1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik...
-
Upload
jase-isherwood -
Category
Documents
-
view
220 -
download
0
Transcript of 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik...
![Page 1: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/1.jpg)
1997 Entrust Technologies Orchestrating Enterprise Security
Entrust Public Key InfrastructureEntrust Public Key Infrastructure
Erik SchetinaChief Technology Officer
IFsec, [email protected] www.ifsec.com
![Page 2: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/2.jpg)
1997 Entrust Technologies
AgendaAgenda
Introduction to EntrustWhat is a PKIEntrust Product LinePiloting and Rolling out a PKIQuestions
![Page 3: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/3.jpg)
Certification
Authority
Certificate
RepositoryCertificate
Revocation
Key Backup
& RecoverySupport for
non-repudiation
Automatic
Key Update
Key HistoriesCross-certification
What is a PKI?What is a PKI?
Timestamping
![Page 4: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/4.jpg)
1997 Entrust Technologies
p. 4
PKI RequirementsPKI RequirementsCertification AuthorityCertificate repositoryRevocation systemKey backup and recovery systemSupport for non-repudiationAutomatic key updateManagement of key historiesCross-certificationTimestamping servicesClient-side software
![Page 5: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/5.jpg)
1997 Entrust Technologies
PKI with EntrustPKI with Entrust
Consistent security and trustSingle password and keys secure all
applicationsAutomated key management
• Key backup/recovery• Certificate issuance, storage and revocation• Key distribution, rollover and expiry
Low administrative cost/burden
![Page 6: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/6.jpg)
1997 Entrust Technologies
PKI without EntrustPKI without Entrust
Inconsistent security and trust• Fragmented or non-existent policies and
key management functionsSecurity “silos”
• Each application performs its own security• Multiple key pairs and certificates• Multiple passwords• Costly, burdensome administration
![Page 7: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/7.jpg)
1997 Entrust Technologies
p. 7
Entrust ComponentsEntrust Components
Certificate AuthorityDirectoryClient Software (Certificate Store)
• E-Mail • Web• VPN• Any Entrust-Ready Application
Applications
![Page 8: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/8.jpg)
1997 Entrust Technologies
p. 8
What is Key Management?What is Key Management?
Issues:• generating keys• keeping backup keys• dealing with compromised keys• changing keys• restoring keys
Key and certificate management is difficult
![Page 9: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/9.jpg)
1997 Entrust Technologies
p. 9
Why is Key Management Important?Why is Key Management Important?
User EnrollmentKey RenewalRestoration of Lost KeysAutomated functionality
![Page 10: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/10.jpg)
1997 Entrust Technologies
p.
10
Certificate-Issuing Services (CA)Certificate-Issuing Services (CA)What they provide:
Issue certificates for a fee (per cert/per year)
What you don’t get: Little control over certificate issuance policies No key recovery (forgotten password = lost data) No key history (what happens when certificates expire?) Liability issues No control over trust model and root keys No automatic and transparent certificate revocation
checking No client capabilities
![Page 11: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/11.jpg)
Entrust ArchitectureEntrust ArchitectureSecurity Officers
Entrust AdministratorsDirectory Administrators
Entrust-Ready applicationsand Entrust/Engine desktop crypto software
Entrust Users
Entrust/Manager
Entrust/Admin
… …
… …
Directory
![Page 12: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/12.jpg)
1997 Entrust Technologies
The DirectoryThe Directory
Stores certificates, CRLs, cross-certificates, ...
Interoperates with numerous LDAP-compliant directories• ICL, Control Data, Digital, Netscape,
Unisys, ...• supports Directory distribution
Supports redundancy
![Page 13: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/13.jpg)
1997 Entrust Technologies
p.
13
Entrust ProductsEntrust Products
Entrust/Entelligence• Stores and Manages Certificates
Entrust/Express - Email plug-inEntrust/Direct - Web, ExtranetEntrust/Unity - SSL & S/MIMEEntrust/Access - VPNEntrust/Toolkit - Enable applicationsEntrust/TimeStamp
![Page 14: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/14.jpg)
1997 Entrust Technologies
Entelligence on the DesktopEntelligence on the Desktop
Tight integration into Entrust-Ready applications
Secure key storage options• smart cards, PC cards, biometric devices,
and secure software profilesSecure single log onConsistent, trustworthy key lifecycle
management across applications• minimizes administrative costs
![Page 15: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/15.jpg)
‘Entrust-Ready’ Desktop Architecture
to Entrust/Manager and Directory
EntrustUser
...
“Entrust-Ready” applications
Entrust/Engine
Communications Services
Tokens
...
SecurityKernel
Userprofile
Personaladdressbook
PKCS #11
![Page 16: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/16.jpg)
1997 Entrust Technologies
p.
16
Orchestrating Enterprise Security 1998 Entrust Technologies p. 1
Too lk it™Entrust/Toolkit Integration
Entrust-Ready Remote Access
Entrust-Ready E-mail
Entrust-Ready E-forms
Entrust-ReadyBrowser
Entrustbecomes the
securitymanagementpoint for all
Entrust-Ready
applicationsand services
![Page 17: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/17.jpg)
Secure e-mail made easySecure e-mail made easy
![Page 18: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/18.jpg)
What is Entrust/Express?What is Entrust/Express?
Secure e-mail plug-in for users of Microsoft Exchange and Microsoft Outlook
Encrypt and/or digitally sign message text and attachments
Provides message confidentiality and integrity
For Windows 95 and Windows-NT 4.0
![Page 19: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/19.jpg)
1997 Entrust Technologies Orchestrating Enterprise Security
Secure VPNs/Remote Access
Entrust/Access
Secure VPNs/Remote Access
Entrust/Access
![Page 20: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/20.jpg)
1997 Entrust Technologies
Virtual Private NetworksVirtual Private Networks
What is a VPN?• A private and secure network carved out of
a public or insecure networkRelevant Standards
• IPSec - interoperable packet-layer encryption
• ISAKMP Oakley - users are authenticated with digital signatures and X.509 certificates
![Page 21: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/21.jpg)
1997 Entrust Technologies
VPN PartnersVPN Partners
Remote Access, Firewall, VPN GatewaysMilkyway -SecurITRaptor - EagleMobile ProTimestep- PERMIT Product SuiteStac - ReachOutSagus - DefensorKyberPASS Check Point - FireWall-1
PASSKyber
![Page 22: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/22.jpg)
1997 Entrust Technologies
Secure Remote AccessSecure Remote Accessprovides significant cost savings over
dial-up (phone lines, maintenance, ID cards)
scalable - able to grow as the demand for remote access increases.
InternetVPNGateway
Entrust Manager
Human Resources Server
Finance Server
Mobile User
![Page 23: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/23.jpg)
1997 Entrust Technologies Orchestrating Enterprise Security
Secure Extranet Applications
TM
![Page 24: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/24.jpg)
1997 Entrust Technologies
Intra/Extra Net SolutionIntra/Extra Net Solution
Target Solution
• Provides Entrust Enterprise Solution PKI capabilities to off-the-shelf Web browsers and servers
• Thin client software on user desktop
• Extranet applications
Internet, Intranet,or Extranet
Web Browser
WebBrowser
WebBrowser
ServerWebBrowser
CONNECTORWeb
CONNECTOREnterpri se
CONNECTORSET
CONNECTORVPN
![Page 25: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/25.jpg)
Security you set and forgetSecurity you set and forget
![Page 26: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/26.jpg)
Desktop/laptop encryption softwareEasy-to-useWorks with any desktop applicationAutomatic encryption Security on-line or off-lineWindows 95 and Windows-NT 4.0
Entrust/ICEEntrust/ICE
Orchestrating Enterprise Security1997 Entrust Technologies p. 26
![Page 27: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/27.jpg)
Entrust-Ready ApplicationsEntrust-Ready Applications
Web BrowserEmailWorkgroupSmart Cards and BiometricsVPNFormsHuman Resources
![Page 28: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/28.jpg)
1997 Entrust Technologies
p.
28
Deploying a PKIDeploying a PKI
Begin with a pilot• Pick a single application• Evaluate the technology• Prove the utility
Currently piloting Entrust• CA, X.500, Secure E-Mail• Lotus Notes• Short time to deploy (weeks)
![Page 29: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/29.jpg)
1997 Entrust Technologies
p.
29
Deploying a PKI (cont.)Deploying a PKI (cont.)
Rolling out an Operational PKI• Planning and Goals• Acceptable Usage (CPS)• Disaster Recovery• Applications
Access to records E-commerce with State contractors Remote access to internal resources
![Page 30: 1997 Entrust Technologies Orchestrating Enterprise Security Entrust Public Key Infrastructure Erik Schetina Chief Technology Officer IFsec, LLC eriks@ifsec.com.](https://reader035.fdocuments.net/reader035/viewer/2022062423/56649c935503460f9494ed68/html5/thumbnails/30.jpg)
1997 Entrust Technologies
p.
30
SummarySummary
Automates user administrationIntegration across many applications
(single sign-on)Enables trustworthy business over the
webGrowing collection of Entrust-enabled
applications