VPNs are not only about remote access. Many organizations are also
looking at SSL VPNs as a way to secure access internally over a wireless
network. In today's world, many threats originate on the inside. SSL
allow IT organizations to authenticate and authorize users from
anywhere, ensuring secure access to all resources.
In a traditional wireless LAN model, WEP and other media access controls
are useful in restricting bandwidth access. However, WEP bases security
on authentication keys that are shared by anyone accessing that wireless
hub, requiring additional support steps to regularly update and maintain
security. A more practical alternative is the internet café model, where
all wireless users in proximity of a wireless hotspot can view a portal,
but are denied access unless they confirm authentication.
In an enterprise wireless network scenario, wireless users can be
directed through an Aventail SSL VPN, and denied access to any resources
until they log in for authentication. Aventail centrally controls access
to resources through a single gateway, whether users log in from a
docked laptop at their desk, an undocked laptop in a conference room, or
a handheld PDA from elsewhere on the campus.
A secure wireless network scenario
A corporation, university, hospital, or government enterprise can
establish an array of WiFi access points distributed across a campus,
with wireless hubs located in multiple buildings. To ensure security,
upon entering within range of these enterprise hotspots, all wireless
users initially connect to a segregated network with no access to any
internal or external (public Internet) resources when they first connect
to the Internet.
When one of these wireless network users launches a browser, they are
immediately redirected to a login page for authentication.
End Point Control quickly does a background scan of that user's end
point device to detect its identity and integrity, including such
criteria. If the device meets the scan criteria, the authorized user is
presented with an easy-to-use access to their network files,
applications and directories based on their role and privileges. If the
device fails to meet the scan criteria, the user can be automatically
redirected to a quarantined site offering easy self-remediation steps,
or even denied access altogether.