Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer

Slides:

Advertisements

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Advertisements

OneBridge Mobile Data Suite Product Positioning. Target Plays IT-driven enterprise mobility initiatives Extensive support for integration into existing.

 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Deploying and Managing Active Directory Certificate Services

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

PKI Administration Using EJBCA and OpenCA

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Understanding Active Directory

WSU A Symphony in Four Movements. A Century of Controlled Flight.

Chapter 11: Active Directory Certificate Services

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

WAP: Wireless Application Protocol Mike Mc Ardle ACSG April, 2005.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Configuring Active Directory Certificate Services Lesson 13.

Public Key Infrastructure from the Most Trusted Name in e-Security.

1 Digital Credential for Higher Education John Gardiner August 11, 2004.

Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.

JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Internet Trust Defined. Delivered. Electronic Business the Way It Was Meant to Be.

Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.

Leveraging Oracle Data for Web- Based Reporting Northern California Oracle Users Group May 2001.

PKI interoperability and policy in the wireless world.

The Windows NT ® 5.0 Public Key Infrastructure Charlie Chase Program Manager Windows NT Security Microsoft Corporation.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

Public Key Infrastructures and mCommerce Baltimore’s offerings for wireless technologies.

Logo Add Your Company Slogan China Financial Certification Authority Third-party certification authority Team 13 ：吉露露、吴莹莹、潘韦韦（ CFCA ）

Configuring Directory Certificate Services Lesson 13.

DEP350 Windows ® Rights Management (Part 1): Introduction, Concepts, And Technology Marco DeMello Group Program Manager Windows Trusted Platforms & Infrastructure.

Module 9: Fundamentals of Securing Network Communication.

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Creating and Managing Digital Certificates Chapter Eleven.

Module 13: Enterprise PKI Active Directory Certificate Services (AD CS)

Some Technical Issues in PKI Deployment David Chadwick

Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.

The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

Building and extending the internal PKI

Maintaining Network Health Lesson 10. Active Directory Certificates Services 2 A component of Microsoft Identity Lifecycle Management (ILM) ILM allow.

1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.

Secure Enterprise Technology Initiatives e-Provisioning Group

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

OpenCA Maria Lizarraga.

Introduction to z/OS Security Lesson 4: There’s more to it than RACF

Goals Introduce the Windows Server 2003 family of operating systems

Public Key Infrastructure from the Most Trusted Name in e-Security

Designed for powerful live monitoring of larger installations

RSA Digital Certificate Solutions RSA Solutions for PKI David Mateju RSA Sales Consultant

Presentation transcript:

Sentry: A Scalable Solution Margie Cashwell Senior Sales Engineer Sept 2000 Margie Cashwell Senior Sales Engineer Sept 2000

Overview State of Digital Mobile Telephony Examples of Wireless Applications PKI Architecture Scalability Extensibility Scalable Solutions Sample Architectures

State of Digital Mobile Telephony Global System for Mobile Communications (GSM) has over 215 million subscribers GSM alone has more subscribers than the Internet has users (210) Paradigm shift in mobile telephony 3G, –Sprint 1st cellular provider to offer service in US

Examples of Wireless Applications Top three uses of Internet enabled mobile phones: –Travel related uses –Online banking – Wireless scale = Internet Scale x 100 = Enterprise x 1,000

PKI Architecture Requirements: –Multi- Functional –Extensible –Support mass-market network devices embedded in: mobile phones: pagers PDAs “smart phones”

Extensibility Ration of device size to certificate size X.509 certificate format too complex Elliptic curve keys in certificates WTLS certificate format Ability to support new certificate formats

Proven Scalable Solutions 8 Million Certificates on a single server Individual and batch certificate issuance and revocation Remote publishing of user certificates Locating and retrieving user certificates Concurrent signing operations Concurrent real time online certificate status checking

Xcert Sample Architecture

Trust Model with External CAs

WebSentry

Sentry Product Suite Unique ‘rapid deploy’ PKI platform for Internet and e-commerce applications that scales to a million users & manages security for corporations that use the Internet to conduct business

Sentry Product Suite Sentry CA - Issue & manage certificates WebSentry - PKI enable your servers Sentry RA - Provide remote enrollment Xcert Development Kit - PKI enable your apps Professional Services & Training - Achieving ROI Support - Reliable customer service

Xcert PKI Overview Internet based Customizable Simple Scalable Lightweight Secure Non-proprietary PKI enables the application service User authorization Non-repudiation of transactions (digital signatures) Remote user enrollment Minimizes enrollment bottlenecks Industrial strength CA Issues certificates Manages certificates Manages Access Control Lists Supports PKI enabled applications

Platforms –NT & Solaris Certificates & CRLs –X509 v3 (all standard extensions) Application Support –Web – –VPN –ERP –SSO –Document security Directories –LDAP, X500 Protocols –HTTP, SSL, LDAP, SMTP, PKCS Crypto –DSA, RSA, ECC Crypto Hardware –All PKCS #11 High Assurance –FIPS-140 level 3 hardware –Real time revocation Sentry CA Specifications

Basic Components: Directory Server Signing Engine Administration Server Enrollment Server Logging Server Sentry CA Architecture

Basic Components: Directory Server Signing Engine Administration Server Enrollment Server Logging Server Sentry CA Architecture

Basic Components: Directory Server Signing Engine Administration Server Enrollment Server Logging Server Sentry CA Architecture

Basic Components: Directory Server Signing Engine Administration Server Enrollment Server Logging Server

Sentry CA Architecture Add-on Components: Publishing Backend Alternate SQL data stores

Sentry CA Features Enrollment –Interfaces Vetting –Notification –Examination –Auto vetting Extensions –Profiles Storage –Interfaces Suspension & revocation –Status checking Renewal Certificate lifecycle management

Sentry CA Features Creating CAs Managing CAs –User maintenance CA security & practices Exporting CAs Importing CAs Cloning Subordination CRLs External CAs CA lifecycle management

External CAs

Sentry CA Features System administration –Work benches –ACL management Admin, vettors, end users –Logging –Backing up –Upgrading Extending the back-end –Publishing –Data stores

Sentry RA Industrial strength enrollment solution –Accepts certificate requests –Verifies credentials –Supports CA signing process –Revokes certificates Streamlined configuration –auto notification –auto enrollment –auto renewal –application specific profiles Distributed component / Stand-alone server Offloads enrollment bottlenecks from CA Flexible scalability

Sentry RA

WebSentry High assurance PKI for web servers –Plugs into standard web servers –User authorization –Controls access to web pages –Queries Sentry CA certificate status ACL rules Zero tolerance security

Wrap Up Wireless devices large part of the future, The best way to bring these devices into the network in a secure fashion is with certificates. We expect to see significant PKI and WAP development over the next 18 months.