SlideShare a Scribd company logo

e-Xpert Gate / Reverse Proxy - WAF 1ere génération

Download as PPT, PDF
Sylvain Maret
Sylvain Maret

The document discusses e-Xpert Gate, a web-based secure access solution that allows users to access internal applications from any device with a web browser. It provides strong authentication using RSA SecurID or SSL client certificates to securely access intranet resources through a firewall. The solution uses SSL/TLS to encrypt traffic and authenticate users, preventing direct unsecured access to internal servers and networks.

Technology
1 of 37
e-Xpert Gate e-Xpert Solutions SA [email_address] 2 mars 2001
e-Xpert Gate ? Access your applications from everywhere with strong confidentiality and authentication
About your need ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Solution ? Use your favorite browser
Why my browser ? ,[object Object],[object Object],[object Object],[object Object],[object Object]
But how to solve security issue ? Web-based Internal Resources What should I do ? Firewall Dmz Browser
Direct access with http or https ? Firewall Dmz Browser Web-based Internal Resources Why not ?
Direct access drawback ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Secure access with e-Xpert Gate Firewall Dmz Browser Web-based Internal Resources E-Xpert Gate SSL
Secure access thrue e-Xpert Gate ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Reverse Proxy Technology Server within a firewall The proxy server appears to be the content server A client computer on the Internet sends a request to the proxy server Firewall CACHE The proxy server uses a regular mapping to forward the client request to the internal content server You can configure the firewall router to allow a specific server on a specific port (in this case, the proxy on its assigned port) to have access through the firewall without allowing any other machine in or out. https (SSL) http or https
SSL/TLS Technology ,[object Object],[object Object],[object Object],[object Object],[object Object]
SSL/TLS Technology ,[object Object],[object Object]
Applications that use SSL or TLS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SSL/TLS history ,[object Object],[object Object],[object Object],[object Object]
About authentication ? Your business is on the line. But do you really know who’s on the other end?
Two-factor User Authentication
One-Factor User Authentication Drawback ,[object Object],[object Object],[object Object],[object Object]
e-Xpert Gate’s Authentication method ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],* Method not recommended
RSA SecurID implementation Dmz Web-based Internal Resources E-Xpert Gate
RSA tokens
How it works ? Seed Time 482392 ACE/Server Token Algorithm Seed Time 482392 Algorithm Same Seed Same Time
SecurID exemple
SSL client authentication implementation Dmz Web-based Internal Resources PKI architecture Client X509 Certificate E-Xpert Gate
What is a certificate
X509 Authentication ,[object Object],[object Object],[object Object],[object Object]
Client side authentication Web Client Web Server Challenge Client Certificate Request Challenge answer Client Certificate
How secure is the private key ? How does the user get access? Where is it stored? Smart Card PIN Password Local Browser store Private key
SmartCard and iKey ,[object Object],[object Object],[object Object]
e-Xpert Gate Applications ,[object Object],[object Object],[object Object],[object Object],[object Object]
Lotus access with e-Xpert Gate
Outlook Web Access
e-Xpert Gate ’s key features ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
e-Xpert Gate ’s key features ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
e-Xpert Gate ’s key features ,[object Object],[object Object],[object Object]
e-Xpert Gate ’s key features ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Questions ?

Recommended

Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSylvain Maret
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Chris Ryu
 
X 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetX 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetPuneet Arora
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate ServicesInfrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate Serviceskieranjacobsen
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 

Recommended

Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSylvain Maret
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Chris Ryu
 
X 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetX 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetPuneet Arora
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
Infrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate ServicesInfrastructure Saturday 2011 - Understanding PKI and Certificate Services
Infrastructure Saturday 2011 - Understanding PKI and Certificate Serviceskieranjacobsen
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
How to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewedHow to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewedArash Ramez
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologiesTatyana Kobets
 
Certification authority
Certification authorityCertification authority
Certification authorityproser tech
 
How to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneHow to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneArash Ramez
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniquesIGZ Software house
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
PKI by Gene Itkis
PKI by Gene ItkisPKI by Gene Itkis
PKI by Gene ItkisInformation Security Awareness Group
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoArash Ramez
 
020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPSJackio Kwok
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommercepriyanka Garg
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructureAditya Nama
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in BangladeshBangladesh Network Operators Group
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim PolkInformation Security Awareness Group
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication ServiceSwathy T
 
Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Paul Fremantle
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
Xpert- MTB-RIF Data _Biman
Xpert- MTB-RIF Data _BimanXpert- MTB-RIF Data _Biman
Xpert- MTB-RIF Data _BimanBiman Dey
 
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...Amol Patil
 

More Related Content

What's hot

How to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewedHow to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewedArash Ramez
 
Certification authority
Certification authorityCertification authority
Certification authorityproser tech
 
How to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneHow to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneArash Ramez
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoArash Ramez
 
020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPSJackio Kwok
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructureAditya Nama
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication ServiceSwathy T
 
Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Paul Fremantle
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 

What's hot (20)

How to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewedHow to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewed
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologies
 
Certification authority
Certification authorityCertification authority
Certification authority
 
How to do Cryptography right in Android Part One
How to do Cryptography right in Android Part OneHow to do Cryptography right in Android Part One
How to do Cryptography right in Android Part One
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets Management
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
PKI by Gene Itkis
PKI by Gene ItkisPKI by Gene Itkis
PKI by Gene Itkis
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part Two
 
020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS
 
Final ppt ecommerce
Final ppt ecommerceFinal ppt ecommerce
Final ppt ecommerce
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public key infrastructure
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim Polk
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication Service
 
Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2Federated Identity for IoT with OAuth2
Federated Identity for IoT with OAuth2
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 

Viewers also liked

Xpert- MTB-RIF Data _Biman
Xpert- MTB-RIF Data _BimanXpert- MTB-RIF Data _Biman
Xpert- MTB-RIF Data _BimanBiman Dey
 
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...Amol Patil
 
molecular detection of tuberculosis and rifampin resistance.
molecular detection of tuberculosis and rifampin resistance.molecular detection of tuberculosis and rifampin resistance.
molecular detection of tuberculosis and rifampin resistance.Khaled AlKhodari
 
Cbnaat ppt by Dr. Samrat Abhishek
Cbnaat ppt by Dr. Samrat AbhishekCbnaat ppt by Dr. Samrat Abhishek
Cbnaat ppt by Dr. Samrat AbhishekSamrat Abhishek
 
RECENT ADVANCES IN DIAGNOSIS OF TUBERCULOSIS
RECENT ADVANCES IN DIAGNOSIS OF TUBERCULOSISRECENT ADVANCES IN DIAGNOSIS OF TUBERCULOSIS
RECENT ADVANCES IN DIAGNOSIS OF TUBERCULOSISANGAN KARMAKAR
 
Lpa and Genexpert/CBNAAT/Xpert MTB/Rif
Lpa and Genexpert/CBNAAT/Xpert MTB/RifLpa and Genexpert/CBNAAT/Xpert MTB/Rif
Lpa and Genexpert/CBNAAT/Xpert MTB/RifKalai Arasan
 

Viewers also liked (8)

Xpert- MTB-RIF Data _Biman
Xpert- MTB-RIF Data _BimanXpert- MTB-RIF Data _Biman
Xpert- MTB-RIF Data _Biman
 
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...
Standards for TB care in India, RNTCP challenges: India, Maharashtra & Mumbai...
 
molecular detection of tuberculosis and rifampin resistance.
molecular detection of tuberculosis and rifampin resistance.molecular detection of tuberculosis and rifampin resistance.
molecular detection of tuberculosis and rifampin resistance.
 
Tuberculosis Diagnosis
Tuberculosis Diagnosis Tuberculosis Diagnosis
Tuberculosis Diagnosis
 
Cbnaat ppt by Dr. Samrat Abhishek
Cbnaat ppt by Dr. Samrat AbhishekCbnaat ppt by Dr. Samrat Abhishek
Cbnaat ppt by Dr. Samrat Abhishek
 
RECENT ADVANCES IN DIAGNOSIS OF TUBERCULOSIS
RECENT ADVANCES IN DIAGNOSIS OF TUBERCULOSISRECENT ADVANCES IN DIAGNOSIS OF TUBERCULOSIS
RECENT ADVANCES IN DIAGNOSIS OF TUBERCULOSIS
 
Xpert MTB/RIF Ultra newer technology past to future DIAGNOSIS OF TUBERCULOSIS
Xpert MTB/RIF Ultra newer technology past to future DIAGNOSIS OF TUBERCULOSIS Xpert MTB/RIF Ultra newer technology past to future DIAGNOSIS OF TUBERCULOSIS
Xpert MTB/RIF Ultra newer technology past to future DIAGNOSIS OF TUBERCULOSIS
 
Lpa and Genexpert/CBNAAT/Xpert MTB/Rif
Lpa and Genexpert/CBNAAT/Xpert MTB/RifLpa and Genexpert/CBNAAT/Xpert MTB/Rif
Lpa and Genexpert/CBNAAT/Xpert MTB/Rif
 

Similar to e-Xpert Gate / Reverse Proxy - WAF 1ere génération

Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Rishabh Dangwal
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptxRushikeshChikane2
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerBU
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki conceptMostafa El Lathy
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvanitrraincity
 
The new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pkiThe new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pkiNathan Winters
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionADVA
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authenticationdkaya
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutionsNick Owen
 
Certificates and Web of Trust
Certificates and Web of TrustCertificates and Web of Trust
Certificates and Web of TrustYousof Alsatom
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudAmazon Web Services
 

Similar to e-Xpert Gate / Reverse Proxy - WAF 1ere génération (20)

Security
SecuritySecurity
Security
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
 
Internet .ppt
Internet .pptInternet .ppt
Internet .ppt
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptx
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologies
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept
 
Lecture17
Lecture17Lecture17
Lecture17
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvan
 
Web Security
Web SecurityWeb Security
Web Security
 
Ecommerce final ppt
Ecommerce final pptEcommerce final ppt
Ecommerce final ppt
 
Sangfor SSL VPN Datasheet
Sangfor SSL VPN DatasheetSangfor SSL VPN Datasheet
Sangfor SSL VPN Datasheet
 
The new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pkiThe new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pki
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authentication
 
Web security
Web securityWeb security
Web security
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
 
Certificates and Web of Trust
Certificates and Web of TrustCertificates and Web of Trust
Certificates and Web of Trust
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the Cloud
 

More from Sylvain Maret

Air Navigation Service Providers - Unsecurity on Voice over IP Radion
Air Navigation Service Providers - Unsecurity on Voice over IP RadionAir Navigation Service Providers - Unsecurity on Voice over IP Radion
Air Navigation Service Providers - Unsecurity on Voice over IP RadionSylvain Maret
 
factsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vlfactsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vlSylvain Maret
 
INA Volume 1/3 Version 1.02 Released / Digital Identity and Authentication
INA Volume 1/3 Version 1.02 Released / Digital Identity and AuthenticationINA Volume 1/3 Version 1.02 Released / Digital Identity and Authentication
INA Volume 1/3 Version 1.02 Released / Digital Identity and AuthenticationSylvain Maret
 
INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication
INA Volume 1/3 Version 1.0 Released / Digital Identity and AuthenticationINA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication
INA Volume 1/3 Version 1.0 Released / Digital Identity and AuthenticationSylvain Maret
 
INA Volume 1/3 Version 1.0 RC / Digital Identity and Authentication
INA Volume 1/3 Version 1.0 RC / Digital Identity and AuthenticationINA Volume 1/3 Version 1.0 RC / Digital Identity and Authentication
INA Volume 1/3 Version 1.0 RC / Digital Identity and AuthenticationSylvain Maret
 
Securite des Web Services (SOAP vs REST) / OWASP Geneva dec. 2012
Securite des Web Services (SOAP vs REST) / OWASP Geneva dec. 2012Securite des Web Services (SOAP vs REST) / OWASP Geneva dec. 2012
Securite des Web Services (SOAP vs REST) / OWASP Geneva dec. 2012Sylvain Maret
 
Strong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSOStrong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSOSylvain Maret
 
ASFWS 2012 / Initiation à la sécurité des Web Services par Sylvain Maret
ASFWS 2012 / Initiation à la sécurité des Web Services par Sylvain MaretASFWS 2012 / Initiation à la sécurité des Web Services par Sylvain Maret
ASFWS 2012 / Initiation à la sécurité des Web Services par Sylvain MaretSylvain Maret
 
Threat Modeling / iPad
Threat Modeling / iPadThreat Modeling / iPad
Threat Modeling / iPadSylvain Maret
 
Strong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIIStrong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIISylvain Maret
 
Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011Sylvain Maret
 
Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011Sylvain Maret
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationSylvain Maret
 
Geneva Application Security Forum 2010
Geneva Application Security Forum 2010Geneva Application Security Forum 2010
Geneva Application Security Forum 2010Sylvain Maret
 
Final conclusions of Working Group 3 at Workshop Münchenwiler 20-21 of May 20...
Final conclusions of Working Group 3 at Workshop Münchenwiler 20-21 of May 20...Final conclusions of Working Group 3 at Workshop Münchenwiler 20-21 of May 20...
Final conclusions of Working Group 3 at Workshop Münchenwiler 20-21 of May 20...Sylvain Maret
 
Comment protéger de façon efficace son/ses identité(s) numérique(s) sur le We...
Comment protéger de façon efficace son/ses identité(s) numérique(s) sur le We...Comment protéger de façon efficace son/ses identité(s) numérique(s) sur le We...
Comment protéger de façon efficace son/ses identité(s) numérique(s) sur le We...Sylvain Maret
 
Digital identity trust & confidence
Digital identity trust & confidenceDigital identity trust & confidence
Digital identity trust & confidenceSylvain Maret
 
Implementation of a Biometric Solution Providing Strong Authentication To Gai...
Implementation of a Biometric Solution Providing Strong Authentication To Gai...Implementation of a Biometric Solution Providing Strong Authentication To Gai...
Implementation of a Biometric Solution Providing Strong Authentication To Gai...Sylvain Maret
 
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...Sylvain Maret
 
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...Sylvain Maret
 

More from Sylvain Maret (20)

Air Navigation Service Providers - Unsecurity on Voice over IP Radion
Air Navigation Service Providers - Unsecurity on Voice over IP RadionAir Navigation Service Providers - Unsecurity on Voice over IP Radion
Air Navigation Service Providers - Unsecurity on Voice over IP Radion
 
factsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vlfactsheet_4g_critical_comm_en_vl
factsheet_4g_critical_comm_en_vl
 
INA Volume 1/3 Version 1.02 Released / Digital Identity and Authentication
INA Volume 1/3 Version 1.02 Released / Digital Identity and AuthenticationINA Volume 1/3 Version 1.02 Released / Digital Identity and Authentication
INA Volume 1/3 Version 1.02 Released / Digital Identity and Authentication
 
INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication
INA Volume 1/3 Version 1.0 Released / Digital Identity and AuthenticationINA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication
INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication
 
INA Volume 1/3 Version 1.0 RC / Digital Identity and Authentication
INA Volume 1/3 Version 1.0 RC / Digital Identity and AuthenticationINA Volume 1/3 Version 1.0 RC / Digital Identity and Authentication
INA Volume 1/3 Version 1.0 RC / Digital Identity and Authentication
 
Securite des Web Services (SOAP vs REST) / OWASP Geneva dec. 2012
Securite des Web Services (SOAP vs REST) / OWASP Geneva dec. 2012Securite des Web Services (SOAP vs REST) / OWASP Geneva dec. 2012
Securite des Web Services (SOAP vs REST) / OWASP Geneva dec. 2012
 
Strong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSOStrong Authentication State of the Art 2012 / Sarajevo CSO
Strong Authentication State of the Art 2012 / Sarajevo CSO
 
ASFWS 2012 / Initiation à la sécurité des Web Services par Sylvain Maret
ASFWS 2012 / Initiation à la sécurité des Web Services par Sylvain MaretASFWS 2012 / Initiation à la sécurité des Web Services par Sylvain Maret
ASFWS 2012 / Initiation à la sécurité des Web Services par Sylvain Maret
 
Threat Modeling / iPad
Threat Modeling / iPadThreat Modeling / iPad
Threat Modeling / iPad
 
Strong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIIStrong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS III
 
Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011Strong Authentication in Web Applications: State of the Art 2011
Strong Authentication in Web Applications: State of the Art 2011
 
Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011Strong Authentication in Web Application / ConFoo.ca 2011
Strong Authentication in Web Application / ConFoo.ca 2011
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
 
Geneva Application Security Forum 2010
Geneva Application Security Forum 2010Geneva Application Security Forum 2010
Geneva Application Security Forum 2010
 
Final conclusions of Working Group 3 at Workshop Münchenwiler 20-21 of May 20...
Final conclusions of Working Group 3 at Workshop Münchenwiler 20-21 of May 20...Final conclusions of Working Group 3 at Workshop Münchenwiler 20-21 of May 20...
Final conclusions of Working Group 3 at Workshop Münchenwiler 20-21 of May 20...
 
Comment protéger de façon efficace son/ses identité(s) numérique(s) sur le We...
Comment protéger de façon efficace son/ses identité(s) numérique(s) sur le We...Comment protéger de façon efficace son/ses identité(s) numérique(s) sur le We...
Comment protéger de façon efficace son/ses identité(s) numérique(s) sur le We...
 
Digital identity trust & confidence
Digital identity trust & confidenceDigital identity trust & confidence
Digital identity trust & confidence
 
Implementation of a Biometric Solution Providing Strong Authentication To Gai...
Implementation of a Biometric Solution Providing Strong Authentication To Gai...Implementation of a Biometric Solution Providing Strong Authentication To Gai...
Implementation of a Biometric Solution Providing Strong Authentication To Gai...
 
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...
 
Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...Geneva Application Security Forum: Vers une authentification plus forte dans ...
Geneva Application Security Forum: Vers une authentification plus forte dans ...
 

Recently uploaded

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 

Recently uploaded (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 

e-Xpert Gate / Reverse Proxy - WAF 1ere génération

  • 1. e-Xpert Gate e-Xpert Solutions SA [email_address] 2 mars 2001
  • 2. e-Xpert Gate ? Access your applications from everywhere with strong confidentiality and authentication
  • 3.
  • 4. Solution ? Use your favorite browser
  • 5.
  • 6. But how to solve security issue ? Web-based Internal Resources What should I do ? Firewall Dmz Browser
  • 7. Direct access with http or https ? Firewall Dmz Browser Web-based Internal Resources Why not ?
  • 8.
  • 9. Secure access with e-Xpert Gate Firewall Dmz Browser Web-based Internal Resources E-Xpert Gate SSL
  • 10.
  • 11. Reverse Proxy Technology Server within a firewall The proxy server appears to be the content server A client computer on the Internet sends a request to the proxy server Firewall CACHE The proxy server uses a regular mapping to forward the client request to the internal content server You can configure the firewall router to allow a specific server on a specific port (in this case, the proxy on its assigned port) to have access through the firewall without allowing any other machine in or out. https (SSL) http or https
  • 12.
  • 13.
  • 14.
  • 15.
  • 16. About authentication ? Your business is on the line. But do you really know who’s on the other end?
  • 18.
  • 19.
  • 20. RSA SecurID implementation Dmz Web-based Internal Resources E-Xpert Gate
  • 22. How it works ? Seed Time 482392 ACE/Server Token Algorithm Seed Time 482392 Algorithm Same Seed Same Time
  • 24. SSL client authentication implementation Dmz Web-based Internal Resources PKI architecture Client X509 Certificate E-Xpert Gate
  • 25. What is a certificate
  • 26.
  • 27. Client side authentication Web Client Web Server Challenge Client Certificate Request Challenge answer Client Certificate
  • 28. How secure is the private key ? How does the user get access? Where is it stored? Smart Card PIN Password Local Browser store Private key
  • 29.
  • 30.
  • 31. Lotus access with e-Xpert Gate
  • 33.
  • 34.
  • 35.
  • 36.