Case #2: Dealing with road warrior VPN networks

Problem: How to provide access to internal information resources to road warrior users, according to the organisation’s access rights ?

Solution: EdenWall deals centrally with access rights, based on the organisation’s user directory. If a co-worker leaves your organisation, there is no need for the administrator to revoke the user’s certificate: access rights are denied by EdenWall as soon as the user’s entry is removed from the directory, with no action needed from the network administrator.

Most VPN solutions offer a very high level of cryptography to guarantee network flows integrity and confidentiality, but do not interact with the user directory. This means that directory changes (arrival or departure of collegues, relocations) are not applied on the access rights of the firewall. The result of this is delay in firewall rules, which induces:

With EdenWall, users who no longer are members of the organisation are directly blocked by the firewall, as soon as the Human Resources service modifies their account in the user directory. No special synchronisation task is needed.

When a user is assigned new responsibilities, they instantly gain access rights corresponding to their new status; users leaving the organisation get their connection attempts instantly rejected. No action is needed from the network administrator for this: EdenWall filtering rules are expressed directly according to user identity and group membership.

Conclusion: access permissions are expressed and applied dynamically with regard to the organisation’s user directory. Any change in the directory by Human Resources is instantly applied on the firewall, without any action from the network administrator. Next case: Edenwall WIFI protection - Typical Use