Avaya Secure Remote Access Uživatelský manuál stáhnout pdf (Strana 16)

Secure Remote Access Technical Solution Guide v1.0

______________________________________________________________________________________________________

Design recommendation: Map your VPN users into a small set of groups and use those groups

to control network access and portal application links.

4.2.1.2.2 Access control

The Nortel VPN Gateway allows fine-grained control of which intranet resources can be accessed

by users. The following basic objects can be defined:

Access control object Attributes

Network reference A collection of IP subnets and IP host

addresses

Network reference for web portal modes DNS hostname

Service reference TCP/UDP ports

Application reference for web portal modes URL path , FTP directories, SMB

directories

4.2.1.2.3 Extended profiles

Extended profiles allow refinement of access control based on a real-time context associated with

the user. Access can be extended or restricted from the base access control list (ACL) based on:

Authentication strength (client-certificate use, simple password or OTP/two-factor)

Device type (managed or non-managed/shared)

Source IP address (applicable for home-based teleworkers with static IP assignments)

Results of endpoint compliance scanning

Access type (such as web-only access or full IP access through virtual network adaptors)

4.2.1.3 Endpoint compliance

The ongoing threat of worms, Trojan horses, and viruses presents a challenge for secure remote

access. The value of Internet-based Virtual Private Networks is the ubiquity of access. The fact

that clients must use the Internet implies that they are subject to the risk of infection and hacking.

In addition, mobile devices such as laptops can be used for non-corporate Internet browsing prior

to connecting to the VPN, presenting an opportunity for infection and subsequent worm

propagation into the intranet.

Endpoint compliance through TunnelGuard requires the scanning devices, prior to allowing

network admission, to ensure that a minimal set of security standards are met. These security

standards can include:

Antivirus protection and signature updates: By checking that these are up-to-date and

active, you can ensure that a basic layer of protection is in place to prevent viruses from

being propagated from the connecting host. Current antivirus suites also do a good job

of detecting and blocking known worms and Trojan horses, which can spread and infect

PCs without user intervention (such as opening an e-mail attachment).

Personal firewall to protect PCs while connecting through the Internet: Install personal

firewalls, running and configured to block attempts to connect to network services, such

as file-shares or remote control tools, when a client PC is on the Internet.

1 2 ... 11 12 13 14 15 16 17 18 19 20 21 ... 32 33

Žádné komentáře

Avaya Secure Remote Access Uživatelský manuál Strana 16