Mike RogersDirector of Development, Reflection 2007Deploying Reflection for IBM 2007 for Maximum Security

Agenda• Goals of secure deployment• Deployment preparation walkthrough

– Securing of data stream– Limiting user capabilities– Preventing unauthorized configurations and macros– Protecting sensitive data– Preparing your workstation installation

• Strategic future directions• Where to get more information• Q & A

Deployment PreparationWalkthrough

Security Considerations

5

Secure D

eployment

6

Securing the Data Stream

• Goals– Protect sensitive data from being transmitted in “the

clear.”– Utilize strong certificate-based authentication methods.– Use ELF for sign on to IBM Mainframes.

• Tools– Security Configuration in Reflection for IBM 2007– Reflection Certificate Manager

• Results– Configuration files that will be deployed to end-users

7

Limiting User Capabilities

• Goals– Prevent users from reconfiguring key configuration values.– Hide product functions from users.

• Tools– Access Configuration Utility– Ribbon UI Designer

• Results– Access Security Configuration Files– UI Configuration Files– Capability of elevating to Administrator on end-user PCs

8

Preventing Unauthorized Configurations and Macros

• Goals– Prevent users from running “uncontrolled” macros.– Allow users to only connect to hosts you want them to.– Centrally manage macros and configuration files.

• Tools– Trusted Locations Configuration User-Interface

• Results– Application Configuration File

9

Protecting Sensitive Data

• Goals– Prevent users from capturing sensitive data on the

clipboard, to the printer, and to other applications such as Microsoft Office.

– Allow users to capture pertinent non-sensitive data while masking sensitive data.

– Define custom data patterns that are deemed sensitive.• Tools

– Privacy Filters• Results

– Application Configuration File

10

Preparing Your Workstation Installation

• Goals– Create an pre-configured installation that can be used for a

group of users.– Pre-package configuration data, macros and other files

with the product installation.– Deliver data into “best practice” locations on the PC.

• Tools– Reflection Customization Tool

• Results– Microsoft Installer Transform File– Companion Installer(s) for configuration data and user data

Future Directions

12

Future Directions

• Communication Security– Continued Support for Emerging Industry Standards and

Certifications.• Information Privacy

– Filtering of on-screen data– Masking of user-input

• Configuration and Macro Security– Signed macros and session files

• Platform Integration– Microsoft Group Policy Support

13

Where to get more information• Reflection for IBM 2007 product page:

http://www.attachmate.com/en-US/Products/Host+Connectivity/Terminal+Emulation/Reflection/ribm/ribm.htm

• Reflection for IBM 2007 evaluation version download page:

• http://www.attachmate.com/en-US/Evals/ribm/eval-form.htm

• Reflection for IBM 2007 technical specification: http://www.attachmate.com/en-US/Products/Host+Connectivity/Terminal+Emulation/Reflection/ribm/tech-specs.htm

14

Where to get more information (continued)

• Reflection for IBM 2007 Evaluation Guide: http://www.attachmate.com/docs/Reflection/2007/R1/Eval/R2007EvalGuide.pdf

• Bryan Grunow, lead software engineer, Bryan.Grunow@attachmate.com

• Kris Lall, product manager, kris.lall@attachmate.com

• Damon Dreke, product marketing manager, Damon.Dreke@attachmate.com

Q & A