RSA Citrix An Introduction Agenda RSA Security Overview

  • Slides: 38
Download presentation
RSA / Citrix: An Introduction

RSA / Citrix: An Introduction

Agenda • RSA Security Overview • RSA Secur. ID Solution • Citrix / RSA

Agenda • RSA Security Overview • RSA Secur. ID Solution • Citrix / RSA Security Advantages • Citrix Secure Gateway

RSA Security at a Glance • World leader in cryptographic innovation – RSA, RC

RSA Security at a Glance • World leader in cryptographic innovation – RSA, RC 2, RC 4, RC 5, MD 5 – PKCS standards – Pioneering new digital signing and access management products • World leader in encryption software – Nearly 1, 000, 000 copies of RSA BSAFE® components in use worldwide, in everything from Web browsers to cellular phones • World leader in strong authentication – Over 11 million RSA Secur. ID® two-factor authentication products in use worldwide

Ensuring Authenticity … Secure e-Business Process

Ensuring Authenticity … Secure e-Business Process

… Means Solving these Problems User Identity Data Privacy Privileges and Personalization Transaction Integrity

… Means Solving these Problems User Identity Data Privacy Privileges and Personalization Transaction Integrity

With Enabling Technologies User Identity Authentication Data Privacy Encryption Privileges and Personalization Transaction Integrity

With Enabling Technologies User Identity Authentication Data Privacy Encryption Privileges and Personalization Transaction Integrity Authorization PKI

Delivered in RSA Products User Identity Authentication Data Privacy Encryption Privileges and Personalization Transaction

Delivered in RSA Products User Identity Authentication Data Privacy Encryption Privileges and Personalization Transaction Integrity Authorization PKI

The e-Security Continuum • Firewall • Authentication • Authorization • Privacy • Antivirus Enable

The e-Security Continuum • Firewall • Authentication • Authorization • Privacy • Antivirus Enable • Transaction integrity Defend Detect • Intrusion detection • Vulnerability assessment

RSA Secur. ID A family of products that confirm an individuals identity online, with

RSA Secur. ID A family of products that confirm an individuals identity online, with over 11 million RSA Secur. ID two factor authentication products in use worldwide

Security Pyramid: Identity is the Foundation Audit Encryption Authorization Strong Authentication Policies and Procedures

Security Pyramid: Identity is the Foundation Audit Encryption Authorization Strong Authentication Policies and Procedures

Identification vs. Authentication Identification Who are you? “I am John Smith. ” Authentication Prove

Identification vs. Authentication Identification Who are you? “I am John Smith. ” Authentication Prove it.

The Different Factors of Authentication • • • Something you know – – –

The Different Factors of Authentication • • • Something you know – – – Password PIN “mother’s maiden name” Something you have – – Physical key Token Magnetic card Smart card Something unique about you – – Fingerprint Iris/retina Face recognition Voice “Password”

Authentication concerns • Freeware tools • Password database management • Help desk costs •

Authentication concerns • Freeware tools • Password database management • Help desk costs • End user password strength • Social Engineering • Former Employees • First hack/crack target

Need for Strong Authentication • Certificates – – Exportable Binds to machine No default

Need for Strong Authentication • Certificates – – Exportable Binds to machine No default security Expensive to renew • Biometrics – – Non-replaceable Unreliable - false positives “good enough” Static - prone to replay attacks Privacy concens

Strong Authentication • ACE/Server - Secur. ID – Two Factor Authentication • Something you

Strong Authentication • ACE/Server - Secur. ID – Two Factor Authentication • Something you know • Something you have – Changes every 60 seconds – One-time password – Easily replaced – User Friendly

Two-Factor User Authentication PIN &

Two-Factor User Authentication PIN &

Time-based Token Authentication username: JSMITH Passcode: 2468 234836 PASSCODE = PIN + Token code:

Time-based Token Authentication username: JSMITH Passcode: 2468 234836 PASSCODE = PIN + Token code: Changes every 60 seconds TOKENCODE Clock synchronized to UCT Unique seed

A Closer Look at Time Synchronization Token ACE/Server 234836 Algorithm Time Algorithm Seed Time

A Closer Look at Time Synchronization Token ACE/Server 234836 Algorithm Time Algorithm Seed Time Same Seed Same Time Seed

RSA Secur. ID Product Family: System Components Secur. ID Authenticators +ACE/Server +Maintenance ACE/Agents (included)

RSA Secur. ID Product Family: System Components Secur. ID Authenticators +ACE/Server +Maintenance ACE/Agents (included)

ACE / Server - the Power Behind Secur. ID • Authentication Engine, User, and

ACE / Server - the Power Behind Secur. ID • Authentication Engine, User, and Policy Manager behind Secur. ID • Carrier-Class Performance and Scale – Over 12, 000 installations – Tens of thousands of users per site • Manageability and Control – Administrative granularity, segregation of duties

The Expanding RSA Secur. ID Family • RSA Secur. ID hardware tokens • RSA

The Expanding RSA Secur. ID Family • RSA Secur. ID hardware tokens • RSA Secur. ID software tokens • RSA Secur. ID smart cards • RSA Secur. ID for the Palm Computing Platform • RSA Secur. ID for WAP devices

RSA Secur. ID Hardware Tokens RSA Secur. ID Key Fob RSA Secur. ID Combo.

RSA Secur. ID Hardware Tokens RSA Secur. ID Key Fob RSA Secur. ID Combo. Reader RSA Secur. ID PINPAD RSA Secur. ID Standard Card NEW!

RSA Secur. ID Software Token • Software token – Similar to a Pin Pad

RSA Secur. ID Software Token • Software token – Similar to a Pin Pad – Installed directly on users desktop – Easy to use and install • Palm™ Handhelds • Ericsson R 380 s smart phone • Nokia 9210 Communicator

RSA ACE/Agents • Intercept access requests and forces RSA Secur. ID authentication • Software

RSA ACE/Agents • Intercept access requests and forces RSA Secur. ID authentication • Software embedded in or layered on top of 225+ network infrastructure products from over 150+ vendors – – – Remote Access Servers (RAS) Routers Firewalls VPNs WEB • Enables RSA Secur. ID strong authentication to integrate with your existing & future infrastructure

Agents for Network and Application Access • UNIX - AIX, HP/UX, Solaris • IBM

Agents for Network and Application Access • UNIX - AIX, HP/UX, Solaris • IBM MVS OS/390 • IBM AS/400 • Microsoft Windows NT and IIS • Microsoft Windows 2000 • Novell NMAS • Netscape • Lotus/Domino • Custom Developed

RSA Secur. ID – Environment E-Business VPN Access RSA ACE/Server RSA Agent Internet Web

RSA Secur. ID – Environment E-Business VPN Access RSA ACE/Server RSA Agent Internet Web Server VPN or Firewall Mainframe Network Intranet RAS RSA Agent Remote Access Applications & Resources Enterprise Access Unix

NFuse – Key Benefits • Virtual Workplace – User-specific web-based application access “Anytime, Anyplace,

NFuse – Key Benefits • Virtual Workplace – User-specific web-based application access “Anytime, Anyplace, Anywhere” • Integration – Provide users with the broadest range of Windows and/or UNIX applications, all from a single Web browser • Personalization – Customize the content around applications and the application set that each user receives • Control – Deliver and manage applications from one location

Web Application Deployment • Users want: – Secure Access – Rich Functionality – Interface

Web Application Deployment • Users want: – Secure Access – Rich Functionality – Interface of current applications, within a web browser • Issues faced are: – Cannot guarantee the identity of users accessing sensitive data and applications – Difficult to deploy – Difficult to manage within the web environment

The Most “Basic” Web Security Solution Authentication of the Server Privacy Weak Password Authentication

The Most “Basic” Web Security Solution Authentication of the Server Privacy Weak Password Authentication NFuse Web Server & CSG SSL Encryption Only

A “Zero Footprint” Web Security Solution Authentication of the Server NFuse Web Server &

A “Zero Footprint” Web Security Solution Authentication of the Server NFuse Web Server & CSG Privacy Two-Factor User Authentication SSL Encryption w/ Two-Factor Authentication

NFuse Login The typical NFuse Login

NFuse Login The typical NFuse Login

Stronger NFuse Login with the addition of Secur. ID

Stronger NFuse Login with the addition of Secur. ID

Citrix Secure Gateway • Key Benefits – Denies direct access to internal resources over

Citrix Secure Gateway • Key Benefits – Denies direct access to internal resources over the Internet – Use 2 -factor authentication without touching Meta. Frame – Simplified client firewall traversal – Not susceptible to man in the middle attacks

RSA Secur. ID – Key Benefits • Secure Authentication – Guarantees user identity unlike

RSA Secur. ID – Key Benefits • Secure Authentication – Guarantees user identity unlike traditional static passwords – Passwords – they are the weakest link… goodbye! • Quick Time to Market – Zero Footprint – Ease of Use • Cost Reduction – Passwords expensive to maintain – Reduction in Helpdesk calls • Wide Range of Authentication Form Factors – Flexibility of choice • Hardware • Software • Smartcard

Secure Web Solutions • Users now have: - ü – Secure Access – Rich

Secure Web Solutions • Users now have: - ü – Secure Access – Rich Functionality – Interface of current applications, within a remote thin client session • Issues resolved are: - ü – Cannot guarantee the identity of users accessing sensitive data and applications – Difficult to deploy – Difficult to manage within the web environment ü ü

Summary Secure Virtual Workplace Ensuring trusted user identities, web-based access, to applications & resources

Summary Secure Virtual Workplace Ensuring trusted user identities, web-based access, to applications & resources they require “Anytime, Anyplace, Anywhere”

Thank you for your time Questions?

Thank you for your time Questions?

The Most Trusted Name in e-Security™ www. rsasecurity. com

The Most Trusted Name in e-Security™ www. rsasecurity. com