Transcript Document

SSL VPN - FirePass
Rainer Singer
Field Systems Engineer
F5 Networks Central Europe
Market Opportunity
• High-growth market
– “Spending
on SSL VPN’s will grow at a 53% compound
annual growth rate, and SSL VPNs will surpass
traditional IPsec VPNs as the de-facto remote access
security standard by 2008.”
(Forrester Research)
6
Recognised as Best-of-Breed
TOP RATED
GOLD AWARD
“Sets a new standard for ease of
use in setup and configuration,
and for the wide array of client
OS’s and browsers supported.”
ENTERPRISE VPN SOLUTION
FirePass 1000
F5 Networks,
F5networks.com
Excellent 9
criteria
score
weight
Security
9
30%
Interoperability
9
25%
Setup
9
20%
Ease-of-use
9
15%
Value
9
10%
October 2004
“Taking the primo prize is
our Gold Award winner, the
FirePass Controller v5.2
from F5 Networks Inc. Most
important to our judges was
the ease of integration that
FirePass exhibits…
FirePass also stands out
because it offers full network
access support to any IP
application across multiple
platforms.”
January 2005
HOT PICK
“The best remote access
solution we've seen to date.”
“It trumps other SSL VPN
offerings with its ease of use,
industrial strength hardware
platform and advanced security
features for unmanaged
endpoint devices, one of the
biggest risks emerging in this
space."
January 2005
9
FirePass Overview
®
Any User
Any Device
Dynamic Policies
Authorized
Applications
Portal
Access
Secured by
SSL
Laptop
FirePass®
Specific
Application
Access
Internet
Kiosk
Intranet
Mobile Device
Network
Access
Partner
11
Adaptive Client Security
Kiosk/Untrusted PC
PDA
Kiosk
Policy
Laptop
Mini Browser
Policy
Cache/Temp File
Cleaner
Corporate
Policy
Firewall/Virus
Check
Client/Server
Application
Terminal
Servers
Files
Intranet
Email
Full Network
13
Dynamic Policy Engine
• User / Device Security
– Dynamically adapt user
policy based on device used
Mobile Device Policy
Kiosk Policy
Default Policy
Application
Access
Laptop Policy
Dynamic Policy
Engine
• Seamless Integration
– Utilize existing AAA servers
– Automatic user group
mapping
• Detailed audit trail
– Application level visibility
FirePass
Authentication
LDAP
RADIUS
WIN NT/2K
Web-Based
Group
Sales
Financial
Auditors
etc….
Access Rights
Intranet
SAP
Siebel
File Shares
Audit
Usage Reporting
Who accessed
What was accessed
From Where
14
Unmatched End-Point Security
Anti-Virus Integration
Firewall Integration
OS Integration
•
Symantec (Norton)
•
Zone Labs
•
•
McAfee
•
Sygate
•
Trend Micro
•
Microsoft
•
Computer Associates (eTrust)
•
McAfee
•
F-Secure
•
Symantec
•
Sophos
•
Tiny Software
•
Kaspersky Lab
•
Panda Software
•
FRISK Software (F-Prot)
•
Zone Labs
•
Authentium
•
SOFTWIN (BitDefender)
•
Grisoft (AVG)
•
Doctor Web
•
Eset (NOD32)
•
•
•
•
•
•
•
Presence and absence of
any specific process
OS service packs
IE service packs
System registry settings
Routing table entry
change detection
Digital certificates
Trusted IP or MAC
etc.
Checks for presence and prevents any
information from being cached or indexed.
15
Visual Policy Editor
Graphically associates a policy relationship between end-points, users and resources
16
FirePass – Positioning
• Network Access
VPN Connector
• Portal Access
My Intranet
Windows & Unix
File Adapter
Mobile Email
Adapter
• Application Access
App Tunnels
Terminal Server Host
Access
Adapter
X-Windows
Access
17
Network Access
VPN Connector
18
Comprehensive Application Access
Extend Network Access
Corporate Network
Corporate Laptop
Browser
Microsoft
Outlook
Microsoft
Exchange Server
Network Access
SSL VPN Tunnel
FirePass®
Secure access to all IP applications
Client support
Enterprise integration
Application access
– Windows, Linux, MacOS
– Java/ActiveX download
– Windows client
– Automated deployment
– Centralized policies
– Client quarantine
– Any IP-based application
UDP, TCP, ICMP
19
Extending Secure Access to All Desktops
• Mac Users Execs • Marketing • Graphic Designer • Non-technical users
• Linux Users System Administrators ● Developers ● Technicians
Windows (~ 85%)
Mac (~10%)
Linux (~ 5%)
Extending secure access to all the users in an organization
“Our most strategic users needing secure remote access are developers and they
use Linux.”
- Oracle Technology Business Unit
20
Policy Checking with Network
Quarantine
• Deep Integrity
Checking
• Quarantine Policy Support
– Ensure Policy Compliance
– Direct to quarantine network
– Specific antivirus checks
– Windows OS patch levels
– Registry settings
FirePass®
Full
Network
Quarantine
Network
Please update
your machine!
21
Portal Access
My Intranet
Windows & Unix
File Adapter
Mobile Email
Adapter
23
Portal Access
Policy-based security controls
Corporate Network
Kiosk/Home PC
• Web
• Email
• File Servers
Protected Workspace
(WIN2K/XP)
Content Inspection
Engine
Portal Access
FirePass®
SSL
Secure access to corporate portals
Client protection
SSO Integration
Content Inspection
–Protected workspace
–Secure virtual keyboard
– SSO interoperability
– FirePass autologin
– Application security
– Virus scanner
– Block access
24
Secure Portal Access from Un-Trusted Clients
• Protected Workspace
– Private workspace for all downloaded files
– Removes any trace of downloaded files
after session
– Separate I/O (protected boundary)
• Secure Virtual Keyboard
– Keyless password entry protects
from key-stroke loggers
– Patent pending
25
Enterprise SSO Integration
Dynamic Policies
Netegrity
SiteMinder
FirePass®
Internet
Web
Servers
•
HTTP forms-based authentication
•
Single sign-on to all web applications
•
Major SSO & Identify Mgmt Vendor Support
– Netegrity, Oblix and others
26
Application Security
Web
Servers
ICAP
AntiVirus
FirePass®
Internet
• Policy-based virus
scanning
– File uploads
– Webmail attachments
• Integrated scanner
• Open ICAP interface
•
Web application
security
–
–
–
–
Cross-site scripting
Buffer overflow
SQL injection
Cookie management
27
Application Access
App Tunnels
Terminal Server Host
Access
Adapter
X-Windows
Access
28
Specific Application Access
Secure Extranet or Employee Access
Corporate Network
Partner PC
• Terminal Servers
• Legacy Hosts
• Desktops
Browser
Microsoft
Outlook
Application Access
FirePass®
SSL VPN Tunnel
Benefits: • Strong Security
• Client/Server
Applications
• Application-level auditing
Client support
Restricted access
Detailed logging
– Standard web browsers
– Java/ActiveX capable
– Defined applications
– No network connection
– Session details
– Specific applications
29
FirePass Product Line
A product sized and priced appropriately for every customer
FirePass 600
FirePass 1000
FirePass 4100
Small Business VPN
Medium Enterprise
Large Enterprise
10-25 Concurrent Users
25-100 Concurrent Users
• 10 to 100 employees
• Easy to install and use
• Cost-effective
• 100% Channel Product
• Standard support
• Limited Featureset
• 25 to 500 employees
• Comprehensive access
• End-to-End security
• Flexible support
• Failover
100-2000 Concurrent Users
• 500+ employees
• High performance platform
• Comprehensive access
• End-to-End security
• Flexible support
• Failover
• Cluster up to 10
30
Summary: FirePass Delivers
• Key Features
–
–
–
–
–
–
–
Enterprise-class, High Availability platform
Built-in, load balanced clustering
SSL acceleration and server side caching
Visual Policy Editor and 30 Minute install
Supports Windows, Mac, Linux, Solaris and other clients
Built-in Protected Workspace and end-point security
Integrates with existing enterprise infrastructure and applications
• Key differentiators
–
–
–
–
Out-of-box Scalability, Performance and Reliability
Powerful, easy to use management interface
Breadth of clients, applications and infrastructure
Comprehensive Risk Management including end-point security
• Competitive Advantage
– Best combination of capabilities, usability and security
– Lowest Total Cost of Ownership and Highest ROI
31
Questions ?
32