Introduction

A virtual private network, or VPN, is an encrypted connection over the Internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely. VPN technology is widely used in corporate environments.

 

What is achieved from the solution

 

One major challenge with VPN is that employees may connect remotely from home or public places like cafes and malls with personal computers. If the device connecting has been compromised, chances of the malware or threat being transmitted to the corporate network are extremely high.

With the use of Onguard for health checks, only a healthy device with up-to-date antivirus, firewall, etc. can be permitted to connect successfully and gain access to the corporate network. Until the PC is healthy, it would be placed in a quarantine VLAN with access to nothing but exchange health check traffic with Clearpass.

Solution Explained

  • The user connects to VPN
  • The user is authenticated against the RADIUS server
  • If authentication is successful and PC health status is unknown or quarantine, the client will obtain an IP from the quarantine VLAN with restricted access
  • PC will perform a health check against the Clearpass server
  • If the PC is found to be healthy and complies with the company security policy, the client will obtain an IP from the production VLAN
  • If the PC is found to be quarantine or does not have the Onguard agent installed, it stays in the quarantine VLAN with restricted access until remediation is performed.

Conclusion:

Amidst the unpredictable COVID-19 times, all companies have been forced to rely on VPN only for the employee to corporate network communication. The truth is that more than half the companies were not prepared for this change and had to act with haste in providing VPN access to employees with only business continuity in mind. However, security factors have gone unnoticed. Hence, it has become increasingly imperative to ensure that the devices being used by the employees are healthy and comply with the company security policy