Trust: When Physical and Logical Security Worlds Collide
advertisement
Trust: When Physical and Logical Security Worlds Collide Bob Beliles VP. Enterprise Business Development Hirsch Electronics Copyright © 2009 Trusted Computing Group Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #2 Convergence – a Typical Security Perspective Usually One or the Other A Common Infrastructure Eliminates separate networks IP-based Greater accessibility to information Interoperability with security applications / systems New uses via connection to non-physec systems / applications A Common Credential Authenticate Individual Policy –based Facility / room, etc PC, logical / network assets Instant and global use / privileges Extension to cafeteria and other purchases Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #3 When Security Worlds Collide Trust Must Be Created Smart Credentials With Strong Authentication Common, Secure Communications Infrastructure Trust Data Protection At Rest & In Transit Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #4 Trust with Policy-Based Enforcement The Access Control Ecosystem Files, databases / data located anywhere in the “cloud”. Single device or asset, i.e. a PC, a phone, etc. Digital Identities Communications infrastructure (routers, switches) connects PCs, servers, storage. Buildings, rooms, roads, etc. Aggregates sensors (contacts, credentials, video, audio), policy based response. Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #5 The Converged Vision From Credential to Cloud™ Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #6 Trust Enablers Smart Credentials, Systems and Standards Smart & Secure Credentials Multi-factor Authentication Encryption Certificates Secure Devices / Systems Network security features Encryption Certificates Standards & Processes FIPS 140 & 201 Trusted Network Connect Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #7 Pervasive Security: Cyber Meets Physical Tailgating / No Badge-In = No Access Reader bypassed, employee tailgates Access Requestor Panel receives no information Policy Enforcement Point Policy Decision Point Server has employee logged as outside building Metadata Access Point Sensor Flow Controller ! ! Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #8 Pervasive Security: Cyber meets Physical Presence Enables Network Access Readers capture / pass credential info Panel authenticates identity and enforces policy ! Hirsch Velocity with PACE Gateway server converts messages to IF-MAP events and vice-versa ! ! ! IF-MAP Event Messages Access Requestor Policy Enforcement Point Policy Decision Point Metadata Access Point Sensor Flow Controller ! ! Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #9 The “Converged Enterprise” Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #10 Summary and Key Take-Aways Trust Enables Pervasive Security When: All system elements are properly secured, vetted and authorized Enabled through digital identities and encrypted data (at rest & transit) Physical, device, logical and network access control are tied together Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #11 Thank You For More Information… • • • • TCG Playground TCG Cocktail Party Hirsch Booth 856 Presentation: Does Physical Security on the Network Create New Vulnerabilities?" Orange #305, Friday 11:10am www.hirschelectronics.com Bob Beliles rbeliles@hirschelectronics.com Copyright© 2009 Trusted Computing Group – Other names and brands are properties of their respective owners. Slide #12
