Slide 1Table of ContentsIntroduction to V-ONEV-ONE ProductsDefining VPNsIT Evolution to VPNsSlide 7The Goal of Internet Business CommunicationsToday’s Enterprise & Remote Access ArchitectureThe Internet-based EnterpriseInternet Security ChallengesSmartGate VPN ComponentsSmartGate AuthenticationSlide 14SmartGate EncryptionSmartGate Access ControlSmartGate AuditingSmartGate Component SummaryKey SmartGate AdvantagesFlexible IntegrationLow Cost & Rapid DeploymentEase of UseVPN Client ManagementEnterprise VPN ManagementSmartGate SummarySecurity for a Connected Worldwww.v-one.comTable of ContentsWho Is V-ONEDefining VPNsSmartGate’s Value-added Security Why SmartGate VPNIntroduction to V-ONEFounded in 1993FirstsSmart card security product (1994)Internet VPN product - SmartGate (1995)Wireless VPN product - SecurePage (1998)Four U.S. VPN PatentsRevenues: 1997 $9.5 millionPublicly traded: NASDAQ VONEwww.v-one.comCompany OverviewV-ONE ProductsSmartGate client-server system for implementing secure, global virtual private networks (VPN). Server platforms include: Windows NT and many flavors of UNIX.SmartPass the client piece of SmartGATE that enables end-users to connect to a SmartGate VPN. Platforms supported include Windows 95, Windows NT, Windows 3.1, MacintoshSmartWall combines industry-leading firewalls with SmartGate, currently either Raptor Systems Eagle or Trusted Information Systems GauntletAir SmartGate A version of SmartGate specifically designed for the paging market 98Defining VPNsIT Evolution to VPNsData PrivacyEnterpriseDefenseE-Commerce& Remote AccessEncryption Firewalls VPNsRapidly evolving corporate security and Network RequirementsEarly 1990s Mid-1990s Late 1990sProprietary Birth of Commercial Mainstream CommercialVANS Internet Internet UseA Virtual Private Network (VPN) uses the infrastructure of the public Internet or an Intranet to provide secure access to applications and corporate network resources for remote employees, trading partners, suppliers, and customersWhat is a VPN?The Goal of Internet Business CommunicationsCommunities of InterestEmployeesPartnersCustomersIntranetExtranetE-CommerceApplicationsWebEmailDatabaseMainframeGroupWareIncrease profitability by deploying more cost-effective and direct communications with critical communities of interest.Today’s Enterprise & Remote Access ArchitecturePublic Application Services Extranet Public WebInternetWANFirewallRemote OfficesRASIntranetApplications: Email Web Mainframe Database GroupWareCustomersPartnersIntranet ExtranetThe Internet-based EnterpriseInternetApplication Services: Intranet Extranet E-Commerce Remote OfficesCustomersPartnersRemote Dial-in UsersInternet Security ChallengesVPNs are designed to address security challenges associated with Internet-based communication.Trusted Network1. Identifying & authenticating authorized users2. Keeping data private3. Controlling access to trusted nets4. Recording eventsInternetApplication Services: Intranet Extranet E-Commerce Remote Office11Employee CustomerPartner234Remote Dial-in userSmartGate VPN ComponentsSmartGate AuthenticationSmartGate provides either integrated user authenticationor supports existing third-party authentication systems.SmartPassClientSmartGate ServerACERADIUSSmartGate’s User Database SupportSmartPass TokenSupportV-ONE Digital Token on floppy, hard drive,or smart cardEntrust Digital Certificate Smart card SecurID Token SmartGateAuthenticationServerSmartGate AuthenticationSmartGate ServerSmartPassClientAccess CodeTwo FactorTokenMutualClient authenticates server Server authenticates client DynamicAll challenges basedon random variablesAll SmartGate authentication support includes the critical elementsof strong user authentication. Mutual authentication adds value to third-party systems by ensuring application identity.SmartGate EncryptionSmartGate utilizes the advantages of both shared key and public/private key encryption technology. SmartGate ServerVPN Sessions are encrypted using shared secret keys. Advantage = performanceShared key distribution and registration are encrypted using the server’s public key.Advantage = electronic key distribution - OLR SmartPassClientAll SmartGate encryption is approved for export (DES/3DES)SmartGate Access ControlSmartGate ServerDatabaseEmailWeb ApplicationsAccess privileges are defined according to each user’s token identity on the server. Linking access control to authentication enables user-based policy management.SmartPassClientVPN connections defined by:• destination IP address/port• connection service • URLVPN connections are proxied to application serversSmartGate AuditingLogging EventsUser Added/DeletedUser Enabled/DisabledUser Key ChangedSuccessful/UnsuccessfulUser LoginSession Start/EndServer Up/DownSmartGate ServerSmartPassClientSmartGate logs critical events necessary for security auditing and client/server troubleshooting.SmartGate Component Summary1. Identifying & authenticating authorized users2 Factor, Mutual Authentication2. Keeping data privateScaleable encryption3. Controlling access to trusted netsUser-defined access control4. Recording eventsDetailed event logsInternetApplication Services: Intranet Extranet E-Commerce Remote Office11Employee CustomerPartner2Remote Dial-in userSmartPassClientSmartPassClientSmartGate ServerFirewall34Enterprise NetworkKey SmartGate AdvantagesFlexible IntegrationSmartGate ServerFirewallSmartGateACERADIUSInternetServer installs on any firewall or on a stand-alone platform.Choice of third-party or integratedauthentication database.Multiple OS Support• NT• Solaris• BSDI• HP-UXLow Cost & Rapid DeploymentSmartGate ServerUsers enroll in minutes using web browser.Customizable Web formcaptures user information. SmartGate server can register thousands of tokens in minutes.Receives shared key from client.Secured using server’s publickey.On-line Registration electronically registers each user’s authentication token with the SmartGate server.Ease of UseSmartPass ClientsOperate independently of network set-up and desktop applicationsSecurity functions are transparent to usersSimple installationTwo-step SmartPass Activation 1. Double click SmartPass icon2. Enter Access CodeVPN Client ManagementSmartGate ServerSmartPassClientSmartPassClientSmartPassClientDynamic ReconfigurationAll SmartPass client changes are managed on the SmartGate server. Changes
View Full Document