KudoZ home » English to Polish » IT (Information Technology)

per-app VPN segmentation

Polish translation: segmentacja VPN (Wirtualnej Sieci Prywatnej) dostosowana do indywidualnych aplikacji

Login or register (free and only takes a few minutes) to participate in this question.

You will also have access to many other tools and opportunities designed for those who have language-related jobs
(or are passionate about them). Participation is free and the site has a strict confidentiality policy.
GLOSSARY ENTRY (DERIVED FROM QUESTION BELOW)
English term or phrase:per-app VPN segmentation
Polish translation:segmentacja VPN (Wirtualnej Sieci Prywatnej) dostosowana do indywidualnych aplikacji
Entered by: Frank Szmulowicz, Ph. D.
Options:
- Contribute to this entry
- Include in personal glossary

22:17 Dec 19, 2016
English to Polish translations [PRO]
Tech/Engineering - IT (Information Technology) / from a bulletin
English term or phrase: per-app VPN segmentation
Allow only authorized users, apps and compliant devices to access enterprise resources with conditional access and per-app VPN segmentation
Małgorzata Rymsza
United Kingdom
Local time: 06:17
segmentacja VPN (Wirtualnej Sieci Prywatnej) dostosowana do indywidualnych aplikacji
Explanation:
Per-app appears to mean "individualized for each application."

--------------------------------------------------
Note added at 4 hrs (2016-12-20 03:06:46 GMT)
--------------------------------------------------

This paper describes some of the recent mobile-device VPN
architectures and presents a proposal for future evolution:
the “per-app” VPN with microsegmentation.

These have not been deployed widely and/or end up with
mobile applications having to manage the changing connectivity
within the application itself.

This is forcing applications to adopt an additional cryptographic
protocol for use within TLS to achieve end-to-end confidentiality
and integrity. The use of a VPN that provides an “outer layer” of
security can provide hardening to applications using TLS that
reduces some of the need for a separate inner encryption layer.

This extra encryption layer added by applications is removing the
effectiveness of examining traffic and hence the effectiveness of
traffic monitoring for security purposes. If the content of the traffic
cannot be monitored, then the ability to segregate network traffic
from individual applications to isolated networks is becoming the
only practical solution
(see Section 2.3).

Per-app – The current Android VPN model does not directly
support a true “per-app” model whereby traffic can be identified
and controlled on a per-individual-application basis
, but it does
have enough support to allow this to be reverse-engineered. This
can be done by taking a “user space NAT” implementation used
to provide “share with host” networking for virtual machines on
PCs and adding a filtering layer based on the originating process
and finally a Layer 5 VPN client (see Figure 8).

2.3 Segmented Gateway
In the normal model of a VPN gateway (see Figure 9), all traffic
from the VPN gateway is forwarded to a single “private” network.
In practice, this is not always the case, and it is normally coarsely
segmented into access groups (e.g., different user classes such as
contractor and employee). However, as was discussed in Section 1.3,
there is great value in segregating traffic according to the originating
application.
Because there are many different applications that
perform the same basic task (e.g., iPhone, iPad, Android), grouping
them into “service networks” can help with overall manageability
(see Table 1).

http://download3.vmware.com/software/vmw-tools/papers/VMTJ_i...
Selected response from:

Frank Szmulowicz, Ph. D.
United States
Local time: 01:17
Grading comment
Dziękuję :)
4 KudoZ points were awarded for this answer



Summary of answers provided
2segmentacja VPN (Wirtualnej Sieci Prywatnej) dostosowana do indywidualnych aplikacji
Frank Szmulowicz, Ph. D.


  

Answers


4 hrs   confidence: Answerer confidence 2/5Answerer confidence 2/5
per-app vpn segmentation
segmentacja VPN (Wirtualnej Sieci Prywatnej) dostosowana do indywidualnych aplikacji


Explanation:
Per-app appears to mean "individualized for each application."

--------------------------------------------------
Note added at 4 hrs (2016-12-20 03:06:46 GMT)
--------------------------------------------------

This paper describes some of the recent mobile-device VPN
architectures and presents a proposal for future evolution:
the “per-app” VPN with microsegmentation.

These have not been deployed widely and/or end up with
mobile applications having to manage the changing connectivity
within the application itself.

This is forcing applications to adopt an additional cryptographic
protocol for use within TLS to achieve end-to-end confidentiality
and integrity. The use of a VPN that provides an “outer layer” of
security can provide hardening to applications using TLS that
reduces some of the need for a separate inner encryption layer.

This extra encryption layer added by applications is removing the
effectiveness of examining traffic and hence the effectiveness of
traffic monitoring for security purposes. If the content of the traffic
cannot be monitored, then the ability to segregate network traffic
from individual applications to isolated networks is becoming the
only practical solution
(see Section 2.3).

Per-app – The current Android VPN model does not directly
support a true “per-app” model whereby traffic can be identified
and controlled on a per-individual-application basis
, but it does
have enough support to allow this to be reverse-engineered. This
can be done by taking a “user space NAT” implementation used
to provide “share with host” networking for virtual machines on
PCs and adding a filtering layer based on the originating process
and finally a Layer 5 VPN client (see Figure 8).

2.3 Segmented Gateway
In the normal model of a VPN gateway (see Figure 9), all traffic
from the VPN gateway is forwarded to a single “private” network.
In practice, this is not always the case, and it is normally coarsely
segmented into access groups (e.g., different user classes such as
contractor and employee). However, as was discussed in Section 1.3,
there is great value in segregating traffic according to the originating
application.
Because there are many different applications that
perform the same basic task (e.g., iPhone, iPad, Android), grouping
them into “service networks” can help with overall manageability
(see Table 1).

http://download3.vmware.com/software/vmw-tools/papers/VMTJ_i...

Frank Szmulowicz, Ph. D.
United States
Local time: 01:17
Native speaker of: Native in EnglishEnglish, Native in PolishPolish
PRO pts in category: 389
Grading comment
Dziękuję :)
Login to enter a peer comment (or grade)




Return to KudoZ list


Changes made by editors
Dec 29, 2016 - Changes made by Frank Szmulowicz, Ph. D.:
Created KOG entryKudoZ term » KOG term


KudoZ™ translation help
The KudoZ network provides a framework for translators and others to assist each other with translations or explanations of terms and short phrases.



See also:



Term search
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search