Post on 24-Feb-2016
description
transcript
Mike RogersDirector of Development, Reflection 2007Deploying Reflection for IBM 2007 for Maximum Security
Agenda• Goals of secure deployment• Deployment preparation walkthrough
– Securing of data stream– Limiting user capabilities– Preventing unauthorized configurations and macros– Protecting sensitive data– Preparing your workstation installation
• Strategic future directions• Where to get more information• Q & A
Deployment PreparationWalkthrough
Security Considerations
5
Secure D
eployment
6
Securing the Data Stream
• Goals– Protect sensitive data from being transmitted in “the
clear.”– Utilize strong certificate-based authentication methods.– Use ELF for sign on to IBM Mainframes.
• Tools– Security Configuration in Reflection for IBM 2007– Reflection Certificate Manager
• Results– Configuration files that will be deployed to end-users
7
Limiting User Capabilities
• Goals– Prevent users from reconfiguring key configuration values.– Hide product functions from users.
• Tools– Access Configuration Utility– Ribbon UI Designer
• Results– Access Security Configuration Files– UI Configuration Files– Capability of elevating to Administrator on end-user PCs
8
Preventing Unauthorized Configurations and Macros
• Goals– Prevent users from running “uncontrolled” macros.– Allow users to only connect to hosts you want them to.– Centrally manage macros and configuration files.
• Tools– Trusted Locations Configuration User-Interface
• Results– Application Configuration File
9
Protecting Sensitive Data
• Goals– Prevent users from capturing sensitive data on the
clipboard, to the printer, and to other applications such as Microsoft Office.
– Allow users to capture pertinent non-sensitive data while masking sensitive data.
– Define custom data patterns that are deemed sensitive.• Tools
– Privacy Filters• Results
– Application Configuration File
10
Preparing Your Workstation Installation
• Goals– Create an pre-configured installation that can be used for a
group of users.– Pre-package configuration data, macros and other files
with the product installation.– Deliver data into “best practice” locations on the PC.
• Tools– Reflection Customization Tool
• Results– Microsoft Installer Transform File– Companion Installer(s) for configuration data and user data
Future Directions
12
Future Directions
• Communication Security– Continued Support for Emerging Industry Standards and
Certifications.• Information Privacy
– Filtering of on-screen data– Masking of user-input
• Configuration and Macro Security– Signed macros and session files
• Platform Integration– Microsoft Group Policy Support
13
Where to get more information• Reflection for IBM 2007 product page:
http://www.attachmate.com/en-US/Products/Host+Connectivity/Terminal+Emulation/Reflection/ribm/ribm.htm
• Reflection for IBM 2007 evaluation version download page:
• http://www.attachmate.com/en-US/Evals/ribm/eval-form.htm
• Reflection for IBM 2007 technical specification: http://www.attachmate.com/en-US/Products/Host+Connectivity/Terminal+Emulation/Reflection/ribm/tech-specs.htm
14
Where to get more information (continued)
• Reflection for IBM 2007 Evaluation Guide: http://www.attachmate.com/docs/Reflection/2007/R1/Eval/R2007EvalGuide.pdf
• Bryan Grunow, lead software engineer, Bryan.Grunow@attachmate.com
• Kris Lall, product manager, kris.lall@attachmate.com
• Damon Dreke, product marketing manager, Damon.Dreke@attachmate.com
Q & A