Products and Services Overview
Blue Ridge Networks / Cominfo Systems
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
Teaming
• Cominfo and Blue Ridge Networks signed Teaming agreement to serve Pakistan’s market
• Cominfo is a exclusive product and service provider of Blue Ridge Networks in Pakistan
• Combination of exceptional product line and outstanding service brought two companies together
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
Benefits of Teaming
• Local Urdu and English speaking technical support
• Local workforce available to visit client sites fortraining and support
• Immediate product implementation and replacement
• No middleman and markups
• Office expansions are scheduled for Lahore Islamabad, Rawalpindi, and Dubai
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
04/20/23 4
What we doBorderGuard Virtual Private Networks EdgeGuard End Point Security
Site to Site
Remote Access
Specialized VPN Applications
Trusted Configuration Management
Scan and Block
Flexible Authentication Service
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
04/20/23 5
Markets Served
• Banking• Finance • Government• Health Care• Legal• Transportation• 250+ total customers in
37 countries.
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
04/20/23 6
Differentiated Solutions
• Secure Mobile Computing– Remote Access with PKI Authentication– Endpoint Security Enforcement– Nomadic Secure IP Voice, Video, Data
• Secure Central Management– Service Provider Model– Low Cost, Rapid Deployment– Carrier and Media Agnostic Global Reach
• Ease of Use Without Security Compromise– Enterprise Scale Hardware and Software Systems
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
04/20/23 7
• BorderGuard™ 5000/6000 VPN Appliances
– Multiple models span mid-range market– Up to 2.2 Gbps AES256 packet encryption– Up to 24,000 simultaneous connections– RSA public-key authentication built-in
FIPS 140-2 certified Common Criteria , EAL2, EAL4+ (in evaluation)
• RemoteLink™• Rapid deployment and mobility features• Supports mobile security for voice, video, data applications• Protocol agnostic• Embedded PKI for strong authentication• Transparent to end-user
Secure Networking Product Portfolio
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
04/20/23 8
• Management Console– Headless, plug-and-play central management appliance– Easy to use browser-based interaction from any PC– Manages high assurance VPNs
• Site-to-site• Remote access
– Granular administrator role-based administration– Ideal for Unified PKI authentication and full integration with
client’s Active Directory – Instant user revocation with Red List– Detailed audit collection for better management and reporting
• Remote Access Client Software– Windows 2000, XP, XP embedded, Vista and PocketPC– Supports seamless wireless roaming with persistent secure
connection– Easy to install and easy to use– Optimized for X.509 cert based authentication and smartcards
Secure Networking Product Portfolio
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
04/20/23 9
SessionInitializationParameters
Encryption Level AEncryption Level BEncryption Level B
BorderGuardPublic Key
ClientPrivate Key
BorderGuardPublic Key
ClientPrivate Key
High Assurance Security
01001010 01101101 00101001045311 1001101001010 01101101 001010010110101 10100
100110
Privacy
Audit
Integrity
Authorization
Authentication
PKI
Privacy
Audit
Integrity
Authorization
Authentication
PKI
Mutual Mandatory AuthenticationSE IKE
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
04/20/23 10
Usability – Active Directory Integration
Log Server
Policy Server
Remote Access
Enterprise
Untrusted Network
Untrusted Network
CRL
OCSP
Active Directory
Using a Common Access Card (CAC) or a Personal Identity Verification (PIV) card, a secure tunnel request is made to BorderGuard VPN appliance
Management Console queries CRL servers for cert path discovery and validation
Management Console queries OCSP responders for cert validation
The Management Console’s Red or Green List allows administrators to block access for any reason
The user authenticates to Active Directory using an end-to-end cryptographic process
No intermediary servers, no additional network access policy data required
** User’s network access is limited until successful Active Directory authentication occurs
Flexible Authentication
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
04/20/23 11
RemoteLink
Secure Remote Office
• VoIP
• Secure Thin Clients
• Non-Window Devices
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
04/20/23 12
RemoteLink
RemoteLink™
Mobile
Dynamic configuration via portable token
Software and OS independent
Supports any Ethernet attached devices
Robust protection of user devices
Simple and effective redundancy and scalability
Transparent to end-user applications
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
04/20/23 13
Secure Virtual Ethernet Service
• Any-to-any, full mesh, enterprise connectivity• 100% end-to-end security• Unicast and Multicast• Any wired or wireless networks;
– DSL, Cable Modem, T1, etc.– Cell wireless, satellite, WiMax
• Any Data applications and Protocols• Any VoIP applications• Any IP Video applications• Anywhere on the globe
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
04/20/23 14
SVES Deployment
Regional Office
Branch OfficeRemote workstation
EnterpriseHQ
SVES creates a complete end to end private and secure network on the global Internet.
Internet
Enterprise
Remote workstation
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
04/20/23 15
Secure IntranetsLogical Full MeshLogical Full Mesh Among All Sites Among All Sites
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
04/20/23 16
Secure Extranets
Only Only connectivity connectivity
to/fromto/fromcentral site central site resourcesresources
No connectivity among remote sitesNo connectivity among remote sites
Trusted Framework forPolicy Enforcement, Admission Control, and Complianceof Microsoft Windows Fixed and Mobile Workstations
EdgeGuard™
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
04/20/23 18
EdgeGuard Security Framework
EdgeGuard Management SystemM
alw
are
Pro
tect
ion
EdgeGuard Agent Security Framework
NA
P /
NA
C
App
licat
ion
3
App
licat
ion
N
The EdgeGuard Security Framework enables multiple
applications
Trust System
NetLockRegistryLockFileLock OPSWAT
Stateful Workflow ControlProcessLock
TPM
Server Application:Windows Server 2003SQL Server 2005
Client Application:Windows XP SP2Windows Vista
Near real-time visibility and
manageability
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
04/20/23 19
Example EdgeGuard Applications
• NAP/NAC– EGA provides Posture Assessment for client systems– Continuous assessment, enforcement and remediation off-net
• Enhanced Policy Enforcement for Endpoints– Application Control– Red List – unstartable applications– Green List – unstoppable applications
• Trusted Enclaves for Process Containment– TEs may contain User Apps and System Services– Highly effective defense against malware– Not HIPS
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
04/20/23 20
EdgeGuard Deployment
Log Retrieval Server
Policy Distribution ServerRemote workstation
Enterprise EdgeGuard allows continuous Posture Assessment through signed policy files and signed audit logs
Untrusted Network
EdgeGuardManagementConsole
Disk Encryption On
Service Pack Updated
Personal Firewall On
DAT File Updated
Anti-Virus On
StatusEdgeGuard Policy
Remediation Site
Disk Encryption On
Service Pack Updated
Personal Firewall On
DAT File Updated
Anti-Virus On
StatusEdgeGuard Policy
EdgeGuard Agent
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
04/20/23 21
Policy Examples• End-point Security Management
– Ensures that third-party security products like anti-virus, personal firewall, disk encryption, etc. are executing and have up to date policy.
– Provides quarantined access for remediation like anti-virus update or patch management.
– Prevents Red-listed programs from executing.– Ensures that Green-listed programs are executing.– Provides trusted push of scripts and executables for zero-day attack remediation.
• Trusted Configuration Management– Protects selected registry hives from alteration.– Prevents alteration of specified DLLs or data files.
• Device Management and Access Control– Enforces which network interfaces may be used and in which networks.– Controls what networks or hosts may be accessed and from where.– May be used to limit the use of writable storage media such as USB storage devices or
CD-Ws.• Authentication Management
– Ensures that the client system has successfully authenticated to specified enterprise systems like Active Directory prior to allowing network access.
– Can enforce arbitrary pre and post connection authentication chains.
Note: Any policy can be conditioned upon “location”.
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
Point of Contacts
Country Manager
Zhahid Mushtaq Richard Gurdak
Email [email protected] [email protected]
Phone 453 5955 703.631.0700
Web www.cominfosystems.com www.blueridgenetworks.com
Address Anum Classics Mezzanine Floor Shahrahe Faisal Karachi
14120 Parke Long Court, Suite 103 Chantilly, Virginia 20151
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
04/20/23 23
Thank You