Cominfo Systems

Download Report

Transcript Cominfo Systems

Blue Ridge Networks / Cominfo Systems
Products and Services Overview
Teaming
• Cominfo and Blue Ridge Networks signed Teaming
agreement to serve Pakistan’s market
• Cominfo is a exclusive product and service provider of
Blue Ridge Networks in Pakistan
• Combination of exceptional product line and
outstanding service brought two companies together
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
Benefits of Teaming
• Local Urdu and English speaking technical support
• Local workforce available to visit client sites for
training and support
• Immediate product implementation and replacement
• No middleman and markups
• Office expansions are scheduled for Lahore
Islamabad, Rawalpindi, and Dubai
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
What we do
BorderGuard
Virtual Private Networks
Site to Site
EdgeGuard
End Point Security
Flexible Authentication Service
Remote Access
Scan and Block
Specialized VPN Applications
Trusted Configuration Management
4/5/2016
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
4
Markets Served
•
•
•
•
•
•
•
Banking
Finance
Government
Health Care
Legal
Transportation
250+ total customers in
37 countries.
4/5/2016
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
5
Differentiated Solutions
• Secure Mobile Computing
– Remote Access with PKI Authentication
– Endpoint Security Enforcement
– Nomadic Secure IP Voice, Video, Data
• Secure Central Management
– Service Provider Model
– Low Cost, Rapid Deployment
– Carrier and Media Agnostic Global Reach
• Ease of Use Without Security Compromise
– Enterprise Scale Hardware and Software Systems
4/5/2016
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
6
Secure Networking Product Portfolio
• BorderGuard™ 5000/6000 VPN
Appliances
–
–
–
–
Multiple models span mid-range market
Up to 2.2 Gbps AES256 packet encryption
Up to 24,000 simultaneous connections
RSA public-key authentication built-in
 FIPS 140-2 certified
 Common Criteria , EAL2, EAL4+ (in evaluation)
• RemoteLink™
•
•
•
•
•
Rapid deployment and mobility features
Supports mobile security for voice, video, data applications
Protocol agnostic
Embedded PKI for strong authentication
Transparent to end-user
4/5/2016
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
7
Secure Networking Product Portfolio
•
Management Console
–
–
–
Headless, plug-and-play central management appliance
Easy to use browser-based interaction from any PC
Manages high assurance VPNs
•
•
–
–
–
–
•
Site-to-site
Remote access
Granular administrator role-based administration
Ideal for Unified PKI authentication and full integration with
client’s Active Directory
Instant user revocation with Red List
Detailed audit collection for better management and reporting
Remote Access Client Software
–
–
–
–
Windows 2000, XP, XP embedded, Vista and PocketPC
Supports seamless wireless roaming with persistent secure
connection
Easy to install and easy to use
Optimized for X.509 cert based authentication and smartcards
4/5/2016
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
8
High Assurance Security
Mutual Mandatory Authentication
SE IKE
Encryption Level B
Encryption Level A
BorderGuard
Client
Public Key
Private Key
Session
Initialization
Parameters
Client
BorderGuard
Private Key
Public Key
01001010 01101101 00101001045311
10100
100110
1001101001010 01101101 001010010110101
Audit
Audit
Integrity
Integrity
Privacy
Privacy
Authorization
Authorization
Authentication
PKI
4/5/2016
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
Authentication
PKI
9
Usability – Active Directory Integration
Enterprise
CRL
The Management Console’s Red or
Green List allows administrators to
block access for any reason
OCSP
Active
Directory
Log Server
Management Console queries
CRL servers
OCSP
responders
for cert
forpath
cert
discovery and validation
validation
Remote Access
Untrusted Network
Untrusted Network
Policy Server
The user authenticates to Active
Directory using an end-to-end
Using
a Common
Access Card (CAC)
cryptographic
process
or a Personal Identity Verification
No intermediary servers, no additional
(PIV) card, a secure tunnel request is
network access policy data required
made to BorderGuard VPN appliance
** User’s network access is limited until
4/5/2016
successful Active Directory
authentication
©2008 Blue Ridge Networks/Cominfo
Systems. All rightsoccurs
reserved.
Flexible Authentication
10
RemoteLink
Secure Remote Office
• VoIP
• Secure Thin Clients
• Non-Window Devices
4/5/2016
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
11
RemoteLink
RemoteLink™
 Mobile
 Dynamic configuration via portable token
 Software and OS independent
 Supports any Ethernet attached devices
 Robust protection of user devices
 Simple and effective redundancy and
scalability
 Transparent to end-user applications
4/5/2016
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
12
Secure Virtual Ethernet Service
•
•
•
•
Any-to-any, full mesh, enterprise connectivity
100% end-to-end security
Unicast and Multicast
Any wired or wireless networks;
– DSL, Cable Modem, T1, etc.
– Cell wireless, satellite, WiMax
•
•
•
•
Any Data applications and Protocols
Any VoIP applications
Any IP Video applications
Anywhere on the globe
4/5/2016
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
13
SVES Deployment
Enterprise
Enterprise
HQ
SVES creates a complete end to end
private and secure network on the
global Internet.
Regional Office
Internet
Remote workstation
Branch Office
Remote workstation
4/5/2016
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
14
Secure Intranets
Logical Full Mesh
Among All Sites
4/5/2016
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
15
Secure Extranets
Only
connectivity
to/from
central site
resources
No connectivity among remote sites
4/5/2016
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
16
EdgeGuard™
Trusted Framework for
Policy Enforcement, Admission Control, and Compliance
of Microsoft Windows Fixed and Mobile Workstations
EdgeGuard Security Framework
Server Application:
Windows Server 2003
SQL Server 2005
The EdgeGuard Security
Framework enables multiple
applications
Application N
Application 3
Malware Protection
NAP / NAC
EdgeGuard Management System
EdgeGuard Agent Security Framework
Stateful Workflow Control
TPM
NetLock
ProcessLock
FileLock
RegistryLock
OPSWAT
4/5/2016
Near real-time
visibility and
manageability
Client Application:
Windows XP SP2
Windows Vista
Trust System
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
18
Example EdgeGuard Applications
• NAP/NAC
– EGA provides Posture Assessment for client systems
– Continuous assessment, enforcement and remediation off-net
• Enhanced Policy Enforcement for Endpoints
– Application Control
– Red List – unstartable applications
– Green List – unstoppable applications
• Trusted Enclaves for Process Containment
– TEs may contain User Apps and System Services
– Highly effective defense against malware
– Not HIPS
4/5/2016
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
19
EdgeGuard Deployment
Enterprise
EdgeGuard
Management
Console
Remediation Site
EdgeGuard allows continuous
Posture Assessment through signed
policy files and signed audit logs
Log Retrieval Server
Untrusted Network
Remote workstation
Policy Distribution Server
EdgeGuard Policy
Status
Anti-Virus On
DAT File Updated
Personal Firewall On
EdgeGuard Agent
Service Pack Updated
Disk Encryption On
4/5/2016
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
20
Policy Examples
•
End-point Security Management
–
–
–
–
–
•
Trusted Configuration Management
–
–
•
Protects selected registry hives from alteration.
Prevents alteration of specified DLLs or data files.
Device Management and Access Control
–
–
–
•
Ensures that third-party security products like anti-virus, personal firewall, disk
encryption, etc. are executing and have up to date policy.
Provides quarantined access for remediation like anti-virus update or patch
management.
Prevents Red-listed programs from executing.
Ensures that Green-listed programs are executing.
Provides trusted push of scripts and executables for zero-day attack remediation.
Enforces which network interfaces may be used and in which networks.
Controls what networks or hosts may be accessed and from where.
May be used to limit the use of writable storage media such as USB storage devices or
CD-Ws.
Authentication Management
–
–
Ensures that the client system has successfully authenticated to specified enterprise
systems like Active Directory prior to allowing network access.
Can enforce arbitrary pre and post connection authentication chains.
Note: Any policy can be conditioned upon “location”.
4/5/2016
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
21
Point of Contacts
Country
Manager
Zhahid Mushtaq
Richard Gurdak
Email
[email protected]
[email protected]
Phone
453 5955
703.631.0700
Web
www.cominfosystems.com
www.blueridgenetworks.com
Address
Anum Classics Mezzanine Floor
Shahrahe Faisal Karachi
14120 Parke Long Court, Suite 103
Chantilly, Virginia 20151
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
Thank You
4/5/2016
©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.
23