WIXLIB

Enhance confidence in Online businesswith Identity ProtectionNopchai TangtrithamSymantec (Thailand) Ltd.

ความมัน่ ใจในโลกออนไลน์“On the Internet, no-one knows you’re a dog”2

ตัวอย่าง Case ในเมืองไทยPresentation Identifier Goes Here3

All users cannot know all the attacksVirusesPhishingPharmingIdentity TheftFraudSpywareScamsTrojan Horses

Raising Trust And Improving Security For ConsumersSymantec Enables Mutual Authentication & TrustOrganisations Must establish trust withtheir users through securityand reputation servicesUsers/DevicesTrust The Organisation Must authenticate andmanage user identitiesTrust The UserCloud Based One Time PasswordsFDS & Risk Analysis Must be able to verify thesecurity and reputation ofthe on-line organizationprior to interaction Must be able to presentidentity credentials beforeaccessing sensitive orpersonal informationSSL & Trust ServicesVeriSign Identity Protection NetworkStrong Authentication & Trust Services5

Trust the OrganizationPresentation Identifier Goes Here6

Phish or No Phish

Phish or No Phish (cont)

อีกหนึง่ �ชือ่ มั่นออนไลน์ CA / Browser Forum �อ่ กาหนดมาตรฐานExtended Validation สาหรับ SSL Certificate– CA / Browser Forum �้บริการ certification authorities(CAs) และผู้พัฒนา Internet browsers– www.cabforum.org SSL Certificates จะมาพร้อมกับ EV status Backward compatible– Older browsers display certificates just as they do today

How it works Authentication of identity– Standardized authentication procedure– CA is audited against this procedure– Verify Organization is a valid registered entity Control and ownership of domain Employment and authority of certificate requestor Indication of EV status– Certificate contains EV marker– Browser compares in real time to EV-approved roots

The EV SSL user experienceAddress bar turns greenassuring they havereached the right siteSecurity status barindicates the companyyou are talking toOrganization name ishighlighted in green Over 85% of browsers used today candisplay the green address bar Includes: Internet Explorer 7 andhigher, Firefox 3.0 and higher, Safari3.2 and higher, Opera 9.X and higher,Chrome, and the iPhone

Other visual cues

User compromise1. Attacker compromisesWeb server3. User isredirected tomalicious server2. Users visitlegitimate website4. Malicious serverexploits vulnerability toinstall malicious codeISTR XIV13

แนะนา VeriSign Trust Seal ��รับรองจาก VeriSign(Authentication) �วบไซต์จากมัลแวร์ (Web Site MalwareScan)– ��น Blacklist ของ Search Engine– มาจากเวบของเรา VeriSign Seal-in-SearchPresentation Identifier Goes Here14

esentation Identifier Goes Here15

The VeriSign VeriSign Inc is the SSL solution chosen by– 93% of the Fortune 500– 97 of the top 100 banks that use SSL– 81% of the largest e-commerce merchants in North America

Trust the UserPresentation Identifier Goes Here17

Symantec Authentication Product Family TodayDigital Certificates (PKI)One Time Passwords (VIP)Fraud DetectionRules Eng.Behavior Eng.RISK SCOREPKI service issues certificatesfor strong authentication,encryption and digital signingShared cloud-based two-factorauthentication solution offeringmultiple credential choicesRisk-Based authentication andsoftware-based fraud detectionEnterpriseGovernmenteCommerceFinancial Services

Symantec – Digital Certificates SolutionPublic Key InfrastructurePresentation Identifier Goes Here19

รูจ้ กั Digital Certificates & Public Key Infrastructure Certificate เชื่อมโยง “public key” กับเจ้าของนั้นๆ– �เจ้าของ– �อ้ อกใบรับรอง– Validity and Expiration Dates Certificate �ะจาย Public Key �ดย 3rd party �อบตัวตนเจ้าของ Certificate ให้แล้ว (ตัดปัญหาใบ Cert ปลอม) PKI �–––Certification AuthoritiesRegistration AuthoritiesDirectoriesPKI-enable applicationsPolicies & procedures ��มาย)Presentation Identifier Goes Here20

Symantec Managed PKILowers Cost and Reduces ComplexityBuild Your Own (In-house) PKISymantec Managed PKI Servicesvs.PKI SoftwareTrust &TrainIT PersonnelServersYour PKIAdministratorFirewallsDatabasesTrust & TrainOperationalPersonnelSecureFacility Lower total cost of ownership Proven, reliable infrastructure andsecure operationAccreditations Fast deployment in state-of-the-artsecure datacenterCost and complexity of in-house solutionmitigates benefits Proven scalability24/7 supportBinding SLAsAccredited PKI back-end andpolicy

What PKI Enables StrongAuthenticationDigitalSignaturesEncryption Prevent unauthorized accessthrough enhanced authentication Primary integration points: Web applications,remote access, desktop logon, and wireless Strengthen integrity and audit potentialof electronic transactions Primary integration points: Email, Adobe,and custom applications Protect sensitive information whetherdata is in transit or at rest Primary integration points: Email, disk,file/folder, and databases

PKI Use CasePresentation Identifier Goes Here23

Protecting Customers’ Banking PINs Using Certificates1Administrator authenticates into asecure VeriSign portal and uploadsdevice detailsHosted PKI InfrastructurePKI platform that hosts the CA andControl CenterInternetInternet3Administratordownloads the batchfile, uncompresses,and decrypts42Certificate request is processedand a batch file is generatedDigital certificates injectedinto rATMATM NetworkNetworkOngoing remotemanagement of keys

บริการ Symantec Secure E-mailPresentation Identifier Goes Here25

บริการ Symantec Secure E-mailPresentation Identifier Goes Here26

4 หลักสาคัญของ Trustเกิดขึน้ �แล. Authentication– Identity �ลิเคชัน Confidentiality– �่วนตัว Integrity– �กปลอมแปลงแก้ไข Non-Repudiation– ��ชอบPresentation Identifier Goes Here27

พรบ. �อิเล็ กทรอนิกส ์ (ฉบ ับที่ 2)Cloud Computing (Truth behind the Hype)28

บริการ VIP AuthenticationVeriSign Identity Protection (VIP)Presentation Identifier Goes Here29

แนะนาบริการ VIP Authentication Service two factor authentication เป็นบริการทีอ่ ยูใ่ นระบบคลาวด์, high availability. Full self service APIs with extensivedocumentation, integration guides and samplecode.้– สามารถ Integrate เพือ่ ใชงานได้ภายใน 1 อาทิตย์! Multiple form factors and delivery methods:––––––Hardware credentials (OATH open standards, multiple vendors)Software credentials (Browser tool bar)Mobile credentials (iPhone, Android, Blackberry, 650 phones)Embedded credentials (embed into your own mobile application)SMS credentials (SMS to user phone)Voice credentials (Automated phone call reads out OTP to user) Credential สามารถใชง้ านได้ก ับ multiple member sites้ จาเป็ นต ้องมี Credential แยกสาหรับใชงาน้– ผู ้ใชไม่OTP ของแต่ละเวบไซต์

VIP Authentication: Sharing Second Factor AuthenticationCONSUMERS / USERSNETWORK MEMBERSVIP NETWORKUID: Jasmin123PWD: *******ID#: X13GH2OTP: 929424UID: JDahl89PWD: *******FINANCIALID#: X13GH2OTP: 625923CARRIERSJasmineUID: JshopsPWD: *******ID#: X13GH2OTP: 779294Token ID: X13GH2RETAILERSUID: JazzgirlPWD: *******ID#: X13GH2OTP: 442929PORTALS31NETWORK OPERATOR

VIP Mobile Application ไม่มคี า่ ใช้จา่ ยในตัว Mobile Application �ก http://m.verisign.com และ App Stores– Apple AppStore, BlackBerry AppWorld, Android Marketplace อุปกรณ์ทรี่ องรับ– มากกว่า 650 popular handsets RIM, Apple, Moto, Nokia, LG, Samsung,Sony Ericsson, Sanyo, Pantech and more Generic version supports most J2ME phones

จุดเด่นของ Symantec VIP Best ROI เมื่อเทียบกับ Traditional OTP– ติดตัง้ ��และการบารุงรักษา Web Service API Developer tools available: https://vipdeveloper.verisign.com– มีความเสถียรสูง– ��ซึ่ง OTP �อง Hardware Token, ค่า SMS– Shared Credential https://idprotect.verisign.com/wheretouse.v

VIP Consumer AuthenticationExternal WebApplicationSOAPWeb Services· Credential Stateper VIP Member· Second LevelSupportEnd User with VIPCredentialLogin using username,password, OTPfrom VIP credentialMaster CredentialDatabase· Security CodeValidationVeriSign VIP Authentication ServiceExisting UserDatabase

VIP Enterprise Authentication· Security CodeValidationOther VIP NetworkMember CloudServicesEnd User With VIPCredentialIn The Cloud· Credential Stateper VIP MemberMaster CredentialDatabase· Second LevelSupportVeriSign VIP Authentication ServiceOne CredentialMany ServicesIf VIP Network Sharing Is EnabledEnterprise NetworkVeriSign Enterprise PNLDAP/AD/ODBC ConnectorRADIUS / SOAP / Plug-inRADIUS and SOAP InterfaceEnd User Self-Service PortalAccess From Inside or Via VPNAdministration PortalAccess From Inside or Via VPNUser Visits Local Site, Where SAML AssertionPasses Through To The VIP Cloud PortalsEnd User With VIPCredentialAdministrator OrHelpdesk Officer With VIPCredentialSystemsAdministratorConfiguration PortalNick Savvides nick savvides@symantec.com V1 05NOV10Citrix/WebApplicationServers

Out-of-Box Integration With Existing ApplicationsWindows LogonWi-Fi Logon (802.1X)Outlook Web AccessSecure Remote AccessValidation SDKalso availableTivoli Access ManagerUnix PAMCitrix Metaframe

Demo VIP (OTP)Presentation Identifier Goes Here37

Thank you!Nopchai TangtrithamCopyright 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates inthe U.S. and other countries. Other names may be trademarks of their respective owners.This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied,are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.38

Developer tools available: https://vipdeveloper.verisign.com – มีความเสถียรสูง �ห