SlideShare a Scribd company logo

e-Xpert Gate / Reverse Proxy - WAF 1ere génération

Download as PPT, PDF
Sylvain Maret, profile picture
Sylvain Maret

The document discusses e-Xpert Gate, a web-based secure access solution that allows users to access internal applications from any device with a web browser. It provides strong authentication using RSA SecurID or SSL client certificates to securely access intranet resources through a firewall. The solution uses SSL/TLS to encrypt traffic and authenticate users, preventing direct unsecured access to internal servers and networks.

Technology
1 of 37
Downloaded 19 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
e-Xpert Gate e-Xpert Solutions SA [email_address] 2 mars 2001
e-Xpert Gate ? Access your applications from everywhere with strong confidentiality and authentication
About your need Access internal information from everywhere Access information with high security No specific client software Simple to use No dedicated station Cost effective solution
Solution ? Use your favorite browser
Why my browser ? Very good « footprint » Standard sofware client Free Very good level of security (with SSL) PKI enabled application
But how to solve security issue ? Web-based Internal Resources What should I do ? Firewall Dmz Browser
Direct access with http or https ? Firewall Dmz Browser Web-based Internal Resources Why not ?
Direct access drawback Direct access using HTTP Clear traffic (password and content snifing) No authentication No data integrity Direct access to internal content servers Permit attacks DoS Direct access to internal networks Permit to access other resources if server compromised
Secure access with e-Xpert Gate Firewall Dmz Browser Web-based Internal Resources E-Xpert Gate SSL
Secure access thrue e-Xpert Gate Use SSL technology (PKI) Provide authentication (server and client) Provide confidentiality Provide data integrity No direct access to internal ressources URL content checking and blocking Permit content analysis with IDS system
Reverse Proxy Technology Server within a firewall The proxy server appears to be the content server A client computer on the Internet sends a request to the proxy server Firewall CACHE The proxy server uses a regular mapping to forward the client request to the internal content server You can configure the firewall router to allow a specific server on a specific port (in this case, the proxy on its assigned port) to have access through the firewall without allowing any other machine in or out. https (SSL) http or https
SSL/TLS Technology S ecure S ockets L ayer TCP/IP socket encryption Provides end-to-end protection of communications sections Confidentiality protection via encryption Integrity protection with MAC’s Can authenticate client (option)
SSL/TLS Technology The SSL protocol runs above TCP/IP The SSL protocol runs below higher-level protocols such as HTTP or IMAP
Applications that use SSL or TLS e- C ommerce – orders – e-Banking protects contents of forms sent to server protects sensitive personal data provides authentication Secure web-based intranet access ensures secure transmission of confidential content provides authentication Etc.
SSL/TLS history SSL v1 designed by Netscape in 1994 SSL v2 shipped with Navigator 1.0 and 2.0 SSL v3 latest version TLS v1 developed by IETF aka SSL v3.1
About authentication ? Your business is on the line. But do you really know who’s on the other end?
Two-factor User Authentication
One-Factor User Authentication Drawback Users choose weak password Easy to guess (Brute force, dictionary) Easy to use a key logger or sniffer Learn password by « Social Engineering »
e-Xpert Gate’s Authentication method Native RSA SecurID authentication SSL Client authentication (PKI) Certificate store on SmartCard or iKey Certificate store on a file External authentication with firewall Radius, Tacacs, Ldap Basic HTTP authentication* * Method not recommended
RSA SecurID implementation Dmz Web-based Internal Resources E-Xpert Gate
RSA tokens
How it works ? Seed Time 482392 ACE/Server Token Algorithm Seed Time 482392 Algorithm Same Seed Same Time
SecurID exemple
SSL client authentication implementation Dmz Web-based Internal Resources PKI architecture Client X509 Certificate E-Xpert Gate
What is a certificate
X509 Authentication Uses SSL client X.509 certificate Provides strong authentication (“something you have, something you know”) Requires a Certificate authority (Public or Private) Certificate can be stored on local host or on smart card or IKey
Client side authentication Web Client Web Server Challenge Client Certificate Request Challenge answer Client Certificate
How secure is the private key ? How does the user get access? Where is it stored? Smart Card PIN Password Local Browser store Private key
SmartCard and iKey Provides strong authentication (protect the private key) Serial, PCMCIA, USB Requires smart card reader...
e-Xpert Gate Applications Consults Email system like Microsoft Exchange, Lotus, Netscape, etc… Accesses Intranet applications E-Banking solution (front-end) Extranet applications with partners Etc.
Lotus access with e-Xpert Gate
Outlook Web Access
e-Xpert Gate ’s key features Authentication method RSA SecurID SSL client authentication Basic HTTP External authentication with firewall PKI enabled application Support Revocation CRL Ldap
e-Xpert Gate ’s key features Security protocols SSL version 2.0, 3.0 TLS version 1.0 Ciphers and Algorithms Key exchange: RSA Symmetric ciphers: DES 56, 3DES 168, RC4, RC2, IDEA 128 Hashes: MD5, SHA-1
e-Xpert Gate ’s key features Fully supports Verisign Global Server IDs (128 bits for every browser) Supports hardware cryptographic accelerators Rainbow
e-Xpert Gate ’s key features Secure OS (Linux or Solaris) FIA with Tripwire Management with SSH server Secure file transfer with SSH Syslog messages Appliance solution IBM Sun Microsystems
Questions ?

More Related Content

PPT
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Sylvain Maret
 
PPTX
Let's get started with passwordless authentication using windows hello in you...
Chris Ryu
 
PPT
X 509 Certificates How And Why In Vb.Net
Puneet Arora
 
PDF
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
DigiCert, Inc.
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PPT
Implementing Public-Key-Infrastructures
Oliver Pfaff
 
PPTX
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
kieranjacobsen
 
PPTX
Certificate pinning in android applications
Arash Ramez
 
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Sylvain Maret
 
Let's get started with passwordless authentication using windows hello in you...
Chris Ryu
 
X 509 Certificates How And Why In Vb.Net
Puneet Arora
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
DigiCert, Inc.
 
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Implementing Public-Key-Infrastructures
Oliver Pfaff
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
kieranjacobsen
 
Certificate pinning in android applications
Arash Ramez
 

What's hot (20)

PPTX
How to do right cryptography in android part 3 / Gated Authentication reviewed
Arash Ramez
 
PPTX
Flak+technologies
Tatyana Kobets
 
DOC
Certification authority
proser tech
 
PPTX
How to do Cryptography right in Android Part One
Arash Ramez
 
PPTX
The Rise of Secrets Management
Akeyless
 
PDF
Authentication techniques
IGZ Software house
 
PPTX
Transport Layer Security (TLS)
Arun Shukla
 
PPT
PKI by Gene Itkis
Information Security Awareness Group
 
PPTX
How to do Cryptography right in Android Part Two
Arash Ramez
 
PDF
020618 Why Do we Need HTTPS
Jackio Kwok
 
PPTX
Final ppt ecommerce
priyanka Garg
 
PPTX
public key infrastructure
vimal kumar
 
PPTX
Public key infrastructure
Aditya Nama
 
PDF
PKI Industry growth in Bangladesh
Bangladesh Network Operators Group
 
PPT
Ch12 Cryptographic Protocols and Public Key Infrastructure
Information Technology
 
PPT
PKI and Applications
Svetlin Nakov
 
PPT
PKI by Tim Polk
Information Security Awareness Group
 
PPTX
x.509-Directory Authentication Service
Swathy T
 
PDF
Federated Identity for IoT with OAuth2
Paul Fremantle
 
PDF
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
How to do right cryptography in android part 3 / Gated Authentication reviewed
Arash Ramez
 
Flak+technologies
Tatyana Kobets
 
Certification authority
proser tech
 
How to do Cryptography right in Android Part One
Arash Ramez
 
The Rise of Secrets Management
Akeyless
 
Authentication techniques
IGZ Software house
 
Transport Layer Security (TLS)
Arun Shukla
 
PKI by Gene Itkis
Information Security Awareness Group
 
How to do Cryptography right in Android Part Two
Arash Ramez
 
020618 Why Do we Need HTTPS
Jackio Kwok
 
Final ppt ecommerce
priyanka Garg
 
public key infrastructure
vimal kumar
 
Public key infrastructure
Aditya Nama
 
PKI Industry growth in Bangladesh
Bangladesh Network Operators Group
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Information Technology
 
PKI and Applications
Svetlin Nakov
 
PKI by Tim Polk
Information Security Awareness Group
 
x.509-Directory Authentication Service
Swathy T
 
Federated Identity for IoT with OAuth2
Paul Fremantle
 
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
Ad

Viewers also liked (8)

PDF
Xpert- MTB-RIF Data _Biman
Biman Dey
 
PPTX
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...
Amol Patil
 
PPTX
molecular detection of tuberculosis and rifampin resistance.
Khaled AlKhodari
 
PPTX
Tuberculosis Diagnosis
Harshad Deshpande
 
PPT
Cbnaat ppt by Dr. Samrat Abhishek
Samrat Abhishek
 
PPTX
RECENT ADVANCES IN DIAGNOSIS OF TUBERCULOSIS
ANGAN KARMAKAR
 
PPTX
Xpert MTB/RIF Ultra newer technology past to future DIAGNOSIS OF TUBERCULOSIS
Society for Microbiology and Infection care
 
PPTX
Lpa and Genexpert/CBNAAT/Xpert MTB/Rif
Kalai Arasan
 
Xpert- MTB-RIF Data _Biman
Biman Dey
 
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...
Amol Patil
 
molecular detection of tuberculosis and rifampin resistance.
Khaled AlKhodari
 
Tuberculosis Diagnosis
Harshad Deshpande
 
Cbnaat ppt by Dr. Samrat Abhishek
Samrat Abhishek
 
RECENT ADVANCES IN DIAGNOSIS OF TUBERCULOSIS
ANGAN KARMAKAR
 
Xpert MTB/RIF Ultra newer technology past to future DIAGNOSIS OF TUBERCULOSIS
Society for Microbiology and Infection care
 
Lpa and Genexpert/CBNAAT/Xpert MTB/Rif
Kalai Arasan
 
Ad

Similar to e-Xpert Gate / Reverse Proxy - WAF 1ere génération (20)

PDF
Ssl tls-beginners-guide
JosephLamineDIALLO
 
PDF
Implementing Application Security
Information Technology
 
PPTX
Internet security
Tapan Khilar
 
PPT
Security
majstors
 
PPT
Web security
Muhammad Usman
 
PPTX
Ssl Vpn presentation at CoolTech club
iplotnikov
 
ODP
Lotusphere 2011 SHOW104
WorkFlowStudios
 
PPTX
Secure socket layer
BU
 
PPTX
Ecommerce final ppt
priyanka Garg
 
PPT
Unit08
Nurul Nadirah
 
PPTX
Internet .ppt
Trust Odia
 
PPT
Introduction to Secure Sockets Layer
Nascenia IT
 
PDF
BAIT1103 Chapter 4
limsh
 
PDF
How to Gain Visibility into Encrypted Threats
Shain Singh
 
PPT
SSL.ppt
TXCDHRUV
 
PPSX
Secure electronic transaction
Nishant Pahad
 
PPTX
Information Security Engineering
Md. Hasan Basri (Angel)
 
PPT
Introduction to distributed security concepts and public key infrastructure m...
Information Security Awareness Group
 
PPT
Ssl Https Server
Ram Srivastava
 
ODP
Inro to Secure Sockets Layer: SSL
Dipankar Achinta
 
Ssl tls-beginners-guide
JosephLamineDIALLO
 
Implementing Application Security
Information Technology
 
Internet security
Tapan Khilar
 
Security
majstors
 
Web security
Muhammad Usman
 
Ssl Vpn presentation at CoolTech club
iplotnikov
 
Lotusphere 2011 SHOW104
WorkFlowStudios
 
Secure socket layer
BU
 
Ecommerce final ppt
priyanka Garg
 
Unit08
Nurul Nadirah
 
Internet .ppt
Trust Odia
 
Introduction to Secure Sockets Layer
Nascenia IT
 
BAIT1103 Chapter 4
limsh
 
How to Gain Visibility into Encrypted Threats
Shain Singh
 
SSL.ppt
TXCDHRUV
 
Secure electronic transaction
Nishant Pahad
 
Information Security Engineering
Md. Hasan Basri (Angel)
 
Introduction to distributed security concepts and public key infrastructure m...
Information Security Awareness Group
 
Ssl Https Server
Ram Srivastava
 
Inro to Secure Sockets Layer: SSL
Dipankar Achinta
 

More from Sylvain Maret (20)

PDF
Air Navigation Service Providers - Unsecurity on Voice over IP Radion
Sylvain Maret
 
PDF
factsheet_4g_critical_comm_en_vl
Sylvain Maret
 
PDF
INA Volume 1/3 Version 1.02 Released / Digital Identity and Authentication
Sylvain Maret
 
PDF
INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication
Sylvain Maret
 
PDF
INA Volume 1/3 Version 1.0 RC / Digital Identity and Authentication
Sylvain Maret
 
PDF
Securite des Web Services (SOAP vs REST) / OWASP Geneva dec. 2012
Sylvain Maret
 
PDF
Strong Authentication State of the Art 2012 / Sarajevo CSO
Sylvain Maret
 
PDF
ASFWS 2012 / Initiation à la sécurité des Web Services par Sylvain Maret
Sylvain Maret
 
PDF
Threat Modeling / iPad
Sylvain Maret
 
PDF
Strong Authentication in Web Application #SCS III
Sylvain Maret
 
PDF
Strong Authentication in Web Applications: State of the Art 2011
Sylvain Maret
 
PDF
Strong Authentication in Web Application / ConFoo.ca 2011
Sylvain Maret
 
PPT
Authentication and strong authentication for Web Application
Sylvain Maret
 
PDF
Geneva Application Security Forum 2010
Sylvain Maret
 
PDF
Final conclusions of Working Group 3 at Workshop Münchenwiler 20-21 of May 20...
Sylvain Maret
 
PPTX
Comment protéger de façon efficace son/ses identité(s) numérique(s) sur le We...
Sylvain Maret
 
PPTX
Digital identity trust & confidence
Sylvain Maret
 
PDF
Implementation of a Biometric Solution Providing Strong Authentication To Gai...
Sylvain Maret
 
PDF
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Sylvain Maret
 
PDF
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Sylvain Maret
 
Air Navigation Service Providers - Unsecurity on Voice over IP Radion
Sylvain Maret
 
factsheet_4g_critical_comm_en_vl
Sylvain Maret
 
INA Volume 1/3 Version 1.02 Released / Digital Identity and Authentication
Sylvain Maret
 
INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication
Sylvain Maret
 
INA Volume 1/3 Version 1.0 RC / Digital Identity and Authentication
Sylvain Maret
 
Securite des Web Services (SOAP vs REST) / OWASP Geneva dec. 2012
Sylvain Maret
 
Strong Authentication State of the Art 2012 / Sarajevo CSO
Sylvain Maret
 
ASFWS 2012 / Initiation à la sécurité des Web Services par Sylvain Maret
Sylvain Maret
 
Threat Modeling / iPad
Sylvain Maret
 
Strong Authentication in Web Application #SCS III
Sylvain Maret
 
Strong Authentication in Web Applications: State of the Art 2011
Sylvain Maret
 
Strong Authentication in Web Application / ConFoo.ca 2011
Sylvain Maret
 
Authentication and strong authentication for Web Application
Sylvain Maret
 
Geneva Application Security Forum 2010
Sylvain Maret
 
Final conclusions of Working Group 3 at Workshop Münchenwiler 20-21 of May 20...
Sylvain Maret
 
Comment protéger de façon efficace son/ses identité(s) numérique(s) sur le We...
Sylvain Maret
 
Digital identity trust & confidence
Sylvain Maret
 
Implementation of a Biometric Solution Providing Strong Authentication To Gai...
Sylvain Maret
 
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Sylvain Maret
 
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Sylvain Maret
 

Recently uploaded (20)

PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Encapsulation theory and applications.pdf
gurumoop
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
A Presentation on Artificial Intelligence
memembruh336
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 

e-Xpert Gate / Reverse Proxy - WAF 1ere génération

  • 1. e-Xpert Gate e-Xpert Solutions SA [email_address] 2 mars 2001
  • 2. e-Xpert Gate ? Access your applications from everywhere with strong confidentiality and authentication
  • 3. About your need Access internal information from everywhere Access information with high security No specific client software Simple to use No dedicated station Cost effective solution
  • 4. Solution ? Use your favorite browser
  • 5. Why my browser ? Very good « footprint » Standard sofware client Free Very good level of security (with SSL) PKI enabled application
  • 6. But how to solve security issue ? Web-based Internal Resources What should I do ? Firewall Dmz Browser
  • 7. Direct access with http or https ? Firewall Dmz Browser Web-based Internal Resources Why not ?
  • 8. Direct access drawback Direct access using HTTP Clear traffic (password and content snifing) No authentication No data integrity Direct access to internal content servers Permit attacks DoS Direct access to internal networks Permit to access other resources if server compromised
  • 9. Secure access with e-Xpert Gate Firewall Dmz Browser Web-based Internal Resources E-Xpert Gate SSL
  • 10. Secure access thrue e-Xpert Gate Use SSL technology (PKI) Provide authentication (server and client) Provide confidentiality Provide data integrity No direct access to internal ressources URL content checking and blocking Permit content analysis with IDS system
  • 11. Reverse Proxy Technology Server within a firewall The proxy server appears to be the content server A client computer on the Internet sends a request to the proxy server Firewall CACHE The proxy server uses a regular mapping to forward the client request to the internal content server You can configure the firewall router to allow a specific server on a specific port (in this case, the proxy on its assigned port) to have access through the firewall without allowing any other machine in or out. https (SSL) http or https
  • 12. SSL/TLS Technology S ecure S ockets L ayer TCP/IP socket encryption Provides end-to-end protection of communications sections Confidentiality protection via encryption Integrity protection with MAC’s Can authenticate client (option)
  • 13. SSL/TLS Technology The SSL protocol runs above TCP/IP The SSL protocol runs below higher-level protocols such as HTTP or IMAP
  • 14. Applications that use SSL or TLS e- C ommerce – orders – e-Banking protects contents of forms sent to server protects sensitive personal data provides authentication Secure web-based intranet access ensures secure transmission of confidential content provides authentication Etc.
  • 15. SSL/TLS history SSL v1 designed by Netscape in 1994 SSL v2 shipped with Navigator 1.0 and 2.0 SSL v3 latest version TLS v1 developed by IETF aka SSL v3.1
  • 16. About authentication ? Your business is on the line. But do you really know who’s on the other end?
  • 18. One-Factor User Authentication Drawback Users choose weak password Easy to guess (Brute force, dictionary) Easy to use a key logger or sniffer Learn password by « Social Engineering »
  • 19. e-Xpert Gate’s Authentication method Native RSA SecurID authentication SSL Client authentication (PKI) Certificate store on SmartCard or iKey Certificate store on a file External authentication with firewall Radius, Tacacs, Ldap Basic HTTP authentication* * Method not recommended
  • 20. RSA SecurID implementation Dmz Web-based Internal Resources E-Xpert Gate
  • 22. How it works ? Seed Time 482392 ACE/Server Token Algorithm Seed Time 482392 Algorithm Same Seed Same Time
  • 24. SSL client authentication implementation Dmz Web-based Internal Resources PKI architecture Client X509 Certificate E-Xpert Gate
  • 25. What is a certificate
  • 26. X509 Authentication Uses SSL client X.509 certificate Provides strong authentication (“something you have, something you know”) Requires a Certificate authority (Public or Private) Certificate can be stored on local host or on smart card or IKey
  • 27. Client side authentication Web Client Web Server Challenge Client Certificate Request Challenge answer Client Certificate
  • 28. How secure is the private key ? How does the user get access? Where is it stored? Smart Card PIN Password Local Browser store Private key
  • 29. SmartCard and iKey Provides strong authentication (protect the private key) Serial, PCMCIA, USB Requires smart card reader...
  • 30. e-Xpert Gate Applications Consults Email system like Microsoft Exchange, Lotus, Netscape, etc… Accesses Intranet applications E-Banking solution (front-end) Extranet applications with partners Etc.
  • 31. Lotus access with e-Xpert Gate
  • 33. e-Xpert Gate ’s key features Authentication method RSA SecurID SSL client authentication Basic HTTP External authentication with firewall PKI enabled application Support Revocation CRL Ldap
  • 34. e-Xpert Gate ’s key features Security protocols SSL version 2.0, 3.0 TLS version 1.0 Ciphers and Algorithms Key exchange: RSA Symmetric ciphers: DES 56, 3DES 168, RC4, RC2, IDEA 128 Hashes: MD5, SHA-1
  • 35. e-Xpert Gate ’s key features Fully supports Verisign Global Server IDs (128 bits for every browser) Supports hardware cryptographic accelerators Rainbow
  • 36. e-Xpert Gate ’s key features Secure OS (Linux or Solaris) FIA with Tripwire Management with SSH server Secure file transfer with SSH Syslog messages Appliance solution IBM Sun Microsystems