Presentation is loading. Please wait.

Presentation is loading. Please wait.

® Gradient Technologies, Inc. Inter-Cell Interworking Access Control Across the Boundary Open Group Members Meeting Sand Diego, CA USA April 1998 Brian.

Published byOswin Jones Modified over 9 years ago

Similar presentations

Presentation on theme: "® Gradient Technologies, Inc. Inter-Cell Interworking Access Control Across the Boundary Open Group Members Meeting Sand Diego, CA USA April 1998 Brian."— Presentation transcript:

1 ® Gradient Technologies, Inc. Inter-Cell Interworking Access Control Across the Boundary Open Group Members Meeting Sand Diego, CA USA April 1998 Brian Breton

2 Internet Prospective Customers Rest of the World Extrane t Remote Employees Customers Business Partners Multiple User Populations Employees Intranet

3 Authentication Data Integrity Authorization Data Privacy Availability Scalability Secure database access Enterprise Security Perspective Leverage existing investments

4 The New Corporate Network Standard Browser Web and App Servers Internet Business Partners Netscape and Microsoft UNIX and NT Private Network Mainframes UNIX and NT Data Sources Intranet Extranet Remote Employees Database Informix

5 Ingredients to Trust Pre-existing trust relationships have to be established between enterprises Responsibility for user identification MUST be at local system, not target – –potential for multi-authn mechanisms Target system should control access decisions Credentials serves as the basis for the target institution to make authorization decisions Secure communications channel

6 Trust via Technology DCE Inter-CellDCE Inter-Cell Public KeyPublic Key –Common public key certificate authority –Between multiple certificate authorities Basic authentication at target siteBasic authentication at target site

7 DCE Inter-Cell Trust Company A lets Company B in ProsPros –B administers its own users –Transparent to end- users ConsCons –A must trust B to administer its users properly

8 PrivateNetwork(s) The Role of Firewalls

9 Problems with Firewalls Most attacks are internal, therefore less susceptible to prevention by firewallsMost attacks are internal, therefore less susceptible to prevention by firewalls FirewallsFirewalls –Cannot provide full protection against external attack –Are not a security infrastructure, but a method of access prevention –Do not inherently provide out-of-the-box form of fine-grained access control to internal resources

10 Firewalls + Security Infrastructure External Networks

11 The Role of SSL WebServer Authentication via Public Keys and Basic Auth. Data Privacy

12 ® Gradient Technologies, Inc. NetCrusader P R O D U C T F A M I L Y

13 Common Authorization Model NetCrusader Security Server MultipleAuthenticationMethods Username/ Password Public-Key Certificate Two-Factor Authentication Customers Partners EmployeesMultipleUserPopulations Interoperating Across Security Domains MultipleEncryptionMethods DES, RC4, RSA, CAST, others Object Client/Server Web-based Multiple Application Types Distributed Security Management NetCrusader Commander Heritage

14 NetCrusader Security Server Web browser NetCrusader + NetCrusaderClient Web browser only NetCrusader Web-based Architecture Microsoft/Netscape/Oracle Web Server (NT, Solaris, AIX, HP-UX) NetCrusaderCommander ISAPI/NSAPI Applications Protocol Filter Entrust/HTTP; DCE/HTTP SSLNetCrusader Security Adapter Username/Password or Public-Key Certificate NetCrusader Credentials Access Permissions Delegation to backend resources TokenCard / SmartCard (optional) SmartCard (optional)

15 External Access to Financial System Using Web C/S Architecture Trading PartnersBrowser CustomerDatabase Oracle Database Seamless Desktop-to-database SecurityWebServer/TradingApplication NetCrusader Example Customers SSL NetCrusaderNetCrusader Internet or Private Network NetCrusader

16 SSL Basic Authentication Pros:Pros: –No additional client software Cons:Cons: –Separate logins to multiple web servers –Encrypted passwords transmitted –Separate UserID/Password management across web servers Good Selection for:Good Selection for: –Thin client requirement scenarios with no ability to install public key certificates

17 SSL with Public Key Certificates Pros:Pros: –No additional client executables –Strong authentication –Variable strength data privacy: –Enables SSO across multiple web servers Cons:Cons: –Must deploy & manage certificates to client –Public Key Mgt. tools immature Good Selection for:Good Selection for: –Organizations committed to public key technology –Thin client requirement scenarios

18 Entrust Public Key Infrastructure Pros:Pros: –Strong Public key based Authentication –Variable strength data privacy based upon strength of Entrust CAST software installed CAST much faster than SSLCAST much faster than SSL Enables SSO across multiple web serversEnables SSO across multiple web servers –Strong Public Key Management support Cons:Cons: –Must deploy & manage certificates to client –Must deploy & manage Entrust and NetC Client s/w Good Selection for:Good Selection for: –Large organizations with control over users desktops

19 DCE/HTTP Pros:Pros: –Single Sign On across multiple web servers and back end applications –No Firewall Disruption: Data tunneled thru HTTP portData tunneled thru HTTP port –56 Bit DES data privacy DES much faster than public keyDES much faster than public key Cons:Cons: –Requires Desktop NetCrusader software Good Selection for:Good Selection for: –Organizations using PC-DCE and/or Kerberos

20 NetCrusader Summary Delivers a comprehensive Enterprise Security InfrastructureDelivers a comprehensive Enterprise Security Infrastructure –Integrates best of breed security and RAD technologies –Support for multiple authentication mechanisms –Single, centralized authorization model –Fine-grained access control –Ease of security administration –Supports common platforms and applications

21 ® P R O D U C T F A M I L Y NetCrusader Security Solutions for the Enterprise Gradient Technologies, Inc. 2 Mount Royal Avenue Marlborough, MA USA 01752 +1.508.624.9600www.gradient.com

Download ppt "® Gradient Technologies, Inc. Inter-Cell Interworking Access Control Across the Boundary Open Group Members Meeting Sand Diego, CA USA April 1998 Brian."

Similar presentations

Implementing Tableau Server in an Enterprise Environment

Implementing Tableau Server in an Enterprise Environment
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Heroix Longitude - multiplatform, automated application performance monitoring and management software.

Heroix Longitude - multiplatform, automated application performance monitoring and management software.
Citrix Secure Gateway v1.1 Technical Presentation August 2002 Technical Presentation August 2002.

Citrix Secure Gateway v1.1 Technical Presentation August 2002 Technical Presentation August 2002.
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.

1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.
 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.

 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.
Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.

Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
1 Oracle Financial System Mary Ann Carr September 14, 2000.

1 Oracle Financial System Mary Ann Carr September 14, 2000.
Securing the Borderless Network March 21, 2000 Ted Barlow.

Securing the Borderless Network March 21, 2000 Ted Barlow.
Citrix ® Secure Gateway Phil Montgomery Senior Product Manager Citrix Products and Services October 2001.

Citrix ® Secure Gateway Phil Montgomery Senior Product Manager Citrix Products and Services October 2001.
Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -

Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
02/12/00 E-Business Architecture

02/12/00 E-Business Architecture
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Similar presentations

Ads by Google