network security - norbert pohlmann · security infrastructure mobile/desktop security network...

21
Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication in Virtual Enterprises with Encryption, Digital Signature and Firewall Dipl.-Ing. Norbert Pohlmann Chief Marketing Director

Upload: others

Post on 07-Aug-2020

15 views

Category:

Documents


2 download

TRANSCRIPT

Page 1: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

SecurityInfrastructure

Mobile/DesktopSecurity

NetworkSecurity

E-CommerceEnabler

Internet

Security

Network SecuritySecure Communication in Virtual Enterprises with Encryption, Digital Signature and Firewall

Dipl.-Ing. Norbert Pohlmann

Chief Marketing Director

Page 2: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Contents

Security needs for Concurrent Multidisciplinary Engineering

Security Concepts

Encryption (Black-Box-Solution)

Digital Signature

Firewall-System

Combined Solutions

Page 3: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Concurrent MultidisciplinaryEngineering

Design Centre

CAD/CAM OfficeTest Facility

Industry

ServerWorkstation

ServerWorkstation

ServerWorkstation

ServerWorkstation

internationalnetwork

Page 4: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Security Needs forConcurrent Multidisciplinary Engineering (1)

confidentiality

know-how protection

competitors try to gain access to the development results

non-repudiation

to secure that the right information are received to be worked with

responsilbility for the result (wrong results may cause tremendous damages)

integrity of data

no manipulation during transmission

no virus - infection

Page 5: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Security Needs forConcurrent Multidisciplinary Engineering (2)

access control

strangers should not have access to the computers or networks to be protected

access-right management

only authorised people should have access to the computer

authentication

only communication protocols and services which are permitted should be used

logging

security relevant events can be logged and analysed

events can be logged and thus be used as evidence

Page 6: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Encryption with the help of a Black-Box Solution(Security System with Packet Filter)

Design Centre

CAD/CAM OfficeTest Facility

Industry

ServerWorkstation

ServerWorkstation

ServerWorkstation

ServerWorkstation

insecurenetwork

KryptoGuard KryptoGuard

KryptoGuard KryptoGuard

- confidentiality (connection oriented)- authentication- access control- logging

SecurityManagement

secured area

SMS

Page 7: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Security Services which are provided with this kind of Black-Box Solution

confidentiality of data (setting up VPNs)

it is impossible to read data in plaintext

authentication

implicit by means of encryption

explicit by means of authentication mechanisms

access control

only logical connections, which are permitted, can be set up

strangers cannot have access to end system

access-right management

only communication protocols and services which are permitted, can be used

logging

security relevant events can be logged and analysed

Page 8: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Security System with Packet Filtering

advantages

black box solution

transparant security

easy to integrate

no change of application necessary

independent of computer system and operating system

supports all kinds of communications:

session oriented (Telnet etc.)

store and forward (e-mail)

combines easy handling with clearly defined responsibilities

disadvantages

key management

either one organisation (normaly the company which pays) has to take over responsibility

or all have to employ the same product (Problem presently: no standard or trustworthy infrastructure is available)

no non-repudiation

has to be realised via other mechanisms

no control on application level

Page 9: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Digital Signature and Object Encryption

Design Centre

CAD/CAM OfficeTest Facility

Industry

Server

Server

Server

Server

internationalnetwork

SG

SG SG

E-MailFTAMEDIFACT

- Digital Signature- confidentiality (object oriented)

Trust Center

SG

Page 10: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Signature Function

confidentialdocument

documentin plaintext

securityinformation

one wayhash function

signature of A

certificat of A

private keyof user A

PIN

smart card

user A

cryptographiccheck-sum

public keyalgorithm

Page 11: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Certification Authorities

...

...

...

Certificates of publickeys for all computer

systems(e.g. directory service)

Certification Authority(Trust Center)

User 1 User 2 User n WS 1

Server

WS 2 WS n

Page 12: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Digital Signature and Object Encryption

advantages

integrated into application

legaly recognised signature (as a signature under a document)

secures only what needs to be secured (selection possible)

requirements:

secure, trustworthy infrastructure

supplied by Signature Law (in Germany)

disadvantages

no access control

no access-right management

not combinable with session-oriented communication

as envelope and manual signature

Page 13: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Firewall System

Design Centre

CAD/CAM OfficeTest Facility

Industry

ServerWorkstation

ServerWorkstation

ServerWorkstation

ServerWorkstation

internationalnetwork

Application

Gateway

KryptoGuard

KryptoGuard

Firewall Firewall

Firewall Firewall

- access control - network level - user level- access right management- control on application level- separation of insecure services- logging and audit- preservation of evidence- concealment of the internal network structure

Application

Gateway

KryptoGuard

KryptoGuard

Application

Gateway

KryptoGuard

KryptoGuard

Application

Gateway

KryptoGuard

KryptoGuard

Page 14: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Risks in public networks:

What are the problems?

High-tech spies steal someone’s know-how and sell it profitably to competitors.

Hackers intrude into the local networks of public authorities and companies and manipulate data or smuggle in wrong information.

Netsurfers paralyze the whole computer system of a company and cause economic damages amounting to millions.

A public network is not a “one-way street”

insecurenetwork

network to beprotected

WS

WSWS

WS WS

WS

Page 15: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Objectives of a Firewall System

access control on network level

access control on user level

access-right management

control on application level

separation of insecure services

logging and audit

preservation of evidence

concealment of the internal network structure

Integration of a Firewall System

insecurenetwork

network to beprotected

WSWS

WS WS

WS

WS

Firewall system

Common Point of Trust

Page 16: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Structure of an active Firewall element

logbook

communication data

authenticationmodule

processing modulefor security relevant

events

result of analysis

set of rules

network to beprotected

insecurenetwork

Integration module

decisionmodule

warn

ing

Firewall security modules

analysis module

security relevantevent

SecurityManagement

Page 17: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Firewall System

advantages

every organisation is responsible for its own security

no unauthorised access to the computer to be protected

access-right management

preservation of evidence

independant of terminals and operating system

disadvantages

integrity of data and confidentiality have to be realised via other means

no non-repudiation

as firewall

and doorman

Page 18: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Combinations

Design Centre

CAD/CAM OfficeTest Facility

Industry

Server

Server

Server

Server

SG SG

SG SG

Trust-Center

Application

Gateway

KryptoGuard

KryptoGuard

Application

Gateway

KryptoGuard

KryptoGuard

Application

Gateway

KryptoGuard

KryptoGuard

Application

Gateway

KryptoGuard

KryptoGuard

internationalnetwork

- Digital Signature - confidentiality (object oriented)

- confidentiality (connection oriented)- authentication- access control- logging

- access control - network level - user level- access right management- control on application level- separation of insecure services- logging and audit- preservation of evidence- concealment of the internal network structure

Page 19: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Summary

Solutions for the realisation of secure Concurrent Multidisciplinary Engineering are available

Combination of different concepts fulfills all security needs

Organisations with its own responsibility are able to act independently

When using SmardCards they can be employed for digitale signature as well as for authentication with the Firewall system

Page 20: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Why Security?

Information society: fundamental changes

Increasing number of work processes are done via IT-systemsnetworks

network a new object for attackers

Increasing value of information stored on IT-systems

The value of complete documentation of R&D units can easily exceed millions $

Secure and reliable paymend and transactions via insecure networks (e.g. Internet)

Lack of appropriate moral

Page 21: Network Security - Norbert Pohlmann · Security Infrastructure Mobile/Desktop Security Network Security E-Commerce Enabler Internet Security Network Security Secure Communication

U

tima

co S

afe

wa

re A

G0

9.0

7.2

016

Why Security?

Requirements for security

selfprotection against espionage necessary

legal regulations have to be fulfilled