Upload
bathsheba-nichols
View
222
Download
5
Embed Size (px)
Citation preview
Sway5-1 NabiTel
ComponentComponent : : Policy DirectorPolicy Director
User Administration : User Administration : 사용자 등록 관리사용자 등록 관리
Global Sign-On : Global Sign-On : 사용자 사용자 Log OnLog On 관리관리
Security Manager : Security Manager : 보안 정책 생성 및 적용 관리보안 정책 생성 및 적용 관리
Policy Director : Policy Director : 웹 서버 접근 관리웹 서버 접근 관리
Privacy Manager : Privacy Manager : 개인 정보 접근 관리개인 정보 접근 관리
Risk Manager : Risk Manager : 침입 위험 관리침입 위험 관리
PKI : PKI : 공개 키를 이용한 인증 관리 공개 키를 이용한 인증 관리
User Administration : User Administration : 사용자 등록 관리사용자 등록 관리
Global Sign-On : Global Sign-On : 사용자 사용자 Log OnLog On 관리관리
Security Manager : Security Manager : 보안 정책 생성 및 적용 관리보안 정책 생성 및 적용 관리
Policy Director : Policy Director : 웹 서버 접근 관리웹 서버 접근 관리
Privacy Manager : Privacy Manager : 개인 정보 접근 관리개인 정보 접근 관리
Risk Manager : Risk Manager : 침입 위험 관리침입 위험 관리
PKI : PKI : 공개 키를 이용한 인증 관리 공개 키를 이용한 인증 관리
Sway5-2 NabiTel
ComponentComponent : : Policy Director Policy Director - - 특징특징
Addresses the top challenges of e-business securitySecure communication with
CustomersBusiness partnersOthers
Centrally define/manage security policy e-business
applicationsTransparently enforce authorization policy
Through access control rights to Web applicationsSupport virtually any client device
BrowsersPervasive devices that use Wireless Access
Protocol(WAP)
Addresses the top challenges of e-business securitySecure communication with
CustomersBusiness partnersOthers
Centrally define/manage security policy e-business
applicationsTransparently enforce authorization policy
Through access control rights to Web applicationsSupport virtually any client device
BrowsersPervasive devices that use Wireless Access
Protocol(WAP)
Sway5-3 NabiTel
ComponentComponent : : Policy Director Policy Director - - 특징특징 (( 계속계속 ))
Use public key infrastructure (PKI)-based
authentication
To access existing Web-based applications
No rewriting or modification of applications
Control access to legacy TCP/IP-based client/server
applications
Provide single sign-on to Web-based applications
Access for the Right People at the Right Time
Reduce your cost of building security into new
applications
Eliminate the need to write complex security code
Use public key infrastructure (PKI)-based
authentication
To access existing Web-based applications
No rewriting or modification of applications
Control access to legacy TCP/IP-based client/server
applications
Provide single sign-on to Web-based applications
Access for the Right People at the Right Time
Reduce your cost of building security into new
applications
Eliminate the need to write complex security code
Sway5-4 NabiTel
ComponentComponent : : Policy Director Policy Director - - 특징특징 (( 계속계속 ))
Secure Access to Enterprise Web Servers
WebSEAL server manages access to all your Web
servers
Centrally control Web resources as one logical
Web space
Intelligent load balancing over replicated servers
Effective server scalability and deployment
Provides a fail over capability
Automatically switch to a backup Web server.
Secure Access to Enterprise Web Servers
WebSEAL server manages access to all your Web
servers
Centrally control Web resources as one logical
Web space
Intelligent load balancing over replicated servers
Effective server scalability and deployment
Provides a fail over capability
Automatically switch to a backup Web server.
Sway5-5 NabiTel
ComponentComponent : : Policy Director Policy Director - - 특징특징 (( 계속계속 ))
Supports authentication and access control of Web
browsers
Through user IDs and passwords
Through client-side certificates
Through RSA SecureID tokens
Provides single sign-on access to the Web servers it
secures
Single log on once to PD
Subsequent logons are handled transparently
Supports authentication and access control of Web
browsers
Through user IDs and passwords
Through client-side certificates
Through RSA SecureID tokens
Provides single sign-on access to the Web servers it
secures
Single log on once to PD
Subsequent logons are handled transparently
Sway5-6 NabiTel
ComponentComponent : : Policy Director Policy Director - - 특징특징 (( 계속계속 ))
Secure Access to Legacy Client/Server Applications
Secures traditional Internet services
Telnet and TCP/IP-based legacy applications
Logon required for access
VPN support
Between NetSEAT client and NetSEAL server
End-to-end encryption
Secure Access to Legacy Client/Server Applications
Secures traditional Internet services
Telnet and TCP/IP-based legacy applications
Logon required for access
VPN support
Between NetSEAT client and NetSEAL server
End-to-end encryption
Sway5-7 NabiTel
ComponentComponent : : Policy Director Policy Director - - 특징특징 (( 계속계속 ))
Support for Many Standardized Features
Supports many open, industry standards
LDAP for the storage of user and group
credentials
Supports Netscape/IBM SecureWay LDAP
directories
Provides strong authentication to web-based
resources
Using X.509 V3 client certificates
Support/manage for full Certificate Revocation
List (CRL)
Real-time control of user access rights
Support for Many Standardized Features
Supports many open, industry standards
LDAP for the storage of user and group
credentials
Supports Netscape/IBM SecureWay LDAP
directories
Provides strong authentication to web-based
resources
Using X.509 V3 client certificates
Support/manage for full Certificate Revocation
List (CRL)
Real-time control of user access rights
Sway5-8 NabiTel
ComponentComponent : : Policy Director Policy Director - - 특징특징 (( 계속계속 ))
Authorization API (AuthAPI) implements
Open Group Authorization Service API (aznAPI)
Provides a common set of authorization
services
Support multiple operating system
environments
Logon required for access
Security application development API
Customized security environment
Authorization decision-making possible in
applications
Authorization API (AuthAPI) implements
Open Group Authorization Service API (aznAPI)
Provides a common set of authorization
services
Support multiple operating system
environments
Logon required for access
Security application development API
Customized security environment
Authorization decision-making possible in
applications
Sway5-9 NabiTel
ComponentComponent : : Policy Director Policy Director - - 특징특징 (( 계속계속 ))
Integration with Other Tivoli Products
Foundation for Policy Director for Application
Servers
Adds security support for CORBA applications
Logon required for access
Backbone for Tivoli SecureWay Privacy Manager
Integrates with Tivoli SecureWay PKI
Identifies users to PD access
Identifies PD to Web browsers
Integration with Other Tivoli Products
Foundation for Policy Director for Application
Servers
Adds security support for CORBA applications
Logon required for access
Backbone for Tivoli SecureWay Privacy Manager
Integrates with Tivoli SecureWay PKI
Identifies users to PD access
Identifies PD to Web browsers
Sway5-10 NabiTel
ComponentComponent : : Policy Director Policy Director - - 특징특징 (( 계속계속 ))
Can configure PD as a logon target for Global Sign-
On
Provide single sign-on across enterprise
Enables users to access resources across the
enterprise
Integration with UA and SM
Allows PD user creation from UA console
Allows security policies from SM console
Can configure PD as a logon target for Global Sign-
On
Provide single sign-on across enterprise
Enables users to access resources across the
enterprise
Integration with UA and SM
Allows PD user creation from UA console
Allows security policies from SM console
Sway5-11 NabiTel
PolicyDirector
WebSEAL
AuthorizationDatabase
Firewall
ComponentComponent : : Policy Director Policy Director - Architecture- Architecture
사용자 1권한 : A, B
사용자 2권한 : B, C
A
C
B
Smart JunctionLogical Web Space
Sway5-12 NabiTel
ComponentComponent : : Policy Director Policy Director - Access Control- Access Control
Sway5-13 NabiTel
ComponentComponent : : Policy Director Policy Director - - 효과효과
Application 과 보안의 독립
No Agent Code
No Security Code
Centralized Single Point
Control
Authentication
Authorization
e-Commerce Infra
Enabler
Virtual Web Server
Integration
생산성 증대
관리 효율성 향상
Application 과 보안의 독립
No Agent Code
No Security Code
Centralized Single Point
Control
Authentication
Authorization
e-Commerce Infra
Enabler
Virtual Web Server
Integration
생산성 증대
관리 효율성 향상
Microsoft
IBM
User
Netscape
PolicyDirector
Single PointAccess Control
Apache
PermitDeny
Sway5-14 NabiTel
ComponentComponent : : Policy Director Policy Director - Platform- Platform
Client
Windows 95
Windows 98
Windows NT 4.0
Client
Windows 95
Windows 98
Windows NT 4.0
Server
IBM RS/6000
Sun SPARC
Intel x86 or
Pentium
IBM AIX 4.3.1
Sun Solaris 2.6
Windows NT 4.0
HP-UX 11.0
Server
IBM RS/6000
Sun SPARC
Intel x86 or
Pentium
IBM AIX 4.3.1
Sun Solaris 2.6
Windows NT 4.0
HP-UX 11.0
Sway5-15 NabiTel
""Policy Director authorization and access control technology has been Policy Director authorization and access control technology has been instrumental in helping us build several of our most strategic e-business instrumental in helping us build several of our most strategic e-business
initiatives -- in particular our Global Supplier Network and our intranet initiatives -- in particular our Global Supplier Network and our intranet capabilities. "capabilities. "
Ralph Szygenda - Vice President and Chief Information Officer, Ralph Szygenda - Vice President and Chief Information Officer, General Motors. General Motors.
General Motors
세계 최대 자동차 제조 회사 Policy Director 를 이용하여 GM/ 협력사
적용업무에 대한 안전한 웹 포탈 서비스를 제공 일만개의 직접 공급사를 지원하는 확장
가능성을 제공 공급사들이 GM 의 웹서버 자원을 직접
관리함으로써 사업의 활성화를 유도
ComponentComponent : : Policy Director Policy Director - GM- GM
Sway5-16 NabiTel
"Policy Director has been the cornerstone of our security architecture, providing the permissions management that has
enabled us to implement our e-commerce initiatives."
Kirk Kness, Assistant Vice President of Application Architecture
T.RowePrice
뮤추얼 펀드 , 자산 관리 서비스 제공 회사 Policy Director 를 이용하여 자사의 고객을 대상으로 하는 e-
commerce 시스템의 보안 솔루션 구축 Legacy 시스템과 웹 기반의 시스템의 원활한 연동 Scalability 와 extensibility 가 가장 큰 장점
ComponentComponent : : Policy Director Policy Director - RowePrice- RowePrice
Sway5-17 NabiTel
""Using Tivoli's Policy Director solution for our new Cockpit Using Tivoli's Policy Director solution for our new Cockpit
and Cabin Crew System had a very positive effect on the and Cabin Crew System had a very positive effect on the
business case. It's central management allows for reduced TCO business case. It's central management allows for reduced TCO
while the need of not writing 'permissions' -identification and while the need of not writing 'permissions' -identification and
access control - into each application but using a central policy access control - into each application but using a central policy
scheme improved the ROI.”scheme improved the ROI.”
Bert van Wijk, Head of KLM Cabin Crew ProjectsBert van Wijk, Head of KLM Cabin Crew Projects
KLM
Major 국제 항공사 Policy Director 를 이용하여 “ Crew WorkStation” mission-
critical 어플리케이션을 위한 웹 포탈 사이트 구축 중앙집중식 접근 통제 시스템 / 중앙 접근 통제 관리 시스템 구축
ComponentComponent : : Policy Director Policy Director - KLM - KLM
Sway5-18 NabiTel
동아일보사
국내 Major 언론사 Policy Director 를 이용하여 기자들을 위한 Secure-Intranet 웹
사이트 구축 특징 : Tivoli PKI 와의 연동으로 사용자 인증 방식 강화
국세청
국내 주요 관청 Policy Director 를 이용하여 국세청 Secure-Internet 웹 사이트 구축 특징 : 웹 관리자를 위한 인증과 Access Control 기능 제공으로 일반
사용자와 관리자의 접근 분리
ComponentComponent : : Policy Director Policy Director - - 국내 국내
Sway5-19 NabiTel
ABN/AmroABN/Amro ABPABP ADPADP AduanasAduanas Aetna InsuranceAetna Insurance AholdAhold Air TranAir Tran Alfa LavalAlfa Laval AmeriSource CorpAmeriSource Corp AnicoAnico APNTAPNT AT&TAT&T Banco BanescoBanco Banesco Banco ItauBanco Itau Banco RioBanco Rio Banco SantanderBanco Santander Banco Weise SudamerisBanco Weise Sudameris BanestoBanesto Bangkok BankBangkok Bank BanruralBanrural Barclays Barclays
• Baxter Health• BBV • Bell Atlantic Internet• Bell Canada• BC/BS of IL/TX• BC/BS of Kansas• BG• British Airways• Burlington Industries• CanTV• Capital BC/BS• Cari Varona• Cargill• CGU Insurance• Chase Manhattan Bank• CP Rail• Dascom – J• Delta Lloyd Insurance• Den Danske Bank• Dept. of Justice• Deutsche Telecom
• DTCC
• Expedium
• Federal Reserve Bank• Fireman’s Fund• First USA• Freddie Mac• Frieghtliner
• GKM Chep Ltd.
• GM
• Group Health (Kaiser)
• HIT
• HSBC
• Hundai
• I2
• ICCREA
• IKON
• Independent BC/BS
• ING Bank
ComponentComponent : : Policy Director Policy Director - Reference- Reference
Sway5-20 NabiTel
• Intessa
• Investment Banker’s Trust
• Jaztel
• John Deere
• Juske Bank
• KBC
• Kemper Insurance
• KLM
• Kotak Securities
• Kreditkassen
• Leader Systems
• Maersk
• Matsushita
• Met Life
• Multrix
• Mutual of Omaha
• Navistar
• Navy Credit
• NCM
• New York Stock Exchange
• NTT
• Panasonic
• Partima
• Pershing
• Ralston Purina
• Safelite Autoglass
• SBC
• SEB
• Shell Canada
• St. Paul Insurance
• State of NJ
• State of Ohio
• State of Washington
• SunTrust
Telcordia/BelcoreTelcordia/Belcore
TelstraTelstra
Texas Farm BureauTexas Farm Bureau
Tokyo MarinesTokyo Marines
Winn DixieWinn Dixie
WM DataWM Data
YKBYKB
United AirlinesUnited Airlines
Universidad Autonoma de CampoUniversidad Autonoma de Campo
University of MAUniversity of MA
VW GedasVW Gedas
Washington State UniversityWashington State University
Westpac Banking Corp.Westpac Banking Corp.
WestvacoWestvaco
WhirlpoolWhirlpool
ComponentComponent : : Policy Director Policy Director - Reference- Reference