View
216
Download
0
Category
Tags:
Preview:
Citation preview
Workplace Security threats and countermeasuresFujitsu Siemens Computers
Yiannis Koukoutsis October 2007
© Fujitsu Siemens Computers 2007 All rights reserved2
Agenda
Security Risks
Security Areas
Product Portfolio
Security Technologies
Manageability
Summary
© Fujitsu Siemens Computers 2007 All rights reserved3
Security Risks
Security Risks
Security Areas
Product Portfolio
Security Technologies
Manageability
Summary
© Fujitsu Siemens Computers 2007 All rights reserved4
Security risks
Growing usage of mobile devices requires a higher security level
More and more devices get lost, broken or even stolen
Malicious software deletes, modifies and accesses your data
Unauthorized persons try to eavesdrop your data locally and over the net
© Fujitsu Siemens Computers 2007 All rights reserved5
on the move
Hotspot
Branch / Home Office
IT Scenarios
Corporate Network
Public Networks
(PSTN, Internet, 3G)
Application servers
Database server
Web servers
Email servers
Campus Users
Wi-Fi
Wi-Fi
3G
© Fujitsu Siemens Computers 2007 All rights reserved6
an average of 81 viruses are discovered per company per year (IDC)
70% of German companies are affected by the misuse of user rights (Meta Group)
rising costs through loss of working hours and IT personnel
in average a 6-month budget for marketing is needed to repair damages of company image
Lead to
• Downtimes
• Loss of Data
• Insolvencies
Affect
• Stock value
• Customer loyalty
• Financial strength
Weaknesses in information security
© Fujitsu Siemens Computers 2007 All rights reserved7
What is IT Security?
Confidentiality (privacy) No information access
without authorization
Integrity No alteration of information
without authorization
Availability Ensure access to information for
authorized users when required Prevent Denial of Service
Dataand
services
Availability
Con
fiden
tialit
y
IntegrityCIA triangle
© Fujitsu Siemens Computers 2007 All rights reserved8
Security Cycle
• Risk analysis of business processes
• Security analysis of application systems
• Security policy(objectives, responsibility, focal points)
• Security roadmap(costs, benefits, financing)
• Residual-risk management (emergency handling)
• implementation
• administration
• monitoring
• reviews
Training
Awareness
Know-How Transfer
© Fujitsu Siemens Computers 2007 All rights reserved9
Underlying principles going forward
Security is not binary
Security must support the business
Security is an everyday job
Security and operations are now tightly integrated
Security is multifaceted
Policy, response, and measurement are key
Enforcement is fast becoming an operational task
© Fujitsu Siemens Computers 2007 All rights reserved10
Security Areas
Security Risks
Security Areas
Product Portfolio
Security Technologies
Manageability
Summary
© Fujitsu Siemens Computers 2007 All rights reserved11
IT Security Components
Accountability
Authentication
Confidentiality
Access control
Firewall
Digital signature
Public Key Infrastructure
Encryption
VPN
Trusted Operating System
Intrusion Detection System
Virus protection
S/Mime, http-s
IPSec, SSL
Single Sign On
SmartCards, Token USB
© Fujitsu Siemens Computers 2007 All rights reserved12
Strategic Security Areas
Implementation & Operation
NetworkSecurity
WLAN Security
Securityassessment
Patch managementPKI Interfaces
WEB contentfiltering
Spam filtering
Intrusion detection
VPN
Firewall
Security Policy
Consulting
Services
PKI
Physical
Security
Theft protection
System IntrusionDetection
User
Security
SmartCard
Fingerprint
OS Logon
Single-Sign-On
System
Security
Anti-Virus BIOS Virus Protection
Enable/Disable PnP devices
Pre-Boot HDD Password
Data Encryption
TPM support
Anti Spam
PersonalFirewall
Advanced Security
BasicSecurity
© Fujitsu Siemens Computers 2007 All rights reserved13
Theft protection
Kensington MicroSaver
Kensington PocketSaver
Housing Lock and Seal Option for deskbound PC
System Intrusion Detection
Intrusion Detection Switch (in combination with DeskView)
Physical Security Products
Physical
Security
Theft protection
System IntrusionDetection
© Fujitsu Siemens Computers 2007 All rights reserved14
System Security Products
BIOS Virus Protection
BIOS Pre-Boot Supervisor and User Password
BIOS Pre-Boot Systemlock smart card based BIOS and system access
BIOS Pre-Boot HDD Password
TPM support
Data Encryption
TPM based Microsoft Bitlocker
TPM based container encryption (SecureDrive)
Email Encryption with TPM or SmartCard
System
Security
Anti-Virus BIOS Virus Protection
Enable/Disable PnP devices
Pre-Boot HDD Password
Data Encryption
TPM support
Anti Spam
PersonalFirewall
© Fujitsu Siemens Computers 2007 All rights reserved15
Is your logon safe?
© Fujitsu Siemens Computers 2007 All rights reserved16
User Security Products
User
Security
SmartCard
Fingerprint
OS Logon
System Access
SmartCard
SmartCaseTM SmartCard reader/writer built-in
SmartCaseTM SmartCard reader/writer external via USB, Cardholder, PC Card or Express Card
SmartCaseTM SmartCard
SmartCase Token USB
USB smart card reader and smart card as a single device
Fingerprint
Biometric fingerprint recognition in dedicated systems
SmartCase Fingerprint USB as external solution
SmartCard/Fingerprint based Operating System Logon (SmartCaseTM Logon+)
Single-Sign-On
Easy-Sign-On to Web application
Single-Sign-On
© Fujitsu Siemens Computers 2007 All rights reserved17
Product Portfolio
Security Risks
Security Areas
Product Portfolio
Security Technologies
Manageability
Summary
© Fujitsu Siemens Computers 2007 All rights reserved18
Security Keyboards- more than just a input device
Function Feature BenefitsUSB security Keyboard with
integrated SmartCard reader/writer
SmartCase™ KB SCR Pro
Secure access control with SmartCase™ Logon+ security application
SystemLock support (BIOS Pre-Boot protection)
Secure PIN-Entry (Class 2 Reader)
Digital signature compliant according to Common Criteria EAL3+
HBCI compliant
MKT 1.0 trusted product certified for Germanhealth insurance cards (KBV)
Use SmartCards for
Data encryption
PKI
Electronic payment
Healthcare solutions
Digital signatures
Secure network and Operating System Logon
© Fujitsu Siemens Computers 2007 All rights reserved19
SmartCard readers/writersHigh-Level security functions
Function Feature BenefitsSmartCase™ SCR (USB)
External SmartCard reader/writer
SmartCase™ SCR (USB int.)Internal SmartCard reader/writer
SmartCase Token USB
Secure access control with SmartCase™ Logon+ security application
Meets all major standards
USB 2.0 Reader, class 1
Supports all established SmartCards due to PC/SC and ISO 7816/1-4 compliance
Use SmartCards for
Data encryption
PKI
Electronic payment
Healthcare solutions
Digital signatures
Secure network and Operating System Logon
© Fujitsu Siemens Computers 2007 All rights reserved20
SmartCard readers/writersHigh-Level security functions
Function Feature BenefitsSmartCaseTM Cardholder
(PC Card) for systems with integrated SmartCard chipset
SmartCaseTM SCR (PC Card)
SmartCaseTM SCR Express Card
Secure access control with SmartCase™ Logon+ security application
Meets all major standards
PC Card, class 1
Supports all established SmartCards due to PC/SC and ISO 7816/1-4 compliance
Use SmartCards for
Data encryption
PKI
Electronic payment
Healthcare solutions
Digital signatures
Secure network and Operating System Logon
© Fujitsu Siemens Computers 2007 All rights reserved21
SmartCase™ Logon+Secure and comfortable authentication
Function Feature BenefitsSmartCase™ Logon+
Secure operating system Logon
Single-Sign-On / Password Management
SmartCard / fingerprint support
Operating System Logon
Single-Sign-On to Microsoft Windows, web pages, Password management
SecureDrive Container encryption
No unauthorized access to your system
Reduced helpdesk calls in terms of lost password
Easy-Sign-On for all business relevant applications and
Websites
© Fujitsu Siemens Computers 2007 All rights reserved22
Security Technologies
Security Risks
Security Areas
Product Portfolio
Security Technologies
Manageability
Summary
© Fujitsu Siemens Computers 2007 All rights reserved23
FingerprintEasy-to-use security functions
Function Feature Benefits Integrated fingerprint
sensor Powerful access control
mechanism with SmartCase™ Logon+ security application
Fingerprint template can be stored to smart card
No unauthorized access to your system
Reduced helpdesk calls in terms of lost password
Easy-Sign-On for all business relevant applications and Websites
© Fujitsu Siemens Computers 2007 All rights reserved24
SmartCard
Function Feature BenefitsSmartCase™ SmartCard
compliant with ISO 7816 (parts 3, 4, 5, 8, and 9).
Protection against all known security attacks
Efficient Crypto Coprocessor for secure cryptographic functions and key generation for strong encryption of data and files
Supports PC/SC / PKCS#11 / CSP and CT-API
ISO 7816-compatible commands for the applications
Safe and secure storage of passwords and logon names
Encryption and digital signatures for e-mail programs and web-browsers
Easy Operating System logon/logoff
© Fujitsu Siemens Computers 2007 All rights reserved25
Trusted Platform Module
Function Feature BenefitsBuilt-in module to enhance
the security level on your system and in your network
Full 3rd party application support based on industry leading security interfaces (PKCS#11 and MS-CAPI)
TPM Cryptographic Service Provider (CSP)
Data Encryption with TPM and Microsoft Encrypted File System, Bitlocker
Encryption and digital signatures for e-mail programs and web-browsers
© Fujitsu Siemens Computers 2007 All rights reserved26
SmartCaseTM Logon+
SmartCase Logon+OS Logon
SmartCase Logon+Single Sign-On
User Authentication
Automatic authentication to websites
and / or
© Fujitsu Siemens Computers 2007 All rights reserved27
Manageability
Security Risks
Security Areas
Product Portfolio
Security Technologies
Manageability
Summary
© Fujitsu Siemens Computers 2007 All rights reserved28
Manageability and Security link the Business client product portfolio
Displays, Keyboards, Software
Business Clients Security
ManageabilitySecure products for business clients
Most efficient client management with DeskView
Pocket LOOX
LIFEBOOK / CELSIUS notebook
AMILO Pro
STYLISTIC
FUTRO
CELSIUS
ESPRIMO
SCENIC
© Fujitsu Siemens Computers 2007 All rights reserved29
Summary
Security Risks
Security Areas
Product Portfolio
Security Technologies
Manageability
Summary
© Fujitsu Siemens Computers 2007 All rights reserved30
Security threats and countermeasures
Services
OS
Data
Device
BIOS
Network
Modify, delete
Modify, delete, overload
Read, modify, delete
Damage, intrusion, theft
Read, modify, delete
Intrude, eavesdrop,overload, paralyze
People
Unauthorized use,Social engineering
Malicious code
Virus, worm, Trojan,logic or time bomb,root kit, backdoor,
spy-ware, ad-ware, spam, hoax, phishing
SniffingMan in the middle,
key logger
Denial of service
Physical protection
Mechanical features, alerts
Access protectionfor data and applications
Authentication, encryption
Detection and removalof abnormalities
Anti-virus, RKD, firewall,Intrusion detection / prevention,
web and content filtering
Backup and recovery
Patch management
Out of scope: Accidental Threats ( Environmental Force, Technical Failure, Human Error)
BIOS security functions
Client security solutions by
© Fujitsu Siemens Computers 2007 All rights reserved31
Backup and recovery
Scheduled and automatic backup
Local backup to (hidden) partition or backup medium Data recovery anywhere and anytime, without being connected Evade bandwidth bottlenecks (remote and disconnected users)
Network backup Minimize network traffic by efficient and intelligent compression methods Minimize required network bandwidth No extra storage media
Single keystroke recovery (rollback to a known good state) Minimize downtime, increase user productivity and satisfaction Reduce help desk cost and free resources for other tasks
Examples Windows Backup and Restore Center Altiris Recovery Solution in a DeskView environment
© Fujitsu Siemens Computers 2007 All rights reserved32
Security from Fujitsu Siemens Computers
Why?
We guarantee the implementation and integration of standard
technologies based on the best hardware platform.
Our client security products and solutions are easy to integrate in
existing IT infrastructures.
We provide direct Technical Support by in-house research & development.
We offer end-to-end solutions in cooperation with strong strategic partners.
Recommended