CyberSafe TrustBroker
A wide range
The CyberSafe TrustBroker™ products feature multi-platform, common authentication. They secure an
organization's intranet and extranet against inside and outside threats, even when using unsecured networks (such as the
Internet). They are scalable, interoperable on the leading installed business operating system platforms, and flexible
through their support of multiple authentication mechanisms (passwords, certificates, token cards, smart cards, etc.) using
a unique brokering technique.
The TrustBroker™ individual products can be combined, and with complementary third party products can
provide various business solutions - for example:
Kerberos Security Infrastructure Solutions
The TrustBroker™ product range allows an organization to implement a secure, strategic and "common
authentication" infrastructure so that operating system access and application security can be integrated into a single
framework architecture. The integration with Microsoft's Windows 2000/XP networks also allows a full return on investment
and bridges the gap between heterogeneous networks or operating system environments. CyberSafe can also help with and advise
on the appropriate use of MIT or Microsoft products to satisfy your Kerberos Security Infrastructure needs.
Kerberos Database Security Solutions
The Kerberos protocol makes an ideal solution to database application and privacy needs. The CyberSafe
solutions offered for securing databases include the necessary security expertise (in particular with Oracle and Sybase
databases), and if required CyberSafe can provide you with the commercially supported technology or Open Source (if
applicable) to achieve all of your database common authentication and privacy needs.
Kerberos Data Transfer Security Solutions
With our technology and expertise in the integration and support of third party products that use Kerberos
technology, including WRQ's Reflection, CyberSafe is ideally positioned to provide a solution to your secure data transfer
needs. CyberSafe can also provide tools to secure data transfer in unattended mode (i.e. from a UNIX batch environment to
another UNIX server).
Kerberos Interactive Security Solutions
When interactively accessing operating systems (e.g. UNIX Servers) using telnet, for example - there is a
growing awareness that passwords are transmitted in the clear, and the authentication techniques and password policy
management can be improved upon. Using CyberSafe's experience in providing solutions to address these needs, it is possible
to benefit from a variety of Kerberos based security solutions to deliver an authentication framework for host interactive
access and also avoid the vulnerabilities associated with password sharing (i.e. no need for multiple administrators to
share root password on UNIX). These solutions can also be used for secure administration of CISCO and Marconi router/switch
devices on your network.
Kerberos Web Authentication Solutions
The web authentication solutions mostly offered and implemented today utilize a user ID and password
and/or a client certificate which is unlocked with a PIN code for higher security. The capabilities offered with the
CyberSafe Web Authentication solutions are complementary to these techniques, but take authentication a stage further so
that the web server can delegate users' credentials to secure applications behind it (e.g. a database), thus ensuring
end-to-end security and common authentication across the entire n-tier web application architecture.
Kerberos for Wireless LAN Security Solutions
This solution is currently under development; if however you are involved in wireless network technology
and recognize the value of using Kerberos for Wireless LAN (802.11b) security instead of just Wired Equivalent Privacy (WEP),
we would be pleased to hear from you and perhaps discuss partnerships and joint development opportunities.
The individual TrustBroker™ products available from CyberSafe:
TrustBroker™ Security Server
This product provides a scalable and robust implementation of a Kerberos Key Distribution Centre (KDC). It
can be hosted on popular UNIX platforms and also on Microsoft Windows NT/2000 Servers. It has been written to support
Kerberos based authentication as well as Public Key (utilising X.509 v3 certificates on smart cards) and also supports the
complementary use of token cards to give stronger two-factor authentication for specific users.
TrustBroker™ Secure Client
The product that provides a Kerberos Client on a wide range of popular operating systems. It supports a
variety of credential cache formats and interfaces to give full interoperability with CyberSafe TrustBroker™ and also
Microsoft and MIT Kerberos infrastructures.
TrustBroker™ Developer Pack
This package contains a Kerberos administration toolkit and an application security development toolkit
providing C,C++ and JAVA interfaces.
The application security development toolkit product available from CyberSafe is designed to be robust and
stable, and CyberSafe can provide this along with an appropriate infrastructure and a consulting service to allow you to
secure your applications. The application security toolkit is based on the
IETF RFC2743 industry standard Generic
Security Services API Version 2, Revision 1 (or GSS-API). If you already have a Kerberos infrastructure and want to 'Kerberise'
your applications with a commercially supported toolkit then this might be what you are looking for.
TrustBroker™ Web Agent
The Web Agent product provides an ideal common authentication solution for web based applications by
enabling the authentication domain (i.e. realm) used during HTML based authentication to share the same authentication
domain used during operating system and non-web based application authentication.
CyberSafe has plans to release a new version of this product incorporating a browser plug-in which is able
to read the Kerberos identity from the user's workstation and forward this to the web server for onward processing - this
will provide a true end-to-end authentication solution for n-tier applications since the workstation, browser, web server,
application server and database will all know the user with the same secure, common electronic identity.
TrustBroker™ Public Key Option Pack
This package of product options provides added-value functionality to the TrustBroker™ products utilizing
complementary Public Key Infrastructure (PKI) technology. The Options included in this package are listed below along with a
short description.
TrustBroker™ Virtual Smart Card Option
This product option provides added value functionality in the TrustBroker™ Security Server (the Kerberos
Key Distribution Centre) and TrustBroker™ Secure Client (currently only Windows version supported). With the Client and
Server components working together the Client has the capability, after the Kerberos protocol has authenticated the user,
to access via. a PApplied#11 or Microsoft CryptoAPI interface, a storage of credentials in a common format in the "smart card
store" located on the Server. The application that uses the API will recognize the "smart card store" as though it is a
physical smart card, but in fact the card contents are initially stored centrally in the TrustBroker™ Security Server
database and transferred to the client down an encrypted session. This capability can provide roaming access to smart card
contents. Also, other forms of pre-authentication are supported with the CyberSafe Kerberos products, such as token cards,
thus it is possible to provide two-factor authentication access to the smart card contents.
TrustBroker™ Smart Card Services Option
This option enables the support for the
PKINIT
standard so that physical smart cards can be used for initial Kerberos authentication.
TrustBroker™ Secure Application Pack
This package consists of various Kerberos-enabled applications/utilities for UNIX and Windows operating
systems. The applications available are:
- CyberSafe TrustBroker™ UNIX Utilities (ftp, telnet, rcp, rsh, rlogin, ksu + associated daemon's)
- CyberSafe TrustBroker™ Windows Utilities (telnet, rcp, rsh)
This product package is now available for purchase separately and the components are currently being
certified to work with any Kerberos infrastructure; previously these applications were included in the TrustBroker™ Secure
Client.
|
TrustBroker Product Description
