Using untrusted Networks for Corporate Communications

Transcription

Using untrusted Networks for Corporate Communications
Using untrusted Networks
for
Corporate Communications
September 2002
Dan Meier
UBS Telecom & Network Services
Agenda
! Secure Remote Access
! Mobile Computing
! Solution Engineering
! Challenges
! Visions
! Q&A
T&N Dan Meier
NewMax_Pres_SSS.ppt
Page 1
Glo
bal
A
U
y
p
Ha p
cce
ss
sers
“F
Mo
s
U
e
l
i
b
Ac
c
s
r
e
es
s
Co
ntr
ol
ull
Se
cu
ri t y
”
T&N Dan Meier
NewMax_Pres_SSS.ppt
Page 2
Company Information
UBS AG, biggest Swiss Bank
Managed Assets
Net Profit
2‘257 Milliarden CHF
6 Milliarden CHF
Worldwide 70'000 employees, Switzerland 29'000
3‘200 IT employees “Biggest SW-Company" in CH
IT Facts & Figures
15 Unisys Mainframes --> IBM OS/390 SSP
> 4'000 Server, > 40'000 PCs and Notebooks
> 700 Router, > 1'700 Switches, > 40 Firewalls
T&N Dan Meier
NewMax_Pres_SSS.ppt
Page 3
Mobile Computing
The Facts
♦ Remote Access Policy
♦ One standardised Notebook Model
♦ 4'000 Notebooks
♦ Smartcard Integration
♦ 10'000 online hours / month
♦ „Thin Clients“ / One - Click - Client
♦ Global Access Control
T&N Dan Meier
NewMax_Pres_SSS.ppt
Page 4
Mobile Computing
User
Requirements
Business
Requirements
Requirements
IT
Requirements
Security
Requirements
Ease of Use
Cost Effective
Standards
Authentication
Mobile Support
“Working Tool”
Release Integration
Smartcard Support
Broadband Support
Worldwide Access
DMZ Integration
Encryption
Low Cost Charging
7 / 24 Availability
High Availability
Access Control
7 / 24 Support
Process Integration
IPSEC Standard
Full Integration
Investment Cost "
Audit Trail
Operation cost "
PC Security
National/Internat.
Ease of use
Functionality
T&N Dan Meier
Standards
NewMax_Pres_SSS.ppt
Security
Page 5
Mobile Computing
es
The Solution Path
m is
Business
Pro
Project
Evaluation
a
e
l
e
R
s
e
s
Decision
Engineering
Test
s
ce
ur
so
Re
Pr
o
Signoff
Integration
Rollout
ble
ms
Operation
T&N Dan Meier
NewMax_Pres_SSS.ppt
Page 6
Solution Engineering
Architecture
International
Remote Access
Domain
Server
ProviderADFSA
net
Mail
Intranet
ADFSA
Swiss
ADFSA
Carrier
DMZ
Carrier
ADFSA net
Domestic
Remote Access
Data
Server
SOHO
Integration
T&N Dan Meier
NewMax_Pres_SSS.ppt
Corporate
Network
Page 7
Solution Engineering
How it works
5
1
PKI
Authorisation
2
3
4
7
Internet
ProviderADFSA
netIPSEC / VPN Tunnel
6
Remote
Access
! Establish Connection
DMZ
8
! Authenticate User
! Establish VPN Tunnel
! Provide “Restricted Access”
T&N Dan Meier
Corp. Network
NewMax_Pres_SSS.ppt
Page 8
Solution Engineering
The User GUI
D
• One Click Client
o
m
e
• 4 step Connection Manager
• Automatic Device - Recognition
• Live Phonebook Update
• Integrated HelpFunction
T&N Dan Meier
NewMax_Pres_SSS.ppt
Page 9
Solution Engineering
Certificate
Authority
CA card
PIN mailer
new
Card
Information
Server
Certificate
Information
Smartcard Setup
SingleSignOn
Authentication with
Certificate
=
or
Automatic Password
handover
PASS
=
Smartcards
Issuer
or
User
T&N Dan Meier
NewMax_Pres_SSS.ppt
Page 10
Challenges
Obstacles
# Resources
# Time
# Money
# Evaluation / Implementation
Qual
# Technologie Edge
T&N Dan Meier
Reso
urces
ity
Time
NewMax_Pres_SSS.ppt
Page 11
Challenges
Problems
Problems
Engineering
Engineering
Phase
Phase
Escalation
Problem
Problem Reporting
Reporting
MSI–Problem
MSI–Problem
API–Problem
API–Problem
GINA-Problem
GINA-Problem
Silence
Silence
Time
Time
Cost
Cost
Resources
Resources
Escalation
Escalation
Weekly
Weekly Conf.Calls
Conf.Calls
Problem
Problem Tracking
Tracking
Dedicated
Dedicated
Engineers
Engineers
Quality
T&N Dan Meier
NewMax_Pres_SSS.ppt
Page 12
CRL
CRL
IP (international)
Initial Configuration DHCP
PPP
Ethernet
Modem
LAN
Gateway
Others
Remote Access
Authentication
Service
TCP
Encryption (3DES)
IP
T&N Dan Meier
t
t
t
t
International
Access
IPSEC
User- DB
CP VPN-1 Modul
TCP
VPN
Protocol
Soft Certificate
X.509v3
PKCS#11
DH (Diffie Hellman))
Crypto Store Provider
t
Ethernet
Access
Method
User
Database
CP FW-1 Modul
( Diffie Hellman))
CSP
DH
Crypto API
Middleware
Restricted Access
Control
NAT
CP Secure Client (Personal Firewall)
VPN Interface
Smart Card
X.509v3
Authentication
Transport
Access
One Click Client (Remax 6.0)
t
Media
Technology
tt
Client
GUI
Challenges
IP (national)
t
PPP
SWISSSWISS-Access
Access Gateway
DialDial-in RAS
t
NewMax_Pres_SSS.ppt
Page 13
Visions
PDA Integration
PDA Client
GPRS
th
o
o
t
Blue
Public Network
nel
n
u
T
VPN
/
C
IPSE
VPN / FW
Terminal
Server
Web Server
External Access
Internal Access
Mail Server
Synch
Server
Palm
Calendar Server
T&N Dan Meier
NewMax_Pres_SSS.ppt
Page 14
Summary
Cos
t
Standa
r ds
T&N Dan Meier
Full
Sec
urit
Ha
y
Us ppy
er
s
n
io
at
gr
te
In
y
s
a
E
n
o
i
t
a
r
e
Op
le ng
i
i
b
t
o u
M p
m
o
C
a
t
a
D
n
o
i
t
c
e
t
o
Pr
NewMax_Pres_SSS.ppt
Page 15
Questions & Answers
[email protected]
T&N Dan Meier
NewMax_Pres_SSS.ppt
Page 16

Similar documents

DK Dogs

DK Dogs Kids Menu - 10 years old & under

More information