Presentation is loading. Please wait.

Presentation is loading. Please wait.

How to extend Intranet security to the home

Published byCharles Flanagan Modified over 10 years ago

Similar presentations

Presentation on theme: "How to extend Intranet security to the home"— Presentation transcript:

1 How to extend Intranet security to the home
Home Workers Node How to extend Intranet security to the home

2 Requirements Secure enough to be acceptable by intranet security officers intrusion denial of service Convenient enough to be acceptable by employees intranet should feel local at home full internet access

3 System overview Client (e.g. PC) e-box ISP Firewall Resource
Evil spouse Client (e.g. PC) Local net e-box Evil ISP employee Access net ISP Evil hacker Internet Firewall Who cares Intranet Resource (e.g. Web)

4 Universe splitter DNS requests are intercepted
Intranet names are assigned a local private range IP address Name + IP nr. registered at guard Packages with these addresses are forwarded to guard Guard tunnels packages if profile allows NAT used for Internet access

5 Logical view Client (e.g. PC) Guard DNS Proxy device Guard Firewall
? people.ericsson.se ? Client (e.g. PC) ! Guard DNS ! DNS ? ! ? GET =people.ericsson.se e-box Proxy device Guard ? GET ? Ab%$12AnC^6as*mS (SSL) www. apple. com Firewall proxy people. ericsson. se ? GET Profiles

6 Spouse attack Only defined local clients can access guard services
Profile at firewall defines limited resource access Auditing Login can be strengthened by SMS login

7 ISP attack Eavesdropping impossible due to SSL link between guard and firewall Denial of service can be prevented with multiple ISPs

8 Hacker attack Private IP range used for intranet aliases are skipped by every router e-box does not allow remote login No forwarding of external packets via guard Only access is from client on local net. This requires physical access (e-box alarm system?)

9 Guard DNS Act as DNS server for local net
Detect requests for intranet services Assign private IP number as alias Inform guard of assignment If not known, forward to system DNS Simple package, can be written in Java (IBM has done it)

10 Proxy device Intercept IP packets in guard range Push packets to Guard
Very simple Linux device driver. Many examples available Written in C

11 Guard Create an SSL tunnel over the internet to the firewall
Authenticate secure Inform firewall of private aliases Forward packets both ways SSL software freely available

12 Firewall Accept tunnels from guards Authenticate
Forward packets if they are allowed by the profile of the e-box Manage the profiles of the employee Certificates Self care Company policies Standard solutions?

13 Strengths Allows any type of client Offers full internet access
PCs Web pads Offers full internet access games, LDAP, applets Allows multiple intranets if e-box is trusted No special cards

14 Weaknesses Local net is not fully secure No standard software
New concept, requires convincing security officers

15

Download ppt "How to extend Intranet security to the home"

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen Sollins.

HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen Sollins.
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net 1 WX Client Rajoo Nagar PLM, WABU.

| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
SMC2804WBRP-G Barricade™ g 2.4GHz 54Mbps Wireless Cable/DSL Broadband Router with USB Print Server SMC2804WBRP-G www.smc.com.

SMC2804WBRP-G Barricade™ g 2.4GHz 54Mbps Wireless Cable/DSL Broadband Router with USB Print Server SMC2804WBRP-G
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
LMF/TTR Raimo Vuopionperä 6WINIT: Ericsson (Research) Objectives (6WINIT Kick-Off, London) Raimo Vuopionperä (Ph. D.), NomadicLab (LMF/TTR)

LMF/TTR Raimo Vuopionperä 6WINIT: Ericsson (Research) Objectives (6WINIT Kick-Off, London) Raimo Vuopionperä (Ph. D.), NomadicLab (LMF/TTR)
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines.

IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Firewalling Techniques Prabhaker Mateti. ACK Not linux specific Not linux specific Some figures are from 3com Some figures are from 3com.

Firewalling Techniques Prabhaker Mateti. ACK Not linux specific Not linux specific Some figures are from 3com Some figures are from 3com.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
CS682 – Network Management and Security Session 7.

CS682 – Network Management and Security Session 7.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Similar presentations

Ads by Google