Presentation is loading. Please wait.

Presentation is loading. Please wait.

Home Workers Node How to extend Intranet security to the home.

Similar presentations

Presentation on theme: "Home Workers Node How to extend Intranet security to the home."— Presentation transcript:

1 Home Workers Node How to extend Intranet security to the home

2 Requirements Secure enough to be acceptable by intranet security officers –intrusion –denial of service Convenient enough to be acceptable by employees –intranet should feel local at home –full internet access

3 System overview Client (e.g. PC) Evil spouseEvil ISP employee Evil hackerLocal net e-box Access net ISP Internet Firewall Intranet Resource (e.g. Web) Who cares

4 Universe splitter DNS requests are intercepted Intranet names are assigned a local private range IP address Name + IP nr. registered at guard Packages with these addresses are forwarded to guard Guard tunnels packages if profile allows NAT used for Internet access

5 Logical view Client (e.g. PC) Guard DNS Proxy device Guard Firewall proxy people. ericsson. se www. apple. com ? DNS ! ? Ab%$12AnC^6as*mS (SSL) ? GET Profiles ? ! ? ! ? GET ? GET e-box

6 Spouse attack Only defined local clients can access guard services Profile at firewall defines limited resource access Auditing Login can be strengthened by SMS login

7 ISP attack Eavesdropping impossible due to SSL link between guard and firewall Denial of service can be prevented with multiple ISPs

8 Hacker attack Private IP range used for intranet aliases are skipped by every router e-box does not allow remote login No forwarding of external packets via guard Only access is from client on local net. This requires physical access (e-box alarm system?)

9 Guard DNS Act as DNS server for local net Detect requests for intranet services –Assign private IP number as alias –Inform guard of assignment If not known, forward to system DNS Simple package, can be written in Java (IBM has done it)

10 Proxy device Intercept IP packets in guard range Push packets to Guard Very simple Linux device driver. Many examples available Written in C

11 Guard Create an SSL tunnel over the internet to the firewall Authenticate secure Inform firewall of private aliases Forward packets both ways SSL software freely available

12 Firewall Accept tunnels from guards Authenticate Forward packets if they are allowed by the profile of the e-box Manage the profiles of the employee –Certificates –Self care Company policies Standard solutions?

13 Strengths Allows any type of client –PCs –Web pads Offers full internet access –games, LDAP, applets Allows multiple intranets if e-box is trusted No special cards

14 Weaknesses Local net is not fully secure No standard software New concept, requires convincing security officers


Download ppt "Home Workers Node How to extend Intranet security to the home."

Similar presentations

Ads by Google