More Related Content Similar to Using Hard Disk Encryption and Novell SecureLogin (20) Using Hard Disk Encryption and Novell SecureLogin1. Using Harddisk Encryption
and Novell SecureLogin ®
Troy Drewry Dirk Strauch
Technical Sales Specialist Senior Consultant
Novell, Inc. cv cryptovision
tdrewry@novell.com dirk.strauch@cryptovision.com
2. Overview
Focus Shifts from Protecting the Network to Protecting Data
• The Challenge of Data at Rest
– Enterprise Data on Desktops, Laptops and Servers
– Stolen and Lost Laptops
– Data in Transit
– Security Breaches
• Regulations and Governance
– Corporate and Industry
– Local, State and Federal Government
– International Considerations
• Corporate Impact
– Security breach consequences on client mind-set
– Negative media exposure outcome on corporate profits
• Using Hard Disk Encryption and Novell SecureLogin for ESSO
®
– Stronger Alternate to Microsoft Windows Security
– Don’t Touch that Application
2 © Novell, Inc. All rights reserved.
3. Encryption Technology
• Hardware-Based Solutions
– Intel® Anti-Theft Technology (Intel® AT) Stolen
http://www.intel.com/technology/anti-theft
– Seagate DriveTrust™ (Self-Encrypting Drives) Technology
http://www.seagate.com/docs/pdf/whitepaper/TP564_DriveTrust_Oct06.pdf
– Geo Location and Others
http://www.absolute.com) (http://www.computersecurity.com/laptop-tracking
• Software-Based Solutions
– Pre-Boot Authentication (PBA)
– Full Drive Encryption (FDE)
– File and Folder Encryption (FFE)
– Port Security (USB/Firewall/Etc.)
– External Drive Protection
– File Sharing Safeguards
• Auditing
– Logging and Forensics Preparation
– Reporting and Compliance
3 © Novell, Inc. All rights reserved.
4. Implementing Hard Disk Encryption
Components
• Servers
– Key Storage
– Directory Interoperability
– Administration and Management
– Scalability
• Endpoint Platforms
• Workstations • Laptops
• Virtual Machines • Kiosks (Terminal Services and Citrix)
• Mobil Devices • Others
• OS Considerations
• Windows • Mac
• Linux/Unix • Mobile (at least 4)
• Authentication Mechanism
• Credentials • Smart Cards
• Biometrics • Tokens
4 © Novell, Inc. All rights reserved.
5. Weighted Options to Implementation
• Enterprise and Remote Roaming User Solutions
• Pre-Boot Authentication Effects
• Full Disk Encryption v. File and Folder Encryption
• OS Handshake/Hand-Off Options
• Port and Disk Access Control or Free Range Users
• Logging and Reporting as a Requirement
5 © Novell, Inc. All rights reserved.
6. Demonstration
Cryptovision WinMagic
Smartcard Pre-Boot
PKI Security Authentication
Microsoft
Novell
Active Directory
®
SecureLogin
Authentication
6 © Novell, Inc. All rights reserved.
8. Overview
• PKI Infrastructure Overview
• PKI in a Novell Environment with cv act PKIntegrated
®
• cv act sc/Interface middle-ware
• Smart Card
8 © Novell, Inc. All rights reserved.
9. Public Key Infrastructure Overview
Certification Repository
CA
Digital Certificate
RA
Private Key
Public Key
User Application
9 © Novell, Inc. All rights reserved.
10. PKI in a Novell Environment: ®
cv act PKIntegrated
CA Engine
Novell Identity Manager
iManager LDAP OCSP, SCEP
Novell
eDirectory™
PKIntegrated PKI
Administration Applications
Novell Identity Manager
Siemens DirX, Lotus Notes, SAP HR,
Microsoft ADS LDAP Peoplesoft
10 © Novell, Inc. All rights reserved.
11. Additional Components
cv act PKIntegrated - managing digital certificates
in an Novell environment ®
• Included seamlessly in Novell infrastructure
• Using Novell products
– Novell eDirectory (data store)
™
– iManager (administration)
– Novell Identity Manager (cryptographic functions)
11 © Novell, Inc. All rights reserved.
12. Additional Components
cv act sc/interface – providing access to smart cards
– Smart card middleware
– Providing access to the most common smart cards
including Java Card: G&D Sm@rtCafé Expert, G&D Micro
SD Card microSD, StarCOS, IBM JCOP, CardOS, ACOS,
AustriaCard JCOP, Gemalto TOP IM GX4, Infineon JTOP,
Aladdin eToken, G&D StarSign, Siemens HiPath, A.E.T.
SafeSign, Nexus Personal, D-Trust
12 © Novell, Inc. All rights reserved.
14. Overview
• SecureDoc Overview and Features
• SecureDoc Solution
14 © Novell, Inc. All rights reserved.
15. SecureDoc Overview and Features
Third Party Management Applications
API
Interface
SecureDoc Enterprise Server API
New Crypto Device
Passwords Full Disk Data Leak
Encryption Protection
Tokens Removable
Email
Media Encyption
Smartcards File / Folder
Call Home
Encryption
Biometrics Port Control Anti virus
PKI Seagate FDE
TPM SecureDoc Client Software MXI
SanDisk / Kingston
Ironkey
Windows Mac / EFI Linux Symbian
New Crypto Device
15 © Novell, Inc. All rights reserved.
16. SecureDoc Solution
SecureDoc Client Disk Sector
Multi-Factor
Key Escrow User Authentication
Active Security Policy Manager USB/CD/DVD
(Pre-Boot) and Removable Media
Directory Access Control
User / Group Key
Management Management
System System
File
LDAP Software User AES Software
SD CONNEX Encryption Engine
Server Distribution Support Secure Client Server
Tools Tools Communications
Consolidated Audit Log
Seagate Folder
DriveTrust
Drive
PKI
SecureDoc Enterprise Server
Container
3rd Party
Encryption
USB Stick
16 © Novell, Inc. All rights reserved.
18. Overview
• Microsoft Active Directory Data Store
• SecureLogin Workstation Agent
• Novell SecureLogin Hard Disk
®
Encryption Implications
18 © Novell, Inc. All rights reserved.
19. Microsoft Active Directory Data Store
• Active Directory is being used in this demonstration
• We could have used Novell eDirectory or any other LDAP v3
®
™
• Schema Extensions made Using ADSchema.exe
– Prot:SSO Auth
– Prot:SSO Entry
(LDAP:protocom-SSO-Entries)
– Prot:SSO Entry Checksum
(LDAP:protocom-SSO-Entries-Checksum)
– Prot:SSO Profile
(LDAP:protocom-SSO-Profile)
– Prot:SSO Security Prefs
(LDAP:protocom-SSO-Security-Prefs)
– Prot:SSO Security Prefs Checksum
(LDAP:protocom-SSO-Security-Prefs-Checksum)
19 © Novell, Inc. All rights reserved.
21. Novell SecureLogin Hard Disk
®
Encryption Implications
• Pre-Boot Authentication
• Full Disk Encryption v. File and Folder Encryption
• OS Handshake/Hand-Off
• Advanced Authentication Integration
21 © Novell, Inc. All rights reserved.
22. Demonstration – How it Works
Authentication during boot process
– Laptop is switched on
– Logon screen of hard disk encryption comes up (PBA)
– User places their smart card in reader
– User types in their PIN
– PBA encryption authenticates user and decrypts hard drive
– PBA performs handshake to Windows OS and user is logged in
– Novell SecureLogin Agent starts
®
– SSO is operational with no additional logins
22 © Novell, Inc. All rights reserved.
23. For More Information
Try SecureLogin for
Yourself
We'll install SecureLogin on
• Visit table A5 in IT Central your machine (for free).
• Attend the following complementary sessions:
– BOF106: SecureLogin in the Real World Panel Discussion
– IAM205: Novell SecureLogin Installation, Deployment and Lifecycle
Management
– IAM207: SecureLogin and Your Active Directory Setup
– IAM302: Using Hard Disk Encryption and SecureLogin
– IAM303: Enhancing SecureLogin with Multi-factor Authentication
– IAM304: Securing Shared Workstation with SecureLogin
• Walk through the SecureLogin demo in the
Installation and Migration Depot
• Visit www.novell.com/securelogin
23 © Novell, Inc. All rights reserved.
25. Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc.
Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope
of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified,
translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc.
Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents
of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any
particular purpose. The development, release, and timing of features or functionality described for Novell products
remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to
make changes to its content, at any time, without obligation to notify any person or entity of such revisions or
changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc.
in the United States and other countries. All third-party trademarks are the property of their respective owners.