product and technology news
DESCRIPTION
Product and Technology News. Georg Bommer, Inter-Networking AG (Switzerland). Content. Control of SSL Connections Document Security Management Mail Encryption without PKI. Control of SSL Connections. Valid Certificate? Who decides?. Control of SSL Connections. Content Scanner - PowerPoint PPT PresentationTRANSCRIPT
Product and Technology News
Georg Bommer, Inter-Networking AG (Switzerland)
Content
Control of SSL Connections Document Security Management Mail Encryption without PKI
Control of SSL Connections
Valid Certificate? Who decides?
Public
CA
Public
CA
Content ScannerAnti-Virus, Malicious Code, URL
Filter, Attachment Restrictions
IDS Sensor
Content SecurityPolicy Enforcement
Control of SSL Connections
Control of SSL Connections Certificate Management
– Relying on CA List of Browser– No CRL checking possible– User decision to accept or not a certificate
Policy Enforcement– Services used can not be controlled– Content Scanning/Inspection is not possible– Policy for up- and download of data and attachments can not be enforced
Other Problems– Web-Server can enforce encrypted connection
Solution– Central Certificate Management– Content Inspection of SSL Traffic
Plattform Support Windows, Solaris, Linux Proxy Mode and ICAP Support
Public
CA
Public
CA
Content ScannerAnti-Virus, Malicious Code, URL
Filter, Attachment Restrictions
IDS Sensor
Microdasys SCIP
Decryption SSL to HTTPCertificate CheckEncryption HTTP to SSLContent ScanningSSL Tunneling
Microdasys SCIP - Solution
Microdasys SCIP - Summary
Functionality– Central Certificate Management– Decryption of SSL Connections– Control of SSL Connections
Features– Support for Windows, Solaris, Linux– High Availablity / Clustering– Proxy Mode and ICAP Support
www.microdasys.com
Document Security Management
Control sensitive documents while they are in use
Enforce proper handling when in use• Printing• Copying • Pasting• Screen Capturing• Saving• Forwarding
Audit user activity
Document Security ManagementMirage Server- Management- Interceptor- Document Proc.- Print Server- Key Server- Web Server
Documents - HTML - MS Word - MS Excel - Plaint Text - PDF
File ServerDocument Mgmt System
Mirage Client- Document Decryption- Controls Document Handling
Secure Printer
HTMLSecure Display Technology
Step 2Server determines that requested document is protected
Step 3Document is converted to HTML and encrypted (AES 128bit)
Finjan Mirage - Solution
Mirage Server Key Server
MirageClient
Step 1 Users requests secure document from web server (HTTP Request)
Step 4 Encrypted document is sent back to user (HTML)
Step 5 Client requests key from Key Server (PKCS#7 + HTTP)
Step 6 User is authenticated and document key is returned
Finjan Mirage Enterprise - Summary
Functionality– Protection of sensitive documents– Control + audit document handling – Enforce information security policy
Features– Unique „Secure Display“ Technology– Supported formats; MS Word, Excel, HTML
Pages, Plain Text, PDF Files – Integration with Document Management Systems
such as LiveLink
www.finjan.com
Mail Encryption without PKI
Requirements for mail encryption– Ease of use– Policy enforcement– Open standards– Quick and easy deployement
Problems PKI– Roll-out of certificates – Management of keys (recovery, revocation)– Exchange keys with third parties– Validate external keys
Mail Encryption without PKIEncryption Gateway Automatic Key Generation for Mail User, Encryption/De-cryption, Management of Private Keys
Internal Key Server Customers + Partners Public Keys
Public Key Server Employees Public Key
Key Administrator Validates Public Keys from Customer/Partners
<
Pu
bli
cMail Server
Content Scanner
Private
Mail User
Mail User
Key Administrator
External Key Server
Internal Key Server
Encryption Gateway
Private KeyRepository
Mail Userwith any OpenPGPor S/Mime Client
Mail Userwith any OpenPGPor S/Mime Client
<
Pu
bli
cMail Server
Content Scanner
Private
Mail User
Mail User
Key Administrator
External Key Server
Internal Key Server
Encryption Gateway
Private KeyRepository
Mail Userwith any OpenPGPor S/Mime Client
Mail Userwith any OpenPGPor S/Mime Client
Automatic Key Generation
<
Pu
bli
cMail Server
Content Scanner
Private
Mail User
Mail User
Key Administrator
External Key Server
Internal Key Server
Encryption Gateway
Private KeyRepository
Mail Userwith any OpenPGPor S/Mime Client
Mail Userwith any OpenPGPor S/Mime Client
Key Exchange + Validation
<
Pu
bli
cMail Server
Content Scanner
Private
Mail User
Mail User
Key Administrator
External Key Server
Internal Key Server
Encryption Gateway
Private KeyRepository
Mail Userwith any OpenPGPor S/Mime Client
Mail Userwith any OpenPGPor S/Mime Client
Mail Encryption + SigningMail Policy
CryptoEx Summary Functionality
– Gateway based encryption and signing of e-mails with individual user keys
– Fully automated key generation and management of users private keys
– Decentralized key validation Features
– No PKI needed– Support for OpenPGP + S/Mime (Q4/03)– Support for multiple HTTP + LDAP key store– Policy enforcement at the gateway– Fully transparent to the user
www.cryptoex.com