SlideShare a Scribd company logo

e-Xpert Gate / Reverse Proxy - WAF 1ere génération

Download as PPT, PDF
Sylvain Maret
Sylvain Maret

The document discusses e-Xpert Gate, a web-based secure access solution that allows users to access internal applications from any device with a web browser. It provides strong authentication using RSA SecurID or SSL client certificates to securely access intranet resources through a firewall. The solution uses SSL/TLS to encrypt traffic and authenticate users, preventing direct unsecured access to internal servers and networks.

Technology
1 of 37
e-Xpert Gate e-Xpert Solutions SA [email_address] 2 mars 2001
e-Xpert Gate ? Access your applications from everywhere with strong confidentiality and authentication
About your need ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Solution ? Use your favorite browser
Why my browser ? ,[object Object],[object Object],[object Object],[object Object],[object Object]
But how to solve security issue ? Web-based Internal Resources What should I do ? Firewall Dmz Browser
Direct access with http or https ? Firewall Dmz Browser Web-based Internal Resources Why not ?
Direct access drawback ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Secure access with e-Xpert Gate Firewall Dmz Browser Web-based Internal Resources E-Xpert Gate SSL
Secure access thrue e-Xpert Gate ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Reverse Proxy Technology Server within a firewall The proxy server appears to be the content server A client computer on the Internet sends a request to the proxy server Firewall CACHE The proxy server uses a regular mapping to forward the client request to the internal content server You can configure the firewall router to allow a specific server on a specific port (in this case, the proxy on its assigned port) to have access through the firewall without allowing any other machine in or out. https (SSL) http or https
SSL/TLS Technology ,[object Object],[object Object],[object Object],[object Object],[object Object]
SSL/TLS Technology ,[object Object],[object Object]
Applications that use SSL or TLS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SSL/TLS history ,[object Object],[object Object],[object Object],[object Object]
About authentication ? Your business is on the line. But do you really know who’s on the other end?
Two-factor User Authentication
One-Factor User Authentication Drawback ,[object Object],[object Object],[object Object],[object Object]
e-Xpert Gate’s Authentication method ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],* Method not recommended
RSA SecurID implementation Dmz Web-based Internal Resources E-Xpert Gate
RSA tokens
How it works ? Seed Time 482392 ACE/Server Token Algorithm Seed Time 482392 Algorithm Same Seed Same Time
SecurID exemple
SSL client authentication implementation Dmz Web-based Internal Resources PKI architecture Client X509 Certificate E-Xpert Gate
What is a certificate
X509 Authentication ,[object Object],[object Object],[object Object],[object Object]
Client side authentication Web Client Web Server Challenge Client Certificate Request Challenge answer Client Certificate
How secure is the private key ? How does the user get access? Where is it stored? Smart Card PIN Password Local Browser store Private key
SmartCard and iKey ,[object Object],[object Object],[object Object]
e-Xpert Gate Applications ,[object Object],[object Object],[object Object],[object Object],[object Object]
Lotus access with e-Xpert Gate
Outlook Web Access
e-Xpert Gate ’s key features ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
e-Xpert Gate ’s key features ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
e-Xpert Gate ’s key features ,[object Object],[object Object],[object Object]
e-Xpert Gate ’s key features ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Questions ?

Recommended

Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSylvain Maret
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Chris Ryu
 
X 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetX 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetPuneet Arora
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate ServicesInfrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate Serviceskieranjacobsen
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 

Recommended

Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSylvain Maret
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Chris Ryu
 
X 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetX 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetPuneet Arora
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate ServicesInfrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate Serviceskieranjacobsen
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
How to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewedHow to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewedArash Ramez
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologiesTatyana Kobets
 
Certification authority
Certification authorityCertification authority
Certification authorityproser tech
 
How to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneHow to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneArash Ramez
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniquesIGZ Software house
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
PKI by Gene Itkis
PKI by Gene ItkisPKI by Gene Itkis
PKI by Gene ItkisInformation Security Awareness Group
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoArash Ramez
 
020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPSJackio Kwok
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommercepriyanka Garg
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructureAditya Nama
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in BangladeshBangladesh Network Operators Group
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim PolkInformation Security Awareness Group
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication ServiceSwathy T
 
Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Paul Fremantle
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
Xpert- MTB-RIF Data _Biman
Xpert- MTB-RIF Data _BimanXpert- MTB-RIF Data _Biman
Xpert- MTB-RIF Data _BimanBiman Dey
 
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...Amol Patil
 

More Related Content

What's hot

How to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewedHow to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewedArash Ramez
 
Certification authority
Certification authorityCertification authority
Certification authorityproser tech
 
How to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneHow to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneArash Ramez
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoArash Ramez
 
020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPSJackio Kwok
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructureAditya Nama
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication ServiceSwathy T
 
Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Paul Fremantle
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 

What's hot (20)

How to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewedHow to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewed
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologies
 
Certification authority
Certification authorityCertification authority
Certification authority
 
How to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneHow to do Cryptography right in Android Part One
How to do Cryptography right in Android Part One
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets Management
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
PKI by Gene Itkis
PKI by Gene ItkisPKI by Gene Itkis
PKI by Gene Itkis
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part Two
 
020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommerce
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructure
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim Polk
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication Service
 
Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 

Viewers also liked

Xpert- MTB-RIF Data _Biman
Xpert- MTB-RIF Data _BimanXpert- MTB-RIF Data _Biman
Xpert- MTB-RIF Data _BimanBiman Dey
 
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...Amol Patil
 
molecular detection of tuberculosis and rifampin resistance.
molecular detection of tuberculosis and rifampin resistance.molecular detection of tuberculosis and rifampin resistance.
molecular detection of tuberculosis and rifampin resistance.Khaled AlKhodari
 
Cbnaat ppt by Dr. Samrat Abhishek
Cbnaat ppt by Dr. Samrat AbhishekCbnaat ppt by Dr. Samrat Abhishek
Cbnaat ppt by Dr. Samrat AbhishekSamrat Abhishek
 
RECENT ADVANCES IN DIAGNOSIS OF TUBERCULOSIS
RECENT ADVANCES IN DIAGNOSIS OF TUBERCULOSISRECENT ADVANCES IN DIAGNOSIS OF TUBERCULOSIS
RECENT ADVANCES IN DIAGNOSIS OF TUBERCULOSISANGAN KARMAKAR
 
Lpa and Genexpert/CBNAAT/Xpert MTB/Rif
Lpa and Genexpert/CBNAAT/Xpert MTB/RifLpa and Genexpert/CBNAAT/Xpert MTB/Rif
Lpa and Genexpert/CBNAAT/Xpert MTB/RifKalai Arasan
 

Viewers also liked (8)

Xpert- MTB-RIF Data _Biman
Xpert- MTB-RIF Data _BimanXpert- MTB-RIF Data _Biman
Xpert- MTB-RIF Data _Biman
 
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...
 
molecular detection of tuberculosis and rifampin resistance.
molecular detection of tuberculosis and rifampin resistance.molecular detection of tuberculosis and rifampin resistance.
molecular detection of tuberculosis and rifampin resistance.
 
Tuberculosis Diagnosis
Tuberculosis Diagnosis Tuberculosis Diagnosis
Tuberculosis Diagnosis
 
Cbnaat ppt by Dr. Samrat Abhishek
Cbnaat ppt by Dr. Samrat AbhishekCbnaat ppt by Dr. Samrat Abhishek
Cbnaat ppt by Dr. Samrat Abhishek
 
RECENT ADVANCES IN DIAGNOSIS OF TUBERCULOSIS
RECENT ADVANCES IN DIAGNOSIS OF TUBERCULOSISRECENT ADVANCES IN DIAGNOSIS OF TUBERCULOSIS
RECENT ADVANCES IN DIAGNOSIS OF TUBERCULOSIS
 
Xpert MTB/RIF Ultra newer technology past to future DIAGNOSIS OF TUBERCULOSIS
Xpert MTB/RIF Ultra newer technology past to future DIAGNOSIS OF TUBERCULOSIS Xpert MTB/RIF Ultra newer technology past to future DIAGNOSIS OF TUBERCULOSIS
Xpert MTB/RIF Ultra newer technology past to future DIAGNOSIS OF TUBERCULOSIS
 
Lpa and Genexpert/CBNAAT/Xpert MTB/Rif
Lpa and Genexpert/CBNAAT/Xpert MTB/RifLpa and Genexpert/CBNAAT/Xpert MTB/Rif
Lpa and Genexpert/CBNAAT/Xpert MTB/Rif
 

Similar to e-Xpert Gate / Reverse Proxy - WAF 1ere génération

Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Rishabh Dangwal
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptxRushikeshChikane2
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerBU
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki conceptMostafa El Lathy
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvanitrraincity
 
The new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pkiThe new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pkiNathan Winters
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionADVA
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authenticationdkaya
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutionsNick Owen
 
Certificates and Web of Trust
Certificates and Web of TrustCertificates and Web of Trust
Certificates and Web of TrustYousof Alsatom
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudAmazon Web Services
 

Similar to e-Xpert Gate / Reverse Proxy - WAF 1ere génération (20)

Security
SecuritySecurity
Security
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
 
Internet .ppt
Internet .pptInternet .ppt
Internet .ppt
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptx
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologies
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept
 
Lecture17
Lecture17Lecture17
Lecture17
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvan
 
Web Security
Web SecurityWeb Security
Web Security
 
Ecommerce final ppt
Ecommerce final pptEcommerce final ppt
Ecommerce final ppt
 
Sangfor SSL VPN Datasheet
Sangfor SSL VPN DatasheetSangfor SSL VPN Datasheet
Sangfor SSL VPN Datasheet
 
The new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pkiThe new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pki
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authentication
 
Web security
Web securityWeb security
Web security
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
 
Certificates and Web of Trust
Certificates and Web of TrustCertificates and Web of Trust
Certificates and Web of Trust
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the Cloud
 

More from Sylvain Maret

Air Navigation Service Providers - Unsecurity on Voice over IP Radion
Air Navigation Service Providers - Unsecurity on Voice over IP RadionAir Navigation Service Providers - Unsecurity on Voice over IP Radion
Air Navigation Service Providers - Unsecurity on Voice over IP RadionSylvain Maret
 
factsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vlfactsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vlSylvain Maret
 
INA Volume 1/3 Version 1.02 Released / Digital Identity and Authentication
INA Volume 1/3 Version 1.02 Released / Digital Identity and AuthenticationINA Volume 1/3 Version 1.02 Released / Digital Identity and Authentication
INA Volume 1/3 Version 1.02 Released / Digital Identity and AuthenticationSylvain Maret
 
INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication
INA Volume 1/3 Version 1.0 Released / Digital Identity and AuthenticationINA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication
INA Volume 1/3 Version 1.0 Released / Digital Identity and AuthenticationSylvain Maret
 
INA Volume 1/3 Version 1.0 RC / Digital Identity and Authentication
INA Volume 1/3 Version 1.0 RC / Digital Identity and AuthenticationINA Volume 1/3 Version 1.0 RC / Digital Identity and Authentication
INA Volume 1/3 Version 1.0 RC / Digital Identity and AuthenticationSylvain Maret
 
Securite des Web Services (SOAP vs REST) / OWASP Geneva dec. 2012
Securite des Web Services (SOAP vs REST) / OWASP Geneva dec. 2012Securite des Web Services (SOAP vs REST) / OWASP Geneva dec. 2012
Securite des Web Services (SOAP vs REST) / OWASP Geneva dec. 2012Sylvain Maret
 
Strong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSOStrong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSOSylvain Maret
 
ASFWS 2012 / Initiation à la sécurité des Web Services par Sylvain Maret
ASFWS 2012 / Initiation à la sécurité des Web Services par Sylvain MaretASFWS 2012 / Initiation à la sécurité des Web Services par Sylvain Maret
ASFWS 2012 / Initiation à la sécurité des Web Services par Sylvain MaretSylvain Maret
 
Threat Modeling / iPad
Threat Modeling / iPadThreat Modeling / iPad
Threat Modeling / iPadSylvain Maret
 
Strong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIIStrong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIISylvain Maret
 
Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011Sylvain Maret
 
Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011Sylvain Maret
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationSylvain Maret
 
Geneva Application Security Forum 2010
Geneva Application Security Forum 2010Geneva Application Security Forum 2010
Geneva Application Security Forum 2010Sylvain Maret
 
Final conclusions of Working Group 3 at Workshop Münchenwiler 20-21 of May 20...
Final conclusions of Working Group 3 at Workshop Münchenwiler 20-21 of May 20...Final conclusions of Working Group 3 at Workshop Münchenwiler 20-21 of May 20...
Final conclusions of Working Group 3 at Workshop Münchenwiler 20-21 of May 20...Sylvain Maret
 
Comment protéger de façon efficace son/ses identité(s) numérique(s) sur le We...
Comment protéger de façon efficace son/ses identité(s) numérique(s) sur le We...Comment protéger de façon efficace son/ses identité(s) numérique(s) sur le We...
Comment protéger de façon efficace son/ses identité(s) numérique(s) sur le We...Sylvain Maret
 
Digital identity trust & confidence
Digital identity trust & confidenceDigital identity trust & confidence
Digital identity trust & confidenceSylvain Maret
 
Implementation of a Biometric Solution Providing Strong Authentication To Gai...
Implementation of a Biometric Solution Providing Strong Authentication To Gai...Implementation of a Biometric Solution Providing Strong Authentication To Gai...
Implementation of a Biometric Solution Providing Strong Authentication To Gai...Sylvain Maret
 
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...Sylvain Maret
 
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...Sylvain Maret
 

More from Sylvain Maret (20)

Air Navigation Service Providers - Unsecurity on Voice over IP Radion
Air Navigation Service Providers - Unsecurity on Voice over IP RadionAir Navigation Service Providers - Unsecurity on Voice over IP Radion
Air Navigation Service Providers - Unsecurity on Voice over IP Radion
 
factsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vlfactsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vl
 
INA Volume 1/3 Version 1.02 Released / Digital Identity and Authentication
INA Volume 1/3 Version 1.02 Released / Digital Identity and AuthenticationINA Volume 1/3 Version 1.02 Released / Digital Identity and Authentication
INA Volume 1/3 Version 1.02 Released / Digital Identity and Authentication
 
INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication
INA Volume 1/3 Version 1.0 Released / Digital Identity and AuthenticationINA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication
INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication
 
INA Volume 1/3 Version 1.0 RC / Digital Identity and Authentication
INA Volume 1/3 Version 1.0 RC / Digital Identity and AuthenticationINA Volume 1/3 Version 1.0 RC / Digital Identity and Authentication
INA Volume 1/3 Version 1.0 RC / Digital Identity and Authentication
 
Securite des Web Services (SOAP vs REST) / OWASP Geneva dec. 2012
Securite des Web Services (SOAP vs REST) / OWASP Geneva dec. 2012Securite des Web Services (SOAP vs REST) / OWASP Geneva dec. 2012
Securite des Web Services (SOAP vs REST) / OWASP Geneva dec. 2012
 
Strong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSOStrong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSO
 
ASFWS 2012 / Initiation à la sécurité des Web Services par Sylvain Maret
ASFWS 2012 / Initiation à la sécurité des Web Services par Sylvain MaretASFWS 2012 / Initiation à la sécurité des Web Services par Sylvain Maret
ASFWS 2012 / Initiation à la sécurité des Web Services par Sylvain Maret
 
Threat Modeling / iPad
Threat Modeling / iPadThreat Modeling / iPad
Threat Modeling / iPad
 
Strong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIIStrong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS III
 
Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011
 
Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
 
Geneva Application Security Forum 2010
Geneva Application Security Forum 2010Geneva Application Security Forum 2010
Geneva Application Security Forum 2010
 
Final conclusions of Working Group 3 at Workshop Münchenwiler 20-21 of May 20...
Final conclusions of Working Group 3 at Workshop Münchenwiler 20-21 of May 20...Final conclusions of Working Group 3 at Workshop Münchenwiler 20-21 of May 20...
Final conclusions of Working Group 3 at Workshop Münchenwiler 20-21 of May 20...
 
Comment protéger de façon efficace son/ses identité(s) numérique(s) sur le We...
Comment protéger de façon efficace son/ses identité(s) numérique(s) sur le We...Comment protéger de façon efficace son/ses identité(s) numérique(s) sur le We...
Comment protéger de façon efficace son/ses identité(s) numérique(s) sur le We...
 
Digital identity trust & confidence
Digital identity trust & confidenceDigital identity trust & confidence
Digital identity trust & confidence
 
Implementation of a Biometric Solution Providing Strong Authentication To Gai...
Implementation of a Biometric Solution Providing Strong Authentication To Gai...Implementation of a Biometric Solution Providing Strong Authentication To Gai...
Implementation of a Biometric Solution Providing Strong Authentication To Gai...
 
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...
 
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 

Recently uploaded (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 

e-Xpert Gate / Reverse Proxy - WAF 1ere génération

  • 1. e-Xpert Gate e-Xpert Solutions SA [email_address] 2 mars 2001
  • 2. e-Xpert Gate ? Access your applications from everywhere with strong confidentiality and authentication
  • 3.
  • 4. Solution ? Use your favorite browser
  • 5.
  • 6. But how to solve security issue ? Web-based Internal Resources What should I do ? Firewall Dmz Browser
  • 7. Direct access with http or https ? Firewall Dmz Browser Web-based Internal Resources Why not ?
  • 8.
  • 9. Secure access with e-Xpert Gate Firewall Dmz Browser Web-based Internal Resources E-Xpert Gate SSL
  • 10.
  • 11. Reverse Proxy Technology Server within a firewall The proxy server appears to be the content server A client computer on the Internet sends a request to the proxy server Firewall CACHE The proxy server uses a regular mapping to forward the client request to the internal content server You can configure the firewall router to allow a specific server on a specific port (in this case, the proxy on its assigned port) to have access through the firewall without allowing any other machine in or out. https (SSL) http or https
  • 12.
  • 13.
  • 14.
  • 15.
  • 16. About authentication ? Your business is on the line. But do you really know who’s on the other end?
  • 18.
  • 19.
  • 20. RSA SecurID implementation Dmz Web-based Internal Resources E-Xpert Gate
  • 22. How it works ? Seed Time 482392 ACE/Server Token Algorithm Seed Time 482392 Algorithm Same Seed Same Time
  • 24. SSL client authentication implementation Dmz Web-based Internal Resources PKI architecture Client X509 Certificate E-Xpert Gate
  • 25. What is a certificate
  • 26.
  • 27. Client side authentication Web Client Web Server Challenge Client Certificate Request Challenge answer Client Certificate
  • 28. How secure is the private key ? How does the user get access? Where is it stored? Smart Card PIN Password Local Browser store Private key
  • 29.
  • 30.
  • 31. Lotus access with e-Xpert Gate
  • 33.
  • 34.
  • 35.
  • 36.