Embed Size (px)
DESCRIPTION
Small and medium businesses don't have a lot of extra hands, time or money to manage their network security. They need solutions to deal with a variety of threats in order to deliver a stable, secure working environment while increasing productivity for an increasing mobile and distributed work force. Learn how small and medium businesses are answering the call for productivity, mobility, and peace of mind.
Citation preview
SMB Remote Access For Any Scenario – SSL VPNs
Jason LeungProduct Line Manager - Security
NETGEAR
Agenda
– Needs of Small and Mid-Sized Businesses
– VPN Deployment Scenarios
– The Problem with IPsec VPN Technologies
– The Solution – SSL VPN� Why SSL
� Why SSL VPN
– Two SSL VPN Connection Techniques� SSL VPN Tunnel Protocol Redirection
� SSL Application Proxy
What’s On The SMB IT Manager’s Mind?
ApplicationsServers
Growth
Network Operations
Security
Need for Remote Access in SMB
– Four main advantages of using remote connectivity� Saves Cost and Office Space
� Remote Connectivity enables more flexible use of the work force
� Help Serve Customers better
� Improve Productivity with flexible work hours
– Mobility - Save $ while improving productivity
Needs of the SMB Mobile Workforce
– Corporate Email� Allows mobile user to be in touch
– Access to Corporate Resources� Marketing/Sales Collateral, generate POs, sales quotations etc.
– Partners� Allow Access to Extranet
– Access to Applications� Inventory Management, Order Processing, Sales data
– Video and Tele Conferencing
– Cost Effective and Secure
Internet
SMB - VPN for Any Deployment Scenario
Provides secure, customizable, affordable VPN access for any user from any location anytime
Employee with Corporate LaptopRequires consistent
Corporate Access
Supply PartnerRequires access
to manufacturing database
Kiosk AccessRequires quick email access
Employee on Home PCRequires access to specific apps
The Problem with IPsec VPNs
– Welcome to 1996
– Software to Load
– Clients to Purchase ($)
– Configuration Intensive� Install on every laptop
– Topology Restrictions� NAT Traversal, etc.
The Solution – use SSL
– Secure Sockets Layer
– HTTPS
– Provides protection of data
– Data sent over the wire is encrypted using SSL thus providing data confidentiality
– Built into nearly every desktop in the world!
Why SSL?
– Confidentiality (Data is encrypted)
– Data Integrity (Tamper Proof)� No Man in the middle attacks
– Server Authentication (Prove who you are)
– Dominant Security Technology on the web
– Worldwide e-commerce transactions occur over SSL
– Well Tested (Several years of public scrutiny)
– Supported in commercially available browsers today� Lock at the bottom right
Why SSL? (SSL in Action)
SSL VPN
– SSL VPNs?
– Use Secure Sockets Layer – a protocol that has been widely deployed for secure web application. HTTPS
– Clientless – Saves $$$ � Typical cost client support per user: $100-$300 a year
– Platform Independent – Access can be granted from any type of machine from any location
– Uses Browsers to provide you access (IE, Safari, Firefox …)
– No NAT issues: Traditionally NAT has caused issues in IPSEC deployments, NOT a problem with SSL VPNs
– Granular Access Controls: Who has access to what (per user or per group)
Two Connection Techniques
SSL Application Proxy
– Internet Kiosks, Partners, & Home PCs
– Applications not loaded
– Limited Access
– Cannot install Java / Active X agent
– Best Practice to tighten VPN access
SSL VPN Tunnel Protocol Redirection
– Access from Corporate Laptop
– Applications loaded on PC
– Can run Java / Active X agent
– VPN access as if working from the office
Corporate Laptop
VPN Tunnel Protocol Redirection
– Applications loaded on PC
– Dissolvable ActiveX / Java agent
– VPN access as if working from the office
Internet Kiosk, Home PC, Partner Access
SSL Application Proxy
– No Administrative access needed
– No Java / Active X script installation
– Browser based portal
Running Office applications…
Internet Kiosk, Home PC, Partner Access
SSL Application Proxy
File browsing… Remote Desktop Access…
Internet Kiosk, Home PC, Partner Access
SSL Application Proxy
Utilities…
SSL VPN Benefits
Clientless Remote Access
– Provides IPSEC Like Connectivity
– Granular Access to Applications (Port Forwarding)
– Remote Access (VNC, Remote Desktop)
– Access to File Shares
Access Through any browser
– Browsers on almost every desktop in world
– IE, Firefox, Safari, etc.
No Software Required to be installed (on a client)
– Corporate PC not required for Remote Access
– Work from Anywhere and Anytime
