Mike Bayne 15 September 2011

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

Technology Requirements for Online Testing Training Module Copyright © 2014 American Institutes for Research. All rights reserved.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
NETOP REMOTE CONTROL What’s new in version 9.5? DECEMBER 09 NETOP REMOTE CONTROL1.
Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.
Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.
Senior Design Lab Policies Presented by: Trey Murdoch CSC IT Staff.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
Server 2008 Terminal Services and Remote Desktop Services Basic application access is possible without Citrix, and Server 2008 R2 adds on some key features.
Fermilab VPN Service What is a VPN ?.
© 2005,2006 NeoAccel Inc. Training Access Modes. © 2005,2006 NeoAccel Inc. Agenda 2. Access Terminals 6. Quick Access Terminal Client 3. SSL VPN-Plus.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
Course 201 – Administration, Content Inspection and SSL VPN
Test Review. What is the main advantage to using shadow copies?
Your storage on the ground; Your files in the cloud.
Virtual Company Group 8 Presentation Date: June /04/2017
© 2007 NeoAccel, Inc. NeoAccel SGX Installation Guide Dear Customer: We are pleased to provide you with our training presentation for our SSL VPN-Plus.
Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.
Chapter 20: Getting from the Office to the Road: VPNs BAI617.
Chapter 7: Using Windows Servers to Share Information.
© 2005,2006 NeoAccel Inc. Partners Presentation SSL VPN-Plus 2.0 Quick Start Guide.
Access Gateway Operation
Internal NetworkExternal Network. Hub Internal NetworkExternal Network WS.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Chapter 9: Novell NetWare
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Remote Administration Remote Desktop Remote Assistance Remote Server Administration Tools.
IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples.
Portable SSH Brian Minton EKU, Dept. of Technology, CEN/CET)‏
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
StoneGate SSL VPN 1.2 Technical Overview
Windows 7 Firewall.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Grid Chemistry System Architecture Overview Akylbek Zhumabayev.
Sudarshan Yadav Sr. Program Manager, Microsoft
Remote Controller & Presenter Make education more efficiently
Turning Windows 7 into a Web Server Ch 28. Understanding Internet Information Services.
Terminal Services Technical Overview Olav Tvedt TVEDT.info Microsoft Speaker Community
SonicWALL SSL-VPN Series Easy Secure Remote Access Cafferata Cristiano SE Italia.
1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.
Technology Requirements for Online Testing Training Module Copyright © 2014 American Institutes for Research. All rights reserved.
Network and Computer Security in the Fermilab Accelerator Control System Timothy E. Zingelman Control System Cyber-Security Workshop (CS)2/HEP Knoxville,
Module 8 Implementing Security Using Group Policy.
Configure and Security Remote Acess. Chapter 8 Advance Computer Network Lecture Sorn Pisey
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Endpoint Security VPN R75 (SecureClient Next Generation)
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
Getting Connected to NGS while on the Road…
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data Version 2.6 | July 2014.
Connecting Desktops and Laptops to Networks
Module 3: Enabling Access to Internet Resources
Introduction to Networking
Introduction:. Vendor : Cisco Certifications : Next-Generation Firewall Express Security Engineer Exam Name : Cisco ASA Express Security Exam Code :
Welcome To : Group 1 VC Presentation
Getting Connected to NGS while on the Road…
Chapter 10: Advanced Cisco Adaptive Security Appliance
Cengage Learning: Computer Networking from LANs to WANs
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Mike Bayne 15 September

 Virtual Private Network  Provides an encrypted tunnel between a client computer and a remote network  Remote termination proxies the connection to other resources  All or some traffic routed to remote network

VPN Operation JMU Border VPN terminal

 Gain remote access to applications and data deemed too sensitive to expose directly to the Internet ◦ Student Administration system  Gain remote access to resources licensed to JMU by IP address ◦ Microsoft site license ◦ Online library resources

 Required a client ◦ No support for new OSes ◦ No support for mobile devices  Tunneled all traffic over UDP ◦ All traffic had to go through JMU, even if not destined for JMU  Access required configuration on firewalls  Rapidly approaching end-of-life

 Support for newer OSes  Support for mobile devices  Uses web browser for basic access  Java clients for advanced access  LDAP or Active Directory authentication  Access granted based upon roles

PlatformOS: list of browsers and Java Environment Windows Windows XP Professional SP3 32 bit: Internet Explorer 7.0, 8.0, and Firefox 3.6, 4.0; Sun JRE 6 Vista Enterprise SP2 32 & 64 bit : Internet Explorer 7.0, 8.0, 9.0 and Firefox 3.6, 4.0; Sun JRE 6 Windows 7 Enterprise SP1 32 & 64 bit: Internet Explorer 8.0, 9.0 and Firefox 3.6, 4.0; Sun JRE 6 Mac Mac OS X , 32 and 64 bit: Safari 5.0, Safari 5.1 Sun JRE 6 Mac OS X , 32 and 64 bit: Safari 4.0 Sun JRE 6 Linux OpenSuse 11.3, 32 bit only: Firefox 3.6, 4.0; Sun JRE 6 Ubuntu LTS, 32 bit only: Firefox 3.6, 4.0; Sun JRE 6

PlatformOperating SystemBrowsers and Java WindowsVista with Service Pack 1 or 2 on 32 bit or 64 bit platforms Windows 7 on 32bit or 64 bit platforms XP Professional SP2 or SP3 on 32 bit or 64 bit platforms XP Home Edition SP3 Internet Explorer 9.0 Internet Explorer 8.0 Internet Explorer 7.0 Firefox 3.0 and above Sun JRE 6 and above MacMac OS X 10.6.x, 32 bit and 64 bit Mac OS X 10.5.x, 32 bit and 64 bit Mac OS X 10.4.x, 32 bit Safari 3.0 and above Sun JRE 6 and above LinuxOpenSuse 10.x and 11.x, 32 bit only Ubuntu 9.10 and 10.x, 32 bit only Red Hat Enterprise Linux 5, 32 bit only Firefox 3.0 and above Sun JRE 6 and above SolarisSolaris 10, 32 bit onlyMozilla 2.0 and above

 iPhone OS 3.0 and above with default Safari  Android 2.0 and above  Symbian OS 8.1 and above  Windows Mobile 6.0 Standard, Classic and Professional: Pocket IE 6.0  Windows Mobile 6.1 Standard, Classic and Professional: Pocket IE 6.0  Windows Mobile 6.5 Standard, Classic and Professional: Internet Explorer Mobile 6.0  Windows Mobile 5.0 based Pocket PC devices: Pocket IE 4.0  NTT I-mode phone  AU/KDDI phone : Open wave Mobile Browser  Vodafone phone : Open wave Mobile Browser

 Web Connect  WSAM/JSAM  Network Connect  Junos Pulse (Mobile clients)

 Default connection  Provides access to: ◦ Web resources ◦ File Access ◦ Remote desktop ◦ SSH access  Solution for most connections at JMU

 Windows only  Java program or Activex control  Inserts a shim into the network stack  Network access to preconfigured resources are directed through the VPN  Resources MUST be preconfigured on the VPN

 Java based proxy  Maps local port to remote destination through the SSL VPN ◦ Example: hrweb.jmu.edu:443 is mapped to local port 8000 ◦ Connections to is forwarded to hrweb.jmu.edu:443  Either WSAM or JSAM per role, not both  Not currently used at JMU

 Most impact on JMU and client system  Java application  Behavior similar to existing Cisco VPN: all traffic is routed through the VPN to JMU’s network

 Network Connect for mobile devices  All traffic tunneled through the VPN  Untested

 Network resources that users are allowed or denied access to  Identified by host and port, subnet, URI, etc  Can be specific enough to allow access to parts of a website while denying access to others

 Group of people that share similar access  Role membership can be identified by LDAP group membership or attribute  Role membership can be enumerated within the SSL VPN ◦ Most roles are enumerated ◦ Want to move to LDAP/AD as identity management matures  Users are often assigned multiple roles

 Logical container containing authentication source and login pages  May be accessed either by a new domain name or by a new URL ◦ ◦

 Roles are added to a realm ◦ Roles may be in more than one domain  Resources are added to roles ◦ Both permit and deny resources are added ◦ Default deny of access to unmentioned resource ◦ Users accumulate resources from each role they’re assigned to

 Moving from enumerated roles to group/attributes in a directory  Identifying resources that don’t work with web connect and developing workarounds ◦ Internal JMU applications ◦ Externally licensed resources (750+ through the library alone)

 Endpoint Security ◦ Malware protection ◦ Antivirus version monitoring ◦ Patch management monitoring  Cache Cleaner  Two-factor authentication ◦ One-time passwords ◦ Certificates  Single Sign-on  Restrictions to access from certain subnets  Restrictions to browsers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.