SNAP: Secure Network Access Partnering



Similar documents
Certification Report

CAPP-Compliant Security Event Audit System for Mac OS X and FreeBSD

Common Criteria Evaluation Challenges for SELinux. Doc Shankar IBM Linux Technology Center

SOLARIS 10 SECURITY. Technical Overview. Andreas Neuhold Systems Practice Lead Austria Sun Microsystems, GesmbH

Oracle Desktop Virtualization

Red Hat Enterprise IPA Identity & Access Management for Linux and Unix Environments. Dragos Manac

OPTIONS / AGENTS DESCRIPTION BENEFITS

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

Security Enhanced Linux and the Path Forward

White Paper Levels of Linux Operating System Security

Red Hat Enterprprise Linux - Renewals DETAILS SUPPORTED ARCHITECTURE

IBM Tivoli Endpoint Manager for Lifecycle Management

Operating Systems compatible with GigasoftOBM / GigasoftACB (Supported Operation System List):

What s New in Centrify Server Suite 2013 Update 2

RSA ACCESS MANAGER. Web Access Management Solution ESSENTIALS SECURE ACCESS TO WEB APPLICATIONS WEB SINGLE SIGN-ON CONTEXTUAL AUTHORIZATION

Samba in the Enterprise : Samba 3.0 and beyond

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

Compatibility Matrixes. Blackboard Academic Suite

NCIRC Security Tools NIAPC Submission Summary Harris STAT Scanner

Operating System Compiler Bits Part Number CNL 6.0 AMD Opteron (x86-64) Windows XP x64 Intel C Microsoft Platform SDK 64 P10312

How Private Industry Protects Our Country's Secrets. James Kirk

Veritas NetBackup 6.0 Server Now from Symantec

OracleAS Identity Management Solving Real World Problems

IBM Endpoint Manager for Lifecycle Management

Integrated Approach to User Account Management

Reference Guide for Security in Networks

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

Technical Specification Data

ArcSDE Oracle Database Requirements

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

IBM Tivoli Endpoint Manager for Security and Compliance

Framework 8.1. External Authentication. Reference Manual

Satish Mohan. Head Engineering. AMD Developer Conference, Bangalore

Improvements Needed With Host-Based Intrusion Detection Systems

Hitachi Backup Services Manager Certified Configurations Guide 6.5

Virtualization Case Study

HOB Remote Desktop VPN Secure access for remote workers and business partners to your enterprise network

Veritas NetBackup 6.0 Database and Application Protection

Password Self-Service for Novell edirectory. Brent McCormick Novell Corporate Technology Strategist

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Tested configuration for Major versions of Primavera:-

IBM Tivoli Endpoint Manager for Lifecycle Management

MySQL Security: Best Practices

Using Likewise Enterprise to Boost Compliance with Sarbanes-Oxley

Migrate AS 400 Applications to Windows, UNIX or Linux

IBM Tivoli Identity Manager

Access Management Analysis of some available solutions

Patch Assessment Content Update Release Notes for CCS Version: Update

VERITAS NetBackup 6.0 Database and Application Protection

SnapServer NAS GuardianOS 5.2 Compatibility Guide October 2009

Integration with Active Directory. Jeremy Allison Samba Team

VERITAS NetBackup 6.0 Enterprise Server INNOVATIVE DATA PROTECTION DATASHEET. Product Highlights

Common Criteria. Introduction Magnus Ahlbin. Emilie Barse Emilie Barse Magnus Ahlbin

Name Description Included in

BMC CONTROL-M Agentless Tips & Tricks TECHNICAL WHITE PAPER

<Insert Picture Here> Oracle Database Support for Server Virtualization Updated December 7, 2009

FREQUENTLY ASKED QUESTIONS

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

EMC Software Release and Service Dates for NetWorker and NetWorker Modules Last Updated on August 16, 2012

Securing Virtual Applications and Servers

Symantec Disaster Recovery Advisor

Heroix Longitude Quick Start Guide V7.1

Introduction to Computer Administration. System Administration

IBM Tivoli Directory Integrator

Enterprise Security Solutions

Vormetric Encryption Architecture Overview

BladeLogic Software-as-a- Service (SaaS) Solution. Help reduce operating cost, improve security compliance, strengthen cybersecurity posture

Detecting a Hacking Attempt

Veritas Cluster Server by Symantec

Data Sheet: Disaster Recovery Veritas Volume Replicator by Symantec Data replication for disaster recovery

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES

Red Hat Enterprise ipa

Secret Server Qualys Integration Guide

IBM Tivoli Endpoint Manager for Security and Compliance

What s New in Centrify Server Suite 2014

Red Hat Enterprise Linux 6. Stanislav Polášek ELOS Technologies

RSA AUTHENTICATION AGENT SUPPORTED PLATFORMS

Discovery and Usage data for Software License Management

FOR SERVERS 2.2: FEATURE matrix

SOLUTION BRIEF. Advanced ODBC and JDBC Access to Salesforce Data.

Oracle Business Intelligence Publisher. 1 Oracle Business Intelligence Publisher Certification. Certification Information 10g Release 3 (

CA Privileged Identity Manager r12.x (CA ControlMinder) Implementation Proven Professional Exam

Product Brief. DC-Protect. Content based backup and recovery solution. By DATACENTERTECHNOLOGIES

Symantec Backup Exec 12 for Windows Servers

Best Practices, Procedures and Methods for Access Control Management. Michael Haythorn

Quest InTrust. Version 8.0. What's New. Active Directory Exchange Windows

Access Control Intro, DAC and MAC. System Security

The syslog-ng Store Box 3 LTS

Standard: Event Monitoring

Transcription:

SNAP: Secure Network Access Partnering (and Partnering for Secure Network Access ) Dynamic Coalition Formation at its best (sigmund@best). Inherent Security. HA. High-Performance. Server/Storage Virtualization. Scalability. UNIX/Linux, Windows & Mac OS X Interoperability 1

Business Challenges for the Defense, Government, Intelligence, Public Safety Communities and High-Sensitive Industrial Areas Access to multiple overlapping Security Domains Secure data transfer between Domains Ability to meet the highest Common Criteria Evaluation Access Level (EAL) Scalability and HA Maximize operation efficiency MINIMIZE COST 2

Solutions of Access to Multiple Security Domains Stove-piped ("Air Gap") Solution + physically isolated clients (networks) - often resulting in up to 10 different PCs in a single office Overlapping Domains Solution + allows collaboration on defined data by role-based individuals using defined processes on overlapping domains - requires the highest Common Criteria Eval. Acc. Level (EAL) certification of the OS in order to become 'Air-Gap'-Secure 3

SNAP Overlapping Security Domains Solutions Proven in Real- World Applications Joint Intelligence Center Pacific (JICPAC) Intelligence Center for the Pacific Command Collaboration between multiple disparate intelligence and military agencies requires simultaneous access to applications residing in multiple secure domains 24/7h operation of 1000 seats Maximize operation efficiency Projected 90% cost reduction over 5 years Meets highest levels of DOD Trusted Computing Deployment Criteria Space and Naval Warfare Systems Command (SPAWAR) Secure collaboration among up to 60 countries involved in the coalition effort in Persian Gulf Multiple levels of security and access spec's Intelligence Government Control Center military INS DEA Coalition Sun Network Access Platform Solution 4

Ready f. Collaboration-Deployment by Industry/Commerce, EDU&Research, Regional&Local Public Authorities? Enterprise Headquarters, Central EDU & Research Institution Regional Industry or Commerce Subsidiary, EDU &Research Site, Public Authotity Branch Office, Local EDU& Research Site, Local Public Authority Home Office, Collaborating Partner, Outsourced Capacity, Mobile Use, Public Access Kiosk 5 5

Function Independent Certification - Common Criteria IBM Sun Sun HP Microsoft Red Hat AIX 5L v5.3 Solaris 10 HP-UX 11i EAL 4, CAPP, RBACPP, LSPP (B1) Provides the highest level of assurance of any OS EAL 4, CAPP (C2) W2k oly Provides the second highes level of assurance of OS More Granular User Control Role-Based Access Control (RBAC) (Adminis. enforced) Ability to allocate access rights based on role. BENEFIT: Increases the accountability and granularity of user control over other standard OS levels. User Rights Management Centralized database which specifies what users rights are granted to users. BENEFIT: Limits user's access to applications and functions within applications. Process Rights Management Fine-grained privileges are used instead of a single superuser. BENEFIT: Limits the power of applications so that they are not subject to abuse. Prevent Eavesdropping in Windows Environment Trusted X11 Windows Environment Enforces mandatory and discretionary access control within the window system. BENEFIT: All wiindows are labeled according to their sensitivity. OS Security Functions Partial (No Admins.) Partial Partial Partial (No Admins.) (No Admins.) Trusted Solaris 10 Windows Server 2003 N.A. Advanced Server 4.0 (SE Linux) 6

Function Trusted Path Allows for uninterrupted communication between the Trusted X11 windows server and the window manager. BENEFIT: Helps assure that users are not tricked by hostile programs into supplying information that might be used to penetrate the system. Selection Confirmation Forces users to confirm the transfer of information (text, graphics, etc.) between windows. BENEFIT: Prevents information flow between windows system objects. Increased Privacy Mandatory Access Control (MAC) A system-enforced policy in which all data objects are labeled according to their sensitivity and users may be cleared for one or more labels. BENEFIT: Prevents information flow between users and processes unless they have compatible labels. Labeled Printing Associates sensitivity label ranges with individual printers. Records label of data on each page and on banner and trailer pages. BENEFIT: Restricts the security levels of information sent to individual printers. Guarantees that output is properly labeled. OS Security Functions (Cont'd.) IBM Sun Sun HP Microsoft Red Hat Windows Advanced Trusted AIX 5L v5.3 Solaris 10 HP-UX 11i Server Server 4.0 Solaris 10 2003 (SE Linux) Partial 7

OS Security Functions (Cont'd.) Function Trusted Networking All information flows on a system are labeled and access control is enforced.benefit: Prevents information flow between clients and servers unless they have the same label. Multi-level File System All files and directories are protected according to their label BENEFIT: Prevents information from being downgraded via the file system. Reduced Risk of Security Violations Security Labels Allows information to be classified at appropriate security sensitivity levels. BENEFIT: Only owners with the corresponding security clearance can access the information residing on the device. Clearances The degree of security with which a user is entrusted. BENEFIT: Restricts access based on need to know. Audit all or Selected User Actions Records all security-relevant events in a tamper-proof audit trail. BENEFIT: Allows securing of data deemed highly secure. IBM Sun Sun HP Microsoft Red Hat Windows Advanced Trusted AIX 5L v5.3 Solaris 10 HP-UX 11i Server Server 4.0 Solaris 10 2003 (SE Linux) Partial 8

Function Prevent Spoofing Programs Trusted Path Attribute A process attribute which indicates the ancestry of trusted programs. BENEFIT: Process with questionable ancestry can't acquire privilege via RBAC. Limit Privileges Defines an upper bound for a zone, or for an account. BENEFIT: Applications can't become more powerful than they already are. Protect Local Devices from Unauthorized Users Device Allocation based on Label Assigns a device or group of devices to a particular user or group of users based on security labels and MAC privileges. BENEFIT: Prevents unauthorized removal of data from the system. Pluggable Authentication Module An extensibile authentication framework with standard APIs. BENEFIT: Provides failed-login account locking, trusted path checking, and machine generated passwords, without the need to change code. Name Service Support All systems share a common repository of security attributes and policies. BENEFIT: Provides a single system image with consistent identity and policy. OS Security Functions (Cont'd.) IBM Sun Sun HP Microsoft Red Hat Windows Advanced Trusted AIX 5L v5.3 Solaris 10 HP-UX 11i Server Server 4.0 Solaris 10 2003 (SE Linux) No - proprietary 9

OS Security Functions (Cont'd.) IBM Sun Sun HP Microsoft Red Hat Windows Advanced Trusted AIX 5L v5.3 Solaris 10 HP-UX 11i Server Server 4.0 Solaris 10 Function 2003 (SE Linux) Trusted Mail E-mail can be received by an account only if the message is within the account's clearance. BENEFIT: Prevents information flow between users unless they have the same label. Investment Protection Runs most Off-the-Shelf Solaris Apps. BENEFIT: Protects customer's existing application development. Runs Alongside Standard Solaris BENEFIT: Allows customers to add Trusted Solaris security to systems as needed while continuing to use their existing systems. N.A. N.A. N.A. N.A. N.A. N.A. N.A. N.A. N.A. 10

Summary: The Most Secure Certified Operating Environment in the Industry Is By Far the Trusted Solaris Trusted Solaris Solaris EAL4 or EAL4+ (c2) (CAPP only) Windows 2000 HP-UX EAL4 (B1) (CAPP, RBPP, LSPP) IBM AIX EAL3 SGI Irix EAL 2 Based on data from http://www.commoncriteria.org/ccc/epl/producttype/eplinfo.jsp?id=4 Linux Only OS Certified with EAL4 and 3 Protection Profiles in EAL4: CAPP: Controlled Access Protection Profile (Ensures proper login) RBPP: Role-based Protection Profile (Role-based access control allows the system administrator to define roles based on job functions within an organization. The administrator assigns privileges to those roles) LSPP: Labeled Security Protection Profile (All data and application components are formally labeled addressed, and tracked through role based access control. 11

Implications: Widespread deployment of the Sun Secure Network Access Platform (SNAP) for collaboration in high-security areas with overlapping Security Domains Top Secret Top Secret Releaseable on the Partner A Secret Secret Releaseable on the Partner B Secure Network Access Platforms deployed e.g. in the area of Homeland Security: its Security Domains overlap with those of - Defense - Government - Intelligence - Public Safety Communities relying on the Security Certification of Trusted Solaris Top Secret Releaseable on Partner A Secret Releaseable on Partner B 12

Ready for Industry/Commerce/Local Public Communities? Don't reinvent the wheel: you can start to evaluate&implement Secure Network for Collaboration today - if you involve a local EDUand/or Public R&D partner (Call sigmund@best - Secret 089/9506080) Confidential Unclassified for Emplyees Shared w/ external EDU or R&D Partner C Shared w/ Secure Network Access Platforms for collaboration with your local EDU and/or Public R&D partners - they get Trusted Solaris for free if deployed in Research&Development Projects in conjuction with - Industry - Commerce - Local, Regional or Government Public Authorities - other EDU & Research Institutions Secret ext.edu/r&d Partner C 13

Don't Reinvent the Wheel Use the proven Reference Architectures while collaborating w/ a local EDUor R&D institution of your choice Anläßlich der Fachtagung best Open Systems Spring'05 laden wir Sie zu unsem Frühjahrs-Sonderprogramm in Zusammenarbeit mit der bayerischen Lehre & Forschung ein, um die Praxisanbindung von F&L an die Industrie/Kommerz/Behörden in Bayern zu fördern *): SNAP - Secure Network Access Partnering Action - Pre-integrated&tested Secure Network Access Plattforms **) - Real-world proven Reference Architectures - collaborative design within 2 hours on your site - flexible to meet your needs - Customer-Ready-Solution coming pre-integrated&tested with detailed Techn.Guides - best Systeme GmbH is a. Sun Data Center System Provider. Sun Service Manager. Sun Accredited Installation Provider (AIP). Sun Cluster Specialty Partner. Sun Campus Reseller for EDU & Research. Preferred Oracle Real Application Cluster (RAC) Partner of Oracle Corp.. Preferred Partner of Veritas, Legato, StorageTek, IBM, HDS, ADIC, Cisco SNAP-5 5 Arbeitsplätze 8.500,00 (+MwSt.) heterogene Secure Network Konfiguration 1 64-Bit AMD Opteron150 Workstation 2.4GHz/1GB/Grafik 1 64-Bit Unix RISC Workstation 1.5GHz/3GB/Grafik 2 SunRay Secure Clients 1 SunRay Remote Secure Client (wie Notebook, inkl. TFT-LCD) - incl. aller SW-Liz. (m. Ausnahme der MS Win. Liz. f. d. Teilpos.1, Opter.WS) f. d. Dauer einer bis zu 2-Jahres-Aufbauphase von SNAP bei Ihnen - ext. Monitore nicht beinhaltet (beliebige PC-Monitore verwendbar) SNAP-8 8 Arbeitsplätze 11.500,00 (+MwSt.) wie oben, jedoch 3 SunRay Secure Clients 3 SunRay Remote Secure Clients (inkl. TFT) *) Zeitlich begrenzte Sonderaktion bis zum 13.5.2005 Irrtum und Änderungen der Hersteller vorbehalten **) Call 089/9506080 oder sigmund@best.de 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information