Remote Vendor Monitoring

Save this PDF as:
Size: px
Start display at page:

Download "Remote Vendor Monitoring"

Transcription

1 ` Remote Vendor Monitoring How to Record All Remote Access (via SSL VPN Gateway Sessions) An ObserveIT Whitepaper Daniel Petri March 2008 Copyright 2008 ObserveIT Ltd.

2 2 Table of Contents Executive Summary... 2 The Need for Centralized Remote Access... 2 Establishing Remote Connections... 2 Securing the Remote Access Sessions... 3 Protecting the Internal Network... 4 Using Microsoft TS Gateway... 5 Monitoring User Activity... 5 Real Time Monitoring and Integration with Management Tools... 6 `User Identification... 7 Conclusion... 7 Benefits of this solution include:... 7 About ObserveIT... 7 Executive Summary In the following article, I will demonstrate how to Record Secure Remote Access SSL VPN Gateway Sessions, using Terminal Services/ in conjunction with ObserveIT. In this deployment, all secure remote access SSL VPN sessions are routed through one or more central remote access gateways, with secondary remote desktop sessions serving as the method to access internal Windows or UNIX servers and other network devices. All sessions through the Secure Remote Access SSL VPN Gateway are fully audited and recorded. This recorded session allows Auditors and IT managers to have a full visual audit trail of all secure remote accesses SSL VPN connections; identify the source of each secured remote access connection; and view a step-by-step replay of the actions taken and applications accessed on these machines. This whitepaper covers the following topics: 1. Setting up a Windows Terminal Gateway Server 2. Secure communication to the Gateway using SSL VPN Gateway 3. Audit, Alert and Replay all Recorded Sessions performed on the Gateways The Need for Centralized Remote Access In today's complex network and IT environments, more and more people need access to corporate servers, applications, databases and management tools. While trying to minimize human intervention with these critical services, IT managers need to consider how to allow the remote access and management of these services: Who to allow access; How to secure and audit access; How to record all actions that are performed on these servers. The continuous need to control budgets by decreasing operational costs and maintenance fees has led many large and medium corporations to using external consultants and outsourcing services while minimizing internal IT departments. Establishing Remote Connections In order to mitigate this risk, a leading approach to enabling remote connections is to create a secure

3 3 remote access deployment, in which all remote connections go through one or more terminal or citrix gateway servers. All vendors and remote administrators will initiate an remote desktop RDP/ICA Session to these servers, where they will be authenticated and, if authorized, granted access to either the entire desktop, or to a subset of published applications that are to be used for management purposes. Securing the Remote Access Sessions In order to add an additional layer of security to such connections, we will need to deploy some sort of remote access solution prior to the actual connection to the Terminal Server itself. Options for securing remote access include: IPSec, L2TP or PPTP-based VPN connections through Microsoft Windows Server 2003/2008 RRAS, by using Microsoft ISA Server, or by using leading 3rd-party solutions from vendors such as Cisco and Checkpoint SSL VPN connections by using appliances such as Juniper SSL VPN, Cisco SSL VPN, Check Point Connectra and others, or by using Microsoft Windows Server 2008 SSTP Microsoft Windows Server 2008 TS Gateway connections The first component of such a solution is the actual remote access mechanism. Here, we have a few options to consider. The decision on what remote access solution to chose is closely related to security concerns, corporate policy, budget and number of concurrent connections. Using regular RDP connections from the external world through your corporate Firewall is probably the easiest option to deploy. However, it is also the most unsecure method when compared to the other options. RDP packets travel across the Internet as regular packets, and unless the built-in encryption capabilities of Terminal Server are also employed, this will not provide adequate security for the connection. Furthermore, unless using some sort of remote access control mechanism (such as a Firewall that has authentication capabilities), the only barrier that will prevent a malicious user from entering the network is the Terminal Server Windows Authentication prompt. The benefits of using VPN-type remote access include the fact that the connection is strongly encrypted, adding extra security encapsulation to each packet. VPN enables the protection against unauthorized access because prior to gaining access to the actual remote management gateway, users are forced to authenticate themselves with their credentials or token, and only then they will be granted access to the gateway. On the other side, in most VPN products, an additional cost is

4 4 incurred because of the need to deploy VPN servers and extra authentication systems. Using SSL VPN adds the ability to use SSL-based encryption, which easily passes through most firewalls without the need to open specific ports. SSL VPN makes it easier for remote workers to connect because it usually does not involve any additional software installation on the client side, and is usually initiated from an easy-to-use web browser. This makes such connections ideal for usage on public computers such as the ones found in hotel lobbies and conference centers. It is worth noting that in most scenarios, SSL VPN is preferred for remote access to those applications that are browser-based (i.e., have a web-based user interface), while IPSec VPN will be used principally for site-to-site communications (rather than individual client remote access). Using the new SSTP capabilities of Microsoft Windows Server 2008 can help to further reduce costs associated with using 3rd-party solutions. computers might not be fully patched against security vulnerabilities, not have an up-to-date anti-virus product, or not have their personal firewall turned on. This raises many security issues especially when considering the fact that these computers might be using a VPN tunnel type of connection, which in fact is very much like actually connecting them to the corporate network. Furthermore, after successfully connecting to the corporate network, these computers might initiate a type of connection to internal resources that is out of scope for the type of required connection. In order to mitigate these risks there is need to implement a mechanism that will quarantine these computers until they provide proof of being fully patched and up-to-date. These types of quarantine systems can be achieved by using 3rd-party Network Admission Control (NAC) capabilities of VPN appliances such as those provided by Juniper, Check Point or Cisco, or by implementing the builtin Network Access Protection (NAP) found in Microsoft Windows Server In order to control exactly what type of traffic is passed through the VPN connection, there is need to either deploy smart appliances such as those provided by Check Point, Cisco, Juniper or Microsoft (with their IAG product), or to place an additional firewall behind the VPN server that will scan the un-encrypted inbound traffic. Protecting the Internal Network An additional issue that is brought up when discussing remote management scenarios is the concern of controlling what type of traffic can be passed through these VPN connections, and what type of remote computers can actually connect to the corporate network. Often, these un-managed

5 5 Using Microsoft TS Gateway In addition, using the new capabilities of Microsoft Windows Server 2008 TS Gateway provides further protection of RDP traffic by encapsulating it into SSL packets much like SSL VPN, but without the need to deploy special VPN servers. Monitoring User Activity In the scenario outlined above, all remote access connections are indeed secured, and only authorized personnel can connect to the corporate servers. The benefit of using the TS Gateway capabilities of Microsoft Windows Server 2008 is that remote users will only be granted access to the internal servers based upon a strict policy that can be enforced on the TS Gateway, and when combined with the NAP capabilities of the system, will only allow connection of computers that fully meet the security requirements set by the administrator. This scenario employs a number of components. These include the TS Gateway server, a firewall, one or more Domain Controllers, a NAP server and a Network Policy Server (NPS is Microsoft's implementation of a RADIUS server). The TS Gateway authenticates the client by collecting the user's credentials and checking them against the TS Gateway Remote Access Policy. It then authenticates against the Domain Controller and performs a security validation as required by the NAP server and its policies. Only when all checks are fully successful, it passes the RDP traffic inwards, towards the remote management gateway server. However, the question of knowing exactly what vendors do once connected remains unanswered. This leaves a gaping hole in the corporate security and compliance: Once vendors connect to the remote management gateway server, in theory they can perform other actions, including opening full Remote Desktop connections to other remote servers. A mechanism is needed that gives IT Managers the full confidence that comes with knowing exactly who connected, what they did while connected, and what applications or system tasks have been used or opened. Many server-based applications have varying degrees of built-in auditing or logging, including extended diagnostic logging. However, auditing and logging only show cryptic log traces, not actual human actions. Auditing and logging may be of use for debugging an error, but security and regulatory issues create a need for to know exactly what users are doing while logged onto the Terminal Servers. By using the recording and auditing capabilities of ObserveIT, IT Managers receive a clear and concise answer to these questions.

6 6 Built specifically for enterprise-wide deployments, ObserveIT gives full control and insight into the actions done by external vendors and specialists that were hired to perform a specific task, as well as by local IT personnel and power users. ObserveIT records all human activities on monitored servers, both with exact visual recording as well as with detailed metadata. Visual recording allows replaying of every user session and understanding of what exactly was performed on the monitored servers, who did it, and what applications where accessed. Real Time Monitoring and Integration with Management Tools By capturing metadata in addition to visual screenshots, ObserveIT provides an abundance of` information about what is seen on the screen, the user performing the action, the remote computer's name and IP, date, time, application executable name, windows title and more. All this information is stored alongside the screenshots, allowing flexible searching capabilities and enterprise-scale management, allowing rules-based searching without the need to replay screen-by-screen activity. Another feature of ObserveIT is its capability to also create textual log files for monitoring purposes. These files are stored on the server s hard disk, and can be parsed by 3rd-party tools such as Microsoft System Center Operation Manager 2007, generating events or alerts based upon information written in them. In the above deployment scenario, ObserveIT is deployed on each remote management Terminal Server. Built-in server-based policies are configured to trigger recording of all relevant activity performed by external vendors. ObserveIT configuration is also specified to only record the management applications that are published on the remote management Terminal Server.

7 7 User Identification ObserveIT's Identification Services are integrated with the Active Directory database. This service forces users to identify themselves before gaining access to a server desktop or published application. After completing the Windows logon process, the users will be prompted with the secondary ObserveIT logon window, where they will be forced to enter their own personal username and password. This allows us to distinguish specific users, even when logging in using a generic "Administrator" account. Benefits of this solution include: Accountability of all activities performed by a Service Organization Processes that link each system access to a identifiable individual user Reduced cost involved in generating Compliance Reports: Less effort, with faster turnaround time Unequivocal proof of user activity, guaranteeing authentication and nonrepudiation About ObserveIT ObserveIT is an innovator and leader in Terminal, Citrix and Console session recording, with solutions for Windows, Desktop and Virtual Machine environments. ObserveIT software visually records and replays all user sessions, providing detailed insight into all activities on the network. Conclusion Security and Regulatory issues force many IT Managers to seek a solution for vendors and external administrators access their networks remotely. By using a centralized remote management gateway approach, we achieve a more secure implementation for such remote access needs, and by integrating these solutions with ObserveIT, the recording of all human actions and management tasks is easy to collect and monitor. ObserveIT's advanced indexing capabilities, combined with video replay of screen activity, allows the IT Manager to keep a finger on the pulse of remote access activity, in accordance with security and regulatory requirements. Founded in 2006, ObserveIT has a worldwide customer base that spans many industry segments, including financial, insurance, healthcare, manufacturing, telecommunications, government and IT services.

Outgoing VDI Gateways:

Outgoing VDI Gateways: ` Outgoing VDI Gateways: Creating a Unified Outgoing Virtual Desktop Infrastructure with Windows Server 2008 R2 and ObserveIT Daniel Petri January 2010 Copyright 2010 ObserveIT Ltd. 2 Table of Contents

More information

Release Version 3 The 2X Software Server Based Computing Guide

Release Version 3 The 2X Software Server Based Computing Guide Release Version 3 The 2X Software Server Based Computing Guide Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless

More information

Chapter 1 The Principles of Auditing 1

Chapter 1 The Principles of Auditing 1 Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

Accessing the Media General SSL VPN

Accessing the Media General SSL VPN Launching Applications and Mapping Drives Remote Desktop Outlook Launching Web Applications Full Access VPN Note: To access the Media General VPN, anti-virus software must be installed and running on your

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

7.1. Remote Access Connection

7.1. Remote Access Connection 7.1. Remote Access Connection When a client uses a dial up connection, it connects to the remote access server across the telephone system. Windows client and server operating systems use the Point to

More information

Generate Reports About User Actions on Windows Servers

Generate Reports About User Actions on Windows Servers Generate Reports About User Actions on Windows Servers Whenever there is need to generate reports about what users have been doing on your servers, most administrators are left empty handed. This need

More information

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure Question Number (ID) : 1 (jaamsp_mngnwi-025) Lisa would like to configure five of her 15 Web servers, which are running Microsoft Windows Server 2003, Web Edition, to always receive specific IP addresses

More information

Module 6. Configuring and Troubleshooting Routing and Remote Access. Contents:

Module 6. Configuring and Troubleshooting Routing and Remote Access. Contents: Configuring and Troubleshooting Routing and Remote Access 6-1 Module 6 Configuring and Troubleshooting Routing and Remote Access Contents: Lesson 1: Configuring Network Access 6-3 Lesson 2: Configuring

More information

PCI Requirements Coverage Summary Table

PCI Requirements Coverage Summary Table StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2

More information

Release Version 4.1 The 2X Software Server Based Computing Guide

Release Version 4.1 The 2X Software Server Based Computing Guide Release Version 4.1 The 2X Software Server Based Computing Guide Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless

More information

Enterprise Solution for Remote Desktop Services... 2. System Administration... 3. Server Management... 4. Server Management (Continued)...

Enterprise Solution for Remote Desktop Services... 2. System Administration... 3. Server Management... 4. Server Management (Continued)... CONTENTS Enterprise Solution for Remote Desktop Services... 2 System Administration... 3 Server Management... 4 Server Management (Continued)... 5 Application Management... 6 Application Management (Continued)...

More information

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington

More information

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements: Compliance Brief The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements: Using Server Isolation and Encryption as a Regulatory Compliance Solution and IT Best Practice Introduction

More information

Security. TestOut Modules 12.6 12.10

Security. TestOut Modules 12.6 12.10 Security TestOut Modules 12.6 12.10 Authentication Authentication is the process of submitting and checking credentials to validate or prove user identity. 1. Username 2. Credentials Password Smart card

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

A Guide to New Features in Propalms OneGate 4.0

A Guide to New Features in Propalms OneGate 4.0 A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously

More information

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9 NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document

More information

SSL VPN A look at UCD through the tunnel

SSL VPN A look at UCD through the tunnel SSL VPN A look at UCD through the tunnel Background Why? Who is it for? Stakeholders IET Library Schools and Colleges Key Requirements Integrate with existing authentication Flexible security groups within

More information

Windows Remote Access

Windows Remote Access Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by

More information

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009 Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving

More information

Achieving PCI-Compliance through Cyberoam

Achieving PCI-Compliance through Cyberoam White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit

More information

This section provides a summary of using network location profiles to identify network connection types. Details include:

This section provides a summary of using network location profiles to identify network connection types. Details include: Module 7 Network Access and Security In Module 7 students will learn several strategies for controlling network access and enhancing network security. These will include: controlling network location profiles,

More information

Bring Your Own Device:

Bring Your Own Device: Bring Your Own Device: Finding the perfect balance between Security, Performance, Flexibility & Manageability SECURELINK WHITEPAPER 2012 By Frank Staut Management summary This white paper discusses some

More information

Endpoint Security VPN for Mac

Endpoint Security VPN for Mac Security VPN for Mac E75 Release Notes 8 April 2012 Classification: [Protected] 2012 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by

More information

Does your Citrix or Terminal Server environment have an Achilles heel?

Does your Citrix or Terminal Server environment have an Achilles heel? CRYPTZONE WHITE PAPER Does your Citrix or Terminal Server environment have an Achilles heel? Moving away from IP-centric to role-based access controls to secure Citrix and Terminal Server user access cryptzone.com

More information

Secure remote access to your applications and data. Secure Application Access

Secure remote access to your applications and data. Secure Application Access Secure Application Access Secure remote access to your applications and data Accops HySecure is an application access gateway that enables secure access to corporate applications, desktops and network

More information

Microsoft Windows Server System White Paper

Microsoft Windows Server System White Paper Introduction to Network Access Protection Microsoft Corporation Published: June 2004, Updated: May 2006 Abstract Network Access Protection, a platform for Microsoft Windows Server "Longhorn" (now in beta

More information

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security

More information

Using Entrust certificates with VPN

Using Entrust certificates with VPN Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark

More information

Achieving PCI Compliance Using F5 Products

Achieving PCI Compliance Using F5 Products Achieving PCI Compliance Using F5 Products Overview In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity

More information

MCTS Guide to Microsoft Windows 7. Chapter 14 Remote Access

MCTS Guide to Microsoft Windows 7. Chapter 14 Remote Access MCTS Guide to Microsoft Windows 7 Chapter 14 Remote Access Objectives Understand remote access and remote control features in Windows 7 Understand virtual private networking features in Windows 7 Describe

More information

Maximize your Remote Desktop Services

Maximize your Remote Desktop Services Maximize your Remote Desktop Services White paper Parallels An Overview of Remote Desktop Services Virtualization has added new issues to information technology. Today, businesses look not only at optimizing

More information

RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 18, 2006 Product Information Partner Name Microsoft Web Site http://www.microsoft.com/isaserver Product Name Internet

More information

Configuration Information

Configuration Information This chapter describes some basic Email Security Gateway configuration settings, some of which can be set in the first-time Configuration Wizard. Other topics covered include Email Security interface navigation,

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco Secure Access into Industrial Automation and Systems Industry Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Vendor offers a remote firmware update and PLC programming. Contractor asks

More information

Understanding VPN Technology Choices

Understanding VPN Technology Choices Understanding VPN Technology Choices Presented by: Rob Pantazelos, Network Administrator Brown Rudnick, LLP The most current version of this presentation can be downloaded at: http://www.brownrudnick.com/nr/ilta2008_vpn.ppt

More information

This chapter describes how to set up and manage VPN service in Mac OS X Server.

This chapter describes how to set up and manage VPN service in Mac OS X Server. 6 Working with VPN Service 6 This chapter describes how to set up and manage VPN service in Mac OS X Server. By configuring a Virtual Private Network (VPN) on your server you can give users a more secure

More information

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

ARCHITECT S GUIDE: Mobile Security Using TNC Technology ARCHITECT S GUIDE: Mobile Security Using TNC Technology December 0 Trusted Computing Group 855 SW 5rd Drive Beaverton, OR 97006 Tel (50) 69-056 Fax (50) 644-6708 admin@trustedcomputinggroup.org www.trustedcomputinggroup.org

More information

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions The objective of Implementing Citrix NetScaler 10.5 for App and Desktop Solutions is to provide the foundational concepts and skills

More information

Vendor Questionnaire

Vendor Questionnaire Instructions: This questionnaire was developed to assess the vendor s information security practices and standards. Please complete this form as completely as possible, answering yes or no, and explaining

More information

How to Logon with Domain Credentials to a Server in a Workgroup

How to Logon with Domain Credentials to a Server in a Workgroup How to Logon with Domain Credentials to a Server in a Workgroup Johan Loos johan@accessdenied.be Version 1.0 Authentication Overview Basically when you logon to a Windows Server you can logon locally using

More information

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

More information

Implementation Guidelines. Dyna Pass. Wireless Secure Access

Implementation Guidelines. Dyna Pass. Wireless Secure Access Implementation Guidelines Dyna Pass Wireless Secure Access Implementation Guidelines Implementation Guidelines Abstract This document describes implementations. Examples are based on different technologies

More information

2003, Rainbow Technologies, Inc.

2003, Rainbow Technologies, Inc. Expertise Corporate 25 Years of Security SMB to Fortune 30 Access Control 28 Million Hardware Keys 50% Token market share 6 Years of ikey Web Security 10 Years of SSL Secure > 50% of the Data NetSwift

More information

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining

More information

ISO 27001 COMPLIANCE WITH OBSERVEIT

ISO 27001 COMPLIANCE WITH OBSERVEIT ISO 27001 COMPLIANCE WITH OBSERVEIT OVERVIEW ISO/IEC 27001 is a framework of policies and procedures that include all legal, physical and technical controls involved in an organization s information risk

More information

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845

More information

SSL VPN Technical Primer

SSL VPN Technical Primer 4500 Great America Parkway Santa Clara, CA 95054 USA 1-888-NETGEAR (638-4327) E-mail: info@netgear.com www.netgear.com SSL VPN Technical Primer Q U I C K G U I D E Today, small- and mid-sized businesses

More information

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Deploying BitDefender Client Security and BitDefender Windows Server Solutions Deploying BitDefender Client Security and BitDefender Windows Server Solutions Quick Install Guide Copyright 2011 BitDefender 1. Installation Overview Thank you for selecting BitDefender Business Solutions

More information

Configuring Windows Server 2008 Network Infrastructure

Configuring Windows Server 2008 Network Infrastructure Configuring Windows Server 2008 Network Infrastructure Course Number: 70-642 Certification Exam This course is preparation for the Microsoft Technical Specialist (TS) exam, Exam 70-642: TS: Windows Server

More information

March 2012 www.tufin.com

March 2012 www.tufin.com SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...

More information

Microsoft Azure Configuration

Microsoft Azure Configuration Microsoft Azure Configuration Azure Setup for VNS3 2015 copyright 2015 1 Table of Contents Introduction 3 Create Azure Private VLAN 10 Launch VNS3 Image from Azure Marketplace 15 VNS3 Configuration Document

More information

Sage Abra HRMS. Abra HRMS Security Considerations

Sage Abra HRMS. Abra HRMS Security Considerations Sage Abra HRMS Abra HRMS Security Considerations August 2005 TABLE OF CONTENTS August 2005... 1 Introduction... 1 Abra Application Security Considerations... 1 Abra HRMS...1 Logon and Password Security...

More information

PROPALMS TSE 6.0 March 2008

PROPALMS TSE 6.0 March 2008 PROPALMS March 2008 An Analysis of and Terminal Services: Contents System Administration... 2 Server Management... 3 Application Management... 5 Security... 7 End User Experience... 8 Monitoring and Reporting...

More information

Managing Remote Access

Managing Remote Access VMWARE TECHNICAL NOTE VMware ACE Managing Remote Access This technical note explains how to use VMware ACE to manage remote access through VPN to a corporate network. This document contains the following

More information

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005 State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology

More information

INSTANT MESSAGING SECURITY

INSTANT MESSAGING SECURITY INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part

More information

74% 96 Action Items. Compliance

74% 96 Action Items. Compliance Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated

More information

Record and Replay All Windows and Unix User Sessions Like a security camera on your servers

Record and Replay All Windows and Unix User Sessions Like a security camera on your servers Record and Replay All Windows and Unix User Sessions Like a security camera on your servers ObserveIT is the only enterprise solution that records both Windows and Unix user sessions, supporting all methods

More information

Domain 6.0: Network Security

Domain 6.0: Network Security ExamForce.com CompTIA Network+ N10-004 Study Guide 1 Domain 6.0: Network Security Chapter 6 6.1 Explain the function of hardware and software security devices Network based firewall, Host based firewall

More information

Network Access Security. Lesson 10

Network Access Security. Lesson 10 Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.

More information

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute

More information

1Y0-250 Implementing Citrix NetScaler 10 for App and Desktop Solutions Practice Exam

1Y0-250 Implementing Citrix NetScaler 10 for App and Desktop Solutions Practice Exam 1Y0-250 Implementing Citrix NetScaler 10 for App and Desktop Solutions Practice Exam Section 1: Assessing infrastructure needs for the NetScaler implementation 1.1 Task Description: Verify the objectives

More information

Building Your Complete Remote Access Infrastructure on Windows Server 2012

Building Your Complete Remote Access Infrastructure on Windows Server 2012 Building Your Complete Remote Access nappliance White Paper August 2012 Introduction Remote access is a complex challenge for IT administrators. Providing system access to remote users involves a broad

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary Course Summary Description The objective of this course is to provide the foundational concepts and teach the skills necessary to implement, configure, secure and monitor a Citrix NetScaler system with

More information

KERIO TECHNOLOGIES KERIO WINROUTE FIREWALL 6.4 REVIEWER S GUIDE. (Updated April 14, 2008)

KERIO TECHNOLOGIES KERIO WINROUTE FIREWALL 6.4 REVIEWER S GUIDE. (Updated April 14, 2008) KERIO TECHNOLOGIES KERIO WINROUTE FIREWALL 6.4 REVIEWER S GUIDE (Updated April 14, 2008) WHO IS KERIO? Kerio Technologies provides Internet messaging and firewall software solutions for small to medium

More information

TECHNICAL WHITEPAPER. Author: Tom Kistner, Chief Software Architect. Table of Contents

TECHNICAL WHITEPAPER. Author: Tom Kistner, Chief Software Architect. Table of Contents TECHNICAL WHITEPAPER Author: Tom Kistner, Chief Software Architect Last update: 18. Dez 2014 Table of Contents Introduction... 2 Terminology... 2 Basic Concepts... 2 Appliances... 3 Hardware...3 Software...3

More information

Internet-based remote support for help desks

Internet-based remote support for help desks Internet-based remote support for help desks White Paper Published: October 2005 Contents Introduction...1 Advantages of Internet-based Remote Support...1 Reduced Support Costs through Increased Productivity...2

More information

2X SecureRemoteDesktop. Version 1.1

2X SecureRemoteDesktop. Version 1.1 2X SecureRemoteDesktop Version 1.1 Website: www.2x.com Email: info@2x.com Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious

More information

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web Agent for Terminal Services Web and Remote Desktop Web 2010 CRYPTOCard Corp. All rights reserved. http:// www.cryptocard.com Copyright Copyright 2010, CRYPTOCard All Rights Reserved. No part of this publication

More information

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home. Remote Desktop Gateway Accessing a Campus Managed Device (Windows Only) from home. Contents Introduction... 2 Quick Reference... 2 Gateway Setup - Windows Desktop... 3 Gateway Setup Windows App... 4 Gateway

More information

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001 Securing access to Citrix applications using Citrix Secure Gateway and SafeWord PremierAccess App Note December 2001 DISCLAIMER: This White Paper contains Secure Computing Corporation product performance

More information

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Deploying BitDefender Client Security and BitDefender Windows Server Solutions Deploying BitDefender Client Security and BitDefender Windows Server Solutions Quick Install Guide Copyright 2010 BitDefender; 1. Installation Overview Thank you for selecting BitDefender Business Solutions

More information

Virtual Private Networks Solutions for Secure Remote Access. White Paper

Virtual Private Networks Solutions for Secure Remote Access. White Paper Virtual Private Networks Solutions for Secure Remote Access White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information

More information

Consensus Policy Resource Community. Lab Security Policy

Consensus Policy Resource Community. Lab Security Policy Lab Security Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is

More information

Network Security. Intertech Associates, Inc.

Network Security. Intertech Associates, Inc. Network Security Intertech Associates, Inc. Agenda IT Security - Past to Future Security Vulnerabilities Protecting the Enterprise What do we need in each site? Requirements for a Security Architecture

More information

Licenses are not interchangeable between the ISRs and NGX Series ISRs.

Licenses are not interchangeable between the ISRs and NGX Series ISRs. Q&A Cisco IOS SSL VPN Q. What is Cisco IOS SSL VPN or SSL VPN? A. Secure Sockets Layer (SSL)-based VPN is an emerging technology that provides remote-access connectivity from almost any Internet-enabled

More information

MCSA Objectives. Exam 70-236: TS:Exchange Server 2007, Configuring

MCSA Objectives. Exam 70-236: TS:Exchange Server 2007, Configuring MCSA Objectives Exam 70-236: TS:Exchange Server 2007, Configuring Installing and Configuring Microsoft Exchange Servers Prepare the infrastructure for Exchange installation. Prepare the servers for Exchange

More information

ADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access

ADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access Policy Title: Remote Access Policy Type: Administrative Policy Number: ADMINISTRATIVE POLICY # 32 8 117 (2014) Remote Access Approval Date: 05/20/2014 Revised Responsible Office: Office of Information

More information

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Rev 5058-CO900C Agenda Control System Network Security Defence in Depth Secure Remote Access Examples

More information

Filtering remote users with Websense remote filtering software v7.6

Filtering remote users with Websense remote filtering software v7.6 Filtering remote users with Websense remote filtering software v7.6 Websense Support Webinar April 2012 Websense 2012 Webinar Presenter Greg Didier Title: Support Specialist Accomplishments: 9 years supporting

More information

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version 2.2.6 and higher

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version 2.2.6 and higher A Nemaris Company Formal Privacy & Security Assessment For Surgimap version 2.2.6 and higher 306 East 15 th Street Suite 1R, New York, New York 10003 Application Name Surgimap Vendor Nemaris Inc. Version

More information

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us

More information

Getting started. Symantec AntiVirus Corporate Edition. About Symantec AntiVirus. How to get started

Getting started. Symantec AntiVirus Corporate Edition. About Symantec AntiVirus. How to get started Getting started Corporate Edition Copyright 2005 Corporation. All rights reserved. Printed in the U.S.A. 03/05 PN: 10362873 and the logo are U.S. registered trademarks of Corporation. is a trademark of

More information

Keeping your VPN protected

Keeping your VPN protected Keeping your VPN protected Overview The increasing use of remote access is driving businesses to look for an easy to manage, secure solution for providing access to sensitive company assets. There are

More information

Move over, TMG! Replacing TMG with Sophos UTM

Move over, TMG! Replacing TMG with Sophos UTM Move over, TMG! Replacing TMG with Sophos UTM Christoph Litzbach, Pre-Sales Engineer NSG 39 Key Features of TMG HTTP Antivirus/spyware URL Filtering HTTPS forward inspection Web Caching Role based access

More information

MOC 6435A Designing a Windows Server 2008 Network Infrastructure

MOC 6435A Designing a Windows Server 2008 Network Infrastructure MOC 6435A Designing a Windows Server 2008 Network Infrastructure Course Number: 6435A Course Length: 5 Days Certification Exam This course will help you prepare for the following Microsoft exam: Exam 70647:

More information

Novell Access Manager SSL Virtual Private Network

Novell Access Manager SSL Virtual Private Network White Paper www.novell.com Novell Access Manager SSL Virtual Private Network Access Control Policy Enforcement Compliance Assurance 2 Contents Novell SSL VPN... 4 Product Overview... 4 Identity Server...

More information

Hosting topology SMS PASSCODE 2015

Hosting topology SMS PASSCODE 2015 Hosting topology SMS PASSCODE 2015 Hosting Topology In a hosting environment, you have a backend and a several front end (clients). In the example below, there is a backend at the right side. At the left

More information

Mobile Admin Architecture

Mobile Admin Architecture Mobile Admin Architecture Introduction Mobile Admin is an enterprise-ready IT Management solution that enables system administrators to monitor and manage their corporate IT infrastructure from a mobile

More information

Connecting to Miami University s EHR Solution (GE Centricity)

Connecting to Miami University s EHR Solution (GE Centricity) Connecting to Miami University s EHR Solution (GE Centricity) To access GE Centricity from off campus, you will log into one of two dedicated Remote Desktop Servers, often called Terminal Servers (TS),

More information

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection: Table of Content I. What is VPN?... 2 II. Types of VPN connection... 2 III. Types of VPN Protocol... 3 IV. Remote Access VPN configuration... 4 a. PPTP protocol configuration... 4 Network Topology... 4

More information

70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network

70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network 70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network Course Number: 70 299 Length: 1 Day(s) Course Overview This course is part of the MCSA training.. Prerequisites

More information

What s New in Juniper s SSL VPN Version 6.0

What s New in Juniper s SSL VPN Version 6.0 What s New in Juniper s SSL VPN Version 6.0 This application note describes the new features available in Version 6.0 of the Secure Access SSL VPN products. This document assumes familiarity with the Juniper

More information

Securing Citrix with SSL VPN Technology

Securing Citrix with SSL VPN Technology Securing Citrix with SSL VPN Technology An AEP Networks Solution Summary For years, Citrix Systems has dominated the server-based computing market as the solution of choice for application access across

More information

Scenario: IPsec Remote-Access VPN Configuration

Scenario: IPsec Remote-Access VPN Configuration CHAPTER 3 Scenario: IPsec Remote-Access VPN Configuration This chapter describes how to use the security appliance to accept remote-access IPsec VPN connections. A remote-access VPN enables you to create

More information