Maintenance Intelligence of Tomorrow IPS-CYBER SECURITY IT-S ECURITY RELATED TO IPS-SYSTEMS
E NCRYPTION 2© 2013 IPS GmbH
Encryption of whole hard disk Secured Containers Secured external devices (ex. USB-Flash Drives) Modern encryption technologies as AES and Twofish Multiple OS Support Possible performance loss of 10% up to 15% 3 E NCRYPTION © 2013 IPS GmbH
S/MIME 4© 2013 IPS GmbH
signing encryption Certificate based method Possible to identify sender Redirect s not readable IPS supports S/MIME based transfer E-M AIL S IGNING AND E NCRYPTION WITH S/MIME 5© 2013 IPS GmbH
E NCRYPTED DATA TRANSFER 6© 2013 IPS GmbH
Encrypted file transfer minimize the risk of unauthorized access Man on the middle-attacks impossible Redirect to other server impossible because of certificate check IPS supports only TLS encrypted FTP access E NCRYPTED FTP T RANSFERS 7© 2013 IPS GmbH
D ATA E NCRYPTION 8© 2013 IPS GmbH
Pretty Good Privacy or GNU Privacy Guard Public Key / Private Key method (Keychain) Encryption with public key Decryption with private key IPS supports encrypted file transfer IPS PGP/GPG Key on IPS-Website: PGP/GPG F ILE E NCRYPTION 9© 2013 IPS GmbH
PGP/GPG F ILE E NCRYPTION 10© 2013 IPS GmbH
S AVE D ATA T RANSFER B ETWEEN U NTRUSTED N ETWORKS 11© 2013 IPS GmbH
Two independent networks (domains): Office and Process Office network is connected to Internet Process network is highly isolated (no connection to Internet) There is no permanent connection between networks S AFE DATA TRANSFER BETWEEN UNTRUSTED NETWORKS 12© 2013 IPS GmbH
S YNCHRONIZATION SCHEMA © 2013 IPS GmbH
SQL Server Merge replication concept with mediator – republishing subscriber server in DMZ Office and Process network are never connected All connections between networks and DMZ are on demand Firewalls are configured for allowing only SQL server port (TCP 1433) Two stage synchronization process: In first step opens the connection between Office network and DMZ server and perform synchronization In second step opens the connection between DMZ server and Process network and perform synchronization S YNCHRONIZATION SCENARIO © 2013 IPS GmbH
Maintenance Intelligence of Tomorrow © 2013 IPS GmbH15