In recent years, enterprises have utilized virtual private networks (VPNs) on top of public networks such as the Internet, to securely exchange information. A VPN is a private network that takes advantage of the public telecommunications infrastructure, while maintaining security and privacy through the use of a tunneling protocol and security procedures. The VPN may be contrasted with a system of owned or leased lines that can only be used by one enterprise, as its main purpose is to offer the enterprise the same capabilities as that of privately leased lines, but at much lower cost by using the shared public infrastructure.
Current front-end tools for managing access to virtual private network (VPN) focus on users and/or a group of users, and require a dedicated individual (or group of individuals) to manage and administrate. Additionally, the administrator requires some knowledge of the underlying network topology in order to update the users and/or groups whenever the topology changes. The penalty for failing to understand and keep abreast with topology changes on the network infrastructure is manifested as a series of security issues. For example, each time the VPN is modified, such as adding hardware to the network, the administrator takes on the time-consuming and error prone task of keeping a centralized VPN authentication database updated. As such, the administrator typically performs audits to clean up the database.
Although current approaches for managing VPN access has been satisfactory for their intended purpose, they have not been satisfactory in all respects. Therefore, what is needed is a method and apparatus for real-time automated VPN access management.