Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*

Published byAlycia Hawke Modified over 10 years ago

Similar presentations

Presentation on theme: "1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*"— Presentation transcript:

1 1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*

2 2 Claim: Jack PC is the most secured desktop available today. This presentation is all about proving this strong claim…

3 3 What makes for the most secure desktop? 1)Strong Physical security 2)Strong User Authentication 3)Strong Device Authentication 4)Strong Peripherals Authentication, tracking and logging 5)Strong Management security 6)Strong Image security 7)Chip PC high security environment, technologies and capabilities

4 4 Strongest Physical Device Security Concept: Physically securing the device and its cables. How? No exposed components (wall mounting) Special built-in mechanical lock No exposed LAN jack / wiring Strong metal anti-tampering structure POE – No exposed power source No removable mass-storage (soldered DOC)

5 5 Jack PC Removed from Locking in Housing with Extraction Tool

6 6 Housing Contacts Housing Block Connector

7 7 Strongest User Authentication Concept: Identify device physical location. How? Patented local log-in authenticated against AD (similar to PC domain log-in) Support for most PC/SC PKI Smart-cards using external USB reader Support for Biometrics authentication Passed-through user authentication from XG server Fully configurable Kerberos, NTLM and other authentications.

8 8 Local User Logon Screen

9 9 Strongest Device Authentication Concept: Reliably identify the device. How? Patented technology to enable strong matching of device unique properties with device identity Soldered components with OTP (One Time Programming) chips Reliance on properties that cannot be cloned / modified. Two side authentication device Management system

10 10 Strongest Peripherals Authentication Concept: Reliably control the connected peripherals How? Strongest USB usage control using patented detection and power signatures Full peripherals control through XG policies based on device or user profile Detection / logging of all peripherals connection / disconnection events Option to implement keyboard authentication scheme

11 11 Local Image USB Settings

12 12 Strongest Management Security Concept: Securing device management functions How? Managed by XG – AD policies, leveraging Windows Security Scheme Full Multi-level administrative rights, delegation Management protocols uses selectable high- encryption, compression and port settings (non-SNMP) Single Sign On using XG secured infrastructure Security desk, logging and events

13 13 Xcalibur Global Permissions – Delegation of Control

14 14 Xcalibur Global Protocol & Ports Settings

15 15 Xcalibur Global Authentication Provider

16 16 Strongest Image Security Concept: Securing device management functions How? Highly secured patented software deployment mechanisms using signed XPIs Immunity to viruses, worms and other malicious code No security patches, vulnerabilities and anti-virus needed - EVER Modular image does not require often re-imaging No BIOS, no BIOS vulnerabilities Truly stateless client design – no user information remains Wide set of local VPNs

17 17 Strongest Image Security Encrypted image for each unique device User can never access system files or settings XP desktop without desktop vulnerabilities Relies on Windows CE Kernel enhance and secured by Chip PC. Full access to source-code Local user settings can be defined on per-function level. Only required settings are open Enhanced and secured local IE browser with manageable kiosk mode, downloads and cookies Secured VNC remote shadowing Dynamic (per-user) software deployment enables on-the- fly role based device loading upon user log-in

18 18 Secure VNC Shadowing Activated by Xcalibur Global on Local Image

19 19 Local Image Authentication Settings

20 20 Strongest Image Security On-chip support for: DES/3-DES (128 and 192 bit keys) AES (128, 192, and 256 bit keys) ARC4 (RC4) (40 to 128 bit keys) Automatic Padding Supported modes (ECB, CBC) AES Counter Mode FIPS 140-2 random The Jack-PC is the only thin-client in the market that features a secondary Crypto/IPSec processor from as standard.

21 21

22 22

23 23 Additional Security Products Special TEMPEST / MIL-STD thin-client products Fiber-optic based thin-clients Custom images and plug-ins Second signature by customer Security audits preparations, analysis, testing, consultancy Hybrid simulation lab for testing and simulations Security experts on staff Custom smart-cards and applications Optically isolated KVMs, Twin-clients

24 24 Chip PC Security Environment Operate as a subsidiary of Israels largest defense conglomerate All manufacturing is done in high-security MIL-STD facilities Common-Criteria to level 6 with similar products Access to MS and Citrix source-code Secured to top-secret development and production environments Contingency and disaster recovery facilities (3 sites) Worlds highest security organizations are relying on Chip PC products Internal security and procedures can be audited by customers

Download ppt "1 Jack-PC Security Rev A - 0206 Important!! Under NDA - Chip PC Proprietary and Confidential Information *CDC02264*"

Similar presentations

What’s New in Fireware XTM v11.3.4

What’s New in Fireware XTM v11.3.4
Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,

Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,
This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
Www.positivenetworks.com | Toll-free: 1-877-932-8671 1 How to have both Productivity and Security for Remote Access Solution in a HIPAA Environment Tom.

| Toll-free: How to have both Productivity and Security for Remote Access Solution in a HIPAA Environment Tom.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.
Cerner Presentation to S&I esMD Workgroup – Industry Scan

Cerner Presentation to S&I esMD Workgroup – Industry Scan
©2003 aQute, All Rights Reserved Tokyo, August 2003 : 1 OSGi Service Platform Tokyo August 28, 2003 Peter Kriens CEO aQute, OSGi Fellow www.aQute.biz.

©2003 aQute, All Rights Reserved Tokyo, August 2003 : 1 OSGi Service Platform Tokyo August 28, 2003 Peter Kriens CEO aQute, OSGi Fellow
17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.

17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
NexSentry Imaging Solutions

NexSentry Imaging Solutions
Introduction Lesson 1 Microsoft Office 2010 and the Internet

Introduction Lesson 1 Microsoft Office 2010 and the Internet
Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection.

Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection.
© SafeNet Confidential and Proprietary Administering SafeNet StorageSecure Smart Card Module 3: Lesson 5 SafeNet StorageSecure Storage Security Course.

© SafeNet Confidential and Proprietary Administering SafeNet StorageSecure Smart Card Module 3: Lesson 5 SafeNet StorageSecure Storage Security Course.
Eligibility, Benefits, and Pre-certifications

Eligibility, Benefits, and Pre-certifications
Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.

Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.

Similar presentations

Ads by Google