โดย นรฤทธิ์ สุนทรศารทูล สถาบันเทคโนโลยีพระจอมเกล้าเจ้าคุณทหารลาดกระบัง การเข้าถึงฐานข้อมูลอิเล็กทรอนิกส์ Online ผ่านเครือข่าย SSL-VPN โดย นรฤทธิ์ สุนทรศารทูล สถาบันเทคโนโลยีพระจอมเกล้าเจ้าคุณทหารลาดกระบัง
ThaiLIS
ThaiLIS
The Secure Access Platform in the Network Corporate LAN Telecommuters Sales & Service Mobile Employees Directory Store Partner A Server Farms Intranet / Web Server E-mail Extranet Partners Unix/NFS Partner B = Encrypted External Session = Standard Internal Session MRP/ERP
IPSec VPN vs SSL VPN Application Type Remote, Branch Office Internet Kiosk Mobile Users Branch Office Business Partners, Customers, Contractors Remote Office HQ Telecommuters Application Type Remote, Branch Office Site to site Application Type Mobile User Partner Extranet Customer Extranet Contractor, offshore employee Telecommuter/day extender Type of Connection Fixed Type of Connection Mobile or Fixed Remote Network Security Managed, Trusted Remote Network Security Managed or Unmanaged, Trusted or Untrusted
SSL VPN Value Proposition The Juniper Networks Secure Access SSL VPN platforms deliver instant, secure access to users while significantly reducing total cost of ownership (TCO) Proof Points: Clientless Deployment: Minimal Cap Ex, Deployment, Configuration or Support Overhead; Requires No Changes to LAN/Server Resource Application-Layer Security: Controls access to only the application resource, not to native network User Flexibility/Enterprise Productivity: Delivers secure access to users from just a Web browser External Users LAN Resources
ระบบเครือข่ายแบบสายและไร้สาย
Network Connect Adaptive, Dual Transport Network Access Solution High Performance Transport Mode High Performance Transport Mode X High Availability Transport Mode DYNAMIC DUAL TRANSPORT NETWORK ACCESS Adaptive, Dual Transport Mode Initially attempts to set up high performance, IPSec-like transport If unsupported by network, seamlessly fails over to SSL Cross Platform Dynamic Download GINA Integration Logging, Auditing and Diagnostics Endpoint Assessment & Containment Integration
Challenges Addressing Threat Control Business Partner Intermediated traffic IPS LAN Tunneled traffic Telecommuter No User Identity Information No way to identify user with intermediated traffic Time-consuming to identify user with tunneled traffic Identifying user is critical to mitigating impact of security threats No Identity-Based Coordinated Threat Response No ability to respond to source of threat because don’t know who user is No ability to automatically coordinate responses in both IPS and SSL VPN
ระบบให้บริการเครือข่ายระยะไกลด้วย SSL VPN
ด้วยความขอบคุณ ฝ่ายระบบเครือข่ายและการสื่อสารข้อมูล สำนักวิจัย ฯ ส.จ.ล. 02-7372594 E-Mail : NetAdmin@kmitl.ac.th