Download Sirrix AG

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
Document related concepts

Data center wikipedia , lookup

Data vault modeling wikipedia , lookup

Information security wikipedia , lookup

Business intelligence wikipedia , lookup

Open data in the United Kingdom wikipedia , lookup

Information privacy law wikipedia , lookup

Computer security wikipedia , lookup

Transcript 
Sirrix AG
security technologies
Turaya. TrustedDesktop
Comprehensive endpoint security solution and efficient desktop management
Today´s information systems still lack in
efficient protection against both out-sider
and insider threats. Targeted malware attacks and data leakages are the most visible examples of these increasing threats.
Thus, time has come for a more comprehensive approach to endpoint security. Today, IT infrastructures are shared,
distributed, and heterogeneous. They
extend into cloud computing. 360° security concepts have become essential,
yet they should not add extra complexity
or limitations in use.
TrustedDesktop provides an all-new
level of protection both against attacks
from outside and against data leakages
from inside. Sirrix is first to comprehensively implement the notion of trustworthy systems as a fundamental concept for
IT infrastructures.
and provisioning system for the entire infrastructure, including networks, clients
and desktop images.
Architecture
The core component of TrustedDesktop
is the Turaya™ Security Kernel. The Security Kernel virtualizes different operating systems into individual isolated areas
(compartments) running in parallel on
the same client machine.
▪
Comprehensive data leakage prevention with transparent file encryption. The solution transparently encrypts data leaving a secured
compartment and restricts the access to other compartments of the
same TVD. This includes transparent encryption of data on remov-
Data Servers
TrustedDesktop is a secure virtualized
desktop solution with practical information flow control. Its basic principle is the
strong isolation of critical applications and
corporate workflows as well as the reliable enforcement of security policies.
At the same time, the TrustedObjects
Manager (TOM) combines a system-wide security policy management with an
easy to use deployment, configuration
TrustedDesktop provides many security
and functional features, enhancing the
enterprise security and increasing the efficiency of workflows:
Every compartment can be allocated
independently to a Trusted Virtual Domain (TVD), each spanning a distributed,
but closed virtual processing area. Data
leaving a compartment is seamlessly encrypted and can only by accessed in a local
or remote compartment that belongs to
the same TVD. This concept is revolu-
Solution
Its innovative technology enables a comprehensive and auditable lifecycle protection of all enterprise data. The overall
system guarantees that protected information is only processed by trustworthy
components. Thus, any data leakage by
malicious or accidental errors is prevented efficiently.
tionary as it enables for the first time
efficient information flow control for
enterprise systems working with legacy
operating systems. This is made possible
by the Turaya™ Security Kernel technology along with the integration of Trusted
Computing technology.
Turaya.TrustedVPN
Data in Motion
Data at Rest
USB-Device
USB-Device
Green Trusted Virtual Domain
Red Trusted Virtual Domain
Seamless encryption and virtualization turn data leakage prevention
into a feature, and no more an obstacle for efficient work.
Sirrix AG
Sirrix AG
PO Box 1652
66407 Homburg, Germany
Phone: +49 681 / 9 59 86 - 0
Fax: +49 681 / 9 59 86 - 500
[email protected]
www.sirrix.com
security technologies
Turaya. TrustedDesktop
Features
able storage (USB, HDD) or data
stored on remote locations (NFS,
SMB). Thus, it provides offline transport capabilities for exchanged data.
Turaya.TrustedInfrastructure
▪
▪
▪
System-wide data containment based on Trusted Virtual Domains (TVDs)
Cross-platform Information Flow Control
Supports clients (TrustedDesktop), servers (TrustedServer) and networks
(TrustedVPN)
TrustedDesktop Client
▪
▪
▪
▪
▪
▪
▪
Support of multiple, strongly isolated Virtual Machines, belonging to different
Trusted Virtual Domains (TVD). Based on Turaya™ Security Kernel
Secure bootstrap and system integrity, enabled by hardware-based
TPM module
Trusted GUI with Secure Clipboard function with local policy enforcement
Transparent File Encryption for local and remote storage devices
Full hard disk encryption with secure bootstrap ensuring system integrity
Integrated VPN Client for cross-platform communication
Printing allowance controlled by TVD
A transfer of unencrypted data between different TVDs is only possible if
explicitly allowed by the security policy.
▪
Intelligent VPN client enables secure
links between compartments belonging to the same Trusted Virtual Domain and to dedicated networks.
▪
Full harddisk-encryption, sealed to the
TPM security chip. In contrast to other
solutions, the encryption key is never
seen by the operating system and thus,
no viruses, trojan horses or other malware can leak or change sensitive key
material.
Trusted Computing provides
hardware-based security
TrustedObjects Manager
▪
▪
Centralized infrastructure and security policy management for clients,
networks, servers and virtual machines (trusted objects)
Centralized infrastructure management
▪
▪ Registration and authentication of all trusted objects
▪ Remote attestation of integrity for all trusted objects
▪ Provisioning of certified compartment images
System-Wide Security Policy Management based on TVDs
▪
▪
▪
▪ Defines allowed Information Flows between TVDs
▪ Network access control and firewall rules within TVDs
▪ User & Role based policies
Web-based GUI for authorized administrators
Fully integrated PKI solution
Ready-to run appliance, integrates hardware security module
(TPM or HSM module)
TrustedDesktop is based on a Security
Kernel with the Trusted Platform Module
(TPM) acting as a hardware anchor for full
system integrity. The solution withstands
even physical attacks like malicious code
injection or attempts to steal sensitive key
material.
TrustedDesktop saves real money: With
a single license, a full-coverage solution is
employed, including hard disk encryption,
VPN client, data leakage prevention nd
desktop virtualization.
Related documents
Operating System Security
Operating System Security
commercial laboratory services
commercial laboratory services
Trusted Operating Systems
Trusted Operating Systems
Chapter 05
Chapter 05
slides
slides
ISA 562 - GMU Computer Science
ISA 562 - GMU Computer Science
TrustedDB A Trusted Hardware based Database with Privacy and
TrustedDB A Trusted Hardware based Database with Privacy and
Resilient cities - Survive and bounce back - Craig Lapsley
Resilient cities - Survive and bounce back - Craig Lapsley
Designing Trusted Operating Systems Operating Systems
Designing Trusted Operating Systems Operating Systems
Orange Book Summary - UMBC Center for Information Security and
Orange Book Summary - UMBC Center for Information Security and
Security at the Operating System Level (Microsoft)
Security at the Operating System Level (Microsoft)
What`s in a domain name?
What`s in a domain name?