Transcript Network Access Control
A Secure Network for All Team Excel Requirements Business • Add visitor, customer, and competitor access • Use non-company laptops onto corporate network for internet and internal application use • Visitor access to internet, VPN • Wireless access Security • • • • Protect corporate IP Principle of least privilege Patch and anti-virus required Wireless access to internal network prohibited Challenge = How? Access required Pros Risks Employees •Physical •Internet •Intranet •Corporate Applications •Standard builds •Regular patches •Updated Anti-Virus •Physical access to most areas Visitors (frequent, short meetings) •Physical •Internet •Wireless access •External access only •Escort required •Unfiltered access to internet •No login •Wireless security Contractors (Few days to 1 year) •Physical •Internet •Corporate Applications •NDA required •Easy to control application access •Login created for access •Access typically same as employee Customers and/or Competitors (Regularly on-site for specific projects) •Physical •Internet •Some internal applications •Non-standard builds •Limited ability to control •Login created for access •Considerable access to building •Intentional or unintentional disclosure Risks • Physical access to multiple networks • Protection of Intellectual Property • Introduction of Malware • Unintentional access to corporate data and applications • Blocking of valid users • Difficult for support staff to understand who can access what Are you at risk? Anyone with a requirement to protect corporate intellectual property or privacy data: • Government • Healthcare • Research • Engineering • Many more Technology Pro Con Electronic badge •Limits access to buildings and certain rooms •Auditing is available •Once in a building, access is open to most areas •Physical access to network available in empty offices, etc LDAP login •Limits access to domain •Occurs after network access is granted •DHCP address granted to anyone Active Directory groups •Allows or restricts access to specific applications •Easy to maintain •Auditing available •Can be easy to get added to a group Separate networks •Limits access to subnet and specific IP’s and ports •May require additional authentication •Requires additional infrastructure •Firewall rules can be complex Network Access Control •Prevents access to network without authentication •Policy-based access can limit access anywhere at a site •Cost •Complex support •Blocking valid users Encryption •Prevents reading data even if disclosed •Requires infrastructure •Support issues Summary • How do you prevent disclosure to those with physical access? • How do you grant access to some while limiting access to others? • How can you do it without re-designing your network? • How can you meet the business requirements without giving away the corporate secrets? Solution: Week 10 Questions?