Company Overview

1
Company Overview
Scott Fortino Corporate Sales Manager Secure
Computing Corporation
2
Secure Computing CorporationSCUR on the NASDAQ

• Spin-off of Honeywell in 1989
• Pioneered operating system security through
  contracts with NSA and DARPA
• Developed Type Enforcement as a mechanism to
  enforce mandatory access control of Operating
  System components
• Helped develop Orange Book rating system
• Developed first security gateway used to connect
  secret and classified networks
• Pioneered two-factor strong authentication
• First to ship a commercially supported RADIUS
  server
• Introduced and patented Event Synchronous
  protocol for Strong Authentication
• Pioneered URL Filtering
• First URL filter on the market
• OEMd our Control List to other vendors
• Continue to be involved in advanced security
  research for US Government

3
Technical Customer Support
24 x 7 Live Answer Support 24 x 7 Email
Support Web Knowledge Base Email Subscription
Service Patches Upgrades Patch Notifications
via Email
SOURCE http//www.securecomputing.com/index.cfm?
sKey832
4
Authentication Access Controlwith

• Scott Fortino
• Corporate Sales Manager
• Secure Computing Corporation

5
The Problem

• Determining the Actual Identity of an
  Individual, and that Individuals Relationship to
  the Organization
• Opening Our Networks To The Outside
• VPN
• Citrix
• Web Applications
• Wireless Networks
• Sensitive Systems
• Dial-In

On the Internet, no-one knows youre a dog
6
4 Ways To Authenticate

• Something You KNOW
• Fixed Password
• User Name
• Something You HAVE
• One-Time Password Token
• Digital Certificate / Smart Card
• Something You ARE
• Thumb Print
• Retinal Scan
• Location
• Home PC
• PDA

7
Managing Multiple Access Points
8
SafeWord PremierAccess

• Allows you to
• Manage all your access points with a single
  product
• Choose the right authenticators for your security
  needs
• Control who can go where with role-based
  authorization
• Provide a Single Sign-On to multiple web
  applications
• Install a system that is manageable and easy to
  deploy

9
Who uses PremierAccess?
Authenticate 60,000 remote users, suppliers and
business partners.
Secure remote access for over 50,000 users
Authenticate 400B in cash transactions daily for
more than 1M users
Authenticate all 20,000 SUN employees to Sun WAN
from any location using multiple access methods.
Authenticate 25,000 dial-in users
via CHAP (encrypted) passwords.
Secure remote access for 30,000 users.
10
What theyre saying about PremierAccess
Spotlight on Top Security Product
The Achilles' heel of many authorization
solutions is their architectural invasiveness and
lack of support for multiple authentication and
application servers. But this is one area where
PremierAccess shines.
The solution interoperates with a wide range of
authentication options, VPNs, Web servers and
other applications. Another neat feature is its
ability to provide brokered authentication to
other systems. - Andy Briney, editor-in-chief
11
SC Magazines Best Buy

• Won Best Buyhighest rating in remote access Test
  Center
• Won five star overall ratinghighest score
• Won five stars on all categories

Great choices, strong security, extremely
scaleable and ease of manageability exceeded
expectations. PremierAccess delivers a strong
role-based system of secure authentication and
authorization for all your remote users.
12
Network Computing
SafeWord PremierAccess is a flexible
authentication-management system that did almost
everything we asked. Secure Computingoffers
the most complete solution with the most robust
policy definition.
13
PremierAccess Protects

• VPN connections
• Alcatel
• CheckPoint
• Cisco
• Nortel
• Sidewinder
• Wireless Networks
• Web Servers
• Protects any Web server running on
• Windows
• Solaris
• Protects Web gateways and proxies
• RADIUS

• Citrix
• MetaFrame
• NFuse
• Secure Gateway
• Windows Domains
• RAS
• Unix
• SSH and OpenSSH
• Novell
• Oracle
• TACACS
• Custom Applications (SDK)

14
Connecting the Dots
Universal Web Agent
WEB
VPN
RADIUS
Agent
Citrix
RADIUS
Dialup
System login
15
Strong Authentication Options
PremierAccess has embedded support for the
industrys widest range of authentication options
including

• Dynamic passwords
• Hardware tokens
• Software tokens
• Mobile devices
• Biometrics

• Digital certificates
• Smart cards
• USB tokens
• Device authentication
• Brokered authentication

Customers can mix-and-match or combine
authenticators for the appropriate level of
security
16
Dynamic Password Tokens

• Give remote users secure access anywhere
• Most robust and reliable tokens available
• Event-synchronous system
• Generate one-time passwords on demand
• More reliable and easier to use than
  time-synchronous systems
• Convenient form factors
• Silver 2000 provides easy one-button operation
  (includes Soft-PIN protection during login)
• Gold 3000 the only key-fob token with PIN pad
  protection
• Platinum token has replaceable batteries
• Non-expiring tokens with long battery life

Silver 2000
Gold 3000
Platinum
17
Dynamic Password Tokens

• Requires multiple factors
• Something you have, something you know
• Think of your ATM card

• Uses dynamic passwords
• New password for every login
• Used passwords are useless to hackers

My PIN is 4598
18
MobilePass Authentication

• MobilePass systems allows dynamic passwords to
  be sent as text messages
• Works with any e-mail or SMS capable device
• Most digital phones, pagers, PDAs, Blackberrys
• Uses your existing mobile device for strong
  authentication
• Zero-footprint solution
• Requires no client hardware or software
• Ideal for mobile workforce

19
Other Authenticators

• SofToken II
• The same dynamic password system is available
  in a Windows software version
• PKI authentication
• Issues and interoperates with X.509 digital
  certificates
• Including VeriSign, Entrust and DoD certificates
• Also works with smart cards and USB tokens

SofToken II for PCs Palm
PKI authentication
20
Biometrics

• PremierAccess supports all emerging biometric
  systems
• Toolkits provide easy integration with any device

• Many devices have already been tested and
  certified
• Sony FIU-710 uses fingerprints to unlock smart
  card capabilities
• Fully compatible with PremierAccess

21
Device Authentication with Phoenix

• PremierAccess and Phoenix Technologies combine to
  create a new layer of access control with
  authentication of devices.
• This new security model can create trusted
  devices and device aware applications.
• Developed with Phoenixs DeviceConnect Plus

22
Token Reliability Testing

• Independent token testing
• Washing machine / dryer
• Car dashboard heat
• Pants back pocket sitting
• Freezer
• Fidgeting, flexing

Source http//slashdot.org/comments.pl?sid23189
cid2515917
23
Single Sign On to Any Web Application
Authenticate Once, For Multiple Access
Covers ANY Web servers on ANY platform
Users Browser
24
Protecting Citrix Applications
Any browser, anywhere
Universal Web Agent
Reduced or Single Sign-on
Citrix Servers
Personalization data (application login
passwords)
25
Role Based Authorization
Only Sales Directors, their staff, legal
department can access
Contracts in Microsoft Word
Sales Staff
MobilePass
Only Human Relations department managers can
get employee records
Managers
PeopleSoft database
Smart Card and password
Development Teams
UWA
Password _at_ known IP address
Web Application Servers
Remote Employees
Token with PIN protection
Each employee has access to a standard software
productivity suite
Software Productivity Suite
26
Remote Administration
Remote management of users, roles, policy,
sessions and personalization Centralized,
delegated and help-desk management Easy
out-of-the-box installation Customizable
with SDK Unlimited scalability Robust
fault tolerance and data replication
Administration Console
User Profile
27
Web Based Self Enrollment

• Embedded Web Server
• Reservations for large s of users
• Users Enroll Activate There Own Tokens
• Deployment to end users for
• Digital Certificates
• VPN clients
• SofTokens

Administrators Reservation Template
Assigned Authenticators
Reservations
http//www.rocketsciencecorp.com/
Web Enrollment Center
28
Token Deployment Services
Deploy hardware tokens directly to
end-users Import customer records from standard
database formats Automatically program and assign
tokens to specific users Package and ship tokens
to end-users with 100 accuracy Send separate PIN
letters directly end-users
29
PremierAccess Summary

• Manages multiple access points with one product
• Universal Web Agent protects all Web servers
• Strengthens security of VPN or dialup connections
• Role-based authorization
• Flexible policy management
• Multiple integrated authentication options
• Unique device authentication
• Brokered authentication to external systems
• Practical management and deployment

30
Questions