2003, Rainbow Technologies, Inc.

(1)

(2)

Expertise

Secure > 50% of the Data

10 Years of SSL

Web Security

28 Million Hardware Keys

50% Token market share

6 Years of iKey

Access Control

(3)

NetSwift iGate:

Hardware Appliances - SSL

(4)

Agenda

Overview of SSL VPNs

SSL vs. IPSec

Evaluation Criteria

ROI

NetSwift iGate Overview

Case Studies

(5)

SSL VPN Definition

SSL – Secure Sockets Layer

An industry-standard Internet security protocol, embedded in a web

browser

IPSec is another security protocol, delivered as a software client

VPN – Virtual Private Network

A private network created within a public or shared network

Combined, a SSL VPN is created

(6)

SSL VPN Value Proposition

Improve enterprise productivity without higher costs

Anywhere, any type access

– Any Internet connectivity methods – wireline and wireless

– Controlled and uncontrolled, managed and unmanaged access

environments

Low impact on users and IT organizations

– No new software to install, configure, and maintain on access devices – NAT and firewall traversal issues eliminated

– Non-disruptive to existing private network, security, and directory

infrastructure

Flexible

(7)

Why this is Important

The measurement of competitive advantage

continues to change

Increasingly, getting the right information, in the right form, to the

right people, at the right time is the means to competitive advantage

Culturally and operationally, the enterprise is

changing

Enterprise network borders are being pushed outward

– Rise in nomadic workers and teleworkers

(8)

Why this is Important

Infrastructure is less of a barrier

Internet access is becoming as pervasive and as demanded as

oxygen

By any measurement (# of connections, bandwidth level, quality,

type), broadband connectivity is rapidly growing

To succeed in this changing environment, however,

the right set of secure networking solutions are

(9)

SSL VPN Device Functionality

Central gatekeeper

Validates user credentials (authentication)

Applies granular access policies (authorization)

Single proxy between users and applications

Accepts authenticated user’s requests and presents them to

authorized application and file servers

Receives server responses and forwards responses back to users

– Recoding of applications not required, transformation handled in SSL

VPN device for HTTP transmission

Single point for encryption/decryption

(10)

(11)

IPSEC VPN

Configure VPN software Configure VPN software Corporate Network Exchange File Server Sales Person traveling Partner _{Executive @} home IPSEC VPN Web Apps Server Applications

Server/Data _{Terminal Services} PeopleSoft Lotus Notes

Networked Machines

Home Computer: Difficult to install – no control of hardware or network Partner Computer: Almost

impossible to install - Need to get permission from IT

Corporate Notebook: Easy to install – but still one more piece of software to manage

(12)

SSL VPN

Corporate Network Exchange File Server Sales Person traveling Partner _{Executive @} home SSL VPN Web Apps Server Applications

No client software to install - Does not modify the operating system. Use only a browser

Benefits: No support calls with troubled implementations or client software to manage

(13)

IPSEC VPN – Doesn’t work with NAT

Corporate Network Exchange File Server Sales Person traveling Partner _{Executive @} home IPSEC VPN Web Apps Server Applications

NATs in the corporate network change IPSec

packets and break the IPSEC connection

NATs in the corporate network change IPSec

packets and break the IPSEC connection

X

This forces admins to place critical servers directly onto the internet or not allow access

(14)

SSL VPN

Corporate Network Exchange File Server Sales Person traveling Partner _{Executive @} home iGate Web Apps Server Applications

NAT doesn’t interfere with SSL...it always works

Home

Home Hotel_Hotel

Benefits:

- No support calls when the connection breaks. - Opportunites are not lost because of downtime Benefits:

- No support calls when the connection breaks. - Opportunites are not lost because of downtime

(15)

IPSEC VPN

Force partner to change their firewall

X

(16)

SSL VPN

Web ports are open on Firewalls

Benefits:

- Roll out Access to any partner

- No modifications needed for their firewall - Quick time to deploy

Benefits:

- Roll out Access to any partner

- No modifications needed for their firewall - Quick time to deploy

(17)

IPSEC VPN

Bridging Networks

Open Access to Resources

Bridging Networks

Open Access to Resources

(18)

SSL VPN

Networked Machines internet

No Bridging – iGate terminates sessions between it and the client side applications

(19)

ROI

“SSL remote access is

45 percent

less expensive than IPSec solutions

and

72 percent

cheaper than

dial-up.”

(20)

ROI

Initial Investment Medium Medium Deployment Painful Painless Operating Expense Medium Low Level of Security Medium High Corporate Strategic Low High End User Satisfaction Low High

(21)

NetSwift iGate SSL VPN

The Next Generation

(22)

iKey Overview

Strong two-factor User Authentication

Insert the iKey into a USB port - gain access from anywhere

If stolen, security is not compromised because PIN is

unknown

Key Benefits

(23)

Authentication Options

Manage access control by

user types

application access

Support diverse range of users

Tailor level of security to your

policies

iKey eliminates Password hacking

iKey extends security from

application to the user

Removing the iKey closes the

session

AND/OR

(24)

VPX - Central Application Access

v internet iGate Browser Client Web Application Servers Client Server Applications Mail Server Terminal Services/ Citrix SSL

Any protocol can be securely sent via SSL through NetSwift iGate

(25)

Benefits of VPX Support

Single solution for all remote access

Secure any application over SSL/port 443

Protect non-web based applications the same way as

web based applications

All data is continuously authorized and encrypted by

iGate for transport over SSL

(26)

Portal and Direct Access Resources

Access resources directly or

through Portal

iGate supports both types - simultaneously

Portal Page Benefits

Ease of Use / Management

– Users need to only remember one URL – One SSL Certificate to buy and manage – Host only a single IP address

(27)

Portal and Direct Access Resources

Portal Page Benefits

Security of

– One external secure access site and one IP

address

– Users can’t access sites directly - required to

go through portal

– Encrypts and obscures links in real time

– Only applications that users have access to

(28)

Do More With NetSwift iGate

Secure Any Application Portal Management

Hardware based SSL Encryption HTTP Compression

Role / Group Management

Advanced Auditing

Integrated Strong Authentication Auto Log-Off

Central Resource Management Fine Grain Control

Clientless Security SSL Encryption

SSL VPN

(29)

Executive Information Portal

Requirements

Anywhere Access for Board Members Secure Access Control

Ensure passwords aren’t shared or written down Comply with Audit compliance standards

Easy to use

Solution: iGate SSL VPN

Allows users to use only a browser to access data No integration or complicated VPN set up

(30)

Healthcare Remote Access

Requirements

Doctors need to access patient records and images from any location Secure Web based PACS system

Comply with privacy legislation (PIPEDA, HIPAA) Easy to deploy and use

Central system for web and legacy applications

Solution: iGate SSL VPN

Secure access with just a browser

Integrated iKey authentication offers secure access iKeys are easier than complicated passwords

(31)

Partner Access

Requirements

Roll out access to partners for CRM system Use same system for employees as well Enable partner access more efficiently Enforce Strict Access Rights