Application Security Made in Switzerland



Similar documents
White Paper Secure Reverse Proxy Server and Web Application Firewall

nexus Hybrid Access Gateway

OVERVIEW. DIGIPASS Authentication for Office 365

TrustedX - PKI Authentication. Whitepaper

Flexible Identity Federation

Agent Configuration Guide

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

PRIVACY, SECURITY AND THE VOLLY SERVICE

VMware Identity Manager Administration

SAP Single Sign-On 2.0 Overview Presentation

API-Security Gateway Dirk Krafzig

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

PortWise Access Management Suite

OPENIAM ACCESS MANAGER. Web Access Management made Easy

Hosting topology SMS PASSCODE 2015

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

The Top 5 Federated Single Sign-On Scenarios

INTEGRATION GUIDE. DIGIPASS Authentication for VMware Horizon Workspace

TrustedX: eidas Platform

IDENTIKEY Product Family

How To Use Salesforce Identity Features

Core Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

Entrust IdentityGuard Comprehensive

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

Controlling Web Access with BMC Web Access Manager WHITE PAPER

Leveraging SAML for Federated Single Sign-on:

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

Architecture Guidelines Application Security

A Guide to New Features in Propalms OneGate 4.0

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Agenda. How to configure

Integrating IBM Cognos 8 BI with 3rd Party Auhtentication Proxies

CA Performance Center

SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public

PortWise Access Management Suite

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

Deploying RSA ClearTrust with the FirePass controller

DualShield. for. Microsoft TMG. Implementation Guide. (Version 5.2) Copyright 2011 Deepnet Security Limited

RSA SecurID Ready Implementation Guide

From the Intranet to Mobile. By Divya Mehra and Stian Thorgersen

Proposal Document TitleDocument Version 1.0 TitleDocument

Copyright Pivotal Software Inc, of 10

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

managing SSO with shared credentials

Cisco Secure Access Control Server 4.2 for Windows

Connected Data. Connected Data requirements for SSO

September 9 11, 2013 Anaheim, California 507 Demystifying Authentication and SSO Options in Business Intelligence

Web Application Security

ELM Manages Identities of 4 Million Government Program Users with. Identity Server

Securing Citrix with SSL VPN Technology

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Barracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK

PingFederate. Identity Menu Builder. User Guide. Version 1.0

TIBCO Spotfire Platform IT Brief

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

SAML Security Option White Paper

Simplify and Secure Cloud Access to Critical Business Data

Barracuda SSL VPN Administrator s Guide

A viable alternative to TMG / UAG Web Application security, acceleration and authentication with DenyAll s DA-WAF

Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence. Greg Wcislo

SAML-Based SSO Solution

EXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report

Nevis Secure Web Interaction

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

Oracle Access Manager. An Oracle White Paper

Single Sign On. SSO & ID Management for Web and Mobile Applications

Creating a Strong Security Infrastructure for Exposing JBoss Services

Pirean Access: One. integration with IBM Security Systems Software

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

The PortalGuard All-In-One Authentication Solution-set: A Comparison Guide of Two-Factor Capabilities vs. the Competition

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

API Management: Powered by SOA Software Dedicated Cloud

Two-Factor Authentication

An Overview of Samsung KNOX Active Directory and Group Policy Features

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Single Sign-On. Security and comfort can be friend. Arnd Langguth. September, 2006

Secure the Web: OpenSSO

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

Cloud Services Catalog with Epsilon

Cybersecurity and Secure Authentication with SAP Single Sign-On

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9

TRANSITIONING ENTERPRISE CUSTOMERS TO THE CLOUD WITH PULSE SECURE

Protect Everything: Networks, Applications and Cloud Services

Security Overview Enterprise-Class Secure Mobile File Sharing

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE

How To Use Netscaler As An Afs Proxy

The increasing popularity of mobile devices is rapidly changing how and where we

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

Understanding Enterprise Cloud Governance

CA Single Sign-On Migration Guide

Transcription:

Application Security Made in Switzerland

Overview The problem of internet security is almost as old as the internet itself. But there is a reliable solution: Airlock Suite from Ergon. Airlock Suite is underpinned by superb Swiss engineering expertise, many years of experience and well thought-out concepts that master the most complex challenges. Airlock Suite deals with the issues of filtering and authentication in one complete and coordinated solution setting new standards for usability and services. WAF Login IAM Online banking, ecommerce, mobile access: the Airlock Web Application Firewall will reliably protect your internet applications thanks to systematic control and filtering mechanisms backed up by a diverse range of enhancement options. When combined with Airlock WAF, Airlock Login ensures reliable user authentication and authorization. But that s not all: as well as superlative security, Airlock Login delivers high usability and cost-efficiency. Airlock IAM is the suite s central authen tication platform, including enter prise functions. With this pro duct, customers, partners or employ ees log in just once for secure access to data and applications. Airlock IAM also automates user administration. Security at bank level Airlock is now the established Swiss standard for ebanking and that s a fact. Our lengthy experience of wor king in the international financial sector means that you benefit from the best possible online security reliable, efficient and process-optimized. Cutting cost Intelligent software architecture, central authentication functionalities and cutting-edge user self-services: these are the assets that make the Airlock solution so outstandingly attractive in terms of cost a solution that will permanently reduce your IT expenditure. Integrated solutions, one single source Individual components, perfectly coordinated in one complete package that s Airlock. No matter how varied your requirements are, Airlock Suite is your guarantee of well thought-out solutions from one single sourcescalable and flexible. Flexibility The Airlock Suite is just as flexible as your requirements. That s because Airlock can adapt to existing environments, new challenges and individual needs. The result: your investment is excellently protected, and you benefit from customized solutions. User self services Forgotten passwords, lost logins, new user accounts customer support has to deal with a host of routine tasks. That s why we opt for well-designed user self-services. Thanks to this approach, Airlock can cut costs while boosting your customer and employee satisfaction level. Swiss made No doubt about it: the highest qual ity that s what Airlock offers you, because our security applications are developed exclusively in Switzerland: your guarantee of maximum reliability, precision and perfection.

Product information WAF The Airlock Web Application Firewall offers a unique combination of protective mechanisms for web applications. Whether your objective is legal compliance, security for your applications or protection for ecommerce: Airlock WAF will upgrade security for your internet applications a permanent solution with a host of well thought-out functionalities. Thanks to Airlock WAF, businesses can exploit the potential of the internet without jeopardizing the security and availability of their web applications and services. Each access is systematically monitored and filtered at every level. Used in conjunction with an authentication solution such as Airlock Login or IAM, Airlock WAF can force upstream user authentication and authorization. This allows a uni - form, central single sign-on infrastructure. All information is also made available via monitoring and reporting functions. Airlock WAF is one of a few web application security solution on the market that provides superlative end-to-end protection for complex web environments. Reverse Proxy and Web Application Firewall Airlock WAF offers a unique protection mechanism by operating as a combined secure reverse proxy server and web application firewall. All access attempts are systematically controlled and filtered. Control via a central access point Airlock WAF is a central point of control for web access, avoiding anonymous interactions with applications that have user authentication. Airlock covers every layer reducing costs and dependencies. Shorter time to market thanks to virtual patching Secure now, fix later that s virtual patching in a nutshell. Airlock WAF s reverse proxy approach makes it very easy for you to virtualize servers and services. Virtual import of patches is also possible. The benefit: security-relevant weaknesses are quickly remedied at a central point over all applications. Improved availability and performance Web applications and web services deal only with authorised users and valid data traffic. High availability is guaranteed through load balancing and failover functions. SIEM integration The Airlock Operations app for Splunk Enterprise makes aggregated management reports available on security issues and application usage. Network administrators can use various dashboards to investigate security-critical events so application and performance problems are rapidly resolved. Simple operation Airlock is a linux-based software appliance with a hardened operating system. It runs on the common hardware platforms, in virtual machines and in the cloud. Airlock offers a fast and easy installation and allows cost efficient operation. Airlock system overview SAML Assertion Flickering Mobile TAN Client Certificate Cross Domain SSO with SAML or OAuth 2.0 Corporate Network Kerberos/ Smart Card Password Management/ Transaction Signing RADIUS Client A B C D Mobile TAN Mobile OTP Database/ Directory PKI Applications Application in other Domain

Product information Login Practical, lean and secure: Airlock Login is the ideal complement to Airlock WAF for reliable user authentication and authorization. Airlock Login offers efficient solutions and easy handling at an attractive price. Airlock Login features convincingly high usability and straightforward configuration. Solid basis for more Because it is directly integrated with Airlock WAF, Airlock Login allows fast and convenient implementation of strong upstream user authentications with in-company single sign-on. There may be a need for extensive additional functions such as web service interfaces, step-up authentication workflows, support for cross-domain SSO or user self services. In these cases, an upgrade from Airlock Login to Airlock IAM could not be easier: simply import a new license, and the Airlock IAM functions will be activated. Secure and strong access control Virtually every modern web application requires user identification to allow certain types and levels of access. Airlock Login provides upstream authentication and allows access control for customers and employees to be centralised and run independently of the business logic. Single sign-on (SSO) Airlock Login ensures that even legacy web applications with own user master records can be easily integrated in the standardised web single sign-on infrastructure. Easy configuration also in regard to running time Configurations can be efficiently processed using the graphic editor. Airlock Login has a flexible architecture that permits configuration changes at run-time without any session loss or operational disruption. Airlock Login and Airlock IAM compaired Components Web-based login application Web-based administration interface Integrated database for user profiles Service containers for batch jobs and letter generation Technical interfaces Authentication 1 and 2-factor authentication Password verification against directory (LDAP, MSAD), OTP token server via RADIUS, RSA SecurID, MTAN (SMS), client certificates Role-based access control (RBAC) Complex authentication workflows (e.g. step-up, step-down) Support for a wide range of additional authentication methods Dynamic access control (based on environment attributes) Login application Change and reset password via email Portal funktion User self-services Various other functions (representation, GTCs, maintenance reports /notifications, etc.) Single Sign-on (SSO) and identity federation Simple SSO (using cookies, HTTP headers, on-behalf form login, back-side Kerberos, etc.) Cross-domain SSO and identity federation Identity Management Find and show users Manage, aggregate and provision identity and role information Deployment Integration in Airlock WAF Deployment is possible outside of Airlock WAF Client capability

Product information IAM Airlock IAM is the suite s central authentication platform, including enterprise functions. With this product, customers, partners or employees log in just once for secure access to data and applications. Airlock IAM also automates user administration and provides user self-services. SSO for heterogeneous application environments In addition to a large number of supported SSO mechanisms (e. g. SAML, OpenID Connect), Airlock IAM also accepts authentication tickets issued by other entities. Cross-domain single sign-on Airlock IAM supports Federated Identity Management (FIdM) and therefore facilitates cross-domain SSO. Acting as a central identity provider (IDP) in this case, Airlock IAM registers, reports and manages user data. User data are automatically synchronised with third-party systems via the standardised interface. This always ensures a consistent status of user data for all parties. Another advantage is maximum usability. The specific services (service providers) come from other domains and use identities transmitted via SAML, OAuth or OpenID Connect. Authentication services Airlock IAM has its own integrated authentication services for matrix cards, mobile TAN via SMS and mobile OTP. All these variants are very cheap since there is no need to purchase any tokens or any special operating hardware. Their administration is fully integrated in the product. In addition other authentication services as well as many different hardware or software tokens are supported. Centralisation of user data Airlock IAM is the central point of control for the administration of authentication data. For other applications or com - ponents in SOA environments Airlock IAM provides a web service interface (SOAP or REST) which offers actions related to authentication: for example, Airlock IAM can enforce complex password policies while password changes are still made remotely in a business application. User self-services In addition to user administration, there are a number of user self-services which cover the entire lifecycle of a user account for single sign-on. The workflows for self-administration of user data cover self-registration, self-migration, self-provisioning of external logins, password changes and user profile data editing. Features Airlock WAF Secure Reverse Proxy Termination of TCP / IP SSL, SSL VPN, HTTP / S, AMF, JSON and SOAP / XML filter Multi-level filtering Dynamic whitelisting URL encryption Smart form protection Cookie protection Load balancing ICAP content filtering Content rewriter (Raw, HTML) Access control, authentication & SSO HSM support Airlock Operations App for Splunk Airlock Login Supported tokens OTP token via Radius (RSA SecurID, Kobil SecOVID, VASCO Digipass, etc.), Client certificates (X.509, SuisseID, etc.) Integrated tokens Password, Mobile TAN, Email-OTP Single sign-on Kerberos, HTTP Cookies, HTTP Headers, URL-Tickets, Basic Auth, Form Post on behalf User directories JDBC databases, LDAP directories / MS ActiveDirectory User self-services automatic password reset, portal function Operational features failover, audit log, log viewer, web-based administration console, hot deployment without restart Operatingsystems Java-based: Linux, Windows, VMWare Airlock IAM additional to Airlock Login Supported tokens CrontoSign, Kobil AST, Swisscom MobileID, OATH -Tokens Integrated tokens Mobile OTP, matrix card Identity Federation SAML 2.0 IDP / SP, OAuth 2.0, OpenID Connect Single sign-on NTLM Integrated database for user extension User administration / IAM User, token and role administration, report engine, password policy enforcement User self-services Self-registration, self-migration, self-administration, kiosk and portal function for own user data Interfaces Webapplication, RADIUS, SOAP, REST, EAP / TLS 802.1X Operational features Multitenancy, statistical evaluations

Ergon Informatik AG Merkurstrasse 43 CH 8032 Zurich +41 44 268 89 00 www.airlock.com twitter.com/ergonairlock Copyright Notice Copyright 2015 Ergon Informatik AG. All Rights Reserved. All technical documentation that is made available by Ergon Informatik AG is the copyrighted work of Ergon Informatik AG and is owned by Ergon Informatik AG. Ergon, the Ergon logo, smart people smart software and Airlock are registered trademarks of Ergon Informatik AG. Microsoft and ActiveDirectory are registered trademarks or trademarks of Microsoft Corporation in the United States and / or other countries. Other products or trademarks mentioned are the property of their respective owners. smart people smart software Founded in 1984, Ergon Informatik AG now has workforce of 235 and numbers among the most long-standing and successful IT service providers in Switzerland. Over 80 % of our employees are graduate software developers, and most of them have trained as IT engineers at the Swiss Federal Institute of Technology (ETH), Zurich one of the world s top ten universities. Ergon Informatik AG has also won multiple awards for its sustainable personnel policy. Ergon Informatik AG is a broadly diversified company that provides services to a wide variety of sectors. Ergon has exceptional expertise in sectors such as financial services, ebanking, telecommunications and security. In 1997, Ergon developed Switzerland s first ebanking system for a well-known Swiss bank. Airlock Suite, our security product, was launched on the market in 2002 and is now used by 300 customers around the globe. For more information visit www.ergon.ch

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information