® Gradient Technologies, Inc. Inter-Cell Interworking Access Control Across the Boundary Open Group Members Meeting Sand Diego, CA USA April 1998 Brian.

Slides:

Advertisements

Similar presentations

Implementing Tableau Server in an Enterprise Environment

Advertisements

Encrypting Wireless Data with VPN Techniques

Internet Protocol Security (IP Sec)

Heroix Longitude - multiplatform, automated application performance monitoring and management software.

Citrix Secure Gateway v1.1 Technical Presentation August 2002 Technical Presentation August 2002.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.

 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.

Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

1 Oracle Financial System Mary Ann Carr September 14, 2000.

Securing the Borderless Network March 21, 2000 Ted Barlow.

Citrix ® Secure Gateway Phil Montgomery Senior Product Manager Citrix Products and Services October 2001.

Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -

Active Directory: Final Solution to Enterprise System Integration

Chapter 7 HARDENING SERVERS.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

02/12/00 E-Business Architecture

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Remote Networking Architectures

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Virtual Private Network

Windows 2000 Security Architecture Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation.

Public Key Infrastructure from the Most Trusted Name in e-Security.

JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Slide Master Layout Useful for revisions and projector test  First-level bullet  Second levels  Third level  Fourth level  Fifth level  Drop body.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

The Internetworked E-Business Enterprise

Barracuda Load Balancer Server Availability and Scalability.

Intranet, Extranet, Firewall. Intranet and Extranet.

Novera Software, Inc The Leader in Java Application Servers.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.

 What is intranet What is intranet  FeaturesFeatures  ArchitectureArchitecture  MeritsMerits  applicationsapplications  What is ExtranetWhat is.

Project Server 2003: DC340: Security (Part 1 of 2): How to securely deploy Project Server in an enterprise environment Pradeep GanapathyRaj (PM), Karthik.

® Brian Breton Gradient Technologies, Inc. NetCrusader P R O D U C T F A M I L Y Extending the Benefits of DCE TOG DCE Program Group

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

® Gradient Technologies, Inc. Extending the Value of DCE Open Group Members Meeting Sand Diego, CA USA April 1998 Brian Breton.

Sudha Iyer Principal Product Manager Oracle Corporation.

Building Security into Your System Bill Major Gregory Ponto.

Requirement for Enterprise Directory Services A Customer Influenced Perspective TOG DCE Program Group ® Brian Breton Gradient Technologies, Inc.

"The majority of users in a typical enterprise simply want frequent, location-independent access to a few key applications, such as , calendar and.

Securing Data in Transit and Storage Sanjay Beri Co-Founder & Senior Director of Product Management Ingrian Networks.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Single Sign-On in the Danish Educational Sector Per Thorboll Deputy director UNI-C.

Citrix Secure Gateway v1.1 Customer Presentation Aug 2002 Customer Presentation Aug 2002.

"The majority of users in a typical enterprise simply want frequent, location-independent access to a few key applications, such as , calendar and.

SharePoint in the Education Space Presented by: Daniel Petersen Director of Business Solutions Applied Tech.

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

Web Services Security Patterns Alex Mackman CM Group Ltd

1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

F5 APM & Security Assertion Markup Language ‘sam-el’

Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.

Secure Connected Infrastructure

Data and Applications Security Developments and Directions

Securing the Network Perimeter with ISA 2004

Jim Fawcett CSE686 – Internet Programming Summer 2005

Public Key Infrastructure from the Most Trusted Name in e-Security

Building Security into Your System

Presentation transcript:

® Gradient Technologies, Inc. Inter-Cell Interworking Access Control Across the Boundary Open Group Members Meeting Sand Diego, CA USA April 1998 Brian Breton

Internet Prospective Customers Rest of the World Extrane t Remote Employees Customers Business Partners Multiple User Populations Employees Intranet

Authentication Data Integrity Authorization Data Privacy Availability Scalability Secure database access Enterprise Security Perspective Leverage existing investments

The New Corporate Network Standard Browser Web and App Servers Internet Business Partners Netscape and Microsoft UNIX and NT Private Network Mainframes UNIX and NT Data Sources Intranet Extranet Remote Employees Database Informix

Ingredients to Trust Pre-existing trust relationships have to be established between enterprises Responsibility for user identification MUST be at local system, not target – –potential for multi-authn mechanisms Target system should control access decisions Credentials serves as the basis for the target institution to make authorization decisions Secure communications channel

Trust via Technology DCE Inter-CellDCE Inter-Cell Public KeyPublic Key –Common public key certificate authority –Between multiple certificate authorities Basic authentication at target siteBasic authentication at target site

DCE Inter-Cell Trust Company A lets Company B in ProsPros –B administers its own users –Transparent to end- users ConsCons –A must trust B to administer its users properly

PrivateNetwork(s) The Role of Firewalls

Problems with Firewalls Most attacks are internal, therefore less susceptible to prevention by firewallsMost attacks are internal, therefore less susceptible to prevention by firewalls FirewallsFirewalls –Cannot provide full protection against external attack –Are not a security infrastructure, but a method of access prevention –Do not inherently provide out-of-the-box form of fine-grained access control to internal resources

Firewalls + Security Infrastructure External Networks

The Role of SSL WebServer Authentication via Public Keys and Basic Auth. Data Privacy

® Gradient Technologies, Inc. NetCrusader P R O D U C T F A M I L Y

Common Authorization Model NetCrusader Security Server MultipleAuthenticationMethods Username/ Password Public-Key Certificate Two-Factor Authentication Customers Partners EmployeesMultipleUserPopulations Interoperating Across Security Domains MultipleEncryptionMethods DES, RC4, RSA, CAST, others Object Client/Server Web-based Multiple Application Types Distributed Security Management NetCrusader Commander Heritage

NetCrusader Security Server Web browser NetCrusader + NetCrusaderClient Web browser only NetCrusader Web-based Architecture Microsoft/Netscape/Oracle Web Server (NT, Solaris, AIX, HP-UX) NetCrusaderCommander ISAPI/NSAPI Applications Protocol Filter Entrust/HTTP; DCE/HTTP SSLNetCrusader Security Adapter Username/Password or Public-Key Certificate NetCrusader Credentials Access Permissions Delegation to backend resources TokenCard / SmartCard (optional) SmartCard (optional)

External Access to Financial System Using Web C/S Architecture Trading PartnersBrowser CustomerDatabase Oracle Database Seamless Desktop-to-database SecurityWebServer/TradingApplication NetCrusader Example Customers SSL NetCrusaderNetCrusader Internet or Private Network NetCrusader

SSL Basic Authentication Pros:Pros: –No additional client software Cons:Cons: –Separate logins to multiple web servers –Encrypted passwords transmitted –Separate UserID/Password management across web servers Good Selection for:Good Selection for: –Thin client requirement scenarios with no ability to install public key certificates

SSL with Public Key Certificates Pros:Pros: –No additional client executables –Strong authentication –Variable strength data privacy: –Enables SSO across multiple web servers Cons:Cons: –Must deploy & manage certificates to client –Public Key Mgt. tools immature Good Selection for:Good Selection for: –Organizations committed to public key technology –Thin client requirement scenarios

Entrust Public Key Infrastructure Pros:Pros: –Strong Public key based Authentication –Variable strength data privacy based upon strength of Entrust CAST software installed CAST much faster than SSLCAST much faster than SSL Enables SSO across multiple web serversEnables SSO across multiple web servers –Strong Public Key Management support Cons:Cons: –Must deploy & manage certificates to client –Must deploy & manage Entrust and NetC Client s/w Good Selection for:Good Selection for: –Large organizations with control over users desktops

DCE/HTTP Pros:Pros: –Single Sign On across multiple web servers and back end applications –No Firewall Disruption: Data tunneled thru HTTP portData tunneled thru HTTP port –56 Bit DES data privacy DES much faster than public keyDES much faster than public key Cons:Cons: –Requires Desktop NetCrusader software Good Selection for:Good Selection for: –Organizations using PC-DCE and/or Kerberos

NetCrusader Summary Delivers a comprehensive Enterprise Security InfrastructureDelivers a comprehensive Enterprise Security Infrastructure –Integrates best of breed security and RAD technologies –Support for multiple authentication mechanisms –Single, centralized authorization model –Fine-grained access control –Ease of security administration –Supports common platforms and applications

® P R O D U C T F A M I L Y NetCrusader Security Solutions for the Enterprise Gradient Technologies, Inc. 2 Mount Royal Avenue Marlborough, MA USA www.gradient.com