managing & accelerating xml web services security

S H E E T

Defending Information – Across Time and Space

Information is the life-blood of a company’s business...however, a large percentage of today’s business
documents lay unprotected within databases and file systems, are emailed without any sort of encryption
or find their way to personnel with insufficient access privileges. Information privacy is a major concern
as new methods of conducting business are adopted, such as peer-to-peer, store-and-forward and grid
networks.
D A T A

The extended enterprise is staring at a stark situation of intellectual property theft and uncontrolled
information disclosure unless the necessary steps are taken to lock-down all sensitive information –
across time and space. Information self defense systems are crucial to persistently protect data
across its life-cycle – in-processing, in-transit as well as in-storage.

Forum Systems Inc. develops and markets Content Security Infrastructure that actively guards
data as it moves between and within enterprises – at the origin, during transmission, and after it
™

reaches its destination.

P R E S I D I O
a p p l i a n c e

Forum Systems content security infrastructure addresses:

Trust Management – prevent unauthorized data access, spying, forgery and tampering
Identity Authentication Message Confidentiality
Access Control Payload Integrity

Threat Protection – protection against application and data miss-use and abuse
Intrusion Detection and Prevention Virus Detection
Traffic Management Application Availability
g a t e w a y
F O R U M

Four Business Imperatives Driving Content Security

prevent As more information moves between applications that are not in the immediate control of the originator, it
unauthorized information becomes essential to guarantee that only the intended recipients are given appropriate access privileges to
disclosure during the information – wherever it resides. This means a document that is sent across to a trading partner needs
p g p

collaborative activities to be sealed until the time of processing. Assurances need to be made that information is not only tamper-
proof and confidential during transit but also upon arrival, in-storage and during processing.

guard Collaborative applications using peer-to-peer, store-and-forward or grid networks expose business data to a
sensitive application new and extended group of users – in real-time and across corporate boundaries. Strict enforcement of doc-
interfaces & document ument accessibility goes beyond access control and must include confidentiality across boundaries, auditing
workflows and accountability. Assurances need to be made that access to documents is constantly monitored against
intrusions, attacks and other threats from trusted as well as un-trusted users.

comply
with government initiatives
such as Federal E-SIGN law,
eGov Strategies, HIPPA
and Gramm-Leach-Bliley
Sweeping regulations (corporate and government) to protect the privacy of end-user and client information
require enterprises to take ownership of information security across its lifecycle. All of the industry-specific
regulations are focused on content security and policies that enforce information security across time and
space. Assurance need to be made that information is, at minimum, persistently protected and that best
practices for each of the regulations are systematically enforced.

protect Mobility through laptops and wireless devices can quickly lead to highly sensitive information lying unpro-
data on desktops, applica- tected on hard disks and data stores. Assurances need to be made that information is protected end-to-end
tion servers, databases and and throughout its lifecycle.
mobile devices

w w w . f o r u m s y s t e m s . c o m
 managing & accelerating xml web services security
S H E E T

Document Lifecycle Protection

Business document workflows are one of the weakest links in enterprise information security. A disgruntled
worker or unauthorized contractor can readily duplicate, modify or steal business documents without any
enterprise fail safe mechanisms. In fact, a 2003 CSI / FBI security report stresses that security risks from internal
threats are on the rise with consequences more lethal than external user hacking.

Many organizations are turning to PGP (Pretty Good Privacy) as a means to persistently protect their
mission-critical enterprise documents because of its universality. PGP offers company’s a standards based
D A T A

approach to encrypting and digitally signing documents between business parties. It is becoming a de-facto
standard for secure content exchange offering similar benefits to XML Encryption and S/MIME.

Unfortunately, today’s options for deploying PGP-enabled enterprise applications are anything but pretty –
requiring the development of scripted programs using custom APIs. On top of tedious and repetitive PGP
implementations, organizations are then charged exorbitant and recurring license fees for PGP technology
that is freely available as open source.
™
P R E S I D I O

Bottom line: Using PGP is costly and high maintenance – until Forum Presidio™
a p p l i a n c e

Forum Presidio™ — Revolutionary Plug and Pl ay Gateway Deployment

With Presidio, Forum Systems delivers the world’s first PGP in an Appliance solution that significantly
reduces the Total Cost of Ownership by offering instant secure content exchanges between collaborative
e-business applications.
g a t e w a y

• No special software required on Clients desktops or Servers

• Works with existing FTP Clients and FTP Servers
F O R U M

• No client PGP encryption software required

• Integrated transport proxy support (FTP and SSL/TLS)
p g p

Presidio™ Authenticate

Gateway Appliance Policy Lookup

Encrypt

Decrypt

Key Gen

Sign / Verify

ftp, XML-WS Sec

ssl/tls,
http

standard FTP server standard FTP client

transparently intercepts incoming &

outgoing traffic and applies security
policies

c o m p a n y A
 managing & accelerating xml web services security
S H E E T

Presidio™ Business Benefits

Reduce Overall PGP Costs up to 80% versus Alternatives

• The Presidio™ is license free

• The Presidio™ is easy to manage and deploy
• The Presidio™ is API- and SDK-free
• The Presidio™ is script-free
• The Presidio™ includes a secure document exchange job scheduler
D A T A

Future-Proof Migration to Web Services

• The Presidio™ includes XML Encryption / Decryption

• The Presidio™ includes XML Digital Signatures
• The Presidio™ includes SAML and other Web Services security functionality
™

Immediate Compliance with regulations including: GLB, HIPAA, SEC Books & Records, etc.
P R E S I D I O

• The Presidio™ requires no custom application integration work

a p p l i a n c e

• The Presidio™ operates with any platform, including mainframes

• The Presidio™ provides transaction archiving for audit trails

Advanced Technology and Architecture

• Integrated PGP Key Management reduces IT costs and headaches

• Appliance is application-agnostic and requires no custom APIs or scripting
• Seamless upgrades to comprehensive support XML-WS Security
• Integrated transport protocols (FTP, HTTPS) streamlines deployment
g a t e w a y

• Removes client side software and moves IT toward zero end-user intervention
F O R U M

St a r t D e f e n d i n g A l l Yo u r I n f o r m at i o n To d ay

The Presidio™ is the only secure content exchange solution that provides both PGP data encryption
as well as XML Web Services security, allowing organizations to maintain their current EDI technology
p g p

investments with a migration path to secure XML.

By supporting the full range of XML Web Services Security functionality (Digital Signatures, XML
Encryption, SAML etc.), the Presidio is a future-proof security solution that bridges legacy data to
XML-based Web Services.

Discover how Presidio can save your company time and money while preparing for the future at
www.forumsystems.com

w w w . f o r u m s y s t e m s . c o m
 managing & accelerating xml web services security
S H E E T

Presidio™ Technic al Specific ations

Server Side PGP Encryption Gateway

• Enforcing enterprise policy at the edge of the network automates the security process.
• Transparently intercepts messages for encryption and digital signatures.

Centralized PGP Key Management

• Key generation
• Key import / export
D A T A

• Key deletion
• Key backup and recovery

Transport Protocol Support

• HTTP(S) Proxy with full client- and server-SSL mutual authentication.
• FTP Proxy with local and remote user authentication and access control policies.
™

Logging & Auditing

P R E S I D I O

• XML as well as Non-XML Data Archiving to Oracle, IBM and MySQL.

a p p l i a n c e

• SysLog
• SNMP v2 and v3 with FORUM MIB

XML Security Processing

• Optionally process XML data using XML Web Services Security.
• Security Assertion Markup Language (SAML)
• WS-Security Digital Signatures
• XML Encryption Specification
• XML Validation and XSLT Transformation
g a t e w a y

PGP Algorithms and Interoperability

• RSA, DSA and Diffie-Hellman
F O R U M

• DES, 3DES, CAST-5

• Key size up to 4096
• IETF Standard OpenPGP RFC 2440

PGP Security Operations

p g p

• PGP Encryption / Decryption

• PGP Signature / Signature Verification

Access Control
• Local user authentication at the gateway
• Remote user authentication from the FTP server
• Can disable user@host syntax for tighter control
• LDAP integration

Local Authentication
• Bind keys to users
• Route users based on login to different back end FTP servers

IDP/DOS
• Configure the number of connections per listener
• Configure the timeout per connection

w w w . f o r u m s y s t e m s . c o m