Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Infrastructure Transformation – VPN Services 0 Enterprise VPN Don Kendrick, VITA Senior Manager, Security Operations August 25, 2009.

Published byMichael Rich Modified over 8 years ago

Similar presentations

Presentation on theme: "IT Infrastructure Transformation – VPN Services 0 Enterprise VPN Don Kendrick, VITA Senior Manager, Security Operations August 25, 2009."— Presentation transcript:

1 IT Infrastructure Transformation – VPN Services 0 Enterprise VPN Don Kendrick, VITA Senior Manager, Security Operations August 25, 2009

2 IT Infrastructure Transformation – VPN Services 1 This document explains the ITP’s plan to improve network security by providing agencies with single and two-factor VPN options The presentation will cover:  Overview of VPN Offerings  Benefits  Deployment Approach

3 IT Infrastructure Transformation – VPN Services 2 VPN (Virtual Private Network) offers remote agency sites and users a secure internet connection to the VITA Enterprise Network A VPN connects remote sites and users together by securely routing remote private networks over the Internet without the need for end-users to acquire additional hardware or software As part of the ongoing transformation, the IT Infrastructure Partnership will begin transitioning all legacy VPN (Virtual Private Network) users to an Enterprise VPN Enterprise VPN access rights that can be tailored to individual users, such as employees, contractors, and/or partners to provide the right level of access to the VITA Enterprise Network Note: VPN offerings are subject to governing policies SEC501 and SEC511

4 IT Infrastructure Transformation – VPN Services 3 Security Related Benefits of VPN Single Point of Contact SOC Intrusion Detection Least Privileged Well-Defended Strong Cisco & Juniper support

5 IT Infrastructure Transformation – VPN Services 4 Non-Security Related Benefits of VPN Reduces Site Costs – Workers can work from home or other locations allowing agencies to lease smaller facilities Supports Telework Initiatives – Promotes the Commonwealth of Virginia’s telework initiative, helps the environment, provides the option of allowing employees to work from home or remotely, and reduces strain on the transportation infrastructure Supports Remote Business Meetings -- Bring services to your customers and extend geographic connectivity. Bring the power of your office to a client’s kitchen table, bedside, or work site Improves Productivity – Enable employees to work after hours more easily

6 IT Infrastructure Transformation – VPN Services 5 The ITP offers agencies single and two-factor authentication options for VPN access to the VITA Enterprise Network… This option is recommended for medium or low security data and application access. It only requires one factor to enable network access: the ID and password. Single-factor Authentication This is the most secure option. It requires two-factors to enable network access: ID and password plus key fob verification. Two-factor Authentication …agencies can choose one, both or a combination of the two options to meet differing levels of employee data security needs For low to medium data security needsFor high data security needs Factors UsedSingle = User ID and Password DeviceMust be partnership-provided Services* All applications that were accessible by http or https prior to Enterprise VPN migration will also be available under the single factor solution Additional Requirements Cisco VPN client, Centrally Managed Firewall Current virus definitions High Speed Internet Connection CostNo additional cost Factors Used Two = User ID and Password plus key fob DeviceMust be partnership-provided Services Full range of services that are not accessible with single factor, including access to agency “killer apps” Additional Requirements Cisco VPN client, Centrally Managed Firewall Current virus definitions High Speed Internet Connection CostTBD additional cost *See appendix for complete list of ports supported by the single-factor solution

7 IT Infrastructure Transformation – VPN Services 6 Most users are upgraded to enterprise VPN during transformation Deploy VPN Across the Full Enterprise Deployment Approach  IT Infrastructure Partnership will begin transitioning most legacy VPN (Virtual Private Network) users to the Enterprise VPN following their agency’s messaging and network transformations  In order for single-factor or two-factor VPN to be installed, agencies must be cross-connected to the MPLS network  Single-factor VPN also requires a synchronized agency user base directory, with COV accounts for those receiving VPN services  Two-Factor Processes  Initial request, approval, and support processes  Catalog process  Other  AITRs will need to identify VPN needs within their agencies and approve all VPN requests  Migration will consist of an initial “bulk migration” to single-factor authentication at the agency sites  Post-transformation requests for single-factor VPN should be routed through the VCCC Service Desk by calling 1-866-637- 8482. Token requests, a requirement for the two-factor solution, must be entered in eVA. Single-Factor Pilots and Evaluations Transform Top 20 Agencies 1 1 2 2 3 3

8 IT Infrastructure Transformation – VPN Services 7 Single-factor Enterprise VPN Agency Migration Process Responsibilities Transformation Project Objective Convert legacy VPN users to CESC-based single-factor VPN or add new users to this solution PRE-MIGRATION Agency Provide list of all people getting VPN IT Partnership Team Verify data accuracy Agency Provide list of all people getting VPN IT Partnership Team Verify data accuracy POST- MIGRATION Agency Sign acceptance documents IT Partnership Team Add individual users as required Agency Sign acceptance documents IT Partnership Team Add individual users as required DURING MIGRATION Agency Distribute job aids to users IT Partnership Team Establish accounts Distribute Cisco VPN software to target machines Test connectivity Notify VCCC that agency has transitioned Agency Distribute job aids to users IT Partnership Team Establish accounts Distribute Cisco VPN software to target machines Test connectivity Notify VCCC that agency has transitioned

9 IT Infrastructure Transformation – VPN Services 8 Two-factor Enterprise VPN Agency Migration Process Responsibilities Transformation Project Objective To migrate existing agency-based two-factor users to the CESC-based system or to add new two- factor users as appropriate PRE-MIGRATION Agency Decide how many agency end-users will need two-factor authentication so that the correct number of key fobs are provided to the agency Identify any legacy VPN users Provide a list of users who need new key fobs and the key fob serial numbers from any legacy users IT Partnership Team Verify data accuracy with agency personnel Agency Decide how many agency end-users will need two-factor authentication so that the correct number of key fobs are provided to the agency Identify any legacy VPN users Provide a list of users who need new key fobs and the key fob serial numbers from any legacy users IT Partnership Team Verify data accuracy with agency personnel POST- MIGRATION Agency Sign acceptance documents IT Partnership Team Add individual users as required Agency Sign acceptance documents IT Partnership Team Add individual users as required DURING MIGRATION Agency Distribute appropriate training materials and job aids Provide testers to ensure correct operation Agency ISO distributes key fobs to end-users IT Partnership Team Load key serials Set up user accounts Load Cisco VPN client on all target machines Test functionality Notify VCCC that agency has been cut over Agency Distribute appropriate training materials and job aids Provide testers to ensure correct operation Agency ISO distributes key fobs to end-users IT Partnership Team Load key serials Set up user accounts Load Cisco VPN client on all target machines Test functionality Notify VCCC that agency has been cut over

10 IT Infrastructure Transformation – VPN Services 9 Questions?

11 IT Infrastructure Transformation – VPN Services 10 Appendix

12 IT Infrastructure Transformation – VPN Services 11 The single-factor solution will allow users to access systems operating under the following ports: permit tcp any any eq 80permit tcp any any eq 143 permit tcp any any eq 443permit tcp any any eq 993 permit tcp any any eq 53permit tcp any any eq 110 permit udp any any eq 53permit tcp any any eq 995 permit tcp any any eq 389permit tcp any any eq 25 permit udp any any eq 389permit udp any any eq 25 permit tcp any any eq 135permit tcp any any eq 88 permit tcp any any eq 445permit udp any any eq 88 permit udp any any eq 138permit udp any any eq 123 permit tcp any any eq 139permit tcp any any eq 123 permit udp any any eq 137

Download ppt "IT Infrastructure Transformation – VPN Services 0 Enterprise VPN Don Kendrick, VITA Senior Manager, Security Operations August 25, 2009."

Similar presentations

| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net 1 WX Client Rajoo Nagar PLM, WABU.

| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.
McAfee One Time Password

McAfee One Time Password
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
The Remote Workplace Designing, deploying, and supporting the remote workplace environment Presented by: John Milhoan Information Technology Cooperative,

The Remote Workplace Designing, deploying, and supporting the remote workplace environment Presented by: John Milhoan Information Technology Cooperative,
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Information Security in Real Business

Information Security in Real Business
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)
Network security policy: best practices

Network security policy: best practices
Virtual Private Network

Virtual Private Network
0 070620 Change Advisory Board COIN v1.ppt Change Advisory Board ITIL COIN June 20, 2007.

Change Advisory Board COIN v1.ppt Change Advisory Board ITIL COIN June 20, 2007.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
DrayTek VPN Solution. Outline What is VPN What does VPN Do Supported VPN Protocol How Many Tunnels does Vigor Support VPN Application Special VPN Application.

DrayTek VPN Solution. Outline What is VPN What does VPN Do Supported VPN Protocol How Many Tunnels does Vigor Support VPN Application Special VPN Application.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.

Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.

Similar presentations

Ads by Google