This website uses cookies

We use cookies to personalize content and analyze access to our website. You can find further information in our data protection policy.

OK

by VPNHaus | 10/30/2012 | Mobile, Rethink Remote Access, SSL

 

Now, to gain access to the internal network, the device has to establish a VPN connection. The VPN Server will publish information about the username used for the VPN connection, the device that has authenticated the request and what internal IP address the connection received, and will then link that information to the already-available information published by the DHCP server.

The IF-MAP app on the android phone is then able to publish information about the device, for example, the IMEI or if bluetooth is enabled. Additionally, if a GPS signal is available, the client can publish information about its current location. Besides storing information, the VPN Server is able to react on events published into the IF-MAP server by an intrusion detection system like snort.

The VPN Server offers two possible reactions to an event published: Quarantine or Disconnect a device. The VPN Server can react to a specific kind of event or it can react on a magnitude value to each event it is assigned. The magnitude has a potential spectrum of 0 to 100, where 100 is the most severe event. A less severe event could restrict the access to an important file server for example, while a critical event could disconnect the client and maybe even lock the account for further investigation by an administrator.

For additional information about real time enforcement using IF-MAP, including additional graphics, see the whitepaper.


The network is separated into an unsecure network that can be accessed via WiFi and an internal network, which requires a VPN connection to gain access. There is no direct access from the unsecure network to the internal network even though two components reside in both networks.

An Android device connects to the WiFi access point and receives a lease from an IF-MAP capable ISC DHCP Server. The IF-MAP Client will publish the lease information into the MAP database. The DHCP server has the information about which MAC address is connected to which IP address.

The IF-MAP graph will look like this after the information has been published:

 

Now, to gain access to the internal network, the device has to establish a VPN connection. The VPN Server will publish information about the username used for the VPN connection, the device that has authenticated the request and what internal IP address the connection received, and will then link that information to the already-available information published by the DHCP server.

The IF-MAP app on the android phone is then able to publish information about the device, for example, the IMEI or if bluetooth is enabled. Additionally, if a GPS signal is available, the client can publish information about its current location. Besides storing information, the VPN Server is able to react on events published into the IF-MAP server by an intrusion detection system like snort.

The VPN Server offers two possible reactions to an event published: Quarantine or Disconnect a device. The VPN Server can react to a specific kind of event or it can react on a magnitude value to each event it is assigned. The magnitude has a potential spectrum of 0 to 100, where 100 is the most severe event. A less severe event could restrict the access to an important file server for example, while a critical event could disconnect the client and maybe even lock the account for further investigation by an administrator.

For additional information about real time enforcement using IF-MAP, including additional graphics, see the whitepaper.