamaheshwari vpn
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Describe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docxDescribe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docx
 
2010fall ch31 naymka
2010fall ch31 naymka2010fall ch31 naymka
2010fall ch31 naymka
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Buildvpn1.pdf
Buildvpn1.pdfBuildvpn1.pdf
Buildvpn1.pdf
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
 
Comparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdfComparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdf
 

Recently uploaded

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 

Recently uploaded (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 

Fundamentals of VPN and NAC

  • 1. Fundamentals Of Virtual Private Network & Network Access Control Vinay@
  • 2. • Virtual Private Network • Network Access Control INDEX/ Vinay@
  • 3. A VPN is an extension of an enterprise's private intranet, across a public network (Ex:Internet), through the creation of a secure, authenticated and encrypted "tunnel" Virtual Private Network Vinay@
  • 4. The two endpoints in deevice VPN are referred to as: • Local - First endpoint is the local machine itself. • Remote - Second endpoint is the remote peer - the machine you are trying to establish a VPN connection to, or the machine which is trying to establish a VPN connection with you. Virtual Private Network Note:VPN allows you to configure required IPsec, L2TP, PPTP and SSL VPN connections and connections with a ANY VPN Client Protocols:Internet Protocol Security (IPsec),Layer Two Tunneling Protocol (L2TP) Point-to-Point Tunneling Protocol (PPTP),Secure Socket Layer (SSL) Vinay@
  • 5. Internet Virtual Private Network Remote Access Intranet 1 Intranet 3 Intranet 2 Secure-tunnel Vinay@
  • 6. VPN ØEasy, secure access to enterprise networks and resources:Remote users and remote locations can access required information whenever they need to and from wherever they are ØInternet access is available worldwide, where other forms of connectivity may be either not available or may be more expensive Vinay@
  • 7. Types VPN Connections • Remote Access – This type of VPN is a user-to-internal network connection via a public or shared network. Many large companies have employees that need to connect to the internal network from the field. These field agents access the internal network by using remote computers and laptops without a static IP address. • Site to Site – A Site to Site VPN connects an entire network (such as a LAN or WAN) to a remote network via a network-to-network connection. A network-to-network connection requires routers on each side of the connecting networks to transparently process and route information from one node on a local LAN to another node on a remote LAN. • Host to Host – Host to Host VPN connects one desktop or workstation to another station by way of a host-to-host connection. This type of connection uses the network to which each host is connected to create a secure tunnel between the two. Vinay@
  • 11. VPN Case Study Ex: 1. Remote Access Scenario Issue : High administrative workload cost, expensive 800 or long distance costs Solutions: VPNs exploit world-wide ISP reach and lower connectivity and administrative costs 2. Internet1 to Internet 2 Connection Scenario Issue: Expensive Leased Line connections or part-time dial connections to home office Solutions: VPNs provide 24-hour ease-of-use connectivity via inexpensive Internet links 3. Internet1 to Internet 2 and Internet1 to Internet 3 Issue: Set-up/operational cost prohibitively high for smaller business partners; geographic limitations Solutions: VPNs provide global, secure, cost-effective, end-to-end inter-company communication via Internet Vinay@
  • 12. Network Access Control Network access control, solutions support network visibility and access management through policy enforcement on devices and users of corporate networks ------------------------------------------------------------------- A NAC system can deny network access to noncompliant devices, place them in a quarantined area, or give them only restricted access to computing resources, thus keeping insecure nodes from infecting the network. Network Access Control Vinay@
  • 13. Network Access Control Support enterprises implement policies for controlling devices and user access to their networks. NAC can set policies for resource, role, device and location-based access and enforce security compliance with security and patch management policies, among other controls. Network Access Control Vinay@
  • 14. NAC following capabilities Policy lifecycle management: Enforces policies for all operating scenarios without requiring separate products or additional modules. Profiling and visibility: Recognizes and profiles users and their devices before malicious code can cause damage. Guest networking access: Manage guests through a customizable, self-service portal that includes guest registration, guest authentication, guest sponsoring, and a guest management portal. Security posture check: Evaluates security-policy compliance by user type, device type, and operating system. Incidence response: Mitigates network threats by enforcing security policies that block, isolate, and repair noncompliant machines without administrator attention. Bidirectional integration: Integrate with other security and network solutions through the open/RESTful API. Vinay@
  • 15. capabilities NAC v Dedicated policy management to define and administer security configuration requirements, and specify the access control actions for compliant and noncompliant endpoints v Ability to conduct a security state baseline for any endpoint attempting to connect and determine the suitable level of access v Access control so you can block, quarantine or grant varying degrees of access. v The ability to manage guest access v A profiling engine to discover, identify and monitor endpoints v Some method of easy integration with other security applications and components Vinay@
  • 16. NCA For Guest Whether accounting for contractors, visitors, or partners, organizations use NAC solutions to make sure that non-employees have access privileges to the network that are separate from those of employees. Vinay@
  • 17. NAC VIEW Network Access Control (NAC) is an industry-standard term used to describe methods and tools that selectively allow only authorized users, devices and applications to gain access to resources on the network. NAC is considered an important first line of security as it can dynamically provision the network and the access provided based on a number of administrator controlled factors. The Access Control diagram highlights the components of an access control solution. First and foremost, resources and access should be provisioned for authenticated users to provide them the appropriate access to accomplish their work without extending access unnecessarily. The organization may also want to extend guest access that allows users to reach the internet and external resources without compromising security. Many organizations also want a check of endpoint health before allowing users to access the network and potentially spread malware. Should these trusted users have a problem, they can be routed to a remediation network to address the issue. Lastly, the solution should have a management, reporting and verification component to insure compliance and appropriate operation. Vinay@
  • 19. Basic Network Access Control list service Vinay@