• No results found

Secure Messaging Challenge Technical Demonstration

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Secure Messaging Challenge Technical Demonstration"

Copied!
22
0
0

Loading.... (view fulltext now)

Download now ( 22 Page )

Full text

(1)

Secure Messaging Challenge

Secure Messaging Challenge

Technical Demonstration

Technical Demonstration

The Open Group EMA Forum

(2)

Boeing’s Messaging Needs

Boeing’s Messaging Needs

n

n

Provide access to strongly encrypted

Provide access to strongly encrypted

e

e

-

-

mail outside the enterprise

mail outside the enterprise

n

n

Reduce complexity of deploying secure

Reduce complexity of deploying secure

e

e

-

-

mail

mail

n

n

Present a single solution which can span

Present a single solution which can span

the enterprise

the enterprise

n

n

Provide broadly acceptable solution to

Provide broadly acceptable solution to

customers, partners, suppliers

(3)

Technical Requirements

Technical Requirements

n

n Use X.509 v3 CA ServicesUse X.509 v3 CA Services

n

n SelfSelf-signed or purchased commercial certificates-signed or purchased commercial certificates

n

n RSA algorithm with minimum 1024-RSA algorithm with minimum 1024-bit key lengthbit key length

n

n Provide standardsProvide standards--based directory services accessible via based directory services accessible via the public Internet

the public Internet

n

n Certificate stored in standard Certificate stored in standard userCertificateuserCertificate attributeattribute

n

n Provide S/MIME compliant messaging client capable of Provide S/MIME compliant messaging client capable of requesting certificates from the directory

requesting certificates from the directory

n

n Provide S/MIME compliant email systemProvide S/MIME compliant email system

n

n Follow current standards regarding S/MIME, X.509 v3 Follow current standards regarding S/MIME, X.509 v3 and LDAP v3

and LDAP v3

COTS or open source products only

COTS or open source products only

(4)

Scope

Scope

Public Network Desktop PC Desktop PC LDAP Server

with User Entries & Certificates Internal LDAP Proxy S/MIME Compliant Email Server External LDAP Proxy Organization 1 Intranet Organization 2 Intranet Exchange Server Messaging Backbone Services Network Firewall Network Firewall

Normal Message Route Normal Message Route

LDAP Server or Proxy

Request to LDAP proxy with recipient's address

x509 v3 Public Key

Challenge Boundary

(5)

Deliverables

Deliverables

n

n

Toolkit

Toolkit

n

n PKI OverviewPKI Overview

n

n Certificate practices, guidelines and recommendationsCertificate practices, guidelines and recommendations

n

n Lessons LearnedLessons Learned

n

n Example architecturesExample architectures

n

n

Comprehensive testing results

Comprehensive testing results

n

n

Peer reviewed report of findings and

Peer reviewed report of findings and

recommendations

(6)

Jan Feb Dec Nov Oct Sep Jul

Reporting and Demonstration Testing and Validation

Initial Architecture Scope

Recruiting

Mar Apr

2001 2002

EMA Challenge Timeline

(7)

Lynx Systems

Lynx Systems

Lotus Notes and

Lotus Notes and

Microsoft Exchange

Microsoft Exchange

n

n Test Solution A: Test Solution A:

Server:

Server: Lotus Notes 5.0.8Lotus Notes 5.0.8 Client:

Client: Lotus Notes 5.0.8Lotus Notes 5.0.8 LDAP:

LDAP: Lotus Notes 5.0.8Lotus Notes 5.0.8

n

n Test Solution B:Test Solution B:

Server:

Server: Microsoft Exchange 2000Microsoft Exchange 2000 Client:

Client: Microsoft Outlook 2000 SR1 and Security PatchMicrosoft Outlook 2000 SR1 and Security Patch LDAP: Linux with Open LDAP

LDAP: Linux with Open LDAP

n

n PKIPKI

Self

Self-Signed Root Certificate Authority on -Signed Root Certificate Authority on

Microsoft Windows 2000 CA Server, Standalone Microsoft Windows 2000 CA Server, Standalone

(8)

DMZ B Linux Server + Open LDAP Firewall Internet Intranet MS Windows 2000 PKI Notebook Work Station Notebook Mobile User Email Server Exchange Email Server Lotus Notes DMZ A Firewall

(9)

Boeing Demo Environment

Boeing Demo Environment

n

n

Messaging Environment

Messaging Environment

n

n Server:Server: Microsoft Exchange 2000, and Key Microsoft Exchange 2000, and Key Management Server

Management Server

n

n Client:Client: Outlook 2000 SP2Outlook 2000 SP2

n

n

Directory Environment

Directory Environment

n

n Windows 2000 Active DirectoryWindows 2000 Active Directory

n

n

PKI Environment

PKI Environment

n

n Boeing SelfBoeing Self--signed Rootsigned Root

n

n Microsoft Windows 2000 Standalone Subordinate CA Microsoft Windows 2000 Standalone Subordinate CA Server

Server

n

n

LDAP presence

LDAP presence

Internal and External LDAP

Internal and External LDAP

Proxy Servers

Proxy Servers

n

(10)

Boeing Demo Environment

Boeing Demo Environment

Internet Microsoft Windows 2000 Test Standalone Subordinate Certificate Authority Microsoft Windows 2000 Active Directory Microsoft Exchange 2000 Key Management Server

Microsoft Exchange 2000 Boeing Test Self-Sign Root

Certificate Authority

External LDAP Proxy Maxware Virtual Directory

Internal LDAP Proxy Maxware Virtual Directory Firewall Workstation With Microsoft Outlook 2000 SP2

(11)

SMTP/Vendor Certificate

SMTP/Vendor Certificate

Architecture

Architecture

n

n

Messaging Environment

Messaging Environment

n

n Server:Server: SendmailSendmail 8.11.0 and POP3 daemon on Linux8.11.0 and POP3 daemon on Linux

n

n Client:Client: Outlook 2000 SP2Outlook 2000 SP2

n

n

Directory Environment

Directory Environment

n

n Directory.Directory.verisignverisign.com .com –– Directory server for Directory server for VerisignVerisign issued certificates

issued certificates

n

n

PKI Environment

PKI Environment

n

(12)

SMTP/Vendor Certificate

SMTP/Vendor Certificate

Architecture

Architecture

Internet Linux with Sendmail 8.11 & POP3 daemon Workstation with

Microsoft Outlook 2000 SP2

Purchased user certificates from

(13)

Demonstration

Demonstration

n

n

Scenario 1

Scenario 1

Boeing Exchange to Lynx Exchange

Boeing Exchange to Lynx Exchange

n

n Directory lookupDirectory lookup

n

n Send/Receive encrypted messageSend/Receive encrypted message

n

n

Scenario 2

Scenario 2

Lynx Notes to

Lynx Notes to

Smtptestbed

Smtptestbed

.com

.com

n

n Directory lookupDirectory lookup

n

n Send/Receive encrypted messageSend/Receive encrypted message

n

n

Scenario 3

Scenario 3

Smtptestbed

Smtptestbed

.com to Boeing Exchange

.com to Boeing Exchange

n

n Directory lookupDirectory lookup

n

n Send/Receive encrypted messageSend/Receive encrypted message

n

n

Scenario 4

Scenario 4

Lynx Exchange to Lynx Notes

Lynx Exchange to Lynx Notes

n

n Directory lookupDirectory lookup

n

(14)

Demonstration Environment

Demonstration Environment

DMZ B Linux Server + Open LDAP Internet Intranet MS Windows 2000 PKI Notebook Notebook Mobile User Email Server Exchange Email Server Lotus Notes

DMZ A

Firewall

Linux with Sendmail 8.11 & POP3 Daemon Workstation with

Microsoft

Outlook 2000 SP2 Purchased user certificatescan be found at directory.verisign.com

Microsoft Windows 2000 Test Standalone Subordinate

Certificate Authority Microsoft Windows 2000 Active Directory Microsoft Exchange 2000 Key Management Server

Microsoft Exchange 2000 Boeing Test Self-Sign Root

Certificate Authority

External LDAP Proxy Maxware Virtual Directory

Internal LDAP Proxy Maxware Virtual Directory Firewall Workstation With Microsoft Outlook 2000 SP2 Boeing Test Environment

Lynx Test Environment

SMTPTESTBED.COM Test Environment

(15)

Directory Lookup

(16)

Scenario 1

Scenario 1

Boeing to Lynx Exchange

Boeing to Lynx Exchange

Read Encrypted Message

(17)

Scenario 2

Scenario 2

Lynx Notes to

Lynx Notes to

Smtptestbed

(18)

Scenario 2

Scenario 2

Lynx Notes to

Lynx Notes to

Smtptestbed

(19)

Directory Lookup

(20)

Scenario 3

Scenario 3

Smtptestbed

Smtptestbed

.com to Boeing

.com to Boeing

Recipient Read Encrypted Message

(21)

to Notes Encrypted Message

(22)

Scenario 4

Scenario 4

Lynx Microsoft Exchange to

Lynx Microsoft Exchange to

Lotus Notes Encrypted Mail

References

Download now ( PDF - 22 Page - 6.67 MB )

Related documents

Firewall Audit Techniques. K.S.Narayanan HCL Technologies Limited

Sample – Firewall Diagram LAN-Insurance Border Router Internet Corp Network-A Mail Relay Proxy Server OWA Content Filter DMZ Mail Server Proxy Server Intranet Server

Firewalls. CS461/ECE422 Spring 2012

User machines User machines User machines Web Server Demilitarized Zone (DMZ) Intranet Firewall Firewall.. DMZ  Network

Student Handbook H O N O R S

2 The term VALENCIA HONORS SCHOLARS is reserved for those students who successfully complete at least 18 hours of honors coursework, who earn no less than a “C” in each

Raptor Firewall Products

TCP/IP Internet Router Firewall Gateway Computer Web Server DMZ Subnet Firewall System Architecture Architecture Firewalls

D-Link. DI-804HV Broadband Hardware VPN Router. Manual

The computer that is configured for DMZ will be completely vulnerable on the Internet, so it is suggested that you try opening ports from the Virtual Server or Firewall settings

The dialectic between the social demand for plurality, the diverse devotional options and the exclusivity of belief. An additional cause of secularization?

4 Taylor, Ch., A Secular Age, Cambridge, Mass., Harvard Uni. He intercambiado el orden de los puntos dos y tres tal y como aparecen en Taylor, pues me parece que es el

Compassion and suppression in caregivers: twin masks of tragedy and joy of caring

Taken together, these data suggest that greater reliance upon suppression- related defense mechanisms can place caregivers at higher risk of experiencing compassion fatigue as

SEATON HOUSE FLOOD STREET CHELSEA SW3

• Bespoke hand-made Eucalyptus cabinetry with integrated lighting, including drawer units, shoe racks, tall hanging, shirt hanging, shelving and floor-to-ceiling mirror.