Presentation is loading. Please wait.

Presentation is loading. Please wait.

Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)"— Presentation transcript:

1 Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)

2 Content n Control of SSL Connections n Document Security Management n Mail Encryption without PKI

3 Control of SSL Connections Valid Certificate? Who decides?

4 Content Scanner Anti-Virus, Malicous Code, URL Filter, Attachment Restrictions IDS Sensor Certificate Handling Trusted or not trusted? Valid Certificate or not? Control of SSL Connections

5 Content Scanner Anti-Virus, Malicious Code, URL Filter, Attachment Restrictions IDS Sensor Content Security Policy Enforcement Control of SSL Connections

6 n Certificate Management –Relying on CA List of Browser –No CRL checking possible –User decision to accept or not a certificate n Policy Enforcement –Services used can not be controlled –Content Scanning/Inspection is not possible –Policy for up- and download of data and attachments can not be enforced n Other Problems –Web-Server can enforce encrypted connection n Solution –Central Certificate Management –Content Inspection of SSL Traffic n Plattform Support Windows, Solaris, Linux n Proxy Mode and ICAP Support

7 Content Scanner Anti-Virus, Malicious Code, URL Filter, Attachment Restrictions IDS Sensor Microdasys SCIP Decryption SSL to HTTPCertificate CheckEncryption HTTP to SSLContent ScanningSSL Tunneling Microdasys SCIP - Solution

8 Microdasys SCIP - Summary n Functionality –Central Certificate Management –Decryption of SSL Connections –Control of SSL Connections n Features –Support for Windows, Solaris, Linux –High Availablity / Clustering –Proxy Mode and ICAP Support www.microdasys.com

9 Document Security Management n Control sensitive documents while they are in use n Enforce proper handling when in use Printing Copying Pasting Screen Capturing Saving Forwarding n Audit user activity

10 Document Security Management Secure Display Technology

11 Step 2 Server determines that requested document is protected Step 3 Document is converted to HTML and encrypted (AES 128bit) Finjan Mirage - Solution Mirage ServerKey Server Mirage Client Step 1 Users requests secure document from web server (HTTP Request) Step 4 Encrypted document is sent back to user (HTML) Step 5 Client requests key from Key Server (PKCS#7 + HTTP) Step 6 User is authenticated and document key is returned

12 Finjan Mirage Enterprise - Summary n Functionality –Protection of sensitive documents –Control + audit document handling –Enforce information security policy n Features –Unique „Secure Display“ Technology –Supported formats; MS Word, Excel, HTML Pages, Plain Text, PDF Files –Integration with Document Management Systems such as LiveLink www.finjan.com

13 Mail Encryption without PKI n Requirements for mail encryption –Ease of use –Policy enforcement –Open standards –Quick and easy deployement n Problems PKI –Roll-out of certificates –Management of keys (recovery, revocation) –Exchange keys with third parties –Validate external keys

14 Mail Encryption without PKI Encryption Gateway Automatic Key Generation for Mail User, Encryption/De- cryption, Management of Private Keys Internal Key Server Customers + Partners Public Keys Public Key Server Employees Public Key Key Administrator Validates Public Keys from Customer/Partners

15 Automatic Key Generation

16 Key Exchange + Validation

17 Mail Encryption + Signing Mail Policy

18 CryptoEx Summary n Functionality –Gateway based encryption and signing of e-mails with individual user keys –Fully automated key generation and management of users private keys –Decentralized key validation n Features –No PKI needed –Support for OpenPGP + S/Mime (Q4/03) –Support for multiple HTTP + LDAP key store –Policy enforcement at the gateway –Fully transparent to the user www.cryptoex.com

19 Thank you ! Georg Bommer Inter-Networking AG (Switzerland) gbo@internetworking.ch

Download ppt "Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)"

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.

Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.
Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.

SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Make your messaging reliable use it Messaging. A single and global solution Send, receive and process any type of message through the appropriate channel.

Make your messaging reliable use it Messaging. A single and global solution Send, receive and process any type of message through the appropriate channel.
1 Integrating ISA Server and Exchange Server. 2 How email works.

1 Integrating ISA Server and Exchange Server. 2 How works.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.

Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.

Similar presentations

Ads by Google