15 YEARS OF SECUNET 15 YEARS OF PKI EXPERIENCE

Transcription

15 YEARS OF SECUNET 15 YEARS OF PKI EXPERIENCE
Issue 2 | 2012
The IT Security Report by
15 YEARS OF SECUNET
15 YEARS OF PKI EXPERIENCE
Security framework for
new identity documents
Secure Cloud Computing?
But of Course!
Put the Seal of Quality
on Your Line Encryption
secunet delivers eID PKI Suite to
the Latvian Offi ce of Citizenship
and Migration Affairs
Article by Fred di Giuseppe
Chiachiarella, German Insurance
Association (GDV)
SINA L2 Box delivers line
encryption with proven security
The IT Security Report by
Content
15 YEARS PKI by secunet
03
15 Years of secunet, 15 Years of
PKI Experience
04
What is PKI and what is it for?
05
“Darling Romeo, Meet Me on the Balcony!”
06
Security framework for new identity
documents
08
“Watch Out – Ambulance on Your Right!”
10
PKI Meets Mobile Devices
National
12
Secure Cloud Computing? But of Course!
14
Preventive Security – A New IS Class
‘Driving Licence’
16
An Informant in the Ranks
Technologies & Solutions
17
Penetration Test for SMEs or
“What’s That Windows NT 4 Box Doing
There in the Corner?”
18
Put the Seal of Quality on Your
Line Encryption
20
Health and Safety for Internet Users
13
Dates
21
News in Brief
SINA AMN Client Now in
Operational Use by German Military
22
02
Events
»
2 | 2012
Dear Readers,
1997 was an eventful year: the comet Hale-Bopp was visible to the
naked eye over a period of several months; the radio navigation system
OMEGA was finally switched off; the german Digital Signature Act came
into force in Germany; the German Federal President Roman Herzog
made his famous speech in which he said that the country needed a
‘kick up the backside’; and secunet was founded!
For the past 15 years, we have been steadily developing our expertise
in the long-term protection of your data and applying the knowledge we
have gained, playing an active role in drawing up guidelines and even
legislation in the field of IT security. We are thus making our very own contribution to security in a digital world so that you can enjoy all the benefits
it offers with full peace of mind. Public Key Infrastructure (PKI) is an area
that has preoccupied us over the years – from the creation of the trust
centre for Deutsche Telekom to the development of SINA and the security
platform for ElsterOnline, and on to the planning of yet more exciting
projects for the future. We are pleased to give you an insight into this
seemingly mundane and yet challenging topic in a special supplement to
this edition of secuview. Follow the 15-year history of PKI at secunet on
a timeline and read a special report on the projects we have undertaken.
One current development in particular requires innovative approaches to
IT security (and that also applies to PKI), namely cloud computing. On
pages 12 and 13 of this magazine, Fred di Giuseppe Chiachiarella, Head
of Business Administration and Information Technology at the Gesamtverband der Deutschen Versicherungswirtschaft e. V. (German Insurance
Association, or GDV for short) considers the opportunities presented by
the cloud and the challenges of building an environment in which the
security elements comply with legal requirements. At the moment, the
GDV is engaged in a joint project with the BSI to develop certification
criteria for cloud computing, with new safety standards that can subsequently be used for other applications. One thing is certain: the next
few years will present new and exciting challenges that we look forward
to meeting head on.
I hope you enjoy reading our magazine.
Best wishes
Dr Rainer Baumgart
by secunet
15 Years of secunet,
15 Years of PKI Experience
With Public Key Infrastructure (PKI), secunet is able to meet the challenges of the digital
era head on and therefore ranks as a trusted provider of IT security solutions to clients in
all sectors of the economy
By the mid-1990s, it had become clear
secunet had thus entered uncharted
that digitisation and interconnectivity
territory, but was able to use and expand
were an irresistible force, resources that
its specialist knowledge at further trust
were an essential part of modern life.
centre and PKI projects both at home
Consequently, it was urgently needed to
and abroad. Today, secunet’s security
confront the challenges posed by digi-
experts are well versed in all business
tisation and to create innovative secu-
areas associated with public key infra-
rity solutions, rather than allow itself to
structures and trust centres, from the
Around the same time, the Essen-based
production of detailed security analyses
and seeming impossibility of the task. In
Technical Inspection Association (TÜV)
and concepts to drafting procedural
order to benefit from digitisation, it was
decided to expand its field of operations
documentation and dealing with any
necessary to implement a legally binding
beyond those of a testing and inspec-
and all technical, organisational, legal
digital equivalent to the handwritten sig-
tion body and to join with Deutsche
and administrative matters that might
nature: the qualified electronic signature.
Telekom in using its IT security exper-
arise during a project.
The legal framework for this was estab-
tise to take on a consultancy role. As a
lished in the 1997 German Electronic
result, secunet was founded as an in-
In this special edition of secuview, we
Signature Act, which requires that
dependent subsidiary specialising in IT
explore the exciting world of PKI that
accredited trust centres be set up with
security services. secunet’s first project
has been central to secunet’s success
the capacity to act as trusted authorities
was the creation of Germany’s first ever
over the past 15 years.
in electronic communication processes.
trust centre for Deutsche Telekom.
1997
be overwhelmed by the sheer enormity
SECUNET IS BORN
With its very first projects, secunet (named initially SecuNet Security Networks GmbH) acquired a level of expertise that
was unique in Germany at the time. It established the first trust centres in the country for Deutsche Telekom (1997) and the
modern DPCom Signtrust (1999). A lot has happened since then. Indeed, secunet has broadened its PKI expertise through
the production of detailed security analyses and concepts, the drafting of procedural documentation and the handling of all
technical, organisational, legal and administrative issues for a number of further trust centre and PKI projects both at home
and abroad.
GERMANY’S FIRST TRUST CENTRE
1999
SINA
Between 1999 and 2002, secunet developed SINA (Secure Inter-Network Architecture) based on a broad
concept outlined by the German Federal Office for Information Security (BSI). The PKI-based system was
designed to securely process, store and transmit classified information and other sensitive data. When smart
cards are issued, the SINA Management system generates pairs of keys and certificates which are used
for the secure authentication of SINA users/gateways by means of digital signatures when connections are
established. SINA comprises a growing family of modular components which are designed to be secure in a
variety of application scenarios, and whose functionality is constantly being extended – there are currently
over 30,000 SINA components in operation worldwide.
2 | 2012
«
03
Special
What is PKI
and what is it for?
Secure and confidential communication over the internet
is not just a pipe dream
PKI is thus a system that issues, distri-
PKI enables users of essentially inse-
keys associated with persons or entities,
cure public networks such as the inter-
PKI serves to protect electronic iden-
net to securely and privately exchange
tities through secure authentication, data
data through the use of a cryptographic
encryption and electronic signatures,
key pair, consisting of a public and a
thereby bringing an element of confi-
private key. Within PKI, a so-called ‘trust
dence into the digital world. PKI goes far
centre’ assigns a unique public key to a
beyond simple e-mail encryption.
butes, verifies and revokes digital certificates for secure electronic communications. As a central security infrastructure
that is always required for cryptographic
given entity (a person or a device), which
A public key infrastructure consists of:
1. A trust centre / certificate authority (CA)
which issues and verifies digital certificates.
A certificate includes the public key and information
about the owner of the public key.
2. A registration authority (RA)
which acts as the verifier for a certificate authority
before a digital certificate is issued to a requester.
3. One or more directories
in which the certificates (and their public keys) are
held.
4. A certificate management service
with the power to suspend or revoke certificates.
5. A validation service (VA)
which makes it possible to check certificates.
is then recorded on a digital certificate
issued by the trust centre, also referred
to as the ‘certificate authority’. The digiRA
tal certificate is then published by online
directory services and is thus made
accessible to the public. Trust centres
are also responsible for the blocking
CA
(‘revocation’) of certificates, and certificate revocation lists are published accordingly.
?
2002
VA
eTRUST MAIL / SIGNTRUST MAIL AND eKURIER
KURIER
1998 marked the creation of the LibSigG, a cryptographic library used to sign electronic
documents in accordance with the 1997 German Electronic Signature Act. In addition
to this, secunet developed the desktop software eTrust Mail (later called Signtrust
Mail) and the electronic registered mail service eKurier in 2002 for Deutsche Post and
PostCom respectively.
ELECTRONIC-MAIL GETS SECURE
2003
ELECTRONIC WASTE MANAGEMENT SYSTEM – eANV
04
»
Since April 2010, in Germany companies have been legally obliged to create an electronic audit trail when handling hazardous waste.
This move was expected to reduce bureaucracy for waste management authorities and the companies concerned, as well as to make
waste disposal monitoring processes more efficient. As early as 2003, secunet was already working with the German Federal Office
for the Environment (BMU) to draw up the relevant legislation. secunet also established the system’s security requirements, developed
a model of implementation for the system and designed a data interface for the exchange of electronic documents between companies
and waste management authorities. Finally, secunet contributed to the implementation of the concept throughout Germany and adopted
an advisory role during the commissioning of the system. Today, secunet continues to support the BMU in extending the functionality of
eANV to include additional processes and meet further requirements of the waste management industry.
2 | 2012
by secunet
“Darling Romeo, Meet
Me on the Balcony!”
How PKI can protect your sweet
nothings from prying eyes
Let’s bring Romeo and Juliet into
the digital era. Juliet is yearning for
her beloved Romeo and so writes
him the following e-mail: “Meet me
on the balcony.” Before she sends it
But how can Romeo be
sure that the message
sitting in his inbox is
actually from Juliet?
to Romeo, she signs the message with
her private key and then encrypts it with
Romeo’s public key, so that only he can
read it. Romeo then decrypts the e-mail
with his private key and verifies Juliet’s
signature with her public key, enabling
him to read her message in plain text –
and so the tragedy runs its course.
The digital signature is the link between the
message and the owner of the key pair:
- Authentication
Romeo can be sure that the owner of the
private key sent the message.
- Non-repudiation
The owner of the private key cannot refute
that he/she signed the message.
- Integrity
The message cannot be altered without
detection.
MONITORING AND ACCREDITATION SYSTEM FOR CERTIFICATION
SERVICE PROVIDERS IN GREECE
Working in cooperation with a local partner, secunet developed the monitoring and accreditation system for certification
service providers in Greece. Throughout the project, secunet advised the Greek regulatory authority, EETT National Telecommunications and Post Commission, on all matters concerning the voluntary accreditation and monitoring of certification
service providers for electronic signatures. Additionally, secunet was responsible for analysis and training as well as for
implementation of all technical, organisational, legal and administrative aspects.
LEGAL CERTAINTY ONLINE
MULTISIGN
2003
2003
- Confidentiality
Only the owner of the private key (the receiver)
can read the message.
The secunet ‘multisign’ mass signature solution was first proposed in May 2003. The product is
a high-availability security solution that makes it possible to create qualified electronic signatures
as a basis for legally compliant electronic business processes. In business communication, mass
signatures provide legally valid proof of the ‘authenticity of origin’ and the ‘integrity of content’ of
data transmissions.
2 | 2012
«
05
Special
Security framework for
new identity documents
secunet delivers eID PKI Suite to the Latvian Office of Citizenship
and Migration Affairs
secunet is delivering its eID PKI Suite
For easier document handling in border
well; in addition to introducing new elec-
as a subcontractor for the Latvian IT
and other control scenarios, secunet
tronic identity documents, the Latvian
company Lattelecom Technology. This
is also providing the Latvian govern-
Republic is also updating its existing
tried-and-true security solution pro-
ment with a so-called Terminal Control
Public Key Infrastructure (PKI) for the
vides all of the functions required for
Centre
production and inspection of these
the successful operation of the new
which has already been adopted by
documents. The PKI is thus being ex-
Latvian PKI. Indeed, the eID PKI Suite
the German Federal Police, manages
tended to include a central infrastruc-
comprises not only those PKI compo-
(amongst other things) the certificates
ture for the validation of electronic
nents that are needed for issuing ICAO-
and document data for all associated ID
passports and national identity cards.
compliant
scanners, meaning that these no longer
As a result, the enhanced system will
also Extended Access Control (EAC)
be able to issue electronic documents,
PKI components for the validation of
passports and be used for checking
electronic documents, which makes it
passports and ID cards at border con-
possible to exchange information with
Georg Hasse
trol and in Latvian embassies world-
other countries and thus facilitates
[email protected]
wide. The Latvian Office of Citizenship
the use of identity documents world-
and Migration Affairs (OCMA), which
wide. Thanks to the flexible design of
is charged with the planning and im-
secunet’s eID PKI Suite, the specific
plementation of this major project, has
requirements of the Latvian authorities
selected secunet as a partner on the
can be met in their entirety – all without
basis of its expertise and proven track
compromising absolute security and
record in eID solutions.
reliability.
2004
If a job’s worth doing, it’s worth doing
identity
documents
but
(TCC).
This
infrastructure,
have to be managed individually.
More information:
ELSTER
At the behest of the Bavarian Regional Tax Office, secunet implemented a new security
platform for the ElsterOnline portal. The solution satisfies the very highest security
requirements, supporting authentication, encryption and electronic signatures for web
applications through certificate-based processes. As a result of these processes,
convenient, new online portals now exist for virtually all tax-related areas, including
tax declarations, tax cards, income tax and tax account inquiries – today all over
Germany.
NEW ONLINE TRACK FOR TAX-RELATED AREAS
06
»
Since 2003, secunet has supported the global product specifications
for electronic passports. In 2005, the German National Printing
Office put the first electronic passport (ePass) into circulation and
the BSI approved secunet’s testing laboratory for electronic travel
documents. As such, secunet’s laboratory is the first ever officially
accredited testing laboratory for the security of electronic travel
documents in Germany in accordance with BSI technical directive
03105 – Part 3.
2 | 2012
AUSTRIAN eCARD
2005
2005
ePASS
Austria’s electronic social security card forms the basis of the system that
administers Austrian social security affairs. The eCard replaces Austria’s
paper health insurance voucher and carries an electronic signature to ensure
that all applications for social security are secure. The eCard is also capable
of accepting further electronic signatures. Under this project, secunet is
responsible for the implementation of all security-related components and
concepts, a PKI inclusive of directory services to secure business processes
and a user-friendly web portal for carrying out eCard-related tasks.
by secunet
Always operating in the background:
a central security infrastructure
“We are delighted to be among the first
European countries to have the technological capacity to process new-generation
passports. During the course of this project,
secunet has proved to be a flexible, reliable
and motivated partner with whom we were
able to build a modern, high-security, highavailability eID infrastructure.”
Inguss Treiguts, Director of the ID Department at OCMA,
speaking about the work done with secunet.
OFFICE OF CITIZENSHIP
AND MIGRATION AFFAIRS
By introducing electronic identity documents, Latvia has established a reliable
system for digital identification and thus created the necessary conditions
for more efficient and secure management of existing processes. This in turn
requires that a complex central security infrastructure constantly operates in
the background. The reason for this is that the mutual trust between public
bodies and citizens is paramount when handling national identity documents.
Consequently, it is vital to provide the highest possible level of identity protection
by ensuring that:
– identity documents are authentic (i.e. they must have been produced and
issued by an authorised agency);
– printed and electronically stored data cannot be amended in any way;
– only agents of a relevant authority are entitled to have access to this data,
e.g. an immigration officer at the border or airport.
Public Key Infrastructures have proven to be the technology of choice in this
regard. There are two international PKI concepts that are relevant to national
ID documents. The ICAO PKI is a system used all over the world to verify the
authenticity and integrity of identity documents. Meanwhile, the EAC PKI, which
is predominantly used in Europe, ensures that only authorised ID scanners
are able to access the data stored in the document chip. The reason that such
eID infrastructures are so complex is that the required certificates need to be
exchanged between both PKI systems and between all of the countries in the
world.
2006 / 2011 / 2012
In its eID PKI Suite, secunet has developed an all-encompassing, innovative
security infrastructure especially to meet these unique requirements.
DE-MAIL
The security of De-Mail is also ensured through the use of PKI-based user authentication, as well as through qualified electronic
signatures generated by De-Mail providers. From 2006 onwards, secunet has been heavily involved in the development of
De-Mail’s technical directives, from which the De-Mail law and relevant technical directives were finally derived in 2011.
De-Mail was first offered by providers in April 2012. secunet advises and assists De-Mail providers in the establishment of the
necessary infrastructure and compliance with legal requirements, helping businesses and public authorities to establish a
secure connection to De-Mail and to integrate it into their business processes. Meanwhile, secunet’s De-Mail ‘konnektor’
facilitates the PKI-based authentication of businesses and public authorities.
INTEGRITY, AUTHENTICITY AND YOUR VEHICLE
2007
FLASHWARE PROTECTION
IT is opening the door for vehicle manufacturers to innovations that make cars safer, more
economical, more comfortable and more entertaining. To guarantee the continued safety and
security of both the driver and vehicle, steps must therefore be taken to prevent software
imitation and manipulation. secunet has developed mechanisms for the BMW Group that
safeguard the integrity and authenticity of control unit software by means of modern public key
cryptography. To this end, secunet has itemised and implemented all the necessary functions
for BMW’s back-end infrastructure, workshop infrastructure and production systems.
2 | 2012
«
07
Special
“Watch Out – Ambulance
on Your Right!”
Anonymous data exchange enables safer roads and
more efficient traffic flow
Drivers often engage in animated
speed etc., evaluate it and pass it on via
gestures and occasionally shouting
wireless networks to other road users.
matches. Unfortunately, this type of
information exchange does not neces-
Safety and efficiency on the road can,
sarily lead to an improvement in road
however, only be achieved if data ex-
safety or traffic flow.
change is rapid, reliable and authentic.
Experts are now focusing on extending
Secure car-2-x-communication via PKI
A much more reliable and effective alter-
and adapting existing technologies,
In order to eliminate the possibility that
native is inter-vehicle communication. In
using WLAN to IEEE 802.11p standard
any falsification of information might
the future, cars will communicate with
for data transmission. Because vehicles
go undetected, recourse is made to
one another (Car-2-Car) to make drivers
are then open for data communication
signatures in asymmetric cryptography
aware in good time of critical and dan-
over the radio network, this immediate-
and to PKI, just as in ‘classic’ IT. Data
gerous situations such as accidents or
ly raises the issue of a secure commu-
protection laws require, however, that
black ice, or communicate with traffic
nication structure. The core values of
the transmission of information that has
infrastructure such as traffic lights or
information security such as integrity,
been gathered from the use of a signa-
traffic signs (Car-2-Infrastructure) to
authenticity and liability are also key re-
ture and certification in Car-2-X com-
optimise traffic flow. To achieve this,
quirements in communication between
munication and which might be used to
vehicles collect sensor data on brake
vehicles and infrastructure.
identify the sender (a desirable feature
in business applications) must be pre-
2008
function, steering, position, direction,
ELECTRONIC HEALTH CARD – eGK
gematik (the German Association for the Telematic Application of Health Cards) and the German
Federal Ministry of Health relied on secunet’s experience and expertise during the implementation and launch of the eGK in Germany. In just a short space of time, while working in parallel on
the development of the certificate authority (CA), secunet created a security concept that was
tested and approved by an independent auditor. Furthermore, secunet provided assistance to a
large German insurance company in the implementation of its own PKI for issuing the first ever
electronic health cards in the country.
ALL-IN-ONE: YOUR HEALTH RECORDS ON ONE CARD
08
In 2007, secunet and Giesecke & Devrient Egypt Services Ltd won the contract for the creation of a national root certificate authority in Egypt. secunet’s
contribution to the project was PKI software, network infra-structure components and relevant concepts and documentation; it also provided training
for the trust centre’s employees. The Egyptian trust centre began operations
in June 2008 under the aegis of the Egyptian Information Technology Industry
Development Agency (ITIDA).
»
2 | 2012
NEW ID CARDS – nPA
2010
2007
NATIONAL ROOT CERTIFICATE
AUTHORITY IN EGYPT
Since November 2010, DPCom Signtrust has been an accredited certification
service provider, issuing authorisation certificates for the nPA in accordance with
the EAC 2.0 security protocol. The necessary authorisation certificate authority for
this was delivered by secunet which supported the project at every stage from
conception and development to piloting. Through this project, foundations were
laid for the first-time implementation of the nPA in the private sector. Building
on the same secunet solution, the German Federal Police Force checks nPAs at
Germany’s borders using a document verifying certificate authority.
by secunet
which is not used for communication
work, secunet is able to draw on its
between vehicles or communication
comprehensive expertise in the design
with traffic infrastructure, but only in
and implementation of PKIs (Public Key
requesting pseudonym certificates for
Infrastructures) and on its own product
signature of data telegrams on a PCA.
components.
In this way, individual vehicles retain
More information:
their anonymity.
Andreas Ziska
[email protected]
As a member of the CAR 2 CAR forum,
secunet is helping the automotive industry to standardise the system and to
vented. The PKI feature used here en-
overcome practical challenges related
sures that the vehicles have at their
to its introduction to the market. In this
disposal a large number of pseudonym
certificates which are periodically ex-
RCA n
changed as well as several key pairs
for signing the messages that are to be
Long-Term Certificate
LTCA
sent.
For this purpose, several Root CAs
(RCA) connected by means of cross-
RCA 1
certification, need to be established,
s- t
os ca
Cr er tifi
C
Certificate
for LTCA
RCA 2
o
s- ti
os ca
Cr er tifi
C
n
Specially developed PKI
concept ensures vehicle
anonymity
Certificate
for PCA
which certify the subordinated Long-
ion
Term CAs (LTCA) and Pseudonym CAs
PCA
(PCA) (see illustration). The LTCA issues
2011
each vehicle with a unique certificate,
Pseudonym Certificate
AUTHEGA
Using authega, a data protection-compliant authentication service developed with mgm technology partners GmbH,
secunet has implemented secure access to the employee intranet service of the Bavarian State Finance Office (LfF). In
August 2011, the pilot phase commenced for the first application of the portal, via which the employees of ministries
and regional authorities will gain secure access to their personal data and staff-related processes in future.
EASYGO AT THE AIRPORT
2011
eGATE AT AIRPORT PRAGUE
Towards the end of 2011, the Czech border police put an eGate – a semi-automated border control
system – into operation at the Prague Ruzyn airport. secunet delivered the so-called EasyGo system
to Prague as a sub-contractor of the Czech company VÍTKOVICE IT Solutions. The system works via
a PKI suite through which certificates are distributed that make it possible to access the data saved
electronically in electronic identity documents (eIDs).
2 | 2012
«
09
Special
PKI Meets
Mobile Devices
Integration of mobile devices into businesses
More and more companies are willing
and that are already standard in ‘classic’
to permit the use of mobile devices
PC-based environments, including VPN
and thereby fully exploit all the benefits
connections, namely PKIs.
of mobile communications. But at the
Alongside IEEE 802.1x standard and
curity, with 76 % of businesses seeing
Kerberos, certificate-based authentica-
the increasing number of mobile devices
tion considerably enhances the level of
as a serious threat.* These fears are not
security in the authorisation of devices
unfounded, but the associated risks
within corporate networks. Each indi-
can be minimised by taking appropriate
vidual device is assigned individual keys
measures.
and certificates, thereby facilitating
are verified via the relevant mobile de-
direct mapping and simplified device
vice management, including PKI con-
To ensure that both company-issued
management. If a device goes missing,
nection.
and private (‘bring-your-own’) mobile
the associated certificate is centrally
devices can be integrated into the cor-
blocked and the lost or stolen device
With the help of user certificates, the
porate network and that sensitive data
can no longer access the corporate
transport and storage of data plus
can be safely handled by apps without
network. Authentication of mobile de-
access to applications on mobile de-
compromising security, there are tech-
vices in the network takes place on the
vices can be made more secure.
nical aids that can be incorporated into
basis of ‘knowledge and possession’.
User-specific authentication and data
operating systems (e.g. Android, iOS)
The required keys and/or certificates
encryption can already take place on
2012
same time, there are worries about se-
GERMAN FEDERAL MINISTRY OF LABOUR
For some years now, the German Federal Ministry of Labour (BfA) has been running a trust centre that issues digital
service cards with qualified electronic certificates to its employees. secunet was involved in the BfA project from
the conceptual development stage right through to the delivery of specialised PKI components. At the beginning of
the year, secunet was asked as the BfA’s main contractor together with business partner vps ID Systeme GmbH to
support the existing infrastructure as well as to overhaul the BfA trust centre’s existing technologies. Alongside the
safeguarding of day-to-day operations, secunet is responsible for the conception, updating and delivery of the entire
PKI suite.
THE FUTURE IS NOW
secunet has created – or contributed to the creation of –
numerous trust centres in Germany, for example:
10
»
DATEV
Deutscher Sparkassen Verlag (S-Trust)
DPCom Signtrust
TC Trustcenter
D-TRUST
German Federal Ministry of Labour
Deutsche Telekom
Deutsche Rentenversicherung
2 | 2012
by secunet
Facts and
figures
ELSTER:1)
So far, around
73 million income tax declarations,
334 million VAT pre-registrations,
213 million income tax registrations and
883 million tax certificates have been electronically
transmitted in Germany (as of March 2012).
In 2010 alone, 8.6 million tax declarations were
completed online.
nPA:2)
the basis of certificates using stand-
PKI solution with the aim of testing and
ard features of the operating systems
integrating mobile device management
and applications; for example, Apple’s
solutions and mobile devices in con-
Mail.app comes with corresponding
junction with PKIs.
(S/MIME) functions on board.
By the end of 2011, more than 10 million new
electronic ID cards had been issued. The introduction
of the new ID card counts as one of the largest-scale
publicly financed IT projects ever carried out in
Germany.
With the increasing use of mobile de-
Steffen Heyde
ePASS ELECTRONIC PASSPORT:3)
By spring 2012, around 345 million ePass
vices, enterprise PKI solutions as cen-
[email protected]
electronic passports had been issued in Germany.
More information:
tral security infrastructures are steadily
FLASHWARE PROTECTION:4)
gaining in importance. To allow the use
of Smartphones and tablets without
* Extract from research report ‘Global
exacerbating security concerns, some
Study on Mobility Risks – Survey of IT
companies are already preparing to es-
& IT Security Practitioners’, © Ponemon
tablish and/or expand their respective
Institute 02/2012
In the meantime, flashware protection has been distributed to the BMW Group’s entire fleet of vehicles –
a total of more than 1.6 million vehicles in 2011.
1)
3)
www.elster.de, 2) www.personalausweisportal.de,
www.icao.int, 4) www.wiwo.de
A GLANCE AT PKI'S FUTURE
The need for confidential electronic communication makes electronic identities an integral part of
the digital world
Although the imminent demise of the
PKI projects feature heavily in the daily
the challenge of securing electronic
PKI market has been forecast often
work of secunet; from smart metering
identities all the more compelling. In
enough in recent years, it is in fact thriv-
to credit card payment security, all IT
the future, this problem will also be
ing. Indeed, electronic identities are be-
security solutions essentially build on
overcome with PKI, enabling the use of
coming increasingly important in this
reliable PKI systems.
certificates that verify the identity of devices and users and thus guaranteeing
age of mobile digitisation and have long
been an integral part of the digital world.
New portable terminalsmobile devices
secure communication. As such, the
The functions and benefits afforded
also often use PKI technology; the
management, handling, security and
by PKI meet all of society’s existing re-
growing use of such equipmentmo-
cost of electronic communication will be
quirements concerning confidential elec-
bile devices that are is not bound to any
brought back into balance.
tronic communication between trusted
one location, and that are is often used
identities, and even after 15 years,
both commercially and privately, makes
2 | 2012
«
11
National
Secure Cloud
Computing?
But of Course!
Article by Fred di Giuseppe Chiachiarella,
German Insurance Association (GDV)
A weather phenomenon – more precisely, a cloud – has enthralled IT experts and ordinary internet users alike all around
the world. With new ‘cloud’ technology, communication and
data transfers have suddenly become possible at any time
and from virtually anywhere in the world. Holiday and family
photos, music, personal data and documents have all already
been sent to the cloud – mostly without anyone ever wondering if it is truly secure. In fact, where IT security and data
protection in cloud computing are concerned, there are still
At this point, we should perhaps take a step back in time,
a number of ambiguities which the European Commission
because networked yet secure communication is nothing new
has only recently begun to address. EU officials now want to
to the insurance industry. Insurers already have dealings with
create uniform security standards for private and commercial
other organisations such as local and government authorities
users of cloud technology.
and service providers on behalf of their customers. As early
as 1993, German insurance companies began using a secure
The insurance industry in Germany is already some way ahead
sector-specific network for regular data transfers – e. g. ap-
of the Commission. As an industry that forges strong links with
plications for Riester (national pension) benefits, for vehicle
its customers and business
licensing or for the submission of claims forms. This industry
partners, we too are interest-
network, run by the German Insurance Association (GDV)
ed in the potential benefits
and accredited by the German Federal Office for Information
of cloud computing – for its
Security (BSI), guarantees the secure transfer of data between
ability to facilitate faster and
insurance compa-nies and their external partners, with a total
more flexible communication,
of over 110 million messages sent each year. Alongside the
enhanced services and syn-
Riester allowance authorities, access to the network is also
ergy effects. Insurance com-
made available to the German Federal Motor Transport Author-
panies must, however, meet
ity, road traffic agencies, lawyers and vehicle repair shops.
high customer expectations
Fred di Giuseppe Chiachiarella,
Head of Business Management/
Information Strategy, German
Insurance Association (GDV)
in terms of data protection
We now want to develop this network to the ‘Trusted German
and security. When using new
Insurance Cloud’ (TGIC). Using cloud technology, in future
technologies, we have to be
communication across the GDV industry network will take
confident that the relevant
place directly via the internet, whilst maintaining the system’s
technical and legal frame-
current high standards of security.
works are in place to ensure
secure, reliable and confiden-
The new infrastructure is also expected to meet the BSI’s own
tial communication. That is why we are currently developing a
stringent security standards. At the 2012 CeBIT trade show,
legally compliant cloud environment that can meet the unique
the BSI and the GDV announced that they would be working
requirements of our industry.
together to develop certification criteria for cloud computing.
12
»
2 | 2012
Dates
September 2012
until March 2013
10 - 11 Sept 2012 » Energy seminar: IT Security
for Energy Infrastructures /
Berlin
11 - 13 Sept 2012 » NATO Information Assurance
Symposium (NIAS) & Expo /
Mons, Belgium
14 Sept 2012 » TeleTrusT Info Day:
Electronic Signature /
Berlin
Until now, there have been no such criteria in Germany. In
concrete terms, this means that we are currently busy developing a concept with the BSI designated ‘Security by Design’,
the implementation of which will take into account BSI requirements of the level of IT security to be certified. In doing so,
it is important to us that the new infrastructure operates within
18 - 21 Sept 2012 » ICMedia / Brasilia, Brazil
25 - 26 Sept 2012 » D-A-CH Security / Constance
16 - 18 Oct 2012 » it-sa / Nuremberg
23 - 25 Oct 2012 » AFCEA TechNet International /
both the German and EU legal frameworks. Additionally, the
new security standards should also provide scope for application to other projects.
Rome, Italy
26 Oct 2012 » Workshop IT Security on Board /
Munich
With the TGIC, we hope to develop a communication platform
for the use of the insurance industry and its partners that is
both modern and secure. In short, we want to show that cloud
computing and security are not mutually exclusive.
29 - 30 Oct 2012 » Telematics Update / Munich
30 - 31 Oct 2012 » Biometrics / London, UK
5 - 6 Nov 2012 » VDE Congress / Stuttgart
6 - 7 Nov 2012 » Moderner Staat / Berlin
13 Nov 2012 » National IT Summit / Essen
The Insurance Trust Centre – ITC
A central feature of the Trusted German Insurance Cloud (TGIC) will be
the so-called Insurance Trust Centre (ITC). Its job is to authenticate
communicating parties and to deliver the necessary data for user
authorisation certificates. At the heart of the ITC concept is the Insurance
Security Token Service (ISTS), which is currently being developed on the
basis of the WS Trust standard. The ISTS is a central web service which
issues (signed) security tokens by means of which the authenticity of a
communicating party is assured.
19 - 20 Nov 2012 » Handelsblatt Defence
Conference / Berlin
17 - 21 Feb 2013 » IDEX / Abu Dhabi, UAE
25 Febr- » RSA Conference /
1 March 2013
San Francisco, USA
5 - 9 March 2013 » CeBIT / Hannover
Would you like to arrange an appointment with us?
Then send an e-mail to [email protected].
2 | 2012
«
13
National
Preventive Security –
A New IS Class
‘Driving Licence’
Customised, creative and sustainable security awareness
solutions from secunet
As drivers, we have to be able to make decisions quickly
increases with the number of road users, it also increases with
and react instinctively to what is happening around us on the
increased data volumes, and in particular with increased data
road. Experience combined with knowledge of the High-
sensitivity.
way Code and of the car’s safety systems will
often prove decisive as to whether a critical
A driving licence is compulsory for anyone
situation runs its course without incident
wishing to get behind the wheel of a car.
or ends in an accident. Consequently,
Why, then, is there not an ‘IS Class’
every single road user contributes to
licence for IT security? IT security
the overall safety of the traffic flow
awareness solutions aim to fill this
and has a responsibility to conduct
gap, making employees and senior
him/herself in accordance with the
management alike more aware of the
law. It therefore matters greatly that
importance of information security
drivers are well grounded in the rules
and the need to use IT responsibly.
Knowledge is imparted, rules are rein-
of the road. The situation is essentially
forced, practical examples and typically
similar to the flow of data in our predominantly IT-based working lives, but with one
key difference: whereas we start learning as
children how to cope on the road and then
consolidate this knowledge later on with
driving lessons, the first that we hear about
the ‘Information Security Highway Code’
risky situations are highlighted, good prac-
»Hook, line and
sinker.
Danger:
Data theft!«
is likely to come from our employer. Some-
tice is taught and tips are given – just as
when learning to drive.
IT security concerns
everybody
times employees never learn the rules at all – or they learn the
Awareness-raising measures are more important today than
rules but do not feel that they apply to them, and so do not feel
ever before, because most employees do not realise that they
obliged to abide by them.
have a key role to play in IT security. This is largely due to the
fact that, unlike in road traffic incidents, the effects of trans-
Training in IT data flows –
better late than never
gression and carelessness in IT are often not immediately
apparent to the user. Furthermore, most employees regard the
IT department or the company’s IT security officers as being
A poor understanding of these rules and a lack of accounta-
exclusively responsible for IT security. Consequently, with the
bility can lead to serious problems in practice because – just
exception of the IT department itself, employees’ understand-
as with road traffic incidents – most IT incidents occur through
ing of IT security measures is likely to be relatively limited.
human error*. Even the most secure information technology is
The key to successfully raising awareness is in the approach
unable to offer protection if employees act carelessly, in the
taken; it must be persuasive but not overbearing, and it must
same way that the most advanced vehicle technology is power-
gain acceptance through emphasising the rewarding aspects,
less to intervene as soon as a pedestrian crosses the road
so that employees become less defensive and more willing to
on a red light. In the same way that individual responsibility
take ownership of the issue.
14
»
2 | 2012
National
Awareness-raising measures are
more important today than ever
before, because most employees
do not realise that they have a key
role to play in IT security. Employees’
understanding of IT security measures is likely to be relatively limited.
The perfect recipe for increased
IT security awareness
As an IT security specialist, secunet is able to implement se-
More than 40,000 employees from local government agencies
curity awareness measures on your behalf – but there is no
and private companies have already been introduced to the
one-size-fits-all solution. Indeed, the security awareness pro-
wider implications of IT security in this exceptionally crea-
gramme we offer will be tailored specifically to your business
tive way; secunet’s awareness experts have driven home the
culture and existing IT infrastructure, ensuring that partici-
message that each and every one of them is an important part
pants will be able to relate as closely as possible to its con-
of their company’s IT defences. As Humboldt might have said:
tent. Every target group will have specific needs, for example
“Ideas (or in this case, “information security rules”) can only
at senior management level where the expectation is to lead
serve a purpose if they come alive in the minds of the many.”
by example. Designed according to the stated objectives of
each client, the awareness solutions implemented by secunet
* Source: kes>/Microsoft Security study 2010
will vary greatly in terms of duration, format and style – in
the same way that a moped licence is different from an HGV
More information:
licence. With the right combination of components, including
Markus Linnemann
live hacking presentations, comic strip handouts, brochures,
[email protected]
competitions and in-tray documents, as well as technological
measures such as specially designed login screens, secunet
will raise the security awareness of your employees in a creative, interesting and sustainable way.
2 | 2012
«
15
National
An Informant in
the Ranks
How your hardware could be ‘leaking’ sensitive data and what you can
do to stop it
Information is a highly valuable commodity for public author-
Information Security (BSI), these devices fall into three pro-
ities and private companies alike, so it comes as no surprise
tection classes:
that technical data protection measures such as encryption
are taken as a given today. Awareness-raising campaigns and
other initiatives teach employees to take care when handling
information – yet it often escapes attention that there could be
an informant in the ranks, even when employees follow information security rules to the letter. Indeed, digital appliances
Zone 0 (~ NATO SDIP 27 Level A) – Site of operation without special
protection
Zone 1 (~ NATO SDIP 27 Level B) – Site of operation with limited
protection requirements
Zone 2 (~ NATO SDIP 27 Level C) – Site of operation with high
protection requirements
such as monitors and keyboards can cause the unchecked
broadcasting of your company secrets through the emission
To achieve sufficient protection against compromising emana-
of electromagnetic radiation (EMR), which can lead to inad-
tions, it may be necessary to redesign the layout of your busi-
vertent information leaks. With the right and professional
ness premises. Or your computer system is already adequately
equipment, these data leaks – also called ‘compromising
protected: The SINA Terminal H SDIP 27A, for instance, can be
emanations’ – can be tapped into relatively easily. Eavesdrop-
used at a site of operation without special requirements, but is
pers do not even have to be in the same building as your com-
capable of offering the same level of protection as the Zone 2
puter system. Indeed, targeted attacks can be launched up to
Faraday cage, which isolates compromised components and
1000 metres away.
shields EMR from external reception. As a result, a garrulous
informant will become a quiet and trusted friend once more.
Radiation-proof devices such as those manufactured by our
Fürth-based partner Siemens for the SINA product range
More information:
prevent the transmission of information via EMR and thus
Dirk Mangelmann
protect your data from unauthorised interception. In line with
[email protected]
the zone model drawn up by the German Federal Office for
The exceptionally well-protected
appliances described in this article
should not be confused with so-called
‘low-emission’ components, which are
commercially available devices bearing
the quality seals of companies, e. g.
TCO Certified. This is because these
quality seals only indicate the threshold
for harmful levels of EMR and do not
signify protection against compromising
emanations.
16
»
2 | 2012
Technologies & Solutions
Penetration Test for SMEs or
“What’s That Windows NT 4 Box
Doing There in the Corner?”
What is the most reliable
way of making life hard for
hackers? The answer is ob-
HACKERSTORY #1
vious: identify and eliminate
vulnerabilities in the company’s
internal network. The best strategy
is to get someone on the job who
really knows what they are doing – a
hacker with expert technical skills and
a natural understanding of the way the
criminal mind work.
My secret is contained in
my password
Many networks and workstations still rely exclusively on
So-called ‘penetration tests’ were origi-
passwords to identify an authorised user. It is not difficult
nally devised as a standard feature of
for a hacker to clear this obstacle. Amazingly, the password
the IT security process for major clients
such as banks and insurers, but their
popularity has since spread throughout
the industry. Many small to mediumsized enterprises (SMEs) have started to
chosen is often the same as the user name. Weak passwords
can be cracked in a matter of hours using ‘brute force’. Clues
can often be found in the user’s social background, e. g.
who is important in their love life, what football team do they
support?... If the hacker has physical access to the worksta-
use this type of efficient analytical pro-
tion, he will frequently find the password written on a post-it
cedure to quickly and comprehensively
note and stuck to the screen or hidden under the mouse mat.
assess the current status of their own IT
security.
But that is not even the most egregious scenario: in some
companies, the local administrative password is identical on
For almost fifteen years now, a group
all computers. This means that, once the password of a local
of secunet experts has been heavily in-
administrator has been cracked, the hacker can access other
volved in such projects. Their in-depth
workstations on the network, including those with admini
knowledge of network and system ad-
strative rights. The consequences can be catastrophic…
ministration coupled with a creative approach, exceptional powers of imagination and all-round experience enables
them to reliably pinpoint vulnerabilities –
More information:
Dirk Reimers
[email protected]
even without being granted access
rights – and to exploit these (obviously
with the permission of the client) to penetrate as far as core company data.
In future editions of secuview, we will be
revealing some of the classic vulnerabilities and typical hacker targets in com-
IN THE NEXT ISSUE:
Production and budget pressures
as a source of risk
pany systems as well as recounting
some amusing and even hair-raising
tales as told to us by a ‘white hat’ (i.e. an
ethical hacker).
2 | 2012
«
17
Technologies & Solutions
Put the Seal of Quality on Your
Line Encryption
SINA L2 Box delivers line encryption with proven security
German research and development enjoys a worldwide repu-
transmission speeds, even voice or video applications via fixed
tation for strength of innovation, with the ‘Made in Germany’
lines or connections via satellite and radio relay system can
label being seen as a reliable indicator of quality. It is not sur-
be securely encrypted without any delay in real time or degra-
prising, therefore, that research findings, production plans and
dation of quality.
even customer databases are the targets of industrial espioIn contrast to other Layer 2 encryption solutions on the market,
nage from home and abroad.
SINA L2 technology stores all configuration data as well as enThe increasing tendency to hook up ethernet structures over
coding parameters on smartcards. In addition to the advantage
an ever wider area of activity has led to a network that extends
that comes from having data securely stored on a smartcard,
over multiple sites operated both by government and by private
this also makes for easier operation and system recovery after
enterprise. The SINA L2 Box has been designed to encrypt
servicing. Encryption is effected between the SINA L2 Boxes.
data links as well as satellite connections between locations
These are quickly and easily integrated into the link between
and within sensitive areas; moreover, the highly efficient rate at
provider and company network as a point-to-point, point-to-
which data is encrypted means that there is no discernible effect
multipoint or multipoint-to-multipoint connection; consequent-
on transmission speed. The German Federal Office for Informa-
ly, it is not necessary to make any alteration to the network
tion Security (BSI) has confirmed and approved it for use up to
infrastructure. The SINA L2 components can be used immedi-
and including VS-NfD and NATO RESTRICTED. A Restreint UE
ately and are completely transparent in the way they work for
Approval for german national use has also beeing granted.
VLAN, MPLS and other networks, i. e. users are not required
to agree on a particular protocol. SINA L2 Boxes are thus out-
Bandwidths of 100 MBit/s, 1 GBit/s or 10 GBit/s ensure high
standing in the way they supplement and safeguard existing
performance, and with ultra-low latency, transmissions can
network infrastructures and enable compliance requirements
be encrypted even for the most urgent applications and sce-
to be fulfilled.
narios. SINA L2 Boxes thus ensure absolute data security, also
when entire data processing centres and SAN (Storage Area
More information:
Network) environments are to be hooked up or synchronised.
Volker Wünnenberg
Because encryption performance is able to cope with actual
[email protected]
Headquarters
SAN at location A
SINA Management
SAN at location A
Other branch offices
Branch office 1
Branch office 2
18
»
2 | 2012
The quality and performance of the network
connections between SINA
L2 Boxes can be demonstrated by various analytical
and measurement
procedures. With the use
of modern instruments, it
is possible to determine
the throughput of your
connection, to run error
and protocol analysis,
and to provide you with
useful comparative data,
both with and without
encryption running.
2 | 2012
«
19
Technologies & Solutions
Health and Safety for
Internet Users
We have to take steps to protect ourselves
from harm. Indeed, this is why we have to
wear safety helmets on building sites – no
helmet means No Entry! The internet can
also be a dangerous place if you are not
sufficiently protected, so why not
wear an ‘online safety helmet’?
For many people, the use of online
communication between workstation
encapsulates each of them completely
services has become very much a part
and the internet is prevented. ‘safe
from the SINA system platform. A guest
of working life. However, the internet
surfer’ from secunet thus makes it pos-
system can also be operated in quaran-
is known to harbour many dangers.
sible to work with sensitive data while
tine mode, so that even potentially suc-
Numerous studies carried out by repu-
surfing the internet without imposing
cessful infections are eradicated upon
table IT security companies and re-
any restrictions. At the same time,
the next guest system reboot.
search institutes confirm that the risk of
users benefit from all-round protection,
becoming a victim of a cyber-attack is
both from malicious code infections
constantly increasing. Local (browser)
and from data leakage. Despite all
applications are particularly vulnerable
this, they retain the degree of flexibility
to attack, with vulnerabilities that can
in processing data to which they are
Whether deployed together or in isola-
be quickly exploited. Whilst virus scan-
accustomed.
tion, the SINA Workstation and secunet
ners and firewalls can increase the
level of protection, they cannot control
Work securely online in
any and all situations
‘safe surfer’ will make it possible for
A protective suit for
extreme situations
users to work securely within their usual
If an internet user is working mobile
this with ease of operation and trans-
and outside the local network, thus
parent security features. The combined
A safety helmet for local
networks
requiring the protection of several dif-
use of both security architectures pro-
ferent gateways and the continuous en-
vides a holistic approach to satisfying
cryption of data and communications,
the requirements of individual organi-
In ‘safe surfer’, secunet has developed
an online safety helmet will simply not
sations, of the various intended appli-
a product that is built on the basis of the
suffice. Instead, a ‘full-body protective
cations (desktop, mobile, terminal) and
ReCoBS* architecture approved by the
suit’ is required.
of the technological infrastructure and
the behaviour of individual users in the
hazardous environs of the World Wide
Web.
German Federal Office for Information
system environment while enjoying unrestricted access to the internet – all of
strategies in place.
Security (BSI). The underlying principle
The SINA Workstation also facilitates
is that the internet browsers of the vari-
secure internet browsing but takes a
ous users within a local network are run
different architectural approach that is
on so-called ‘potentially compromised
designed to enable secure access to
systems’ (terminal proxy servers) out-
the internet via mobile workstations,
More information:
side the sensitive network itself. Any
e.g. via WLAN or satellite connection.
Torsten Redlich
malware that might be picked up whilst
Virtualisation
[email protected]
browsing is kept out, and undesirable
mentalises all guest systems and
20
»
2 | 2012
technology
compart-
* ReCoBS – Remote Controlled Browser
System, www.bsi.bund.de
News in Brief
SINA AMN Client Now
in Operational Use by
German Military
On 12th July 2012, responsibility
for operating the German side of the
Afghanistan
Mission
Network
was
transferred from IT-AmtBw to the Joint
Support Command of the German
Armed Forces. The official handover
at Rheinbach was also an opportunity
for everyone involved in the project,
both military and private contractors,
to meet up and celebrate the occasion.
Dr Michael Sobirey thanked the system
integrator, Atos, and Colonel Fleischmann for the excellent spirit of cooperation that had been apparent throughout.
Of the 310 SINA Virtual Workstations delivered in 2011, some
in a dual-monitor configuration, the majority are now in operational use. The multisession-enabled SINA AMN client makes
From left to right: Oberst Haverkamp (SKUKdo FüUst/G6),
Dr Sobirey (secunet), Oberst Schimmel (BtrZ IT-SysBw),
Dipl. Ing. Schade (AbtLtr C IT-AmtBw), Oberst Fleischmann
(BEA DEU AMN), Dipl. Ing. Möllers (Atos)
Picture: Bundeswehr – IT-AmtBw
it possible to consolidate classified information workstations,
on which up to six standard PCs and/or thin clients networked
with different systems had previously been required, into a
single device.
Subscribe to secuview
Would you like to receive secuview on a regular basis, free of charge?
Please choose between the print and electronic versions and subscribe at https://www.secunet.com/en/the-company/it-security-report-secuview.
There you can also change your preference or unsubscribe.
Imprint
Editor
secunet Security Networks AG
Kronprinzenstraße 30
45128 Essen, Germany
www.secunet.com
Responsible in terms of the
press law: Christine Skropke,
[email protected]
Chief Editor: Claudia Roers,
[email protected]
Chief Conception & Design
Dominik Maoro,
[email protected]
Design
www.knoerrich-marketing.de
Copyright: © secunet Security Networks AG. All rights reserved. All contents and structures are copyright protected. All and any use not
expressly permitted by copyright law requires prior written permission.
Illustrations: Cover: Based on a picuture from Nils Berninger designed in the competition "Trust in IT" of Gelsenkirchen University of Applied Sciences,
Illustration p 5: Lutz Lange, p 8 - 9: fotolia, p 9: shutterstock, p 10 - 11: fotolia, Illustration Stick p 14: Jonas Kramer, p 20: fotolia. Others: secunet.
2 | 2012
«
21
Events
CeBIT 2012
The headline theme for this year’s
CeBIT was ‘Managing Trust’, more specifically confidentiality and security in
a digital world. Visitors to the secunet
stand were shown a wide range of options for effectively meeting the challenges posed by IT security.
13th Data Protection Congress
Speaking at the opening of the 13th
Data Protection Congress in Berlin,
Federal Interior Minister Dr Hans-Peter
Friedrich called for “comprehensible
and user-friendly” data protection legislation in Europe. At an exhibition held as
part of the conference, secunet showcased solutions for secure and efficient
data protection. ▀
Tenth SINA Users Day
For the tenth year in succession,
in which Markus Linnemann and Marian
coffee breaks. The date for next year’s
around 200 SINA customers from all
Jungbauer from the secunet Govern-
SINA Users Day will be published
over Germany gathered for the Users
ment business unit staged a fast-
in secuview 1/2013 and will also be
Day held in Bonn and Berlin. In addition
moving live hacking demo, targeting
appearing on our website in the near
to the usual series of presentations
both
future.
themed around SINA, there was a
The show stimulated a lively debate
gamekeeper-turned-poacher
amongst the participants during the
session
computers
Mobile Computing for
Military Operations
At the 26
and
smartphones.
RSA 2012
In February, secunet was once again
in attendance at the RSA Conference in
AFCEA conference and
San Francisco. This was the fifth year
exhibition held in Bonn Bad Godesberg
in succession that we have shared the
this May, the theme of the secunet
TeleTrusT stand at the world’s largest
contribution was ‘Mobile Computing
event for the security industry. Separa-
for Military Operations’. Among the
tion kernel technology was high on the
numerous visitors to the secunet stand
agenda at the exhibition and was also
was Stéphane Beemelmans, State Sec-
the subject of a presentation given by
retary at the German Federal Ministry
Dr Kai Martius.
th
of Defence and also main patron of the
event. ▀
22
»
2 | 2012
Veranstaltungen
A Complete
Success:
infosecurity 2012
The rise in visitor numbers at Europe's
leading IT security exhibition – infosecurity – held in London this April was
also apparent to the SINA international
sales team manning the secunet stand.
Proving particularly popular was a live
demonstration of the SINA Workstation,
as well as the display of SINA Boxes.
We will be back in 2013 for the fourth
year in succession. (For your diary:
the next year's show at the Earls Court
Convention Centre will be held: April,
23rd - 25th. Stand number D43.)
Workshop
IT Security on
Board
In April, experts at the secunet workshop ‘IT Security on Board’ analysed
and discussed the extent to which
classic IT methods can be developed
to deliver secure automotive solutions.
They provided insight into the suitability and potential of relevant IT security
methods such as PKI and authentica-
con
id
et
f
p
r
sec
con
e n t i al
to
enti al
id
f
tion.
2 | 2012
«
23
L2 Box S
Highly secure line connection –
no laughing matter for attackers.
Protect your data-communication with SINA L2 Technology.
The transmission of company-internal information via public network connection is one of
the most popular targets for attacks by hackers and data-spies. Protect your information
and encrypt your connections between locations and data-centers with SINA L2 Boxes with a data throughput of up to 10 GBit/s and less than 0,004 ms latency. Functionality
and performance of your network infrastructure remain unaffected due to the simple
integration of the boxes between your company-network and the provider. This way,
the laughter will stick in attackers’ throats.
www.sinalayer2.secunet.com/en
IT security partner
of the Federal Republic
of Germany