1 jack-pc security rev a - 0206 important!! under nda - chip pc proprietary and confidential...
TRANSCRIPT
![Page 1: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/1.jpg)
1
Jack-PC SecurityRev A - 0206
Important!! Under NDA - Chip PC Proprietary and Confidential Information
*CDC02264*
![Page 2: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/2.jpg)
2
Claim:
“Jack PC is the most secured desktop available today.”
This presentation is all about proving this strong claim…
![Page 3: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/3.jpg)
3
What makes for the most secure desktop?
1) Strong Physical security
2) Strong User Authentication
3) Strong Device Authentication
4) Strong Peripherals Authentication, tracking and logging
5) Strong Management security
6) Strong Image security
7) Chip PC high security environment, technologies and capabilities
![Page 4: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/4.jpg)
4
Strongest Physical Device Security
Concept: Physically securing the device and its cables.
How?
• No exposed components (wall mounting)
• Special built-in mechanical lock
• No exposed LAN jack / wiring
• Strong metal anti-tampering structure
• POE – No exposed power source
• No removable mass-storage (soldered DOC)
![Page 5: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/5.jpg)
5
Jack PC Removed from Locking in Housing with Extraction Tool
![Page 6: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/6.jpg)
6
Housing Contacts
Housing Block Connector
![Page 7: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/7.jpg)
7
Strongest User Authentication
Concept: Identify device physical location.
How?
• Patented local log-in authenticated against AD (similar to PC domain log-in)
• Support for most PC/SC PKI Smart-cards using external USB reader
• Support for Biometrics authentication
• Passed-through user authentication from XG server
• Fully configurable Kerberos, NTLM and other authentications.
![Page 8: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/8.jpg)
8
Local User Logon Screen
![Page 9: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/9.jpg)
9
Strongest Device Authentication
Concept: Reliably identify the device.
How?
• Patented technology to enable strong matching of device unique properties with device identity
• Soldered components with OTP (One Time Programming) chips
• Reliance on properties that cannot be cloned / modified.
• Two side authentication device Management system
![Page 10: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/10.jpg)
10
Strongest Peripherals Authentication
Concept: Reliably control the connected peripherals
How?
• Strongest USB usage control using patented detection and power signatures
• Full peripherals control through XG policies based on device or user profile
• Detection / logging of all peripherals connection / disconnection events
• Option to implement keyboard authentication scheme
![Page 11: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/11.jpg)
11
Local Image USB Settings
![Page 12: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/12.jpg)
12
Strongest Management Security
Concept: Securing device management functions
How?
• Managed by XG – AD policies, leveraging Windows Security Scheme
• Full Multi-level administrative rights, delegation
• Management protocols uses selectable high-encryption, compression and port settings (non-SNMP)
• Single Sign On using XG secured infrastructure
• Security desk, logging and events
![Page 13: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/13.jpg)
13
Xcalibur Global Permissions – Delegation of Control
![Page 14: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/14.jpg)
14
Xcalibur Global Protocol & Ports Settings
![Page 15: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/15.jpg)
15
Xcalibur Global Authentication Provider
![Page 16: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/16.jpg)
16
Strongest Image SecurityConcept: Securing device management
functions
How?
• Highly secured patented software deployment mechanisms using signed XPIs
• Immunity to viruses, worms and other malicious code
• No security patches, vulnerabilities and anti-virus needed - EVER
• Modular image does not require often re-imaging
• No BIOS, no BIOS vulnerabilities
• Truly stateless client design – no user information remains
• Wide set of local VPNs
![Page 17: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/17.jpg)
17
Strongest Image Security
• Encrypted image for each unique device
• User can never access system files or settings
• XP desktop without desktop vulnerabilities
• Relies on Windows CE Kernel enhance and secured by Chip PC. Full access to source-code
• Local user settings can be defined on per-function level. Only required settings are open
• Enhanced and secured local IE browser with manageable kiosk mode, downloads and cookies
• Secured VNC remote shadowing
• Dynamic (per-user) software deployment enables on-the-fly role based device loading upon user log-in
![Page 18: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/18.jpg)
18
Secure VNC Shadowing Activated by Xcalibur Global on Local Image
![Page 19: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/19.jpg)
19
Local Image Authentication Settings
![Page 20: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/20.jpg)
20
Strongest Image Security
On-chip support for:
• DES/3-DES (128 and 192 bit keys)
• AES (128, 192, and 256 bit keys)
• ARC4 (RC4) (40 to 128 bit keys)
• Automatic Padding
• Supported modes (ECB, CBC)
• AES Counter Mode
• FIPS 140-2 random
The Jack-PC is the only thin-client in the market that features a secondary Crypto/IPSec processor from as standard.
![Page 21: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/21.jpg)
21
![Page 22: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/22.jpg)
22
![Page 23: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/23.jpg)
23
Additional Security Products
• Special TEMPEST / MIL-STD thin-client products
• Fiber-optic based thin-clients
• Custom images and plug-ins
• Second signature by customer
• Security audits preparations, analysis, testing, consultancy
• Hybrid simulation lab for testing and simulations
• Security experts on staff
• Custom smart-cards and applications
• Optically isolated KVMs, Twin-clients
![Page 24: 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*](https://reader035.vdocument.in/reader035/viewer/2022070306/5518be0e550346881f8b5493/html5/thumbnails/24.jpg)
24
Chip PC Security Environment• Operate as a subsidiary of Israel’s largest
defense conglomerate
• All manufacturing is done in high-security MIL-STD facilities
• Common-Criteria to level 6 with similar products
• Access to MS and Citrix source-code
• Secured to top-secret development and production environments
• Contingency and disaster recovery facilities (3 sites)
• World’s highest security organizations are relying on Chip PC products
• Internal security and procedures can be audited by customers