Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)

Content n Control of SSL Connections n Document Security Management n Mail Encryption without PKI

Control of SSL Connections Valid Certificate? Who decides?

Content Scanner Anti-Virus, Malicous Code, URL Filter, Attachment Restrictions IDS Sensor Certificate Handling Trusted or not trusted? Valid Certificate or not? Control of SSL Connections

Content Scanner Anti-Virus, Malicious Code, URL Filter, Attachment Restrictions IDS Sensor Content Security Policy Enforcement Control of SSL Connections

n Certificate Management –Relying on CA List of Browser –No CRL checking possible –User decision to accept or not a certificate n Policy Enforcement –Services used can not be controlled –Content Scanning/Inspection is not possible –Policy for up- and download of data and attachments can not be enforced n Other Problems –Web-Server can enforce encrypted connection n Solution –Central Certificate Management –Content Inspection of SSL Traffic n Plattform Support Windows, Solaris, Linux n Proxy Mode and ICAP Support

Content Scanner Anti-Virus, Malicious Code, URL Filter, Attachment Restrictions IDS Sensor Microdasys SCIP Decryption SSL to HTTPCertificate CheckEncryption HTTP to SSLContent ScanningSSL Tunneling Microdasys SCIP - Solution

Microdasys SCIP - Summary n Functionality –Central Certificate Management –Decryption of SSL Connections –Control of SSL Connections n Features –Support for Windows, Solaris, Linux –High Availablity / Clustering –Proxy Mode and ICAP Support

Document Security Management n Control sensitive documents while they are in use n Enforce proper handling when in use Printing Copying Pasting Screen Capturing Saving Forwarding n Audit user activity

Document Security Management Secure Display Technology

Step 2 Server determines that requested document is protected Step 3 Document is converted to HTML and encrypted (AES 128bit) Finjan Mirage - Solution Mirage ServerKey Server Mirage Client Step 1 Users requests secure document from web server (HTTP Request) Step 4 Encrypted document is sent back to user (HTML) Step 5 Client requests key from Key Server (PKCS#7 + HTTP) Step 6 User is authenticated and document key is returned

Finjan Mirage Enterprise - Summary n Functionality –Protection of sensitive documents –Control + audit document handling –Enforce information security policy n Features –Unique „Secure Display“ Technology –Supported formats; MS Word, Excel, HTML Pages, Plain Text, PDF Files –Integration with Document Management Systems such as LiveLink

Mail Encryption without PKI n Requirements for mail encryption –Ease of use –Policy enforcement –Open standards –Quick and easy deployement n Problems PKI –Roll-out of certificates –Management of keys (recovery, revocation) –Exchange keys with third parties –Validate external keys

Mail Encryption without PKI Encryption Gateway Automatic Key Generation for Mail User, Encryption/De- cryption, Management of Private Keys Internal Key Server Customers + Partners Public Keys Public Key Server Employees Public Key Key Administrator Validates Public Keys from Customer/Partners

Automatic Key Generation

Key Exchange + Validation

Mail Encryption + Signing Mail Policy

CryptoEx Summary n Functionality –Gateway based encryption and signing of s with individual user keys –Fully automated key generation and management of users private keys –Decentralized key validation n Features –No PKI needed –Support for OpenPGP + S/Mime (Q4/03) –Support for multiple HTTP + LDAP key store –Policy enforcement at the gateway –Fully transparent to the user

Thank you ! Georg Bommer Inter-Networking AG (Switzerland)