Company Overview

1
Company Overview
Scott Fortino Secure Computing Corporation
2
Secure Computing CorporationSCUR on the NASDAQ

• Spin-off of Honeywell in 1989
• Pioneered operating system security through
  contracts with NSA and DARPA
• Developed Type Enforcement as a mechanism to
  enforce mandatory access control of Operating
  System components
• Helped develop Orange Book rating system
• Developed first security gateway used to connect
  secret and classified networks
• Pioneered two-factor strong authentication
• First to ship a commercially supported RADIUS
  server
• Introduced and patented Event Synchronous
  protocol for Strong Authentication
• Pioneered URL Filtering
• First URL filter on the market
• OEMd our Control List to other vendors
• Continue to be involved in advanced security
  research for US Government

3
Technical Customer Support
24 x 7 Live Answer Support 24 x 7 Email
Support Web Knowledge Base Email Subscription
Service Patches Upgrades Patch Notifications
via Email
SOURCE http//www.securecomputing.com/index.cfm?
sKey832
4
Authentication Access Controlwith

• Scott Fortino
• Secure Computing Corporation

5
The Problem

• Determining the Actual Identity of an
  Individual, and that Individuals Relationship to
  the Organization
• Opening Our Networks To The Outside
• VPN
• Citrix
• Web Applications
• Wireless Networks
• Sensitive Systems
• Dial-In

On the Internet, no-one knows youre a dog
6
4 Ways To Authenticate

• Something You KNOW
• Fixed Password
• User Name
• Something You HAVE
• One-Time Password Token
• Digital Certificate / Smart Card
• Something You ARE
• Thumb Print
• Retinal Scan
• Location
• Home PC
• PDA

7
Managing Multiple Access Points
8
SafeWord PremierAccess

• Allows you to
• Manage all your access points with a single
  product
• Control who can go where with role-based
  authorization
• Protect any Web server with the Universal Web
  Agent
• Choose the right authenticators for your security
  needs
• Install a system that is manageable and easy to
  deploy

9
Who uses PremierAccess?
Authenticate 60,000 remote users, suppliers and
business partners.
Secure remote access for over 50,000 users
Authenticate 400B in cash transactions daily for
450,000 users
Authenticate all 20,000 SUN employees to Sun WAN
from any location using multiple access methods.
Authenticate 25,000 dial-in users
via CHAP (encrypted) passwords.
Secure remote access for 30,000 users.
10
What Do You Want From Your Strong Authentication
Solution?
Application Authenticator Flexibility
Single Sign On Fewer Passwords
Reliable Authenticators
Ease of Management
11
Application Authenticator Flexibility
12
What theyre saying about PremierAccess
Spotlight on Top Security Product
The Achilles' heel of many authorization
solutions is their architectural invasiveness and
lack of support for multiple authentication and
application servers. But this is one area where
PremierAccess shines.
The solution interoperates with a wide range of
authentication options, VPNs, Web servers and
other applications. Another neat feature is its
ability to provide brokered authentication to
other systems. - Andy Briney, editor-in-chief
13
SC Magazines Best Buy

• PremierAccess was probably the most scaleable of
  all the remote access products that we looked at.
  It was also very easy to manage.Offering
  authentication of both user and device,
  PremierAccess delivers a two-layered approach,
  giving added protection to your critical systems.
  

Customers and partners can be provided with safe
and secure access without giving them cart
blanche rights across your network, and
everything is done in real-time even across
distributed servers. All in all PremierAccess
delivers a strong role-based system of secure
authentication and authorization for all your
remote users, no matter how many you have.
14
PremierAccess Protects

• VPN connections
• Alcatel
• CheckPoint
• Cisco
• Nortel
• Sidewinder
• Wireless Networks
• Web Servers
• Protects any Web server running on
• Windows
• Solaris
• Protects Web gateways and proxies
• RADIUS

• Citrix
• MetaFrame
• NFuse
• Secure Gateway
• Windows Domains
• RAS
• Unix
• SSH and OpenSSH
• Novell
• Oracle
• TACACS
• Custom Applications (SDK)

15
Connecting the Dots
Universal Web Agent
WEB
VPN
RADIUS
Agent
Citrix
RADIUS
Dialup
System login
16
Authentication Options

• Embedded support for the industrys widest range
  of authenticators
• Passwords, password-generating tokens, software
  tokens
• Digital certificates, smart cards, USB devices
• Biometrics, wireless devices
• Device authentication

SafeWord tokens - generate one-time passwords
Memorized passwords
Password MYDOGSPOT
Silver 2000
X.509 digital certificates
Smart Cards
Platinum
Gold 3000
Virtual Smart Card Server
USB token
SofToken II for PCs, Palm, Ericsson phones
Biometrics
Device authentication
17
MobilePass Authentication
Universal Web Agent
Bob Smith
82P16H PIN
82P 16H
Verify password
Allow access Provide roles personalization
Mobile Device Plugin
PremierAccess
Wireless Service Provider

• Average time to deliver text message
• E-mail 5-10 seconds
• SMS 2-5 seconds

18
Device Authentication with Phoenix

• PremierAccess and Phoenix Technologies combine to
  create a new layer of access control with
  authentication of devices.
• This new security model can create trusted
  devices and device aware applications.
• Developed with Phoenixs DeviceConnect Plus

19
Single Sign On Fewer Passwords
20
Single Sign On to Any Web Application
Authenticate Once, For Multiple Access
Covers ANY Web servers on ANY platform
Users Browser
21
Protecting Citrix Applications
Any browser, anywhere
Universal Web Agent
Reduced or Single Sign-on
Citrix Servers
Personalization data (application login
passwords)
22
Password Reduction

• Fixed Passwords for John Smith
• Windows Domain
• E-mail
• Router Admin
• VPN Access
• Unix Apps
• Web Apps

6 Passwords or 1 Token
23
Reliable Tokens
24
Token Reliability Testing

• Independent token testing
• Washing machine / dryer
• Car dashboard heat
• Pants back pocket sitting
• Freezer
• Fidgeting, flexing

Source http//slashdot.org/comments.pl?sid23189
cid2515917
25
PremierAccess Tokens

• Programmable
• 6 8 Characters
• Decimal or Alpha Numeric
• No PIN, Soft or Hard PIN
• Event-Based
• New Password Generate When You Press The Button
• Auto-Syncing
• Not Susceptible To Electromagnetic Charge

26
Ease of Management
27
Remote Administration
Remote management of users, roles, policy,
sessions and personalization Centralized,
delegated and help-desk management Easy
out-of-the-box installation Customizable
with SDK Unlimited scalability Robust
fault tolerance and data replication
Administration Console
User Profile
28
Web Based Self Enrollment

• Embedded Web Server
• Reservations for large s of users
• Users Enroll Activate There Own Tokens
• Deployment to end users for
• Digital Certificates
• VPN clients
• SofTokens

Administrators Reservation Template
Assigned Authenticators
Reservations
http//www.rocketsciencecorp.com/
Web Enrollment Center
29
Token Deployment Services
Deploy hardware tokens directly to
end-users Import customer records from standard
database formats Automatically program and assign
tokens to specific users Package and ship tokens
to end-users with 100 accuracy Send separate PIN
letters directly end-users
30
PremierAccess Summary

• Manages multiple access points with one product
• Universal Web Agent protects all Web servers
• Strengthens security of VPN or dialup connections
• Role-based authorization
• Flexible policy management
• Multiple integrated authentication options
• Unique device authentication
• Brokered authentication to external systems
• Practical management and deployment

31
THANK YOU