Date post: | 31-Oct-2014 |
Category: |
Technology |
Upload: | ggr-communications |
View: | 127 times |
Download: | 2 times |
Secure Mobility An Introduction to Secure Mobility
By Adrian Clinton-Watkins GGR Communications
Adrian Clinton-Watkins Managing Director CCIE#21806
www.ggr.net
What is Secure Mobility?
Remote working or working outside of the workplace With Any device from Anywhere at Anytime, ensuring High Security
and Credential Assurance by using Active Security Policy Enforcement while Improving ease of use and management
Anywhere
Anyone
Anytime
Anything
Why Secure Mobility?
Employee Productivity
BYOD – Bring Your Own Device
Access to Corporate Systems from Anywhere
Reduce CO2 Footprint/Travel == Reduced Cost
Work / Life Balance
Replace old school user based VPN
Why Secure Mobility?
20% of workers telecommute
1B+ worldwide mobile workers in 2011
One third of workers will be mobile by 2013
Smartphone adoption growing 50%+
annually
IT consumerization: Now a reality
1.3 billion networked mobile devices entering
the workplace
Mobile Individuals
Mobile Technology
800,000 people will be using public transport in London
Deloitte's recent research claims 43% of businesses are concerned with the impact of
the games on their workforce
An estimated 5.3M people are expected to attend the Olympics during the 16 day event
The busiest areas will only be able to cope if 60% of people who normally commute stay
away or change their travel plans (TFL)
London Olympics 2012
Mean temperatures over the UK were 5.0 °C below average during
December and 0.3 °C below average in January
The 2011-12 may be one of worst overall UK winters in last 100 Years
2010 was the second-coldest winter since 1985/86
Bad Weather Disruptions
Secure Access to Voice, Video Conference and Presence via Softphone, Mobile and tablet using NORMAL office communications.
Secure Mobility & Unified Communications
Legacy VPN How it Used to Work
Network based Access (IP to IP) Filter IP access at Firewall (Not Always) Extend Network Reach to Remote Machines Increased Network Breech Risk from Remote Machines
Based on User
SSL VPN - Clientless VPN
Uses SSL Web technology to provide Secure Remote Access Easy of Use - Requries Web Browser access only IP traffic terminates on SSL concentrator (Network access not
required) Cache Cleaning / Keystroke Logging checks / Remote and Virtual
checks Provides a Secure Desktop eg: Mobile devices - no footprint
Advanced End Point Assessment
Real-time verification of Access Device leads to dynamic access policy / access denied e.g.:
Hardware Type and OS Check for Presence of Certain Software Check Anti-Virus Vendor and Latest Updates Check Windows Patch Levels Implement Firewall / Firewall Policy on Connection Check for Disk Encryption
Apply a Dynamic Access Policy (DAP) based on user, what they are accessing from and its security threat. Where necessary updating software dynamically.
Software Levels
Access Device Type
USER Credentials
Advanced End Point Assessment
Real-time verification of Access Device leads to dynamic access policy / access denied e.g.:
Hardware Type and OS Check for Presence of Certain Software Check Anti-Virus Vendor and Latest Updates Check Windows Patch Levels Implement Firewall / Firewall Policy on Connection Check for Disk Encryption
Apply a Dynamic Access Policy (DAP) based on user, what they are accessing from and its security threat. Where necessary updating software dynamically.
Software Levels
Access Device Type
USER Credentials
Authentication
Weak Methods Active Directory only Active Directory with Secret Word Strong but Complex Device and User Certificates with AD credentials Strongest but Simple One time password device (eg: RSA / Quest Defender)
Web Security
Advantages Robust Security – Minimising Direct Network Access. Create AND
Enforce Access policy by user/ device / location. IT Cost reduction for VPN client software and support / deployment Enhance Productivity Any device, any location availability Ease of Use High User Credential Security (Two Factor + One Time Password) Automatic Reconnect for Mobile devices
CASE STUDY Perimeter Security and Mobile Working
The British Horseracing Authority
British Horseracing Authority UK Regulatory Body for Horseracing World Leader in Race Day Regulation Perform Race Day Planning, Scheduling and regulate events 364 Days a year, Over 1,300 Fixtures, 250K Entries
Business Issues Risk of Failure to access systems (Race Day Staff) High Profile Regulatory Body - Media Focus / Daily Media
Mentioning Loss of Data Forced Disruption Loss of Reputation
Conflicting Business Requirements
Provide High Level of Security preventing network break in Provide Remote Access for Raceday Staff and Internal Staff Increasing use from simple remote email through to access of HR, Finance, Case Management and Racing systems. Reduce Productivity Loss and Enforce Internet AUP Allow Company Use Social Networking Complex and Secure Authentication Mixed Ability Users - Simple Authentication
Problems Old 'out of date' security infrastructure Different Vendors / Rulesets Poor Update / Upgrade policy - New Threat Defense Single non-redundant 'raceday staff' access method No Internet usage enforcement - Productivity Loss No Policy based VPN access for Staff
Single Vendor / Full Redundancy / Multiple Providers
Internet Connectivity – Different Provides at two locations
Multiple ASA – Secure Mobility Connection Points High Speed MPLS between Sites – Form Triangle Dynamic Access Policies created Integrated with Web Filtering Software Integrated Threat Management Solution
Internet Policy Monitoring / Enforcement
The BHA Requirements
The ability to monitor, audit and block internet usage Allow specific web content usage for a predefined period per day
(quotas) - Company Social Networking / Balancing Staff Expectations Fully Integrated into Active Directory groups for access levels, usage
and content reporting
The Solution Websense Enterprise Edition
Fully Cisco Integrated with the ASA firewalls and Security Policy All web traffic passing through the ASA at either site is reported and
checked with Websense Software This software also checks all small office/home office sites internet
traffic that is passing the router Integrated into the Cisco product range, providing easy to manage web
filtering functionality Best Categorisation Engine - Important to allow certain racing sites
Project outcome in line with defined business requirements
Provide Secure Remote Access for Raceday Staff as well as Staff remote access of HR, Finance, Case Management and Racing systems
Highly Secure yet simple authentication
Internet Content filtering and monitoring
High Availability to reduce the risk of business impact
No single point of failure
Provide Policy based threat management from Internet as well as remote users via dynamic access policies
Secure Mobility - Conclusion Provide Secure Access from Any Device, Anytime, Any Where.
Define and IMPLEMENT Corporate policies
Robust Security and Threat Management
Provide Business Applications and Systems including UC from
Anywhere.
Increased Productivity Reduced Cost