Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Symantec Encryption tuoteperhe uudet nimet
PGP Universal Server = Encryption Management Server
Whole Disk Encryption = Drive Encryption
Netshare = File Share Encryption
PGP Universal Gateway Email = Gateway Email Encryption
PGP Desktop Email = Desktop Email Encryption
PGP Desktop = Encryption Desktop
Powered By PGP Technology
2
3
PGP Universal Server
PGP Desktop
• Client management
• Email protection
• Key management
Summary of features offered
• Full disk encryption
• Shared file and folder protection
• Local file and folder protection
• Email encryption
PGP Universal Server™
• Eventually will manage all encryption applications
• Cannot manage any Symantec Endpoint Encryption (SEE) products at the moment
Centralized management for all PGP® Applications
4
PGP Universal Server Defined
• PGP Universal Server is the primary component of a PGP security architecture
• PGP Universal Server is…
5
PGP Universal Server
A Management System
• PGP Universal Server can provide policy and encrypted data recovery mechanisms for PGP Desktop clients
6
PGP Universal Server
PGP Desktop
PGP Desktop
PGP Desktop
An Email Proxy
• PGP Universal Server can proxy standard email protocols: – SMTP
– POP
– IMAP
• It can also encrypt, decrypt, sign and verify email
7
PGP Universal Server
Outbound mail
Inbound mail
A Key Management Server
• PGP Universal Server can act as a key server • It can also search other servers for keys • It can generate and issue keys for users
• It will also maintain and provide verification for keys that it manages
8
PGP Universal Server
SMIME
PGP Keys
PGP Universal Server Components
• Open-Source components
– CentOS
– PostgreSQL - back end database
– OpenLDAP - public/private key query operations
– Postfix - mail transfer agent
– Apache httpd and Jakarta Tomcat - administration and user access
• Custom PGP components
– PGP proxy daemon
– PGP key maintenance tools
– PGP update/backup utilities
10
A user does not need to understand
how to configure any of these components to administer PGP
Universal Server
PGP Desktop Defined
• A client that offers access to many cryptographic functions
– Hard disk protection
– File & folder protection
– Volume protection
– Secure file deletion
– Messaging security
11
PGP Desktop
PGP Desktop Defined
• Can be used by itself or be managed by PGP Universal Server
– If managed, all PGP application settings come from the server
– Recovery data is stored on the server
– Managed PGP Desktop is the focus of this class
12
PGP Desktop file and folder protection
• PGP Desktop also has file and folder protection
• A Winzip style product called PGP Zip
• An encrypted virtual container feature called PGP Virtual Disk
• A way to wipe data securely
13
PGP Whole Disk Encryption
• Can secure an entire hard drive by encrypting all data sector-by-sector
• Can secure partitions of a hard drive
15
• Internal drives
• USB hard drives
• Boot drive protection includes boot sectors, system, and swap files
Hard Drive Protection
16
• If an internal drive (or partition) is protected, users enter a passphrase before the system will boot
BootGuard Protection
17
Windows Single Sign On
• Enter the Windows password at BootGuard and boot directly into the Operating System without entering a password at the Windows prompt
18
PGP NetShare
• What is PGP NetShare?
– A PGP Desktop feature meant to protect shared folders
– Can also be used on local folders
– Windows only
– Can synchronize with LDAP directory groups and encrypt files to a “group” key
19
23
Client
Systems
Corporate
Mail Server
Recipients’
Systems
Recipients’
Mail Server Email at
Risk Email at
Risk Email at
Risk Email at
Risk Email at
Risk
In Motion
Where Is Sensitive Data at Risk?
Email is Vulnerable at Multiple Points—SSL/TLS
Security Alone is Not Sufficient
Email Resides at Multiple Points
Internet
PGP Universal Server
PGP Messaging Security
24
PGP Desktop
PGP for BlackBerry and Mobile devices
• Three PGP products can secure email
PGP® Email Protection - Products at a Glance
25
PGP® Desktop Email Desktop-based Email Encryption
• Automatic end-to-end email encryption
PGP Universal™
Gateway Email Gateway-based Email Encryption
• Clientless email encryption
PGP Mobile products
Blackberry Support Package
PGP Viewer for iOS devices
Encryption for Windows Mobile Devices
PGP® PDF Messenger
Statement Delivery via PDF
• For secure delivery to internal or external recipients
• Recipient does not need to have encryption keys
PGP® Web Messenger
Secure, Restricted Webmail for External Users
• Stored on PGP Universal Server
• Recipient does not need to have encryption keys
26
Email at Risk Email at Risk Email at Risk
In Motion Recipients’
Systems
Recipients’
Mail Server
Email at Risk Email at Risk
Client
Systems
Corporate
Mail Server
PGP® Desktop Email How it Works
Internet
End-to-End Email Encryption Protects
Email in Motion and at Rest
PGP® Desktop Email
PGP® Desktop Email
PGP® Support Package for BlackBerry®
PGP® Desktop Email
PGP® Desktop Email
PGP® Support Package for BlackBerry®
PGP Desktop Messaging Proxy
• PGP Desktop can secure POP, IMAP, SMTP, MAPI and Notes email traffic
• It will enforce its own policies • Or it can enforce PGP Universal Server mail policies
27
PGP Desktop
PGP Universal Server Messaging Proxy
• PGP Universal Server can encrypt, decrypt, sign and verify email
28
Email at Risk Email at Risk Email at Risk Email at Risk Email at Risk
Internet
PGP Universal™ Gateway Email Secures All Communications
PGP® Desktop Email
PGP Universal™
Web Messenger
PGP® PDF Messenger
PGP Universal™ Gateway Email
+
PGP Universal™ Server
Recipients’
Systems
Recipients’
Mail Server In Motion
PGP Universal™ Gateway Email
• Easy, automatic operation
– Email secured at gateway
– No client software or end user involvement
• Secure delivery options without client software
• PGP Universal Server management
– Enables automated, centrally deployed and managed policies, users, keys and configurations
– Corporate access to encrypted data
Gateway-based
Email Encryption
29 SEC108: Encryption Portfolio & Roadmap
Symantec Encryption tuoteperhe uudet nimet
PGP Universal Server = Encryption Management Server
Whole Disk Encryption = Drive Encryption
Netshare = File Share Encryption
PGP Universal Gateway Email = Gateway Email Encryption
PGP Desktop Email = Desktop Email Encryption
PGP Desktop = Encryption Desktop
Powered By PGP Technology
30