A Secure Network for AllRequirementsChallenge = How?RisksTechnologySummarySlide 7A Secure Network for AllTeam ExcelRequirementsBusiness•Add visitor, customer, and competitor access•Use non-company laptops onto corporate network for internet and internal application use•Visitor access to internet, VPN•Wireless accessSecurity•Protect corporate IP•Principle of least privilege•Patch and anti-virus required•Wireless access to internal network prohibitedChallenge = How?Access required Pros RisksEmployees •Physical•Internet•Intranet•Corporate Applications•Standard builds•Regular patches•Updated Anti-Virus•Physical access to most areasVisitors(frequent, short meetings)•Physical•Internet•Wireless access•External access only•Escort required•Unfiltered access to internet•No login•Wireless securityContractors(Few days to 1 year)•Physical•Internet•Corporate Applications•NDA required•Easy to control application access•Login created for access•Access typically same as employeeCustomers and/orCompetitors(Regularly on-site for specific projects)•Physical•Internet •Some internal applications•Non-standard builds•Limited ability to control•Login created for access•Considerable access to building•Intentional or unintentional disclosureRisks•Physical access to multiple networks•Protection of Intellectual Property•Introduction of Malware•Unintentional access to corporate data and applications•Blocking of valid users•Difficult for support staff to understand who can access whatAre you at risk?Anyone with a requirement to protect corporate intellectual property or privacy data:•Government•Healthcare•Research•Engineering•Many moreTechnologyPro ConElectronic badge •Limits access to buildings and certain rooms•Auditing is available•Once in a building, access is open to most areas•Physical access to network available in empty offices, etcLDAP login •Limits access to domain •Occurs after network access is granted•DHCP address granted to anyoneActive Directory groups •Allows or restricts access to specific applications•Easy to maintain•Auditing available•Can be easy to get added to a groupSeparate networks •Limits access to subnet and specific IP’s and ports•May require additional authentication•Requires additional infrastructure•Firewall rules can be complexNetwork Access Control •Prevents access to network without authentication•Policy-based access can limit access anywhere at a site•Cost•Complex support•Blocking valid usersEncryption •Prevents reading data even if disclosed•Requires infrastructure•Support issuesSummary•How do you prevent disclosure to those with physical access?•How do you grant access to some while limiting access to others?•How can you do it without re-designing your network?•How can you meet the business requirements without giving away the corporate secrets?Solution: Week
View Full Document
Unlocking...