Secure network guest access with the Avaya Identity Engines portfolio

Similar documents
Avaya Identity Engines Portfolio

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Integration of Visitor Management with Access Control Systems

How to Configure Guest Management on the DWC-1000

Evolving Network Security with the Alcatel-Lucent Access Guardian

CA SiteMinder SSO Agents for ERP Systems

solution brief ID Manager Leverage the Cloud to Simplify and Automate Enterprise Guest Management

Business-Driven, Compliant Identity Management

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

Windows Least Privilege Management and Beyond

CA Technologies Solutions for Criminal Justice Information Security Compliance

Avaya Contact Center Control Manager (ACCCM)

Regulatory Compliance Using Identity Management

Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions

How can Identity and Access Management help me to improve compliance and drive business performance?

How do I secure and manage an out-of-band connection to network devices?

Network Service Policy

SAP Solution in Detail SAP NetWeaver SAP NetWeaver Identity Management. Business-Driven, Compliant Identity Management

Business-Driven, Compliant Identity Management

Secure iphone Access to Corporate Web Applications

Integrated Authentication

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0

Session 17 Windows 7 Professional DNS & Active Directory(Part 2)

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

NXC5500/2500. Application Note. Captive Portal with QR Code. Version 4.20 Edition 2, 02/2015. Copyright 2015 ZyXEL Communications Corporation

White Paper. Support for the HIPAA Security Rule PowerScribe 360

BYOD: BRING YOUR OWN DEVICE.

IBM Managed Security Services (Cloud Computing) hosted and Web security - express managed Web security

Integrating Hitachi ID Suite with WebSSO Systems

PCI v2.0 Compliance for Wireless LAN

Endpoint Virtualization for Healthcare Providers

Foundation ACTIVE DIRECTORY AND MICROSOFT EXCHANGE PROVISIONING FOR HEALTHCARE PROVIDERS HEALTHCARE: A UNIQUELY COMPLEX ENVIRONMENT

Netop Remote Control Security Server

Guideline on Auditing and Log Management

Whitepaper. Securing Visitor Access through Network Access Control Technology

White paper December Addressing single sign-on inside, outside, and between organizations

Automate PCI Compliance Monitoring, Investigation & Reporting

How To Use Blackberry Mobile Voice System On A Blackberry Phone

Log-in made easy. MB Advantage Single Sign-On Now Available to DealerTrack.

Conformance of Avaya Aura Workforce Optimization Quality Monitoring Recording Solution with the PCI Data Security Standard

Centrify Cloud Connector Deployment Guide

Secure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications VIDYO

Passing PCI Compliance How to Address the Application Security Mandates

SUPPLIER SECURITY STANDARD

RSA Authentication Manager 8.1 Help Desk Administrator s Guide

Reduce Mobile Phone Expense with Avaya Unified Communications

Web Access Management. RSA ClearTrust. Enhancing control. Widening access. Driving e-business growth. SSO. Identity Management.

Palo Alto Networks User-ID Services. Unified Visitor Management

Achieving PCI Compliance Using F5 Products

Compliance and Security Challenges with Remote Administration

IP Office Receptionist

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

Using YSU Password Self-Service

Network Access Control ProCurve and Microsoft NAP Integration

Security Survey 2009: Privileged User Management It s Time to Take Control Frequently Asked Questions and Background

Avaya Aura System Manager

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM facebook/allidm

Best Practices for PCI DSS V3.0 Network Security Compliance

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Strengthen security with intelligent identity and access management

Cyber-Ark Software and the PCI Data Security Standard

Locking down a Hitachi ID Suite server

Design and Implementation Guide. Apple iphone Compatibility

Security Services. Benefits. The CA Advantage. Overview

Consensus Policy Resource Community. Lab Security Policy

Avaya plus Skype for Business: The Best of Both Worlds

Sygate Secure Enterprise and Alcatel

IP Office: Simple, Powerful Communications for Small and Medium Size Businesses

GRE Help Desk. Quick Guide. April Rev.2

When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs

Integrating a Hitachi IP5000 Wireless IP Phone

Security and Control Issues within Relational Databases

How To Manage Security On A Networked Computer System

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Cisco TrustSec How-To Guide: Guest Services

RSA SecurID Two-factor Authentication

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

Leveraging Microsoft Privileged Identity Management Features for Compliance with ISO 27001, PCI, and FedRAMP

Secure Access Gateway 3000er Serie

Perceptive Experience Single Sign-On Solutions

RSA Authentication Manager 8.1 Help Desk Administrator s Guide. Revision 1

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

Securing Unified Communications for Healthcare

Configure Guest Access

Application Notes for Avaya Aura Conferencing 7.2 and Radvision SCOPIA Elite MCU Issue 1.0

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Transcription:

Secure network guest access with the Avaya Identity Engines portfolio Table of Contents Executive summary... 1 Overview... 1 The solution... 2 Key solution features... 2 Guest Access Administration... 3 Compliance Portal... 4 Conclusion... 5 Executive summary Guest users on the network are a reality for today s companies and their IT staffs. Collaboration with visiting customers, partners and contractors requires that these outsiders have some degree of network access while they are visiting. To give these guests the access they need, many organizations are turning to authenticated networks. While authenticated networks allow guests to use the network in a controlled fashion, in practice, the management of guest users is time-consuming and leads to potential auditability difficulties. In order to address these difficulties, the Avaya Identity Engines portfolio works to streamline management of guest users through the Identity Engines Ignition Guest Manager tool, and delivers network auditability through the Ignition Server s logging features. Overview Organizations welcome a steady stream of vendors, partners, training class attendees and other visitors who arrive with immediate needs for network access. IT staff must deliver network services for all types of users while at the same time supporting greater requirements for security, management and control. To maintain compliance and prevent misuse, a growing number of organizations are deploying authenticated networks. At this time, guests and other short-term users must be provisioned by the IT staff, often using a manual, time-consuming process that does not meet just in time business requirements or provide an adequate record for auditing and regulatory compliance. At the same time, heightened concerns around privacy, as well as legal and human resource considerations, are impacting IT organizations. In addition, many attempts to violate network security controls are actually performed by people who once had legitimate network access but whose relationship with the WHITE PAPER 1

enterprise has ended. In order to prevent misuse of the network, enterprises need to track the identities of their guests when they arrive, when they leave and who creates the account on their behalf. Dormant user accounts can be costly to manage and are a source of potential security vulnerabilities. Some network administrators use calendar notes as a reminder to disable user accounts at some future date and time. This approach is not reliable since user accounts can remain active long after the guest user s legitimate need has ended. To address these shortcomings and compliance issues, IT managers must guarantee that user accounts automatically expire at the appropriate time. The solution The Avaya Identity Engines portfolio provides a complete and integrated solution for managing network guest user access. This guest management solution consists of the following integrated components: The Identity Engines Ignition Server a centralized network access control solution The Identity Engines Ignition Guest Manager an administrative application for guest user management The Identity Engines Ignition Compliance Portal Web authentication and compliance portal for handling non 802.1X clients Key solution features Manages access to the network from conference rooms, training areas, labs, lobbies and other public areas Controls network access centrally across different access methods wired, wireless and VPN Provisions guest user access to particular subnets, VLANs or outbound web access Supports authenticated network access for guest users with and without 802.1X-enabled devices Provides centralized auditing and logging for all network access Delegates administration to front desk, administrative staff or security personnel Maintains complete traceability by identity for both guest provisioners and guests from account creation to network access Helps to detect and identify excessive account generation or inappropriate accounts Figure 1. Guest Manager allows front desk staff to manage access for guests 2

Provides an integrated rules engine for automatic account termination at a scheduled time and date Provides an embedded database for guest user accounts independent of the enterprise directory infrastructure Supports easy customization of the administration console Allows network access to be a revenue generating service Guest Access Administration Guest Manager is an administrative application for centrally managing the network privileges of temporary users such as contractors, visitors and guests. Guest users are managed using an intuitive Web-based interface that can be customized to meet the needs of each enterprise customer. The Web interface may either be hosted on a Web server that is part of the existing enterprise infrastructure or on a dedicated Web server. THE EMERGENCE OF NETWORK IDENTITY Corporations have traditionally focused on the concept of identity at the application level, with many established vendors such as Computer Associates, IBM/Tivoli, Oracle, Sun and HP rolling out single sign-on, user provisioning and other identity management suites. However, with increased need for fine grained access control at the network level, corporations face a new mandate to manage identity at the network level a new class of challenges that many identity management vendors do not address in their application focused solutions. The Guest Manager Web interface allows a receptionist to create a user account for each guest or visitor. A unique account is created in the embedded database on the Avaya Identity Engines Ignition Server (with username, password and other information) so guest users are not added to the enterprise s directory. The Guest Manager allows the administrator to create the guest user s password or specify an automatically generated strong password. Login credentials can be printed and issued with the visitor badge or e-mailed to the guest user. The guest user s network access may be configured to start immediately or scheduled to begin at a future date and continue for the length of time specified by the administrator. Restrictions can be placed on the type of access technology. For example, the Guest Manager Web GUI allows the administrator to control whether the guest user may gain access over wireless, wired or VPN. Auditing and logging is consistent across all user types. Each guest uses a unique guest-account name, allowing the system to maintain an accurate audit trail of network access for each user. This guest management solution provides the ability to track who creates guest accounts as well as each guest network session. As a result, enterprises can easily track network access and provide a mechanism for quick response should misuse be detected. 3

Lobby receptionist Avaya Identity Engines Ignition Server Built-in local store for Guest IDs Internet Guest (wired or wireless) Figure 2. Deploy guest services in your executive briefing center Compliance Portal Compliance Portal provides a Web browser-based authentication mechanism that can be used to support devices either not compatible or not configured to use the 802.1X protocol. This allows companies to seamlessly support the diverse number and types of devices that end users have for accessing the network. The optional ability to perform health scans and posture assessments via this Compliance Portal provides another layer of network protection and helps ensure adherence to the organization s chosen security policy, should it require a minimum health standard for unmanaged devices. OVERCOMING THE LIMITS OF ENTERPRISE DATA STORES In many enterprises, the network team depends on the enterprise s centrally managed directory stores to authenticate employees (and often contractors) and grant them network access. Often, the network security and directory are managed by different teams within IT. This lack of control over the directory by the network security staff can affect the implementation of network access policies and may pose a problem when setting up temporary guest access. Without write-access to corporate directory stores, network teams have found it difficult and time consuming to provision temporary guest users. The Avaya Identity Engines portfolio helps solve this problem by creating guest user accounts in the Identity Engines Ignition Server database, allowing enterprises to virtually eliminate the cost and effort associated with adding temporary users to the enterprise directory. 4

Conclusion Access to network services has become an essential part of the business environment. The Avaya Identity Engines portfolio provides secure network access to guests and visitors without compromising the overall security of the enterprise network. When visitors arrive, front desk receptionists can create a user account and password that can be used to connect to the wired or wireless network. This guest management solution provides a positive experience for visitors and helps reduce the IT cost for managing access at the same time. For more information on the Avaya Identity Engines solution, contact your Avaya Account Manager or Avaya Authorized Partner. Or, visit us online at avaya.com. About Avaya Avaya is a global provider of business collaboration and communications solutions, providing unified communications, contact centers, data solutions and related services to companies of all sizes around the world. For more information please visit www.avaya.com. 2011 Avaya Inc. All Rights Reserved. Avaya and the Avaya Logo are trademarks of Avaya Inc. and are registered in the United States and other countries. All trademarks identified by, TM or SM are registered marks, trademarks, and service marks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners. Avaya may also have trademark rights in other terms used herein. References to Avaya include the Nortel Enterprise business, which was acquired as of December 18, 2009. 06/11 DN5243-01 avaya.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information