SSL VPN A look at UCD through the tunnel
|
|
- Victor O’Connor’
- 8 years ago
- Views:
Transcription
1 SSL VPN A look at UCD through the tunnel
2 Background Why? Who is it for?
3 Stakeholders IET Library Schools and Colleges
4 Key Requirements Integrate with existing authentication Flexible security groups within system Enforce Network Admission Control Split Tunnel services Granular Administration Browser Support Monitoring and Logging Scalable 24/7/365 operation
5 Timeline VPN Workgroup Established Law School Pilot SSL VPN Live for Library 3-06 Workgroup Recommends SSL-VPN 3-07 VPN Project Team Law School becomes 1 st IVS
6 The Solution Juniper SA-6000 High Availability Cluster
7 Juniper SSL VPN What is it? How does it work? The Juniper Networks Instant Virtual Extranet (IVE) platform serves as the underlying hardware and hardened network operating system intermediates the data that flows between external users and your institutions internal resources. The UCD VPN infrastructure was constructed utilizing a two node Juniper Networks SA-6000 IVE cluster capable of providing secure access to institutional resources 24/7/365 even in the face of a catastrophic hardware failure. To diminish the attack surface area of departmental resources, the IVE intermediation process receives requests from the external authenticated users and makes requests to the internal resources on behalf of those users/workstations. This method of service provision adds a layer of protection to institutional resources not available via classic VPN service deployments. Access to the IVE solely requires that end users have only a Web browser that supports SSL, Sun Java runtime and an Internet connection.
8 Juniper Networks Host Checker and UCD Cyber Security Compliance The UC Davis Cyber Security program dictates that all workstations connecting to the University electronic communications network meet predefined security standards. To ensure that remote clients meet this mandate the Juniper SSL VPN offering was chosen due to its advanced platform agnostic workstation auditing capabilities, known as Host Checker. Architecture Within Host Checker The Juniper Networks Host Checker architecture is based on the TNC (Trusted Network Computing) open architecture for the acquisition and verification of client OS security metrics. The IVE utilizes client-side agents (IMC s) to interrogate and obtain antivirus, antispyware, patch management, firewall, and other configuration and security information. To ensure the integrity of information presented to Host Checker from the client side agents the IVE contains software modules (IMV s) which verify the client-side agent generated information thus ensuring that the metrics presented to Host Checker are accurate and unadulterated. Note: The Trusted Network Connect (TNC) is a subgroup of the Trusted Computing Group. For more information about IMVs and IMCs, see
9 Remote Access Features Secure Application Manager Windows version (WSAM) The Windows version of the Secure Application Manager is a Windows-based solution that enables you to secure traffic to individual client/server applications and application servers. Java version (JSAM) The Java version of the Secure Application Manager provides support for static TCP port client/server applications, including enhanced support for Microsoft MAPI, Lotus Notes, and Citrix NFuse. JSAM also provides NetBIOS support, which enables users to map drives to specified protected resources. File rewriting This feature enables access to NFS and SMB based file server shares for remote users. Mount points are displayed as links within User Home Page with all file system operations occurring with the security credentials of the authenticated user allowing existing file system ACLs to be used sans modification. Web rewriting This feature uses the VPN to intermediate traffic to Web-based applications and Web pages enabling remote users access to institutional web resources otherwise not accessible from off network clients.
10 Remote Access Features Telnet/SSH The Telnet/SSH option enables users to connect to internal servers in the clear using Telnet protocols or to communicate over an encrypted Secure Shell (SSH) session through a Web-based terminal session emulation. This feature supports the following applications and protocols: Network Protocols Supported network protocols include Telnet and SSH. Terminal Settings Supported terminal settings include VT100, VT320, and derivatives including screen buffers. Security Supported security mechanisms include Web/client security using SSL and host security (such as SSH if desired). Terminal Services Enables terminal emulation sessions on a Windows terminal server, Citrix NFuse server, or Citrix Metaframe server, providing for a more secure RDP session by intermediating the RDP traffic through the IVE SSL tunnel.
11 Remote Access Features Secure Meeting The IVE Secure Meeting applications allows users to securely schedule and hold online meetings between institutional and non institutional users. In meetings, users can share their desktops and applications with one another over a secure connection, allowing everyone in the meeting to instantaneously share data on-screen. Meeting attendees can also securely collaborate online by remote-controlling one another's desktops and through text chatting using a separate application window that does not interfere with the presentation. Network Connect The Network Connect option provides secure, SSL-based network-level remote access to all enterprise application resources using the IVE over port 443. When Network Connect runs, the client s machine effectively becomes a node on the remote (corporate) LAN and becomes invisible on the user s local LAN; the IVE appliance serves as the Domain Name Service (DNS) gateway for the client and knows nothing about the user s local LAN. This type of VPN is analogous to the more traditional VPN services such as PP-TP and IPSEC tunnels and is what most folks picture when they think of a VPN.
12 Resource based routing Split tunnel VPN Split Tunnel When split-tunneling is used, Network Connect modifies the default route on clients such that only traffic destined for institutional networks traverses the VPN tunnel. Traffic not destined for the institutional network will not enter the VPN tunnel. Single Tunnel A single tunnel VPN modifies the route on the client such that ALL traffic traverses the VPN tunnel regardless of destination. Spit Tunnel Benefits By ensuring that only traffic destined to specific departmental network resources traverses the VPN tunnel Net Connect more efficiently utilizes the intuitional networks infrastructure and decreases the attack surface area available to malicious traffic.
13 Split Tunnel VPN Graphical Representation
14 Access Control Shared or private, who has access to the VPN? Departments within an institution who participate with the SSL VPN service are granted their own Independent Virtual System (IVS) within the SA-6000 cluster. IVS systems are completely independent from one another with separate VPN-DMZ VLANs and external facing interfaces for client access. Within the IVS the Department IT Staff may construct separate ACL s to provision the amount and type of access granted to users based on a plethora of available criteria (authentication realm, Home Department (from LDAP), IT Staff defined groups, and more) Since the IVS s are independent of each other subscribing department IT Administrators are granted complete control of their IVS. This allows for the Department IT staff to custom tailor the device to their specific needs. What authentication mechanisms are available to the VPN IET CR supports the campus Kerberos directory for authentication via the campus Radius server Internal User Database. The IVS contains its own directory store for available for authentication. Microsoft Active Directory: Supports NTLM V1, NTLM v2, and MS Kerberos. Radius: Hosted via OSS platforms or Microsoft Windows Network Information Service (NIS/YP) for *nix based account authentication. LDAP: Supports LDAP and LDAPS for secure LDAP based authentication.
15 Access Control Delimiting access based on organizational lines. Departments within an academic institution can be vast in their complexity, IT resources must be flexible to meet the ever changing needs of the department. To meet this charge the SSL VPN has a very powerful ACL engine, allowing for Department Administrators to establish application and network profiles for end users based on organizational lines Roles: Admin Roles: Consist of ACL s to different Admin functions of the box. Basically there are two roles here, Admin and ReadOnlyAdmin. Admin has full control and can make changes within the IVE. Read only can view all areas within the Admin application but cannot make changes to the IVE. This allows senior level Support Staff to grant access to the Administration application to junior level Support Staff for the purposes of diagnostics without the ability to make possibly harmful changes to the IVE User Roles: Consist of ACL s and profiles for the various VPN applications within the IVE. Through the proper utilization of roles a Dept may delineate access to various resources across disparate networks based on department defined criteria Logging and Auditing: The IVE contains extensive diagnostic and logging features for the Dept Support Staff to resolve problems pertaining to Authentication, Role/Policy evaluation, and client side VPN applications. Client side logs capture entire sessions for every application available within the IVS. This grants administrators the data they need to solve any situation that may occur related to the VPN. In the situation where possible device problems are discovered these logs can be used by juniper support to furnish specific patches to resolve such occurrences. The IVS allows for the complete auditing and recording of client sessions to ensure accountability and forensic data for sensitive data situations. Lets look at an imaginary Department with a couple subsidiary units.
16 Ex. Access Control
17 Test Drive Now that we have explored the major aspects of the SSL VPN on paper lets take it for a test drive and see how it works in practice. Please feel free to stop me at any point if you have questions or would like an aspect explained in further detail I would also like to take this moment to thank you all for allowing me the opportunity to present the SSL-VPN service to you today. Thank you!
Requirements on terminals and network Telia Secure Remote User, TSRU (version 7.1 R4)
Requirements on terminals and network Telia Secure Remote User, TSRU (version 7.1 R4) Content Page Introduction 2 Platform support 2 Cross Platform support 2 Web and file browsing 2 Client-side Applets
More informationRequirements on terminals and network Telia Secure Remote User, TSRU (version 7.3 R6)
Requirements on terminals and network Telia Secure Remote User, TSRU (version 7.3 R6) Content Page Introduction 2 Platform support 2 Cross Platform support 2 Web and file browsing 2 Client-side Applets
More informationWhat s New in Juniper s SSL VPN Version 6.0
What s New in Juniper s SSL VPN Version 6.0 This application note describes the new features available in Version 6.0 of the Secure Access SSL VPN products. This document assumes familiarity with the Juniper
More informationJuniper SSL VPN Notes Page 1
Juniper SSL VPN Notes Page 1 The Juniper SSL VPN is a full-featured appliance using SSL protocol to allow remote computers to securely access our organization s resources with a standard browser. The types
More informationChapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding
Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN
More informationTo Configure Network Connect, We need to follow the steps below:
Network Connect Abstract: The Network Connect (NC) provides a clientless VPN user experience, serving as an additional remote access mechanism to corporate resources using an IVE appliance. This feature
More informationWhat s New in Juniper s IVE Platform Version 5.2. Highlights of this Release. What s New in IVE v5.2
What s New in Juniper s IVE Platform Version 5.2 This application note describes the new features available in Version 5.2 of the IVE platform for all Secure Access SSL VPN products. This document assumes
More informationNovell Access Manager SSL Virtual Private Network
White Paper www.novell.com Novell Access Manager SSL Virtual Private Network Access Control Policy Enforcement Compliance Assurance 2 Contents Novell SSL VPN... 4 Product Overview... 4 Identity Server...
More informationJava Secure Application Manager
Java Secure Application Manager How-to Introduction:...1 Overview:...1 Operation:...1 Example configuration:...2 JSAM Standard application support:...6 a) Citrix Web Interface for MetaFrame (NFuse Classic)...6
More informationWhat s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4
Page 1 Product Bulletin What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4 This document lists the new features available in Version 6.4 of the Secure Access SSL VPN product line. This
More informationSSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc.
SSL-TLS VPN 3.0 Certification Report For: Array Networks, Inc. Prepared by: ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA 17050 USA http://www.icsalabs.com SSL-TLS VPN 3.0 Certification
More informationThis chapter describes how to set up and manage VPN service in Mac OS X Server.
6 Working with VPN Service 6 This chapter describes how to set up and manage VPN service in Mac OS X Server. By configuring a Virtual Private Network (VPN) on your server you can give users a more secure
More informationSetting Up Scan to SMB on TaskALFA series MFP s.
Setting Up Scan to SMB on TaskALFA series MFP s. There are three steps necessary to set up a new Scan to SMB function button on the TaskALFA series color MFP. 1. A folder must be created on the PC and
More information70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network
70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network Course Number: 70 299 Length: 1 Day(s) Course Overview This course is part of the MCSA training.. Prerequisites
More informationRequirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module
Collax SSL VPN Howto This howto describes the easy configuration of a Collax server as SSL VPN gateway in order to enable external access to selected applications in the company network. Except for a common
More informationSecuring access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001
Securing access to Citrix applications using Citrix Secure Gateway and SafeWord PremierAccess App Note December 2001 DISCLAIMER: This White Paper contains Secure Computing Corporation product performance
More informationRemote Vendor Monitoring
` Remote Vendor Monitoring How to Record All Remote Access (via SSL VPN Gateway Sessions) An ObserveIT Whitepaper Daniel Petri March 2008 Copyright 2008 ObserveIT Ltd. 2 Table of Contents Executive Summary...
More informationMobile Admin Architecture
Mobile Admin Architecture Introduction Mobile Admin is an enterprise-ready IT Management solution that enables system administrators to monitor and manage their corporate IT infrastructure from a mobile
More informationSecuring Citrix with SSL VPN Technology
Securing Citrix with SSL VPN Technology An AEP Networks Solution Summary For years, Citrix Systems has dominated the server-based computing market as the solution of choice for application access across
More informationJuniper Networks Secure Access Release Notes
Juniper Networks Secure Access Release Notes IVE Platform Version 7.4R3 Build # 25351 This is an incremental release notes describing the changes made from 7.4R1 release to 7.4R3. The 7.4R1 GA release
More informationCNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions
CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions The objective of Implementing Citrix NetScaler 10.5 for App and Desktop Solutions is to provide the foundational concepts and skills
More informationVMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES
APPLICATION NOTE VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES Configuring Secure SSL VPN Access in a VMware Virtual Desktop Environment Copyright 2010, Juniper Networks, Inc. 1 Table
More informationACE Management Server Deployment Guide VMware ACE 2.0
Technical Note ACE Management Server Deployment Guide VMware ACE 2.0 This technical note provides guidelines for the deployment of VMware ACE Management Servers, including capacity planning and best practices.
More informationConfiguring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication
Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication This application note describes how to authenticate users on a Cisco ISA500 Series security appliance. It includes these
More informationF-Secure Messaging Security Gateway. Deployment Guide
F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4
More information"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary
Course Summary Description The objective of this course is to provide the foundational concepts and teach the skills necessary to implement, configure, secure and monitor a Citrix NetScaler system with
More informationSSL VPN Technology White Paper
SSL VPN Technology White Paper Keywords: SSL VPN, HTTPS, Web access, TCP access, IP access Abstract: SSL VPN is an emerging VPN technology based on HTTPS. This document describes its implementation and
More informationFundamentals of Windows Server 2008 Network and Applications Infrastructure
Fundamentals of Windows Server 2008 Network and Applications Infrastructure MOC6420 About this Course This five-day instructor-led course introduces students to network and applications infrastructure
More informationPRODUCT CATEGORY BROCHURE
PRODUCT CATEGORY BROCHURE SA Series SSL VPN Appliances Juniper Networks SA Series SSL VPN Appliances Lead the Market with Secure Remote Access Solutions That Meet the Needs of Organizations of Every Size
More informationVPNSCAN: Extending the Audit and Compliance Perimeter. Rob VandenBrink rvandenbrink@metafore.ca
VPNSCAN: Extending the Audit and Compliance Perimeter Rob VandenBrink rvandenbrink@metafore.ca Business Issue Most clients have a remote access or other governing policy that has one or more common restrictions
More informationSSL-Based Remote-Access VPN Solution
Cisco IOS SSL VPN SSL-Based Remote-Access VPN Solution Product Overview Cisco IOS SSL VPN is the first router-based solution offering Secure Sockets Layer (SSL) VPN remote-access connectivity integrated
More informationADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access
Policy Title: Remote Access Policy Type: Administrative Policy Number: ADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access Approval Date: 05/20/2014 Revised Responsible Office: Office of Information
More informationSonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity
SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria
More informationWindows Remote Access
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
More informationDoes your Citrix or Terminal Server environment have an Achilles heel?
CRYPTZONE WHITE PAPER Does your Citrix or Terminal Server environment have an Achilles heel? Moving away from IP-centric to role-based access controls to secure Citrix and Terminal Server user access cryptzone.com
More informationSymantec On-Demand Protection 2.6 Juniper IVE SSL VPN 5.2 Integration Guide
Symantec On-Demand Protection 2.6 Juniper IVE SSL VPN 5.2 Integration Guide Symantec On-Demand 2.6/Juniper IVE 5.2 SSL VPN Integration Guide ii Preface Copyright Information: Symantec Corporation Copyright
More informationS E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s
S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s During the period between November 2012 and March 2013, Symantec Consulting Services partnered with Bomgar to assess the security
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationCisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief
Guide Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief October 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 21 Contents
More informationPRODUCT CATEGORY BROCHURE. Juniper Networks SA Series
PRODUCT CATEGORY BROCHURE Juniper Networks SA Series SSL VPN Appliances Juniper Networks SA Series SSL VPN Appliances Lead the Market with Secure Remote Access Solutions That Meet the Needs of Organizations
More informationDEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services
DEPLOYMENT GUIDE Version 1.0 Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services Table of Contents Table of Contents Using the BIG-IP Edge Gateway for layered security and
More informationExam Questions SY0-401
Exam Questions SY0-401 CompTIA Security+ Certification http://www.2passeasy.com/dumps/sy0-401/ 1. A company has implemented PPTP as a VPN solution. Which of the following ports would need to be opened
More informationCommunication Ports Used by Citrix Technologies. April 2011 Version 1.5
Communication Ports Used by Citrix Technologies April 2011 Version 1.5 Overview Introduction This document provides an overview of ports that are used by Citrix components and must be considered as part
More informationCommunication ports used by Citrix Technologies. July 2011 Version 1.5
Communication ports used by Citrix Technologies July 2011 Version 1.5 Overview Introduction This document provides an overview of ports that are used by Citrix components and must be considered as part
More informationGet Success in Passing Your Certification Exam at first attempt!
Get Success in Passing Your Certification Exam at first attempt! Exam : 920-440 Title : nncde wireless lan Version : DEMO 1. A customer wants to access the Microsoft Outlook Web Access application through
More informationCitrix Access on SonicWALL SSL VPN
Citrix Access on SonicWALL SSL VPN Document Scope This document describes how to configure and use Citrix bookmarks to access Citrix through SonicWALL SSL VPN 5.0. It also includes information about configuring
More informationExecutive Summary and Purpose
ver,1.0 Hardening and Securing Opengear Devices Copyright Opengear Inc. 2013. All Rights Reserved. Information in this document is subject to change without notice and does not represent a commitment on
More information1Y0-250 Implementing Citrix NetScaler 10 for App and Desktop Solutions Practice Exam
1Y0-250 Implementing Citrix NetScaler 10 for App and Desktop Solutions Practice Exam Section 1: Assessing infrastructure needs for the NetScaler implementation 1.1 Task Description: Verify the objectives
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationCitrix Access Gateway
F E A T U R E S O V E R V I E W Citrix Access Gateway Citrix Access Gateway is a universal SSL VPN appliance that combines the best features of IPSec and typical SSL VPNs without the costly and cumbersome
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationCalifornia State Polytechnic University, Pomona. Desktop Security Standard and Guidelines
California State Polytechnic University, Pomona Desktop Security Standard and Guidelines Version 1.7 February 1, 2008 Table of Contents OVERVIEW...3 AUDIENCE...3 MINIMUM DESKTOP SECURITY STANDARD...3 ROLES
More informationDirectory and File Transfer Services. Chapter 7
Directory and File Transfer Services Chapter 7 Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP over traditional authentication systems Identify major
More informationImplementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure
Question Number (ID) : 1 (jaamsp_mngnwi-025) Lisa would like to configure five of her 15 Web servers, which are running Microsoft Windows Server 2003, Web Edition, to always receive specific IP addresses
More informationNetwork Access Control ProCurve and Microsoft NAP Integration
HP ProCurve Networking Network Access Control ProCurve and Microsoft NAP Integration Abstract...2 Foundation...3 Network Access Control basics...4 ProCurve Identity Driven Manager overview...5 Microsoft
More informationCompiled By: Chris Presland v1.0. 29 th September. Revision History Phil Underwood v1.1
Compiled By: Chris Presland v1.0 Date 29 th September Revision History Phil Underwood v1.1 This document describes how to integrate Checkpoint VPN with SecurEnvoy twofactor Authentication solution called
More informationCNS-207 - Implementing NetScaler 11.0 For App and Desktop Solutions
CNS-207 - Implementing NetScaler 11.0 For App and Desktop Solutions Overview The objective of this course is to provide the foundational concepts and teach the skills necessary to implement, configure,
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationHow To Authenticate An Ssl Vpn With Libap On A Safeprocess On A Libp Server On A Fortigate On A Pc Or Ipad On A Ipad Or Ipa On A Macbook Or Ipod On A Network
Authenticating SSL VPN users using LDAP This example illustrates how to configure a FortiGate to use LDAP authentication to authenticate remote SSL VPN users. With a properly configured LDAP server, user
More informationTable of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2
Table of Contents 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2 2 Features and Benefits 2-1 Key Features 2-1 Support for the Browser/Server Resource Access Model 2-1 Support for Client/Server
More informationSecure, Mobile Access to Corporate Email, Applications, and Intranet Resources
APPLICATION NOTE Juniper NETWORKS SSL VPN and Windows Mobile Secure, Mobile Access to Corporate Email, Applications, and Intranet Resources Table of Contents Introduction.........................................................................................
More informationSECURE ACCESS TO THE VIRTUAL DATA CENTER
SOLUTION BRIEF SECURE ACCESS TO THE VIRTUAL DATA CENTER Ensure that Remote Users Can Securely Access the Virtual Data Center s Virtual Desktops and Other Resources Challenge VDI is driving a unique need
More informationINTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN
INTEGRATION GUIDE IDENTIKEY Federation Server for Juniper SSL-VPN Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO
More informationWindows Server 2003 default services
Windows Server 2003 default services To view a description for a particular service, hover the mouse pointer over the service in the Name column. The descriptions included here are based on Microsoft documentation.
More informationA Guide to New Features in Propalms OneGate 4.0
A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationIntroduction to Endpoint Security
Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user
More informationNETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
More informationNETASQ MIGRATING FROM V8 TO V9
UTM Firewall version 9 NETASQ MIGRATING FROM V8 TO V9 Document version: 1.1 Reference: naentno_migration-v8-to-v9 INTRODUCTION 3 Upgrading on a production site... 3 Compatibility... 3 Requirements... 4
More informationPass Through Proxy. How-to. Overview:..1 Why PTP?...1
Pass Through Proxy How-to Overview:..1 Why PTP?...1 Via an SA port...1 Via external DNS resolution...1 Examples of Using Passthrough Proxy...2 Example configuration using virtual host name:...3 Example
More informationInformation Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100
Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Course Description: Introduction to Cybersecurity is designed to provide students the basic concepts and terminology
More informationCyber Essentials. Test Specification
Cyber Essentials Test Specification Contents Scope of the Audit...2 Assumptions...3 Success Criteria...3 External systems...4 Required tests...4 Test Details...4 Internal systems...7 Tester pre-requisites...8
More informationUsing a VPN with Niagara Systems. v0.3 6, July 2013
v0.3 6, July 2013 What is a VPN? Virtual Private Network or VPN is a mechanism to extend a private network across a public network such as the Internet. A VPN creates a point to point connection or tunnel
More informationApp Orchestration Setup Checklist
App Orchestration Setup Checklist This checklist is a convenient tool to help you plan and document your App Orchestration deployment. Use this checklist along with the Getting Started with Citrix App
More informationUnisys Internet Remote Support
white paper Unisys Internet Remote Support Systems & Technology, CMP-based Servers Introduction Remote Support is a method of connecting to remotely located systems for remote administration, real-time
More informationCisco IOS SSL VPN: Router-Based Remote Access for Employees and Partners
Cisco IOS SSL VPN: Router-Based Remote Access for Employees and Partners Product Overview Cisco IOS SSL VPN is the first router-based solution offering Secure Sockets Layer (SSL) VPN remote-access connectivity
More informationWindows Services. Support Windows and mixed-platform workgroups with high-performance, affordable network services. Features
Windows Services Support Windows and mixed-platform workgroups with high-performance, affordable network services. Features File and print services Integrated Samba 3 for native SMB/CIFS protocol support
More informationImplementation Guidelines. Dyna Pass. Wireless Secure Access
Implementation Guidelines Dyna Pass Wireless Secure Access Implementation Guidelines Implementation Guidelines Abstract This document describes implementations. Examples are based on different technologies
More informationEasy and secure application access from anywhere
Easy and secure application access from anywhere Citrix is the leading secure access solution for applications and desktops HDX SmartAccess Delivers simple and seamless secure access anywhere Data security
More informationHow To Connect To Bloomerg.Com With A Network Card From A Powerline To A Powerpoint Terminal On A Microsoft Powerbook (Powerline) On A Blackberry Or Ipnet (Powerbook) On An Ipnet Box On
Transport and Security Specification 15 July 2015 Version: 5.9 Contents Overview 3 Standard network requirements 3 Source and Destination Ports 3 Configuring the Connection Wizard 4 Private Bloomberg Network
More informationFamily Datasheet AEP Series A
Trusted Security Everywhere Family Datasheet AEP Series A Covering: Hardware Edition Virtual Edition Load Balancer AEP Networks, Inc. All rights reserved. Secure Application Access 2500. 4500. 6500. 8500
More informationExhibit B5b South Dakota. Vendor Questions COTS Software Set
Appendix C Vendor Questions Anything t Applicable should be marked NA. Vendor Questions COTS Software Set Infrastructure 1. Typically the State of South Dakota prefers to host all systems. In the event
More informationEnterprise Solution for Remote Desktop Services... 2. System Administration... 3. Server Management... 4. Server Management (Continued)...
CONTENTS Enterprise Solution for Remote Desktop Services... 2 System Administration... 3 Server Management... 4 Server Management (Continued)... 5 Application Management... 6 Application Management (Continued)...
More informationOVERVIEW OF TYPICAL WINDOWS SERVER ROLES
OVERVIEW OF TYPICAL WINDOWS SERVER ROLES Before you start Objectives: learn about common server roles which can be used in Windows environment. Prerequisites: no prerequisites. Key terms: network, server,
More informationSSL VPN Technical Primer
4500 Great America Parkway Santa Clara, CA 95054 USA 1-888-NETGEAR (638-4327) E-mail: info@netgear.com www.netgear.com SSL VPN Technical Primer Q U I C K G U I D E Today, small- and mid-sized businesses
More informationmsuite5 & mdesign Installation Prerequisites
CommonTime Limited msuite5 & mdesign Installation Prerequisites Administration considerations prior to installing msuite5 and mdesign. 7/7/2011 Version 2.4 Overview... 1 msuite version... 1 SQL credentials...
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationDeploying F5 with Microsoft Active Directory Federation Services
F5 Deployment Guide Deploying F5 with Microsoft Active Directory Federation Services This F5 deployment guide provides detailed information on how to deploy Microsoft Active Directory Federation Services
More informationSecurity. TestOut Modules 12.6 12.10
Security TestOut Modules 12.6 12.10 Authentication Authentication is the process of submitting and checking credentials to validate or prove user identity. 1. Username 2. Credentials Password Smart card
More informationDEPLOYMENT GUIDE. Deploying the BIG-IP LTM v9.x with Microsoft Windows Server 2008 Terminal Services
DEPLOYMENT GUIDE Deploying the BIG-IP LTM v9.x with Microsoft Windows Server 2008 Terminal Services Deploying the BIG-IP LTM system and Microsoft Windows Server 2008 Terminal Services Welcome to the BIG-IP
More informationBarracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK
Barracuda Networks Technical Documentation Barracuda SSL VPN Administrator s Guide Version 2.x RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks, Inc. www.barracuda.com v20-110511w-02-110915jc
More informationDeploy Remote Desktop Gateway on the AWS Cloud
Deploy Remote Desktop Gateway on the AWS Cloud Mike Pfeiffer April 2014 Last updated: May 2015 (revisions) Table of Contents Abstract... 3 Before You Get Started... 3 Three Ways to Use this Guide... 4
More informationUnderstanding VPN Technology Choices
Understanding VPN Technology Choices Presented by: Rob Pantazelos, Network Administrator Brown Rudnick, LLP The most current version of this presentation can be downloaded at: http://www.brownrudnick.com/nr/ilta2008_vpn.ppt
More informationRouter Security - Approaches and Techniques You Can Use Today
Router Security - Approaches and Techniques You Can Use Today Neal Ziring System and Network Attack Center Information Assurance Directorate National Security Agency 1 Introduction and Outline GOAL: Define
More informationTechnical White Paper
Instant APN Technical White Paper Introduction AccessMyLan Instant APN is a hosted service that provides access to a company network via an Access Point Name (APN) on the AT&T mobile network. Any device
More informationSophos UTM. Remote Access via PPTP. Configuring UTM and Client
Sophos UTM Remote Access via PPTP Configuring UTM and Client Product version: 9.000 Document date: Friday, January 11, 2013 The specifications and information in this document are subject to change without
More informationNetwork Security Guidelines. e-governance
Network Security Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationBarracuda Load Balancer Online Demo Guide
Barracuda Load Balancer Online Demo Guide Rev 1.3 October 04, 2012 Product Introduction The Barracuda Networks Load Balancer provides comprehensive IP load balancing capabilities to any IP-based application,
More information