Identity Management for Networks
|
|
- Nancy Watson
- 5 years ago
- Views:
Transcription
1 Network Access with Precision through Identity Identity Management for Networks Network Applications Consortium 2007 Spring Conference 25 APR 2007 Sean Convery Identity Engines 2007 Identity Engines, Inc. All Rights Reserved.
2 Who am I? (a.k.a. Full Disclosure) Everyone s background influences their perspective, so here s mine: CTO at venture-funded, network identity management startup, Identity Engines Previously spent seven years at Cisco most recently in the office of the Security CTO within the Security Technology Group (STG) Principal architect of Cisco s original SAFE[1] security architecture Spent a sizable amount of my time at Cisco in security consulting for large enterprises Author of Network Security Architectures[2] Identity Engines, Inc. All Rights Reserved.
3 Agenda Background Identity Management for Networks Considerations and Presenter Questions Identity Engines Overview Identity Engines, Inc. All Rights Reserved.
4 Identity Management (IdM) Defined The set of processes, tools and social contracts surrounding the creation, maintenance, utilization and termination of a digital identity for people or, more generally, for systems and services to enable secure access to an expanding set of systems and applications.[3] Identity Engines, Inc. All Rights Reserved.
5 Key Identity Management Components Provisioning - Initial account creation and attribute / rights association Authentication - Validating a supplied credential against a provisioned account Authorization - Determining and enforcing permissions associated with an account Accounting - Auditing account activity Re-provisioning / De-provisioning - Modifying or removing account attributes or rights including potential deletion of the account Identity Engines, Inc. All Rights Reserved.
6 What Problem are we Solving? Organizations large and small are accessing more data across more different systems These systems need security for any number of reasons It isn t effective to manage each system as a silo Or, to put it another way Identity Engines, Inc. All Rights Reserved.
7 We Want to Change This User Directory Policy policy policy policy Resource System 1 System 2 System Identity Engines, Inc. All Rights Reserved.
8 Into This. User Directory Policy policy Resource System 1 System 2 System Identity Engines, Inc. All Rights Reserved.
9 It Began with Applications Application IdM has numerous challenges Legacy applications Competing standards Widely disparate policies Security at the application and at the data level Central authentication is far more common than authorization Policy is hard to centralize Systems generally involve Provisioning / workflow systems for account creation Access gateways / portals for web apps Custom connectors to legacy apps LDAP[4] user directories to house accounts Identity Engines, Inc. All Rights Reserved.
10 And Deployments Look like This User Directory Policy policy policy policy Resource System 1 System 2 System Identity Engines, Inc. All Rights Reserved.
11 Let s Look at the Network Distributed Traditional perimeter firewall; security only on special purpose devices Expanded threat profile leads to more security devices (IDS, VPN, Basic Host Controls). Legacy RADIUS[5] serves authentication requests but lacks richness for authorization policy. Most access IP rather than user based. Enforcement Authorization Policy Enforcement Authorization Policy Distribution of security continues, with authorization tied closely to enforcement. Lack of flexibility of legacy AAA leads to multiple discreet RADIUS stores and local users configured in enforcement devices. Enforcement The goal: 1. Centralize user authentication through flexible next-generation AAA services. 2. Centralize key elements of the authorization policy creating centralized audit and control. Centralized Enforcement Authorization Policy Authentication Policy Authentication Policy Authentication Policy IdM Phase 1 IdM Phase 2 Authorization Policy Authentication Policy Identity Engines, Inc. All Rights Reserved. Time
12 Networks have the Same Problem policy policy policy WLAN VPN Dial-Up Identity Engines, Inc. All Rights Reserved.
13 Though Without all the Baggage Applications have no ubiquitous authentication protocol Networks have RADIUS There are thousands of applications There are only a handful of network access types across a handful of vendors Policies for applications vary widely Networks often have the same basic policy building blocks (i.e. ACLs) Networks have challenges but they aren t the ones that face IdM for applications Identity Engines, Inc. All Rights Reserved.
14 Agenda Background Identity Management for Networks Considerations and Presenter Questions Identity Engines Overview Identity Engines, Inc. All Rights Reserved.
15 Identity Management for Networks Goals Centralize authentication Centralize audit Authenticate most / all forms of access Enforce consistent policy Leverage existing directory and network investment Identity Engines, Inc. All Rights Reserved.
16 IdM for Networks Taxonomy Client - Device / user attempting to access the network Policy Enforcement Point () - network device that brokers access request and enforces policy result (i.e. WLAN AP, Firewall, VPN gateway, Ethernet switch) Policy Decision Point (PDP) - network device that decides policy for client based on and interaction Policy Information Point () - a source of information in setting policy (i.e. user directory, asset management system) Accounting - Audit destination for client access and network usage Credential - Element offered as proof of identity (i.e. password, certificate, smartcard, biometric) Let s see how the parts fit together Identity Engines, Inc. All Rights Reserved.
17 1. Client Requests Network Access Client connects to the net (perhaps a WLAN AP), is challenged for identity, and sends this information to the Protocols PPP[6] PPPoE[7] 802.1X[8] IPsec[9] SSL VPN HTTP Acct. Client PDP 1 Production Network Identity Engines, Inc. All Rights Reserved.
18 2. Sends Identity to the PDP In some cases the relays information as in the case of the Extensible Authentication Protocol(EAP)[10] may add additional identifying information for the network Protocols TACACS+[11] RADIUS DIAMETER[12] Acct. Client 1 2 PDP Production Network Identity Engines, Inc. All Rights Reserved.
19 3. PDP Queries Relevant s Query includes learning about the client and validating the client s credential Microsoft AD is a very common.edu often have multiple s Protocols LDAP SQL Database Kerberos NIS (Network Information Service) Acct. Client 1 2 PDP 3 Production Network Identity Engines, Inc. All Rights Reserved.
20 4. (s) Respond to PDP Includes: success / failure for credential Client attributes / groups Protocols LDAP SQL Database Kerberos NIS (Network Information Service) Acct. Client 1 2 PDP 4 3 Production Network Identity Engines, Inc. All Rights Reserved.
21 5. PDP Makes Policy Decision Includes: Info from and (s) Contextual information (time, location, etc.) Local policy rules to evaluate against Protocols XACML[13] Proprietary Acct. Client 1 2 PDP Production Network Identity Engines, Inc. All Rights Reserved.
22 6. PDP Informs Includes: Yes / No authentication result Specific authorizations (i.e. ACL to enforce, profile to trigger) This allows security enforcement at first point of connect Protocols TACACS+ RADIUS DIAMETER Acct. Client PDP Production Network Identity Engines, Inc. All Rights Reserved.
23 7. PDP Informs Accounting System can also notify accounting at a later step Includes: Client identifiers Context information Timestamps Authorizations granted Protocols RADIUS Acct. SYSLOG SNMP Acct. 7 Client PDP Production Network Identity Engines, Inc. All Rights Reserved.
24 8. Grants Access Simple yes or no message or a more specific exchange depending on the protocol Protocols PPP PPPoE 802.1X IPsec SSL VPN HTTP Acct. 7 Client PDP Production Network Identity Engines, Inc. All Rights Reserved.
25 9. Client Accesses the Network From this point on only the is involved in the client s activity ensures client only accesses allowable resources Re-authentication timers will trigger this exchange again Protocols IM Web IRC WoW Client Acct. PDP Production Network Identity Engines, Inc. All Rights Reserved.
26 Benefits Supports mix and match of PxP Leverages organization s existing directory investment Integrates easily with existing provisioning / workflow systems Provides centralized audit of network use Access policies are consistently enforced Standards-based Identity Engines, Inc. All Rights Reserved.
27 Agenda Background Identity Management for Networks Considerations and Presenter Questions Identity Engines Overview Identity Engines, Inc. All Rights Reserved.
28 System Availability When all you authenticated was dial-up or VPN, a dusty RADIUS server in the corner of your data center was fine Today s demands require a different approach With authenticated networks, PDP availability is as essential to the network as routing or DNS If your identity infrastructure goes down, so does your network Systems must support HA and and be built for the worst-case load requirements (i.e. mid-day powerbrown-out) Identity Engines, Inc. All Rights Reserved.
29 Authorization Understanding Many existing systems can do basic authentication Authorization is required for all of IdM s most interesting applications Authorization requires: Ability to write rich policies Understanding of capabilities from multiple vendors Identity Engines, Inc. All Rights Reserved.
30 Rich Directory Integration Directory attributes are often inconsistently named across directories Attributes enable rich policies making their use worth the effort Look to attribute / group name mapping Similar to elements of a virtual directory Additionally, intelligent routing among multiple directories is essential Attribute normalization: finance HR PDP LDAP-1 AD LDAP-2 finance HR acct HumRes account EmpSup Identity Engines, Inc. All Rights Reserved.
31 Other Considerations Method s for authenticating the client vary by access type, some systems require specialized clients Automated client deployment techniques are maturing Be very careful when considering merging elements (i.e. /PDP or PDP/) For most organizations the flexibility lost is too great capabilities vary (i.e. an ACL for a Cisco device may not be the same as an ACL for a Juniper device) The IETF is making progress[14] here Directory understanding within networking groups is often light The right PDP can reduce this concern through wizards, etc Identity Engines, Inc. All Rights Reserved.
32 IdM Real World Applications Secure WLAN Most common IdM deployment today Guest management Solves acute problem today while setting up for future applications Endpoint Compliance Identity is the foundation for any robust NAC implementation Phase I Phase II Phase III Guest Management / Secure WLAN Department specific rollout Full Rollout Common IdM customer phasing Identity Engines, Inc. All Rights Reserved.
33 Segment #1 Presenter Questions 1. Do you see any differences in how the authorization policies of networks vs. applications should be engineered, managed, and provisioned? Network policies are broader today due to limitations of the technology and understanding of the business roles. Eventually network policies will be merged with application policies. 2. Are there any advantages or drawbacks in the flow of the access request being sent to the PDP first or the first? PDP first requires basic authorization to route the request from the network edge which may be suboptimal. 3. Do you see declarative authorization interpreting and enforcing more finely grained authorization policies than they support today? Yes though this is as much a challenge for enterprises to understand their roles as it is a technical challenge to support the fine-grained authorization. 4. Should SAML authorization assertions, and requests for authorization assertion, be used in the communication between PDPs and s? If not, what should be used? For networks, SAML will be used in the future but perhaps more for PDP to PDP communication in a federated model than for PDP to communication. In the network space RADIUS has traction simply because it is so ubiquitous Identity Engines, Inc. All Rights Reserved.
34 Segment #1 Presenter Questions 5. How can we meet our need for flexibility to deploy centralized and/or de- centralized approaches within an enterprise and across enterprise customer, supplier, or channel partners using different platforms? Policy portability through XACML and authorization assertions through SAML can address much of this, challenges here are more at the organizational level. 6. Comment on the NAC s best practice of locating the as close to the resource as possible. For networks, it may make more sense to locate the as close to the point of network access as possible to reduce exposure to threats. If you consider the network the resource then our best practices are aligned. 7. Comment on the NAC s best practice of balancing between availability and performance when selecting the location of the PDP. This makes perfect sense, distribution of the PDP may be key depending on the application. 8. Comment on the NAC s best practice of having platform agnostic PAPs and PDPs, loosely coupled with access management product offerings (e.g., WAM products). This allows for the independent evolution of PAP, PDP, and technology, without disrupting the other components. This is the only way this can scale long term, particularly the vendor neutrality between the PDP and the. Standards for access control formats need more attention Identity Engines, Inc. All Rights Reserved.
35 Agenda Background Identity Management for Networks Considerations and Presenter Questions Identity Engines Overview Identity Engines, Inc. All Rights Reserved.
36 Who is Identity Engines? Solutions Headquarters Investors Partners Industry Identity-based Network Access Management Sunnyvale, CA Trinity Ventures, Lightspeed, Horizon Oracle, Novell, Checkpoint Education, Enterprises, Government, Healthcare Analyst Recognition Identity Engines is well positioned to meet this need and could complement Cisco's high profile Network Admission Control (NAC) strategy Robert Whiteley, Forrester By extending Oracle identity management for network access control, Identity Engines is helping to bridge the network and application environments Jon Oltsik, Enterprise Strategy Group. Identity Engines - Major IdM Trends for 2006: Identity Appliances Identity Engines, Inc. All Rights Reserved.
37 Customers across Education, Enterprises and Government Identity Engines, Inc. All Rights Reserved.
38 Comprehensive Solutions for Authenticated Networks Ignition Guest Manager J2EE-based extensible and customizable visitor solution Ignition Portal Captive portal for guests and legacy platforms Ignition AutoConnect Auto-configuration of clients for 802.1X Ignition Server Identity and policy-based authentication and authorization server Identity Engines, Inc. All Rights Reserved.
39 Our Solution in Action Guest Admin(s) Ignition Guest Manager User Directories Event Attendees (Employees only) Internet Temporary Event Network Ignition Server Campus Wireless Network Visiting Vendor Ignition AutoConnect Conference Center Guest User Research Network Contractor Ignition Portal Identity Engines, Inc. All Rights Reserved.
40 Summary and Conclusion Authenticated networks are the emerging reality in networking IdM for networks works by centralizing decision and distributing enforcement Guest access and secure wireless are the high value / low risk early applications Leveraging your existing network and directory should be the norm, not the exception Policy and authorizations for networks and applications should merge over time Identity Engines, Inc. All Rights Reserved.
41 References (1/2) [1] Convery et. al., SAFE: A Security Blueprint for Enterprise Networks Cisco, November 2000 [2] Convery, Network Security Architectures Cisco Press, April 2004 [3] De Clercq et. al., An Introduction to Identity HP, June 2004 [4] Zeilenga, "Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map" RFC 4510, June 2006 [5] Rigney et. al., "Remote Authentication Dial In User Service (RADIUS)" RFC 2865 (Obsoletes RFC 2138, 2058), June 2000 [6] Simpson, "The Point-to-Point Protocol (PPP)" RFC 1661, July 1994 [7] Mamakos, "A Method for Transmitting PPP Over Ethernet (PPPoE)" RFC 2516, February Identity Engines, Inc. All Rights Reserved.
42 References (2/2) [8] Jeffree et. al., "Port-Based Network Access Control" IEEE Std 802.1X-2004, November 2004 [9] Kent et. al., "Security Architecture for the Internet Protocol" RFC 2401, November 1998 [10] Aboba et. al., "Extensible Authentication Protocol" RFC 3748, June 2004 [11] Carrel et. al., "The TACACS+ Protocol Version 1.78" draftgrant-tacacs-02.txt, January 1997 [12] Calhoun et. al., "Diameter Base Protocol" RFC 3588, September 2003 [13] OASIS, Extensible Access Control Markup Language, February 2005 [14] Congdon et. al., "RADIUS Filter Rule Attribute" draft-ietf-radextfilter-08.txt, January Identity Engines, Inc. All Rights Reserved.
43 Network Access with Precision through Identity Thank You for your Time! Sean Convery Identity Engines For a written version of much of this presentation, check out: Identity Engines, Inc. All Rights Reserved.
RADIUS Grows Up. Identity Management for Networks Secure IT Sean Convery Identity Engines
Network Access with Precision through Identity RADIUS Grows Up Identity Management for Networks Secure IT 2007 Sean Convery Identity Engines 2007 Identity Engines, Inc. All Rights Reserved. www.idengines.com
More informationUser Directories and Campus Network Authentication - A Wireless Case Study
User Directories and Campus Network Authentication - A Wireless Case Study Sean Convery Identity Engines Kevin Jones Metropolitan Community College Agenda Role-based Access Control About MCC Wireless project
More informationEnterprise Guest Access
Data Sheet Published Date July 2015 Service Overview Whether large or small, companies have guests. Guests can be virtually anyone who conducts business with the company but is not an employee. Many of
More informationTen Reasons your RADIUS Server Needs a Refresh:
: Ensuring authentication, authorization, and audit across your network For over a decade now, RADIUS servers have been a mainstay of dial-up and VPN access control. The rather inconspicuous RADIUS server,
More information802.1X: Port-Based Authentication Standard for Network Access Control (NAC)
White Paper 802.1X: Port-Based Authentication Standard for Network Access Control (NAC) Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net
More informationUSP Network Authentication System & MobileIron. Good for mobile security solutions
USP Network Authentication System & MobileIron Good for mobile security solutions Content About United Security Providers Today s network security challenges USP Network Authentication System Access control
More informationNovell Access Manager 3.1
Technical White Paper IDENTITY AND SECURITY www.novell.com Novell Access Manager 3.1 Access Control, Policy Management and Compliance Assurance Novell Access Manager 3.1 Table of Contents: 2..... Complete
More informationARUBA CLEARPASS POLICY MANAGER
ARUBA CLEARPASS POLICY MANAGER The most advanced policy management platform available The Aruba Policy Manager platform provides role- and device-based network access control for employees, contractors
More informationCisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1
Cisco ISE Overview, page 2 Key Functions, page 2 Identity-Based Network Access, page 2 Support for Multiple Deployment Scenarios, page 3 Support for UCS Hardware, page 3 Basic User Authentication and Authorization,
More information802.1X: Background, Theory & Implementation
Customized for NCET Conference 2007 802.1X: Background, Theory & Implementation March 16, 2007 Presented by: Jennifer Jabbusch, CISSP, HP MASE, CAD Mike McPherson, HP ProCurve Neal Hamilton, HP ProCurve
More informationReviewer s guide. PureMessage for Windows/Exchange Product tour
Reviewer s guide PureMessage for Windows/Exchange Product tour reviewer s guide: sophos nac advanced 2 welcome WELCOME Welcome to the reviewer s guide for NAC Advanced. The guide provides a review of the
More informationIdentity-Enabled Web Services
Identity-Enabled s Standards-based identity for 2.0 today Overview s are emerging as the preeminent method for program-toprogram communication across corporate networks as well as the Internet. Securing
More informationAdaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia
Adaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia F5 EMEA Webinar Listopad 2014 Andrzej Kroczek Field Systems Engineer Today s Network and App Access: So Many Variables! LOCATIONS USERS DEVICES
More informationSecure wired and wireless networks with smart access control
Secure wired and wireless networks with smart access control Muhammad AbuGhalioun Senior Presales Consultant Hewlett-Packard Enterprise Aruba Saudi Arabia Managing risk in today s digital enterprise Increasingly
More informationENTERPRISE NETWORKS WLAN Guest Management Software
ENTERPRISE NETWORKS WLAN Guest Management Software Deb Ghosh Visitor Access Applications Secure Guest Access BYOD for employee mobiles Conferences and Tradeshows Public/Retail Hotspots Locations Services
More informationWHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365
WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365 Airwatch Support for Office 365 One of the most common questions being asked by many customers recently is How does AirWatch support Office 365? Customers often
More informationBusiness White Paper IDENTITY AND SECURITY. Access Manager. Novell. Comprehensive Access Management for the Enterprise
Business White Paper IDENTITY AND SECURITY Novell Access Manager Comprehensive Access Management for the Enterprise Simple, Secure Access to Network Resources Business Driver 1: Cost Novell Access Manager
More information802.1X: Port-Based Authentication Standard for Network Access
WHITE PAPER 802.1X: Port-Based Authentication Standard for Network Access Control (NAC) A Secure, Strong and Flexible Framework for Network Access Control (NAC) Copyright 2010, Juniper Networks, Inc. Table
More informationCisco Network Admission Control (NAC) Solution
Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,
More informationManaging Your Privileged Identities: The Choke Point of Advanced Attacks
Managing Your Privileged Identities: The Choke Point of Advanced Attacks Shirief Nosseir EMEA Alliances Director Identity & API Management Tuesday, 16 May 2017 Agenda Why Privileged Access Management Why
More informationIBM Tivoli Directory Server
Build a powerful, security-rich data foundation for enterprise identity management IBM Tivoli Directory Server Highlights Support hundreds of millions of entries by leveraging advanced reliability and
More informationRamnish Singh IT Advisor Microsoft Corporation Session Code:
Ramnish Singh IT Advisor Microsoft Corporation Session Code: Agenda Microsoft s Identity and Access Strategy Geneva Claims Based Access User access challenges Identity Metasystem and claims solution Introducing
More informationGlobal Reference Architecture: Overview of National Standards. Michael Jacobson, SEARCH Diane Graski, NCSC Oct. 3, 2013 Arizona ewarrants
Global Reference Architecture: Overview of National Standards Michael Jacobson, SEARCH Diane Graski, NCSC Oct. 3, 2013 Arizona ewarrants Goals for this Presentation Define the Global Reference Architecture
More informationIdentity Engines: Ensuring Authentication, Authorization, and Audit across Network
2011 International Conference on Information and Network Technology IPCSIT vol.4 (2011) (2011) IACSIT Press, Singapore Identity Engines: Ensuring Authentication, Authorization, and Audit across Network
More informationSecuring the Empowered Branch with Cisco Network Admission Control. September 2007
Securing the Empowered Branch with Cisco Network Admission Control September 2007 Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. 1 Contents 1 The Cisco Empowered Branch 2 Security Considerations
More informationKlaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access
Klaudia Bakšová System Engineer Cisco Systems Cisco Clean Access Agenda 1. Securing Complexity 2. NAC Appliance Product Overview and In-Depth 3. NAC Appliance Technical Benefits The Challenge of Securing
More informationThe Device Has Left the Building
The Device Has Left the Building Mobile Security Made Easy With Managed PKI Christian Brindley Principal Systems Engineer, Symantec Identity and Information Protection Agenda 1 2 3 Mobile Trends and Use
More informationSailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities
SailPoint IdentityIQ Integration with the BeyondInsight Platform Providing Complete Visibility and Auditing of Identities Table of Contents Executive Summary... 3 Identity and Access Management... 5 BeyondTrust
More informationWEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices
WEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices Chris Steel, Ramesh Nagappan, Ray Lai www.coresecuritypatterns.com February 16, 2005 15:25 16:35
More informationForeScout ControlFabric TM Architecture
ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%
More informationForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.
Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do
More informationBEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management.
More informationComprehensive Network Access Control Based on the Network You Have Today. Juniper Networks Unified Access Control
Comprehensive Network Access Control Based on the Network You Have Today Juniper Networks Unified Access Control Juniper Networks Unified Access Control Juniper Networks IC 4000 Juniper Networks IC 6000
More informationPulse Policy Secure X Network Access Control (NAC) White Paper
Pulse Policy Secure 802.1X Network Access Control (NAC) White Paper Introduction The growing mobility trend has created a greater need for many organizations to secure and manage access for both users
More informationThe Modern Web Access Management Platform from on-premises to the Cloud
The Modern Web Access Management Platform from on-premises to the Cloud Single Sign On, Access Controls, Session Management and how to use Access Management to protect applications both on premises and
More informationForeScout CounterACT Pervasive Network Security Platform Network Access Control Mobile Security Endpoint Compliance Threat Management
Brochure ForeScout CounterACT Pervasive Network Security Platform Network Access Control Mobile Security Endpoint Compliance Threat Management Benefits Security Gain real-time network intelligence users,
More informationCisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller
Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table
More informationOpenIAM Identity and Access Manager Technical Architecture Overview
OpenIAM Identity and Access Manager Technical Architecture Overview Overview... 3 Architecture... 3 Common Use Case Description... 3 Identity and Access Middleware... 5 Enterprise Service Bus (ESB)...
More informationVirtual Private Networks (VPNs)
CHAPTER 19 Virtual Private Networks (VPNs) Virtual private network is defined as customer connectivity deployed on a shared infrastructure with the same policies as a private network. The shared infrastructure
More informationArcGIS Server and Portal for ArcGIS An Introduction to Security
ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context
More informationCritical Infrastructure Protection for the Energy Industries. Building Identity Into the Network
Critical Infrastructure Protection for the Energy Industries Building Identity Into the Network Executive Summary Organizations in the oil, gas, and power industries are under increasing pressure to implement
More informationCybersecurity Roadmap: Global Healthcare Security Architecture
SESSION ID: TECH-W02F Cybersecurity Roadmap: Global Healthcare Security Architecture Nick H. Yoo Chief Security Architect Disclosure No affiliation to any vendor products No vendor endorsements Products
More informationSECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS
WHITE PAPER SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS The Challenges Of Securing AWS Access and How To Address Them In The Modern Enterprise Executive Summary When operating in Amazon Web Services
More informationIntroducing. Secure Access. for the Next Generation. Bram De Blander Sales Engineer
Introducing Secure Access for the Next Generation Bram De Blander Sales Engineer bdeblander@pulsesecure.net What CIOs are asking Mobility Cloud Apps IoT Is our firewall security and EMM system good enough?
More informationThe Cisco BYOD Smart Solution
1 Security, Flexibility, and Performance for Any Workspace 2 Today, organizations have various devices on their networks. To manage the proliferation of personal devices, bring your own device (BYOD) policies
More informationBYOD: BRING YOUR OWN DEVICE.
white paper BYOD: BRING YOUR OWN DEVICE. On-BOaRDING and Securing DEVICES IN YOUR Corporate NetWORk PrepaRING YOUR NetWORk to MEEt DEVICE DEMaND The proliferation of smartphones and tablets brings increased
More informationSOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE
SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE March 2018 Table of Contents Introduction...1 Design...2 Use Cases...2 Underlay...3 Overlay...3 Dynamic Segmentation...3 Non-Stop Networking...4 Summary...5
More informationSSL VPNs or IPsec VPNs The Challenges of Remote Access. February 2 nd, 2007 Chris Witeck- Director of Product Marketing
SSL VPNs or IPsec VPNs The Challenges of Remote Access February 2 nd, 2007 Chris Witeck- Director of Product Marketing Agenda Remote access challenges Drivers for remote access New challenges for IT Remote
More informationHillstone IPSec VPN Solution
1. Introduction With the explosion of Internet, more and more companies move their network infrastructure from private lease line to internet. Internet provides a significant cost advantage over private
More informationImplementing Security in Windows 2003 Network (70-299)
Implementing Security in Windows 2003 Network (70-299) Level 1 Authorization & Authentication 2h 20m 20s 1.1 Group Strategy 1.2 Group Scopes 1.3 Built-in Groups 1.4 System or Special Groups 1.5 Administrating
More informationMobility Optimized Access Layer
solution brief Mobility Optimized Access Layer Completing the Hive with Aerohive Switches Designing for Mobile First Legacy enterprise networks were never designed to accommodate the complexity of a mobile-first
More informationDumpsFree. DumpsFree provide high-quality Dumps VCE & dumps demo free download
DumpsFree http://www.dumpsfree.com DumpsFree provide high-quality Dumps VCE & dumps demo free download Exam : 300-208 Title : Implementing Cisco Secure Access Solutions Vendor : Cisco Version : DEMO Get
More informationData Sheet NCP Secure Enterprise Management
Centrally Managed VPN Fully Automatic Operation of a Remote Access VPN via a Single Console Administration and license management system for NCP Exclusive Remote Access Clients Enables easy rollout and
More informationSACM Information Model Based on TNC Standards. Lisa Lorenzin & Steve Venema
SACM Information Model Based on TNC Standards Lisa Lorenzin & Steve Venema Agenda Security Automation with TNC IF-MAP SACM Information Model Based on TNC Standards Graph Model Components Operations SACM
More informationBYOD the HP Way: Secure, Device-Agnostic Network Access Management Jochen Fischer Solution Architect (MASE) September 2013
BYOD the HP Way: Secure, Device-Agnostic Network Access Management Jochen Fischer Solution Architect (MASE) September 2013 Bring Your Own???? 2 Bring Your Own Device cannot be ignored About 50% Workers
More informationAccess Management Handbook
Access Management Handbook Contents An Introduction 3 Glossary of Access Management Terms 4 Identity and Access Management (IAM) 4 Access Management 5 IDaaS 6 Identity Governance and Administration (IGA)
More informationForeScout CounterACT. Configuration Guide. Version 4.3
ForeScout CounterACT Authentication Module: RADIUS Plugin Version 4.3 Table of Contents Overview... 4 Understanding the 802.1X Protocol... 4 About the CounterACT RADIUS Plugin... 6 IPv6 Support... 7 About
More informationARUBA CLEARPASS POLICY MANAGER
ARUBA CLEARPASS POLICY MANAGER The most advanced access policy platform available Aruba s ClearPass Policy Manager provides role- and device-based network access control for employees, contractors and
More informationhidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION
HID ActivOne USER FRIENDLY STRONG AUTHENTICATION We understand IT security is one of the TOUGHEST business challenges today. HID Global is your trusted partner in the fight against data breach due to misused
More informationONE POLICY. Tengku Shahrizam, CCIE Asia Borderless Network Security 20 th June 2013
ONE POLICY Tengku Shahrizam, CCIE Asia Borderless Network Security 20 th June 2013 Agenda Secure Unified Access with ISE Role-Based Access Control Profiling TrustSec Demonstration How ISE is Used Today
More informationDirectory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA
Directory Integration with Okta An Architectural Overview Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Directories and the Cloud: An Overview 3 Okta
More informationWhat Is Wireless Setup
What Is Wireless Setup Wireless Setup provides an easy way to set up wireless flows for 802.1x, guest, and BYOD. It also provides workflows to configure and customize each portal for guest and BYOD, where
More information5 OAuth EssEntiAls for APi AccEss control layer7.com
5 OAuth Essentials for API Access Control layer7.com 5 OAuth Essentials for API Access Control P.2 Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the
More informationOptimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution
DATASHEET Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution Features & Benefits Best-in-class VPN and vadc solutions A single point of access for all
More information1. Federation Participant Information DRAFT
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES [NOTE: This document should be considered a as MIT is still in the process of spinning up its participation in InCommon.] Participation in InCommon
More informationCisco Self Defending Network
Cisco Self Defending Network Integrated Network Security George Chopin Security Business Development Manager, CISSP 2003, Cisco Systems, Inc. All rights reserved. 1 The Network as a Strategic Asset Corporate
More informationNetwork Access Control
Network Access Control It is about saying YES! to BYOD but staying on control Jan Michael de Kok Sales Engineering Manager Caribbean & Central America Realities of Smart Devices, Like It Or Not A new device
More information5 OAuth Essentials for API Access Control
5 OAuth Essentials for API Access Control Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the user in control of delegating access to an API. This allows
More informationArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith
ArcGIS Enterprise Security: An Introduction Gregory Ponto & Jeff Smith Agenda ArcGIS Enterprise Security Model Portal for ArcGIS Authentication Authorization Building the Enterprise Encryption Collaboration
More informationSolution Architecture
2 CHAPTER Introduction The purpose of the Secure Wireless is to provide common security services across the network for wireless and wired users and enable collaboration between wireless and network security
More informationEXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK
EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS 03 EXECUTIVE OVERVIEW 05 INTRODUCTION 07 MORE CLOUD DEPLOYMENTS MEANS MORE ACCESS 09 IDENTITY FEDERATION IN
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationW H IT E P A P E R. Salesforce Security for the IT Executive
W HITEPAPER Salesforce Security for the IT Executive Contents Contents...1 Introduction...1 Background...1 Settings Related to Security and Compliance...1 Password Settings... 1 Session Settings... 2 Login
More informationNCP Exclusive Remote Access Management
Centrally Managed VPN Fully Automatic Operation of a Remote Access VPN via a Single Console Administration and license management system for NCP Exclusive Remote Access Clients Enables easy rollout and
More informationSmarter Business Agility with WebSphere DataPower Appliances Introduction
Mike Masterson Worldwide Executive WebSphere Appliances 14 October 2010 Smarter Business Agility with WebSphere DataPower Appliances Introduction Smarter Business Agility with WebSphere DataPower Appliances
More informationIdentity Based Network Access
Identity Based Network Access Identity Based Network Access - Agenda What are my issues Cisco ISE Power training What have I achieved What do I want to do What are the issues? Guest Student Staff Contractor
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationZero Trust in Healthcare Centrify Corporations. All Rights Reserved.
Zero Trust in Healthcare 1 CYBER OFFENSE REDEFINED: TRANSFORM YOUR SECURITY POSTURE WITH ZERO TRUST 2 What Keeps CIOs Up at Night? How exposed are we, anyway? Who can access what? Can we trust our partners?
More informationOverview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT
DigitalPersona Premium Data Sheet Overview DigitalPersona s Composite Authentication transforms the way IT executives protect the integrity of the digital organization by going beyond traditional two-factor
More informationDeploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)
Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs) Microsoft Corporation Published: June 2004 Abstract This white paper describes how to configure
More informationMicrosoft Internet Security & Acceleration Server Overview
Microsoft Internet Security & Acceleration Server 2006 Overview 1 What is ISA Server 2006? Three Deployment Scenarios Making Exchange, SharePoint and Web application servers available for secure remote
More informationSecuring Wireless LANs with Certificate Services
1 Securing Wireless LANs with Certificate Services PHILIP HUYNH University of Colorado at Colorado Springs Abstract Wireless Local Access Network (WLAN) is used popularly in almost everywhere from the
More informationGuest Access Made Easy
WHITE PAPER Guest Access Made Easy Juniper Networks Unified Access Control and EX Series Ethernet Switches Solve Today s NAC Problems Copyright 2009, Juniper Networks, Inc. Table of Contents Table of Figures
More informationSnort: The World s Most Widely Deployed IPS Technology
Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,
More informationEvolution Of The Need For IAM. Securing connections between people, applications, and networks
Evolution Of The Need For IAM December 2006 Evolution Of The Need For IAM Identity issues are nothing new Who steals my purse steals trash / But he that filches from me my good name / Robs me of that which
More informationCA Adapter. Installation and Configuration Guide for Windows. r2.2.9
CA Adapter Installation and Configuration Guide for Windows r2.2.9 This Documentation, which includes embedded help systems and electronically distributed materials (hereinafter referred to as the Documentation
More informationCisco Exam Questions & Answers
Cisco 300-208 Exam Questions & Answers Number: 300-208 Passing Score: 800 Time Limit: 120 min File Version: 38.4 http://www.gratisexam.com/ Exam Code: 300-208 Exam Name: Implementing Cisco Secure Access
More informationDelivering a Secure BYOD Solution with XenMobile MDM and Cisco ISE
Delivering a Secure BYOD Solution with XenMobile MDM and Cisco ISE Bhumik Patel Solutions Architect, Citrix Systems May 21 st 2013 App Complete Enterprise Mobility Business Apps Productivity and Collaboration
More informationCA SSO Cloud-Enabled with SSO/Rest
CA SSO Cloud-Enabled with SSO/Rest SSO/Rest Solves Many Challenges Applications in the Cloud AJAX / Mobile / Thick Client Application Integration "Agent-less" Infrastructure Server-side Application Integration
More informationSAP Security in a Hybrid World. Kiran Kola
SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal
More informationInside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1
Inside Symantec O 3 Sergi Isasi Senior Manager, Product Management SR B30 - Inside Symantec O3 1 Agenda 2 Cloud: Opportunity And Challenge Cloud Private Cloud We should embrace the Cloud to respond to
More informationLesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More informationIdentity Awareness Software Blade Check Point Software Technologies Ltd. [Unrestricted] For everyone
Identity Awareness Software Blade 2010 Check Point Software Technologies Ltd. [Unrestricted] For everyone Agenda 1 Introduction 2 Solution Overview 3 Identity Awareness Features 4 Selling Strategy 2 Agenda
More informationServer Installation and Administration Guide
NetApp Connect 5.1 Server Installation and Administration Guide NetApp, Inc. 495 East Java Drive Sunnyvale, CA 94089 U.S. Telephone: +1 (408) 822-6000 Fax: +1 (408) 822-4501 Support telephone: +1 (888)
More informationGLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More information802.1X: An IT Rorschach Test Secure IT 2006
Powering Network Identity 802.1X: An IT Rorschach Test Secure IT 2006 Sean Convery Identity Engines 22 MAR 2006 Who am I? (a.k.a. Full Disclosure) Everyone s background influences their perspective, so
More informationMobile Security Overview Rob Greer, VP Endpoint Management and Mobility Product Management Dave Cole, Sr. Director Consumer Mobile Product Management
Mobile Security Overview Rob Greer, VP Endpoint Management and Mobility Product Management Dave Cole, Sr. Director Consumer Mobile Product Management June 29, 2011 1 Forward-Looking Statements This presentation
More informationNetwork Working Group. February 2005
Network Working Group Request for Comments: 4014 Category: Standards Track R. Droms J. Schnizlein Cisco Systems February 2005 Status of This Memo Remote Authentication Dial-In User Service (RADIUS) Attributes
More informationCA GovernanceMinder. CA IdentityMinder Integration Guide
CA GovernanceMinder CA IdentityMinder Integration Guide 12.6.00 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationSecurity in Bomgar Remote Support
Security in Bomgar Remote Support 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their
More information