
4d0a956f96f66a472631c95cf554688f.ppt
- Количество слайдов: 23
SSL VPN - Fire. Pass Rainer Singer Field Systems Engineer F 5 Networks Central Europe
Market Opportunity • High-growth market – “Spending on SSL VPN’s will grow at a 53% compound annual growth rate, and SSL VPNs will surpass traditional IPsec VPNs as the de-facto remote access security standard by 2008. ” (Forrester Research) 6
Recognised as Best-of-Breed TOP RATED GOLD AWARD “Sets a new standard for ease of use in setup and configuration, and for the wide array of client OS’s and browsers supported. ” Fire. Pass 1000 F 5 Networks, F 5 networks. com Excellent 9 criteria score weight Security 9 30% Interoperability 9 25% Setup 9 20% Ease-of-use 9 15% Value 9 ENTERPRISE VPN SOLUTION “Taking the primo prize is our Gold Award winner, the Fire. Pass Controller v 5. 2 from F 5 Networks Inc. Most important to our judges was the ease of integration that Fire. Pass exhibits… Fire. Pass also stands out because it offers full network access support to any IP application across multiple platforms. ” HOT PICK “The best remote access solution we've seen to date. ” “It trumps other SSL VPN offerings with its ease of use, industrial strength hardware platform and advanced security features for unmanaged endpoint devices, one of the biggest risks emerging in this space. " 10% October 2004 January 2005 9
Fire. Pass Overview ® Any User Any Device Dynamic Policies Authorized Applications Portal Access Secured by SSL Laptop Fire. Pass® Specific Application Access Internet Kiosk Intranet Mobile Device Network Access Partner 11
Adaptive Client Security Kiosk/Untrusted PC PDA Kiosk Policy Laptop Mini Browser Policy Cache/Temp File Cleaner Corporate Policy Firewall/Virus Check Client/Server Application Terminal Servers Files Intranet Email Full Network 13
Dynamic Policy Engine • User / Device Security – Dynamically adapt user policy based on device used Mobile Device Policy Kiosk Policy Default Policy Application Access Laptop Policy Dynamic Policy Engine • Seamless Integration – Utilize existing AAA servers – Automatic user group mapping • Detailed audit trail – Application level visibility Fire. Pass Authentication LDAP RADIUS WIN NT/2 K Web-Based Group Sales Financial Auditors etc…. Access Rights Intranet SAP Siebel File Shares Audit Usage Reporting Who accessed What was accessed From Where 14
Unmatched End-Point Security Anti-Virus Integration Firewall Integration OS Integration • Symantec (Norton) • Zone Labs • • Mc. Afee • Sygate • Trend Micro • Microsoft • Computer Associates (e. Trust) • Mc. Afee • F-Secure • Symantec • Sophos • Tiny Software • Kaspersky Lab • Panda Software • FRISK Software (F-Prot) • Zone Labs • Authentium • SOFTWIN (Bit. Defender) • Grisoft (AVG) • Doctor Web • Eset (NOD 32) • • Presence and absence of any specific process OS service packs IE service packs System registry settings Routing table entry change detection Digital certificates Trusted IP or MAC etc. Checks for presence and prevents any information from being cached or indexed. 15
Visual Policy Editor Graphically associates a policy relationship between end-points, users and resources 16
Fire. Pass – Positioning • Network Access VPN Connector • Portal Access My Intranet Windows & Unix File Adapter Mobile Email Adapter • Application Access App Tunnels Terminal Server Host Access Adapter X-Windows Access 17
Network Access VPN Connector 18
Comprehensive Application Access Extend Network Access Corporate Network Corporate Laptop Browser Microsoft Exchange Server Network Access SSL VPN Tunnel Fire. Pass® Secure access to all IP applications Client support Enterprise integration Application access – Windows, Linux, Mac. OS – Java/Active. X download – Windows client – Automated deployment – Centralized policies – Client quarantine – Any IP-based application UDP, TCP, ICMP 19
Extending Secure Access to All Desktops • Mac Users Execs • Marketing • Graphic Designer • Non-technical users • Linux Users System Administrators ● Developers ● Technicians Windows (~ 85%) Mac (~10%) Linux (~ 5%) Extending secure access to all the users in an organization “Our most strategic users needing secure remote access are developers and they use Linux. ” - Oracle Technology Business Unit 20
Policy Checking with Network Quarantine • Deep Integrity Checking • Quarantine Policy Support – Ensure Policy Compliance – Direct to quarantine network – Specific antivirus checks – Windows OS patch levels – Registry settings Fire. Pass® Full Network Quarantine Network Please update your machine! 21
Portal Access My Intranet Windows & Unix File Adapter Mobile Email Adapter 23
Portal Access Policy-based security controls Corporate Network Kiosk/Home PC • Web • Email • File Servers Protected Workspace (WIN 2 K/XP) Content Inspection Engine Portal Access Fire. Pass® SSL Secure access to corporate portals Client protection SSO Integration Content Inspection –Protected workspace –Secure virtual keyboard – SSO interoperability – Fire. Pass autologin – Application security – Virus scanner – Block access 24
Secure Portal Access from Un-Trusted Clients • Protected Workspace – Private workspace for all downloaded files – Removes any trace of downloaded files after session – Separate I/O (protected boundary) • Secure Virtual Keyboard – Keyless password entry protects from key-stroke loggers – Patent pending 25
Enterprise SSO Integration Dynamic Policies Fire. Pass® 1. e Us , r ID 2. Internet 3. S ord Netegrity Site. Minder w ss Pa kie s Se ess n sio ion Co o Co Web Servers oki e • HTTP forms-based authentication • Single sign-on to all web applications • Major SSO & Identify Mgmt Vendor Support – Netegrity, Oblix and others 26
Application Security ICAP Anti. Virus n tio 1. Web Servers ec Inj L SQ X Fire. Pass® Internet • Policy-based virus scanning – File uploads – Webmail attachments • Integrated scanner • Open ICAP interface • Web application security – – Cross-site scripting Buffer overflow SQL injection Cookie management 27
Application Access App Tunnels Terminal Server Host Access Adapter X-Windows Access 28
Specific Application Access Secure Extranet or Employee Access Corporate Network Partner PC • Terminal Servers • Legacy Hosts • Desktops Browser Application Access Fire. Pass® SSL VPN Tunnel Benefits: • Strong Security • Client/Server Applications • Application-level auditing Client support Restricted access Detailed logging – Standard web browsers – Java/Active. X capable – Defined applications – Session details – No network connection – Specific applications 29
Fire. Pass Product Line A product sized and priced appropriately for every customer Fire. Pass 600 Fire. Pass 1000 Fire. Pass 4100 Small Business VPN Medium Enterprise Large Enterprise 10 -25 Concurrent Users 25 -100 Concurrent Users • 10 to 100 employees • Easy to install and use • Cost-effective • 100% Channel Product • Standard support • Limited Featureset • 25 to 500 employees • Comprehensive access • End-to-End security • Flexible support • Failover 100 -2000 Concurrent Users • 500+ employees • High performance platform • Comprehensive access • End-to-End security • Flexible support • Failover • Cluster up to 10 30
Summary: Fire. Pass Delivers • Key Features – – – – Enterprise-class, High Availability platform Built-in, load balanced clustering SSL acceleration and server side caching Visual Policy Editor and 30 Minute install Supports Windows, Mac, Linux, Solaris and other clients Built-in Protected Workspace and end-point security Integrates with existing enterprise infrastructure and applications • Key differentiators – – Out-of-box Scalability, Performance and Reliability Powerful, easy to use management interface Breadth of clients, applications and infrastructure Comprehensive Risk Management including end-point security • Competitive Advantage – Best combination of capabilities, usability and security – Lowest Total Cost of Ownership and Highest ROI 31
Questions ? 32