Скачать презентацию RSA Key Manager Enterprise-wide Encryption Keys Management David Скачать презентацию RSA Key Manager Enterprise-wide Encryption Keys Management David

3c35b64c28ecef0435bf20e43e5195dc.ppt

  • Количество слайдов: 16

RSA Key Manager Enterprise-wide Encryption Keys Management David Mateju RSA Sales Consultant david. mateju@rsa. RSA Key Manager Enterprise-wide Encryption Keys Management David Mateju RSA Sales Consultant david. [email protected] com

RSA – The Big Picture Encryption Store, Transport IT infrastructure Access Authentication, Authorization, Anti-fraud RSA – The Big Picture Encryption Store, Transport IT infrastructure Access Authentication, Authorization, Anti-fraud Solutions information SIEM Security Information and Event Management DLP Data Loss Prevention

RSA – The Big Picture RSA Encryption and Key Management Suite RSA Access Manager RSA – The Big Picture RSA Encryption and Key Management Suite RSA Access Manager RSA Federated Identity Manager IT infrastructure RSA Secur. ID RSA Digital Certificate Solutions information RSA Identity Protection and Verification Suite RSA en. Vision Platform RSA Data Loss Prevention Suite

Encryption Commonly Used to Protect Sensitive Data Throughout Infrastructure Application Based DB or File Encryption Commonly Used to Protect Sensitive Data Throughout Infrastructure Application Based DB or File Based Host Based SAN Based Platform Based Clients LAN Servers WAN

RSA Key Manager Enterprise-Wide Key Management Apps/DB FS/CMS RSA Key Manager (RKM) Policy-based Interface RSA Key Manager Enterprise-Wide Key Management Apps/DB FS/CMS RSA Key Manager (RKM) Policy-based Interface 1. Generate Keys 2. Securely Distribute Keys 3. Vault Keys 4. Expire / Turnover Keys 5. Monitor + Audit 5 Storage

RSA Key Manager Solutions RKM Server RSA Key Manager with Application Encryption RSA Key RSA Key Manager Solutions RKM Server RSA Key Manager with Application Encryption RSA Key Manager for the Datacenter Application Encryption Client Integration modules EMC & 3 rd party encryption Sensitive data encrypted within applications at point of capture Application Encryption Clients. Comprehensive platform and language support C, Java, . NET, Cobol, CICS Linux, Mainframe, Unix, Windows 6 Encryption performed using RSA BSAFE® technology Integrates with host, SAN switch, and native tape encryption solutions from RSA, EMC, and third parties Current integrations include Power. Path, Connectrix/Cisco, Oracle and Native Tape

RSA Key Manager with Application Encryption ti on Payment Processing ey t. K es RSA Key Manager with Application Encryption ti on Payment Processing ey t. K es qu qu Re en Key Manager Server Re t es yp cr y RSA ke Tevp. WURk. QOy. HTl. JVl. He. T 2 A== C# C st ue q Re Local Store Encrypt Credit Card Request encryption Data Capture Card Data key if not Info Request Return unencrypted data to user cached locally in memory or on disk 7 Datacenter Operations Returns

RSA Key Manager with Application Encryption RSA Application Encryption Client Application Get. Key Encrypt RSA Key Manager with Application Encryption RSA Application Encryption Client Application Get. Key Encrypt Decrypt HMAC Key Cache RSA Key Manager Server RKM Server (available as SW or Appliance)

RSA Key Manager Application Encryption Client Supported Platform Matrix RSA Key Manager Application Encryption Client Supported Platform Matrix

RSA Key Manager for the Datacenter Host-based Encryption – EMC Power. Path RKM Server RSA Key Manager for the Datacenter Host-based Encryption – EMC Power. Path RKM Server Any Host EMC Storage Power. Path Encryption Name: XYZ SSN: 1234567890 Amount: $123, 456 Status: Gold @!$%!%!%!%%^& *&^%$#&%$#$%*!^ @*%$*^^^^%[email protected]*) %#*@(*$%%%%#@ Heterogeneous Storage System Encryption

RSA Key Manager for the Datacenter SAN Fabric-based Encryption – Cisco / EMC Connectrix RSA Key Manager for the Datacenter SAN Fabric-based Encryption – Cisco / EMC Connectrix MDS Active Keys (in Fabric) Key 1 Key ‘n’ Key 2 Key 3 RSA Key Manager Cisco Fabric Manager API Encryption takes place in the SAN switch Encryption management integrated into MDS Fabric Manager Integrates with RSA Key Manager for comprehensive encryption key lifecycle management

RKM for the Datacenter: Solution Overview Solution Encryption Source Interoperability/ Support EMC Symmetrix, CLARii. RKM for the Datacenter: Solution Overview Solution Encryption Source Interoperability/ Support EMC Symmetrix, CLARii. ON Power. Path Encryption with RSA Host Solaris, Windows, AIX, Linux, HP-UX (2 H) Cisco MDS-enabled platforms Cisco/Connectrix MDS Storage Media Encryption with RKM IBM Native Tape Encryption with RKM SAN Fabric Tape Drive (9200 and 9500 series), 9222 i switch; Requires 18/4 Port Multiprotocol Services Module IBM TS 1120 Tape Drives; TS 3400/3500 Libraries; IBM Encryption Key Manager (EKM)

RSA Key Manager Server – Software Supported Platform Matrix Scenario 1 Operating System Windows® RSA Key Manager Server – Software Supported Platform Matrix Scenario 1 Operating System Windows® 2003 Server R 2 (Intel® x 86 32 -bit) App Server Apache Tomcat 5. 5. 25 Web Server IIS 6. 0 DB Server Scenario 2 SQL Server 2005 Scenario 4 Red Hat® Enterprise Linux® AS 4. 0 (Intel x 86 32 -bit) Web. Logic™ 9. 0 a RSA Access Manager Web. Sphere® 6. 1 Apache HTTP Server 2. 0. 52 b Solaris™ 9 or 10 (Ultra. Sparc v 9 32 -bit) Web. Logic 9. 0 Apache HTTP Server 2. 0. 61 Oracle® 10 G Release 2 RAC Access Manager 6. 0 Clear Trust Agent 4. 7 JVM HSM Scenario 3 Sun JRE™ 1. 5 n. Cipher™ net. HSM™ • • • Firmware: 2. 18. 13 Cipher. Tools: 1. 0. 0. 8 Support Utilities: 10. 15 IBM JRE 1. 5 Sun JRE 1. 5 Safe. Net Luna SA 4. 1. 0 -9 Safe. Net Luna PCI 3000 • Firmware: 4. 6. 1

RSA Key Manager Server – Appliance Preinstalled server OS: r. Path Linux App Server: RSA Key Manager Server – Appliance Preinstalled server OS: r. Path Linux App Server: Apache Tomcat Web Server: Apache Database: Oracle Std Edition JVM: Sun JRE 1. 5

RSA Key Manager for PCI Compliance Requirement PCI 3. 6. 1 - Strong Encryption RSA Key Manager for PCI Compliance Requirement PCI 3. 6. 1 - Strong Encryption Keys How RKM App Encryption Addresses It • Symmetric Key Generation • Industry Strength Algorithms • PCI 3. 6. 2 - Secure Key Distribution PCI 3. 6. 3 - Secure Key Vaulting AES, 3 DES, HMAC • Mutually authenticated server communication via SSL • Secured Key Storage • Restricted Access to Key Manager Server • PCI 3. 6. 4 - Periodic Changing of Keys/ Key Lifecycle management PCI 3. 6. 5 - Destroy unused / compromised keys Tiered admin rights (Super, User, Key) • No Administrator has access to key material • Deletion of unused or compromised keys • Compliant to National Institute of Standards and Technology (NIST) recommendations • Key Policy Definition • Key Expiration • Key Rotation Key Usage Audit and Logs • Support for Key Attributes • Provides PCI audit trail by logging all events