1 / 43

Solutions in Security

Solutions in Security. Securing Remote Access to the Virtual Workplace. Secure Centralized Business Solutions. Following September 11 attacks as reported by reuters: “This tragedy and others have brought home that the security of systems, applications, and data is a very serious issue.”

jlemoine
Télécharger la présentation

Solutions in Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Solutions in Security Securing Remote Access to the Virtual Workplace

  2. Secure Centralized Business Solutions • Following September 11 attacks as reported by reuters: • “This tragedy and others have brought home that the security of systems, applications, and data is a very serious issue.” • “The need before this tragedy was cost. Now, the issue is security, which will lead to an architecture that has far more concentration of data, processing, and applications in secure servers, and much more lightweight, protected access devices.” • Louis Gerstner • CEO, IBM • To Nikkei Global Management Forum • Japan

  3. Agenda • Elements of a Secure Access Solution • The Secure Citrix Virtual Workplace • Securing Remote Access using a Citrix Extranet VPN • Securing Remote Access using CSG 1.0 • Security with Server Based Computing and MetaFrame XP

  4. Secure Access Elements of Security

  5. Elements of Secure Remote Access • Secure Remote Access consists of: • Encryption • Authentication • Access Control • Traffic Management • Enterprise Class Features and Scalability

  6. Elements of Secure Remote Access • Encryption • Scrambles data so that only those who have the key to read the information are able to decode the message • Keys are protected through a key management system • Public Key Infrastructures (PKIs) • Essential to solutions utilizing digital certificates • As solution grows in complexity and size, number of keys to be managed grows exponentially

  7. Elements of Secure Remote Access • Authentication • Process of verifying that the sender is actually who he/she says they are • Various authentication methods are available • Traditional username/password authentication • RADIUS or TACACS/TACACS+ servers, LDAP-compliant directory servers • X.509 digital certificates • two-factor schemes ( hardware tokens and smart cards)

  8. Elements of Secure Remote Access • Access Control and Management • A VPN without access control only protects communications — not your network • Dictates the amount of freedom a VPN user has • Protects the components of the network • Intellectual property • Information Services • Applications • Ensure that users have full access to what they need, but nothing more

  9. Elements of Secure Remote Access • Traffic Control • Network congestion can adversely affect performance • Solution benefits will not be fully realized if users suffer from: • poor response times • gateway crashes • other network delays or failures • Guarantee reliability and Quality of Service • Enable managers to define policies that actively allocate bandwidth traffic based on relative merit or importance • Ensure performance of mission-critical applications without “starving” lower priority applications

  10. Elements of Secure Remote Access • Enterprise Management • Ability to manage increasing complexity is crucial. • Imperative that the remote access can be managed from the same integrated console as the rest of the organization's security elements. • “Extended Enterprise” has increased the number of applications, users, and IP addresses in use across many organizations. • A true enterprise secure remote access solution must be able work across multiple platforms in order to be effective.

  11. Secure Access Solution Components of the Citrix Virtual Workplace

  12. Citrix Systems… • Who are we? • We are the application access and deployment company • We provide application deployment solutions for today’s web and wireless world • We provide security solutions for your Citrix Extranet and internet access • We provide centralized application and information access solutions to help make your business more productive • We provide critical components for Virtual Workplace and Virtual Office Access Solutions

  13. What is the Virtual Workplace? • The Virtual Workplace is… • Having access to all of the information you want and need in order to do your job • Getting that information to come to you, rather than having to go out and find it • Having access to any applications and tools necessary to manipulate that information • Having secure access to corporate resources from any computer, anywhere, regardless of your bandwidth, hardware, network connection, or operating system • Virtual Office + Digital Workplace = True Freedom!

  14. Citrix Product Overview • Citrix MetaFrame™ XP • Server-based computing solution that delivers an application interface over any network to any device. Citrix Secure Gateway • Two-factor authentication and internet gateway for Citrix ICA enabled clients. Citrix Extranet™ • Two-factor authentication and access control VPN for Secure Internet application access. Citrix NFuse™ Technology • Application portal technology. Seamlessly integrate any application within any standard web browser.

  15. Components of the Secure Virtual Workplace Authentication Access Mgmt. Citrix Extranet 2.5 Secure Connectivity Firewall Other Network Resources such as Databases, Messaging Services, File Shares, Data Warehouse Citrix Extranet 2.5 Encrypted VPN Tunnel Web Server w/ Citrix NFuse 1.6 Technology Citrix MetaFrame XP w/ Feature Release 1

  16. Components of the Secure Virtual Workplace Authentication Access Mgmt. Citrix Secure Gateway Secure Connectivity Firewall Citrix Secure Gateway Citrix MetaFrame XP w/ Feature Release 1 ICA and SSL Other Network Resources such as Databases, Messaging Services, File Shares, Data Warehouse Citrix NFuse 1.6 Technology

  17. VPN Solutions Securing the Virtual Workplace Using Citrix Extranet 2.5 VPN

  18. Security with Citrix Extranet 2.5 Firewall Citrix Extranet 2.5 Encrypted VPN Tunnel Branch Users Remote Offices, Partners, Suppliers, etc. Replicated Network Resources such as MetaFrame Server Farms, Replicated Databases, Messaging Services, File Shares, Data Warehouse Backup Site Branch Offices, Partners, Suppliers, Customers Authentication Access Mgmt. Secure Connectivity Firewall Other Network Resources such as Databases, Messaging Services, File Shares, Data Warehouse Citrix Extranet 2.5 Encrypted VPN Tunnel Mobile Users Web Server w/ Citrix NFuse 1.6 Technology Citrix MetaFrame XP w/ Feature Release 1

  19. Security with Citrix Extranet 2.5 Firewall Citrix Extranet 2.5 MetaFrame Server Farm, Databases, Messaging Services, File Shares, Data Warehouse Encrypted VPN Tunnel UID Service • Encryption • Provides the highest level of Encryption • 3DES (168 bit) using IPSEC Connection method • DES (128 bit) when used in SSL Proxy mode • Keys are protected through a key management system • On-Line Registration distributes Keys • Keys are managed using Admin Console • Support for PKI Certificates • PKI Certificates can be managed using Citrix Extranet Admin Tools

  20. Security with Citrix Extranet 2.5 • Authentication • Various authentication methods are supported • Traditional UID Server included with Citrix Extranet • Entrust and PKI • RADIUS/ACE and LDAP • Secure ComputingSafeWord PremiereAccess Tokens, RSA and other hardware tokens and smart cards • Can reside on Citrix Extranet Server or Dedicated Server • Provides for configuration of a backup authentication server Firewall Citrix Extranet 2.5 MetaFrame Server Farm, Databases, Messaging Services, File Shares, Data Warehouse Encrypted VPN Tunnel UID Service

  21. Security with Citrix Extranet 2.5 • Access Control and Management • Assign User and Group based controls • Support for nested groups • IP Access Control • Control resource access by IP Address and service port number • Web Access Control • Control web access by URL and directory name Firewall Citrix Extranet 2.5 MetaFrame Server Farm, Databases, Messaging Services, File Shares, Data Warehouse Encrypted VPN Tunnel UID Service

  22. Security with Citrix Extranet 2.5 • Traffic Control • Cisco QoS Device Manager 2.01 • Software service component that is installed on Cisco Routers • Traffic Classification, Low Latency Thresholds, Real-Time Monitoring, Manage Simple Access Control Lists • QoS preclassification, allows admins to apply QoS on VPN connections • Packeteer Packet Shaper • Application traffic and bandwidth management system • Automatic traffic discovery • Classify, Analyze, Monitor, and Control critical traffic • Provides bandwidth utilization Reports and Real-Time Monitoring

  23. Security with Citrix Extranet 2.5 • Enterprise Management • Console tool can be installed on any NT/Win2K machine • Web and Desktop Admin Consoles • Intuitive interfaces

  24. Security with Citrix Extranet 2.5 • Enterprise Management (cont’d) • Clients available for Windows 9x/Me/NT/Win2K/CE, Pocket PC, Palm, Mac, Sun and Linux • Zero footprint Java applet client • Runs in background, executes from browser • Token and Pin number type authentication is supported • Can run any applet or application from a web browser

  25. ICA Solutions Accessing the Virtual Workplace using Citrix Secure Gateway 1.0

  26. Access Mgmt. Security with Citrix Secure Gateway Secure Connectivity Authentication Firewall Citrix Secure Gateway Local Users Citrix MetaFrame XP w/ Feature Release 1 ICA and SSL Secure Ticket Authority Citrix NFuse 1.6 Technology Back-end Network Resources Back-end Network Resources Firewall Citrix Secure Gateway Secure Ticket Authority Citrix MetaFrame XP w/ Feature Release 1 ICA and SSL Citrix NFuse 1.6 Technology Local Users Remote and Mobile Users, Branch Offices, Partners, Suppliers, etc. https://vwp.mycompany.com (Internet based DNS Load Balancing)

  27. Security with Citrix Secure Gateway • Encryption and Connectivity • Secures ICA Traffic only • SSL v3.0 with 128-bit encryption • Support for Public Key Infrastructure (PKIs) • Single IP address is exposed to internet • Ease of firewall traversal (uses port 443 only) Citrix Secure Gateway Back-end Network Resources Firewall ICA and SSL Citrix MetaFrame XP w/ Feature Release 1 STA Citrix NFuse 1.6 Technology

  28. Security with Citrix Secure Gateway • Authentication • Single sign-on through a browser-based solution • Authentication provided by NFuse Web portal • Microsoft NT Domain and Active Directory • Novell NDS • Support for Public Key Infrastructure (PKI) • Authentication process is further secured using an HTTPS configured NFuse Web server • RSA and Smart Card Authentication solutions supported Citrix Secure Gateway Back-end Network Resources Firewall ICA and SSL Citrix MetaFrame XP w/ Feature Release 1 STA Citrix NFuse 1.6 Technology

  29. Security with Citrix Secure Gateway • Access Control and Management • Protects ICA Traffic only • Provides Access control to chosen MetaFrame XP servers • MetaFrame XP provides User and Group based Application Access Control and Management • Citrix Management Console used to control MetaFrame Server Farm • IP Range controls let administrators control which IP addresses can access published applications • Users on external IP addresses can have limited application sets Citrix Secure Gateway Back-end Network Resources Firewall ICA and SSL Citrix MetaFrame XP w/ Feature Release 1 STA Citrix NFuse 1.6 Technology

  30. Security with Citrix Secure Gateway • Traffic Control • Configurable device mapping • Control mapping features that are available to users of ICA • Mapping includes Hard Drives, Printers, Audio, Clipboard, Audio, and COM ports • Limiting availability eliminates bandwidth usage from components • Limiting mapping also increases security • Users cannot cut and paste, save files remotely, or print company owned data • ICA Session Monitoring • Monitor ICA protocol use by Virtual Channel • Monitor size of packet and type of data (print, display, clipboard, etc.) • ICA Priority Packet Tagging • Provides support for 3rd Party QoS solutions • Cisco QoS and Packeteer Packet Shaper

  31. Security with Citrix Secure Gateway • Enterprise Management • Citrix Secure Gateway is highly scalable and provides support for redundant solutions such as DNS-based Load Balancing • MetaFrame XPe and the IMA architecture scales to 1000+ servers and tens of thousands of users • Citrix Management Console provides management for application availability and access control • Load Management • Network Management integrates to Enterprise Management tools from such as HP Openview, CA Unicenter, and Tivoli Netview • System Monitoring and Analysis provides usage monitoring, trending, and accounting capabilities • Application Packaging and Delivery to MetaFrame Servers • MetaFrame is also available for UNIX on Sun Solaris, HPUX and IBM AIX • Supported ICA Clients available for all Windows platforms as well as Pocket PC, Unix, and Mac

  32. Security with Citrix Secure Gateway • Availability • Product will be available in December • Download from secure portal • Subscription Advantage Customers Only • MetaFrame XP • MetaFrame for Unix • Cannot be purchased separately • Technical Preview is currently available • Download from Citrix Developer Network • Register at apps.citrix.com/cdn • Preview available at apps.citrix.com/cdn/snowy • Accompanying documentation located here as well • Please read getting started, installation checklist and admin guide

  33. Server Based Computing The Security Value Adds of MetaFrame Solutions

  34. Server Based Computing for Security • Server Based Computing is like a window to your house - You decide how big the windows is, You decide what’s in the house, You decide how many windows you want to have • Application Access Management – Not just network resource control • Secure Run-time Environment – Not just the connection, but the applications and functions that can be accessed over that connection • Single Point of Universal Anywhere Access • Complete End-to-End Control • Intranet AND Remote Access Solution in one

  35. Server Based Computing for Security • Application Access Management – Users run only the applications that you want, the way you want to run them • Users can look, but they can’t touch • You control whether the user can • Cut & Paste • Save information to a local hard drive • Print information to hard copy • Send information to attached devices (serial devices like PDA’s) • You decide which features are available • Back-end data can be secured using OS Security • Only install the features that you want to make available • Only publish the applications that you want your users to have access to

  36. Server Based Computing for Security Encrypted Traffic Firewall Citrix Extranet, CSG Citrix MetaFrame XP w/ Feature Release 1 Remote Offices Back-end Network Resources Branch Offices Web Server w/ Citrix NFuse 1.6 Technology Mobile Users Local Users Dial-In Users • Single Point of Universal Anywhere Access • Remote access can be achieved from any class or type of device • Users go to a web site and: 1. Logon for secure connection 2. Automatically receive a client download (if necessary) 3. Access only the applications and information you make available www.myvirtualoffice.mycompany.com

  37. Server Based Computing for Security • Complete End-to-End Control - All Management tools necessary to manage the entire Application Computing Environment are under you control and within your reach • VPN Management and Remote Access tools for connection security • Citrix Management Console to manage application availability • OS and Network Enterprise Management for user and network security • The entire user environment is contained behind your firewall from interface to information Interface Information Secure Connection and Auth. Citrix Extranet or CSG Secure Access Point Web Portal, NFuse Application Access Mgmt. Citrix MetaFrame Operating System Security Win2K Security Network Security Firewalls, Physical Separation Resource Security Combo of OS and Network

  38. Server Based Computing for Security • Intranet AND Remote Access Solution in one • Secure Remote Access Solutions from Citrix: • Secure Intranet and Remote Users • Can be used an an everyday enterprise networking and access solution • Benefit • Every day users access their applications by • Accessing an internal web site • e.g. - www.myvirtualdesktop.net • If remote access needs arise or In the event of a disaster • Users access a similar external web site • e.g - www.virtualdesktop.mycompany.com • They are now productive and working in the same environment with the same access method and little or no disruption

  39. Security with MetaFrame Technology • MetaFrame XP • MetaFrame XP Supports Authentication to • Microsoft NT and Active Directory • Novell NDS • Program Neighborhood allows added access management • VPN will control which resources are accessible • MetaFrame will control which applications are accessible • Centralized architecture allows complete control of users computing environment, regardless of device, OS, connection, etc • Administrators can prevent users from copy and pasting, saving files, or printing company data • Traffic Monitoring and Management • Third Party products from Cisco and Packeteer for QoS • ICA Traffic Monitoring provided in MetaFrame XPa/e • Device mapping management

  40. Security with MetaFrame Technology • MetaFrame XPe • Enterprise Management • System Monitoring and Analysis • Application Packaging and Delivery • Installs applications, hotfixes, and service packs on Servers • Supports MSI packages • Supports scheduled installation and auto server reboot • Network Management • SNMP alert support • 3rd party support - HP Openview, CA Unicenter, Tivoli Netview

  41. Security with NFuse Technology • Value-Add of NFuse Web portal • SSL support is provided by MetaFrame XP • Authentication • Microsoft and Novell methods supported • Ticket style authentication can be used in conjunction with user name and password to secure credentials • Access Management takes place at the MetaFrame server • Utilizes Program Neighborhood • Unified aggregation point for applications and information • Enterprise Features • Runs in a web browser and is accessible from anywhere • Plugs directly into Enterprise Portal • Provides support for flexible business continuity solutions • Automatic Citrix ICA client installation • Use NFuse with Citrix Extranet Java Applet for 100% browser based solution

  42. Secure Remote Access with Citrix Solutions • Summary: • Citrix Solutions provide the: • Encryption • Authentication • Access Control • Traffic Management • Enterprise Class Features and Scalability • Required to secure • Workforce Mobility • Business Continuity Solutions • For today’s growing Enterprise

More Related