1 / 17

Network Access Management

Network Access Management. Trends in IT Applications for Management. Prepared by: Ahmed Ibrahim S09761197. Introduction.

liang
Télécharger la présentation

Network Access Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Access Management Trends in IT Applications for Management • Prepared by: • Ahmed Ibrahim • S09761197

  2. Introduction • The explosion of fast, reliable network connectivity (internet & enterprise LAN) has transformed the world of business, creating new opportunities & making organizations fast, agile & efficient. • Challenge – meet the increasing demands of an “always connected” user (employees, partners, customers) while keeping the security of networks & intellectual assets.

  3. Connectivity versus Security • Connectivity is optimized by complete access. • Security is optimized by lack of access. • Optimum connectivity – design completely open network, then react to security concerns by selectively closing down areas of access. • Optimum security – design a completely closed network, then react to connectivity requests by selectively opening areas of access.

  4. Trust Boundaries “In both the physical & virtual worlds, an organization implements security systems & procedures at the distinct points where 2 different trust zones meet”. • LAN & internet: firewalls • Data communications & remote users: VPN tunnel

  5. Why do we need Trust Boundaries…? Strengthenthe protection of critical computing & storage resources in recognition of growing exposure to internal risks presented by virus, worms, non-employee users, etc.

  6. The threat from within • To protect both the network & the business operations that rely on the network, an additional trust boundary must be erected between them. • Security measures must ensure that a user with legitimate access to resources doesn’t inadvertently enable malware to reach those resources, taking advantage of the user’s security clearance to propagate an attack.

  7. The emergence of Explicit Permission & Network Access Management Two changes to provide the network security corporations: • IT organizations must change today’s network access model from one of implicit permission to one of explicit permission • Explicit permission must be managed through an appliance that grants or denies access based on a real-time assessment of security requirements, network status & user status.

  8. Network Access Management for Business Continuity IT Departments can begin working from a more precise & constructive security model based on: • Explicit permission for users accessing resources • Adaptivityto changing conditions

  9. Security Shortcomings of Static Network Infrastructure • Reactive security measures and lax management of end user devices are no match for new forms of malware that are sweeping the internet • Slammer worm 75,000 machines within 10min • The rapid transmission of malware combined with the busy everyday work of large, mobile user populations means that the security state of a network is always in flux • Salesrep connecting laptop, contractor connecting in meeting room

  10. Security Shortcomings of Static Network Infrastructure • Network security involves guarding data and controlling its access, not just scanning for malware attacks • Access to information assets must be controlled • The cost of these security attacks is simply too high. • USD55 billion in 2003

  11. Recognizing the problem with Static Network Infrastructure • Administrators need to make the network infrastructure itself responsive when an attack occurs. • Enforce “guilty until proven innocent” policy • Automation solution is in demand to clean devices • Today’s infrastructure were designed for static configurations and lack the dynamic, moment-by-moment policy controls that effective network security demands.

  12. Moving to a Dynamic Security Infrastructure • Screening users and devices • Restricting users to their authorized resources • Inspecting traffic continually for threats and potential policy violations • Enforcing security policies automatically

  13. Industry Initiatives for Network Access Management • Several industry initiatives are under way for creating a solution for screening devices and a system for enforcing regular security policies • Cisco’s Network Admission Control (NAC) initiative • Microsoft’s Network Access Protection (NAP) architecture • The Trusted Computing Group’s Trusted Network Connect (TNC)

  14. The Quandary Facing Enterprises Today • Cisco’s NAC solution increases cost and complexity of development • Unlikely to work with other vendor products • Microsoft’s initiatives is tied to “Longhorn” release • Other Windows OS requires another product • TNC initiative remains a work in progress. • Still deciding which authentication protocols to support.

  15. VerinierEdgewall Network Access Management Appliance • Verinier Networks has created a solution for dynamic enforcing security policies and access management control • Provides 4 key access management functions • Screening • Restricting • Inspecting • Enforcing

  16. VerinierEdgewall Network Access Management Appliance

  17. “Life is Beautiful”

More Related