VPN Deployment Lessons Learned

1
VPN DeploymentLessons Learned

• Van Short
• V-ONE Corporation

2
Introduction to V-ONE
Company Overview

• Founded in 1993
• Technology Firsts
• Smart card security product (1994)
• Internet VPN product - SmartGate (1995)
• Wireless VPN product - Air SmartGate (1998)
• Four U.S. VPN Patents
• Publicly traded NASDAQ VONE
• Citrix VPN Solution
• Skytel Secure Pager Solution

3
Defining VPNs
4
What is a VPN?
Definition A Virtual Private Network (VPN) uses
the infrastructure of the public Internet to
provide secure access to applications and
corporate network resources for remote employees,
trading partners, suppliers, and customers
5
Why VPNs are Important

• Reduce communications costs by leveraging
  Internet infrastructure, rather than private
  networking
• Enable secure business communications to
  worldwide communities of interest

6
The Goal of Law Enforcement Internet
Communications
Communities of Interest
Applications Web Email Database Mainframe GroupWa
re
Employees
Intranet
Internet
Partners
Extranet
E-Commerce
Citizens
Increase effectiveness by deploying more
cost-effective and direct communications with
critical communities of interest.
7
Intranet

• Remote Access Server (RAS)
• Telecommuter
• Remote Offices
• Trusted User
• User Desktop Controlled by Internal IT Department
• Same as LAN

8
Network Tunneling VPN
Remote Network
Remote User
Internet
Remote workstation -to-Network
Network-to- Network
Firewall Router VPN Router
Domain Log-in File sharing Print service Network
Neighborhood Applications
Network Services
LAN/WAN Backbone
Delivers Same as on LAN services
9
Electronic Commerce

• Business transactions via Internet
• Consumer Oriented
• Amazon.com
• Transaction Based
• Open System
• Needs PKI for authentication

10
Extranet

• Communities of Interest
• Information Sharing
• User Access to Applications
• FTP, Telnet,E-Mail
• Web
• E-Commerce
• Remote Access
• User Desktop Independent of IT Department

11
Internet Application VPN
Remote Partner
Remote Employee
Internet
Delivers application services, not network
services
VPN Server
Mail GroupWare
Database
Intranet Web
Legacy
Citrix
Extranet Web
12
VPN Technologies

• Secure Socket Layer (SSL)
• Browser Based
• E-Commerce
• Network Layer
• IPSec VPN
• Intranet
• Application Layer
• Application Proxy VPN
• Extranet, Intranet, E-Commerce

13
Applying VPN Technology
Network Layer VPN
Application Layer VPN
Access Control Authentication User
Relationship Remote Workstation Installation Enc
ryption Implementation
Third Party Third Party Known/Trusted Client
Networking configuration Device Driver/ Hardware
User Defined at VPN Server Two Factor
Authentication Trusted/Untrusted Non-intrusive
client Client Server/ Software
Extranet Intranet Applications
Intranet Applications
14
Is Encryption Enough?
VPN By Definition Encryption between 2 points
on the Internet
How do you identify authorized employees for
Intranet application access?
How do you restrict partner access to an
Extranet server?
How do you record user activity?
15
Is Security Enough?
Many management issues require attention
How do you deploy software and authentication to
remote users?
How do you manage updates to remote user access
privileges?
How do you cost-effectively support remote users?
How do you leverage existing security
investments?
16
SmartGate VPN
Rapid Deployment
Centralized Client Management
Authentication
SmartGate Server
Encryption
Access Control
Win 95, 98, NT,2000,CE Linux,Solaris,Mac,Pager
NT, BSDI, Solaris, Linux
Audit Logging
Ease-of-use
Scaleability
Flexible Integration
17
Top Ten Lessons Learned
10) Encryption is not security 9) There are
several types of VPN 8) Start with strong user
authentication 7) Dont trust other networks 6)
Focus on requirements and then on standards 5)
IPSec work best when both ends touch the
Internet 4) Firewall and VPN proxies are a good
fit for Law Enforcement 3) Firewalls Rule VPNs
must work through Firewalls 2) The I in PKI is
for infrastructure 1) Deployment is everything