This document discusses virtual private networks (VPNs) and network access control (NAC). It defines VPNs as creating a secure "tunnel" across a public network like the internet to extend a private network. The two endpoints are the local and remote machines. NAC systems enforce network access policies to control which devices and users can access the network, placing non-compliant devices in quarantine if needed. NAC capabilities include policy management, profiling devices, guest networking access, security checks, and integration with other security systems.
3. A VPN is an extension of an enterprise's private intranet,
across a public network (Ex:Internet), through the creation
of a secure, authenticated and encrypted "tunnel"
Virtual
Private
Network
Vinay@
4. The two endpoints in deevice VPN are referred to as:
• Local - First endpoint is the local machine itself.
• Remote - Second endpoint is the remote peer - the
machine you are trying to establish a VPN connection to, or
the machine which is trying to establish a VPN connection
with you.
Virtual
Private
Network Note:VPN allows you to configure required IPsec, L2TP, PPTP and SSL VPN
connections and connections with a ANY VPN Client
Protocols:Internet Protocol Security (IPsec),Layer Two Tunneling Protocol (L2TP)
Point-to-Point Tunneling Protocol (PPTP),Secure Socket Layer (SSL)
Vinay@
6. VPN
ØEasy, secure access to enterprise networks and resources:Remote users and
remote locations can access required information whenever they need to
and from wherever they are
ØInternet access is available worldwide, where other forms of connectivity
may be either not available or may be more expensive
Vinay@
7. Types VPN Connections
• Remote Access – This type of VPN is a user-to-internal network connection via a public or shared
network. Many large companies have employees that need to connect to the internal network from the
field. These field agents access the internal network by using remote computers and laptops without a
static IP address.
• Site to Site – A Site to Site VPN connects an entire network (such as a LAN or WAN) to a remote network
via a network-to-network connection. A network-to-network connection requires routers on each side of
the connecting networks to transparently process and route information from one node on a local LAN to
another node on a remote LAN.
• Host to Host – Host to Host VPN connects one desktop or workstation to another station by way of a
host-to-host connection. This type of connection uses the network to which each host is connected to
create a secure tunnel between the two.
Vinay@
11. VPN Case Study Ex:
1. Remote Access Scenario
Issue : High administrative workload cost, expensive 800 or long distance costs
Solutions: VPNs exploit world-wide ISP reach and lower connectivity and administrative costs
2. Internet1 to Internet 2 Connection Scenario
Issue: Expensive Leased Line connections or part-time dial connections to home office
Solutions: VPNs provide 24-hour ease-of-use connectivity via inexpensive Internet links
3. Internet1 to Internet 2 and Internet1 to Internet 3
Issue: Set-up/operational cost prohibitively high for smaller business partners; geographic
limitations
Solutions: VPNs provide global, secure, cost-effective, end-to-end inter-company communication
via Internet
Vinay@
12. Network Access Control
Network access control, solutions support network
visibility and access management through policy
enforcement on devices and users of corporate networks
-------------------------------------------------------------------
A NAC system can deny network access to noncompliant
devices, place them in a quarantined area, or give them only
restricted access to computing resources, thus keeping
insecure nodes from infecting the network.
Network
Access
Control
Vinay@
13. Network Access Control
Support enterprises implement policies for controlling
devices and user access to their networks. NAC can set
policies for resource, role, device and location-based access
and enforce security compliance with security and patch
management policies, among other controls.
Network
Access
Control
Vinay@
14. NAC following capabilities
Policy lifecycle management: Enforces policies for all operating scenarios without requiring separate
products or additional modules.
Profiling and visibility: Recognizes and profiles users and their devices before malicious code can
cause damage.
Guest networking access: Manage guests through a customizable, self-service portal that includes
guest registration, guest authentication, guest sponsoring, and a guest management portal.
Security posture check: Evaluates security-policy compliance by user type, device type, and operating
system.
Incidence response: Mitigates network threats by enforcing security policies that block, isolate, and
repair noncompliant machines without administrator attention.
Bidirectional integration: Integrate with other security and network solutions through the
open/RESTful API.
Vinay@
15. capabilities NAC
v Dedicated policy management to define and administer security configuration requirements, and
specify the access control actions for compliant and noncompliant endpoints
v Ability to conduct a security state baseline for any endpoint attempting to connect and determine
the suitable level of access
v Access control so you can block, quarantine or grant varying degrees of access.
v The ability to manage guest access
v A profiling engine to discover, identify and monitor endpoints
v Some method of easy integration with other security applications and components
Vinay@
16. NCA For Guest
Whether accounting for contractors, visitors, or partners,
organizations use NAC solutions to make sure that non-employees
have access privileges to the network that are separate from those of
employees.
Vinay@
17. NAC VIEW
Network Access Control (NAC) is an industry-standard term used to describe methods and tools that selectively allow
only authorized users, devices and applications to gain access to resources on the network. NAC is considered an
important first line of security as it can dynamically provision the network and the access provided based on a number
of administrator controlled factors.
The Access Control diagram highlights the components of an access control solution. First and foremost, resources and
access should be provisioned for authenticated users to provide them the appropriate access to accomplish their work
without extending access unnecessarily. The organization may also want to extend guest access that allows users to
reach the internet and external resources without compromising security. Many organizations also want a check of
endpoint health before allowing users to access the network and potentially spread malware. Should these trusted
users have a problem, they can be routed to a remediation network to address the issue. Lastly, the solution should
have a management, reporting and verification component to insure compliance and appropriate operation.
Vinay@