SlideShare a Scribd company logo

G snap security-solution

K
Kevin Mayo
Technology
1 of 20
Download to read offline
gSNAP Primer Kevin Mayo –Chief Architect – Global Government ●Sun Microsystems, Inc. ●
Introduction – What is gSNAP? • (government) Secure Network Access Platform • Reference Architecture for secure collaboration at the desktop ■ “70% solution” developed specifically for govt customers • Competitive advantage for Sun in specific markets ■ Sun unique products and technology ■ CSO technical engagements ■ Complimentary partner products and integration Sun Confidential: Internal or Partner Use Only
How We Use IT is Also Changing Dynamic Coalition and Interoperability Formation Standards Best of Class Threat of Global Security Terrorism Access Anytime Technology As Major Anywhere Element of Operations Sun Confidential: Internal or Partner Use Only
gSNAP Market Drivers • Government agencies have increasing need to collaborate ■ Within agency ■ With other agencies ■ With trusted partners (suppliers, research centres) ■ With agencies of other nations • Government users have increasing need to access information from anywhere, anytime • Security and privacy are key requirements • Sources of information are increasingly diverse Sun Confidential: Internal or Partner Use Only
gSNAP Market Positioning • Government agencies with collaboration needs ■ Defence (NATO) ■ Public security/ public safety (Interpol) ■ Emergency response (central, provincial, city) ■ Public health (CDC, WHO) ■ Government research centres and universities Sun Confidential: Internal or Partner Use Only
Government System Requirements • Trusted computing environment • Single Virtual Switch to Multiple Networks ■ ■ Single desktop with connections to multiple security domains implemented as physically separated networks (without enabling intra-domain routing) End-users have controlled access to domains based on security level, compartmentalization • Secure Inter-Domain Data Transfer ■ Automated and manual auditing based on pre-defined policies and procedures • Remote Access Protocol Options ■ Tarantella, Citrix, RDP, X Windows or Browser. Sun Confidential: Internal or Partner Use Only
Changing the Game— Single Multi-Tiered Secure Communications SINGLE-POINT FOR INFO ASSURANCE Secure Domain A, Apps 1,2,3 Secure Domain B, Apps 4,5,6 Secure Domain C, Apps 7,8,9 Secure Domain D, Apps 10,11 Secure Domains A to Z On ONE Terminal With data assurance across security domains Sun Confidential: Internal or Partner Use Only
Desktop Consolidation: Ultra-Thin Client Front-End Before: After: To ensure a high level of security physically isolated clients were deployed often resulting in up to 10 different Desktops in a single office Full Session Mobility enabled by a single stateless Sun Ray TM frontend and protected by a Trusted Solaris TM based back-end Sun Confidential: Internal or Partner Use Only
The Sun Solution: Secure Network Access Platform User Community A Switch User Community B Switch Switch User Community C User Community D Switch Switch Trusted Solaris ● Sun Ray Session ● Server ● Switch Switch Switch ● ● ● ● ● 24/7 remote management Sun Ray stateless Clients Java Card identity Network attached storage for audit logs Sun Jumpstart Software for automated site replication Sun Confidential: Internal or Partner Use Only • Highly scalable • Multi-network consolidation • Ultra secure • Identity/Role-based access • Audit ability • Session mobility
Secure Network Access Platform for Government Solution 3rd Party Security Extensions TCS, TNE, AC Tech, Cryptek, Tenix, RSA, Maxim, etc. Integration to Legacy Systems Tarantella, Citrix, RDP, Thinsoft Java Ultra-Thin Client Environment SunRay 1G, 170; Sun Ray Session Server, Trusted CDE, Java Cards Government Accredited Trusted Operating Env Trusted Solaris Certified EAL4 (B1): CAPP, LSPP, RBPP Sun Solaris Enterprise StorEdge ™ 9 RAS Compute Platform Consulting, Training, and Support Services Sun Servers Sun Open Work Practice, Workshop, POC, Architecture and Implementation + Training and Support Sun Confidential: Internal or Partner Use Only
Trusted Solaris Direction Trusted Solaris BSM Solaris Solaris 2.3 Trusted Networking Trusted Desktop RBAC Trusted Solaris layered on Solaris Process Attributes Device Allocation Virtualization Privilege Policy Solaris 8/9 Sun Confidential: Internal or Partner Use Only Solaris 10
Secure Foundation of Dramatic Improvements Solaris 10 Security Digital Certificates Everywhere Secure Execution User Rights Management Process Rights Management Cryptographic Framework IPFilter Kerberos Single Sign On Easily Activated Security Profiles Sun Confidential: Internal or Partner Use Only
Multi-Level Labeled Security Trusted Extensions Adds labeled security to Solaris 10 Multi-level networking, printing Multi-level CDE GUI Leverages User & Process RM Uses Containers Compatible with all Solaris apps Target of CAPP, RBACPP, LSPP @ EAL 4+ Available 1HCY2006 Sun Confidential: Internal or Partner Use Only
Sun Confidential: Internal or Partner Use Only
Based on Best Practices From Innovative Customer Solutions: DTW—DODIIS Trusted Workstation ● Proven solution developed at Joint Intelligence Center Pacific—JICPAC ● Mandated by DIA as standard secure desktop access solution for DODIIS community Coalition Sun Confidential: Internal or Partner Use Only DEA INS Circa 2000 seats deployed, multi-year program managed by JEDI Sun Network Access Platform Solution military Intelligence ● Government Control Center
DTW Components JEDI JUMPSTART IMAGE: Trusted Solaris 8 (12/02) SunRay Software 2.0 w/Failover Groups JMDI (JEDI) Extensions Jumpstart support - Streamlined User & Host management Audit Management - Authorized application Mgmt. TCS software ● ● ● SunRay thin Clients with 24” Flat-Panel monitors Load Balanced Sun Servers Windows 2003 servers connected via RDP Sun Confidential: Internal or Partner Use Only
SPAWAR ● ● ● ● ● ● Reduced acquisition costs by consolidating multiple PC clients into a single Sun Ray ultra-thin client Improved end-user operational efficiencies for secure info workflow with little incremental training Military grade encryption for transport through untrusted environments Highly scalable, with reduced administration, rock-solid security, and easy deployment Provides complete audit trail facilities Tested and validated with government Accreditation SUN RAY SOLUTION SUPPORTING MULTI-NATIONAL COALITION FORCES IN THE ASIA PACIFIC REGION PROBLEM: How to dynamically add/subtract foreign parties into a community of interest at various levels of need-to-know SOLUTION: • Sun Ray Ultra-Thin Client OEM Boards • Cryptek FIPS-140-1 3DES Encryption • Sun Fire(TM) Netra servers • Trusted Solaris(TM) 8 • AC Technology Biometrics • Smart Card Sun Confidential: Internal or Partner Use Only
JICPAC ● ● ● ● Reduced acquisition costs by consolidating multiple PC clients into a single Sun Ray ultra-thin client Improved end-user operational efficiencies for secure info workflow with little incremental training Compatible with over 150 existing applications and INFOSEC tools Highly scalable, with reduced administration, rock-solid security, and easy deployment ● Provides complete audit trail facilities ● Tested and validated to DIA Accreditation SUN RAY SOLUTION SUPPORTING US MILITARY INTEL AT THE JOINT INTELLIGENCE CENTER OF THE PACIFIC (JICPAC) PROBLEM: How to deploy a COTS single desktop that provides secure access to multiple information classifications and applications under gov't accreditation SOLUTION: • • • • Sun Confidential: Internal or Partner Use Only Sun Ray Ultra-Thin Client Sun Fire(TM) 12K servers Trusted Solaris(TM) 8 TCS Secure Office
MLTC—Multi-Level Thin Client (Centrix M) ● United States Navy - USJFCOM & SPAWAR – – >100 MLTC terminals were used as part of the USJFCOM CJTFEX Operation Blinding Storm in June 2004 – Deployed and in production on the USS Mount Whitney and USS Blueridge and at New COMPACFLT's Command Center – ● Response to the fleets requirement for information sharing among allies and coalition partners Schedules for deployment to entire fleet starting FY06 Improved Operational Efficiency: – – Eliminates need for client side storage of sensitive data – ● User Mobility saves times as they move locations – ● Connectivity to multiple domains from a single seat Near Real-time Dynamic security policy Being used in the Middle Eastern Gulf Region Accredidated Internal use by NSA for DoD (SABI) for or Partner Use Only Sun Confidential:
CENTRIX-Maritime Sun V240, V210 and Netra 20 servers running Trusted Solaris CITRIX w/Win 2000 servers All Secret – Siprnet & coalition Networks Used as a secure Gateway to “PC” applications. Maxim provided GOTS code – free within Government Sun Confidential: Internal or Partner Use Only CJTFEX 04-2

Recommended

G snap security-solution
G snap security-solutionG snap security-solution
G snap security-solution
Kevin Mayo
 
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Iftikhar Ali Iqbal
 
SQX Solution Day 2013 Q2 - Milestone Update
SQX Solution Day 2013 Q2 - Milestone UpdateSQX Solution Day 2013 Q2 - Milestone Update
SQX Solution Day 2013 Q2 - Milestone Update
Alex Kwan
 
Why choose genetec
Why choose genetecWhy choose genetec
Why choose genetec
Mark Joseph Veloso-Salvado, CSP
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept Document
Iftikhar Ali Iqbal
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
lior mazor
 
Checkpoint Overview
Checkpoint OverviewCheckpoint Overview
Checkpoint Overview
Leonardo Antichi
 
Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02
frank4dd
 

Recommended

G snap security-solution
G snap security-solutionG snap security-solution
G snap security-solution
Kevin Mayo
 
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Iftikhar Ali Iqbal
 
SQX Solution Day 2013 Q2 - Milestone Update
SQX Solution Day 2013 Q2 - Milestone UpdateSQX Solution Day 2013 Q2 - Milestone Update
SQX Solution Day 2013 Q2 - Milestone Update
Alex Kwan
 
Why choose genetec
Why choose genetecWhy choose genetec
Why choose genetec
Mark Joseph Veloso-Salvado, CSP
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept Document
Iftikhar Ali Iqbal
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
lior mazor
 
Checkpoint Overview
Checkpoint OverviewCheckpoint Overview
Checkpoint Overview
Leonardo Antichi
 
Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02
frank4dd
 
Secure nets-and-data
Secure nets-and-dataSecure nets-and-data
Secure nets-and-data
Kevin Mayo
 
MultiValue Security
MultiValue SecurityMultiValue Security
MultiValue Security
Rocket Software
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
EnergySec
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_final
Lan & Wan Solutions
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
EnergySec
 
Developing Tizen OS Based Solutions (IDF13) - Chris Norman
Developing Tizen OS Based Solutions (IDF13) - Chris NormanDeveloping Tizen OS Based Solutions (IDF13) - Chris Norman
Developing Tizen OS Based Solutions (IDF13) - Chris Norman
Ryo Jin
 
B sep ds-21194634.en-us
B sep ds-21194634.en-usB sep ds-21194634.en-us
B sep ds-21194634.en-us
Pelos TCHIKAYA
 
DGI Compliance Webinar
DGI Compliance WebinarDGI Compliance Webinar
DGI Compliance Webinar
SolarWinds
 
Altiris IT Management Suite 7
Altiris IT Management Suite 7Altiris IT Management Suite 7
Altiris IT Management Suite 7
Symantec
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and Security
Precisely
 
DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513
Tiffeny Price
 
Symantec Endpoint Suite
Symantec Endpoint SuiteSymantec Endpoint Suite
Symantec Endpoint Suite
MarketingArrowECS_CZ
 
Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 Solutions
MarketingArrowECS_CZ
 
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISHIntroducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
Kirill Kertsenbaum
 
Air Force IT Sales Opportunities: Where to Aim High in FY17
Air Force IT Sales Opportunities: Where to Aim High in FY17Air Force IT Sales Opportunities: Where to Aim High in FY17
Air Force IT Sales Opportunities: Where to Aim High in FY17
immixGroup
 
TDC2017 - Embedded Linux - Deploy Software Update for Linux Devices
TDC2017 - Embedded Linux - Deploy Software Update for Linux DevicesTDC2017 - Embedded Linux - Deploy Software Update for Linux Devices
TDC2017 - Embedded Linux - Deploy Software Update for Linux Devices
Caio Pereira
 
Fore scout nac-datasheet
Fore scout nac-datasheetFore scout nac-datasheet
Fore scout nac-datasheet
Khoa Nguyen Hong Nguyen
 
VMware Workspace One
VMware Workspace OneVMware Workspace One
VMware Workspace One
Jürgen Ambrosi
 
IBM Endpoint Manager for Lifecycle Management (Overview)
IBM Endpoint Manager for Lifecycle Management (Overview)IBM Endpoint Manager for Lifecycle Management (Overview)
IBM Endpoint Manager for Lifecycle Management (Overview)
Kimber Spradlin
 
Automated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsAutomated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge Clouds
Jay Bryant
 
Gebeurtenis
GebeurtenisGebeurtenis
Gebeurtenis
pietervdb
 
Сайт как инструмент оперативного реагирования
Сайт как инструмент оперативного реагированияСайт как инструмент оперативного реагирования
Сайт как инструмент оперативного реагирования
DEFA
 

More Related Content

What's hot

ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
EnergySec
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
EnergySec
 
Developing Tizen OS Based Solutions (IDF13) - Chris Norman
Developing Tizen OS Based Solutions (IDF13) - Chris NormanDeveloping Tizen OS Based Solutions (IDF13) - Chris Norman
Developing Tizen OS Based Solutions (IDF13) - Chris Norman
Ryo Jin
 
B sep ds-21194634.en-us
B sep ds-21194634.en-usB sep ds-21194634.en-us
B sep ds-21194634.en-us
Pelos TCHIKAYA
 
DGI Compliance Webinar
DGI Compliance WebinarDGI Compliance Webinar
DGI Compliance Webinar
SolarWinds
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and Security
Precisely
 
DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513
Tiffeny Price
 
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISHIntroducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
Kirill Kertsenbaum
 

What's hot (20)

Secure nets-and-data
Secure nets-and-dataSecure nets-and-data
Secure nets-and-data
 
MultiValue Security
MultiValue SecurityMultiValue Security
MultiValue Security
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_final
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
Developing Tizen OS Based Solutions (IDF13) - Chris Norman
Developing Tizen OS Based Solutions (IDF13) - Chris NormanDeveloping Tizen OS Based Solutions (IDF13) - Chris Norman
Developing Tizen OS Based Solutions (IDF13) - Chris Norman
 
B sep ds-21194634.en-us
B sep ds-21194634.en-usB sep ds-21194634.en-us
B sep ds-21194634.en-us
 
DGI Compliance Webinar
DGI Compliance WebinarDGI Compliance Webinar
DGI Compliance Webinar
 
Altiris IT Management Suite 7
Altiris IT Management Suite 7Altiris IT Management Suite 7
Altiris IT Management Suite 7
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and Security
 
DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513
 
Symantec Endpoint Suite
Symantec Endpoint SuiteSymantec Endpoint Suite
Symantec Endpoint Suite
 
Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 Solutions
 
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISHIntroducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
 
Air Force IT Sales Opportunities: Where to Aim High in FY17
Air Force IT Sales Opportunities: Where to Aim High in FY17Air Force IT Sales Opportunities: Where to Aim High in FY17
Air Force IT Sales Opportunities: Where to Aim High in FY17
 
TDC2017 - Embedded Linux - Deploy Software Update for Linux Devices
TDC2017 - Embedded Linux - Deploy Software Update for Linux DevicesTDC2017 - Embedded Linux - Deploy Software Update for Linux Devices
TDC2017 - Embedded Linux - Deploy Software Update for Linux Devices
 
Fore scout nac-datasheet
Fore scout nac-datasheetFore scout nac-datasheet
Fore scout nac-datasheet
 
VMware Workspace One
VMware Workspace OneVMware Workspace One
VMware Workspace One
 
IBM Endpoint Manager for Lifecycle Management (Overview)
IBM Endpoint Manager for Lifecycle Management (Overview)IBM Endpoint Manager for Lifecycle Management (Overview)
IBM Endpoint Manager for Lifecycle Management (Overview)
 
Automated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsAutomated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge Clouds
 

Viewers also liked

3 leccion
3 leccion3 leccion
3 leccion
07leo
 
WorldFree Direct Sales
WorldFree Direct SalesWorldFree Direct Sales
WorldFree Direct Sales
WorldFreeds
 
Полезные модули DEFA для автоматизации работы интернет-магазина
Полезные модули DEFA для автоматизации работы интернет-магазинаПолезные модули DEFA для автоматизации работы интернет-магазина
Полезные модули DEFA для автоматизации работы интернет-магазина
DEFA
 
Siadima anastasia 1508 syrigou eythymia 1359
Siadima anastasia 1508 syrigou eythymia 1359Siadima anastasia 1508 syrigou eythymia 1359
Siadima anastasia 1508 syrigou eythymia 1359
effiesyr
 

Viewers also liked (16)

Gebeurtenis
GebeurtenisGebeurtenis
Gebeurtenis
 
Сайт как инструмент оперативного реагирования
Сайт как инструмент оперативного реагированияСайт как инструмент оперативного реагирования
Сайт как инструмент оперативного реагирования
 
Брифование и проектирование. Важность предварительных этапов
Брифование и проектирование. Важность предварительных этаповБрифование и проектирование. Важность предварительных этапов
Брифование и проектирование. Важность предварительных этапов
 
Имиджевый аспект государственных сайтов
Имиджевый аспект государственных сайтовИмиджевый аспект государственных сайтов
Имиджевый аспект государственных сайтов
 
Как создать государственный интернет-ресурс
Как создать государственный интернет-ресурсКак создать государственный интернет-ресурс
Как создать государственный интернет-ресурс
 
3 leccion
3 leccion3 leccion
3 leccion
 
17 принципов создания идеальной дизайн-концепции
17 принципов создания идеальной дизайн-концепции17 принципов создания идеальной дизайн-концепции
17 принципов создания идеальной дизайн-концепции
 
Старикам тут не место.
Старикам тут не место.Старикам тут не место.
Старикам тут не место.
 
WorldFree Direct Sales
WorldFree Direct SalesWorldFree Direct Sales
WorldFree Direct Sales
 
Trusted extensions-gdansk-v1 0
Trusted extensions-gdansk-v1 0Trusted extensions-gdansk-v1 0
Trusted extensions-gdansk-v1 0
 
Skazka pro tochku
Skazka pro tochkuSkazka pro tochku
Skazka pro tochku
 
Digital branding: Теория и практика малых дел
Digital branding: Теория и практика малых делDigital branding: Теория и практика малых дел
Digital branding: Теория и практика малых дел
 
Massage Therapy
Massage TherapyMassage Therapy
Massage Therapy
 
Полезные модули DEFA для автоматизации работы интернет-магазина
Полезные модули DEFA для автоматизации работы интернет-магазинаПолезные модули DEFA для автоматизации работы интернет-магазина
Полезные модули DEFA для автоматизации работы интернет-магазина
 
Современный музейный сайт
Современный музейный сайтСовременный музейный сайт
Современный музейный сайт
 
Siadima anastasia 1508 syrigou eythymia 1359
Siadima anastasia 1508 syrigou eythymia 1359Siadima anastasia 1508 syrigou eythymia 1359
Siadima anastasia 1508 syrigou eythymia 1359
 

Similar to G snap security-solution

Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
TheAnfieldGroup
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
Digital Bond
 
Cross Domain Cyber Situational Awareness in a Multi Cloud, Multi-Network Fede...
Cross Domain Cyber Situational Awareness in a Multi Cloud, Multi-Network Fede...Cross Domain Cyber Situational Awareness in a Multi Cloud, Multi-Network Fede...
Cross Domain Cyber Situational Awareness in a Multi Cloud, Multi-Network Fede...
SolarWinds
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 
Bring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teamsBring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teams
Cloudflare
 
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and SimulinkApplying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Gerardo Pardo-Castellote
 
Ebc collab portfolio_master
Ebc collab portfolio_masterEbc collab portfolio_master
Ebc collab portfolio_master
dakins090174
 

Similar to G snap security-solution (20)

Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
 
Cross Domain Cyber Situational Awareness in a Multi Cloud, Multi-Network Fede...
Cross Domain Cyber Situational Awareness in a Multi Cloud, Multi-Network Fede...Cross Domain Cyber Situational Awareness in a Multi Cloud, Multi-Network Fede...
Cross Domain Cyber Situational Awareness in a Multi Cloud, Multi-Network Fede...
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Locationless data science on a modern secure edge
Locationless data science on a modern secure edgeLocationless data science on a modern secure edge
Locationless data science on a modern secure edge
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
 
Webinar: IT Disaster Recovery - Simplifying IT Resilience With the Help of th...
Webinar: IT Disaster Recovery - Simplifying IT Resilience With the Help of th...Webinar: IT Disaster Recovery - Simplifying IT Resilience With the Help of th...
Webinar: IT Disaster Recovery - Simplifying IT Resilience With the Help of th...
 
Network Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationNetwork Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems Presentation
 
Bring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teamsBring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teams
 
Fortinet_for_SAP
Fortinet_for_SAPFortinet_for_SAP
Fortinet_for_SAP
 
Presentation v mware horizon vision
Presentation v mware horizon visionPresentation v mware horizon vision
Presentation v mware horizon vision
 
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and SimulinkApplying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
Applying MBSE to the Industrial IoT: Using SysML with Connext DDS and Simulink
 
2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
 
Ebc collab portfolio_master
Ebc collab portfolio_masterEbc collab portfolio_master
Ebc collab portfolio_master
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob Rowlingson
 
CASBs: 8 Critical Capabilities in partnership with ISMG Media Group
CASBs: 8 Critical Capabilities in partnership with ISMG Media GroupCASBs: 8 Critical Capabilities in partnership with ISMG Media Group
CASBs: 8 Critical Capabilities in partnership with ISMG Media Group
 
Platform Agility, Reliability, and Security: Can You Really Have it All in th...
Platform Agility, Reliability, and Security: Can You Really Have it All in th...Platform Agility, Reliability, and Security: Can You Really Have it All in th...
Platform Agility, Reliability, and Security: Can You Really Have it All in th...
 
Disaster Recovery Solutions
Disaster Recovery SolutionsDisaster Recovery Solutions
Disaster Recovery Solutions
 

Recently uploaded

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Recently uploaded (20)

WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 

G snap security-solution

  • 1. gSNAP Primer Kevin Mayo –Chief Architect – Global Government ●Sun Microsystems, Inc. ●
  • 2. Introduction – What is gSNAP? • (government) Secure Network Access Platform • Reference Architecture for secure collaboration at the desktop ■ “70% solution” developed specifically for govt customers • Competitive advantage for Sun in specific markets ■ Sun unique products and technology ■ CSO technical engagements ■ Complimentary partner products and integration Sun Confidential: Internal or Partner Use Only
  • 3. How We Use IT is Also Changing Dynamic Coalition and Interoperability Formation Standards Best of Class Threat of Global Security Terrorism Access Anytime Technology As Major Anywhere Element of Operations Sun Confidential: Internal or Partner Use Only
  • 4. gSNAP Market Drivers • Government agencies have increasing need to collaborate ■ Within agency ■ With other agencies ■ With trusted partners (suppliers, research centres) ■ With agencies of other nations • Government users have increasing need to access information from anywhere, anytime • Security and privacy are key requirements • Sources of information are increasingly diverse Sun Confidential: Internal or Partner Use Only
  • 5. gSNAP Market Positioning • Government agencies with collaboration needs ■ Defence (NATO) ■ Public security/ public safety (Interpol) ■ Emergency response (central, provincial, city) ■ Public health (CDC, WHO) ■ Government research centres and universities Sun Confidential: Internal or Partner Use Only
  • 6. Government System Requirements • Trusted computing environment • Single Virtual Switch to Multiple Networks ■ ■ Single desktop with connections to multiple security domains implemented as physically separated networks (without enabling intra-domain routing) End-users have controlled access to domains based on security level, compartmentalization • Secure Inter-Domain Data Transfer ■ Automated and manual auditing based on pre-defined policies and procedures • Remote Access Protocol Options ■ Tarantella, Citrix, RDP, X Windows or Browser. Sun Confidential: Internal or Partner Use Only
  • 7. Changing the Game— Single Multi-Tiered Secure Communications SINGLE-POINT FOR INFO ASSURANCE Secure Domain A, Apps 1,2,3 Secure Domain B, Apps 4,5,6 Secure Domain C, Apps 7,8,9 Secure Domain D, Apps 10,11 Secure Domains A to Z On ONE Terminal With data assurance across security domains Sun Confidential: Internal or Partner Use Only
  • 8. Desktop Consolidation: Ultra-Thin Client Front-End Before: After: To ensure a high level of security physically isolated clients were deployed often resulting in up to 10 different Desktops in a single office Full Session Mobility enabled by a single stateless Sun Ray TM frontend and protected by a Trusted Solaris TM based back-end Sun Confidential: Internal or Partner Use Only
  • 9. The Sun Solution: Secure Network Access Platform User Community A Switch User Community B Switch Switch User Community C User Community D Switch Switch Trusted Solaris ● Sun Ray Session ● Server ● Switch Switch Switch ● ● ● ● ● 24/7 remote management Sun Ray stateless Clients Java Card identity Network attached storage for audit logs Sun Jumpstart Software for automated site replication Sun Confidential: Internal or Partner Use Only • Highly scalable • Multi-network consolidation • Ultra secure • Identity/Role-based access • Audit ability • Session mobility
  • 10. Secure Network Access Platform for Government Solution 3rd Party Security Extensions TCS, TNE, AC Tech, Cryptek, Tenix, RSA, Maxim, etc. Integration to Legacy Systems Tarantella, Citrix, RDP, Thinsoft Java Ultra-Thin Client Environment SunRay 1G, 170; Sun Ray Session Server, Trusted CDE, Java Cards Government Accredited Trusted Operating Env Trusted Solaris Certified EAL4 (B1): CAPP, LSPP, RBPP Sun Solaris Enterprise StorEdge ™ 9 RAS Compute Platform Consulting, Training, and Support Services Sun Servers Sun Open Work Practice, Workshop, POC, Architecture and Implementation + Training and Support Sun Confidential: Internal or Partner Use Only
  • 11. Trusted Solaris Direction Trusted Solaris BSM Solaris Solaris 2.3 Trusted Networking Trusted Desktop RBAC Trusted Solaris layered on Solaris Process Attributes Device Allocation Virtualization Privilege Policy Solaris 8/9 Sun Confidential: Internal or Partner Use Only Solaris 10
  • 12. Secure Foundation of Dramatic Improvements Solaris 10 Security Digital Certificates Everywhere Secure Execution User Rights Management Process Rights Management Cryptographic Framework IPFilter Kerberos Single Sign On Easily Activated Security Profiles Sun Confidential: Internal or Partner Use Only
  • 13. Multi-Level Labeled Security Trusted Extensions Adds labeled security to Solaris 10 Multi-level networking, printing Multi-level CDE GUI Leverages User & Process RM Uses Containers Compatible with all Solaris apps Target of CAPP, RBACPP, LSPP @ EAL 4+ Available 1HCY2006 Sun Confidential: Internal or Partner Use Only
  • 14. Sun Confidential: Internal or Partner Use Only
  • 15. Based on Best Practices From Innovative Customer Solutions: DTW—DODIIS Trusted Workstation ● Proven solution developed at Joint Intelligence Center Pacific—JICPAC ● Mandated by DIA as standard secure desktop access solution for DODIIS community Coalition Sun Confidential: Internal or Partner Use Only DEA INS Circa 2000 seats deployed, multi-year program managed by JEDI Sun Network Access Platform Solution military Intelligence ● Government Control Center
  • 16. DTW Components JEDI JUMPSTART IMAGE: Trusted Solaris 8 (12/02) SunRay Software 2.0 w/Failover Groups JMDI (JEDI) Extensions Jumpstart support - Streamlined User & Host management Audit Management - Authorized application Mgmt. TCS software ● ● ● SunRay thin Clients with 24” Flat-Panel monitors Load Balanced Sun Servers Windows 2003 servers connected via RDP Sun Confidential: Internal or Partner Use Only
  • 17. SPAWAR ● ● ● ● ● ● Reduced acquisition costs by consolidating multiple PC clients into a single Sun Ray ultra-thin client Improved end-user operational efficiencies for secure info workflow with little incremental training Military grade encryption for transport through untrusted environments Highly scalable, with reduced administration, rock-solid security, and easy deployment Provides complete audit trail facilities Tested and validated with government Accreditation SUN RAY SOLUTION SUPPORTING MULTI-NATIONAL COALITION FORCES IN THE ASIA PACIFIC REGION PROBLEM: How to dynamically add/subtract foreign parties into a community of interest at various levels of need-to-know SOLUTION: • Sun Ray Ultra-Thin Client OEM Boards • Cryptek FIPS-140-1 3DES Encryption • Sun Fire(TM) Netra servers • Trusted Solaris(TM) 8 • AC Technology Biometrics • Smart Card Sun Confidential: Internal or Partner Use Only
  • 18. JICPAC ● ● ● ● Reduced acquisition costs by consolidating multiple PC clients into a single Sun Ray ultra-thin client Improved end-user operational efficiencies for secure info workflow with little incremental training Compatible with over 150 existing applications and INFOSEC tools Highly scalable, with reduced administration, rock-solid security, and easy deployment ● Provides complete audit trail facilities ● Tested and validated to DIA Accreditation SUN RAY SOLUTION SUPPORTING US MILITARY INTEL AT THE JOINT INTELLIGENCE CENTER OF THE PACIFIC (JICPAC) PROBLEM: How to deploy a COTS single desktop that provides secure access to multiple information classifications and applications under gov't accreditation SOLUTION: • • • • Sun Confidential: Internal or Partner Use Only Sun Ray Ultra-Thin Client Sun Fire(TM) 12K servers Trusted Solaris(TM) 8 TCS Secure Office
  • 19. MLTC—Multi-Level Thin Client (Centrix M) ● United States Navy - USJFCOM & SPAWAR – – >100 MLTC terminals were used as part of the USJFCOM CJTFEX Operation Blinding Storm in June 2004 – Deployed and in production on the USS Mount Whitney and USS Blueridge and at New COMPACFLT's Command Center – ● Response to the fleets requirement for information sharing among allies and coalition partners Schedules for deployment to entire fleet starting FY06 Improved Operational Efficiency: – – Eliminates need for client side storage of sensitive data – ● User Mobility saves times as they move locations – ● Connectivity to multiple domains from a single seat Near Real-time Dynamic security policy Being used in the Middle Eastern Gulf Region Accredidated Internal use by NSA for DoD (SABI) for or Partner Use Only Sun Confidential:
  • 20. CENTRIX-Maritime Sun V240, V210 and Netra 20 servers running Trusted Solaris CITRIX w/Win 2000 servers All Secret – Siprnet & coalition Networks Used as a secure Gateway to “PC” applications. Maxim provided GOTS code – free within Government Sun Confidential: Internal or Partner Use Only CJTFEX 04-2