180 likes | 275 Views
Product and Technology News. Georg Bommer, Inter-Networking AG (Switzerland). Content. Control of SSL Connections Document Security Management Mail Encryption without PKI. Control of SSL Connections. Valid Certificate? Who decides?. Control of SSL Connections. Content Scanner
E N D
Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)
Content • Control of SSL Connections • Document Security Management • Mail Encryption without PKI
Control of SSL Connections Valid Certificate? Who decides?
Control of SSL Connections Content Scanner Anti-Virus, Malicious Code, URL Filter, Attachment Restrictions IDS Sensor Content Security Policy Enforcement
Control of SSL Connections • Certificate Management • Relying on CA List of Browser • No CRL checking possible • User decision to accept or not a certificate • Policy Enforcement • Services used can not be controlled • Content Scanning/Inspection is not possible • Policy for up- and download of data and attachments can not be enforced • Other Problems • Web-Server can enforce encrypted connection • Solution • Central Certificate Management • Content Inspection of SSL Traffic • Plattform Support Windows, Solaris, Linux • Proxy Mode and ICAP Support
Microdasys SCIP - Solution Content Scanner Anti-Virus, Malicious Code, URL Filter, Attachment Restrictions IDS Sensor Microdasys SCIP Decryption SSL to HTTP Certificate Check Encryption HTTP to SSL Content Scanning SSL Tunneling
Microdasys SCIP - Summary • Functionality • Central Certificate Management • Decryption of SSL Connections • Control of SSL Connections • Features • Support for Windows, Solaris, Linux • High Availablity / Clustering • Proxy Mode and ICAP Support www.microdasys.com
Document Security Management • Control sensitive documents while they are in use • Enforce proper handling when in use • Printing • Copying • Pasting • Screen Capturing • Saving • Forwarding • Audit user activity
Document Security Management Secure Display Technology
Step 4Encrypted document is sent back to user (HTML) Step 5Client requests key from Key Server (PKCS#7 + HTTP) Step 3Document is converted to HTML and encrypted (AES 128bit) Step 1Users requests secure document from web server (HTTP Request) Step 2Server determines that requested document is protected Step 6 User is authenticated and document key is returned Finjan Mirage - Solution Mirage Server Key Server MirageClient
Finjan Mirage Enterprise - Summary • Functionality • Protection of sensitive documents • Control + audit document handling • Enforce information security policy • Features • Unique „Secure Display“ Technology • Supported formats; MS Word, Excel, HTML Pages, Plain Text, PDF Files • Integration with Document Management Systems such as LiveLink www.finjan.com
Mail Encryption without PKI • Requirements for mail encryption • Ease of use • Policy enforcement • Open standards • Quick and easy deployement • Problems PKI • Roll-out of certificates • Management of keys (recovery, revocation) • Exchange keys with third parties • Validate external keys
Encryption Gateway Automatic Key Generation for Mail User, Encryption/De-cryption, Management of Private Keys Internal Key Server Customers + Partners Public Keys Public Key Server Employees Public Key Key Administrator Validates Public Keys from Customer/Partners Mail Encryption without PKI
Mail Encryption + Signing Mail Policy
CryptoEx Summary • Functionality • Gateway based encryption and signing of e-mails with individual user keys • Fully automated key generation and management of users private keys • Decentralized key validation • Features • No PKI needed • Support for OpenPGP + S/Mime (Q4/03) • Support for multiple HTTP + LDAP key store • Policy enforcement at the gateway • Fully transparent to the user www.cryptoex.com
Thank you ! Georg Bommer Inter-Networking AG (Switzerland) gbo@internetworking.ch