Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
835
Views
0
Helpful
3
Replies

Please provide a solution for the scenario below.

Go to solution
Md. Shahariar Rahaman
Spotlight
Spotlight

‎01-31-2024 04:28 AM

In this scenario, I have designed a secure network diagram for a Small to Medium-sized Business (SMB). The network includes a server and storage (where all files are stored), a switch, firepower for security, and access points. Employees are allowed to copy files using a pen drive or portable device based on Active Directory policies. Devices that don't comply with the policy are restricted from using such portable storage within the network.

For remote employees connecting through VPN, the same policy applies to ensure secure file copying.

The challenge arises with client access. The company wants to provide real-time updates to employees but is reluctant to grant VPN access to clients for security reasons. The question is how employees can receive real-time updates from the server storage connected to the network without compromising security.

Image in below.

MdShahariarRahaman_0-1706702819510.jpeg

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP

‎01-31-2024 04:44 AM

Hello @Md. Shahariar Rahaman 

What about ZTNA ?

[...]

Zero trust network access (ZTNA) solutions are often seen as an evolution of the traditional VPN. Once connected, they enable remote users to securely access individual resources on the corporate network, rather than the entire network.

ZTNA solutions create identity- and context-based perimeters around network resources or groups of resources. These perimeters hide the IP address of each of those assets, making them undiscoverable for unauthorized third parties. The ZTNA solution then restricts access through those perimeters on a zero trust and least privilege basis. Before granting a user access, the ZTNA provider authenticates their identity, verifies the context of their login in line with admin-configured access policies, and verifies their device’s identity and health posture, i.e., that the device’s endpoint security or antivirus tools are operating properly, and that the operating system is up-to-date and patched. Some ZTNA solutions also offer in-built multi-factor authentication (MFA) or strong integrations with third-party MFA tools for a further layer of user identity verification.

Only once they’ve passed these checks is a user granted access, and then only to that specific resource or resource group, rather than to the entire network; if they want to access another area of the network, the ZTNA solution must re-authenticate them. This segmentation helps prevent the lateral spread of attacks if an attacker does manage to compromise a user’s login. 

Because ZTNA solutions employ the principle of “never trust; always verify”, they can be used to build a zero trust architecture. They ensure that the organization is continuously verifying that all users and devices—whether internal or external—are who they say they are, they segment access to company data, and they help admins monitor the network for anomalous or malicious activity.

[...]

Ressources: 

https://expertinsights.com/insights/vpn-vs-ztna-whats-the-difference

https://www.cdnetworks.com/enterprise-applications-blog/ztna-vs-vpn/

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
M02@rt37
VIP
VIP

‎01-31-2024 04:44 AM

Hello @Md. Shahariar Rahaman 

What about ZTNA ?

[...]

Zero trust network access (ZTNA) solutions are often seen as an evolution of the traditional VPN. Once connected, they enable remote users to securely access individual resources on the corporate network, rather than the entire network.

ZTNA solutions create identity- and context-based perimeters around network resources or groups of resources. These perimeters hide the IP address of each of those assets, making them undiscoverable for unauthorized third parties. The ZTNA solution then restricts access through those perimeters on a zero trust and least privilege basis. Before granting a user access, the ZTNA provider authenticates their identity, verifies the context of their login in line with admin-configured access policies, and verifies their device’s identity and health posture, i.e., that the device’s endpoint security or antivirus tools are operating properly, and that the operating system is up-to-date and patched. Some ZTNA solutions also offer in-built multi-factor authentication (MFA) or strong integrations with third-party MFA tools for a further layer of user identity verification.

Only once they’ve passed these checks is a user granted access, and then only to that specific resource or resource group, rather than to the entire network; if they want to access another area of the network, the ZTNA solution must re-authenticate them. This segmentation helps prevent the lateral spread of attacks if an attacker does manage to compromise a user’s login. 

Because ZTNA solutions employ the principle of “never trust; always verify”, they can be used to build a zero trust architecture. They ensure that the organization is continuously verifying that all users and devices—whether internal or external—are who they say they are, they segment access to company data, and they help admins monitor the network for anomalous or malicious activity.

[...]

Ressources: 

https://expertinsights.com/insights/vpn-vs-ztna-whats-the-difference

https://www.cdnetworks.com/enterprise-applications-blog/ztna-vs-vpn/

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
Md. Shahariar Rahaman
Spotlight
Spotlight

‎01-31-2024 09:44 PM

Which Cisco Firepower model/series includes Zero Trust Network Access (ZTNA)? Can you provide that information?

0 Helpful

Go to solution
M02@rt37
VIP
VIP
In response to Md. Shahariar Rahaman

‎01-31-2024 10:08 PM

@Md. Shahariar Rahaman 

Zero Trust Access feature is based on Zero Trust Network Access (ZTNA) principles. ZTNA is a zero trust security model that eliminates implicit trust. The model grants the least privilege access after verifying the user, the context of the request, and after analyzing the risk if access is granted.


The current requirements and limitations for ZTNA are:

Supported on Secure Firewall version 7.4.0+ managed by FMC version 7.4.0+ (Firepower 4200 Series)

Supported on Secure Firewall version 7.4.1+ managed by FMC version 7.4.1+ (All other platforms)

Sourceshttps://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221242-configure-clientless-ztna-remote-access.html

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful
Customers Also Viewed These Support Documents