workplace security threats and countermeasures fujitsu siemens computers yiannis koukoutsis october...

Workplace Security threats and countermeasuresFujitsu Siemens Computers

Yiannis Koukoutsis October 2007

© Fujitsu Siemens Computers 2007 All rights reserved2

Agenda

Security Risks

Security Areas

Product Portfolio

Security Technologies

Manageability

Summary


Security Risks

Security Risks

Security Areas

Product Portfolio


Manageability

Summary


Security risks

Growing usage of mobile devices requires a higher security level

More and more devices get lost, broken or even stolen

Malicious software deletes, modifies and accesses your data

Unauthorized persons try to eavesdrop your data locally and over the net


on the move

Hotspot

Branch / Home Office

IT Scenarios

Corporate Network

Public Networks

(PSTN, Internet, 3G)

Application servers

Database server

Web servers

Email servers

Campus Users

Wi-Fi

Wi-Fi

3G


an average of 81 viruses are discovered per company per year (IDC)

70% of German companies are affected by the misuse of user rights (Meta Group)

rising costs through loss of working hours and IT personnel

in average a 6-month budget for marketing is needed to repair damages of company image

Lead to

• Downtimes

• Loss of Data

• Insolvencies

Affect

• Stock value

• Customer loyalty

• Financial strength

Weaknesses in information security


What is IT Security?

Confidentiality (privacy) No information access

without authorization

Integrity No alteration of information

without authorization

Availability Ensure access to information for

authorized users when required Prevent Denial of Service

Dataand

services

Availability

Con

fiden

tialit

y

IntegrityCIA triangle


Security Cycle

• Risk analysis of business processes

• Security analysis of application systems

• Security policy(objectives, responsibility, focal points)

• Security roadmap(costs, benefits, financing)

• Residual-risk management (emergency handling)

• implementation

• administration

• monitoring

• reviews

Training

Awareness

Know-How Transfer


Underlying principles going forward

Security is not binary

Security must support the business

Security is an everyday job

Security and operations are now tightly integrated

Security is multifaceted

Policy, response, and measurement are key

Enforcement is fast becoming an operational task


Security Areas

Security Risks

Security Areas

Product Portfolio


Manageability

Summary


IT Security Components

Accountability

Authentication

Confidentiality

Access control

Firewall

Digital signature

Public Key Infrastructure

Encryption

VPN

Trusted Operating System

Intrusion Detection System

Virus protection

S/Mime, http-s

IPSec, SSL

Single Sign On

SmartCards, Token USB


Strategic Security Areas

Implementation & Operation

NetworkSecurity

WLAN Security

Securityassessment

Patch managementPKI Interfaces

WEB contentfiltering

Spam filtering

Intrusion detection

VPN

Firewall

Security Policy

Consulting

Services

PKI

Physical

Security

Theft protection

System IntrusionDetection

User

Security

SmartCard

Fingerprint

OS Logon

Single-Sign-On

System

Security

Anti-Virus BIOS Virus Protection

Enable/Disable PnP devices

Pre-Boot HDD Password

Data Encryption

TPM support

Anti Spam

PersonalFirewall

Advanced Security

BasicSecurity


Theft protection

Kensington MicroSaver

Kensington PocketSaver

Housing Lock and Seal Option for deskbound PC

System Intrusion Detection

Intrusion Detection Switch (in combination with DeskView)

Physical Security Products

Physical

Security

Theft protection

System IntrusionDetection


System Security Products

BIOS Virus Protection

BIOS Pre-Boot Supervisor and User Password

BIOS Pre-Boot Systemlock smart card based BIOS and system access

BIOS Pre-Boot HDD Password

TPM support

Data Encryption

TPM based Microsoft Bitlocker

TPM based container encryption (SecureDrive)

Email Encryption with TPM or SmartCard

System

Security

Anti-Virus BIOS Virus Protection

Enable/Disable PnP devices

Pre-Boot HDD Password

Data Encryption

TPM support

Anti Spam

PersonalFirewall


Is your logon safe?


User Security Products

User

Security

SmartCard

Fingerprint

OS Logon

System Access

SmartCard

SmartCaseTM SmartCard reader/writer built-in

SmartCaseTM SmartCard reader/writer external via USB, Cardholder, PC Card or Express Card

SmartCaseTM SmartCard

SmartCase Token USB

USB smart card reader and smart card as a single device

Fingerprint

Biometric fingerprint recognition in dedicated systems

SmartCase Fingerprint USB as external solution

SmartCard/Fingerprint based Operating System Logon (SmartCaseTM Logon+)

Single-Sign-On

Easy-Sign-On to Web application

Single-Sign-On


Product Portfolio

Security Risks

Security Areas

Product Portfolio


Manageability

Summary


Security Keyboards- more than just a input device

Function Feature BenefitsUSB security Keyboard with

integrated SmartCard reader/writer

SmartCase™ KB SCR Pro

Secure access control with SmartCase™ Logon+ security application

SystemLock support (BIOS Pre-Boot protection)

Secure PIN-Entry (Class 2 Reader)

Digital signature compliant according to Common Criteria EAL3+

HBCI compliant

MKT 1.0 trusted product certified for Germanhealth insurance cards (KBV)

Use SmartCards for

Data encryption

PKI

Electronic payment

Healthcare solutions

Digital signatures

Secure network and Operating System Logon


SmartCard readers/writersHigh-Level security functions

Function Feature BenefitsSmartCase™ SCR (USB)

External SmartCard reader/writer

SmartCase™ SCR (USB int.)Internal SmartCard reader/writer

SmartCase Token USB


Meets all major standards

USB 2.0 Reader, class 1

Supports all established SmartCards due to PC/SC and ISO 7816/1-4 compliance

Use SmartCards for

Data encryption

PKI

Electronic payment


Digital signatures



SmartCard readers/writersHigh-Level security functions

Function Feature BenefitsSmartCaseTM Cardholder

(PC Card) for systems with integrated SmartCard chipset

SmartCaseTM SCR (PC Card)

SmartCaseTM SCR Express Card


Meets all major standards

PC Card, class 1

Supports all established SmartCards due to PC/SC and ISO 7816/1-4 compliance

Use SmartCards for

Data encryption

PKI

Electronic payment


Digital signatures



SmartCase™ Logon+Secure and comfortable authentication

Function Feature BenefitsSmartCase™ Logon+

Secure operating system Logon

Single-Sign-On / Password Management

SmartCard / fingerprint support

Operating System Logon

Single-Sign-On to Microsoft Windows, web pages, Password management

SecureDrive Container encryption

No unauthorized access to your system

Reduced helpdesk calls in terms of lost password

Easy-Sign-On for all business relevant applications and

Websites



Security Risks

Security Areas

Product Portfolio


Manageability

Summary


FingerprintEasy-to-use security functions

Function Feature Benefits Integrated fingerprint

sensor Powerful access control

mechanism with SmartCase™ Logon+ security application

Fingerprint template can be stored to smart card

No unauthorized access to your system

Reduced helpdesk calls in terms of lost password

Easy-Sign-On for all business relevant applications and Websites


SmartCard

Function Feature BenefitsSmartCase™ SmartCard

compliant with ISO 7816 (parts 3, 4, 5, 8, and 9).

Protection against all known security attacks

Efficient Crypto Coprocessor for secure cryptographic functions and key generation for strong encryption of data and files

Supports PC/SC / PKCS#11 / CSP and CT-API

ISO 7816-compatible commands for the applications

Safe and secure storage of passwords and logon names

Encryption and digital signatures for e-mail programs and web-browsers

Easy Operating System logon/logoff


Trusted Platform Module

Function Feature BenefitsBuilt-in module to enhance

the security level on your system and in your network

Full 3rd party application support based on industry leading security interfaces (PKCS#11 and MS-CAPI)

TPM Cryptographic Service Provider (CSP)

Data Encryption with TPM and Microsoft Encrypted File System, Bitlocker

Encryption and digital signatures for e-mail programs and web-browsers


SmartCaseTM Logon+

SmartCase Logon+OS Logon

SmartCase Logon+Single Sign-On

User Authentication

Automatic authentication to websites

and / or


Manageability

Security Risks

Security Areas

Product Portfolio


Manageability

Summary


Manageability and Security link the Business client product portfolio

Displays, Keyboards, Software

Business Clients Security

ManageabilitySecure products for business clients

Most efficient client management with DeskView

Pocket LOOX

LIFEBOOK / CELSIUS notebook

AMILO Pro

STYLISTIC

FUTRO

CELSIUS

ESPRIMO

SCENIC


Summary

Security Risks

Security Areas

Product Portfolio


Manageability

Summary


Security threats and countermeasures

Services

OS

Data

Device

BIOS

Network

Modify, delete

Modify, delete, overload

Read, modify, delete

Damage, intrusion, theft

Read, modify, delete

Intrude, eavesdrop,overload, paralyze

People

Unauthorized use,Social engineering

Malicious code

Virus, worm, Trojan,logic or time bomb,root kit, backdoor,

spy-ware, ad-ware, spam, hoax, phishing

SniffingMan in the middle,

key logger

Denial of service

Physical protection

Mechanical features, alerts

Access protectionfor data and applications

Authentication, encryption

Detection and removalof abnormalities

Anti-virus, RKD, firewall,Intrusion detection / prevention,

web and content filtering

Backup and recovery

Patch management

Out of scope: Accidental Threats ( Environmental Force, Technical Failure, Human Error)

BIOS security functions

Client security solutions by


Backup and recovery

Scheduled and automatic backup

Local backup to (hidden) partition or backup medium Data recovery anywhere and anytime, without being connected Evade bandwidth bottlenecks (remote and disconnected users)

Network backup Minimize network traffic by efficient and intelligent compression methods Minimize required network bandwidth No extra storage media

Single keystroke recovery (rollback to a known good state) Minimize downtime, increase user productivity and satisfaction Reduce help desk cost and free resources for other tasks

Examples Windows Backup and Restore Center Altiris Recovery Solution in a DeskView environment


Security from Fujitsu Siemens Computers

Why?

We guarantee the implementation and integration of standard

technologies based on the best hardware platform.

Our client security products and solutions are easy to integrate in

existing IT infrastructures.

We provide direct Technical Support by in-house research & development.

We offer end-to-end solutions in cooperation with strong strategic partners.

workplace security threats and countermeasures fujitsu siemens computers yiannis koukoutsis october...

Documents

information security

business security

integrated security

binary security

workplace security threats

higher security level

everyday job security

g slide