Access Control Solutions for Remote Workers PDF
Document Details
Uploaded by UnquestionableSugilite3678
2021
Mike Chapple
Tags
Summary
This document provides an overview of access control solutions for remote workers. It discusses remote access protocols, VPNs, web authentication, and best practices for remote access controls. The content is presented in a series of slide-like presentations.
Full Transcript
CHAPTER 10 Access Control Solutions for Remote Workers Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com. Learning Objective and Key Concepts Learning Objective Key Concepts...
CHAPTER 10 Access Control Solutions for Remote Workers Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com. Learning Objective and Key Concepts Learning Objective Key Concepts Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Implement a secure remote access Remote access solutions solution. Remote access protocols with their respective applications Virtual private networks (VPNs) Secure web authentication examples Best practices for remote access controls Growth in Mobile Work Force (1 of 2) Factors to Do remote workers need access from various locations, such consider Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com as hotels, airports, customer sites, coffee shops, and so on? when planning a remote access environment Will network access be granted only to employer-owned computer resources, or will employees be allowed access when using personal, customer-owned, or publicly available resources as well? Will every employee be allowed to have a laptop for remote access? How will the data on the laptop be protected if it’s lost or stolen? Growth in Mobile Work Force (2 of 2) Factors to Do employees need to use mobile phones, smartphones, and consider Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com tablets? Do they need to access the organization’s network with when these devices? planning a remote access environment How will remote employees access organizational resources? Will virtual private network (VPN) access be required, or will web access to the organization’s resources be sufficient? What level of authentication will be required for remote access? Remote Access Methods and Techniques (1 of 2) Remote access means enabling remote employees to work as if they were in an Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com office Challenges Solution Remote worker data is not shared Implementing identification, authentication, and authorization for The correct person is gaining access remote access The correct access is being provided Remote Access Methods and Techniques (2 of 2) Identification Authentication Authorization Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com The process of uniquely The process of verifying Determines which actions distinguishing an that users are who they are allowed or not allowed individual say they are by a user or system Common forms of identification include All forms of authentication Occurs after names or account are based on something authentication is numbers you have, something you completed are, or something you Identification may refer to know Provides a secondary a person, computer layer to security the system or program Remote access network and network data authentication may In a network environment, a username is your unique include multifactor identification authentication Access Protocols to Minimize Risk Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Authentication, Remote Authentication Dial Authorization, and In User Service (RADIUS) Accounting (AAA) Terminal Access Controller Remote Access Server Access Control System (RAS) (TACAS), XTACACS, and TACACS+ Authentication, Authorization, and Accounting (AAA) Network services that provide security through: Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com A framework of access controls and policies Enforcement of policies Information needed for billing purposes Framework that multiple protocols are based on Example: RADIUS protocol uses the AAA framework to provide the three AAA components but supports authentication and authorization separately from accounting Remote Authentication Dial In User Service (RADIUS) Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com A client/server protocol that provides authentication and authorization for remote users Also provides accounting capabilities A network protocol providing communication between a network access server (NAS) and an authentication server Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com FIGURE 10-1 RADIUS infrastructure. RADIUS Infrastructure Client/Server Model Enables application services to be spread across multiple systems Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Step 1: Client sends a request to the service Step 2: Client includes the user interface and communication mechanisms to request the service Step 3: Server handles the data processing service requested by the client Remote Access Server (RAS) Provides authentication for remote access in an Internet scenario Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Step 1: User connects to the RAS Step 2: Credentials are compared against database Step 3: If credentials match, authentication has occurred, and user is granted access to the network TACACS, XTACACS, and TACACS+ (1 of 2) Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Terminal Access Controller Access Control System (TACACS) A Cisco-proprietary protocol that provides access control for routers, network access servers, and other network devices TACACS combines authentication and authorization over a TCP/IP network Extended TACACS (XTACACS) An extension of TACACS that separates authentication, authorization, and accounting TACACS, XTACACS, and TACACS+ (2 of 2) Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Terminal Access Controller Access Control System Plus (TACACS+) Utilizes TCP, ensuring the delivery of the message Differs from TACACS by separating the authentication, authorization, and accounting architecture and allowing for additional methods of authentication Encrypts communication AAA is achieved with TACACS+ through authentication, authorization, and accounting Remote Authentication Protocols Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Password Authentication A data-link protocol that provides Protocol (PAP) authentication over PPP Point-to-Point Protocol Allows an Internet connection to occur over a (PPP) phone line Challenge Handshake Authentication Protocol Provides authentication over PPP (CHAP) Network Authentication Protocols 802.1x protocol Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Provides a framework for implementing authentication on a network Roles: Supplicant: The software running on the client that wishes to connect to the network Authenticator: The network device that the client wishes to connect to, typically an Ethernet switch or a wireless access point Authentication server: The server that validates requests for network access, using the RADIUS or EAP protocols Extensible Authentication Protocol (EAP) A framework that enables multiple authentication mechanisms over a wireless network or PPP connection Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com FIGURE 10-2 EAP over RADIUS. EAP over RADIUS Process of EAP Message Encapsulation in a Wireless LAN Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com FIGURE 10-3 Process of EAP message encapsulation in a wireless LAN. Courtesy of Ubiquiti Inc. Virtual Private Networks (VPNs) VPNs are a way for remote access Tunneling Protocols Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com employees to gain secure access to corporate networks Transport Layer Security (TLS) – The modern standard for VPNs A VPN establishes a private Point-to-Point Tunneling Protocol network over a public network such (PPTP) – Allows PPP to be as the Internet, using an Internet tunneled over an IP network connection that the system has Layer 2 Tunneling Protocol (L2TP) already established – Provides the same functionality as PPTP but on networks other Security over VPN is provided than IP networks through encryption Internet Protocol Security (IPSec) – Provides the method for establishing a security channel Web Authentication Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Other forms of authentication: One-time password Ensuring users are who User ID and password authentication they say they are is the basic form of Digital certificates through a web authentication application Knowledge-Based Authentication (KBA) KBA is an identification or web authentication mechanism used in real time as a Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com question-and-answer process Questions and answers are obtained from public records or private data warehousing firms Example: What was the model of your first car? Questions are used to: Prove you are who you say you are Authenticate a user before they establish their challenge-response questions Challenge-response questions are set by the user Best Practices for Remote Access Controls to Support Remote Workers Determine the security risk associated with remote access Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Select a remote access option that addresses security needs Determine the appropriate level of authentication based on the security risk Ensure the systems that are accessing the network meet the security policies of the organization Ensure protection of the systems that remote workers access Case Studies and Examples Private Sector Public Sector Critical Infrastructure Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Miller Corporation, a small Major city government Gas distribution company organization with five sales reps Needed to ensure its Needed to implement a departments were secure dial-in infrastructure Remote access for sales complying with appropriate for a group of financial reps was cumbersome remote access security employees policies and regulatory Converted to VPN for requirements Wanted to ensure AAA remote employees Employed security and Implemented TACACS+ auditing through the AAA framework Summary Remote access solutions Copyright © 2021 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Remote access protocols with their respective applications Virtual private networks (VPNs) Secure web authentication examples Best practices for remote access controls
