Identity Management for Networks
|
|
- Phillip Kennedy
- 7 years ago
- Views:
Transcription
1 Network Access with Precision through Identity Identity Management for Networks NYMISSA 19 APR 2007 Sean Convery Identity Engines 2007 Identity Engines, Inc. All Rights Reserved.
2 Who am I? (a.k.a. Full Disclosure) Everyone s background influences their perspective, so here s mine: CTO at venture-funded, network identity management startup, Identity Engines Previously spent seven years at Cisco most recently in the office of the Security CTO within the Security Technology Group (STG) Principal architect of Cisco s original SAFE[1] security architecture Spent a sizable amount of my time at Cisco in security consulting for large enterprises Author of Network Security Architectures[2] Identity Engines, Inc. All Rights Reserved.
3 Agenda Background Identity Management for Networks Considerations Identity Engines Overview Identity Engines, Inc. All Rights Reserved.
4 Identity Management (IdM) Defined The set of processes, tools and social contracts surrounding the creation, maintenance, utilization and termination of a digital identity for people or, more generally, for systems and services to enable secure access to an expanding set of systems and applications.[3] Identity Engines, Inc. All Rights Reserved.
5 Key Identity Management Components Provisioning - Initial account creation and attribute / rights association Authentication - Validating a supplied credential against a provisioned account Authorization - Determining and enforcing permissions associated with an account Accounting - Auditing account activity Re-provisioning / De-provisioning - Modifying or removing account attributes or rights including potential deletion of the account Identity Engines, Inc. All Rights Reserved.
6 What Problem are we Solving? Organizations large and small are accessing more data across more different systems These systems need security for any number of reasons It isn t effective to manage each system as a silo Or, to put it another way Identity Engines, Inc. All Rights Reserved.
7 We Want to Change This User Directory Policy policy policy policy Resource System 1 System 2 System Identity Engines, Inc. All Rights Reserved.
8 Into This. User Directory Policy policy Resource System 1 System 2 System Identity Engines, Inc. All Rights Reserved.
9 It Began with Applications Application IdM has numerous challenges Legacy applications Competing standards Widely disparate policies Security at the application and at the data level Authentication is far more common than authorization Policy is hard to centralize Major vendors are attempting to solve this problem Oracle, Microsoft, Sun, HP, Novell, CA, etc. Systems generally involve Provisioning / workflow systems for account creation access gateways / portals for web apps custom connectors to legacy apps LDAP[4] user directories to house accounts Identity Engines, Inc. All Rights Reserved.
10 And Deployments Look like This User Directory Policy policy policy policy Resource System 1 System 2 System Identity Engines, Inc. All Rights Reserved.
11 Let s Look at the Network Distributed Traditional perimeter firewall; security only on special purpose devices Expanded threat profile leads to more security devices (IDS, VPN, Basic Host Controls). Legacy RADIUS[5] serves authentication requests but lacks richness for authorization policy. Most access IP rather than user based. Enforcement Authorization Policy Enforcement Authorization Policy Distribution of security continues, with authorization tied closely to enforcement. Lack of flexibility of legacy AAA leads to multiple discreet RADIUS stores and local users configured in enforcement devices. Enforcement The goal: 1. Centralize user authentication through flexible next-generation AAA services. 2. Centralize key elements of the authorization policy creating centralized audit and control. Centralized Enforcement Authorization Policy Authentication Policy Authentication Policy Authentication Policy IdM Phase 1 IdM Phase 2 Authorization Policy Authentication Policy Identity Engines, Inc. All Rights Reserved. Time
12 Networks have the Same Problem policy policy policy WLAN VPN Dial-Up Identity Engines, Inc. All Rights Reserved.
13 Though Without all the Baggage Applications have no common authentication protocol Networks have RADIUS There are thousands of applications There are only a handful of network access types across a handful of vendors Policies for applications vary widely Networks often have the same basic policy building blocks (i.e. ACLs) Networks have challenges but they aren t the ones that typically plague IdM for applications Identity Engines, Inc. All Rights Reserved.
14 Agenda Background Identity Management for Networks Considerations Identity Engines Overview Identity Engines, Inc. All Rights Reserved.
15 Identity Management for Networks Goals Centralize authentication Centralize audit Authenticate most / all forms of access Enforce consistent policy Leverage existing directory and network investment Identity Engines, Inc. All Rights Reserved.
16 IdM for Networks Taxonomy Client - Device / user attempting to access the network Policy Enforcement Point () - network device that brokers access request and enforces policy result (i.e. WLAN AP, Firewall, VPN gateway, Ethernet switch) Policy Decision Point (PDP) - network device that decides policy for client based on and interaction Policy Information Point () - a source of information in setting policy (i.e. user directory, asset management system) Accounting - Audit destination for client access and network usage Credential - Element offered as proof of identity (i.e. password, certificate, smartcard, biometric) Let s see how the parts fit together Identity Engines, Inc. All Rights Reserved.
17 1. Client Requests Network Access Client connects to the net (perhaps a WLAN AP), is challenged for identity, and sends this information to the Protocols PPP[6] PPPoE[7] 802.1X[8] IPsec[9] SSL VPN HTTP Acct. Client PDP 1 Production Network Identity Engines, Inc. All Rights Reserved.
18 2. Sends Identity to the PDP In some cases the relays information as in the case of the Extensible Authentication Protocol(EAP)[10] may add additional identifying information for the network Protocols TACACS+[11] RADIUS DIAMETER[12] Acct. Client 1 2 PDP Production Network Identity Engines, Inc. All Rights Reserved.
19 3. PDP Queries Relevant s Query includes learning about the client and validating the client s credential Microsoft AD is a very common.edu often have multiple s Protocols LDAP SQL Database Kerberos NIS (Network Information Service) Acct. Client 1 2 PDP 3 Production Network Identity Engines, Inc. All Rights Reserved.
20 4. (s) Respond to PDP Includes: success / failure for credential Client attributes / groups Protocols LDAP SQL Database Kerberos NIS (Network Information Service) Acct. Client 1 2 PDP 4 3 Production Network Identity Engines, Inc. All Rights Reserved.
21 5. PDP Makes Policy Decision Includes: Info from and (s) Contextual information (time, location, etc.) Local policy rules to evaluate against Protocols XACML[13] Proprietary Acct. Client 1 2 PDP Production Network Identity Engines, Inc. All Rights Reserved.
22 6. PDP Informs Includes: Yes / No authentication result Specific authorizations (i.e. ACL to enforce, profile to trigger) This allows security enforcement at first point of connect Protocols TACACS+ RADIUS DIAMETER Acct. Client PDP Production Network Identity Engines, Inc. All Rights Reserved.
23 7. PDP Informs Accounting System can also notify accounting at a later step Includes: Client identifiers Context information Timestamps Authorizations granted Protocols RADIUS Acct. SYSLOG SNMP Acct. 7 Client PDP Production Network Identity Engines, Inc. All Rights Reserved.
24 8. Grants Access Simple yes or no message or a more specific exchange depending on the protocol Protocols PPP PPPoE 802.1X IPsec SSL VPN HTTP Acct. 7 Client PDP Production Network Identity Engines, Inc. All Rights Reserved.
25 9. Client Accesses the Network From this point on only the is involved in the client s activity ensures client only accesses allowable resources Re-authentication timers will trigger this exchange again Protocols IM Web IRC WoW Client Acct. PDP Production Network Identity Engines, Inc. All Rights Reserved.
26 Benefits Supports multiple vendor s gear Doesn t require new inline deployment Leverages organization s existing directory investment Integrates easily with existing provisioning / workflow systems Provides centralized audit of network use Access policies are consistently enforced Standards-based Identity Engines, Inc. All Rights Reserved.
27 Agenda Background Identity Management for Networks Considerations Identity Engines Overview Identity Engines, Inc. All Rights Reserved.
28 System Availability When all you authenticated was dial-up or VPN, a dusty RADIUS server in the corner of your data center was fine Today s demands require a different approach With authenticated networks, PDP availability is as essential to the network as routing or DNS If your identity infrastructure goes down, so does your network Systems must support HA and and be built for the worst-case load requirements (i.e. mid-day powerbrown-out) Identity Engines, Inc. All Rights Reserved.
29 Authorization Understanding Many existing systems can do basic authentication Authorization is required for all of IdM s most interesting applications Authorization requires: Ability to write rich policies Understanding of capabilities from multiple vendors Identity Engines, Inc. All Rights Reserved.
30 Rich Directory Integration Directory attributes are often inconsistently named across directories Attributes enable rich policies making their use worth the effort Look to attribute / group name mapping Similar to elements of a virtual directory Additionally, intelligent routing among multiple directories is essential Attribute normalization: finance HR PDP LDAP-1 AD LDAP-2 finance HR acct HumRes account EmpSup Identity Engines, Inc. All Rights Reserved.
31 Other Considerations Method s for authenticating the client vary by access type, some systems require specialized clients Automated client deployment techniques are maturing Be very careful when considering merging elements (i.e. /PDP or PDP/) For most organizations the flexibility lost is too great capabilities vary (i.e. an ACL for a Cisco device may not be the same as an ACL for a Juniper device) The IETF is making progress[14] here Directory understanding within networking groups is often light The right PDP can reduce this concern through wizards, etc Identity Engines, Inc. All Rights Reserved.
32 IdM Real World Applications Secure WLAN Most common IdM deployment today Guest management Solves acute problem today while setting up for future applications Endpoint Compliance Identity is the foundation for any robust NAC implementation Phase I Phase II Phase III Guest Management / Secure WLAN Department specific rollout Full Rollout Common IdM customer phasing Identity Engines, Inc. All Rights Reserved.
33 Role-based Authorizations Guest Admin(s) Guest Manager User Directory (Employees only) Guest Internet AAA Internal Network Contractor Finance Network Finance Employee All network access is authenticated enabling user audit and differentiated access Enforcement techniques vary per (ACLs, VLANs, VPN profiles are common) Guests can be forced to the Internet only, contractors can be given specific internal access, privileged employees can see restricted areas Identity Engines, Inc. All Rights Reserved.
34 Agenda Background Identity Management for Networks Considerations Identity Engines Overview Identity Engines, Inc. All Rights Reserved.
35 Who is Identity Engines? Solutions Headquarters Investors Partners Industry Identity-based Network Access Management Sunnyvale, CA Trinity Ventures, Lightspeed, Horizon Oracle, Novell, Checkpoint Education, Enterprises, Government, Healthcare Analyst Recognition Identity Engines is well positioned to meet this need and could complement Cisco's high profile Network Admission Control (NAC) strategy Robert Whiteley, Forrester By extending Oracle identity management for network access control, Identity Engines is helping to bridge the network and application environments Jon Oltsik, Enterprise Strategy Group. Identity Engines - Major IdM Trends for 2006: Identity Appliances Identity Engines, Inc. All Rights Reserved.
36 Customers across Education, Enterprises and Government Identity Engines, Inc. All Rights Reserved.
37 Comprehensive Solutions for Authenticated Networks Ignition Guest Manager J2EE-based extensible and customizable visitor solution Ignition Portal Captive portal for guests and legacy platforms Ignition AutoConnect Auto-configuration of clients for 802.1X Ignition Server Identity and policy-based authentication and authorization server Identity Engines, Inc. All Rights Reserved.
38 Our Solution in Action Guest Admin(s) Ignition Guest Manager User Directories Event Attendees (Employees only) Internet Temporary Event Network Ignition Server Campus Wireless Network Visiting Vendor Ignition AutoConnect Conference Center Guest User Research Network Contractor Ignition Portal Identity Engines, Inc. All Rights Reserved.
39 Summary and Conclusion Authenticated networks are the emerging reality in networking IdM for networks works by centralizing decision and distributing enforcement Guest access and secure wireless are the high value / low risk early applications Leveraging your existing network and directory should be the norm, not the exception Just because your box speaks RADIUS, doesn t make it a full-featured PDP RADIUS is a protocol not a product Look for elements of the PDP described earlier Identity Engines, Inc. All Rights Reserved.
40 References (1/2) [1] Convery et. al., SAFE: A Security Blueprint for Enterprise Networks Cisco, November 2000 [2] Convery, Network Security Architectures Cisco Press, April 2004 [3] De Clercq et. al., An Introduction to Identity HP, June 2004 [4] Zeilenga, "Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map" RFC 4510, June 2006 [5] Rigney et. al., "Remote Authentication Dial In User Service (RADIUS)" RFC 2865 (Obsoletes RFC 2138, 2058), June 2000 [6] Simpson, "The Point-to-Point Protocol (PPP)" RFC 1661, July 1994 [7] Mamakos, "A Method for Transmitting PPP Over Ethernet (PPPoE)" RFC 2516, February Identity Engines, Inc. All Rights Reserved.
41 References (2/2) [8] Jeffree et. al., "Port-Based Network Access Control" IEEE Std 802.1X-2004, November 2004 [9] Kent et. al., "Security Architecture for the Internet Protocol" RFC 2401, November 1998 [10] Aboba et. al., "Extensible Authentication Protocol" RFC 3748, June 2004 [11] Carrel et. al., "The TACACS+ Protocol Version 1.78" draftgrant-tacacs-02.txt, January 1997 [12] Calhoun et. al., "Diameter Base Protocol" RFC 3588, September 2003 [13] OASIS, Extensible Access Control Markup Language, February 2005 [14] Congdon et. al., "RADIUS Filter Rule Attribute" draft-ietf-radextfilter-08.txt, January Identity Engines, Inc. All Rights Reserved.
42 Network Access with Precision through Identity Thank You for your Time! Sean Convery Identity Engines For a written version of much of this presentation, check out: Identity Engines, Inc. All Rights Reserved.
Avaya Identity Engines Portfolio
Key benefits Improved security and granular control: More secured wireless and guest access, role-based access control and compartmentalization of the network to segment and protect data Reduced costs:
More informationCisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com. 2006 Cisco Systems, Inc. All rights reserved.
Cisco Secure ACS Overview By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com 2006 Cisco Systems, Inc. All rights reserved. 1 Cisco Secure Access Control System Policy Control and
More informationAvaya Identity Engines Portfolio
Avaya Identity Engines Portfolio Avaya introduces a second-generation network access control solution, with standardsbased support that allows you to not only control who uses your network, but where,
More informationAvaya Identity Engines Portfolio
Avaya Identity Engines Portfolio Avaya Identity Engines Portfolio solutions enable businesses to control who accesses a network, when, where, and how the network is accessed, and which devices will be
More informationACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0
ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Introduction to Network Security
More informationDeploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.
Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted
More informationOrchestrated Security Network. Automated, Event Driven Network Security. Ralph Wanders Consulting Systems Engineer
Orchestrated Security Network Automated, Event Driven Network Security Ralph Wanders Consulting Systems Engineer Orchestrated Security Network! " TCG/ TNC Architecture! " IF-MAP! " Use cases of IF-MAP!
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationPolicy Management: The Avenda Approach To An Essential Network Service
End-to-End Trust and Identity Platform White Paper Policy Management: The Avenda Approach To An Essential Network Service http://www.avendasys.com email: info@avendasys.com email: sales@avendasys.com Avenda
More informationThis chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview
This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview Deployment models C H A P T E R 6 Implementing Network
More informationTechnical Note. ForeScout CounterACT: Virtual Firewall
ForeScout CounterACT: Contents Introduction... 3 What is the vfw?.... 3 Technically, How Does vfw Work?.... 4 How Does vfw Compare to a Real Firewall?.... 4 How Does vfw Compare to other Blocking Methods?...
More informationAlex Wong Senior Manager - Product Management Bruce Ong Director - Product Management
Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management 1 Product Roadmap Disclaimer Any forward-looking indication of plans for products is preliminary and all future release
More informationsolution brief ID Manager Leverage the Cloud to Simplify and Automate Enterprise Guest Management
solution brief ID Manager Leverage the Cloud to Simplify and Automate Enterprise Guest Management Several trends have recently emerged to ignite the requirement for enterprise guest management. One is
More informationSecure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco
Secure Access into Industrial Automation and Systems Industry Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Vendor offers a remote firmware update and PLC programming. Contractor asks
More information70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network
70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network Course Number: 70 299 Length: 1 Day(s) Course Overview This course is part of the MCSA training.. Prerequisites
More informationSecure Access Control for Control System Operations. Andrew Wright, CTO andrew.wright@n-dimension.com
Secure Access Control for Control System Operations Andrew Wright, CTO andrew.wright@n-dimension.com ... Access Control... Authentication who you are Authorization AAA what you may do Audit what did you
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationUNDERSTANDING IDENTITY-BASED NETWORKING SERVICES AUTHENTICATION AND POLICY ENFORCEMENT
UNDERSTANDING IDENTITY-BASED NETWORKING SERVICES AUTHENTICATION AND POLICY ENFORCEMENT John Stone CTO Cisco Systems Internetworking Ireland jstone@cisco.com 2005 Cisco Systems, Inc. All rights reserved.
More informationCISCO IOS NETWORK SECURITY (IINS)
CISCO IOS NETWORK SECURITY (IINS) SEVENMENTOR TRAINING PVT.LTD [Type text] Exam Description The 640-553 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification.
More informationSecure network guest access with the Avaya Identity Engines portfolio
Secure network guest access with the Avaya Identity Engines portfolio Table of Contents Executive summary... 1 Overview... 1 The solution... 2 Key solution features... 2 Guest Access Administration...
More informationNetwork Access Security It's Broke, Now What? June 15, 2010
Network Access Security It's Broke, Now What? June 15, 2010 Jeffrey L Carrell Network Security Consultant Network Conversions SHARKFEST 10 Stanford University June 14-17, 2010 Network Access Security It's
More informationHow to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications
SOLUTION BRIEF: PROTECTING ACCESS TO THE CLOUD........................................ How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications Who should read this
More informationCisco TrustSec How-To Guide: Planning and Predeployment Checklists
Cisco TrustSec How-To Guide: Planning and Predeployment Checklists For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents...
More informationHow To Use Cisco Identity Based Networking Services (Ibns)
. Data Sheet Identity-Based Networking Services Identity-Based Networking Services Overview Cisco Identity-Based Networking Services (IBNS) is an integrated solution that offers authentication, access
More informationNETWORK ACCESS CONTROL
RIVIER ACADEMIC JOURNAL, VOLUME 3, NUMBER 2, FALL 2007 NETWORK ACCESS CONTROL Arti Sood * Graduate Student, M.S. in Computer Science Program, Rivier College Abstract Computers connected to the Internet
More informationAuthentication. Authentication in FortiOS. Single Sign-On (SSO)
Authentication FortiOS authentication identifies users through a variety of methods and, based on identity, allows or denies network access while applying any required additional security measures. Authentication
More informationSophos Certified Architect Course overview
Sophos Certified Architect Course overview UTM This course provides an in-depth study of UTM, designed for experienced technical professionals who will be planning, installing, configuring and supporting
More informationSecuring Wireless LANs with LDAP
A P P L I C A T I O N N O T E Securing Wireless LANs with LDAP Many organizations have standardized on LDAP (Lightweight Directory Access Protocol) servers as a repository for their users and related security
More informationFederated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.
PingFederate We went with PingFederate because it s based on standards like SAML, which are important for a secure implementation. John Davidson Senior Product Manager, Opower PingFederate is the leading
More informationNETASQ ACTIVE DIRECTORY INTEGRATION
NETASQ ACTIVE DIRECTORY INTEGRATION NETASQ ACTIVE DIRECTORY INTEGRATION RUNNING THE DIRECTORY CONFIGURATION WIZARD 2 VALIDATING LDAP CONNECTION 5 AUTHENTICATION SETTINGS 6 User authentication 6 Kerberos
More informationCisco Which VPN Solution is Right for You?
Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2
More informationCisco Secure Access Control Server 4.2 for Windows
Cisco Secure Access Control Server 4.2 for Windows Overview Q. What is Cisco Secure Access Control Server (ACS)? A. Cisco Secure ACS is a highly scalable, high-performance access control server that operates
More informationWiNG5 CAPTIVE PORTAL DESIGN GUIDE
WiNG5 DESIGN GUIDE By Sriram Venkiteswaran WiNG5 CAPTIVE PORTAL DESIGN GUIDE June, 2011 TABLE OF CONTENTS HEADING STYLE Introduction To Captive Portal... 1 Overview... 1 Common Applications... 1 Authenticated
More informationIdentity Management Basics. OWASP May 9, 2007. The OWASP Foundation. Derek Browne, CISSP, ISSAP Derek.Browne@Emergis.com. http://www.owasp.
Identity Management Basics Derek Browne, CISSP, ISSAP Derek.Browne@Emergis.com May 9, 2007 Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms
More informationState of the Market for Security Information Event Management and Log File Management Solutions
This research paper from TheInfoPro (TIP) delivers findings on over 140 in-depth interviews with Fortune 1000 Information Security professionals conducted in 2008, plus another 300 interviews conducted
More informationSSL VPN Technology White Paper
SSL VPN Technology White Paper Keywords: SSL VPN, HTTPS, Web access, TCP access, IP access Abstract: SSL VPN is an emerging VPN technology based on HTTPS. This document describes its implementation and
More informationWebLogic Server 7.0 Single Sign-On: An Overview
WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of
More informationMobility Task Force. Deliverable F. Inventory of web-based solution for inter-nren roaming
Mobility Task Force Deliverable F Inventory of web-based solution for inter-nren roaming Version 1.1 Authors: Sami Keski-Kasari , Harri Huhtanen Contributions: James
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationClearPass: Understanding BYOD and today s evolving network access security requirements
ClearPass: Understanding BYOD and today s evolving network access security requirements ClearPass: Understanding BYOD and today s evolving network access security requirements Chapter 1: Introduction............................
More informationEvolving Network Security with the Alcatel-Lucent Access Guardian
T E C H N O L O G Y W H I T E P A P E R Evolving Network Security with the Alcatel-Lucent Access Guardian Enterprise network customers encounter a wide variety of difficulties and complexities when designing
More informationSolarWinds Log & Event Manager
Corona Technical Services SolarWinds Log & Event Manager Training Project/Implementation Outline James Kluza 14 Table of Contents Overview... 3 Example Project Schedule... 3 Pre-engagement Checklist...
More information(d-5273) CCIE Security v3.0 Written Exam Topics
(d-5273) CCIE Security v3.0 Written Exam Topics CCIE Security v3.0 Written Exam Topics The topic areas listed are general guidelines for the type of content that is likely to appear on the exam. Please
More informationOracle Identity Management: Integration with Windows. An Oracle White Paper December. 2004
Oracle Identity Management: Integration with Windows An Oracle White Paper December. 2004 Oracle Identity Management: Integration with Windows Introduction... 3 Goals for Windows Integration... 4 Directory
More informationFederated Identity and Single Sign-On using CA API Gateway
WHITE PAPER DECEMBER 2014 Federated Identity and Single Sign-On using Federation for websites, Web services, APIs and the Cloud K. Scott Morrison VP Engineering and Chief Architect 2 WHITE PAPER: FEDERATED
More informationImplementing and Configuring Cisco Identity Services Engine SISE v1.3; 5 Days; Instructor-led
Implementing and Configuring Cisco Identity Services Engine SISE v1.3; 5 Days; Instructor-led Course Description Implementing and Configuring Cisco Identity Services Engine (SISE) v1.3 is a 5-day ILT training
More informationAuthentication Integration
Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication
More informationSecret Server Qualys Integration Guide
Secret Server Qualys Integration Guide Table of Contents Secret Server and Qualys Cloud Platform... 2 Authenticated vs. Unauthenticated Scanning... 2 What are the Advantages?... 2 Integrating Secret Server
More informationWHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment... 2. Adaptive Network Security...
WHITEPAPER Top 4 Network Security Challenges in Healthcare Addressing Them with Adaptive Network Security Executive Summary... 1 Top 4 Network Security Challenges Addressing Security Challenges with Adaptive
More informationIntroduction to Endpoint Security
Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user
More informationSolution Brief. Branch on Demand. Extending and Securing Access Across the Organization
Solution Brief Branch on Demand Extending and Securing Access Across the Organization Extending Access to Corporate Resources Across the Organization As organizations extend corporate capabilities to teleworkers
More informationThis research note is restricted to the personal use of christine_tolman@byu.edu
Burton IT1 Research G00234483 Identity Management Published: 9 July 2012 Analyst(s): Ian Glazer, Bob Blakley Identity management (IdM) has become a distinct aggregation of functions for the maintenance
More informationForeScout CounterACT. Continuous Monitoring and Mitigation
Brochure ForeScout CounterACT Real-time Visibility Network Access Control Endpoint Compliance Mobile Security Rapid Threat Response Continuous Monitoring and Mitigation Benefits Security Gain real-time
More informationBest Practices for Outdoor Wireless Security
Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationSecure WiFi Access in Schools and Educational Institutions. WPA2 / 802.1X and Captive Portal based Access Security
Secure WiFi Access in Schools and Educational Institutions WPA2 / 802.1X and Captive Portal based Access Security Cloudessa, Inc. Palo Alto, CA July 2013 Overview The accelerated use of technology in the
More informationPaul Cochran - Account Manager. Chris Czerwinski System Engineer
Paul Cochran - Account Manager Chris Czerwinski System Engineer Next-Generation NAC Fast and easy deployment No infrastructure changes or network upgrades No need for endpoint agents 802.1X is optional
More informationEnterprise Identity Management Reference Architecture
Enterprise Identity Management Reference Architecture Umut Ceyhan Principal Sales Consultant, IDM SEE Agenda Introduction Virtualization Access Management Provisioning Demo Architecture
More informationTech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks
Tech Brief Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks Introduction In today s era of increasing mobile computing, one of the greatest challenges
More informationSummer Webinar Series
Summer Webinar Series Cisco ASA AnyConnect VPN with AD Christopher Rose Sr. Client Network Engineer crose@mcnc.org Webinar Links: www.mcnc.org/cne-webinars Agenda Review the security implications of remote
More informationCisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release
Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release PB526545 Cisco ASA Software Release 8.2 offers a wealth of features that help organizations protect their networks against new threats
More informationChapter 1 The Principles of Auditing 1
Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls
More informationRemote Access Procedure. e-governance
for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type of Information Document
More informationHP Intelligent Management Center Enterprise Software. Platform. Key features. Data sheet
Data sheet HP Intelligent Management Center Enterprise Software Platform Key features Highly flexible and scalable deployment options Powerful administration control Rich resource management Detailed performance
More informationCisco TrustSec Solution Overview
Solution Overview Cisco TrustSec Solution Overview 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 10 Contents Introduction... 3 Solution Overview...
More informationJuniper Networks Unified Access Control (UAC) and EX-Series Switches
White Paper Juniper Networks Unified Access Control (UAC) and EX-Series Switches Meeting Today s Security Challenges with End-to-End Network Access Control Juniper Networks, Inc. 1194 North Mathilda Avenue
More informationUsing Ranch Networks for Internal LAN Security
Using Ranch Networks for Internal LAN Security The Need for Internal LAN Security Many companies have secured the perimeter of their network with Firewall and VPN devices. However many studies have shown
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationARCHITECT S GUIDE: Mobile Security Using TNC Technology
ARCHITECT S GUIDE: Mobile Security Using TNC Technology December 0 Trusted Computing Group 855 SW 5rd Drive Beaverton, OR 97006 Tel (50) 69-056 Fax (50) 644-6708 admin@trustedcomputinggroup.org www.trustedcomputinggroup.org
More information- Identity & Access Management
IBM Software Group NSHE - Identity & Access Management 2006 IBM Corporation Identity & Access Management Access Management and The Monitoring, Auditing and Reporting for Compliance So What s The Problem
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationTNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is
1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the
More informationPCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data
White Paper PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data Using credit cards to pay for goods and services is a common practice. Credit cards enable easy and
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationIdentity Management with midpoint. Radovan Semančík FOSDEM, January 2016
Management with midpoint Radovan Semančík FOSDEM, January 2016 Radovan Semančík Current: Software Architect at Evolveum Architect of Evolveum midpoint Contributor to ConnId and Apache Directory API Past:
More informationNetwork Access Control for Mobile Networks
Network Access Control for Mobile Networks Table of Contents Introduction 3 Network access initiatives the candidates 4 Posture-based access control 4 Cisco network access control 5 Microsoft NAP 7 Juniper
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationBuilding Remote Access VPNs
Building Remote Access VPNs 124 Grove Street, Suite 309 Franklin, MA 02038 877-4-ALTIGA www.altiga.com Building Remote Access VPNs: Harnessing the Power of the Internet to Reduce Costs and Boost Performance
More informationNCP Secure Enterprise Management Next Generation Network Access Technology
Data Sheet NCP Secure Enterprise Management Next Generation Network Access Technology General description NCP Secure Enterprise Management is the central component of the NCP Next Generation Network Access
More informationThe Bomgar Appliance in the Network
The Bomgar Appliance in the Network The architecture of the Bomgar application environment relies on the Bomgar Appliance as a centralized routing point for all communications between application components.
More informationExecutive Summary and Purpose
ver,1.0 Hardening and Securing Opengear Devices Copyright Opengear Inc. 2013. All Rights Reserved. Information in this document is subject to change without notice and does not represent a commitment on
More informationNCSU SSO. Case Study
NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must
More informationMove over, TMG! Replacing TMG with Sophos UTM
Move over, TMG! Replacing TMG with Sophos UTM Christoph Litzbach, Pre-Sales Engineer NSG 39 Key Features of TMG HTTP Antivirus/spyware URL Filtering HTTPS forward inspection Web Caching Role based access
More informationPOLICY SECURE FOR UNIFIED ACCESS CONTROL
White Paper POLICY SECURE FOR UNIFIED ACCESS CONTROL Enabling Identity, Role, and Device-Based Access Control in a Simply Connected Network Copyright 2014, Pulse Secure LLC 1 Table of Contents Executive
More informationCreating a VPN Using Windows 2003 Server and XP Professional
Creating a VPN Using Windows 2003 Server and XP Professional Recommended Instructor Preparation for Learning Activity Instructor Notes: There are two main types of VPNs: User-to-Network This type of VPN
More information» WHITE PAPER. 802.1X and NAC: Best Practices for Effective Network Access Control. www.bradfordnetworks.com
» WHITE PAPER 802.1X and NAC: Best Practices for Effective Network Access Control White Paper» 802.1X and NAC: Best Practices for Effective Network Access Control 1 IEEE 802.1X is an IEEE (Institute of
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationSecure Access into Industrial Automation and Control Systems Best Practice and Trends
Secure Access into Industrial Automation and Systems Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Collaborating to Advance System Security Vendor offers a remote firmware update and
More informationIntelligent Security Design, Development and Acquisition
PAGE 1 Intelligent Security Design, Development and Acquisition Presented by Kashif Dhatwani Security Practice Director BIAS Corporation Agenda PAGE 2 Introduction Security Challenges Securing the New
More informationDeveloping Network Security Strategies
NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network
More informationExploring LDAP. By Valmiki Mukherjee Seethal Nagalla Hemakumar Rangineni. Seminar Series on Computer Network Protocols CSCI 5780 Spring 2005
Exploring LDAP By Valmiki Mukherjee Seethal Nagalla Hemakumar Rangineni Seminar Series on Computer Network Protocols CSCI 5780 Spring 2005 Session -1 Introduction to LDAP What is LDAP RFC, Origin and Progress
More informationCisco Router and Security Device Manager (SDM)
Cisco Router and Security Device Manager (SDM) Session Number 1 Cisco SDM: Combining Ease Of Use & Application Intelligence Cisco SDM is an intuitive, web-based tool for Easy and Reliable Deployment and
More informationNetwork Security 1. Module 4 Trust and Identity Technology. Ola Lundh 070 69 86596 ola.lundh@edu.falkenberg.se
Network Security 1 Module 4 Trust and Identity Technology Module 1 Trust and Identity Technology 4.1 AAA AAA Model Network Security Architecture Authentication Who are you? I am user student and my password
More informationSOSPG2. Implementing Network Access Controls. Nate Isaacson Security Solution Architect Nate.Isaacson@cdw.com
SOSPG2 Implementing Network Access Controls Nate Isaacson Security Solution Architect Nate.Isaacson@cdw.com Offer Pa Agenda The BYOD Challenges NAC terms The Big Picture NAC Solutions and Deployment What
More informationComparing Mobile VPN Technologies WHITE PAPER
Comparing Mobile VPN Technologies WHITE PAPER Executive Summary Traditional approaches for encrypting data in transit such as IPSec and SSL are intended for wired networks with high speed, highly reliable
More informationDirectory Integration with Okta. An Architectural Overview. Okta White paper. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107
Okta White paper Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107 info@okta.com 1-888-722-7871 wp-dint-053013 Table of Contents
More informationTechnical White Paper
Instant APN Technical White Paper Introduction AccessMyLan Instant APN is a hosted service that provides access to a company network via an Access Point Name (APN) on the AT&T mobile network. Any device
More informationGovernment of Canada Directory Services Architecture. Presentation to the Architecture Framework Advisory Committee November 4, 2013
Government of Canada Directory Services Architecture Presentation to the Architecture Framework Advisory Committee November 4, 2013 1 Agenda TIME TOPICS PRESENTERS 9:00 9:15 Opening Remarks Objective for
More informationCisco Identity Services Engine
Cisco Identity Services Engine Secure Access Stefan Dürnberger CCIE Security Sourcefire Certified Expert Most organizations, large and small, have already been compromised and don t even know it: 100 percent
More informationAddressing BYOD Challenges with ForeScout and Motorola Solutions
Solution Brief Addressing BYOD Challenges with ForeScout and Motorola Solutions Highlights Automated onboarding Full automation for discovering, profiling, and onboarding devices onto both wired and wireless
More information