Hummingbird Security 10 ● Connectivity SSL 10 ● Connectivity Kerberos 10 ● Connectivity Secure...

transcript

Hummingbird Security 10Hummingbird Security 10

●● Connectivity SSL 10 Connectivity SSL 10●● Connectivity Kerberos 10 Connectivity Kerberos 10●● Connectivity Secure Shell 10 Connectivity Secure Shell 10●● Connectivity SecureTerm 10 Connectivity SecureTerm 10

ForewordsForewords

How to use this presentation?How to use this presentation?

What is this presentation?This document is not a presentation per se. Instead, it is a collection of slides, all of which are related to Hummingbird Security 10 products.

So how do I use it?The marketing department has created a master presentation template that can be used regardless of the product presented.When preparing a Hummingbird Security presentation for a customer, pick up the master presentation template. Depending on your audience, topic and business case, complete the master presentation with slides taken from this databank.

Does that mean I’m supposed to make my own presentations?Look, you are the expert when it comes to knowing your customers and understanding what they want. This is why we are providing you with all the pieces to assemble your own presentation. Think about it as dressing your sandwich.

How do I use this presentation?How do I use this presentation?(continued)(continued)

OK, but how will I know which slide to pick?This databank contains a huge number of slides all related to Hummingbird Security . For ease-of-use, the slides have been grouped into sections.Before picking up any slide, make sure you are able to answer questions such as “What is the point of this presentation?”, “What am I trying to demonstrate?” or “What’s my customer business problem?”.Keep in mind that putting out a lot of content into a presentation is not the best way to communicate your message to your audience.Be selective in your choices and stay focused on the goal of the presentation. Don’t put context before content.

What if I can’t find the slide I’m looking for?If you can’t find the appropriate slide, talk to Product Marketing or Product Management.

The Security ChallengeThe Security Challenge

Unauthorized Use of ComputerUnauthorized Use of Computer(524 Respondents)(524 Respondents)

524 Respondents - CSI/FBI Annual Security Survey 2003Available at: http://www.gocsi.com/forms/fbi/pdf.jhtml

56%29%

Yes No Don't Know

Number of Security Incidents Per YearNumber of Security Incidents Per Year(328 Respondents)(328 Respondents)

1 to 5 6 to 10 11 to 30 Don't Know

Origin of Security IncidentsOrigin of Security Incidents(488 Respondents)(488 Respondents)

Foreign Govt

Foreign Corp

Independent Hackers

US Competitors

Disgruntled Employees

Top 5 Costs by Security Incidents TypesTop 5 Costs by Security Incidents Types

(251 Respondents)(251 Respondents)

Financial Fraud = $10 M

Insider Net Abuse = $11 M

Virus = $27 M

Denial of Service = $65 M

Theft of Proprietary Info = $70 M

All Incidents$201 M

Top 5 InternalTop 5 Internalsecurity driving factorssecurity driving factors

1. Inability to run business without IT infrastructure2. IT framework downtime impacts revenue and profit3. Integrity of information is key to accomplish daily operations4. Theft of proprietary information can mean life or death for

companies5. Businesses are more and more interconnected and

exposed to the outside world

Top 5 ExternalTop 5 Externalsecurity driving factorssecurity driving factors

1. Security is in our collective consciousness2. Vendors acknowledging importance of security3. Media attention on IT security issues: virus attacks, OS

security breaches4. Standards or laws that impact security policies:

1. Sarbanes-Oxley2. HIPAA

5. Increased cases in legal liabilities by customers / partners

SummarySummary

Security incidents are not decreasing … Causes for security incidents are as much:

External Internal

Costs of inefficient or non-existent security is significant Companies are excessively dependent on the IT infrastructure External factors are increasing pressure on companies for

tighter security

Hummingbird Security Hummingbird Security OverviewOverview

Hummingbird ConnectivityHummingbird ConnectivityProduct OverviewProduct Overview

Windows & Unix Integration Mobile Work Force Host Access

Exceed Family

Exceed PowerSuite ● ●

Exceed ● ●

Exceed XDK ●

Exceed 3D ●

Exceed onDemand ● ●

NFS Maestro Family

NFS Maestro Solo ●

NFS Maestro Client ● ●

NFS Maestro Server ●

NFS Maestro Gateway ●

HostExplorer Family

HostExplorer ● ● ●

e-Gateway ● ● ●

Security Family

Connectivity SSL ● ● ●

Connectivity Kerberos ● ● ●

Connectivity Secure Shell ● ● ●

Connectivity SecureTerm ● ● ●

Hummingbird Security OverviewHummingbird Security Overview

Connectivity SSL

Connectivity Kerberos

Connectivity Secure Shell

Connectivity SecureTerm

Overview

Add-On Product ● ● ●

No Charge ● ●

Primary Function SSL v2 / v3 & TLS client Kerberos v4 / v5 client

Secure Shell 2 SFTP SSL

Kerberos v4/v5

VT Terminal & FTP Client FAT & THIN client

Secure Shell 2 & SFTP SSL & Kerberos v4/v5

Applicable Protocol

X11 K K / SSH-2 SSH-2

FTP SSL K SSL / K / SSH-2 SSL / K / SSH-2

VT SSL K SSL / K / SSH-2 SSL / K / SSH-2

TN3270 SSL K SSL / K

TN5250 SSL K SSL / K

NFS K K

Applicable Product

Exceed PowerSuite ● ● ● N/A

Exceed ● ● ● N/A

NFS Maestro Solo N/A ● ● N/A

NFS Maestro Client ● ● ● N/A

HostExplorer ● ● ● N/A

Top 10 reasons to switch to HummingbirdTop 10 reasons to switch to Hummingbird

Saves Money

Rock Solid

Snap to Install

Minimize business disruption

Give your IT administrator a robust product

Put a smile on the face of your accountant

Make your users happy

Customer friendly technical support

Everything you need in one box

Same company as Exceed

Supported PlatformsSupported Platforms

What’s new in version 10What’s new in version 10

Hummingbird Connectivity 10Hummingbird Connectivity 10

ConsolidationConsolidation

Most complete family of security technologies for Connectivity products in its category

Allow companies to save costs by consolidating on a single solution

Can be seamlessly deployed as a pc-to-host or web-to-host solution

Supports any Microsoft 32-bit and 64-bit operating system and Citrix Metaframe

SecuritySecurity

Supports a wide range of security protocol: SSL Kerberos Secure Shell 2

Supports smartcards and USB tokens

Ability to fully lock-down the user environment

MigrationMigration

Migration path from: Attachmate Extra Netmanage Rumba IBM Personal Communication WRQ Reflection

Macro conversion (Extra, Rumba and PCOM)

Theme Manager to re-create previous environment

ProductivityProductivity

Support for custom shortcuts to create mnemonics for long words or complete sentences

Ability to use a single terminal to host multiple sessions in order to rationalize the user’s workspace

Transparent integration of complex security technologies let user feel at-ease

Installation, Deployment Installation, Deployment & Asset Management& Asset Management

Deployment ScenarioDeployment Scenario

Regular desktop installation: Wizard driven 100% built with Windows Installer technology

Administrative Installation Shared installation repository on the network Minimal per user installation (Settings only)

Windows Terminal Services or Citrix Metaframe Microsoft SMS or 3rd party deployment framework Web-to-Host Deployment

Advanced Setup OptionsAdvanced Setup Options

Ability to specify per user or shared user installation

Seamless installation under Window TSE and Citrix Metaframe

Ability to cache installation file locally in order to facilitate: Update Modification of the installation

Ability to update the product automatically after installation

Setup UtilitiesSetup Utilities

Migration and Settings Transfer Wizard: Backup and restoration of user

settings Useful for backup purposes or

hardware migration Media Location Manager:

Add or Remove installation sources

Useful for easily updating or modifying the product’s setup

Sconfig: Custom DeploymentSconfig: Custom Deployment

Allow the creation of customized installation packages

Generate Windows Installer Transform files (*.mst) Allow administrators to customize features,

directories, registry, shortcuts, product properties, …

Easier to use than any 3rd party Windows Installer customization tool

Integrated MeteringIntegrated Metering

Optional component that can be deployed during installation

Measured installed licenses Reports installed licenses to the

metering server each time the workstation starts

Reports: IP Address Network name User Name Domain Product Product components + their patch level

Metering ReportingMetering Reporting

Web Based Access to metering report

Customizable grouping and sorting

Ability to download the metering report in Excel (*.csv) format

Metering server works with Microsoft IIS

Multiple language supportMultiple language support

Supports 6 languages: English Portuguese French Italian German Spanish

Ability to dynamically switch languages

Connectivity SSLConnectivity SSL

Allow organizations to secure network communications by offering authentication and encryption technologies for: TN3270 TN5250 VT FTP

Support for: SSL version 3 SSL version 2 TLS

Integrated Certificate and Key Management Software

Connectivity SSLConnectivity SSL

User certificates authentication support

Express Logon support Allow users to select multiple

cipher-suites including AES Granular SSL negotiation options:

Stop on all errors Accept unverified certificates Accept self-signed certificates

No charge download from Hummingbird corporate web site

Connectivity KerberosConnectivity Kerberos

OverviewOverview

Network authentication protocol Provides strong authentication

for client server applications Commercially supported version

of the MIT Kerberos client Available at no-charge from

Hummingbird web site Integrates latest MIT Kerberos

client changes and updates

Key FeaturesKey Features

Transparent integration with: HostExplorer Hummingbird FTP Exceed XStart NFS Maestro Solo/Client/Gateway

Full Kerberos v4/v5 support Strong authentication and

encryption of network communications

Support for Microsoft Windows Kerberos ticket cache

Connectivity Secure ShellConnectivity Secure Shell

Key featuresKey features

Support for the Secure Shell 2 protocol: Secure Terminal Secure File Transfer X11 port forwarding Generic port forwarding

Support of multiple authentication methods: Password Keyboard interactive Public/Private Keys Kerberos Ticket

Advanced FeaturesAdvanced Features

Extensive protocol configuration (window size, packet size, buffer allocation, Nagle algorithm)

Multiple trace levels (None, Basic, Detailed, Verbose)

Choice of encryption algorithm (support for Blowfish, 3DES, CAST128-CBC, Arcfour, AES)

Choice of MAC algorithm (SHA1, MD5, RIPEMD)

Advanced FeaturesAdvanced Features

X11 port selection (automatic or manual)

Choice of SFTP listening interface

Support for protocol compression

Support for keep-alive heartbeat Xauth support to perform MIT-

MAGIC-COOKIE authentication on X11 secured connections

Integrated SCP utilityIntegrated SCP utility

Command line utility to transfer files to and from remote secure shell enabled hosts

Compatibility mode for: SSH Tectia Client from SSH

Communications Security F-Secure SSH from F-Secure Putty OpenSSH

Allow administrators to automate secure file transfer through scripting

Single sign-on mechanismsSingle sign-on mechanisms

Support for SSH-Agent key forwarding protocol

Authentication agent that: holds the user private key in a

distinct storage forwards the public key upon hosts

requests without prompting to re-enter password

Support for passphrase caching diminish passphrase prompt for session lifetime

Stand-alone tunnelsStand-alone tunnels

Ability to define profile for secure shell tunnels

Ability to define tunnel parameters through user interface

Black-box tunneling: tunnels can be run as background tasks

Tunnels can be set to start automatically

Port ForwardingPort Forwarding

Ability to secure additional network protocols

Offers strong authentication and encryption for network protocols that do not offer native security methods

Ability to restrict outgoing port forwarding to local connections

Allow easier proxy and firewall transversal without compromising security

HostExplorer integrationHostExplorer integration

Transparent integration with HostExplorer user interface

Integration options: Linking HostExplorer profiles with

Tunnel profiles Defining tunnel parameters within

HostExplorer user interface Ability to create generic profiles

through “dynamic” parameters – prompt user for parameter upon connection

Hummingbird FTP integrationHummingbird FTP integration

Transparent integration with HostExplorer user interface

Integration options: Linking FTP profiles with Tunnel

profiles Defining tunnel parameters within

FTP user interface Ability to create generic profiles

Exceed integrationExceed integration

Transparent integration with Exceed user interface

Integration options: Linking XStart profiles with Tunnel

profiles Defining tunnel parameters within

Xstart user interface Ability to create generic profiles

Real-Time Tunnel monitoringReal-Time Tunnel monitoring

Certificate and Key Certificate and Key ManagerManager

OverviewOverview

Common management tool for Connectivity SSL, Connectivity Secure Shell and Connectivity SecureTerm

Allow public/private keys and certificates manipulation

Automatically synchronize with the Microsoft certificate data store through CAPI

Advanced OptionsAdvanced Options

Supports multiple import/export format for both keys and certificates

Verify keys and certificates with integrated viewer

Modify host identification information for easy updates

Key Generation WizardKey Generation Wizard

Allow users to create pairs of public/private key

Easy-to-use wizard interface Ability to generate DSA or RSA

keys Choice of key length and

encryption algorithm Supported format:

Export: Import: PEM files (.pem), SSH-2

public keys (.pub)

Certificate Creation WizardCertificate Creation Wizard

Allow users to create self-signed certificates or certificate requests.

Easy-to-use guided interface Supported Format:

Export Import

Key Upload WizardKey Upload Wizard

Allow users to upload their public key to a server with minimal efforts

Key upload is performed through SFTP Customizable upload parameters and

directories Simplify Public Key management

Safenet iKey integrationSafenet iKey integration

USB based 2 factors authentication token

Optimized for PKI environments including X509 digital certificates

Transparent integration with Hummingbird Connectivity certificate and key manager

SSL connections for: Terminal (HostExplorer &

Connectivity SecureTerm) File Transfer (Hummingbird FTP)

SmartCard authentication supportSmartCard authentication support

Offer increased security for both the card issue and the card user

Securely store and update information on the card

Transparent integration with Hummingbird Connectivity certificate and key manager

SSL connections for: Terminal (HostExplorer &

Connectivity SecureTerm) File Transfer (Hummingbird FTP)

Connectivity SecureTermConnectivity SecureTerm

OverviewOverview

Complete secure terminal and secure file transfer solution for UNIX hosts

Choice of deployment: Desktop-based client:

Windows Installer Citrix Metaframe Windows TSE SMS

Web-based client Any web server on any OS Internet Explorer, Netscape,

Mozilla

SecuritySecurity

SSL support: SSL v2/v3 – TLS PKI and User certificate support

Kerberos support Kerberos v4/v5 Integrates with Microsoft Kerberos

ticket cache Secure Shell support

Secure Shell 2 Strong authentication, strong

encryption and data integrity

Emulation SettingsEmulation Settings

VT Terminal: VT 52 - VT 100 - VT 101 - VT 102 - VT 220 - VT 320 - VT 420

Other Terminal: ANSI - SCO-ANSI - IBM 3151

42 character sets support, Custom screen size Linemode support TAPI Printing: multiple screen printing, print

screen advanced options, Host Printing support, capture mode

Terminal CustomizationTerminal Customization

Keyboard mapper Color mapper Support for Unicode Variable width fonts Cursor customization Ability to map mouse actions, Multiple terminal resizing option

(font resize or terminal size re-negotiation)

Application CustomizationApplication Customization

Menu manager Configuration dialog manager Sound manager Custom right-click menu Toolbar manager Management Console Feature lock-down options Windows Explorer integration Shortcut manager

AutomationAutomation

Event manager Simple point-and-click graphical

macro editor Advanced Hummingbird basic

macro editor Quick-Keys Hotspots API support: HLLAPI, EHLLAPI,

WINHLLAPI, OHIO, OLE, COM

Easy migration pathEasy migration path

Macro conversion HLLAPI compatibility Default keyboard schemes Theme manager allows

administrators to customize Connectivity SecureTerm in order to provide users with a similar environment (menus, colors, settings …) as the one they were used to.

Advanced File Transfer InterfaceAdvanced File Transfer Interface

100% integrated with Windows explorer

Fully web deployable with Hummingbird Deployment Wizard

Supports multiple hosts Ability to create local shortcuts to

remote files Integrated macro command language

(QuickScripts) Numerous settings: firewall, file type

detection, server type recognition, directory caching, time synchronization …

What is Secure Shell?What is Secure Shell?

HistoryHistory

1995 creation of the SSH-1 protocol by Tatu Ylönen after he is the victim

of a password-sniffing attack - Released to the public as a free software with source code

SSH-1 submitted as a draft to the IETF (Internet Engineering Task Force)

1996: Introduction of SSH-2 to overcome SSH-1 defaults 1997: Draft for SSH-2 submitted to the IETF 1999: OpenSSH ships with OpenBSD 2.6

Terminal EmulationTerminal EmulationTelnetTelnet

Telnet ProtocolPort 23

Clear-Text DataIncluding Credentials

Windows Desktop&

Telnet Client

Unix Server&

Telnet Daemon

Sniffing TelnetSniffing Telnet

Terminal EmulationTerminal EmulationTelnetTelnet

Windows Desktop&

Telnet Client

Unix Server&

Telnet DaemonUNsecureD

Terminal EmulationTerminal EmulationSecure Shell TerminalSecure Shell Terminal

SSH ProtocolPort 22

Encrypted DataStrong Authentication

Data Integrity

SSH ProtocolPort 22

Data Integrity

Windows Desktop&

SSH-2 Client

Unix Server&

SSH-2 Server

Sniffing SSHSniffing SSH

Terminal EmulationTerminal EmulationSecure Shell TerminalSecure Shell Terminal

SSH ProtocolPort 22

Data Integrity

SSH ProtocolPort 22

Data Integrity

Windows Desktop&

SSH-2 Client

Unix Server&

SSH-2 ServersecureD

File TransferFile TransferFTPFTP

FTP ProtocolPort 21

Windows Desktop&

FTP Client

Unix Server&

FTP Daemon

Sniffing FTPSniffing FTP

File TransferFile TransferFTPFTP

FTP ProtocolPort 21

Windows Desktop&

FTP Client

Unix Server&

FTP DaemonUNsecureD

File TransferFile TransferSecure File TransferSecure File Transfer

SSH ProtocolPort 22

Data Integrity

SSH ProtocolPort 22

Data Integrity

Windows Desktop&

SSH-2 Client

Unix Server&

SSH-2 Server

Sniffing SFTPSniffing SFTP

File TransferFile TransferSecure File TransferSecure File Transfer

SSH ProtocolPort 22

Data Integrity

SSH ProtocolPort 22

Data Integrity

Windows Desktop&

SSH-2 Client

Unix Server&

SSH-2 ServersecureD

X-WindowX-Window

X-Window ProtocolPort 6000+

Windows Desktop&

X11 Server

Unix Server&

X11 Client

Sniffing X-WindowSniffing X-Windowexample: rlogin client startexample: rlogin client start

Sniffing X-Window - example: keys pressedSniffing X-Window - example: keys pressed

X-WindowX-Window

Windows Desktop&

X11 Server

Unix Server&

X11 ClientUNsecureD

X-Window over SSHX-Window over SSHX11 Port ForwardingX11 Port Forwarding

X11 over SSH ProtocolPort 22

Data Integrity

Windows Desktop&

X11 Server&

SSH-2 Client

Unix Server&

X11 Client&

SSH-2-Server

Sniffing X-Window over SSHSniffing X-Window over SSH

X-Window over SSHX-Window over SSHX11 Port ForwardingX11 Port Forwarding

Data Integrity

Windows Desktop&

X11 Server&

SSH-2 Client

Unix Server&

X11 Client&

SSH-2-Server

secureD

Generic Port ForwardingGeneric Port ForwardingExample: SQL DataExample: SQL Data

SQL*NET over SSHPort 22

Data Integrity

SQL*NET over SSHPort 22

Data Integrity

Windows Desktop&

BI Query&

SSH-2 Client

Unix Server&

SQL Server&

SSH-2 Server

Generic Port ForwardingGeneric Port ForwardingExample: e-mailExample: e-mail

POP3 over SSHPort 22

Data Integrity

POP3 over SSHPort 22

Data Integrity

Windows Desktop&

SSH-2 Client

Unix Server&

SSH-2 Server

Mail Client Mail Server

SummarySummary

The Secure Shell protocol provides strong security against:

Crypto-analysis attacks Man in the middle attack

provides: Strong Authentication Strong Encryption Data Integrity

allows: Secure Terminal Secure File Transfer Secure X11 Secure Port Forwarding

Man in the middle attack(simplified)

Hummingbird Security 10 ● Connectivity SSL 10 ● Connectivity Kerberos 10 ● Connectivity Secure...

Documents