Download presentation
Presentation is loading. Please wait.
Published byJase Isherwood Modified over 9 years ago
1
1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com www.ifsec.com
2
1997 Entrust Technologies Agenda F Introduction to Entrust F What is a PKI F Entrust Product Line F Piloting and Rolling out a PKI F Questions
3
Certification Authority Certificate Repository Certificate Revocation Key Backup & Recovery Support for non-repudiation Automatic Key Update Key Histories Cross-certification What is a PKI? Timestamping
4
1997 Entrust Technologies p. 4 PKI Requirements F Certification Authority F Certificate repository F Revocation system F Key backup and recovery system F Support for non-repudiation F Automatic key update F Management of key histories F Cross-certification F Timestamping services F Client-side software
5
1997 Entrust Technologies PKI with Entrust F Consistent security and trust F Single password and keys secure all applications F Automated key management Key backup/recovery Certificate issuance, storage and revocation Key distribution, rollover and expiry F Low administrative cost/burden
6
1997 Entrust Technologies PKI without Entrust F Inconsistent security and trust Fragmented or non-existent policies and key management functions F Security “silos” Each application performs its own security Multiple key pairs and certificates Multiple passwords Costly, burdensome administration
7
1997 Entrust Technologies p. 7 Entrust Components F Certificate Authority F Directory F Client Software (Certificate Store) E-Mail Web VPN Any Entrust-Ready Application F Applications
8
1997 Entrust Technologies p. 8 What is Key Management? F Issues: generating keys keeping backup keys dealing with compromised keys changing keys restoring keys F Key and certificate management is difficult
9
1997 Entrust Technologies p. 9 Why is Key Management Important? F User Enrollment F Key Renewal F Restoration of Lost Keys F Automated functionality
10
1997 Entrust Technologies p. 10 Certificate-Issuing Services (CA) F What they provide: Issue certificates for a fee (per cert/per year) F What you don’t get: Little control over certificate issuance policies No key recovery (forgotten password = lost data) No key history (what happens when certificates expire?) Liability issues No control over trust model and root keys No automatic and transparent certificate revocation checking No client capabilities
11
Entrust Architecture Security Officers Entrust Administrators Directory Administrators Entrust-Ready applications and Entrust/Engine desktop crypto software Entrust Users Entrust/Manager Entrust/Admin …… …… Directory
12
1997 Entrust Technologies The Directory F Stores certificates, CRLs, cross- certificates,... F Interoperates with numerous LDAP- compliant directories ICL, Control Data, Digital, Netscape, Unisys,... supports Directory distribution F Supports redundancy
13
1997 Entrust Technologies p. 13 Entrust Products F Entrust/Entelligence Stores and Manages Certificates F Entrust/Express - Email plug-in F Entrust/Direct - Web, Extranet F Entrust/Unity - SSL & S/MIME F Entrust/Access - VPN F Entrust/Toolkit - Enable applications F Entrust/TimeStamp
14
1997 Entrust Technologies Entelligence on the Desktop F Tight integration into Entrust-Ready applications F Secure key storage options smart cards, PC cards, biometric devices, and secure software profiles F Secure single log on F Consistent, trustworthy key lifecycle management across applications minimizes administrative costs
15
‘Entrust-Ready’ Desktop Architecture to Entrust/Manager and Directory Entrust User... “Entrust-Ready” applications Entrust/Engine Communications Services Tokens... Security Kernel User profile Personal address book PKCS #11
16
1997 Entrust Technologies p. 16
17
Secure e-mail made easy
18
What is Entrust/Express? F Secure e-mail plug-in for users of Microsoft Exchange and Microsoft Outlook F Encrypt and/or digitally sign message text and attachments F Provides message confidentiality and integrity F For Windows 95 and Windows-NT 4.0
19
1997 Entrust Technologies Orchestrating Enterprise Security Secure VPNs/Remote Access Entrust/Access
20
1997 Entrust Technologies Virtual Private Networks F What is a VPN? A private and secure network carved out of a public or insecure network F Relevant Standards IPSec - interoperable packet-layer encryption ISAKMP Oakley - users are authenticated with digital signatures and X.509 certificates
21
1997 Entrust Technologies VPN Partners F Remote Access, Firewall, VPN Gateways u Milkyway -SecurIT u Raptor - EagleMobile Pro u Timestep- PERMIT Product Suite u Stac - ReachOut u Sagus - Defensor u KyberPASS u Check Point - FireWall-1
22
1997 Entrust Technologies Secure Remote Access F provides significant cost savings over dial-up (phone lines, maintenance, ID cards) F scalable - able to grow as the demand for remote access increases. Internet VPN Gateway Entrust Manager Human Resources Server Finance Server Mobile User
23
1997 Entrust Technologies Orchestrating Enterprise Security Secure Extranet Applications TM
24
1997 Entrust Technologies Intra/Extra Net Solution Target Solution Provides Entrust Enterprise Solution PKI capabilities to off- the-shelf Web browsers and servers Thin client software on user desktop Extranet applications Internet, Intranet, or Extranet Web Browser
25
Security you set and forget
26
F Desktop/laptop encryption software F Easy-to-use F Works with any desktop application F Automatic encryption F Security on-line or off-line F Windows 95 and Windows-NT 4.0 Entrust/ICE Orchestrating Enterprise Security 1997 Entrust Technologies p. 26
27
Entrust-Ready Applications F Web Browser F Email F Workgroup F Smart Cards and Biometrics F VPN F Forms F Human Resources
28
1997 Entrust Technologies p. 28 Deploying a PKI F Begin with a pilot Pick a single application Evaluate the technology Prove the utility F Currently piloting Entrust CA, X.500, Secure E-Mail Lotus Notes Short time to deploy (weeks)
29
1997 Entrust Technologies p. 29 Deploying a PKI (cont.) F Rolling out an Operational PKI Planning and Goals Acceptable Usage (CPS) Disaster Recovery Applications Access to records E-commerce with State contractors Remote access to internal resources
30
1997 Entrust Technologies p. 30 Summary F Automates user administration F Integration across many applications (single sign-on) F Enables trustworthy business over the web F Growing collection of Entrust-enabled applications
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.