SlideShare a Scribd company logo

Castle Presentation 08-12-04

Download as PPT, PDF
Howard Hellman
Howard Hellman

The document discusses how to securely protect internal communication within an organization. It provides examples of how clear text communication, such as instant messages and emails, can expose sensitive information if intercepted. The document then introduces Virtual Security Technology (VST) solutions like virtual security appliances with firewalls and VPN tunnels, public key infrastructure (PKI) services, and secure identity cards to encrypt communication and authentication. These solutions aim to prevent data theft and security breaches that often originate from within organizations.

1 of 36
Protect the castle from the insideProtect the castle from the inside Created by William Tabor and Howard HellmanCreated by William Tabor and Howard Hellman
CASTLE TECHNOLOGYCASTLE TECHNOLOGY • Walls (Firewalls)Walls (Firewalls) • Draw Bridge (Tunnels)Draw Bridge (Tunnels) • Moats (DMZs)Moats (DMZs) HISTORYHISTORY
HISTORYHISTORY The battle for TroyThe battle for Troy proved thatproved that thisthis does notdoes not workwork
HISTORYHISTORY 80% of all theft80% of all theft occurs from theoccurs from the insideinside
INTERNALINTERNAL COMMUNICATIONCOMMUNICATION Is data clear text?Is data clear text?
INTERNAL COMMUNICATIONINTERNAL COMMUNICATION PROBLEMS WITH CLEAR TEXT COMMUNICATIONPROBLEMS WITH CLEAR TEXT COMMUNICATION • Instant messagingInstant messaging • EmailEmail • Accounting informationAccounting information
INTERNAL COMM – INSTANT MESSAGINGINTERNAL COMM – INSTANT MESSAGING EXAMPLE #1EXAMPLE #1 The CEO and personnel director of a medium-sized company were messaging eachThe CEO and personnel director of a medium-sized company were messaging each other about potential layoffs.other about potential layoffs. This information exchange was detected by individuals within the IT department,This information exchange was detected by individuals within the IT department, and news of the discussion spread through the enterprise unchecked, well beforeand news of the discussion spread through the enterprise unchecked, well before any decisions could be made.any decisions could be made.
INTERNAL COMM – INSTANT MESSAGINGINTERNAL COMM – INSTANT MESSAGING EXAMPLE #2EXAMPLE #2 Two writers for a well-known daytime drama were messaging each other regarding aTwo writers for a well-known daytime drama were messaging each other regarding a significant plot change.significant plot change. A tabloid reporter intercepted their conversation and printed his scoop.A tabloid reporter intercepted their conversation and printed his scoop. The show subsequently dropped 15 ratings points. Each point translates intoThe show subsequently dropped 15 ratings points. Each point translates into advertising revenue of between $10 and $15 million.advertising revenue of between $10 and $15 million.
INTERNAL COMM – EMAILINTERNAL COMM – EMAIL EXAMPLE #3EXAMPLE #3 A car manufacturer spent $240 million on researching and developing an innovative,A car manufacturer spent $240 million on researching and developing an innovative, advanced engine design.advanced engine design. The company emailed the design to production plant, but the email was interceptedThe company emailed the design to production plant, but the email was intercepted by a competing manufacturer.by a competing manufacturer. The competitor promptly put the new engine design into production, beating theThe competitor promptly put the new engine design into production, beating the developer to market – without having to pay a single euro into R&D!developer to market – without having to pay a single euro into R&D!
PROVIDER OF SECURE SYSTEM SOLUTIONSPROVIDER OF SECURE SYSTEM SOLUTIONS • Virtual Security ApplianceVirtual Security Appliance • FirewallFirewall • SSL VPN TunnelSSL VPN Tunnel • Public Key Infrastructure (PKI) ServicesPublic Key Infrastructure (PKI) Services • Biometric Secure IdentificationBiometric Secure Identification • Consulting ServicesConsulting Services
VST SOLUTIONSVST SOLUTIONS Virtual Security Appliance - FirewallVirtual Security Appliance - Firewall
VST SOLUTIONSVST SOLUTIONS Virtual Security Appliance - FirewallVirtual Security Appliance - Firewall • Built on a lightweight version of SELinuxBuilt on a lightweight version of SELinux • Turn any server into a hardened platform .Turn any server into a hardened platform . • Application server becomes undetectable on the network.Application server becomes undetectable on the network.
VST SOLUTIONSVST SOLUTIONS Virtual Security Appliance – SSL VPNVirtual Security Appliance – SSL VPN
VST SOLUTIONSVST SOLUTIONS Virtual Security Appliance – SSL VPNVirtual Security Appliance – SSL VPN • Works with and in Conjunction with Linux FirewallWorks with and in Conjunction with Linux Firewall • Provides non clear text access to the ApplicationProvides non clear text access to the Application • Encryption greater then 2048bitEncryption greater then 2048bit • Can exist in a P5 PartitionCan exist in a P5 Partition
PKIPKI Public/Private Key InfrastructurePublic/Private Key Infrastructure
idTRUST – PKI INFRASTRUCTUREidTRUST – PKI INFRASTRUCTURE WHY IS A PKI INFRASTRUCTURE NECESSARY?WHY IS A PKI INFRASTRUCTURE NECESSARY? • Optional key generationOptional key generation • Validate initial identitiesValidate initial identities • Issuance, renewal and termination of certificatesIssuance, renewal and termination of certificates • Certificate validationCertificate validation • Distribution of certificatesDistribution of certificates • Secure archival and key recoverySecure archival and key recovery • Generation of signatures and timestampsGeneration of signatures and timestamps • Establish and manage trust relationshipsEstablish and manage trust relationships
WHAT HAS BLOCKED PKI FROM GLOBAL USE?WHAT HAS BLOCKED PKI FROM GLOBAL USE? • CostCost • PKI Integration with vertical application basePKI Integration with vertical application base • CA portability and interoperabilityCA portability and interoperability idTRUST – PKI INFRASTRUCTUREidTRUST – PKI INFRASTRUCTURE
PUBLIC/PRIVATE KEY GENERATIONPUBLIC/PRIVATE KEY GENERATION LOCAL APPLICATIONLOCAL APPLICATION • ERP, CRM, SCM….ERP, CRM, SCM…. BROWSERBROWSER • WebSphere PortalWebSphere Portal • Linux (PHP)Linux (PHP) REMOTE SERVER COMMUNICATIONSREMOTE SERVER COMMUNICATIONS Generate a Public/Private Key Pair
WHY USE CRYPTOGRAPHY?WHY USE CRYPTOGRAPHY? Cryptography can be applied to the following information categories:Cryptography can be applied to the following information categories: • Information at restInformation at rest • Information in transitInformation in transit Cryptography is used to enable information:Cryptography is used to enable information: • Privacy – information cannot be readPrivacy – information cannot be read • Integrity – information cannot be modifiedIntegrity – information cannot be modified • Authentication – information proof of ownershipAuthentication – information proof of ownership • Non-repudiation – cannot deny involvement in transactionNon-repudiation – cannot deny involvement in transaction
ASYMETTRIC KEY CRYPTOGRAPHYASYMETTRIC KEY CRYPTOGRAPHY Different keys (secrets) are used for both the encryption and decryption processes: Public Key Cipher Ciphertext information Cleartext Public Key Cipher J9%B 8^cBt Ciphertext Asymmetric key “public key” Asymmetric key “private key” Decryption ProcessEncryption Process Asymmetric key cryptography is characterized by the use of two independent but mathematically related keys J9%B 8^cBt
DIGITAL RIGHTSDIGITAL RIGHTS WHAT IS DIGITAL RIGHTS?WHAT IS DIGITAL RIGHTS? Gives us the ability to . . .Gives us the ability to . . . • Assign ownership to documents or dataAssign ownership to documents or data • Ensure that data has not been altered during transferEnsure that data has not been altered during transfer • Provide authenticationProvide authentication
CURRENT METHODCURRENT METHOD • Username and passwordUsername and password • Card and PINCard and PIN • RSA TokenRSA Token • BiometricsBiometrics USER IDENTIFICATIONUSER IDENTIFICATION
TOMORROW’S SECURITY TODAYTOMORROW’S SECURITY TODAY • Secure user authenticationSecure user authentication • PKIPKI • Virtualized SecurityVirtualized Security • SSL VPN TunnelsSSL VPN Tunnels NEXT GENERATION SECURITYNEXT GENERATION SECURITY
USER IDENTIFICATIONUSER IDENTIFICATION • Crypto-processor cardCrypto-processor card • Biometrics on cardBiometrics on card • ACLU friendlyACLU friendly DATAQUEST TECHNOLOGIES’ SOLUTIONSDATAQUEST TECHNOLOGIES’ SOLUTIONS
SECURE IDENTITY TRUST CARDSECURE IDENTITY TRUST CARD BIOMETRIC CARD FEATURES & CHARACTERISTICSBIOMETRIC CARD FEATURES & CHARACTERISTICS • Similar to credit card-sized “Smart Card,” but also contains on-card crypto processorSimilar to credit card-sized “Smart Card,” but also contains on-card crypto processor • Maintains protected storage for public/private keys, digital certificates and digitalMaintains protected storage for public/private keys, digital certificates and digital signatures to be used during authentication processsignatures to be used during authentication process • Executes cryptographic operations (verifies fingerprint)Executes cryptographic operations (verifies fingerprint) • Works in conjunction with card operating system (COS)Works in conjunction with card operating system (COS)
BIOMETRIC SECURE IDENTITY CARDBIOMETRIC SECURE IDENTITY CARD HOW THE IDENTITY TRUST CARD WORKSHOW THE IDENTITY TRUST CARD WORKS • User enrolls in the Biometric process Card maintains encrypted hash copy ofUser enrolls in the Biometric process Card maintains encrypted hash copy of user’s fingerprint in EEPROMuser’s fingerprint in EEPROM • When user wishes to authenticate him/herself, he/she simply places the correctWhen user wishes to authenticate him/herself, he/she simply places the correct finger on the e-field sensorfinger on the e-field sensor • The fingerprint is scanned, hashed and encryptedThe fingerprint is scanned, hashed and encrypted • The crypto processor compares the fingerprint sample to the stored valueThe crypto processor compares the fingerprint sample to the stored value • Card typically returns success or failure status to systemCard typically returns success or failure status to system
CRYPTO-PROCESSING CHIP LAYOUTCRYPTO-PROCESSING CHIP LAYOUT VCC Reset Clock GND I/O 32-bit Microprocessor (Microcontroller) RAM 2K Bytes ROM 32K+ Bytes EEPROM 64K+ Bytes Crypto Accelerator (Processor) ISO 7816 Family of Smart/Crypto Card Standards, i.e., power, Clock & I/O Bus
BIOMETRIC SECURE IDENTITY TRUST CARDBIOMETRIC SECURE IDENTITY TRUST CARD CARD CUSTOMIZATION CAPABILITIESCARD CUSTOMIZATION CAPABILITIES • Multiple processors (4,6,8, etc.)Multiple processors (4,6,8, etc.) • Mix and match 8, 16 and 32 bit processors for focused tasksMix and match 8, 16 and 32 bit processors for focused tasks • Memory (inter-processor and processor specific)Memory (inter-processor and processor specific) • Multiple custom data structure (application and processor)Multiple custom data structure (application and processor) • Potentially contact-based and contact-less cardsPotentially contact-based and contact-less cards
BIOMETRIC READERSBIOMETRIC READERS ● Optical Sensor ● Capacitive Sensor ● E-Field Sensor
USER IDENTIFICATION SUMMARYUSER IDENTIFICATION SUMMARY • Crypto-processor cardCrypto-processor card • Biometrics on cardBiometrics on card • PKI data on cardPKI data on card DATAQUEST TECHNOLOGIES’ SOLUTIONSDATAQUEST TECHNOLOGIES’ SOLUTIONS
VST SOLUTIONSVST SOLUTIONS Certificate Authority SoftwareCertificate Authority Software
INDUSTRY-SPECIFIC APPLICATIONSINDUSTRY-SPECIFIC APPLICATIONS Master Trust Centers Organizations Departments, Groups, Regional Centers DataQuest Master Trust Center (Security Level 1, 2, 3) Small business Level 1, 2Finance Level 1Level 1, 3 Level 1, 2, 3 Level 1 Level 1, 2 Healthcare Medical records database Level 3 Level 1, 2, 3 Level 1 Third Party Master Trust Center Certificate interoperability (depends on level of trust) Trust CenterTrust Center Trust Center Small business Small business Geographic (Regional) Trust Center Trust Center Trust Center Trust Center Trust Center Trust Center
VST SOLUTIONSVST SOLUTIONS Works in P5 SystemWorks in P5 System P5 Firewall SSL VPN Certificate Authority Applications
PROFESSIONAL SERVICESPROFESSIONAL SERVICES • Biometric smart card, trust center and PKI integrationBiometric smart card, trust center and PKI integration • Secure application design, development and implementationSecure application design, development and implementation • Enterprise security servicesEnterprise security services • Custom software and consulting servicesCustom software and consulting services • Project managementProject management • Training and educationTraining and education
• Security InventorySecurity Inventory • Security Policies and Procedures Guide DevelopmentSecurity Policies and Procedures Guide Development • IT Governance Audit/AssessmentIT Governance Audit/Assessment • Penetration TestingPenetration Testing • Disaster Recovery Planning and ImplementationDisaster Recovery Planning and Implementation SECURITY SERVICESSECURITY SERVICES
DATAQUEST TECHNOLOGIES’ SOLUTIONSDATAQUEST TECHNOLOGIES’ SOLUTIONS Questions?Questions?

Recommended

Triton brochure-new ft7000
Triton brochure-new ft7000Triton brochure-new ft7000
Triton brochure-new ft7000
ATMGALARY
 
De mystifying pki
De mystifying pkiDe mystifying pki
De mystifying pki
Parthasarathy P ACA, CISA, CGEIT, CRISC
 
PrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical Overview
PrivateWave Italia SpA
 
SlingSecure Mobile Voice Encryption
SlingSecure Mobile Voice EncryptionSlingSecure Mobile Voice Encryption
SlingSecure Mobile Voice Encryption
SlingSecure Mobile Encryption
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP
Fatih Ozavci
 
Encrypted Voice Communications
Encrypted Voice CommunicationsEncrypted Voice Communications
Encrypted Voice Communications
sbwahid
 
P2PE Solutions From Futurex
P2PE Solutions From FuturexP2PE Solutions From Futurex
P2PE Solutions From Futurex
Greg Stone
 
RBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCRBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWC
CHARGE Anywhere
 

Recommended

Triton brochure-new ft7000
Triton brochure-new ft7000Triton brochure-new ft7000
Triton brochure-new ft7000
ATMGALARY
 
De mystifying pki
De mystifying pkiDe mystifying pki
De mystifying pki
Parthasarathy P ACA, CISA, CGEIT, CRISC
 
PrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical Overview
PrivateWave Italia SpA
 
SlingSecure Mobile Voice Encryption
SlingSecure Mobile Voice EncryptionSlingSecure Mobile Voice Encryption
SlingSecure Mobile Voice Encryption
SlingSecure Mobile Encryption
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP
Fatih Ozavci
 
Encrypted Voice Communications
Encrypted Voice CommunicationsEncrypted Voice Communications
Encrypted Voice Communications
sbwahid
 
P2PE Solutions From Futurex
P2PE Solutions From FuturexP2PE Solutions From Futurex
P2PE Solutions From Futurex
Greg Stone
 
RBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCRBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWC
CHARGE Anywhere
 
age-report-exec-summary
age-report-exec-summaryage-report-exec-summary
age-report-exec-summaryMarc Le Clercq
 
örgüt kültürü ve etik
örgüt kültürü ve etikörgüt kültürü ve etik
örgüt kültürü ve etikTutku Ceylan
 
Ashby naturalmaterials
Ashby naturalmaterialsAshby naturalmaterials
Ashby naturalmaterialsAyuob Yahay
 
Distributed Data Systems
Distributed Data SystemsDistributed Data Systems
Distributed Data Systems
Jared Kerim
 
Managing Large Crop Loads FINAL Compressed
Managing Large Crop Loads FINAL CompressedManaging Large Crop Loads FINAL Compressed
Managing Large Crop Loads FINAL CompressedByron Phillips
 
Structural sol-week01
Structural sol-week01Structural sol-week01
Structural sol-week01Ayuob Yahay
 
Structural sol-week02
Structural sol-week02Structural sol-week02
Structural sol-week02Ayuob Yahay
 
Inside Travelport Merchandising Platform
Inside Travelport Merchandising PlatformInside Travelport Merchandising Platform
Inside Travelport Merchandising PlatformMarc Le Clercq
 
Cherry Pollination FINAL
Cherry Pollination FINALCherry Pollination FINAL
Cherry Pollination FINALByron Phillips
 
Materials used in ship building
Materials used in ship building Materials used in ship building
Materials used in ship building
Ayuob Yahay
 
Cooper Tires media case studies
Cooper Tires media case studiesCooper Tires media case studies
Cooper Tires media case studiesRich VanOverberg
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overview
Information Security Awareness Group
 
2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian
ITCamp
 
2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security
Tudor Damian
 
Secure channels main deck
Secure channels main deckSecure channels main deck
Secure channels main deck
Richard Blech
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talk
promediakw
 
Wi-Fi Security Fundamentals
Wi-Fi Security FundamentalsWi-Fi Security Fundamentals
Wi-Fi Security Fundamentals
Aruba, a Hewlett Packard Enterprise company
 
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security ThreatsBank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
Michelle Morgan-Nelsen
 
Secure Channels Presentation
Secure Channels PresentationSecure Channels Presentation
Secure Channels Presentation
Richard Blech
 
Code Signing Certificate
Code Signing CertificateCode Signing Certificate
Code Signing Certificate
The SSL Store™
 
Crush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access ManagementCrush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access Management
BeyondTrust
 

More Related Content

Viewers also liked

age-report-exec-summary
age-report-exec-summaryage-report-exec-summary
age-report-exec-summaryMarc Le Clercq
 
örgüt kültürü ve etik
örgüt kültürü ve etikörgüt kültürü ve etik
örgüt kültürü ve etikTutku Ceylan
 
Ashby naturalmaterials
Ashby naturalmaterialsAshby naturalmaterials
Ashby naturalmaterialsAyuob Yahay
 
Distributed Data Systems
Distributed Data SystemsDistributed Data Systems
Distributed Data Systems
Jared Kerim
 
Managing Large Crop Loads FINAL Compressed
Managing Large Crop Loads FINAL CompressedManaging Large Crop Loads FINAL Compressed
Managing Large Crop Loads FINAL CompressedByron Phillips
 
Structural sol-week01
Structural sol-week01Structural sol-week01
Structural sol-week01Ayuob Yahay
 
Structural sol-week02
Structural sol-week02Structural sol-week02
Structural sol-week02Ayuob Yahay
 
Inside Travelport Merchandising Platform
Inside Travelport Merchandising PlatformInside Travelport Merchandising Platform
Inside Travelport Merchandising PlatformMarc Le Clercq
 
Cherry Pollination FINAL
Cherry Pollination FINALCherry Pollination FINAL
Cherry Pollination FINALByron Phillips
 
Materials used in ship building
Materials used in ship building Materials used in ship building
Materials used in ship building
Ayuob Yahay
 
Cooper Tires media case studies
Cooper Tires media case studiesCooper Tires media case studies
Cooper Tires media case studiesRich VanOverberg
 

Viewers also liked (11)

age-report-exec-summary
age-report-exec-summaryage-report-exec-summary
age-report-exec-summary
 
örgüt kültürü ve etik
örgüt kültürü ve etikörgüt kültürü ve etik
örgüt kültürü ve etik
 
Ashby naturalmaterials
Ashby naturalmaterialsAshby naturalmaterials
Ashby naturalmaterials
 
Distributed Data Systems
Distributed Data SystemsDistributed Data Systems
Distributed Data Systems
 
Managing Large Crop Loads FINAL Compressed
Managing Large Crop Loads FINAL CompressedManaging Large Crop Loads FINAL Compressed
Managing Large Crop Loads FINAL Compressed
 
Structural sol-week01
Structural sol-week01Structural sol-week01
Structural sol-week01
 
Structural sol-week02
Structural sol-week02Structural sol-week02
Structural sol-week02
 
Inside Travelport Merchandising Platform
Inside Travelport Merchandising PlatformInside Travelport Merchandising Platform
Inside Travelport Merchandising Platform
 
Cherry Pollination FINAL
Cherry Pollination FINALCherry Pollination FINAL
Cherry Pollination FINAL
 
Materials used in ship building
Materials used in ship building Materials used in ship building
Materials used in ship building
 
Cooper Tires media case studies
Cooper Tires media case studiesCooper Tires media case studies
Cooper Tires media case studies
 

Similar to Castle Presentation 08-12-04

Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overview
Information Security Awareness Group
 
2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian
ITCamp
 
2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security
Tudor Damian
 
Secure channels main deck
Secure channels main deckSecure channels main deck
Secure channels main deck
Richard Blech
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talk
promediakw
 
Wi-Fi Security Fundamentals
Wi-Fi Security FundamentalsWi-Fi Security Fundamentals
Wi-Fi Security Fundamentals
Aruba, a Hewlett Packard Enterprise company
 
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security ThreatsBank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
Michelle Morgan-Nelsen
 
Secure Channels Presentation
Secure Channels PresentationSecure Channels Presentation
Secure Channels Presentation
Richard Blech
 
Code Signing Certificate
Code Signing CertificateCode Signing Certificate
Code Signing Certificate
The SSL Store™
 
Crush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access ManagementCrush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access Management
BeyondTrust
 
Psdot 19 four factor password authentication
Psdot 19 four factor password authenticationPsdot 19 four factor password authentication
Psdot 19 four factor password authentication
ZTech Proje
 
Security of information asset
Security of information assetSecurity of information asset
Security of information asset
University of Central Punjab
 
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
SecureAuth
 
Visualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber SecurityVisualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber Security
Cambridge Intelligence
 
RSA SecurID Access
RSA SecurID AccessRSA SecurID Access
RSA SecurID Access
MarketingArrowECS_CZ
 
Public Digital Identity as a Service
Public Digital Identity as a ServicePublic Digital Identity as a Service
Public Digital Identity as a Service
PT Datacomm Diangraha
 
Overall cryptography and pki introduction
Overall cryptography and pki introductionOverall cryptography and pki introduction
Overall cryptography and pki introductionAvirot Mitamura
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
Precisely
 

Similar to Castle Presentation 08-12-04 (20)

Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overview
 
2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian
 
2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security
 
Secure channels main deck
Secure channels main deckSecure channels main deck
Secure channels main deck
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talk
 
Wi-Fi Security Fundamentals
Wi-Fi Security FundamentalsWi-Fi Security Fundamentals
Wi-Fi Security Fundamentals
 
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
 
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security ThreatsBank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
 
Secure Channels Presentation
Secure Channels PresentationSecure Channels Presentation
Secure Channels Presentation
 
Code Signing Certificate
Code Signing CertificateCode Signing Certificate
Code Signing Certificate
 
Crush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access ManagementCrush Common Cybersecurity Threats with Privilege Access Management
Crush Common Cybersecurity Threats with Privilege Access Management
 
Psdot 19 four factor password authentication
Psdot 19 four factor password authenticationPsdot 19 four factor password authentication
Psdot 19 four factor password authentication
 
Security of information asset
Security of information assetSecurity of information asset
Security of information asset
 
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
 
Visualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber SecurityVisualizing Threats: Network Visualization for Cyber Security
Visualizing Threats: Network Visualization for Cyber Security
 
RSA SecurID Access
RSA SecurID AccessRSA SecurID Access
RSA SecurID Access
 
Public Digital Identity as a Service
Public Digital Identity as a ServicePublic Digital Identity as a Service
Public Digital Identity as a Service
 
Overall cryptography and pki introduction
Overall cryptography and pki introductionOverall cryptography and pki introduction
Overall cryptography and pki introduction
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
ekey+ Presentation
ekey+ Presentationekey+ Presentation
ekey+ Presentation
 

Castle Presentation 08-12-04

  • 1. Protect the castle from the insideProtect the castle from the inside Created by William Tabor and Howard HellmanCreated by William Tabor and Howard Hellman
  • 2. CASTLE TECHNOLOGYCASTLE TECHNOLOGY • Walls (Firewalls)Walls (Firewalls) • Draw Bridge (Tunnels)Draw Bridge (Tunnels) • Moats (DMZs)Moats (DMZs) HISTORYHISTORY
  • 3. HISTORYHISTORY The battle for TroyThe battle for Troy proved thatproved that thisthis does notdoes not workwork
  • 4. HISTORYHISTORY 80% of all theft80% of all theft occurs from theoccurs from the insideinside
  • 6. INTERNAL COMMUNICATIONINTERNAL COMMUNICATION PROBLEMS WITH CLEAR TEXT COMMUNICATIONPROBLEMS WITH CLEAR TEXT COMMUNICATION • Instant messagingInstant messaging • EmailEmail • Accounting informationAccounting information
  • 7. INTERNAL COMM – INSTANT MESSAGINGINTERNAL COMM – INSTANT MESSAGING EXAMPLE #1EXAMPLE #1 The CEO and personnel director of a medium-sized company were messaging eachThe CEO and personnel director of a medium-sized company were messaging each other about potential layoffs.other about potential layoffs. This information exchange was detected by individuals within the IT department,This information exchange was detected by individuals within the IT department, and news of the discussion spread through the enterprise unchecked, well beforeand news of the discussion spread through the enterprise unchecked, well before any decisions could be made.any decisions could be made.
  • 8. INTERNAL COMM – INSTANT MESSAGINGINTERNAL COMM – INSTANT MESSAGING EXAMPLE #2EXAMPLE #2 Two writers for a well-known daytime drama were messaging each other regarding aTwo writers for a well-known daytime drama were messaging each other regarding a significant plot change.significant plot change. A tabloid reporter intercepted their conversation and printed his scoop.A tabloid reporter intercepted their conversation and printed his scoop. The show subsequently dropped 15 ratings points. Each point translates intoThe show subsequently dropped 15 ratings points. Each point translates into advertising revenue of between $10 and $15 million.advertising revenue of between $10 and $15 million.
  • 9. INTERNAL COMM – EMAILINTERNAL COMM – EMAIL EXAMPLE #3EXAMPLE #3 A car manufacturer spent $240 million on researching and developing an innovative,A car manufacturer spent $240 million on researching and developing an innovative, advanced engine design.advanced engine design. The company emailed the design to production plant, but the email was interceptedThe company emailed the design to production plant, but the email was intercepted by a competing manufacturer.by a competing manufacturer. The competitor promptly put the new engine design into production, beating theThe competitor promptly put the new engine design into production, beating the developer to market – without having to pay a single euro into R&D!developer to market – without having to pay a single euro into R&D!
  • 10. PROVIDER OF SECURE SYSTEM SOLUTIONSPROVIDER OF SECURE SYSTEM SOLUTIONS • Virtual Security ApplianceVirtual Security Appliance • FirewallFirewall • SSL VPN TunnelSSL VPN Tunnel • Public Key Infrastructure (PKI) ServicesPublic Key Infrastructure (PKI) Services • Biometric Secure IdentificationBiometric Secure Identification • Consulting ServicesConsulting Services
  • 11. VST SOLUTIONSVST SOLUTIONS Virtual Security Appliance - FirewallVirtual Security Appliance - Firewall
  • 12. VST SOLUTIONSVST SOLUTIONS Virtual Security Appliance - FirewallVirtual Security Appliance - Firewall • Built on a lightweight version of SELinuxBuilt on a lightweight version of SELinux • Turn any server into a hardened platform .Turn any server into a hardened platform . • Application server becomes undetectable on the network.Application server becomes undetectable on the network.
  • 13. VST SOLUTIONSVST SOLUTIONS Virtual Security Appliance – SSL VPNVirtual Security Appliance – SSL VPN
  • 14. VST SOLUTIONSVST SOLUTIONS Virtual Security Appliance – SSL VPNVirtual Security Appliance – SSL VPN • Works with and in Conjunction with Linux FirewallWorks with and in Conjunction with Linux Firewall • Provides non clear text access to the ApplicationProvides non clear text access to the Application • Encryption greater then 2048bitEncryption greater then 2048bit • Can exist in a P5 PartitionCan exist in a P5 Partition
  • 16. idTRUST – PKI INFRASTRUCTUREidTRUST – PKI INFRASTRUCTURE WHY IS A PKI INFRASTRUCTURE NECESSARY?WHY IS A PKI INFRASTRUCTURE NECESSARY? • Optional key generationOptional key generation • Validate initial identitiesValidate initial identities • Issuance, renewal and termination of certificatesIssuance, renewal and termination of certificates • Certificate validationCertificate validation • Distribution of certificatesDistribution of certificates • Secure archival and key recoverySecure archival and key recovery • Generation of signatures and timestampsGeneration of signatures and timestamps • Establish and manage trust relationshipsEstablish and manage trust relationships
  • 17. WHAT HAS BLOCKED PKI FROM GLOBAL USE?WHAT HAS BLOCKED PKI FROM GLOBAL USE? • CostCost • PKI Integration with vertical application basePKI Integration with vertical application base • CA portability and interoperabilityCA portability and interoperability idTRUST – PKI INFRASTRUCTUREidTRUST – PKI INFRASTRUCTURE
  • 18. PUBLIC/PRIVATE KEY GENERATIONPUBLIC/PRIVATE KEY GENERATION LOCAL APPLICATIONLOCAL APPLICATION • ERP, CRM, SCM….ERP, CRM, SCM…. BROWSERBROWSER • WebSphere PortalWebSphere Portal • Linux (PHP)Linux (PHP) REMOTE SERVER COMMUNICATIONSREMOTE SERVER COMMUNICATIONS Generate a Public/Private Key Pair
  • 19. WHY USE CRYPTOGRAPHY?WHY USE CRYPTOGRAPHY? Cryptography can be applied to the following information categories:Cryptography can be applied to the following information categories: • Information at restInformation at rest • Information in transitInformation in transit Cryptography is used to enable information:Cryptography is used to enable information: • Privacy – information cannot be readPrivacy – information cannot be read • Integrity – information cannot be modifiedIntegrity – information cannot be modified • Authentication – information proof of ownershipAuthentication – information proof of ownership • Non-repudiation – cannot deny involvement in transactionNon-repudiation – cannot deny involvement in transaction
  • 20. ASYMETTRIC KEY CRYPTOGRAPHYASYMETTRIC KEY CRYPTOGRAPHY Different keys (secrets) are used for both the encryption and decryption processes: Public Key Cipher Ciphertext information Cleartext Public Key Cipher J9%B 8^cBt Ciphertext Asymmetric key “public key” Asymmetric key “private key” Decryption ProcessEncryption Process Asymmetric key cryptography is characterized by the use of two independent but mathematically related keys J9%B 8^cBt
  • 21. DIGITAL RIGHTSDIGITAL RIGHTS WHAT IS DIGITAL RIGHTS?WHAT IS DIGITAL RIGHTS? Gives us the ability to . . .Gives us the ability to . . . • Assign ownership to documents or dataAssign ownership to documents or data • Ensure that data has not been altered during transferEnsure that data has not been altered during transfer • Provide authenticationProvide authentication
  • 22. CURRENT METHODCURRENT METHOD • Username and passwordUsername and password • Card and PINCard and PIN • RSA TokenRSA Token • BiometricsBiometrics USER IDENTIFICATIONUSER IDENTIFICATION
  • 23. TOMORROW’S SECURITY TODAYTOMORROW’S SECURITY TODAY • Secure user authenticationSecure user authentication • PKIPKI • Virtualized SecurityVirtualized Security • SSL VPN TunnelsSSL VPN Tunnels NEXT GENERATION SECURITYNEXT GENERATION SECURITY
  • 24. USER IDENTIFICATIONUSER IDENTIFICATION • Crypto-processor cardCrypto-processor card • Biometrics on cardBiometrics on card • ACLU friendlyACLU friendly DATAQUEST TECHNOLOGIES’ SOLUTIONSDATAQUEST TECHNOLOGIES’ SOLUTIONS
  • 25. SECURE IDENTITY TRUST CARDSECURE IDENTITY TRUST CARD BIOMETRIC CARD FEATURES & CHARACTERISTICSBIOMETRIC CARD FEATURES & CHARACTERISTICS • Similar to credit card-sized “Smart Card,” but also contains on-card crypto processorSimilar to credit card-sized “Smart Card,” but also contains on-card crypto processor • Maintains protected storage for public/private keys, digital certificates and digitalMaintains protected storage for public/private keys, digital certificates and digital signatures to be used during authentication processsignatures to be used during authentication process • Executes cryptographic operations (verifies fingerprint)Executes cryptographic operations (verifies fingerprint) • Works in conjunction with card operating system (COS)Works in conjunction with card operating system (COS)
  • 26. BIOMETRIC SECURE IDENTITY CARDBIOMETRIC SECURE IDENTITY CARD HOW THE IDENTITY TRUST CARD WORKSHOW THE IDENTITY TRUST CARD WORKS • User enrolls in the Biometric process Card maintains encrypted hash copy ofUser enrolls in the Biometric process Card maintains encrypted hash copy of user’s fingerprint in EEPROMuser’s fingerprint in EEPROM • When user wishes to authenticate him/herself, he/she simply places the correctWhen user wishes to authenticate him/herself, he/she simply places the correct finger on the e-field sensorfinger on the e-field sensor • The fingerprint is scanned, hashed and encryptedThe fingerprint is scanned, hashed and encrypted • The crypto processor compares the fingerprint sample to the stored valueThe crypto processor compares the fingerprint sample to the stored value • Card typically returns success or failure status to systemCard typically returns success or failure status to system
  • 27. CRYPTO-PROCESSING CHIP LAYOUTCRYPTO-PROCESSING CHIP LAYOUT VCC Reset Clock GND I/O 32-bit Microprocessor (Microcontroller) RAM 2K Bytes ROM 32K+ Bytes EEPROM 64K+ Bytes Crypto Accelerator (Processor) ISO 7816 Family of Smart/Crypto Card Standards, i.e., power, Clock & I/O Bus
  • 28. BIOMETRIC SECURE IDENTITY TRUST CARDBIOMETRIC SECURE IDENTITY TRUST CARD CARD CUSTOMIZATION CAPABILITIESCARD CUSTOMIZATION CAPABILITIES • Multiple processors (4,6,8, etc.)Multiple processors (4,6,8, etc.) • Mix and match 8, 16 and 32 bit processors for focused tasksMix and match 8, 16 and 32 bit processors for focused tasks • Memory (inter-processor and processor specific)Memory (inter-processor and processor specific) • Multiple custom data structure (application and processor)Multiple custom data structure (application and processor) • Potentially contact-based and contact-less cardsPotentially contact-based and contact-less cards
  • 29. BIOMETRIC READERSBIOMETRIC READERS ● Optical Sensor ● Capacitive Sensor ● E-Field Sensor
  • 30. USER IDENTIFICATION SUMMARYUSER IDENTIFICATION SUMMARY • Crypto-processor cardCrypto-processor card • Biometrics on cardBiometrics on card • PKI data on cardPKI data on card DATAQUEST TECHNOLOGIES’ SOLUTIONSDATAQUEST TECHNOLOGIES’ SOLUTIONS
  • 31. VST SOLUTIONSVST SOLUTIONS Certificate Authority SoftwareCertificate Authority Software
  • 32. INDUSTRY-SPECIFIC APPLICATIONSINDUSTRY-SPECIFIC APPLICATIONS Master Trust Centers Organizations Departments, Groups, Regional Centers DataQuest Master Trust Center (Security Level 1, 2, 3) Small business Level 1, 2Finance Level 1Level 1, 3 Level 1, 2, 3 Level 1 Level 1, 2 Healthcare Medical records database Level 3 Level 1, 2, 3 Level 1 Third Party Master Trust Center Certificate interoperability (depends on level of trust) Trust CenterTrust Center Trust Center Small business Small business Geographic (Regional) Trust Center Trust Center Trust Center Trust Center Trust Center Trust Center
  • 33. VST SOLUTIONSVST SOLUTIONS Works in P5 SystemWorks in P5 System P5 Firewall SSL VPN Certificate Authority Applications
  • 34. PROFESSIONAL SERVICESPROFESSIONAL SERVICES • Biometric smart card, trust center and PKI integrationBiometric smart card, trust center and PKI integration • Secure application design, development and implementationSecure application design, development and implementation • Enterprise security servicesEnterprise security services • Custom software and consulting servicesCustom software and consulting services • Project managementProject management • Training and educationTraining and education
  • 35. • Security InventorySecurity Inventory • Security Policies and Procedures Guide DevelopmentSecurity Policies and Procedures Guide Development • IT Governance Audit/AssessmentIT Governance Audit/Assessment • Penetration TestingPenetration Testing • Disaster Recovery Planning and ImplementationDisaster Recovery Planning and Implementation SECURITY SERVICESSECURITY SERVICES
  • 36. DATAQUEST TECHNOLOGIES’ SOLUTIONSDATAQUEST TECHNOLOGIES’ SOLUTIONS Questions?Questions?