network access management
DESCRIPTION
Network Access Management. Trends in IT Applications for Management. Prepared by: Ahmed Ibrahim S09761197. Introduction. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Network Access Management](https://reader036.vdocuments.mx/reader036/viewer/2022062501/5681636e550346895dd44b6f/html5/thumbnails/1.jpg)
Network Access ManagementTrends in IT Applications for
Management
Prepared by:• Ahmed Ibrahim S09761197
![Page 2: Network Access Management](https://reader036.vdocuments.mx/reader036/viewer/2022062501/5681636e550346895dd44b6f/html5/thumbnails/2.jpg)
Introduction
• The explosion of fast, reliable network connectivity (internet & enterprise LAN) has transformed the world of business, creating new opportunities & making organizations fast, agile & efficient.
• Challenge – meet the increasing demands of an “always connected” user (employees, partners, customers) while keeping the security of networks & intellectual assets.
![Page 3: Network Access Management](https://reader036.vdocuments.mx/reader036/viewer/2022062501/5681636e550346895dd44b6f/html5/thumbnails/3.jpg)
Connectivity versus Security
• Connectivity is optimized by complete access.• Security is optimized by lack of access.• Optimum connectivity – design completely open
network, then react to security concerns by selectively closing down areas of access.
• Optimum security – design a completely closed network, then react to connectivity requests by selectively opening areas of access.
![Page 4: Network Access Management](https://reader036.vdocuments.mx/reader036/viewer/2022062501/5681636e550346895dd44b6f/html5/thumbnails/4.jpg)
Trust Boundaries
“In both the physical & virtual worlds, an organization implements security systems & procedures at the distinct points where 2 different trust zones meet”.
LAN & internet: firewalls Data communications & remote users: VPN tunnel
![Page 5: Network Access Management](https://reader036.vdocuments.mx/reader036/viewer/2022062501/5681636e550346895dd44b6f/html5/thumbnails/5.jpg)
Why do we need Trust Boundaries…?
Strengthen the protection of critical computing & storage resources in recognition of growing exposure to internal risks presented by virus, worms, non-employee users, etc.
![Page 6: Network Access Management](https://reader036.vdocuments.mx/reader036/viewer/2022062501/5681636e550346895dd44b6f/html5/thumbnails/6.jpg)
The threat from within
• To protect both the network & the business operations that rely on the network, an additional trust boundary must be erected between them.
• Security measures must ensure that a user with legitimate access to resources doesn’t inadvertently enable malware to reach those resources, taking advantage of the user’s security clearance to propagate an attack.
![Page 7: Network Access Management](https://reader036.vdocuments.mx/reader036/viewer/2022062501/5681636e550346895dd44b6f/html5/thumbnails/7.jpg)
The emergence of Explicit Permission & Network Access Management
Two changes to provide the network security corporations:
• IT organizations must change today’s network access model from one of implicit permission to one of explicit permission
• Explicit permission must be managed through an appliance that grants or denies access based on a real-time assessment of security requirements, network status & user status.
![Page 8: Network Access Management](https://reader036.vdocuments.mx/reader036/viewer/2022062501/5681636e550346895dd44b6f/html5/thumbnails/8.jpg)
Network Access Management for Business Continuity
IT Departments can begin working from a more precise & constructive security model based on:
• Explicit permission for users accessing resources• Adaptivity to changing conditions
![Page 9: Network Access Management](https://reader036.vdocuments.mx/reader036/viewer/2022062501/5681636e550346895dd44b6f/html5/thumbnails/9.jpg)
Security Shortcomings of Static Network Infrastructure
• Reactive security measures and lax management of end user devices are no match for new forms of malware that are sweeping the internet
– Slammer worm 75,000 machines within 10min• The rapid transmission of malware combined with
the busy everyday work of large, mobile user populations means that the security state of a network is always in flux
– Salesrep connecting laptop, contractor connecting in meeting room
![Page 10: Network Access Management](https://reader036.vdocuments.mx/reader036/viewer/2022062501/5681636e550346895dd44b6f/html5/thumbnails/10.jpg)
Security Shortcomings of Static Network Infrastructure
• Network security involves guarding data and controlling its access, not just scanning for malware attacks
– Access to information assets must be controlled• The cost of these security attacks is simply too high.
– USD55 billion in 2003
![Page 11: Network Access Management](https://reader036.vdocuments.mx/reader036/viewer/2022062501/5681636e550346895dd44b6f/html5/thumbnails/11.jpg)
Recognizing the problem with Static Network Infrastructure
• Administrators need to make the network infrastructure itself responsive when an attack occurs.
– Enforce “guilty until proven innocent” policy• Automation solution is in demand to clean devices• Today’s infrastructure were designed for static
configurations and lack the dynamic, moment-by-moment policy controls that effective network security demands.
![Page 12: Network Access Management](https://reader036.vdocuments.mx/reader036/viewer/2022062501/5681636e550346895dd44b6f/html5/thumbnails/12.jpg)
Moving to a Dynamic Security Infrastructure
• Screening users and devices• Restricting users to their authorized resources• Inspecting traffic continually for threats and potential
policy violations• Enforcing security policies automatically
![Page 13: Network Access Management](https://reader036.vdocuments.mx/reader036/viewer/2022062501/5681636e550346895dd44b6f/html5/thumbnails/13.jpg)
Industry Initiatives for Network Access Management
• Several industry initiatives are under way for creating a solution for screening devices and a system for enforcing regular security policies Cisco’s Network Admission Control (NAC)
initiative Microsoft’s Network Access Protection (NAP)
architecture The Trusted Computing Group’s Trusted Network
Connect (TNC)
![Page 14: Network Access Management](https://reader036.vdocuments.mx/reader036/viewer/2022062501/5681636e550346895dd44b6f/html5/thumbnails/14.jpg)
The Quandary Facing Enterprises Today
• Cisco’s NAC solution increases cost and complexity of development– Unlikely to work with other vendor products
• Microsoft’s initiatives is tied to “Longhorn” release– Other Windows OS requires another product
• TNC initiative remains a work in progress.– Still deciding which authentication protocols to
support.
![Page 15: Network Access Management](https://reader036.vdocuments.mx/reader036/viewer/2022062501/5681636e550346895dd44b6f/html5/thumbnails/15.jpg)
Verinier Edgewall Network Access Management Appliance
• Verinier Networks has created a solution for dynamic enforcing security policies and access management control
• Provides 4 key access management functionsScreeningRestrictingInspectingEnforcing
![Page 16: Network Access Management](https://reader036.vdocuments.mx/reader036/viewer/2022062501/5681636e550346895dd44b6f/html5/thumbnails/16.jpg)
Verinier Edgewall Network Access Management Appliance
![Page 17: Network Access Management](https://reader036.vdocuments.mx/reader036/viewer/2022062501/5681636e550346895dd44b6f/html5/thumbnails/17.jpg)
“Life is Beautiful”