Adding value to your MS customers

Similar documents
SafeNet Securing Microsoft Solutions

Entrust Technical Integration Guide for Entrust Security Manager 7.1 SP3 and SafeNet Luna CA4

Thales e-security. Security Solutions. PosAm, 06th of May 2015 Robert Rüttgen

Who s Protecting Your Keys? August 2018

SafeNet ProtectApp APPLICATION-LEVEL ENCRYPTION

Security Solutions for Microsoft Applications

BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module

3 CERTIFICATION AUTHORITY KEY PROTECTION (HSMS)

Dyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof

On Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Axway Validation Authority Suite

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

PKI Credentialing Handbook

KeyOne. Certification Authority

The SafeNet Security System Version 3 Overview

Dyadic Security Enterprise Key Management

Providing Secure, Fast and Available

Certificate Enrollment- and Signing Services for the Cloud. A behind-the-scenes presentation of a successful cooperation between

PKI is Alive and Well: The Symantec Managed PKI Service

Why Gemalto with F5. Trust. Every day. Matija Mandarić, Presales Engineer, Veracomp. February 2017

Ultra Electronics AEP Networks Ltd Ultra Safe Keyper

VMware, SQL Server and Encrypting Private Data Townsend Security

Apple Inc. Certification Authority Certification Practice Statement

Venafi Platform. Architecture 1 Architecture Basic. Professional Services Venafi. All Rights Reserved.

MobilePASS. Security Features SOFTWARE AUTHENTICATION SOLUTIONS. Contents

SafeNet HSM solutions for secure virtual amd physical environments. Marko Bobinac SafeNet PreSales Engineer

VMware, SQL Server and Encrypting Private Data Townsend Security

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

Utimaco HSM Introduction JIPDEC Seminar June 2017

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations

Apple Inc. Certification Authority Certification Practice Statement

Security: The Key to Affordable Unmanned Aircraft Systems

Use Cases Oriented Portfolio. Marko Bobinac PreSales Engineer, Identity & Data Protection

HARDWARE SECURITY MODULES (HSMs)

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

Endpoint Protection with DigitalPersona Pro

Deployment Scenarios Microsoft TMG Standard, TMG Enterprise, TMG Branch Office series Appliances

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

Alliance Key Manager A Solution Brief for Technical Implementers

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013

UELMA Exploring Authentication Options Nov 4, 2011

HARDWARE SECURITY MODULES DEPLOYMENT STRATEGIES FOR ENTERPRISE SECURITY

The Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved.

The Smart Grid Security Innovation Alliance. John Reynolds October 26, 2011 Cambridge, Massachusetts

Comodo Certificate Manager. Centrally Managing Enterprise Security, Trust & Compliance

Certificate Enrollment for the Atlas Platform

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Echidna Concepts Guide

Getting to Grips with Public Key Infrastructure (PKI)

Protecting Keys/Secrets in Network Automation Solutions. Dhananjay Pavgi, Tech Mahindra Ltd Srinivasa Addepalli, Intel

RSA Validation Solution

Disk Encryption Buyers Guide

Certification Report

AS emas emudhra Authentication Solution

CloudHSM Deep-Dive. Dave Walker Specialised Solutions Architect Security/Compliance Amazon Web Services UK Ltd

Key Management in a System z Enterprise

XenApp 5 Security Standards and Deployment Scenarios

IBM Tivoli Directory Server

white paper SMS Authentication: 10 Things to Know Before You Buy

QuoVadis Trustlink Schweiz AG Teufenerstrasse 11, 9000 St. Gallen

THALES esecurity: SECURING YOUR DIGITAL TRANSFORMATION

Unstructured Data. Stored & Archived Data. Customers + Partners

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

The Password Authentication Paradigm In today s business world, security in general - and user authentication in particular - are critical components

Trusted Computing Group

Certification Authority

Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel

Venafi Server Agent Agent Overview

Architecture 1 3. SecureToken. 32-bit microprocessor smart chip. Support onboard RSA key pair generation. Built-in advanced cryptographic functions

White Paper. Deploying CKMS Within a Business

Apple Inc. Certification Authority Certification Practice Statement. Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA

Rethinking IoT Authentication & Authorization Models

TransKrypt Security Server

Virtual KeySecure for AWS

Redesigning PKI To Solve Revocation, Expiration, & Rotation Problems. Brian

THE THALES SECURITY WORLD ARCHITECTURE

Identity and Authentication PKI Portfolio

Security Requirements for Crypto Devices

nshield GENERAL PURPOSE HARDWARE SECURITY MODULES

Certification Report

Creating Trust in a Highly Mobile World

Busting the top 5 myths of cloud-based authentication

Choosing a Full Disk Encryption solution. A simple first step in preparing your business for GDPR

Bringing Core-Level Data Protection Solutions to the Tactical Field. January 2018

Why AWS CloudHSM Can Revolutionize AWS

Symantec Managed PKI Overview. v8.15

Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter

GLOBAL PKI TRENDS STUDY

Massively Parallel Hardware Security Platform

SecureDoc Disk Encryption Cryptographic Engine

TLS. RFC2246: The TLS Protocol. (c) A. Mariën -

Provisioning secure Identity for Microcontroller based IoT Devices

Secured by RSA Implementation Guide. Last Modified: August 2, 2013

Parallels Remote Application Server

Thales nshield Series

PAN-OS Integration with SafeNet Luna SA HSM Tech Note PAN-OS 6.0

FIPS Non-Proprietary Security Policy

Implementing Security in Windows 2003 Network (70-299)

M2M / IoT Security. Eurotech`s Everyware IoT Security Elements Overview. Robert Andres

Transcription:

Securing Microsoft

Adding value to your MS customers Authentication - Identity Protection Hardware Security Modules DataSecure - Encryption and Control Disc Encryption Offering the broadest range of authentication, from HW smartcard tokens to mobile phone auth all managed from a single platform Use your Tokens for MS Certificates Authentication to UAG and other MS Applications Ability to mix MS cert environments with OTP Fully integrated with AD for ease of use Proven customer base The fastest, most secure, and easiest to integrate application & transaction security solution for enterprise and government The market leader in enterprise-grade HSM Integrated with multiple Microsoft applications FIM, SharePoint, Scalable can be shared across applications FIPS 140-2 L3/CC EAL 4 Proven customer base World s first and only unified platform that delivers intelligent data protection and control for ALL information assets Integrated with Microsoft SQL Scalable with other Databases/mixed environments FIPS 140-2 L2 CC EAL Proven customer base SafeNet Disc encryption is fully integrated with Active Directory and ADAM Fully integrated with AD and ADAM Full disk and removable storage media encryption Pre-boot authentication; two-factor authentication support FIPS 140-2 validated; Common Criteria EAL4 Proven customer base REV 0.1 2

Microsoft HSM Integrations Microsoft OCSP Forefront Identity Manager (FIM) Threat Gateway Forefront Threat Gateway helps protect against malware and other threats SafeNet Products using Active Directory for Unified Access Gateway (UAG) securing Active Directory Certificate Services (PKI) MSSQL 2008 R2 Database Encryption SafeNet Luna SA provides SSL key management, key security and performance acceleration to the TMG server and its users Active Directory Rights Services (ADRMS) SharePoint

Microsoft HSM Integrations SafeNet Products using Active Directory for Microsoft OCSP Forefront Identity Manager (FIM) securing Threat Gateway Active Directory Certificate Services (PKI) Microsoft Certificate Services creates and manages public key certificates used within PKI environments. SafeNet Luna SA, Luna PCI and Luna CA4 provide root and subordinate key management and key protection Unified Access Gateway (UAG) MSSQL 2008 R2 Database Encryption SafeNet Authentication tokens protect end entity credentials Active Directory Rights Services (ADRMS) SharePoint

Microsoft HSM Integrations Microsoft OCSP Forefront Identity Manager (FIM) Threat Gateway Microsoft SQL Server offers a complete approach to managing, accessing and delivering information across an organisation SafeNet Products using Active Directory for Unified Access Gateway (UAG) securing Active Directory Certificate Services (PKI) MSSQL 2008 R2 Database Encryption SafeNet Luna SA, PCI and DataSecure protect MS SQL key material (TDE, EKM) and provide database encryption capabilities delivering separation of key material from the data, as well as enhanced key management Active Directory Rights Services (ADRMS) SharePoint

HSM = Hardware Security Module HSMs are High Security cryptographic Engines Value in the Name Hardware HSMs are Key Managers for high value processes/transactions HSMs come in 2 different key management design philosophies: Keys stored in hardware H Keys stored in software but moved around with a hardware based master key Benefits an HSM should provide: Trusted Key Lifecycle Audit No unknown copies of keys Trusted backup Cryptographic acceleration Offload Reduced dev time Easy APIs Significant Certifications savings Reduced Litigation exposure Scalability both for performance and redundancy

SafeNet HSMs are pre-integrated with the Following MS Applications: SQL (will be first to support SQL R2 New SQL enc book 2 SFNT HSM chapters) AD Certificate Services (CA) RMS OCSP IIS ISA FIM Authenticode OCS (office Communication Server) * All of these have SFNT Integrations guides available. Each integration is tested by SFNT Re-tested with each new version (SFNT MS)

Extensible Key Luna HSM achieves First EKM SQL Server 2008 R2 support Luna HSM Luna PCI Two form factors Luna SA network attached Luna PCI PCI Adapter SQL Server 2008 R2 DEK FIPS 140-2 Level 3 Validated Common Criteria EAL4+ Certified Client App Client App Encrypted Data Page EKM secure key storage and encryption processing Flexible options: Master Key, KEK, and DEK support

What s Extensible Key (EKM)? EKM is SQL Server 2008 R2 s interface to HSMs Provided by SFNT EKM API Works Easily with SQL EKM addresses the management challenge of key proliferation with Transparent Data Encryption (TDE) SFNT HSM enhances: Auditable Key of critical keys Separation of SQL admin access to critical keys Secure Hardware based backup of critical keys Offload from SQL server processing Performance of cryptographic operations Meets certification needs: PCI DSS FIPS Common Criteria

Microsoft HSM Integrations Microsoft OCSP Forefront Identity Manager (FIM) Threat Gateway Microsoft SharePoint enables users to connect and be empowered through formal and informal business communities SafeNet Products using Active Directory for securing Active Directory Certificate Services (PKI) SafeNet Luna SA provides SSL key management, key security and performance acceleration to the TMG server and its users Unified Access Gateway (UAG) Active Directory Rights Services (ADRMS) SharePoint MSSQL 2008 R2 Database Encryption SafeNet Authentication tokens enable two factor authentication to SharePoint

Microsoft HSM Integrations SafeNet Products using Active Directory for Unified Access Gateway (UAG) Microsoft OCSP Forefront Identity Manager (FIM) securing Threat Gateway Active Directory Certificate Services (PKI) MSSQL 2008 R2 Database Encryption Microsoft AD RMS provides information protection to files and other information, no matter where it goes. SafeNet Luna SA provides key management, key security and performance acceleration to the AD RMS server and its users Active Directory Rights Services (ADRMS) SharePoint

Microsoft HSM Integrations Luna HSM Active Directory Rights Services (ADRMS) RMS Server Certification Licensing Templates Active Directory Authentication Service Discovery Group Membership SQL Server Configuration data Logging Cache

Microsoft HSM Integrations Microsoft OCSP Forefront Identity Manager (FIM) Threat Gateway Microsoft Forefront Unified Access Gateway enables employees to gain seamless remote access to corporate applications and data SafeNet Products using Active Directory for Unified Access Gateway (UAG) Active Directory Rights Services (ADRMS) securing SharePoint Active Directory Certificate Services (PKI) MSSQL 2008 R2 Database Encryption SafeNet Authentication tokens enable two factor authentication to VPN services via OTP or Certificate based Authentication protected by FIPS and Common Criteria validated devices

Microsoft HSM Integrations Microsoft OCSP Forefront Identity Manager (FIM) Threat Gateway Microsoft Active Directory provides the means to manage the identities and relationships that make up an organisation's network SafeNet Products using Active Directory for securing Active Directory Certificate Services (PKI) SafeNet ProtectDrive leverages Active Directory management to deliver full disk encryption Unified Access Gateway (UAG) Active Directory Rights Services (ADRMS) SharePoint MSSQL 2008 R2 Database Encryption SafeNet Authentication tokens provide OTP and Certificate based Authentication integrated with Active Directory

Microsoft HSM Integrations Microsoft OCSP Forefront Identity Manager (FIM) Threat Gateway Microsoft OCSP provides real-time validation of a certificate s status SafeNet Products using Active Directory for Unified Access Gateway (UAG) securing Active Directory Certificate Services (PKI) MSSQL 2008 R2 Database Encryption SafeNet Luna SA and Luna PCI provide key management and key protection ensuring trust in the responses delivered by the OCSP service Active Directory Rights Services (ADRMS) SharePoint

Microsoft HSM Integrations SafeNet Products using Active Directory for Unified Access Gateway (UAG) Microsoft OCSP Active Directory Rights Services (ADRMS) Forefront Identity Manager (FIM) securing SharePoint Threat Gateway Active Directory Certificate Services (PKI) MSSQL 2008 R2 Database Encryption Microsoft Forefront Identity Manager Certificate provides registration authority and certificate management to users and devices SafeNet Luna SA provides key storage and security for the agent private keys, global platform master keys and related Certificate Authority keys used with a FIM CM deployment

Solution Briefs

Microsoft Integration Guide Examples

An Introduction to HSMs HSM Hardware Security Module A HSM is a collection of algorithms, secure key storage, accelerators, key management all inside a tamper resistant unit it s like a box of cryptographic Lego how you put the elements together determines what the HSM does

An Introduction to HSMs Security Sensitive What cryptographic is a HSM, keys and processes Why are use stored, one? managed and protected by dedicated hardware Performance Processing bottlenecks are eliminated with hardware cryptographic acceleration Auditability Dedicated hardware provides a clear audit trail for all key materials

Why Secure Your Keys? HSMs protect against Internal and External attacks HSMs protect against keys being made vulnerable from system crashes HSMs protect against keys being made vulnerable from Viruses or Trojans HSMs limit, control and protect backups

Why Secure Your Keys?

Why Secure Your Keys?

Why Secure Your Keys? Experts know the consequences of root-key vulnerabilities All the trust in a CA relies on the fact that it and only it can apply such a signature and that no one else can imitate it. If the CA signing key was to be compromised, all certificates issued by this CA could no longer be trusted, causing the CA to revoke and re-issue certificates under a new signature. This would destroy the trust in the PKI to such a point that subscribers might not want to do business with the CA from then on. (Gord Ireland, Information Technology Services, Bank of Canada)

Why Secure Your Keys?

Why Secure Your Keys?

Why Secure Your Keys? Offers functionality not always available in software-based applications such as 2-factor authentication, Key Generation and Disposal, Key Recovery, Secure Key Distribution, Key Rotation Separates data from key storage delivering an additional level of protection through the physical separation of keys and data

Why Secure Your Keys? Higher performance for hardware-based cryptographic operation Centralized Key and Cryptographic Operation allows the consolidation and simplification of encryption and cryptographic data with centralised key management across the enterprise

Why Secure Your Keys? Best Practice http://www.safenet-inc.com/library/

Luna Product Overview Application Java CAPI, CNG OpenSSL Driver PKCS 11 TLS Win, Sun, Linux, AIX, HP-UX HSMs use Application Programming Interfaces (APIs) for communication these are a standard collection of calls and commands that are interpreted by any given HSM or other device that support them

Luna Product Overview Luna SA Luna PCI Luna CA4 High assurance enterprise-grade HSM 5,500+ ops/s Certifications: FIPS 140-2 Level 3, CC EAL 4+ Full platform support Secure remote administration 10/100 Ethernet interface Extensive algorithm support Supports partitioning Hardware secured remote administration Fast, high-assurance PCI HSM card for hardware key management and crypto acceleration 7,000 ops/s PCI, PCIe form factors FIPS 140-2 Level 3 Supports two-factor trusted path authentication Extensive Algorithm support Root key HSM for true hardware key management FIPS 140-2 Level 3 certified Extensive algorithm support Supports two-factor trusted path authentication Supports common certificate authorities (Microsoft, Entrust, VeriSign, RSA, etc.)

Luna SA, network attached HSM The Luna SA is an Ethernet attached HSM designed to protect critical cryptographic keys and accelerate sensitive cryptographic operations across a wide range of security applications

Luna SA, network attached HSM

Luna SA, network attached HSM The Remote Luna PED SA provides offers full built-in PED functionality High Availability, at remote Key Synchronisation administration workstation, and Redundancy allowing features the deployment with automated of a 'factory reintroduction default' HSM and of the failed ability unitsto remotely initialise it thereby not giving up control of devices to data centre employees Application Servers Load balanced on or off-site devices Remote PED and Remote Administration

Luna SA, network attached HSM

Luna PCI, internal HSM FAST Luna PCI 3000 & 7000 Up to 7000 transactions per second SECURE Keys in hardware PW Auth or PED Auth FIPS 140-2 validated EASY Simple to integrate and deploy

Luna CA4, internal HSM SECURE Keys in hardware FIPS 140-2 validated Under validation to CC EAL 4+ EASY Simple to integrate and deploy with the Luna DOCK II USBattached reader CONVENIENT Removable, easily securable form factor

Luna SA & Luna CA4 PKI Bundle

Hardware Secured Key Best Practice Hardware-Secured Key Generation Keys must be generated on a secure key management Hardware-Secured Key Storage Best Practice: The Key must always be stored on a secure HSM Hardware-Secured Key Backup Best Practice: When Private Keys are backed up, they must be backed up directly to another identical security device Hardware-Secured Digital Signing Best Practice: All certificate signing operations must be performed exclusively within the HSM http://www.safenet-inc.com/library/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback