comforte_Encryption_Suite.qxp_comforte_Encryption_Suite 29.10.17 13:33 Seite 1
comForte´scomforte’s encryptionencryptio nsuite suite
ProtectProtect passwords passwords andand confidentialconfidential applicationapplication data data on on HP HP NonStopE Nonsto psystems systems
SSecurCSecurCS Se SecurTNcurTN Se SecurFTPcurFTP Sec SecurLiburLib Secu SecurSHrSH Secu SecurPrintrPrint communication is our Forte comforte_Encryption_Suite.qxp_comforte_Encryption_Suite 29.10.17 13:33 Seite 2
Overview
comForte offers a rich set of products The following diagram shows all products All our products take advantage of the most depending on the protocol you want to together. This diagram may look confusing widely used and accepted security protocols: encrypt. Even for a single protocol (such at first glance, but we do believe that our Depending on the product, connections are as Telnet) we offer different solutions rich set of products allows us to tailor our secured either via SSL (Secure Sockets Layer, depending on your requirements. solutions according to the customers’ now standardized by the IETF as Transport requirements rather than according to our Layer Security – TLS) or via SSH2 (Secure Shell product set. The purpose of this flyer is to protocol version 2). provide an overview of the different products and to help you find the right solution for All our solutions can restrict access to your your requirements. NonStop system to “encrypted only” and also provide some basic firewall capabilities. comforte_Encryption_Suite.qxp_comforte_Encryption_Suite 29.10.17 13:33 Seite 3
Telnet Encryption
Many organizations are realizing that using Webbrowser access to NonStop 6530 single, integrated product. SecurTN replaces Telnet over a heterogenous TCP/IP network and 3270 applications and services, TELSERV, thereby eliminating the “256 session results in reduced security: all protective delivering them to users both inside only” limit of TELSERV. SecurTN also provides measures such as Safeguard become useless and outside the enterprise. strong client authentication through hardware if passwords can be sniffed from the network tokens and advanced access control as well using simple tools. JPath – instant GUIfication as support for ssh clients. of block mode applications Client Solutions JPath is an extension of J6530 which allows SecurTN light you to automatically add GUI-flavour to SecurTN light is a version of SecurTN with Telnet Encryption using comForte’s your existing block mode screens. reduced functionality. This allows you to 6530 emulators match your requirements to your budget: Telnet Encryption using your SecurTN light provides all the features of All of comForte’s 6530 emulation products existing 6530 emulator SecurTN except for auditing, strong client come with built-in encryption capabilities: authentication and advanced access control. SecurCS Remote Proxy MR-Win6530 – a feature-rich Our remote proxy component allows SecurCS for Telnet Win32 terminal emulation customers to encrypt their Telnet traffic SecurCS for Telnet is our basic solution for MR-Win6530 provides Microsoft Windows while retaining their current terminal encrypting Telnet access. A proxy process users with a powerful yet easy-to-use emulation software. will forward sessions to the TELSERV process emulation package for HP NonStop, IBM thereby transparently encrypting all Telnet or Unix system access, combining out- Solutions for the traffic without the need for any additional standing performance and security with HP NonStop System encryption processes on the NonStop host. unique features specifically designed to Your applications will not see any difference support users of HP NonStop systems. to the environment you are currently using. SecurTN – Secure Telnet Access Server SecurTN provides secure and manageable J6530 – a Java-based 6530 emulator SecurSH high volume Telnet access to applications J6530 is the choice for large user bases: SecurSH implements an ssh terminal daemon running on HP NonStop systems. It combines Usually these users do not need the on the NonStop system allowing full terminal the functionality of a powerful Telnet server full feature set of WIN6530 and central access to the OSS personality using standard with strong authentication, user access control, installation and management is more ssh clients such as PuTTY. It also supports file session encryption and auditing facilities in a important. J6530 provides immediate transfer according to the SFTP over SSH standard.
Secure Client/Server Communication
Encrypting the Telnet data stream is the SecurCS is transparent to your existing environ- SecurLib (not in diagram) first priority when it comes to protecting ment and requires no applications changes. SecurLib allows you to implement complex sensitive data from LAN sniffer attacks. It has been tested with RSC, IBM Websphere cryp-tographic algorithms such as SHA-1, 3DES However, sensitive data is sent across TCP/IP MQ, ODBC, FASTPTCP, CORBA, Pathway iTS, or RSA with only a few lines of code. It also networks by using other products as well. Web-ViewPoint, EXPAND and other protocols. allows to SSL-enable exisiting TCP/IP Remote Server Call (RSC), Open Database We will assist you with the encryption of other applications. Connectivity (ODBC), Websphere MQ and TCP/IP based protocols using SecurCS. other messaging middleware products don’t CSL – Client Server Link come with encryption capabilities. SecurPrint (not in diagram) CSL transparently replaces RSC. Coming with SecurPrint implements the SSL/TLS protocol as built-in SSL and native Java support, CSL focuses SecurCS a plug-in for FASTPTCP, the HP NonStop TCP/IP on security, high throughput and ease of manage- SecurCS provides SSL/TLS encryption capabi- network print process. Printers or print spoolers ability. CSL also enables integration of both legacy lities to these middleware protocols without which do not support the SSL/TLS protocol can and new applications with J2EE environments. any changes to the underlying components. be SSL-enabled using a secure remote proxy or LPD server which is included with the product.
Secure File Transfer
Although FTP is a widely adopted standard SecurFTP comes in two “flavours” supporting MR-Win6530. Finally, using the Remote Proxy for exchanging files across different platforms, either the SSL and SSH encryption standard: component it will also work with FTP clients the standard implementations of FTP have SecurFTP/SSL is based on an extension to the and servers running on other platforms where no encryption capabilities whatsoever. User FTP standard which defines how to add no Secure FTP product is available. This way names, passwords and files are sent across SSL-encryption protocol to FTP. This proposed SecurFTP/SSL is a true any-to-any solution for the network in the clear. new standard is currently discussed in the Secure File Transfer. Internet Engineering Task Force (IETF). SecurFTP SecurFTP/SSH implements the SFTP/SSH SecurFTP provides secure file transfer between SecurFTP/SSL works with existing PC-based standard which is especially popular on NonStop systems and other platforms. It supports solutions for encrypted file transfer such as Unix systems. It will interoperate with any a rich set of platforms and protocols and can be WSFTP-Pro or CuteFTP Pro. SecurFTP/SSL also SSH2 client or daemon which implements integrated in existing FTP environments very easily. interacts with the built-in secure FTP client of the SFTP protocol. comforte_Encryption_Suite.qxp_comforte_Encryption_Suite 29.10.17 13:33 Seite 4 ] t d a t s m r a d
: t r a
c i l b u p [
Professional Services
Consultancy We at comForte have extensive know-how both on network security and the HP Non- Stop platform. Network security is a complex field: while there are many resources available on that topic for the Windows or the Unix platform, very few companies are able to match our combined expertise of network security and the NonStop platform.
Network Security Review We offer a network security review which will look at your HP NonStop system and how it is embedded into your company IP network. Our review will identify potential security weaknesses and explain the best solutions.
Custom development For individual requirements which aren’t covered by our product set as yet, we can provide custom-built solutions. Because we base new components on our existing com- ponents you may be surprised how fast we are able to deliver new functionalities.
comForte provides a wealth of information pertaining its security products:
Product Sheets Articles in The Connection Product Sheets with detailed information comForte has authored various articles in about the individual products are available The Connection, the ITUG magazine: for the following products: “Securing your NSK System” (September/ www.comforte.com/encryption SecurTN October 2001): overview of some generic SecurFTP/SSL security principles and how to apply them SecurFTP/SSH in the NonStop world. SecurCS “NonStop network security” (July/August comforte, Inc., USA SecurLib 2003): describes how network-based phcomForteone +1-30 Inc.,3 25 6USA 6257 SecurSH attacks can be used to attack NonStop usphonesales@c (614)omfor t441e.co 9602m systems and how to counter those attacks. MR-Win6530 “SSL Certificates and PKI in the NonStop cocomFortemforte 21 GGmbH,mbH, GGermanyermany J6530 world – and other worlds” (May/June 2004): phphoneone +4 +499 (0) (0)61 13391 931 9459- 0570 0 JPath sheds some light on the somewhat confusing [email protected] CSL topic of Public Key Infrastructure (PKI). www.comforte.com “Secure File Transfers in Heterogeneous [email protected] Environments” (November/December 2005): www.comforte.com compares various solutions for secure file transfer to/from NonStop systems.
NNonStoponStop is i as trademarka tradem aofr kHewlett-Packard of HPE NonS tDevelopmentop. All othe Company,r tradem L.P.ar kAlls a otherre a ctrademarksknowledg areed acknowledged.. *©20052017 comForte comfor tGmbH.e 21 G Allm rightsbH. A reserved.ll rights reserved.