Transcript Slides are available.

Security for a Connected World
www.v-one.com
Table of Contents
 Who
Is V-ONE
 Defining VPNs
 SmartGate’s Value-added Security
 Why SmartGate VPN
Introduction to V-ONE
www.v-one.com
Company Overview

Founded in 1993
Firsts
 Smart card security product (1994)

Internet VPN product - SmartGate (1995)
 Wireless VPN product - SecurePage (1998)
Four U.S. VPN Patents
Revenues: 1997 $9.5 million
Publicly traded: NASDAQ VONE




V-ONE Products
SmartGate
client-server system for implementing secure, global virtual private
networks (VPN). Server platforms include: Windows NT and many
flavors of UNIX.
SmartPass
the client piece of SmartGATE that enables end-users to connect
to a SmartGate VPN. Platforms supported include Windows 95,
Windows NT, Windows 3.1, Macintosh
SmartWall
combines industry-leading firewalls with SmartGate, currently either
Raptor Systems Eagle or Trusted Information Systems Gauntlet
Air SmartGate
A version of SmartGate specifically designed for the paging market
98
Defining VPNs
IT Evolution to VPNs
Proprietary
VANS
Birth of Commercial
Internet
Data Privacy
Encryption
Early 1990s
Enterprise
Defense
Firewalls
Mid-1990s
Mainstream Commercial
Internet Use
E-Commerce
& Remote
Access
VPNs
Late 1990s
Rapidly evolving corporate security
and Network Requirements
What is a VPN?
A Virtual Private Network (VPN) uses the
infrastructure of the public Internet or an
Intranet to provide secure access to applications
and corporate network resources for remote
employees, trading partners, suppliers, and
customers
The Goal of Internet
Business Communications
Communities of Interest
Applications
Intranet
Web
Email
Extranet
Database
Mainframe
E-Commerce
GroupWare
Employees
Partners
Customers
Increase profitability by deploying more cost-effective and direct
communications with critical communities of interest.
Today’s Enterprise & Remote
Access Architecture
Intranet
Extranet
Remote Offices
Customers
WAN
Internet
Firewall
RAS
Intranet
Applications:
Email
Web
Mainframe
Database
GroupWare
Partners
Public Application Services
Extranet
Public Web
The Internet-based Enterprise
Remote Offices
Customers
Internet
Application
Services:
Partners
Intranet
Extranet
E-Commerce
Remote Dial-in Users
Internet Security Challenges
VPNs are designed to address security challenges associated
with Internet-based communication.
Remote Office
Employee
Customer
Partner
1
1.
2.
3.
4.
Identifying & authenticating authorized users
Keeping data private
Controlling access to trusted nets
Recording events
Application
Services:
Internet
2
1
Remote Dial-in user
3
4
Intranet
Extranet
E-Commerce
Trusted Network
SmartGate VPN Components
SmartGate Authentication
SmartGate provides either integrated user authentication
or supports existing third-party authentication systems.
SmartGate’s User
Database Support
SmartPass Token
Support
V-ONE Digital Token
on floppy, hard drive,
or smart card
Smart card
Entrust Digital Certificate
SecurID Token
SmartGate
Authentication
Server
SmartPass
Client
SmartGate
Server
ACE
RADIUS
SmartGate Authentication
All SmartGate authentication support includes the critical elements
of strong user authentication. Mutual authentication adds value to
third-party systems by ensuring application identity.
Dynamic
All challenges based
on random variables
Two Factor
Access Code
Token
Mutual
Client authenticates server
SmartPass
Client
Server authenticates client
SmartGate
Server
SmartGate Encryption
SmartGate utilizes the advantages of both shared key and
public/private key encryption technology.
VPN Sessions are encrypted using shared secret keys.
Advantage = performance
SmartPass
Client
SmartGate
Server
Shared key distribution and registration
are encrypted using the server’s public key.
Advantage = electronic key distribution - OLR
All SmartGate encryption
is approved for export
(DES/3DES)
SmartGate Access Control
Access privileges are defined according to each user’s
token identity on the server. Linking access control to
authentication enables user-based policy management.
Database
SmartPass
Client
VPN connections defined by:
• destination IP address/port
• connection service
• URL
Email
SmartGate
Server
VPN connections are proxied to application servers
Web Applications
SmartGate Auditing
SmartGate logs critical events necessary for security auditing
and client/server troubleshooting.
Logging Events
SmartPass
Client
SmartGate
Server
User Added/Deleted
User Enabled/Disabled
User Key Changed
Successful/Unsuccessful
User Login
Session Start/End
Server Up/Down
SmartGate Component Summary
Remote Office
1. Identifying & authenticating authorized users
2 Factor, Mutual Authentication
2. Keeping data private
Scaleable encryption
3. Controlling access to trusted nets
User-defined access control
4. Recording events
Detailed event logs
SmartGate Server
SmartPass
Client
1
Employee
Customer
Partner
Application
Services:
Internet
2
1
SmartPass
Client
Remote Dial-in user
Firewall
3
4
Intranet
Extranet
E-Commerce
Enterprise Network
Key SmartGate Advantages
Flexible Integration
Choice of third-party or integrated
authentication database.
Server installs on any firewall
or on a stand-alone platform.
SmartGate
ACE
RADIUS
Internet
Multiple OS Support
• NT
• Solaris
• BSDI
• HP-UX
Firewall
SmartGate
Server
Low Cost & Rapid Deployment
On-line Registration electronically registers each user’s
authentication token with the SmartGate server.
SmartGate
Server
Users enroll in minutes
using web browser.
SmartGate server can register
thousands of tokens in minutes.
Customizable Web form
captures user information.
Receives shared key from client.
Secured using server’s public
key.
Ease of Use
Two-step SmartPass Activation
SmartPass Clients



Operate independently of
network set-up and desktop
applications
Security functions are
transparent to users
Simple installation
1. Double click
SmartPass icon
2. Enter Access Code
VPN Client Management
SmartPass
Client
Dynamic Reconfiguration
All SmartPass client changes are
managed on the SmartGate server.
Changes propagated automatically,
server prevents cheating.
No user intervention is required.
Allow Marketing staff
access to customer
database application
SmartPass
Client
SmartPass
Client
SmartGate
Server
Enterprise VPN Management
SmartAdmin VPN Management
Console
•
•
•
•
Manage multiple SmartGate
servers from a single, remote
console.
Management of users by
groups and subgroups
Provides distributed
management through group
leader functionality.
Database functionality (i.e.
sort, filter, find)
SmartGate Summary
SmartGate address the critical issues of deploying and managing
VPNs for business applications.
Comprehensive Security
•Addresses Internet
challenges with valueadded advantages
Rapid Deployment
•On-line client distribution
& token enrollment
Manageability
•Dynamic reconfiguration
of VPN clients
•Management console for
managing enterprise
VPN servers
Ease-of-use
• 2-step client activation
• Web browser enrollment
Investment Protection
• Works with all firewalls
• Support of 3rd party
authentication systems
Export Ready
• BXA approval for 56-bit DES
and stronger algorithms