330 likes | 496 Views
GED- i Ltd Storage Security. Securing Data Residing on Storage devices and Data Transferred over IP Networks. www.ged-i.com +972 9 8651054 dsaar@ged-i.com. Why Encryption is needed ?. Cost of Data Theft. Regulations. Security Incidents. Where Encryption is needed ?.
E N D
GED-i LtdStorage Security • Securing Data Residing on Storage devices and Data Transferred over IP Networks www.ged-i.com +972 9 8651054 dsaar@ged-i.com GED-I Proprietary
Why Encryption is needed ? • Cost of Data Theft • Regulations • Security Incidents GED-I Proprietary
Where Encryption is needed ? • ISP Site • Enterprise Data Center • Remote Hosting • DRP Site • Health Institutions • Financial Institutions • Bank • Research Center • University • Government • Defense • Merchants • Payments Processors GED-I Proprietary
GED-i Products offeringData Encryption Superior - HA Best Security Superior - FC Superior - i AIO - HA GDDS AIO - FC AIO - i Entry level Security GPDS Enterprise Enterprise infrastructure Department Personal GED-I Proprietary
GED-i Products offeringNetwork Encryption G4Crypt 1000 Fast G4Crypt 300 G4Crypt 100 Slow Enterprise Enterprise infrastructure Department GED-I Proprietary
Network Security FW, VPN, IDS/IPS Network Device: PC,Laptop,PDA Access control Biometrics, Smart Card.. Application Application Security PIN, DRM Invasion through network Data Encryption Data Security Layers GED-I Proprietary
GED-i LtdStorage Security • Encryption of • STORAGE DEVICES • (SAN) GED-I Proprietary
GED-i High Availability Solution Clients AES 256 FC / iSCSI GSA 2000 EE (Encryption Engine) Server GKS 2000 (Key Server) Ethernet GEM 2000 (Element Manager) ABCD #W~Z GSA 2000 EE (Encryption Engine) Clients Storage GED-I Proprietary
GED-i High Availability Solution Clients + Scrambling + Interference AES 256 Port 1 GSA 2000 EE (Encryption Engine) Port 2 Ethernet Server GKS 2000 (Key Server) GEM 2000 (Element Manager) Ethernet Port 3 Port 4 FC / iSCSI GSA 2000 EE (Encryption Engine) Storage Clients GED-I Proprietary
GED-i High Availability Solution Clients GSA 2000 EE Encryption Engine GKS 2000 Key Server Server GSA 2000 EE Encryption Engine GEM 2000 Element Manager GSA 2000 EE Encryption Engine Storage Clients GED-I Proprietary
Data Protection against…. • Direct Data Copy • Digital Way • Direct Data Copy • Remote Data Copy • Physical way • Take and Go • Take, Copy and Return • Remote Data Copy Service level • Take and Go • Take, Copy and Return Storage GED-I Proprietary
GED-i Data Leak Prevention Use of Personal Encryption Key Clients Hiding Storage Data while using GED-i’s Encryption KEY solution Typical Link of End Users to Storage Device upon Encryption Key insertion Data becomes available to key holders group only upon Encryption Key removal Storage data becomes UNAVAILABLE again TOTAL Storage Data Encryption while using GED-I’s solution SELECTED Storage data is available to key holders only Storage data is Encrypted and NOT available Storage data is Encrypted and Available to End Users Server ABCD ?&#@ GKS 2000 Key Server Storage to continue press Space Bar GED-I Proprietary
GED-i High Availability Solution Clients GSA 2000 EE Encryption Engine DRP GKS 2000 Key Server Server GSA 2000 EE Encryption Engine GEM 2000 Element Manager GSA 2000 EE Encryption Engine Storage Clients GED-I Proprietary
GED-i High Availability Solution Clients DRP Site GSA 2000 EE Encryption Engine GKS 2000 Key Server Server GEM 2000 Element Manager GSA 2000 EE Encryption Engine Storage Clients GED-I Proprietary
GED-i in Cloud Computing User Site Cloud Services at remote site Clients Server GSA 2000 EE Encryption Engine GKS 2000 Key Server GEM 2000 Element Manager Storage GED-I Proprietary
GED-I Product Line • Superior Security • GSA 2000 - EE • GKS 2000 • GEM 2000 • High Security level Solution • External Key Server for multiple GSA 2000 - EE • Automatic High availability • All In One Security • GSA 2000 – AIO • GEM 2000 • Solution in single appliance • Internal Key management GED-I Proprietary
GED-I Product Line • Superior Security • GSA 2000 - EE • GKS 2000 • GEM 2000 • Best Security Solution • Encryption engine • External Key Server • Automatic setup for High Availability • AES 256 • Optional : Segmentation & Scrambling GSA 2000 - EE Server GEM 2000 GKS 2000 Storage GED-I Proprietary
GSA 2000For SAN Configuration • Specification Highlights • Storage Security Appliance • Connection In-line • iSCSI interface • Fiber Channel interface • At least 2 ports of 1Gb • Wire speed • External & Remote Key Server • Invisible to user • Invisible to storage application • Invisible to storage device GED-I Proprietary
GSA 2000For SAN Configuration • Key Technology • Incorporates the algebraic AES, Segmentation and scrambling key • Ensuring an unmatched security level • Key Management • Physical Gap between the security appliance and the encryption engine • Encryption keys are remotely stored on the key Server • Key Server can be local or remotely deployed • Keys are transferred to the security appliance only as needed GED-I Proprietary
GSA 2000For SAN Configuration • Easy Deployment • Plug and Play technology • Appliance with no IP address • No S/W installation onclient, server or storage • Self Learning • Easy and fast disaster recovery GED-I Proprietary
GED-i LtdStorage Security • Network Encryption • Encrypting Data transmitted between IT islands GED-I Proprietary
Network Encryption • Encrypting Data transmitted between IT islands ABCD %&^# Encrypted IP Network IPsec AES 256 ABCD Public Network
The G4Crypt is an encryption appliance available as desktop or 19” rack mountable device, providing encryption at rates of 100Mbs, 300Mbs and near 1Gbs. G4Crypt Models • An encryption appliance • Desktop or 19” Rack mountable device • Encryption at rates of 100Mbs, 300Mbs and near 1Gbs.
G4Crypt Models Technical Specification AES – FIPS 197 (256) CBC X.509 v3 digital certificates Pre-shared secrets HMAC-SHA-1-96 Encapsulating Security Payload (ESP) Tunnel mode Encapsulating Security Payload (ESP) Transport mode Ethernet Encapsulated Security Payload Ethernet link IPv4 Easy Deployment Plug and Play technology No S/W installation Specification Highlights Ethernet Link IPsec - Layer 3 IP packet encryption AES 256 encryption G4Crypt100 for 100Mbs G4Crypt 300 for 300Mbs G4Crypt 1000 for near 1Gbs Point to Point link Multi Point to Point links Transparent bridge Appliance Technology At least 3 Ethernet ports Up to 1Gbs Ethernet port Desktop version 19” rack version Management Simple to use Reports and logging
GED-i LtdStorage Security • Securing Data Residing on Storage devices and Data Transferred over IP Networks www.ged-i.com +972 9 8651054 dsaar@ged-i.com GED-I Proprietary
GED-i LtdStorage Security • Personal/Departmental Data Safe • Encrypting Data Resides on Departmental servers GED-I Proprietary
Single groups Shared 5:1 Configuration Group 1 Existing Computers with non-encrypted data Private Or Joint Encryption key, required to decrypt the encrypted disk. Removed to prevent access to data B C D A E Dedicated for GED-I’s encryption station GDDS 2000 K(A)=K(B)=K(C)=K(D)=K(E) Ethernet-LAN A+B+…+E “Local Disk” withEncrypted data Shared data in shared disk Volume Local Disk Non-Encrypted data
GED-I’s solution for Personal Data Safe – GPDS 2000 1:1 Configuration Read with Keys Read with No Keys Removed to prevent access to data Read with no Key ABCDE &$#{}[ “}#%>?+[\ Ethernet-LAN GPDS 2000 Data Safe Personal Computer
Two Independent Groups Shared 5:1 Configuration Group 1 Existing Computers with non-encrypted data Group 2 Existing Computers with non-encrypted data Disk-on key with thousands of keys required to decrypt the encrypted disk. Removed to prevent access to data USB port K(Z) GPDS 2000 K(A) A V W Z V+W+…+Z K(Z)=K(Y)=K(X)=K(w)=K(V) K(W) K(B) Ethernet-LAN B A+B+…+E K(A)=K(B)=K(C)=K(D)=K(E) K(V) K(E) E “Local Disk” Encrypted data Shared data in shared disk Volume Local Disk Non-Encrypted data