1. Product and Technology News Georg Bommer, Inter-Networking AG (Switzerland)

2. Content n Control of SSL Connections n Document Security Management n Mail Encryption without PKI

3. Control of SSL Connections Valid Certificate? Who decides?

4. Content Scanner Anti-Virus, Malicous Code, URL Filter, Attachment Restrictions IDS Sensor Certificate Handling Trusted or not trusted? Valid Certificate or not? Control of SSL Connections

5. Content Scanner Anti-Virus, Malicious Code, URL Filter, Attachment Restrictions IDS Sensor Content Security Policy Enforcement Control of SSL Connections

6. n Certificate Management –Relying on CA List of Browser –No CRL checking possible –User decision to accept or not a certificate n Policy Enforcement –Services used can not be controlled –Content Scanning/Inspection is not possible –Policy for up- and download of data and attachments can not be enforced n Other Problems –Web-Server can enforce encrypted connection n Solution –Central Certificate Management –Content Inspection of SSL Traffic n Plattform Support Windows, Solaris, Linux n Proxy Mode and ICAP Support

7. Content Scanner Anti-Virus, Malicious Code, URL Filter, Attachment Restrictions IDS Sensor Microdasys SCIP Decryption SSL to HTTPCertificate CheckEncryption HTTP to SSLContent ScanningSSL Tunneling Microdasys SCIP - Solution

8. Microdasys SCIP - Summary n Functionality –Central Certificate Management –Decryption of SSL Connections –Control of SSL Connections n Features –Support for Windows, Solaris, Linux –High Availablity / Clustering –Proxy Mode and ICAP Support www.microdasys.com

9. Document Security Management n Control sensitive documents while they are in use n Enforce proper handling when in use Printing Copying Pasting Screen Capturing Saving Forwarding n Audit user activity

10. Document Security Management Secure Display Technology

11. Step 2 Server determines that requested document is protected Step 3 Document is converted to HTML and encrypted (AES 128bit) Finjan Mirage - Solution Mirage ServerKey Server Mirage Client Step 1 Users requests secure document from web server (HTTP Request) Step 4 Encrypted document is sent back to user (HTML) Step 5 Client requests key from Key Server (PKCS#7 + HTTP) Step 6 User is authenticated and document key is returned

12. Finjan Mirage Enterprise - Summary n Functionality –Protection of sensitive documents –Control + audit document handling –Enforce information security policy n Features –Unique „Secure Display“ Technology –Supported formats; MS Word, Excel, HTML Pages, Plain Text, PDF Files –Integration with Document Management Systems such as LiveLink www.finjan.com

13. Mail Encryption without PKI n Requirements for mail encryption –Ease of use –Policy enforcement –Open standards –Quick and easy deployement n Problems PKI –Roll-out of certificates –Management of keys (recovery, revocation) –Exchange keys with third parties –Validate external keys

14. Mail Encryption without PKI Encryption Gateway Automatic Key Generation for Mail User, Encryption/De- cryption, Management of Private Keys Internal Key Server Customers + Partners Public Keys Public Key Server Employees Public Key Key Administrator Validates Public Keys from Customer/Partners

15. Automatic Key Generation

16. Key Exchange + Validation

17. Mail Encryption + Signing Mail Policy

18. CryptoEx Summary n Functionality –Gateway based encryption and signing of e-mails with individual user keys –Fully automated key generation and management of users private keys –Decentralized key validation n Features –No PKI needed –Support for OpenPGP + S/Mime (Q4/03) –Support for multiple HTTP + LDAP key store –Policy enforcement at the gateway –Fully transparent to the user www.cryptoex.com

19. Thank you ! Georg Bommer Inter-Networking AG (Switzerland) gbo@internetworking.ch