©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Network Access Technology: Secure Remote Access S Prasanna Bhaskaran

2 2©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Agenda Market Overview Requirement for Remote Access Technology VPN IPSEC VPN SSL VPN NAC Business Continuity with Remote Access

3 3©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Intranet Applications Files Extranet Portal Applications Files Extranet access Partner computers Day Extenders Basic applications Home computer Teleworkers Applications Company computer Mobile workers Basic applications Company computer or public computer Remote Access Overview More remote workers and locations More device types Different resource needs More unmanaged devices Smarter criminals and malware More privacy and security regulations, Need to reduce TCO More remote workers and locations More device types Different resource needs More unmanaged devices Smarter criminals and malware More privacy and security regulations, Need to reduce TCO Corporate Office Remote Access Gateway New Business Realities

4 4©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | The Dilemma: Security vs. Business Needs Connectivity Freedom Availability Performance Cost Management Isolation Control Compliance Policies Rules Restrictions BUSINESS SECURITY S N A P !

5 5©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Now that we have seen the business need lets take a close look on the technologies which will enable us to address the needs… Lets take a dive in to the technology… ;)

6 6©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | A DEEP DIVE IN TECHNOLOGY

7 7©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Traditional Technology Leased Line between sites No Internet High Expense Issues in Manageability

8 8©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Virtual Private Network Secured Internet Connectivity Less Expensive Remote work force Less administrative over head

9 9©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Virtual Private Network VPN can be broadly classified into 2 main technologies IPSEC VPN Works on Layer 3 Network based control End points would be fixed SSL VPN Works in Layer 7 Application based access End point can be fixed as well as mobile

10 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | IPSEC VPN

11 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | IPSEC VPN Its uses mainly 2 wire level protocol AH – Authentication Header Encrypts the header and the payload. Offers strong protection, covers everything that can possible considered immutable. But issue is its in compatible with NAT ESP – Encapsulating Security Payload Encapsulates the security payload. Includes Header and trailer pads to support encryption and authentication. Widely used technology for IPSEC VPN

12 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | IPSEC VPN Allows secure communication between locations. Internet Key Exchange – Diffie Hellman Authentication – MD5, SHA1 Encryption – DES, 3DES, AES Phase 1 – Gateway (bidirectional) Phase 2 – Data VPN (uni-directional)

13 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | IPSEC VPN’s / Cryptography Symmetric ciphers having both the sender and the receiver to use the same key. The same key is used by to encrypt and decrypt the data. Asymmetric ciphers where sender uses one key and the reciever uses another key is asymmetric. Sender and receiver both has keys called as public and private. Data is encrypted with public key and decrypted with private key.

14 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Encryption/ Authenication Technologies Just Maths…  Des, 3Des Aes MD5, SHA1 for authentication PKI

15 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Check List for Implementing VPN Check the following in configuring VPN What is the Authentication – MD5, SHA1 What is the encryption Technology Encryption – DES, 3DES, AES Symmetric / Asymmetric Key

16 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | SSL VPN

17 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Need for SSL VPN Easy browser Access Application based Authorization End point can be Managed as well as Unmanaged End point connection can mobile as well as fixed

18 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | SSL VPN Secure Socket Layer SSL 3.0 found by Netscape Navigator IETF created TLS Privacy connection Identity Authentication Reliability

19 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | SSL Operation Browser Generates a pseudo random And generates a symmetric Key Server sends Public key Generated symmetric key sent to server Secure communication is established Client requests for Public Key Server decrypts the symmetric key

20 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | SSL VPN Again lot of Maths  Asymmetric Cryptography PKI

21 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Network Access Control NAC enforces a comprehensive NAC policy controlling network access and ensuring that each endpoint is current with the latest antivirus, critical patches, service packs, and applications such as browsers and VPN agents.

22 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | NAC Provides End Point Compliance Provides Co Operative enforcement Provides auto remediation Centrally Managed

23 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Business continuity with Remote Access

24 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Remote Workforce Challenges Home Office Workers Examples ► Isolate and protect your corporate data from your kids’ peer-to-peer file-sharing activity ► Prevent the transfer of sensitive employee data—via or un-managed device—by one of your HR managers who frequently works from home “42% of US employers allowed staff to work remotely this year—up from 30%.” —World at Work 2009 (Survey of 2,288 U.S. employers)

25 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Disaster-Recovery Challenges The Case of H1N1 Flu Examples ► Maintain productivity even when you require large numbers of your workers to stay home during a swine flu outbreak ► Sustain business continuity when a snow-day forces the closure of your office “The H1N1 pandemic could cause absenteeism rates of 40 percent or higher for enterprises.” —Gartner 2009

26 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Virtual Windows workspace Virtual Windows workspace Plug-and-play with no software install or system reboot required Securely access and work with corporate data from any PC Securely access and work with corporate data from any PC Data Leak Prevention from Mobile Users Centrally managed by SmartCenter

27 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Check Point Abra at Work Standard Windows Environment Launch approved applications Access encrypted files on USB drive Access approved websites Toggle easily between secure workspace and host PC

28 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Questions?

29 ©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | Thank You!!!