Premium Essay

Network Access Control: User and Device Authentication

In:

Submitted By waleedansari
Words 1319
Pages 6
IT@Intel Brief Intel Information Technology Computer Manufacturing Enterprise Security

Network Access Control: User and Device Authentication
August 2005 Intel IT is piloting new security methods to provide network access control by authenticating devices as well as users. Since networking has evolved to support both wired and wireless access, securing corporate networks from attack has become ever more essential. Therefore, to effectively enforce network access control policies in a proactive manner, we are developing a method to authenticate users and devices before they connect to the network.

Network Access Control at Intel
• Over 90,000 employees worldwide • 80 percent of knowledge workers are mobile and unwired • Over 50,000 remote access users

Background
As a global corporation, Intel IT supports more than 90,000 employees and contractors all over the world, and 80 percent of our knowledge workers are mobile and unwired. Network access depends more and more upon wireless LANs and WANs, as well as virtual private network (VPN) remote access. All of these technologies have the potential to open our network perimeter to threats. When we considered the threat of viruses and worms, it was evident that we needed additional controls to secure the enterprise network and its information assets from unauthorized devices and unauthorized people. Figure 1 shows how we could authenticate devices and users as part of the authentication pyramid.

Figure 1. Authentication pyramid

Info Use Auditing

Access Control

User Device Authentification Authentification

User Identity

Device Identity

What is Device Authentication?
When a device is attached to a network, it can report its identity in secure ways that affirmatively identify when a particular notebook computer or handheld device is accessing the network. We can accomplish this with

Similar Documents

Premium Essay

It/244 Final

...resources for XYZ Energy. This policy will set forth requirements for securing the network’s confidential information and data communications infrastructure, in addition to defining detailed policies in the areas of physical security, access control, and network security. Assumptions of the security plan defines physical security at each site for the environment around the network including entry control at each facility, the need and responsibilities of security staff, and issues around security in common areas. Information system security defines workplace protection and guidelines for storage, protection, and maintenance of hardware and network equipment. Access control policies address user enrollment and all network access privileges, along with identification and authentication process policies. Finally, network policies are defined for granting and managing network access while still protecting sensitive company data. Project constraints can include, but are not limited to, availability of resources needed to provide appropriate security for each defined security goal; time restraints for meeting these goals; issues relative to having multi-site facilities; and employee accountability for protecting the company assets and network operations. Introduction XYZ Energy, a nuclear-powered generating company, has various locations throughout the United States. With 50 fully operational plants, only two locations serve as backup cold facility sites. The...

Words: 1790 - Pages: 8

Free Essay

Technology Project

...TO SECURE REMOTE ACCESS FOR ENTERPRISE NETWORK SYSTEM Submitted to: Jacky Chao Min By: MARTHE M. NSABA 300682552 TABLE OF CONTENTS INTRODUCTION | 3 - 6 | PROTECTION OF CPE DEVICES | 7 - 9 | SECURE REMOTE ACCESS THROUGH DIFFERENT AUTHENTICATION | 10 - 15 | SECURE REMOTE ACCESS FOR MOBILE UTILIZATION | 16 - 17 | BIBIOGRAPHY | 18 | INTRODUCTION In this developing environment, we note that varying business utilise different kinds of networks according to the business structures and policies, so managing access to all those networks can be complicated and security threatening. It is a key objective that for an enterprise to operate efficiently, its accessibility should be unlimited and this is when remote access is introduced. As the volume of enterprise information and data is increasing exponentially, it is an expectation that this data is easily accessed and shared among each other. To enable this, smarter network access called Remote access was introduced to deliver various degrees of data efficiently through mobile devices, applications and machines in order to stimulate productivity. There are three main types of remote access, namely Basic, Advances and Enterprise. In this paper, we will focus on Enterprise Remote access. Some of the advantages of Enterprise Remote access are; Increased high availability required for different and high volume application Remote access maintains and controls the high usage of the network. It also consistently...

Words: 3060 - Pages: 13

Premium Essay

Nt1310 Unit 1 Case Study

...calculations) that leaves room for growth is easy to administer and has the minimum wastage of available IP address space. Answer:- NAT (Network address translation) is a process by which a router can provide IP address to the computers. NAT is a process by which it allocates the IP address to a system, after remapping it with the network in a private area, so that one IP address could be allocated to one system, and the same IP address range will be used to connect all the computer system in one location. In this case study one building will have one router; the router is a networking device which provides IP address to its connected device in order to connect the...

Words: 1489 - Pages: 6

Premium Essay

Securing and Protecting Information

...involves authenticating users with a high level of protocol and promoting accountability within the information infrastructure. This approach may involve use of the organization assets, identification, authentication, authorization and the use of third party security systems or devices to protect data from unauthorized access. Security Authentication Process The security authentication process is the first step in information security and assurance. This process involves “binding a specific ID to a specific computer connection” (University of Phoenix, 2011) in order to authenticate access to the information system. During this process the user provides a user ID and password to the computer system or remote server to verify his or her identity. Authentication is accomplished when the system or server matches the user ID to a specific password and grants the user remote access to system resources. Identification The identification process is an access control element designed to match a user to a specific process. The identification process is performed the first time a user ID is issued to a specific user. User IDs have unique values and can only be mapped to one and only one particular individual. User identification works together with authentication and authorization to form a foundation for accountability. This process allows you to trace the activities of individual users or processes in the event of unauthorized access. Authentication The process...

Words: 1903 - Pages: 8

Free Essay

Cmgt/400 Securing and Protecting Information

...Computers, networks, and software are the heart and soul of the IT world today. Because of the availability of those systems, they are very vulnerable to malicious attacks and activity. It is of upmost importance that an organization takes security seriously and takes the proper measures to protect their systems. They can do this through a number of different ways, but one area of focus is through the authentication process and the related hardware and software to go along with it. Identification and Authentication Authentication is the process of the system or program recognizing the user and granting them access, which has been predetermined by access controls. It begins with two major parts; Identification and Authentication. Identification is the process in which the system recognizes the user and gives them access according to Abstract object that are controlled by the administrators of the files and systems. Privileges will be granted based on their user account having been verified. This process is usually a user ID. The system recognized the ID and knows the access right and privileges of that individual that have been verified. The Authentication begins once the user account ID has been identified. This is the process in which the user credentials are actually verified, meaning the specific attributes of their specific user account and authenticated and verified to make sure the access rights are correct. This process uses a password or some sort of credential such...

Words: 2199 - Pages: 9

Premium Essay

Security Authentication

...Information Authentication is a very common aspect of today's technology world. Anyone that uses a computer or mobile device has most likely used some form of it when logging into school accounts, shopping online, using social media, or accessing systems at work. What most individuals do not realize is that there are differing forms of authentication and ways it is used. Additionally, most people will not have any idea what is going on behind the scenes during authentication. He or she only knows that a login ID and password are required to gain access to the system. What is Authentication? The authentication process and other considerations affect the entire design and development for information systems. This and other preventative measures are used for securing data over a variety of systems. In order to learn about the authentication process, first it must be understood what security authentication is. The commonly accepted definition of security authentication is, according to “The business Of Authentication” (n.d.) “…the process of determining if a user or identity is who they claim to be. Authentication is accomplished using something the user knows (e.g. password), something the user has (e.g. security token) or something of the user (e.g. biometric) (para. 1). The important terms here are something the user has and something the user knows. In early authentication processes like automated teller machines (ATM), this idea was used by giving the user a card with...

Words: 1455 - Pages: 6

Premium Essay

Cool

...ACCESS CONTROL IN SUPPORT OF INFORMATION SYSTEMS SECURITY TECHNICAL IMPLEMENTATION GUIDE Version 2, Release 2 26 DECEMBER 2008 Developed by DISA for the DoD UNCLASSIFIED Access Control in Support of Information Systems STIG, V2R2 26 December 2008 DISA Field Security Operations Developed by DISA for the DoD This page is intentionally blank. ii UNCLASSIFIED Access Control in Support of Information Systems STIG, V2R2 26 December 2008 DISA Field Security Operations Developed by DISA for the DoD TABLE OF CONTENTS Page SUMMARY OF CHANGES...................................................................................................... IX 1. INTRODUCTION................................................................................................................. 1 1.1 1.2 1.3 1.4 1.5 1.6 1.7 2. Background ..................................................................................................................... 1 Authority ......................................................................................................................... 2 Scope............................................................................................................................... 3 Writing Conventions....................................................................................................... 3 Vulnerability Severity Code Definitions ........................................................................ 4 STIG Distribution .......

Words: 38488 - Pages: 154

Premium Essay

Information Systems & Security

...Metcalf November 20, 2011 Information Systems and Security Table of Contents Statement of Purpose 3 Access Control Modules 3 Authentication 4 Education & Management Support 5 User Accounts & Passwords 6 Remote Access 6 Network Devices & Attack Mitigation 9 Strategy 9 Physical Security 10 Intrusion Protection 10 Data Loss Prevention 11 Malware and Device Vulnerabilities 11 Definitions 11 Dangers 12 Actions 13 Web and Email Attack Mitigation 13 References 15 Statement of Purpose The managing partners of Metcalf Law Group, LLP (MLG, LLP), a small but growing Law Firm, have hired an IT Director to address the numerous short and long-term objectives. This document outlines those objectives, risks associated with the network and solutions to mitigate those risks, and policies and procedures to create and maintain a safe and secure system environment for MLG, LLP. Firm management has requested formal policies be put in place for Remote Access. MLG’s clients, including MP3, the Firm’s largest and most important client, want to ensure that all communication that occurs from remote locations is secure. Firm management has also requested a formal policy that outlines the Firm’s network security structure. The proposal will address security zones, firewalls, intrusion detection, and any other items that will help secure the network. Firm management also wants to address the issue of spyware and virus attacks. Proactive initiatives...

Words: 3222 - Pages: 13

Premium Essay

Network Security

...Fundamental Principles of Network Security By Christopher Leidigh White Paper #101 Executive Summary Security incidents are rising at an alarming rate every year. As the complexity of the threats increases, so do the security measures required to protect networks. Data center operators, network administrators, and other data center professionals need to comprehend the basics of security in order to safely deploy and manage networks today. This paper covers the fundamentals of secure networking systems, including firewalls, network topology and secure protocols. Best practices are also given that introduce the reader to some of the more critical aspects of securing a network. 2005 American Power Conversion. All rights reserved. No part of this publication may be used, reproduced, photocopied, transmitted, or stored in any retrieval system of any nature, without the written permission of the copyright owner. www.apc.com Rev 2005-0 2 Introduction Securing the modern business network and IT infrastructure demands an end-to-end approach and a firm grasp of vulnerabilities and associated protective measures. While such knowledge cannot thwart all attempts at network incursion or system attack, it can empower network engineers to eliminate certain general problems, greatly reduce potential damages, and quickly detect breaches. With the ever-increasing number and complexity of attacks, vigilant approaches to security in both large and small enterprises are a...

Words: 5831 - Pages: 24

Premium Essay

Main Paper

...Special Publication 800-48 Wireless Network Security Tom Karygiannis Les Owens 802.11, Bluetooth and Handheld Devices NIST Special Publication 800-48 Wireless Network Security 802.11, Bluetooth and Handheld Devices Recommendations of the National Institute of Standards and Technology Tom Karygiannis and Les Owens C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 November 2002 U.S. Department of Commerce Donald L. Evans, Secretary Technology Administration Phillip J. Bond, Under Secretary for Technology National Institute of Standards and Technology Arden L. Bement, Jr., Director W IRELESS NETWORK SECURITY Note to Readers This document is a publication of the National Institute of Standards and Technology (NIST) and is not subject to U.S. copyright. Certain commercial products are described in this document as examples only. Inclusion or exclusion of any product does not imply endorsement or non-endorsement by NIST or any agency of the U.S. Government. Inclusion of a product name does not imply that the product is the best or only product suitable for the specified purpose. Acknowledgments The authors wish to express their sincere thanks to numerous members of government, industry, and academia who have commented on this document. First, the authors wish to express their thanks to the staff at Booz Allen Hamilton...

Words: 52755 - Pages: 212

Premium Essay

Professor Mr

...Week 1 Access Control, Authentication, and Auditing 1 • AAA : - Group of Processes - Goal is to Provide CIA • CIA : - Confidentiality - Integrity - Availability 2 Access Control • Defined as - Hardware component E.G. Smart Card, Biometric Device, routers, (RAS,VPNs) - Software component E.G. RAS, VPNs, Shared resource permissions assigned by NOS - policy E.G. rules defining operation of S/W to limit access to resources 3 • Access Control sets the conditions of access. • Access Control Policy consists of a precise set of rules for determining authorization as a basis for making access control decisions. • Access Mechanism implements access control policy. 4 Sub-components of Access controls (Access control policies) • MAC – MANDATORY ACCESS CONTROL • DAC – DISCRETIONARY ACCESS CONTROL • RBAC – ROLE-BASE ACCESS CONTROL 5 MAC • protection decisions not to be decided by owner of objects. • Level of access is defined and hard-coded in the Operation system or application and it is not easily changed. E.G. denial of access or deletion of certain root/system files in Windows XP. 6 DAC • Defined by the owner of an object. • It is discretionary because the protection on this data object is set at the discretion of the owner of the object. • A DAC mechanism allows users to grant or revoke access to any of the objects under their control without the interaction of a system administrator 7 • Requires less coding and Administration...

Words: 1963 - Pages: 8

Premium Essay

Security Authentication

...Security Authentication Process CMGT/400 February 9, 2013 Anthony Seymour Security Authentication Process Like most people who are computer users, you do not simply turn on your computer and start accessing programs. There are systems put in place by the user, or the administrator of the network to ensure that the properly authorized people gain access to their information. Specific profiles are created to differentiate amongst the users that allow each unique user to create, delete, and print or any other process they have access to. The process needs to be thoroughly planned out, and there also has to be a determination how whether it will be managed locally, or by third party software. This management of access controls actually comes in four different steps. The steps are: Identification, Authentication, Authorization, and finally, Accountability. No administrator worth his salt will incorporate any sort of security authentication process without these four basic steps. A properly configure authentication process will protect your network from such threats as password cracking tools, brute force attacks, the abuse of system rights and outright impersonation of authenticated users. Identification is the first of the four steps of the security process. Anyone that wishes to gain access to a system is referred to as a supplicant, and the tool that they use to gain entry to the system is referred to as an Identifier. This identifier can be a myriad of different references...

Words: 1640 - Pages: 7

Free Essay

Networking

...Healthcare Network Allied Telesis Healthcare Network Construction Guidebook Contents Healthcare Network Solution | Introduction Outline of a Healthcare Network Importance of the network Main requirements in designing a healthcare network Non-stop Network Network bandwidth and QoS (Quality of Service) Data capacity Network bandwidth and cost of LAN devices QoS (Quality of Service) Redundancy and proactive measures to overcome network failures Core switch redundancy Comparison of redundancy of communication Loop protection Secure and Reliable Network Security Importance of security: both physical and human factors Threats to network security Network authentication External network (Internet) connection Inter-regional cooperative healthcare network Effective use of Wireless LAN Security in Wireless LAN Install and operation of Wireless LAN Ease of Operation Critical issues for network operation SNMP (Simple Network Management Protocol) Measures against system failures; device failures, incorrect wiring Use of SNMP IPv6 Network Configuration Example Network configuration for hospitals with fewer than 100 beds Network configuration for hospitals with more than 100 and fewer than 200 beds Network configuration for hospitals with more than 200 beds (i) Network configuration for hospitals with more than 200 beds (ii) 3 4 4 5 7 7 7 8 9 10 10 11 12 13 13 13 14 15 19 20 21 21 22 23 23 24 24 25 26 27 28 30 32 34 2 | Healthcare Network Solution Healthcare Network Solution...

Words: 8999 - Pages: 36

Premium Essay

Nt2580

...each branch office, since each office uses data, audio, video and graphic files that are shared by staff at each location. The SAN may incorporate NAS devices which we have evaluated with different vendors. As we conducted a further research in order to provide you with more detail specifications on SAN and NAS solutions, we were able to come up with the following information design in a form of questions and answers. What is required to implement a SAN and /or NAS?  Storage-area networks (SANs) are composed of computers and remote storage devices. The computers are typically connected to the remote storage devices using SCSI over Fibre Channel (see Figure 1). Other implementations of SAN exist, but this is the most common. In a SAN, all the storage appears local, just as if the remote disk were directly connected to the computer and physically located inside the computer chassis. Network-attached storage (NAS) devices appear to the user as a remote drive letter or are named remote storage device. Typically, the operating system employs a protocol such as Network File System (NFS) or Common Internet File System (CIFS) to discover, log in, and transfer content to and from a storage device. NFS and CIFS both communicate over Ethernet. The user typically enters a username and password, and then is granted access to a particular device. Figure 1. SAN and NAS use different protocols and transports. Click here to see an enlarged diagram. Read more:  http://broadcastengineering....

Words: 7132 - Pages: 29

Premium Essay

Nt1310 Unit 3 Assignment 1

...this paper, I will detail how to secure a simple network with three switches and a router. This includes protection of the computers that are connected to the network and allowing traffic to connect to the other switched computers and the internet. First is the design of the network. The network is simple overall. There are only two layers to the network, a core and an access layer. The Core layer contains the router, which is responsible for routing the traffic between the internet and VLANs on the switches. The Access layer, which switches A, B, and C, connects devices such as computers to the network and internet. What is network architecture? vmware glossary There are several steps that need to be taken to ensure the connection between...

Words: 1034 - Pages: 5