Joseph Steinberg, CISSP Director of Technical Services, Whale Communications
-
Upload
hamilton-mack -
Category
Documents
-
view
13 -
download
0
description
Transcript of Joseph Steinberg, CISSP Director of Technical Services, Whale Communications
![Page 1: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/1.jpg)
Joseph Steinberg, CISSP
Director of Technical Services, Whale Communications
e-Financial World, Toronto, Canada
November 19, 2004
Secure Remote Access to Business ApplicationsSSL Technology for Web-Based Access From Any Location
![Page 2: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/2.jpg)
2
What We Will Cover
»Business Goals of Remote Access
»Remote Access Technologies
»SSL Access – What it is
»SSL Access – What benefits it delivers
»SSL Access – Security
![Page 3: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/3.jpg)
Business Overview
![Page 4: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/4.jpg)
4
Remote Access Business Goals
» Improved Productivity of Work Force Employees can perform tasks even when out of the office People can respond faster to emergency conditions
» Creates Greater Top-Line Revenue Increased self-service and improved experience for outside parties Increased automation for other IT systems (via web services, etc.)
» Assurance of Business Continuity Users can work remotely in case of a disaster Fewer seats required at backup facilities Even non-critical employees can be productive
![Page 5: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/5.jpg)
5
Access for Whom
»Employees/Contractors
»Partners
»Prospects/Customers
![Page 6: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/6.jpg)
6
RA: Employees/Contractors
»Keep business running 24x7 Increase employee productivity
Business continuity & disaster recovery
» Increase employee convenience Morale booster
»Maximize ROI from existing tools
» In the past RA was only for this group of users
![Page 7: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/7.jpg)
7
RA: Partners
»Automate transactions and transfer of
information Improve efficiency
Expedite communications
Reduce mistakes
Enable business with parties requiring online interface
![Page 8: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/8.jpg)
8
RA: Prospects/Customers
»Create Greater Top-Line Revenue Increased self-service and improved experience for
outside parties
Increased automation for other IT systems (via web
services, etc.)
Support systems
Improved customer satisfaction
![Page 9: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/9.jpg)
9
Value of Benefits
Cost of providing those benefits
= Return on Investment
Return on Investment
-
![Page 10: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/10.jpg)
10
What Factors Affect ROI of RA?
» Who can access and from where Scalability - Number of users who can gain access Ubiquity - Types of machines from which they can access Simplicity - Ease of use for end users
» What can be accessed Access - Number of systems accessible via the SSL VPN and how fully
they can be used remotely Security - Security policy denies access in many scenarios
» Cost of providing access Initial layout - purchase, installation, and configuration Maintenance - Ease of maintenance and support of remote access users
![Page 11: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/11.jpg)
11
Quick Technology Overview
»Historically Security vs. accessibility
Access from more places, but not from most places
Remote access was complicated technology = high TCO
»Today Access with security
Web browsers = access from anywhere
Solutions optimized for simplicity = yield low TCO
![Page 12: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/12.jpg)
12
SSL Access delivers a greater ROI than other
other remote access technologies because it
performs better in the aforementioned areas
SSL VPN
![Page 13: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/13.jpg)
What is an SSL VPN?
![Page 14: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/14.jpg)
14
SSL VPN technology allows users to remotely
access applications and files from a web
browser. Even non-web applications can be
accessed using SSL VPN.
What is SSL VPN?
![Page 15: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/15.jpg)
15
2. Login
1. Enter URL
3. Portal Page
Typical SSL VPN Session
![Page 16: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/16.jpg)
16
4. Launch Applications
5. Logout
Native Outlook
Citrix Metaframe
iNotes
File Access
Typical SSL VPN Session
![Page 17: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/17.jpg)
17
Benefits
»Productivity Boost Employees access from more locations
»Cost Savings Reduces reliance on costly IPSEC VPNs
»Top Line Revenue SharePoint can be used for more purposes
»Business Continuity Systems are accessible even if facilities are not
![Page 18: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/18.jpg)
18
» Who can access and from where Scalability: Employees, partners, customers, prospects
Ubiquity: Virtually any web connected device
Simplicity: Easy to use
» What can be accessed Access: Most business applications and systems
Security: Flexible platforms maximize secure access
» Cost of providing access Initial layout: Less expensive than alternatives
Maintenance: Easier to administer with less support
Why Is SSL VPN On the Rise?
![Page 19: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/19.jpg)
Compared to Other Technologies
![Page 20: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/20.jpg)
20
Dial Up
![Page 21: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/21.jpg)
21
» Employees dial up to the organization using modem lines
» Older technology – before Internet mass adoption High cost: modem pools, dial-up servers, phone lines, long distance charges
Slow connection speeds
Fiscally inefficient – normally under-utilized, maxed out during peaks
Easy target for low-tech DoS attacks
Does not provide access from anywhere in case of business recovery
A growing number of web-enabled applications are designed to leverage the Internet – why would you want to do otherwise?
» Phasing out in general
Dial Up
![Page 22: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/22.jpg)
22
IPSEC VPN
![Page 23: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/23.jpg)
23
» Virtual Private Network – like a long Ethernet cable Leverages Internet for connectivity
High speed
» Issues Client-side costs: purchase and maintenance
Access available only from specific devices Usually deployed to limited number of users
» Invented before maturation of web and ubiquity of web browsers
» Appropriate usage for existing implementations Limited number of remote employees (and very limited partners)
Always accessing from specific company-owned computers
» Inappropriate for
Large scale deployments
Business continuity purposes
IPSEC VPN
![Page 24: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/24.jpg)
Why Not Simple Web Access?
![Page 25: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/25.jpg)
25
Web Access
![Page 26: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/26.jpg)
26
» Issues Not all applications have web interfaces
Web interfaces typically do not always offer full application functionality
Security Hackers and worms can penetrate
Ports open to internal network
Violates corporate policies
»Not normally implemented
Native Web Access
![Page 27: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/27.jpg)
So what does an SSL VPN actually do?
![Page 28: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/28.jpg)
28
SSL VPN Technology
![Page 29: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/29.jpg)
29
»Enables remote access from web browsers
»Ensures security of systems and data
What Is an SSL VPN Gateway?
![Page 30: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/30.jpg)
30
» Web Applications – Makes systems with internal references work
» Improves upon portals for delivering web apps
» Translation of internal references http://hrserver/
https://ra.whale.com/593a1d8b2b4c20ff1b9c6254fadf/index.html
http://internal.whale.com ttps:::r :w l : om:::h a ha ecf1513043b4619c419ca6254c174/start.asp
Enables Access to Web Apps
![Page 31: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/31.jpg)
31
» Client/Server Apps, Telnet, and Terminal Services Allows them to work over SSL instead of using proprietary
communications ports
Can be triggered from a link within a portal page or from the
SSL VPN
» Tunneling Intercepts requests, transfers to SSL Gateway, and relays to
“real server”
Translates IP numbers and ports when necessary
Enables Access to C/S Apps
![Page 32: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/32.jpg)
32
»File Access – Provides remote access to file repositories and home/project directories Type 1: Explorer-like interface in web browser, all file commands
performed on SSL Gateway
Type 2: Remote drive mounting – transfer file commands over SSL (like a C/S application)
»Provided as separate application or within a portal
Enables Access to Files
![Page 33: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/33.jpg)
33
» Creates simple but powerful user experience (GUI,
automatic server selection, etc.)
» Can leverage existing portal interfaces (e.g.,
SharePoint) Avoids extraneous helpdesk calls
Flexible interface simulates normal work environments
Automatically selects each user’s servers (for email, apps, etc.)
based on UserID
Single Sign On
Toolbars
Provides User Interface
![Page 34: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/34.jpg)
Security Concerns
![Page 35: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/35.jpg)
35
»Organizations often recognize the benefits of
remote access, but not the security issues
»Many of the security issues are new with the
advent of SSL VPN – and corporate security
experts may not be familiar with them…
Security
![Page 36: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/36.jpg)
36
» Network-side Problems created by allowing access into your infrastructure
» Client-side (end point) Problems created by allowing access from unknown devices
NEW ISSUES – Different than classical end-point security
» User Authentication, Authorization
SSL Access Security Issues
![Page 37: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/37.jpg)
37
»SSL VPN relays requests from Internet
»Exposure to hackers, worms, viruses, etc. Buffer overflows - execute arbitrary code
Denial of Service or service degradation of production
servers
Malformed URLs
Inappropriate access to confidential information
Network-Side Security Concerns
![Page 38: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/38.jpg)
38
Network-Side Security Concerns
Ports open/tunneled
IPSEC disguised as SSL
![Page 39: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/39.jpg)
39
»Access from insecure devices
»Access from secure devices
Client-Side Security Concerns
![Page 40: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/40.jpg)
40
» Issue: sensitive data stored on access devices Databases & files
Documents opened as email attachments
History and AutoComplete information
Cached data
Access from Insecure Devices
![Page 41: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/41.jpg)
41
» Issue: Users may not log off Inappropriate parties may be able to continue sessions
Data will remain cached
Auto-refresh of Inbox, etc., may prevent SSL VPN
inactivity timeouts from functioning
Access from Insecure Devices
![Page 42: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/42.jpg)
42
» Access devices may not conform to security
policies Personal firewalls
Anti-virus
No KAZAA, Morpheus, etc.
» Some devices may not run Active/X or Java So any security software SSL VPN sends to client won’t work
Access from Insecure Devices
![Page 43: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/43.jpg)
43
» “Lowest Common Denominator” rules reduce productivity Easy to say “Don’t provide access” if not compliant
But, we want to provide as much access as is safe
If we don’t provide access from insecure devices we cannot use the SSL VPN for customer access, for partner access, or as a business continuity solution.
But, reducing access to a uniform level across all machines unnecessarily curtails access from secure devices!
Access from Secure Devices
![Page 44: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/44.jpg)
Ensuring Security
![Page 45: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/45.jpg)
45
»Relay appropriate level traffic
»Application Firewalling
Network-Side Security Response
![Page 46: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/46.jpg)
46
»From general devices Application level, not network traffic
Intercept requests and forward accordingly
»From corporate laptops, office computers,
and similar devices Full network-type communications (maybe)
Relay Appropriate Level Traffic
![Page 47: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/47.jpg)
47
»Filter requests and allow only valid requests to
pass
»Many Web solutions available; can be optimized
for specific applications
»Filtering for client/server applications is
complicated
Application Firewalling
![Page 48: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/48.jpg)
48
Application Firewalling (OWA 2K)
![Page 49: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/49.jpg)
49
»Erase sensitive data stored on access devices
»Secure Log-Off
»Tier access based on device’s environment
»Security and Compliance Policy
Client-Side Security Response
![Page 50: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/50.jpg)
50
» Issue Sensitive data stored on access devices
» Solution SSL VPN must wipe sensitive data from insecure machines
Session termination: logoff, browser crash, window closed, reboot, etc.
Wipe: temporary files, cookies, History, AutoComplete, standard
system/proprietary caches, etc.
Most SSL VPN vendors provide some wiping capabilities
Third-party add-on products also available
Don’t Leave Data Behind
![Page 51: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/51.jpg)
51
» Issue Users might not log off
» Solution
Triple-tier session termination User logoff
Inactivity timeout
Forced periodic re-authentication
Timeout mechanism must ignore auto-refresh requests
Timeout mechanism should warn users shortly before termination
Log Off & Session Termination
![Page 52: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/52.jpg)
52
» Issue
Insecure access devices vs. lowest common denominator
» Solution
Provide maximum secure access based on machine used
for access Can include many granular rules
Even rules within an application
Especially important in portal environments
Tiered Access
![Page 53: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/53.jpg)
53
Security: Flexibility
Employees – Access to web-based email via SSL VPN
Functions
Where
Allow File/ Attachment Upload
Allow File/ Attachment Download
Allow Printing Require up-to-date Antivirus
Require Personal Firewall
Require Cache Cleaning
Corporate Laptop
Yes Yes Yes Yes Yes No
Home Computer
Only with Antivirus
Only with cache wiper and personal
FW
Yes Yes No Yes
Internet Café Only with Antivirus
Only with cache wiper
No No No No
![Page 54: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/54.jpg)
54
» Issue Some machines may not run Active/X, Java, or other
executables
»Solution This situation will be one level in the policy scheme
Executables
![Page 55: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/55.jpg)
55
» Determining which policies apply Can SSL VPN detect/install end point security software?
Client side environment (anti-virus and signatures, personal
firewall, patches up to date, registry settings, other software
installed, etc.)
Presence of client certificate
Type of authentication used
e.g., more access if SecurID than just username and password
IP address of endpoint (vulnerable to spoofing)
Security Policies & Compliance
![Page 56: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/56.jpg)
56
» Clearly SSL Endpoint security is different than earlier
“endpoint security concerns” such as IPSEC We allow access even when devices are insecure
Need to clear data from device, terminate abandoned sessions
quickly, etc.
» It is essential that the right problems are addressed Cannot use older endpoint security technologies to solve today’s
challenges
Important Note
![Page 57: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/57.jpg)
Application Level Communications
![Page 58: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/58.jpg)
58
» Delivering remote access access by tunneling network
level information is relatively simple, but . . Completely bypasses firewall’s low-level security system
Partners and other outside parties should not be connected to your
networks
Limits number of devices from which access can be achieved – and
reduces value of investing in a web-optimized portal product
Similar limitations to those of IPSEC VPN – not suitable for
Business Continuity or for access by large numbers of users
Why Not Network-Level Access?
![Page 59: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/59.jpg)
59
SSL VPN with Tunneling
![Page 60: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/60.jpg)
60
SSL VPN at Application Level
![Page 61: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/61.jpg)
61
» To maintain security and offer access for everyone
from any device Communications must be application level
» Communications Network – Technical functions upon which business functionality
resides, set standards
Application – Actual business functions, no standards
But Not So Simple . . .
![Page 62: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/62.jpg)
62
» Translate business concepts to application functions
» Address security requirements that vary by business function (within an application)
» Addresses application individualism Lack of conformity to protocols Proprietary caches JavaScript building links Auto-refresh requests Agnostic “application level intelligence” won’t work Must understand how application works
Link Abstract Business Concepts
![Page 63: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/63.jpg)
63
» Internal systems increasingly powerful and complex as
new generations of applications are implemented
» Increasingly difficult for SSL VPNs to offer remote access
at the application level without sophisticated application
awareness technology
Issues: Worsening Over Time
![Page 64: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/64.jpg)
64
»Split within the SSL VPN market Simple SSL VPNs – heavy reliance on tunneling,
employees only
Robust SSL VPN / Access Platforms Able to support access at the application level, access for
employees, customers, partners, etc.
Works best with web-optimized portals
Trends
![Page 65: Joseph Steinberg, CISSP Director of Technical Services, Whale Communications](https://reader036.fdocuments.in/reader036/viewer/2022081603/5681370c550346895d9e9576/html5/thumbnails/65.jpg)
Thank You
Joseph Steinberg, CISSP
Whale Communications
400 Kelby Street, 15th Floor, Fort Lee, NJ 07024
+1-201-947-9177