Netlet
Chapter 2
Portal Server Secure Remote Access Architecture
43
Netlet and Application Integration
Netlet works with many third parties such as Graphon, Citrix, and pcAnywhere.
Each of these products provides secure access to the user’s Portal Desktop from a
remote machine using Netlet.
Split Tunneling
Split tunneling allows a VPN client to connect to both secure sites and non-secure
sites, without having to connect or disconnect the VPN—in this case, the
Netlet—connection. The client determines whether to send the information over
the encrypted path, or to send it by using the non-encrypted path. The concern
over split tunneling is that you could have a direct connection from the non-secure
Internet to your VPN-secured network, via the client. Turning off split tunneling
(not allowing both connections simultaneously) reduces the vulnerability of the
VPN (or in the case of Netlet) connection to Internet intrusion.
Though Portal Server does not prohibit nor shut down multiple network
connections while attached to the portal site, it does prevent unauthorized users
from “piggybacking” on other users’s sessions in the following ways:
•
Netlet is an application specific VPN and not a general purpose IP router.
Netlet only forwards packets that have been defined by a Netlet rule. This
differs from the standard VPN approach that gives you complete LAN access
once you’ve connected to the network.
•
Only an authenticated portal user can run the Netlet. No portal application can
be run until the user has been successfully authenticated, and no new
connections can be made if an authenticated session does not exist.
•
All access controls in place on the application side are still in effect so that an
attacker would also have to break in to the back-end application.
•
Every Netlet connection results in a dialog box posted by the Netlet (running
in the authenticated user’s JVM™) to the authenticated user’s display. The
dialog box asks for verification and acknowledgement to permit the new
connection. For attackers to be able to utilize a Netlet connection, attackers
would need to know that the Netlet was running, the port number it was
listening on, how to break the back-end application, and convince the user to
approve the connection.
Содержание Portal Server 6 2005Q1
Страница 8: ...8 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 10: ...10 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 12: ...12 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 20: ...Sun Welcomes Your Comments 20 Portal Server Secure Remote Access 6 2005Q1 Administration Guide...
Страница 36: ...A Typical Portal Server Installation 36 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 50: ...Proxylet 50 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 78: ...SRA Sizing 78 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 132: ...Identity and Directory Structure Design 132 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 142: ...Configuration Files 142 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 152: ...Tuning Parameters for etc system 152 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 158: ...Portal Server on an Application Server Cluster 158 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 178: ...Portal Design Task List 178 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 180: ...Comparison of Solaris and Linux Path Names 180 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 182: ...182 Portal Server 6 2005Q1 Deployment Planning Guide...
Страница 192: ...Section X 192 Portal Server 6 2005Q1 Deployment Planning Guide...