We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byCassandra Wells
Modified over 4 years ago
© 2005,2006 NeoAccel Inc. Training Access Modes
© 2005,2006 NeoAccel Inc. Agenda 2. Access Terminals 6. Quick Access Terminal Client 3. SSL VPN-Plus Access Terminals a) Introduction b) Usage scenario 4. Network extension concepts 5. Full Access Client 1. Need of SSL VPN
© 2005,2006 NeoAccel Inc. What Users Want Access Business Applications Web based applications: Intranets,… Client-Server applications: VOIP, SAP,… Hybrid Web applications: Oracle forms,… On Demand Access Take work home: in-office experience, full productivity At customer site: need mission critical application to run Roaming: Email, Intranet portal, least productivity
© 2005,2006 NeoAccel Inc. What Users Want…contd… No more classes n trainings!! Simplified, one click access … like web… In office experience Don’t rely on us
© 2005,2006 NeoAccel Inc. What Users Want…contd… Securely Access Anything from Anywhere usingAny device That’s what SSL VPN are about !
© 2005,2006 NeoAccel Inc. Wireless/mobile user Home user/ consultant/partner Other corporate office/ Partners Encrypted SSL VPN tunnels Firewall NeoAccel SSL VPN-Plus Gateway Private network services Authentication Server- Radius/AD/LDAP Internal data-centre SSL VPN Deployment
© 2005,2006 NeoAccel Inc. Access Terminals Entry points to private corporate network Requirement Usability Accessibility Security
© 2005,2006 NeoAccel Inc. Common Access Terminals 1.1 SSL VPN Web portal (with terminal emulators) 1.2 Port Forwarding Client 1.3 Network extension Client
© 2005,2006 NeoAccel Inc. SSL VPN-Plus Access Terminals SSL VPN-Plus has three Access Modes Web Access Terminal (WAT) Browser based SSL VPN access mode Commonly known as Clientless SSL VPN access Private Hyper Access Transport (PHAT) A native client for full access to corporate network Commonly known as Full Access Client Quick Access Terminal (QAT) An agent based terminal that enables access to all TCP applications without installing any software on machine Commonly known as Port Forwarding Client Access Terminals are modes through which remote users can access corporate resources
© 2005,2006 NeoAccel Inc. Web Access Terminal…contd. VPN resources accessible through WAT are: Web servers; e.g. Corporate Intranet/portal Sharepoint Web-based application servers; e.g. Outlook Web Access Lotus Domino Web-based databases like Oracle 9i, SQL Portal can be configured to provide Documents/Manuals to users
© 2005,2006 NeoAccel Inc. Web Access Terminal…contd. User opens WAT login page https://companyvpn/sslvpn-plus/
© 2005,2006 NeoAccel Inc. Web Access Terminal…contd. Upon successful login, the WAT portal is available to user to access private network resources
© 2005,2006 NeoAccel Inc. Web Portal - Thin Applications Terminal emulators are provided on portal to access terminal servers and legacy hosts RDP, VNC, SSH and Telnet java clients are available Useful to access legacy applications without installing any software on user machine or access from kiosk, hotel, etc.
© 2005,2006 NeoAccel Inc. Why Web portal is not enough Business application are not just web-based application. They include client – server components. Application implementation dependent URL rewriting is more than just HTML rewriting: Applets, flash, exe, … No in-office experience
© 2005,2006 NeoAccel Inc. Private Hyper Access Transport PHAT IPSec replacement client which provides IPSec like full access but with zero configuration on client machine Support for all TCP/IP based application and protocols (TCP, UDP, IP) is provided. Best use for In office experience for maximum productivity VOIP and video conferencing Full Access client is configured from management console Administrative rights are required to install the client Client auto-updates without administrative rights Complete and strong endpoint security Supported on Windows (2000 and above) Linux (Redhat, Knoppix, Debian) MAC OS-X (beta)
© 2005,2006 NeoAccel Inc. Network extension technology Establish a SSL connection with SSL gateway Intercept Application Traffic transparently Encapsulate the control commands and data in proprietary protocols Encrypt the data and send through SSL connection to gateway Pass the data to applications transparently Decode the control commands Decrypt the data received on SSL connection from gateway TRANSMISSION RECEPTION
© 2005,2006 NeoAccel Inc. SSL VPN Network extension technology SSL VPN App TCP IP SSL TCP IP Enet #1 #2 User Kernel
© 2005,2006 NeoAccel Inc. SD D D A A D A SA D: Application TCP data packet A: application TCP ACK packet SD: SSL tunnel data packet SA: SSL tunnel ACK packet D A This is what will be achieved. This happens when the user is working in office, i.e. connected to LAN Private network servers SSL VPN GatewaySSL VPN client agent running on remote users machine Other SSL VPNs: Packet flow
© 2005,2006 NeoAccel Inc. SSL VPN-Plus technology SSL VPN App ICAA-TSSL IP TCP Enet #1 User Kernel
© 2005,2006 NeoAccel Inc. Next Architecture: Other SSL VPN Architecture: SSL VPN-Plus OS Network Stack Applicati on Level To private Network SSL Module Network Module From Application To private Network OS Network Stack User Mode ICAA-TSSL Module From Application Remote User Resource Gateway Remote User Resource Gateway ICAA-TSSL Module Architecture difference
© 2005,2006 NeoAccel Inc. What not so good about PHAT PHAT client can not be used “Anywhere”. It has to get installed Administrative rights are required on user machine Secure transport for malware, spyware, trojans and viruses Where is my portal?
© 2005,2006 NeoAccel Inc. Quick Access Terminal A Java enabled browser is required to initiate a VPN and access corporate resources known as Port forwarding client also A Java applet gets downloaded on user machine and initiate VPN User can access TCP based client-server appliance off the portal Zero management/Installation/Maintenance Works like Full access client with only limitation of support for IP, UDP and MS File shares Administrator configures the network resources for users Access to QAT client can be controlled from NMC on per group basis.
© 2005,2006 NeoAccel Inc. Quick Access Terminal…contd. VPN resources accessible through QAT are: Any TCP based Application servers Web Servers, E-mail servers, Citrix, SAP, Lotus Domino, Direct database from anywhere Terminal Servers SSH, Telnet and other legacy terminal emulators like TN5250 for IBM Mainframes access True Anything from Anywhere access In 2.0 beta, QAT runs only on Windows 2000 & above.
© 2005,2006 NeoAccel Inc. Quick Access Terminal…contd. User opens WAT login page https://companyvpn/sslvpn-plus/
© 2005,2006 NeoAccel Inc. Quick Access Terminal…contd. Upon successful login, the QAT link is provided on WAT portal Access QAT using this link
© 2005,2006 NeoAccel Inc. Quick Access Terminal…contd. Upon successful login, the QAT link is provided on WAT portal Status of QAT.
© 2005,2006 NeoAccel Inc. Quick Access Terminal…contd. Access your TCP applications the normal way your work Access any TCP based application
© 2005,2006 NeoAccel Inc. Questions ?
Encrypting Wireless Data with VPN Techniques
Enabling IPv6 in Corporate Intranet Networks
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager
Module 5: Configuring Access for Remote Clients and Networks.
SCSC 455 Computer Security Virtual Private Network (VPN)
October 22, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint, Part II SOEN321-Information-Systems Security.
OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Remote Networking Architectures
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Faten Yahya Ismael. It is technology creates a network that is physically public, but virtually it’s private. A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Application Layer Functionality and Protocols Network Fundamentals – Chapter 3.
© 2020 SlidePlayer.com Inc. All rights reserved.