Presentation is loading. Please wait.

Presentation is loading. Please wait.

Page Copyright Giritech A/S an – Excitor company.

Similar presentations

Presentation on theme: "Page Copyright Giritech A/S an – Excitor company."— Presentation transcript:

1 Page Copyright Giritech A/S an – Excitor company

2 Page Copyright Giritech A/S Secure Enterprise Application Mobilization Secure access from applications...without compromising on security and usability... and to my PC in the office: 2

3 Page Copyright Giritech A/S Solution Scenarios Working from home Continuity of operations Secure access for external contractors When you travel Without a laptop With an iPad tablet With your laptop Secure access via Wireless networks Securing the device without managing the device G/On OS – The Bootable Option 3

4 Page Copyright Giritech A/S G/On OS: Turns an unknown PC into a known and managed device Boots from the G/On USB Smart Token on Wintel & Mac HW Loads a G/On specific, hardened Linux operating system Can only connect to the corresponding G/On Server Provides a Linux desktop ○ Configuration of network connections (Cable/Wireless/Mobile Broadband) ○ Browser (Firefox) ○ Rdesktop for Remote Desktop Access through G/On ○ Citrix ICA client for Citrix access through G/On ○ Filezilla for FTP file upload and download via G/On ○ Access to a minimum set of standard Linux tools An ideal, cost-effective option for many organizations: ○ With a policy for access from managed devices only ○ Looking for the ultimate secure solution ○ For instance: Local & Federal Government, Police, Banks, Law firms, Accountants,... Boot of PC from G/On USB Token 4

5 Page Copyright Giritech A/S G/On is an integrated client/server enterprise software solution that gives The right access For the right users To the right applications Under the right circumstances User Directory Application Servers Windows Mac Linux iPad iPhone The G/On Client is deployed on multiple platforms and formats and provides easy access to the applications. See for more mobile client options via integration with Excitor The G/On Gateway Server controls all access to the application servers = Secure Access What G/On delivers 5

6 Page Copyright Giritech A/S Managed Application Access Protection of data in transit Device Isolation and Independence User Authentication Dynamic ”Firewall”  Email  Navision  R&D Server  Servers  CRM Database  PCs Strong 2-factor, mutual authentication – challenge/response protocol and smart card options Virtual application connection keeps devices off the network and keeps data of the device. SW on USB with bootable options. 256-bit AES encryption. FIPS 140-2 compliant on Windows. Single port access and only for authenticated users authorized for applications. Built-in proxies for RDP, HTTP, SOCKS. User menu of apps and their connection. Managed by server side with single sign- on for Citrix, RDP and Web apps. G/On G/On – an integrated solution 6 Internet One single product:- Easy for IT: Install, Configure, Deploy and Manage - Easy to use: Windows, Mac, Linux, and iOS

7 Page Copyright Giritech A/S G/On authenticates users and creates encrypted, individually authorized, and managed connections from application client programs to corporate IT services. Unlike a traditional VPN giving access from everything on the device, the user launches individual client applications ”on the fly” and the G/On Server creates the required connections as needed. G/On is a client/server software solution implementing a managed distributed port forwarding proxy with integrated encryption, authentication and application access management. G/On – Secure Application Access 7

8 Page Copyright Giritech A/S Encrypted connections between each application client and their application server are individually managed by the G/On Client and the G/On Server preventing network level access for the device. Tablet device with G/On Client *) Access to web apps is provided via separate, isolated G/On browser instances and connections managed and secured by G/On. Other native app clients connect via encrypted connections managed by G/On. OWA Web server Exchange Server Web servers and /or other application servers G/On Server The G/On Server authenticates users (two factor) and manages the access to the authorized application services according to policies. G/On Client: Application Connectivity Corporate Network with corporate applications *) Works the same way on Windows, Mac, Linux, and iOS. Added option for Intel-PCs to be booted on a locked down G/On OS to avoid malware on user device. 8

9 Page Copyright Giritech A/S The G/On Server Enforces Multi-factor user authentication via challenge/response protocol 256bit AES encrypted communication Application access policies Connectivity by proxy only RDP & HTTP protocol inspection Dedicated connections for each client application Policies based on client circumstances The encrypted traffic from G/On clients is sent to the G/On Server on a single port (typically 443). The connection terminates on the G/On Server, is decrypted and forwarded on to the application server(s) on the proper port(s). OWA/Exchange Server SharePoint Server G/On Server G/On Server: Application Management Corporate Network with corporate applications A single port (e.g. 443) Ports 443,80 Port 3389 Terminal Server Citrix Server Intranet Server Ports 1494,80 Ports 443,80 Port 80 ERP Server Port 2407 User Desktops Virtual/Physical Port 3389 9

10 Page Copyright Giritech A/S G/On - A single, integrated solution Hardware token for integrated two-factor authentication and secure virtual connectivity USB Tokens with integrated smart card and storage for the G/On Client, or Computer User Tokens combining hardware info and software generated keypair (available for PCs and mobile devices like iPad and iPhone) Authentication is mutual to prevent man-in-the-middle attack Public/private key cryptography (RSA keys), like certificates, but without the complexity of X.509 and without the need for Public Key Infrastructure (PKI). User name and password validated against existing company directory (AD, LDAP) Offers single sign on (SSO) experience for most applications USB Tokens for use on any Windows, Mac and Linux device Use any computer anywhere to get secure access to corporate applications, office PC, desktops, Citrix, ERP, Intranets, web apps, and other services Mobile flexibility without driver and sw installation FIPS 140-2 compliant (Windows only) 256bit AES encrypted, virtual connections for data in transit Each application gets its own encrypted connection Application authorization based on AD, LDAP policies, circumstance & device Bootable option for locked down Linux operating system on USB for full device independence and isolation Enterprise architecture for management, availability and scalability Centralized management of policies, user tokens, and application access Tools for managing token software, deployment and enrollment 10

11 Page Copyright Giritech A/S Challenge/Response protocol Industry standard method Using public/private key cryptography (RSA keys), like certificates, but without the complexity of X.509 and without the need for Public Key Infrastructure (PKI). See Types of authentication Tokens: Hardware tokens with smart card Maximum Strength Authentication Private key generated, stored and kept secret inside hardware Software inside hardware token implements the Challenge/Response protocol G/On smart card tokens: No installations, no drivers Hardware tokens without smart card Private key generated by user PC and linked/locked to PC or device Software on the user PC implements the Challenge/Response protocol Software tokens Private key generated by user PC and stored on PC or device Software on the user PC implements the Challenge/Response protocol Secure authentication 11

12 Page Copyright Giritech A/S G/On integrates 2-factor, mutual authentication For Windows, Mac, Linux No special drivers required G/On MicroSmart G/On USB MicroSmart Hardware Tokens with smart card Smart card based authentication tokens Includes 2GB storage for the G/On Client 12

13 Page Copyright Giritech A/S Network MAC addresses  Authentication based on Private key stored in registry combined with network MAC- addresses and/or unique device ID. The G/On client, the token and application clients are installed directly on the device under the user account. The device becomes a hardware authentication token The convenient solution for users with personal devices Software based Public/Private key pair + G/On Computer User Token/Mobile Token 13 G/On Computer User TokenG/On Mobile Token

14 Page Copyright Giritech A/S Support for different security policies: Launch of G/On Client from user’s USB token User plugs in the G/On USB Token and launches the G/On client. Launch of G/On Client installed on user’s device User’s device is enrolled as authentication token Boot of PC from user’s USB token User can boot a locked down Linux-based G/On operating system from the G/On USB and achieve a managed and known environment on an unknown PC Client Side Options 14

15 Page Copyright Giritech A/S Helps the user behave responsibly, and lower the risk of accidental misuse: Support for AD/LDAP password change during G/On login Automatic disconnect after period of inactivity Closing of connections and programs, when the token is removed Closing of connections that are not to be used anymore, when a user closes the application Lock-2-Process between application clients and their connections though G/On Client Side Features 15

16 Page Copyright Giritech A/S 1.G/On 2.Windows Server 2003/2008 3.Fixed external IP or DNS name 4.One open port in firewall 5.Office PCs G/On Minimum Requirements 16

17 Page Copyright Giritech A/S One simple solution for secure access for ○ All users ○ All user devices ○ All applications & services Centrally managed via policies: ○ Authentication policies (the right people) ○ Authorization policies (the right applications) ○ Device policies (right circumstances) Providing: ○ Security transparency ○ Lower total cost of ownership ○ Increased flexibility and productivity ○ Positive user experience G/On Value 17

18 Page Copyright Giritech A/S G/On helps our customers improve their business: Improve overall security Increase productivity Enhance employee satisfaction Reduce IT costs G/On Benefits 18

19 Page Copyright Giritech A/S Licensing 19

20 Page Copyright Giritech A/S Windows, Mac, Linux, and iOS clients Integrated security FIPS 140-2 validated 256bit AES encryption 2-factor, mutual authentication ○ Microsoft Active Directory or local user directory on G/On Server G/On Client connectivity on one IP address or DNS name, multiple IP Ports, and HTTP encapsulation Includes support for transparent TCP connectivity. Customer must buy one of: ○ G/On for RDP: Access to office PC and Terminal Server farms ○ G/On for Citrix: Access to Citrix farms ○ G/On for Web Apps: Access to webmail, intranets, portals and other web apps ○ G/On: All of the above Up to twenty menu actions for Client/Server applications connectivity Field installation of G/On Client and Field Enrollment of user authentication tokens Dynamic user menus with ”Autolaunch” capabilities Update of G/On Client software and software packages Logging and Reporting G/On Standard Configuration Additional features are optional See also for integration with Excitor DME – Dynamic Mobile 20

21 Page Copyright Giritech A/S Server Features Additional Gateway Servers Multiple Client Connect IP Addresses LDAP User Directory Microsoft SQL Server Additional Menu Items Login Notification Mail Welcome Message Wake-on-LAN Client Features G/On OS G/On 5 is Licensed By Number of Users (includes 1 token) ○ UAL RDP ○ UAL Citrix ○ UAL WEB ○ UAL Number of Tokens (additional) Server Features Client Features Customer or partner receives a mail with signed *.txt license file with information on licensed features, users and tokens. License file also contains information on maintenance expiration date and – if applicaple – a license expiration date. New license file is forwarded when customer acquires additional features, tokens, users, and maintenance. G/On Optional Features & License 21

22 Page Copyright Giritech A/S Giritech – an Excitor Company. See also THANK YOU! 22

Download ppt "Page Copyright Giritech A/S an – Excitor company."

Similar presentations

Ads by Google