Identity Considerations

Identity considerations for teleworker systems have to do with two primary elements. The first is establishing the identity of the operator of the teleworker system. The second is establishing the identity of the teleworker system to the organization's main network. The former is a user identity function traditionally comprised of username and password on the local PC. The latter is most often also user based, but as you will see in the designs presented, it is sometimes device based. User-based identity for VPN access should almost always be based on a one-time password (OTP) checked before VPN establishment. In both cases (Figure 15-2), the security of the communications is affected by the surrounding network, but this is particularly true for device-based identity when using a dedicated hardware VPN device (much like a small, site-to-site VPN branch).

Figure 15-2. Software Versus Hardware Teleworker VPN Options

As you can see, an attacker who somehow connects to the teleworker network (public Net, insecure WLAN AP, and so on) is able to read traffic to and from the central site originated by teleworker B but not teleworker A. In addition, the attacker might be able to masquerade as teleworker B, depending on the configuration of the hardware VPN device (more on this later in the chapter).

Digital certificates can be used in the hardware VPN environment, particularly if your network has large quantities of hardware teleworker VPN devices. The same key management and scalability concerns apply to teleworker hardware VPN as they do to dedicated, site-to-site VPN networks discussed in Chapter 10, "IPsec VPN Design Considerations."

Part I. Network Security Foundations

Network Security Axioms

Security Policy and Operations Life Cycle

Secure Networking Threats

Network Security Technologies

Part II. Designing Secure Networks

Device Hardening

General Design Considerations

Network Security Platform Options and Best Deployment Practices

Common Application Design Considerations

Identity Design Considerations

IPsec VPN Design Considerations

Supporting-Technology Design Considerations

Designing Your Security System

Part III. Secure Network Designs

Edge Security Design

Campus Security Design

Teleworker Security Design

Part IV. Network Management, Case Studies, and Conclusions

Secure Network Management and Network Security Management

Case Studies

Conclusions

References

Appendix A. Glossary of Terms

Appendix B. Answers to Applied Knowledge Questions

Appendix C. Sample Security Policies

INFOSEC Acceptable Use Policy

Password Policy

Guidelines on Antivirus Process

Index



Network Security Architectures
Network Security Architectures
ISBN: 158705115X
EAN: 2147483647
Year: 2006
Pages: 249
Authors: Sean Convery

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net