Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hummingbird Security 10 ● Connectivity SSL 10 ● Connectivity Kerberos 10 ● Connectivity Secure Shell 10 ● Connectivity SecureTerm 10.

Similar presentations


Presentation on theme: "Hummingbird Security 10 ● Connectivity SSL 10 ● Connectivity Kerberos 10 ● Connectivity Secure Shell 10 ● Connectivity SecureTerm 10."— Presentation transcript:

1 Hummingbird Security 10 ● Connectivity SSL 10 ● Connectivity Kerberos 10 ● Connectivity Secure Shell 10 ● Connectivity SecureTerm 10

2 Forewords

3 How to use this presentation?
What is this presentation? This document is not a presentation per se. Instead, it is a collection of slides, all of which are related to Hummingbird Security 10 products. So how do I use it? The marketing department has created a master presentation template that can be used regardless of the product presented. When preparing a Hummingbird Security presentation for a customer, pick up the master presentation template. Depending on your audience, topic and business case, complete the master presentation with slides taken from this databank. Does that mean I’m supposed to make my own presentations? Look, you are the expert when it comes to knowing your customers and understanding what they want. This is why we are providing you with all the pieces to assemble your own presentation. Think about it as dressing your sandwich.

4 How do I use this presentation? (continued)
OK, but how will I know which slide to pick? This databank contains a huge number of slides all related to Hummingbird Security . For ease-of-use, the slides have been grouped into sections. Before picking up any slide, make sure you are able to answer questions such as “What is the point of this presentation?”, “What am I trying to demonstrate?” or “What’s my customer business problem?”. Keep in mind that putting out a lot of content into a presentation is not the best way to communicate your message to your audience. Be selective in your choices and stay focused on the goal of the presentation. Don’t put context before content. What if I can’t find the slide I’m looking for? If you can’t find the appropriate slide, talk to Product Marketing or Product Management.

5 The Security Challenge
Security is a challenge because of its lack or its excess. A recent survey made by the Computer Security Institute in team with the FBI gives some highlights on the extent of the security challenge. This survey has been conducted on a yearly basis since 1999 ; its findings are extremely useful to understand the full scope of the security issues.

6 Unauthorized Use of Computer (524 Respondents)
This survey shows that security challenges are a widespread phenomenon. This graphic illustrate that over 56 percent of 524 respondents have detected unauthorized access to their computer during Even more disturbing is that 15% of respondents did not know when unauthorized access occurred. 524 Respondents - CSI/FBI Annual Security Survey 2003 Available at:

7 Number of Security Incidents Per Year (328 Respondents)
With more than 58% of the respondents reporting less than 10 incidents a year, it looks like the phenomenon is fairly marginal. However, the number of respondents who reported between 11 to 30 security incidents per year has doubled since 2002 to reach the percentage of 16%. Although massive virus attacks might certainly be responsible for this surge in the incident’s frequency, there is little doubt that security issues progress as fast, if not faster than the technology itself. 328 Respondents - CSI/FBI Annual Security Survey 2003 Available at:

8 Origin of Security Incidents (488 Respondents)
This bar chart presents the percentage of respondents who have successfully identified one or several sources of the incidents they’ve occurred. With 77 percent of the incidents coming from disgruntled employees and 82 percent of them coming from independent hackers it is clear that security is as much an external issue than an internal one. 488 Respondents - CSI/FBI Annual Security Survey 2003 Available at:

9 Top 5 Costs by Security Incidents Types (251 Respondents)
Financial Fraud = $10 M Insider Net Abuse = $11 M Virus = $27 M Denial of Service = $65 M Theft of Proprietary Info = $70 M All Incidents $201 M The picture becomes even more alarming when you look at the cost of these security incidents. From a small sampling of 251 respondents, you can see of the 201 million dollars total, the largest segment was from theft of a companies most important asset Information! Denial of service, viruses insider abuse and fraud constitute the other offenders. 251 Respondents - CSI/FBI Annual Security Survey 2003 Available at:

10 Top 5 Internal security driving factors
Inability to run business without IT infrastructure IT framework downtime impacts revenue and profit Integrity of information is key to accomplish daily operations Theft of proprietary information can mean life or death for companies Businesses are more and more interconnected and exposed to the outside world What makes a company so sensitive to security? Let’s identify which structural factors contribute to this phenomenon. First, companies have become increasingly reliant on the IT infrastructure to execute their business. As a consequence downtime has a significant negative effects on the bottom line. On top of that, businesses are more and more interdependent and rely on transactions for which safety, confidentiality and integrity needs to be guaranteed. Finally, it becomes crucial to protect intellectual assets which represent a large part of a company capital.

11 Top 5 External security driving factors
Security is in our collective consciousness Vendors acknowledging importance of security Media attention on IT security issues: virus attacks, OS security breaches Standards or laws that impact security policies: Sarbanes-Oxley HIPAA Increased cases in legal liabilities by customers / partners But structural reasons are not the only driving factors for security. External reasons have a significant impact as well. While security has become more of a concern for our society, the increasing attention from the media on IT breaches has put security in the public spotlight. Vendors are also acknowledging the importance of security and have started to adapt their offering to these new situations. Legislation such as Sarbanes-Oxley or HIPAA are also placing more demand on IT managers to comply with security and privacy regulations, while the number of legal cases from customers or partners has never been as high as in the previous years.

12 Summary Security incidents are not decreasing …
Causes for security incidents are as much: External Internal Costs of inefficient or non-existent security is significant Companies are excessively dependent on the IT infrastructure External factors are increasing pressure on companies for tighter security To sum up, security is becoming a critical issue for our customers and the need will only escalate. Incidents occur from the inside as much as from the outside of IT and both require strong security policies. Three definitive categories emerge as driving factors: first, the costs which can critically income your company’s future, second, the extensive dependence on reliable and key information that support the business models and third the environment in which they evolve.

13 Hummingbird Security Overview

14 Hummingbird Connectivity Product Overview

15 Hummingbird Security Overview

16 Top 10 reasons to switch to Hummingbird
Saves Money Rock Solid Snap to Install Minimize business disruption Give your IT administrator a robust product Put a smile on the face of your accountant Make your users happy Customer friendly technical support Everything you need in one box Same company as Exceed

17 Supported Platforms

18 What’s new in version 10

19 Hummingbird Connectivity 10

20 Consolidation Most complete family of security technologies for Connectivity products in its category Allow companies to save costs by consolidating on a single solution Can be seamlessly deployed as a pc-to-host or web-to-host solution Supports any Microsoft 32-bit and 64-bit operating system and Citrix Metaframe

21 Security Supports a wide range of security protocol:
SSL Kerberos Secure Shell 2 Supports smartcards and USB tokens Ability to fully lock-down the user environment

22 Migration Migration path from:
Attachmate Extra Netmanage Rumba IBM Personal Communication WRQ Reflection Macro conversion (Extra, Rumba and PCOM) Theme Manager to re-create previous environment

23 Productivity Support for custom shortcuts to create mnemonics for long words or complete sentences Ability to use a single terminal to host multiple sessions in order to rationalize the user’s workspace Transparent integration of complex security technologies let user feel at-ease

24 Installation, Deployment & Asset Management

25 Deployment Scenario Regular desktop installation:
Wizard driven 100% built with Windows Installer technology Administrative Installation Shared installation repository on the network Minimal per user installation (Settings only) Windows Terminal Services or Citrix Metaframe Microsoft SMS or 3rd party deployment framework Web-to-Host Deployment

26 Advanced Setup Options
Ability to specify per user or shared user installation Seamless installation under Window TSE and Citrix Metaframe Ability to cache installation file locally in order to facilitate: Update Modification of the installation Ability to update the product automatically after installation

27 Setup Utilities Migration and Settings Transfer Wizard:
Backup and restoration of user settings Useful for backup purposes or hardware migration Media Location Manager: Add or Remove installation sources Useful for easily updating or modifying the product’s setup

28 Sconfig: Custom Deployment
Allow the creation of customized installation packages Generate Windows Installer Transform files (*.mst) Allow administrators to customize features, directories, registry, shortcuts, product properties, … Easier to use than any 3rd party Windows Installer customization tool

29 Integrated Metering Optional component that can be deployed during installation Measured installed licenses Reports installed licenses to the metering server each time the workstation starts Reports: IP Address Network name User Name Domain Product Product components + their patch level

30 Metering Reporting Web Based Access to metering report
Customizable grouping and sorting Ability to download the metering report in Excel (*.csv) format Metering server works with Microsoft IIS

31 Multiple language support
Supports 6 languages: English Portuguese French Italian German Spanish Ability to dynamically switch languages

32 Connectivity SSL

33 Connectivity SSL Allow organizations to secure network communications by offering authentication and encryption technologies for: TN3270 TN5250 VT FTP Support for: SSL version 3 SSL version 2 TLS Integrated Certificate and Key Management Software

34 Connectivity SSL User certificates authentication support
Express Logon support Allow users to select multiple cipher-suites including AES Granular SSL negotiation options: Stop on all errors Accept unverified certificates Accept self-signed certificates No charge download from Hummingbird corporate web site

35 Connectivity Kerberos

36 Overview Network authentication protocol
Provides strong authentication for client server applications Commercially supported version of the MIT Kerberos client Available at no-charge from Hummingbird web site Integrates latest MIT Kerberos client changes and updates

37 Key Features Transparent integration with: Full Kerberos v4/v5 support
HostExplorer Hummingbird FTP Exceed XStart NFS Maestro Solo/Client/Gateway Full Kerberos v4/v5 support Strong authentication and encryption of network communications Support for Microsoft Windows Kerberos ticket cache

38 Connectivity Secure Shell

39 Key features Support for the Secure Shell 2 protocol:
Secure Terminal Secure File Transfer X11 port forwarding Generic port forwarding Support of multiple authentication methods: Password Keyboard interactive Public/Private Keys Kerberos Ticket

40 Advanced Features Extensive protocol configuration (window size, packet size, buffer allocation, Nagle algorithm) Multiple trace levels (None, Basic, Detailed, Verbose) Choice of encryption algorithm (support for Blowfish, 3DES, CAST128-CBC, Arcfour, AES) Choice of MAC algorithm (SHA1, MD5, RIPEMD)

41 Advanced Features X11 port selection (automatic or manual)
Choice of SFTP listening interface Support for protocol compression Support for keep-alive heartbeat Xauth support to perform MIT-MAGIC-COOKIE authentication on X11 secured connections

42 Integrated SCP utility
Command line utility to transfer files to and from remote secure shell enabled hosts Compatibility mode for: SSH Tectia Client from SSH Communications Security F-Secure SSH from F-Secure Putty OpenSSH Allow administrators to automate secure file transfer through scripting

43 Single sign-on mechanisms
Support for SSH-Agent key forwarding protocol Authentication agent that: holds the user private key in a distinct storage forwards the public key upon hosts requests without prompting to re-enter password Support for passphrase caching diminish passphrase prompt for session lifetime

44 Stand-alone tunnels Ability to define profile for secure shell tunnels
Ability to define tunnel parameters through user interface Black-box tunneling: tunnels can be run as background tasks Tunnels can be set to start automatically

45 Port Forwarding Ability to secure additional network protocols
Offers strong authentication and encryption for network protocols that do not offer native security methods Ability to restrict outgoing port forwarding to local connections Allow easier proxy and firewall transversal without compromising security

46 HostExplorer integration
Transparent integration with HostExplorer user interface Integration options: Linking HostExplorer profiles with Tunnel profiles Defining tunnel parameters within HostExplorer user interface Ability to create generic profiles through “dynamic” parameters – prompt user for parameter upon connection

47 Hummingbird FTP integration
Transparent integration with HostExplorer user interface Integration options: Linking FTP profiles with Tunnel profiles Defining tunnel parameters within FTP user interface Ability to create generic profiles through “dynamic” parameters – prompt user for parameter upon connection

48 Exceed integration Transparent integration with Exceed user interface
Integration options: Linking XStart profiles with Tunnel profiles Defining tunnel parameters within Xstart user interface Ability to create generic profiles through “dynamic” parameters – prompt user for parameter upon connection

49 Real-Time Tunnel monitoring

50 Certificate and Key Manager

51 Overview Common management tool for Connectivity SSL, Connectivity Secure Shell and Connectivity SecureTerm Allow public/private keys and certificates manipulation Automatically synchronize with the Microsoft certificate data store through CAPI

52 Advanced Options Supports multiple import/export format for both keys and certificates Verify keys and certificates with integrated viewer Modify host identification information for easy updates

53 Key Generation Wizard Allow users to create pairs of public/private key Easy-to-use wizard interface Ability to generate DSA or RSA keys Choice of key length and encryption algorithm Supported format: Export: Import: PEM files (.pem), SSH-2 public keys (.pub)

54 Certificate Creation Wizard
Allow users to create self-signed certificates or certificate requests. Easy-to-use guided interface Supported Format: Export Import

55 Key Upload Wizard Allow users to upload their public key to a server with minimal efforts Key upload is performed through SFTP Customizable upload parameters and directories Simplify Public Key management

56 Safenet iKey integration
USB based 2 factors authentication token Optimized for PKI environments including X509 digital certificates Transparent integration with Hummingbird Connectivity certificate and key manager SSL connections for: Terminal (HostExplorer & Connectivity SecureTerm) File Transfer (Hummingbird FTP)

57 SmartCard authentication support
Offer increased security for both the card issue and the card user Securely store and update information on the card Transparent integration with Hummingbird Connectivity certificate and key manager SSL connections for: Terminal (HostExplorer & Connectivity SecureTerm) File Transfer (Hummingbird FTP)

58 Connectivity SecureTerm
Of course, there is no silver bullet for solving all security issues in all domains with one single solution. In this section, we will review secure shell protocol fundamentals. We will identify the security issues that can be addressed with secure shell and find out what benefits this protocol can bring to users of Exceed, NFS Maestro or HostExplorer.

59 Overview Complete secure terminal and secure file transfer solution for UNIX hosts Choice of deployment: Desktop-based client: Windows Installer Citrix Metaframe Windows TSE SMS Web-based client Any web server on any OS Internet Explorer, Netscape, Mozilla

60 Security SSL support: Kerberos support Secure Shell support
SSL v2/v3 – TLS PKI and User certificate support Kerberos support Kerberos v4/v5 Integrates with Microsoft Kerberos ticket cache Secure Shell support Secure Shell 2 Strong authentication, strong encryption and data integrity

61 Emulation Settings VT Terminal: VT 52 - VT VT VT VT VT VT 420 Other Terminal: ANSI - SCO-ANSI - IBM 3151 42 character sets support, Custom screen size Linemode support TAPI Printing: multiple screen printing, print screen advanced options, Host Printing support, capture mode

62 Terminal Customization
Keyboard mapper Color mapper Support for Unicode Variable width fonts Cursor customization Ability to map mouse actions, Multiple terminal resizing option (font resize or terminal size re-negotiation)

63 Application Customization
Menu manager Configuration dialog manager Sound manager Custom right-click menu Toolbar manager Management Console Feature lock-down options Windows Explorer integration Shortcut manager

64 Automation Event manager Simple point-and-click graphical macro editor
Advanced Hummingbird basic macro editor Quick-Keys Hotspots API support: HLLAPI, EHLLAPI, WINHLLAPI, OHIO, OLE, COM

65 Easy migration path Macro conversion HLLAPI compatibility
Default keyboard schemes Theme manager allows administrators to customize Connectivity SecureTerm in order to provide users with a similar environment (menus, colors, settings …) as the one they were used to.

66 Advanced File Transfer Interface
100% integrated with Windows explorer Fully web deployable with Hummingbird Deployment Wizard Supports multiple hosts Ability to create local shortcuts to remote files Integrated macro command language (QuickScripts) Numerous settings: firewall, file type detection, server type recognition, directory caching, time synchronization …

67 What is Secure Shell? Of course, there is no silver bullet for solving all security issues in all domains with one single solution. In this section, we will review secure shell protocol fundamentals. We will identify the security issues that can be addressed with secure shell and find out what benefits this protocol can bring to users of Exceed, NFS Maestro or HostExplorer.

68 History 1995 1996: Introduction of SSH-2 to overcome SSH-1 defaults
creation of the SSH-1 protocol by Tatu Ylönen after he is the victim of a password-sniffing attack - Released to the public as a free software with source code SSH-1 submitted as a draft to the IETF (Internet Engineering Task Force) 1996: Introduction of SSH-2 to overcome SSH-1 defaults 1997: Draft for SSH-2 submitted to the IETF 1999: OpenSSH ships with OpenBSD 2.6 Secure Shell is a somewhat recent protocol that was invented by Tatu Ylonen, a young finish student who wanted to protect himself from password-sniffing attack he occurred while working on the Internet. Very early, secure shell was submitted to the Internet Engineering Task Force where it is being standardized in a RFC document. In 1996, the second version of the protocol was released. This version solved several architecture and security issues and was also submitted to the IETF. Since then, the protocol has gained tremendous momentum in the UNIX community, ultimately being recognized by the Opensource community through the OpenSSH project. Let’s take a detailed look at specific problems which are solved by the secure shell protocol.

69 Terminal Emulation Telnet
Telnet Protocol Port 23 Clear-Text Data Including Credentials Windows Desktop & Telnet Client Unix Server & Telnet Daemon

70 Sniffing Telnet Use pointer

71 Terminal Emulation Telnet
Telnet Protocol Port 23 Clear-Text Data Including Credentials UNsecureD Windows Desktop & Telnet Client Unix Server & Telnet Daemon

72 Terminal Emulation Secure Shell Terminal
SSH Protocol Port 22 Encrypted Data Strong Authentication Data Integrity Windows Desktop & SSH-2 Client Unix Server & SSH-2 Server

73 Sniffing SSH Use pointer

74 Terminal Emulation Secure Shell Terminal
SSH Protocol Port 22 Encrypted Data Strong Authentication Data Integrity secureD Windows Desktop & SSH-2 Client Unix Server & SSH-2 Server

75 Including Credentials
File Transfer FTP FTP Protocol Port 21 Clear-Text Data Including Credentials Windows Desktop & FTP Client Unix Server & FTP Daemon

76 Sniffing FTP Use pointer

77 Including Credentials
File Transfer FTP FTP Protocol Port 21 Clear-Text Data Including Credentials UNsecureD Windows Desktop & FTP Client Unix Server & FTP Daemon

78 File Transfer Secure File Transfer
SSH Protocol Port 22 Encrypted Data Strong Authentication Data Integrity Windows Desktop & SSH-2 Client Unix Server & SSH-2 Server

79 Sniffing SFTP pointer

80 File Transfer Secure File Transfer
SSH Protocol Port 22 Encrypted Data Strong Authentication Data Integrity secureD Windows Desktop & SSH-2 Client Unix Server & SSH-2 Server

81 Including Credentials
X-Window X-Window Protocol Port 6000+ Clear-Text Data Including Credentials Windows Desktop & X11 Server Unix Server & X11 Client

82 Sniffing X-Window example: rlogin client start
Pointer

83 Sniffing X-Window - example: keys pressed
=t =e =s =t =p =w

84 Including Credentials
X-Window X-Window Protocol Port 6000+ Clear-Text Data Including Credentials UNsecureD Windows Desktop & X11 Server Unix Server & X11 Client

85 X-Window over SSH X11 Port Forwarding
X11 over SSH Protocol Port 22 Encrypted Data Strong Authentication Data Integrity Windows Desktop & X11 Server SSH-2 Client Unix Server & X11 Client SSH-2-Server

86 Sniffing X-Window over SSH
pointer

87 X-Window over SSH X11 Port Forwarding
X11 over SSH Protocol Port 22 Encrypted Data Strong Authentication Data Integrity secureD Windows Desktop & X11 Server SSH-2 Client Unix Server & X11 Client SSH-2-Server

88 Generic Port Forwarding Example: SQL Data
SQL*NET over SSH Port 22 Encrypted Data Strong Authentication Data Integrity Windows Desktop & BI Query SSH-2 Client Unix Server & SQL Server SSH-2 Server

89 Generic Port Forwarding Example: e-mail
POP3 over SSH Port 22 Encrypted Data Strong Authentication Data Integrity Windows Desktop & SSH-2 Client Unix Server & SSH-2 Server Mail Client Mail Server

90 Summary The Secure Shell protocol provides strong security against:
Crypto-analysis attacks Man in the middle attack provides: Strong Authentication Strong Encryption Data Integrity allows: Secure Terminal Secure File Transfer Secure X11 Secure Port Forwarding Man in the middle attack (simplified)


Download ppt "Hummingbird Security 10 ● Connectivity SSL 10 ● Connectivity Kerberos 10 ● Connectivity Secure Shell 10 ● Connectivity SecureTerm 10."

Similar presentations


Ads by Google