2. Mike Rogers Director of Development, Reflection 2007
Deploying Reflection for IBM 2007 for Maximum Security

3. Agenda Goals of secure deployment Deployment preparation walkthrough
Securing of data stream
Limiting user capabilities
Preventing unauthorized configurations and macros
Protecting sensitive data
Preparing your workstation installation
Strategic future directions
Where to get more information
Q & A

4. Deployment Preparation Walkthrough

5. Security Considerations
Do you want your connectivity to be encrypted?
Do you want to use any specialized authentication mechanism?
Securing of Data Stream
Do you want to control which features are available to users in the product?
Limiting User Capabilities
Do you want to control which macros and session file end users can use?
Preventing Unauthorized Configurations and Macros
Do you want to protect users from printing or exporting sensitive data?
Protecting Sensitive Data
Secure Deployment 5

6. Securing the Data Stream
Goals
Protect sensitive data from being transmitted in “the clear.”
Utilize strong certificate-based authentication methods.
Use ELF for sign on to IBM Mainframes.
Tools
Security Configuration in Reflection for IBM 2007
Reflection Certificate Manager
Results
Configuration files that will be deployed to end-users 6

7. Limiting User Capabilities
Goals
Prevent users from reconfiguring key configuration values.
Hide product functions from users.
Tools
Access Configuration Utility
Ribbon UI Designer
Results
Access Security Configuration Files
UI Configuration Files
Capability of elevating to Administrator on end-user PCs 7

8. Preventing Unauthorized Configurations and Macros
Goals
Prevent users from running “uncontrolled” macros.
Allow users to only connect to hosts you want them to.
Centrally manage macros and configuration files.
Tools
Trusted Locations Configuration User-Interface
Results
Application Configuration File 8

9. Protecting Sensitive Data
Goals
Prevent users from capturing sensitive data on the clipboard, to the printer, and to other applications such as Microsoft Office.
Allow users to capture pertinent non-sensitive data while masking sensitive data.
Define custom data patterns that are deemed sensitive.
Tools
Privacy Filters
Results
Application Configuration File 9

10. Preparing Your Workstation Installation
Goals
Create an pre-configured installation that can be used for a group of users.
Pre-package configuration data, macros and other files with the product installation.
Deliver data into “best practice” locations on the PC.
Tools
Reflection Customization Tool
Results
Microsoft Installer Transform File
Companion Installer(s) for configuration data and user data
1010

11. Future Directions
1111

12. Future Directions Communication Security Information Privacy
Continued Support for Emerging Industry Standards and Certifications.
Information Privacy
Filtering of on-screen data
Masking of user-input
Configuration and Macro Security
Signed macros and session files
Platform Integration
Microsoft Group Policy Support
1212

13. Where to get more information
Reflection for IBM 2007 product page:
Reflection for IBM 2007 evaluation version download page:
Reflection for IBM 2007 technical specification:
1313

14. Where to get more information (continued)
Reflection for IBM 2007 Evaluation Guide:
Bryan Grunow, lead software engineer,
Kris Lall, product manager,
Damon Dreke, product marketing manager,
1414

15. Q & A