Date post: | 20-Jan-2016 |
Category: |
Documents |
Upload: | jasmin-patrick |
View: | 232 times |
Download: | 0 times |
Hummingbird Security 10Hummingbird Security 10
●● Connectivity SSL 10 Connectivity SSL 10●● Connectivity Kerberos 10 Connectivity Kerberos 10●● Connectivity Secure Shell 10 Connectivity Secure Shell 10●● Connectivity SecureTerm 10 Connectivity SecureTerm 10
ForewordsForewords
How to use this presentation?How to use this presentation?
What is this presentation?This document is not a presentation per se. Instead, it is a collection of slides, all of which are related to Hummingbird Security 10 products.
So how do I use it?The marketing department has created a master presentation template that can be used regardless of the product presented.When preparing a Hummingbird Security presentation for a customer, pick up the master presentation template. Depending on your audience, topic and business case, complete the master presentation with slides taken from this databank.
Does that mean I’m supposed to make my own presentations?Look, you are the expert when it comes to knowing your customers and understanding what they want. This is why we are providing you with all the pieces to assemble your own presentation. Think about it as dressing your sandwich.
How do I use this presentation?How do I use this presentation?(continued)(continued)
OK, but how will I know which slide to pick?This databank contains a huge number of slides all related to Hummingbird Security . For ease-of-use, the slides have been grouped into sections.Before picking up any slide, make sure you are able to answer questions such as “What is the point of this presentation?”, “What am I trying to demonstrate?” or “What’s my customer business problem?”.Keep in mind that putting out a lot of content into a presentation is not the best way to communicate your message to your audience.Be selective in your choices and stay focused on the goal of the presentation. Don’t put context before content.
What if I can’t find the slide I’m looking for?If you can’t find the appropriate slide, talk to Product Marketing or Product Management.
The Security ChallengeThe Security Challenge
Unauthorized Use of ComputerUnauthorized Use of Computer(524 Respondents)(524 Respondents)
524 Respondents - CSI/FBI Annual Security Survey 2003Available at: http://www.gocsi.com/forms/fbi/pdf.jhtml
56%29%
15%
Yes No Don't Know
Number of Security Incidents Per YearNumber of Security Incidents Per Year(328 Respondents)(328 Respondents)
38%
20%
16%
26%
1 to 5 6 to 10 11 to 30 Don't Know
328 Respondents - CSI/FBI Annual Security Survey 2003Available at: http://www.gocsi.com/forms/fbi/pdf.jhtml
Origin of Security IncidentsOrigin of Security Incidents(488 Respondents)(488 Respondents)
28%
25%
82%
40%
77%
Foreign Govt
Foreign Corp
Independent Hackers
US Competitors
Disgruntled Employees
488 Respondents - CSI/FBI Annual Security Survey 2003Available at: http://www.gocsi.com/forms/fbi/pdf.jhtml
Top 5 Costs by Security Incidents TypesTop 5 Costs by Security Incidents Types
(251 Respondents)(251 Respondents)
Financial Fraud = $10 M
Insider Net Abuse = $11 M
Virus = $27 M
Denial of Service = $65 M
Theft of Proprietary Info = $70 M
251 Respondents - CSI/FBI Annual Security Survey 2003Available at: http://www.gocsi.com/forms/fbi/pdf.jhtml
All Incidents$201 M
Top 5 InternalTop 5 Internalsecurity driving factorssecurity driving factors
1. Inability to run business without IT infrastructure2. IT framework downtime impacts revenue and profit3. Integrity of information is key to accomplish daily operations4. Theft of proprietary information can mean life or death for
companies5. Businesses are more and more interconnected and
exposed to the outside world
Top 5 ExternalTop 5 Externalsecurity driving factorssecurity driving factors
1. Security is in our collective consciousness2. Vendors acknowledging importance of security3. Media attention on IT security issues: virus attacks, OS
security breaches4. Standards or laws that impact security policies:
1. Sarbanes-Oxley2. HIPAA
5. Increased cases in legal liabilities by customers / partners
SummarySummary
Security incidents are not decreasing … Causes for security incidents are as much:
External Internal
Costs of inefficient or non-existent security is significant Companies are excessively dependent on the IT infrastructure External factors are increasing pressure on companies for
tighter security
Hummingbird Security Hummingbird Security OverviewOverview
Hummingbird ConnectivityHummingbird ConnectivityProduct OverviewProduct Overview
Windows & Unix Integration Mobile Work Force Host Access
Exceed Family
Exceed PowerSuite ● ●
Exceed ● ●
Exceed XDK ●
Exceed 3D ●
Exceed onDemand ● ●
NFS Maestro Family
NFS Maestro Solo ●
NFS Maestro Client ● ●
NFS Maestro Server ●
NFS Maestro Gateway ●
HostExplorer Family
HostExplorer ● ● ●
e-Gateway ● ● ●
Security Family
Connectivity SSL ● ● ●
Connectivity Kerberos ● ● ●
Connectivity Secure Shell ● ● ●
Connectivity SecureTerm ● ● ●
Hummingbird Security OverviewHummingbird Security Overview
Connectivity SSL
Connectivity Kerberos
Connectivity Secure Shell
Connectivity SecureTerm
Overview
Add-On Product ● ● ●
No Charge ● ●
Primary Function SSL v2 / v3 & TLS client Kerberos v4 / v5 client
Secure Shell 2 SFTP SSL
Kerberos v4/v5
VT Terminal & FTP Client FAT & THIN client
Secure Shell 2 & SFTP SSL & Kerberos v4/v5
Applicable Protocol
X11 K K / SSH-2 SSH-2
FTP SSL K SSL / K / SSH-2 SSL / K / SSH-2
VT SSL K SSL / K / SSH-2 SSL / K / SSH-2
TN3270 SSL K SSL / K
TN5250 SSL K SSL / K
NFS K K
Applicable Product
Exceed PowerSuite ● ● ● N/A
Exceed ● ● ● N/A
NFS Maestro Solo N/A ● ● N/A
NFS Maestro Client ● ● ● N/A
HostExplorer ● ● ● N/A
Top 10 reasons to switch to HummingbirdTop 10 reasons to switch to Hummingbird
Saves Money
Rock Solid
Snap to Install
Minimize business disruption
Give your IT administrator a robust product
Put a smile on the face of your accountant
Make your users happy
Customer friendly technical support
Everything you need in one box
Same company as Exceed
Supported PlatformsSupported Platforms
What’s new in version 10What’s new in version 10
Hummingbird Connectivity 10Hummingbird Connectivity 10
ConsolidationConsolidation
Most complete family of security technologies for Connectivity products in its category
Allow companies to save costs by consolidating on a single solution
Can be seamlessly deployed as a pc-to-host or web-to-host solution
Supports any Microsoft 32-bit and 64-bit operating system and Citrix Metaframe
SecuritySecurity
Supports a wide range of security protocol: SSL Kerberos Secure Shell 2
Supports smartcards and USB tokens
Ability to fully lock-down the user environment
MigrationMigration
Migration path from: Attachmate Extra Netmanage Rumba IBM Personal Communication WRQ Reflection
Macro conversion (Extra, Rumba and PCOM)
Theme Manager to re-create previous environment
ProductivityProductivity
Support for custom shortcuts to create mnemonics for long words or complete sentences
Ability to use a single terminal to host multiple sessions in order to rationalize the user’s workspace
Transparent integration of complex security technologies let user feel at-ease
Installation, Deployment Installation, Deployment & Asset Management& Asset Management
Deployment ScenarioDeployment Scenario
Regular desktop installation: Wizard driven 100% built with Windows Installer technology
Administrative Installation Shared installation repository on the network Minimal per user installation (Settings only)
Windows Terminal Services or Citrix Metaframe Microsoft SMS or 3rd party deployment framework Web-to-Host Deployment
Advanced Setup OptionsAdvanced Setup Options
Ability to specify per user or shared user installation
Seamless installation under Window TSE and Citrix Metaframe
Ability to cache installation file locally in order to facilitate: Update Modification of the installation
Ability to update the product automatically after installation
Setup UtilitiesSetup Utilities
Migration and Settings Transfer Wizard: Backup and restoration of user
settings Useful for backup purposes or
hardware migration Media Location Manager:
Add or Remove installation sources
Useful for easily updating or modifying the product’s setup
Sconfig: Custom DeploymentSconfig: Custom Deployment
Allow the creation of customized installation packages
Generate Windows Installer Transform files (*.mst) Allow administrators to customize features,
directories, registry, shortcuts, product properties, …
Easier to use than any 3rd party Windows Installer customization tool
Integrated MeteringIntegrated Metering
Optional component that can be deployed during installation
Measured installed licenses Reports installed licenses to the
metering server each time the workstation starts
Reports: IP Address Network name User Name Domain Product Product components + their patch level
Metering ReportingMetering Reporting
Web Based Access to metering report
Customizable grouping and sorting
Ability to download the metering report in Excel (*.csv) format
Metering server works with Microsoft IIS
Multiple language supportMultiple language support
Supports 6 languages: English Portuguese French Italian German Spanish
Ability to dynamically switch languages
Connectivity SSLConnectivity SSL
Connectivity SSLConnectivity SSL
Allow organizations to secure network communications by offering authentication and encryption technologies for: TN3270 TN5250 VT FTP
Support for: SSL version 3 SSL version 2 TLS
Integrated Certificate and Key Management Software
Connectivity SSLConnectivity SSL
User certificates authentication support
Express Logon support Allow users to select multiple
cipher-suites including AES Granular SSL negotiation options:
Stop on all errors Accept unverified certificates Accept self-signed certificates
No charge download from Hummingbird corporate web site
Connectivity KerberosConnectivity Kerberos
OverviewOverview
Network authentication protocol Provides strong authentication
for client server applications Commercially supported version
of the MIT Kerberos client Available at no-charge from
Hummingbird web site Integrates latest MIT Kerberos
client changes and updates
Key FeaturesKey Features
Transparent integration with: HostExplorer Hummingbird FTP Exceed XStart NFS Maestro Solo/Client/Gateway
Full Kerberos v4/v5 support Strong authentication and
encryption of network communications
Support for Microsoft Windows Kerberos ticket cache
Connectivity Secure ShellConnectivity Secure Shell
Key featuresKey features
Support for the Secure Shell 2 protocol: Secure Terminal Secure File Transfer X11 port forwarding Generic port forwarding
Support of multiple authentication methods: Password Keyboard interactive Public/Private Keys Kerberos Ticket
Advanced FeaturesAdvanced Features
Extensive protocol configuration (window size, packet size, buffer allocation, Nagle algorithm)
Multiple trace levels (None, Basic, Detailed, Verbose)
Choice of encryption algorithm (support for Blowfish, 3DES, CAST128-CBC, Arcfour, AES)
Choice of MAC algorithm (SHA1, MD5, RIPEMD)
Advanced FeaturesAdvanced Features
X11 port selection (automatic or manual)
Choice of SFTP listening interface
Support for protocol compression
Support for keep-alive heartbeat Xauth support to perform MIT-
MAGIC-COOKIE authentication on X11 secured connections
Integrated SCP utilityIntegrated SCP utility
Command line utility to transfer files to and from remote secure shell enabled hosts
Compatibility mode for: SSH Tectia Client from SSH
Communications Security F-Secure SSH from F-Secure Putty OpenSSH
Allow administrators to automate secure file transfer through scripting
Single sign-on mechanismsSingle sign-on mechanisms
Support for SSH-Agent key forwarding protocol
Authentication agent that: holds the user private key in a
distinct storage forwards the public key upon hosts
requests without prompting to re-enter password
Support for passphrase caching diminish passphrase prompt for session lifetime
Stand-alone tunnelsStand-alone tunnels
Ability to define profile for secure shell tunnels
Ability to define tunnel parameters through user interface
Black-box tunneling: tunnels can be run as background tasks
Tunnels can be set to start automatically
Port ForwardingPort Forwarding
Ability to secure additional network protocols
Offers strong authentication and encryption for network protocols that do not offer native security methods
Ability to restrict outgoing port forwarding to local connections
Allow easier proxy and firewall transversal without compromising security
HostExplorer integrationHostExplorer integration
Transparent integration with HostExplorer user interface
Integration options: Linking HostExplorer profiles with
Tunnel profiles Defining tunnel parameters within
HostExplorer user interface Ability to create generic profiles
through “dynamic” parameters – prompt user for parameter upon connection
Hummingbird FTP integrationHummingbird FTP integration
Transparent integration with HostExplorer user interface
Integration options: Linking FTP profiles with Tunnel
profiles Defining tunnel parameters within
FTP user interface Ability to create generic profiles
through “dynamic” parameters – prompt user for parameter upon connection
Exceed integrationExceed integration
Transparent integration with Exceed user interface
Integration options: Linking XStart profiles with Tunnel
profiles Defining tunnel parameters within
Xstart user interface Ability to create generic profiles
through “dynamic” parameters – prompt user for parameter upon connection
Real-Time Tunnel monitoringReal-Time Tunnel monitoring
Certificate and Key Certificate and Key ManagerManager
OverviewOverview
Common management tool for Connectivity SSL, Connectivity Secure Shell and Connectivity SecureTerm
Allow public/private keys and certificates manipulation
Automatically synchronize with the Microsoft certificate data store through CAPI
Advanced OptionsAdvanced Options
Supports multiple import/export format for both keys and certificates
Verify keys and certificates with integrated viewer
Modify host identification information for easy updates
Key Generation WizardKey Generation Wizard
Allow users to create pairs of public/private key
Easy-to-use wizard interface Ability to generate DSA or RSA
keys Choice of key length and
encryption algorithm Supported format:
Export: Import: PEM files (.pem), SSH-2
public keys (.pub)
Certificate Creation WizardCertificate Creation Wizard
Allow users to create self-signed certificates or certificate requests.
Easy-to-use guided interface Supported Format:
Export Import
Key Upload WizardKey Upload Wizard
Allow users to upload their public key to a server with minimal efforts
Key upload is performed through SFTP Customizable upload parameters and
directories Simplify Public Key management
Safenet iKey integrationSafenet iKey integration
USB based 2 factors authentication token
Optimized for PKI environments including X509 digital certificates
Transparent integration with Hummingbird Connectivity certificate and key manager
SSL connections for: Terminal (HostExplorer &
Connectivity SecureTerm) File Transfer (Hummingbird FTP)
SmartCard authentication supportSmartCard authentication support
Offer increased security for both the card issue and the card user
Securely store and update information on the card
Transparent integration with Hummingbird Connectivity certificate and key manager
SSL connections for: Terminal (HostExplorer &
Connectivity SecureTerm) File Transfer (Hummingbird FTP)
Connectivity SecureTermConnectivity SecureTerm
OverviewOverview
Complete secure terminal and secure file transfer solution for UNIX hosts
Choice of deployment: Desktop-based client:
Windows Installer Citrix Metaframe Windows TSE SMS
Web-based client Any web server on any OS Internet Explorer, Netscape,
Mozilla
SecuritySecurity
SSL support: SSL v2/v3 – TLS PKI and User certificate support
Kerberos support Kerberos v4/v5 Integrates with Microsoft Kerberos
ticket cache Secure Shell support
Secure Shell 2 Strong authentication, strong
encryption and data integrity
Emulation SettingsEmulation Settings
VT Terminal: VT 52 - VT 100 - VT 101 - VT 102 - VT 220 - VT 320 - VT 420
Other Terminal: ANSI - SCO-ANSI - IBM 3151
42 character sets support, Custom screen size Linemode support TAPI Printing: multiple screen printing, print
screen advanced options, Host Printing support, capture mode
Terminal CustomizationTerminal Customization
Keyboard mapper Color mapper Support for Unicode Variable width fonts Cursor customization Ability to map mouse actions, Multiple terminal resizing option
(font resize or terminal size re-negotiation)
Application CustomizationApplication Customization
Menu manager Configuration dialog manager Sound manager Custom right-click menu Toolbar manager Management Console Feature lock-down options Windows Explorer integration Shortcut manager
AutomationAutomation
Event manager Simple point-and-click graphical
macro editor Advanced Hummingbird basic
macro editor Quick-Keys Hotspots API support: HLLAPI, EHLLAPI,
WINHLLAPI, OHIO, OLE, COM
Easy migration pathEasy migration path
Macro conversion HLLAPI compatibility Default keyboard schemes Theme manager allows
administrators to customize Connectivity SecureTerm in order to provide users with a similar environment (menus, colors, settings …) as the one they were used to.
Advanced File Transfer InterfaceAdvanced File Transfer Interface
100% integrated with Windows explorer
Fully web deployable with Hummingbird Deployment Wizard
Supports multiple hosts Ability to create local shortcuts to
remote files Integrated macro command language
(QuickScripts) Numerous settings: firewall, file type
detection, server type recognition, directory caching, time synchronization …
What is Secure Shell?What is Secure Shell?
HistoryHistory
1995 creation of the SSH-1 protocol by Tatu Ylönen after he is the victim
of a password-sniffing attack - Released to the public as a free software with source code
SSH-1 submitted as a draft to the IETF (Internet Engineering Task Force)
1996: Introduction of SSH-2 to overcome SSH-1 defaults 1997: Draft for SSH-2 submitted to the IETF 1999: OpenSSH ships with OpenBSD 2.6
Terminal EmulationTerminal EmulationTelnetTelnet
Telnet ProtocolPort 23
Clear-Text DataIncluding Credentials
Telnet ProtocolPort 23
Clear-Text DataIncluding Credentials
Windows Desktop&
Telnet Client
Unix Server&
Telnet Daemon
Sniffing TelnetSniffing Telnet
Terminal EmulationTerminal EmulationTelnetTelnet
Telnet ProtocolPort 23
Clear-Text DataIncluding Credentials
Telnet ProtocolPort 23
Clear-Text DataIncluding Credentials
Windows Desktop&
Telnet Client
Unix Server&
Telnet DaemonUNsecureD
Terminal EmulationTerminal EmulationSecure Shell TerminalSecure Shell Terminal
SSH ProtocolPort 22
Encrypted DataStrong Authentication
Data Integrity
SSH ProtocolPort 22
Encrypted DataStrong Authentication
Data Integrity
Windows Desktop&
SSH-2 Client
Unix Server&
SSH-2 Server
Sniffing SSHSniffing SSH
Terminal EmulationTerminal EmulationSecure Shell TerminalSecure Shell Terminal
SSH ProtocolPort 22
Encrypted DataStrong Authentication
Data Integrity
SSH ProtocolPort 22
Encrypted DataStrong Authentication
Data Integrity
Windows Desktop&
SSH-2 Client
Unix Server&
SSH-2 ServersecureD
File TransferFile TransferFTPFTP
FTP ProtocolPort 21
Clear-Text DataIncluding Credentials
FTP ProtocolPort 21
Clear-Text DataIncluding Credentials
Windows Desktop&
FTP Client
Unix Server&
FTP Daemon
Sniffing FTPSniffing FTP
File TransferFile TransferFTPFTP
FTP ProtocolPort 21
Clear-Text DataIncluding Credentials
FTP ProtocolPort 21
Clear-Text DataIncluding Credentials
Windows Desktop&
FTP Client
Unix Server&
FTP DaemonUNsecureD
File TransferFile TransferSecure File TransferSecure File Transfer
SSH ProtocolPort 22
Encrypted DataStrong Authentication
Data Integrity
SSH ProtocolPort 22
Encrypted DataStrong Authentication
Data Integrity
Windows Desktop&
SSH-2 Client
Unix Server&
SSH-2 Server
Sniffing SFTPSniffing SFTP
File TransferFile TransferSecure File TransferSecure File Transfer
SSH ProtocolPort 22
Encrypted DataStrong Authentication
Data Integrity
SSH ProtocolPort 22
Encrypted DataStrong Authentication
Data Integrity
Windows Desktop&
SSH-2 Client
Unix Server&
SSH-2 ServersecureD
X-WindowX-Window
X-Window ProtocolPort 6000+
Clear-Text DataIncluding Credentials
X-Window ProtocolPort 6000+
Clear-Text DataIncluding Credentials
Windows Desktop&
X11 Server
Unix Server&
X11 Client
Sniffing X-WindowSniffing X-Windowexample: rlogin client startexample: rlogin client start
Sniffing X-Window - example: keys pressedSniffing X-Window - example: keys pressed
=t
=e
=s
=t
=p
=w
X-WindowX-Window
X-Window ProtocolPort 6000+
Clear-Text DataIncluding Credentials
X-Window ProtocolPort 6000+
Clear-Text DataIncluding Credentials
Windows Desktop&
X11 Server
Unix Server&
X11 ClientUNsecureD
X-Window over SSHX-Window over SSHX11 Port ForwardingX11 Port Forwarding
X11 over SSH ProtocolPort 22
Encrypted DataStrong Authentication
Data Integrity
X11 over SSH ProtocolPort 22
Encrypted DataStrong Authentication
Data Integrity
Windows Desktop&
X11 Server&
SSH-2 Client
Unix Server&
X11 Client&
SSH-2-Server
Sniffing X-Window over SSHSniffing X-Window over SSH
X-Window over SSHX-Window over SSHX11 Port ForwardingX11 Port Forwarding
X11 over SSH ProtocolPort 22
Encrypted DataStrong Authentication
Data Integrity
X11 over SSH ProtocolPort 22
Encrypted DataStrong Authentication
Data Integrity
Windows Desktop&
X11 Server&
SSH-2 Client
Unix Server&
X11 Client&
SSH-2-Server
secureD
Generic Port ForwardingGeneric Port ForwardingExample: SQL DataExample: SQL Data
SQL*NET over SSHPort 22
Encrypted DataStrong Authentication
Data Integrity
SQL*NET over SSHPort 22
Encrypted DataStrong Authentication
Data Integrity
Windows Desktop&
BI Query&
SSH-2 Client
Unix Server&
SQL Server&
SSH-2 Server
Generic Port ForwardingGeneric Port ForwardingExample: e-mailExample: e-mail
POP3 over SSHPort 22
Encrypted DataStrong Authentication
Data Integrity
POP3 over SSHPort 22
Encrypted DataStrong Authentication
Data Integrity
Windows Desktop&
SSH-2 Client
Unix Server&
SSH-2 Server
Mail Client Mail Server
SummarySummary
The Secure Shell protocol provides strong security against:
Crypto-analysis attacks Man in the middle attack
provides: Strong Authentication Strong Encryption Data Integrity
allows: Secure Terminal Secure File Transfer Secure X11 Secure Port Forwarding
Man in the middle attack(simplified)