blue ridge networks / com info systems

Products and Services Overview

Blue Ridge Networks / Cominfo Systems

©2008 Blue Ridge Networks/Cominfo Systems. All rights reserved.

Teaming

• Cominfo and Blue Ridge Networks signed Teaming agreement to serve Pakistan’s market

• Cominfo is a exclusive product and service provider of Blue Ridge Networks in Pakistan

• Combination of exceptional product line and outstanding service brought two companies together


Benefits of Teaming

• Local Urdu and English speaking technical support

• Local workforce available to visit client sites fortraining and support

• Immediate product implementation and replacement

• No middleman and markups

• Office expansions are scheduled for Lahore Islamabad, Rawalpindi, and Dubai


04/19/23 4

What we doBorderGuard Virtual Private Networks EdgeGuard End Point Security

Site to Site

Remote Access

Specialized VPN Applications

Trusted Configuration Management

Scan and Block

Flexible Authentication Service


04/19/23 5

Markets Served

• Banking• Finance • Government• Health Care• Legal• Transportation• 250+ total customers in

37 countries.


04/19/23 6

Differentiated Solutions

• Secure Mobile Computing– Remote Access with PKI Authentication– Endpoint Security Enforcement– Nomadic Secure IP Voice, Video, Data

• Secure Central Management– Service Provider Model– Low Cost, Rapid Deployment– Carrier and Media Agnostic Global Reach

• Ease of Use Without Security Compromise– Enterprise Scale Hardware and Software Systems


04/19/23 7

• BorderGuard™ 5000/6000 VPN Appliances

– Multiple models span mid-range market– Up to 2.2 Gbps AES256 packet encryption– Up to 24,000 simultaneous connections– RSA public-key authentication built-in

FIPS 140-2 certified Common Criteria , EAL2, EAL4+ (in evaluation)

• RemoteLink™• Rapid deployment and mobility features• Supports mobile security for voice, video, data applications• Protocol agnostic• Embedded PKI for strong authentication• Transparent to end-user

Secure Networking Product Portfolio


04/19/23 8

• Management Console– Headless, plug-and-play central management appliance– Easy to use browser-based interaction from any PC– Manages high assurance VPNs

• Site-to-site• Remote access

– Granular administrator role-based administration– Ideal for Unified PKI authentication and full integration with

client’s Active Directory – Instant user revocation with Red List– Detailed audit collection for better management and reporting

• Remote Access Client Software– Windows 2000, XP, XP embedded, Vista and PocketPC– Supports seamless wireless roaming with persistent secure

connection– Easy to install and easy to use– Optimized for X.509 cert based authentication and smartcards

Secure Networking Product Portfolio


04/19/23 9

SessionInitializationParameters

Encryption Level AEncryption Level BEncryption Level B

BorderGuardPublic Key

ClientPrivate Key

BorderGuardPublic Key

ClientPrivate Key

High Assurance Security

01001010 01101101 00101001045311 1001101001010 01101101 001010010110101 10100

100110

Privacy

Audit

Integrity

Authorization

Authentication

PKI

Privacy

Audit

Integrity

Authorization

Authentication

PKI

Mutual Mandatory AuthenticationSE IKE


04/19/23 10

Usability – Active Directory Integration

Log Server

Policy Server

Remote Access

Enterprise

Untrusted Network

Untrusted Network

CRL

OCSP

Active Directory

Using a Common Access Card (CAC) or a Personal Identity Verification (PIV) card, a secure tunnel request is made to BorderGuard VPN appliance

Management Console queries CRL servers for cert path discovery and validation

Management Console queries OCSP responders for cert validation

The Management Console’s Red or Green List allows administrators to block access for any reason

The user authenticates to Active Directory using an end-to-end cryptographic process

No intermediary servers, no additional network access policy data required

** User’s network access is limited until successful Active Directory authentication occurs

Flexible Authentication


04/19/23 11

RemoteLink

Secure Remote Office

• VoIP

• Secure Thin Clients

• Non-Window Devices


04/19/23 12

RemoteLink

RemoteLink™

Mobile

Dynamic configuration via portable token

Software and OS independent

Supports any Ethernet attached devices

Robust protection of user devices

Simple and effective redundancy and scalability

Transparent to end-user applications


04/19/23 13

Secure Virtual Ethernet Service

• Any-to-any, full mesh, enterprise connectivity• 100% end-to-end security• Unicast and Multicast• Any wired or wireless networks;

– DSL, Cable Modem, T1, etc.– Cell wireless, satellite, WiMax

• Any Data applications and Protocols• Any VoIP applications• Any IP Video applications• Anywhere on the globe


04/19/23 14

SVES Deployment

Regional Office

Branch OfficeRemote workstation

EnterpriseHQ

SVES creates a complete end to end private and secure network on the global Internet.

Internet

Enterprise

Remote workstation


04/19/23 15

Secure IntranetsLogical Full MeshLogical Full Mesh Among All Sites Among All Sites


04/19/23 16

Secure Extranets

Only Only connectivity connectivity

to/fromto/fromcentral site central site resourcesresources

No connectivity among remote sitesNo connectivity among remote sites

Trusted Framework forPolicy Enforcement, Admission Control, and Complianceof Microsoft Windows Fixed and Mobile Workstations

EdgeGuard™


04/19/23 18

EdgeGuard Security Framework

EdgeGuard Management SystemM

alw

are

Pro

tect

ion

EdgeGuard Agent Security Framework

NA

P /

NA

C

App

licat

ion

3

App

licat

ion

N

The EdgeGuard Security Framework enables multiple

applications

Trust System

NetLockRegistryLockFileLock OPSWAT

Stateful Workflow ControlProcessLock

TPM

Server Application:Windows Server 2003SQL Server 2005

Client Application:Windows XP SP2Windows Vista

Near real-time visibility and

manageability


04/19/23 19

Example EdgeGuard Applications

• NAP/NAC– EGA provides Posture Assessment for client systems– Continuous assessment, enforcement and remediation off-net

• Enhanced Policy Enforcement for Endpoints– Application Control– Red List – unstartable applications– Green List – unstoppable applications

• Trusted Enclaves for Process Containment– TEs may contain User Apps and System Services– Highly effective defense against malware– Not HIPS


04/19/23 20

EdgeGuard Deployment

Log Retrieval Server

Policy Distribution ServerRemote workstation

Enterprise EdgeGuard allows continuous Posture Assessment through signed policy files and signed audit logs

Untrusted Network

EdgeGuardManagementConsole

Disk Encryption On

Service Pack Updated

Personal Firewall On

DAT File Updated

Anti-Virus On

StatusEdgeGuard Policy

Remediation Site

Disk Encryption On

Service Pack Updated

Personal Firewall On

DAT File Updated

Anti-Virus On

StatusEdgeGuard Policy

EdgeGuard Agent


04/19/23 21

Policy Examples• End-point Security Management

– Ensures that third-party security products like anti-virus, personal firewall, disk encryption, etc. are executing and have up to date policy.

– Provides quarantined access for remediation like anti-virus update or patch management.

– Prevents Red-listed programs from executing.– Ensures that Green-listed programs are executing.– Provides trusted push of scripts and executables for zero-day attack remediation.

• Trusted Configuration Management– Protects selected registry hives from alteration.– Prevents alteration of specified DLLs or data files.

• Device Management and Access Control– Enforces which network interfaces may be used and in which networks.– Controls what networks or hosts may be accessed and from where.– May be used to limit the use of writable storage media such as USB storage devices or

CD-Ws.• Authentication Management

– Ensures that the client system has successfully authenticated to specified enterprise systems like Active Directory prior to allowing network access.

– Can enforce arbitrary pre and post connection authentication chains.

Note: Any policy can be conditioned upon “location”.


Point of Contacts

Country Manager

Zhahid Mushtaq Richard Gurdak

Email [email protected] [email protected]

Phone 453 5955 703.631.0700

Web www.cominfosystems.com www.blueridgenetworks.com

Address Anum Classics Mezzanine Floor Shahrahe Faisal Karachi

14120 Parke Long Court, Suite 103 Chantilly, Virginia 20151


04/19/23 23

Thank You

blue ridge networks / com info systems

Documents