|
|
|
| |
SSL
VPNs are not only about remote access. Many
organizations are also looking at SSL VPNs as a way
to secure access internally over a wireless network.
In today's world, many threats originate on the
inside. SSL
 VPNs allow IT organizations to
authenticate and authorize users from anywhere,
ensuring secure access to all resources.
In a traditional wireless LAN model, WEP
and other media access controls are useful in
restricting bandwidth access. However, WEP bases
security on authentication keys that are shared by
anyone accessing that wireless hub, requiring
additional support steps to regularly update and
maintain security. A more practical alternative is
the internet café model, where all wireless users in
proximity of a wireless hotspot can view a portal,
but are denied access unless they confirm
authentication.
In an enterprise wireless network scenario,
wireless users can be directed through an Aventail
SSL VPN, and denied access to any resources until
they log in for authentication. Aventail centrally
controls access to resources through a single
gateway, whether users log in from a docked laptop
at their desk, an undocked laptop in a conference
room, or a handheld PDA from elsewhere on the
campus. |
|
| |
|
|
| |
|
|
| |
|
|
| |
 |
|
| |
|
|
| |
|
|
| |
|
|
| |
A secure wireless network scenario
A corporation, university, hospital, or government
enterprise can establish an array of WiFi access
points distributed across a campus, with wireless
hubs located in multiple buildings. To ensure
security, upon entering within range of these
enterprise hotspots, all wireless users initially
connect to a segregated network with no access to
any internal or external (public Internet) resources
when they first connect to the Internet.
When one of these wireless network users launches
a browser, they are immediately redirected to a
login page for authentication.
End Point Control quickly does a background scan
of that user's end point device to detect its
identity and integrity, including such criteria. If
the device meets the scan criteria, the authorized
user is presented with an easy-to-use access to
their network files, applications and directories
based on their role and privileges. If the device
fails to meet the scan criteria, the user can be
automatically redirected to a quarantined site
offering easy self-remediation steps, or even denied
access altogether. |
|
|
|
|
|
| |
|
