1 / 18

Product and Technology News

Product and Technology News. Georg Bommer, Inter-Networking AG (Switzerland). Content. Control of SSL Connections Document Security Management Mail Encryption without PKI. Control of SSL Connections. Valid Certificate? Who decides?. Control of SSL Connections. Content Scanner

michel
Download Presentation

Product and Technology News

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)

  2. Content • Control of SSL Connections • Document Security Management • Mail Encryption without PKI

  3. Control of SSL Connections Valid Certificate? Who decides?

  4. Control of SSL Connections Content Scanner Anti-Virus, Malicious Code, URL Filter, Attachment Restrictions IDS Sensor Content Security Policy Enforcement

  5. Control of SSL Connections • Certificate Management • Relying on CA List of Browser • No CRL checking possible • User decision to accept or not a certificate • Policy Enforcement • Services used can not be controlled • Content Scanning/Inspection is not possible • Policy for up- and download of data and attachments can not be enforced • Other Problems • Web-Server can enforce encrypted connection • Solution • Central Certificate Management • Content Inspection of SSL Traffic • Plattform Support Windows, Solaris, Linux • Proxy Mode and ICAP Support

  6. Microdasys SCIP - Solution Content Scanner Anti-Virus, Malicious Code, URL Filter, Attachment Restrictions IDS Sensor Microdasys SCIP Decryption SSL to HTTP Certificate Check Encryption HTTP to SSL Content Scanning SSL Tunneling

  7. Microdasys SCIP - Summary • Functionality • Central Certificate Management • Decryption of SSL Connections • Control of SSL Connections • Features • Support for Windows, Solaris, Linux • High Availablity / Clustering • Proxy Mode and ICAP Support www.microdasys.com

  8. Document Security Management • Control sensitive documents while they are in use • Enforce proper handling when in use • Printing • Copying • Pasting • Screen Capturing • Saving • Forwarding • Audit user activity

  9. Document Security Management Secure Display Technology

  10. Step 4Encrypted document is sent back to user (HTML) Step 5Client requests key from Key Server (PKCS#7 + HTTP) Step 3Document is converted to HTML and encrypted (AES 128bit) Step 1Users requests secure document from web server (HTTP Request) Step 2Server determines that requested document is protected Step 6 User is authenticated and document key is returned Finjan Mirage - Solution Mirage Server Key Server MirageClient

  11. Finjan Mirage Enterprise - Summary • Functionality • Protection of sensitive documents • Control + audit document handling • Enforce information security policy • Features • Unique „Secure Display“ Technology • Supported formats; MS Word, Excel, HTML Pages, Plain Text, PDF Files • Integration with Document Management Systems such as LiveLink www.finjan.com

  12. Mail Encryption without PKI • Requirements for mail encryption • Ease of use • Policy enforcement • Open standards • Quick and easy deployement • Problems PKI • Roll-out of certificates • Management of keys (recovery, revocation) • Exchange keys with third parties • Validate external keys

  13. Encryption Gateway Automatic Key Generation for Mail User, Encryption/De-cryption, Management of Private Keys Internal Key Server Customers + Partners Public Keys Public Key Server Employees Public Key Key Administrator Validates Public Keys from Customer/Partners Mail Encryption without PKI

  14. Automatic Key Generation

  15. Key Exchange + Validation

  16. Mail Encryption + Signing Mail Policy

  17. CryptoEx Summary • Functionality • Gateway based encryption and signing of e-mails with individual user keys • Fully automated key generation and management of users private keys • Decentralized key validation • Features • No PKI needed • Support for OpenPGP + S/Mime (Q4/03) • Support for multiple HTTP + LDAP key store • Policy enforcement at the gateway • Fully transparent to the user www.cryptoex.com

  18. Thank you ! Georg Bommer Inter-Networking AG (Switzerland) gbo@internetworking.ch

More Related