Secure VidyoConferencing
|
|
- Derek Warner
- 6 years ago
- Views:
Transcription
1 Protecting your communications November 2015 ABSTRACT: Vidyo provides a platform that delivers unparalleled ease of use and high quality visual communications. Ease of use, however, does not mean security is compromised. The Vidyo platform was architected with hardened security features that allows participants to comfortably communicate securely.
2 Table of Contents A holistic approach to secured communication... 3 Security by design... 3 User login and database security... 4 Signaling Encryption... 5 Media Encryption... 5 Component Authentication (spoof prevention) & Session Security... 5 Component Access and Malware Protection... 6 Secure Firewall Traversal... 6 Fig 1: Firewall with UDP Port Range Opened... 6 Fig 2: Firewall with UDP Ports Closed... 7 Fig 3: Firewall with explicit IP-to-IP rules for communication between VidyoRouters... 7 Virtual Meeting Room Access... 8 Conclusion... 8 Frequently Asked Questions Resources Vidyo
3 A holistic approach to secured communication Vidyo has made visual communications both ubiquitous and affordable with its revolutionary platform that leverages patented VidyoRouter technology and Scalable Video Coding (SVC), enabling end users to participate in high quality Vidyo conferences from just about anywhere using standard broadband Internet connections. While this approach affords great flexibility in access and endpoints, we also recognize the importance of protecting sensitive information transmitted over this medium from would-be hackers with malicious intent. This document provides an overview of the features of our secure VidyoConferencing TM option, designed to guard the integrity of your network and keep your communication and private information safe. More than just encryption User authentication/ login Component authentication Component access protection Database protection Password protection Signaling encryption Media encryption Secure firewall traversal Key Security Features AES-128 bit media encryption FIPS cryptographic libraries Secure HTTPS login utilizing industry standard PKI TLS 1.0 and 1.2 using strong encryption ciphers for signaling Password hashing in database Component blocking for spoof prevention Hardened Linux-based appliances for component access control Optional firewall traversal using built-in VidyoProxy software or explicit IP-to-IP firewall traversal using networked VidyoRouter deployment Encrypted token technology for session security No login information retained on the client Graphic indication for encrypted calls on the call screen Security by design Security starts with sound processes. Vidyo has a Security Council that meets regularly to review and update the security policies and processes associated with Vidyo s offerings, and review potential threats and issues to drive security related requirements into the product and its development, delivery and maintenance processes. This council includes representatives from Vidyo s product management, development, QA, customer support, and sales engineering organizations. These individuals also act as security related liaisons within their respective organizations to ensure implementation of the policies and processes set by the Security Council, and bring back relevant feedback and knowledge accumulated within their organizations. Vidyo s Product Management team considers security related implications for every proposed product modification. Vidyo uses resources such as NIST National Security Database, MITRE, OWASP, etc. to monitor third party software provider vulnerabilities and updates prior to 3
4 their inclusion in Vidyo products. The Software Development team also performs regular code reviews to identify potential security vulnerabilities. Vidyo s Quality Assurance team utilizes industry-leading security scanning tools such as Tenable s Nessus, Rapid 7 s Nexpose, and a host of open-source OWASP tools. Vidyo also uses the third party Qualys SSL Labs utility to help qualify that its server-based solutions meet the high level of security targeted. User login and database security Protecting the login process from eavesdroppers and hackers is fundamental to securing the VidyoConferencing system. Vidyo protects this process by establishing a critical front line of defense in a similar manner to the way access to online banking is secured using TLS. Vidyo infrastructure supports using industry standard Public Key Infrastructure, whereby each component can be issued a digital certificate by a trusted third party certifying authority. This allows endpoints to verify the identity of a VidyoPortal as well preventing malicious users from eavesdropping on communication. With TLS security enabled, the VidyoPortal automatically establishes an encrypted HTTPS channel with each Vidyo endpoint or web administration user that attempts to access the system. Before transmitting any login information, the Vidyo endpoint or web browser validates the certificate of the VidyoPortal and verifies that it was issued by a trusted third party certifying authority. Once certificate verification is completed, login and password information is transmitted securely to the VidyoPortal over the same encrypted HTTPS channel. Visual indication that the connection is secure is provided to the end user as a lock icon in their web browser or Vidyo client. For HTTPS connections, the ciphers and key exchange method used are dependent on what the end user s browser can support, however Vidyo infrastructure components will prefer to use the strongest available ciphers and will reject use of known weak ciphers. To safeguard user login credentials, no login information is retained by the Vidyo soft clients. Password information is always hashed and salted using PBKDF2 in the database. Password policies can be enabled on the VidyoPortal to 1) prompt a user to change their password after period of inactivity, or 2) lock out the account after a specified number of failed login attempts. For organizations that use an external database for user account management, LDAP and Active Directory are supported. When LDAP / AD are utilized no passwords are stored within the VidyoPortal. Additionally, password policies are supported via LDAP integration with the corporate directory system (such as Microsoft Active Directory, Oracle, Novell, etc.) Users can be also be authenticated using SAML. The VidyoPortal acts as a service provider and can authenticate users via external SAML 2.0 identity providers. Depending on deployment topology, this may be an ideal method to authenticate users when the VidyoPortal is public facing but the user database is not. Leveraging SAML provides a secure way to authenticate users while keeping the user database behind the firewall. 4
5 The admin has complete control to set passwords at all levels including changing the default passwords for the VidyoConferencing servers. This is the first step recommended in commissioning any VidyoConferencing system. All web administration pages can be configured to use HTTPS and, starting with VidyoConferencing 3.0, all management applications can be moved to the Management Interface (a second NIC on the Vidyo server), allowing for segregation of management and production traffic. This prevents the escalation of privileges in the event that the user level web user interface is compromised. In addition to admin access via the web, as mentioned above, the Vidyo servers have console access for system configuration. Access to the console is password protected and only available via direct physical connection or via SSH access. The administrative accounts can be authenticated against the internal database or the server can be configured to off load authentication via RADIUS. Signaling Encryption Signaling is the way different components within the Vidyo architecture communicate with one another. Protecting the information that is passed in this machine-to-machine communication from would-be hackers is important for securing the network. The secure VidyoConferencing option leverages AES encryption over TLS for Vidyo endpoint and server communications with certificate support. Vidyo supports Elliptical Curve Diffe- Hellman (ECDH), Diffe-Hellman (DH) or RSA for key exchanges. The media encryption keys are also negotiated over this secure connection and are then used to encrypt the RTP media traffic. Media Encryption With the secure VidyoConferencing system option enabled, Vidyo employs AES encryption over SRTP for audio, video and shared content. This helps protect the content of your Vidyo conferences from being intercepted and decoded without your knowledge. Chat messages are transmitted over the secure signaling link when enabled and also use AES when the secure VidyoConferencing option is included. A set of keys is used for each form of media and each leg of the Vidyo conference. With media encryption enabled for the system, a single VidyoRouter is able to support up to 100 concurrent HD 1080p connections; significantly more capacity than MCU s costing 5 to 10 times as much. Component Authentication (spoof prevention) & Session Security Spoofing refers to a tactic used by hackers to steal the identity of a trusted component of a network in order to gain access. Vidyo prevents spoofing through a rigorous component authentication scheme. Each Vidyo machine in a network has a unique identifier that is communicated to the VidyoPortal over a secure link and is otherwise not accessible. New components added to the network go to the VidyoPortal for configuration. If the VidyoPortal doesn t have a configuration defined for that machine s specific ID, the machine is blocked from joining the network until the administrator accepts the new ID and 5
6 manually configures the component. On the client side, a unique token used to authenticate the endpoint to the VidyoPortal in lieu of the password. Component Access and Malware Protection The Vidyo infrastructure components are all Linux based and available as virtual appliances running on VMware or physical appliances running on standard Intel based servers. To help prevent hackers from accessing the server software itself, Vidyo leverages the security features of Linux while hardening the system by closing all ports and services that are not relevant or used and disabling access to the underlying system. Vidyo server components and VidyoRoom endpoints are locked down appliances or virtual appliances, allowing only Vidyo signed and validated software to be applied onto the system thus preventing malicious content from being introduced into the network. Secure Firewall Traversal Depending on the specific deployment model, Vidyo provides optional methods of secure firewall traversal, enabling organizations to leverage the public network to provide connectivity for end users outside of the firewall without compromising the integrity of the private network or requiring additional expensive equipment. For implementations where the necessary range of UDP ports are opened on the company network, the Vidyo endpoints uses industry standard ICE/STUN to negotiate UDP ports directly with the VidyoRouter. These same protocols are employed for NAT traversal. Fig 1: Firewall with UDP Port Range Opened For implementations where the UDP ports are closed on the company network, Vidyo s proxy solution overcomes these blocking issues in a secure fashion by tunneling on port 443 using industry standard TLS. The Vidyo endpoint is able to auto-detect if firewall blocking is taking place and automatically switch to Vidyo s proxy configuration as needed. If the firewall configuration is known, auto-detection can be easily overridden. VidyoProxy client software module is embedded with the Vidyo endpoint application and the VidyoProxy server software module is embedded with the VidyoRouter application. The same proxy client and server software modules are also able to traverse Web Proxies, enabling the Vidyo deployment to fully integrate with existing web proxy devices and follow established policies rather than working around them. 6
7 Fig 2: Firewall with UDP Ports Closed For deployments where multiple VidyoRouters are networked together, a single low cost VidyoRouter can be position on each side of the firewall. The combination of the robust component authentication described in the Component Authentication (spoof prevention) & Session Security section of this document and a set of explicit IP-to-IP rules on the firewall enable the VidyoRouters to communicate securely with one another without the performance impact that tunneling on port 443 may have and without compromising the security of the private network. Using this approach, it becomes easy to keep on premise Vidyo endpoints on the corporate network, behind the firewall, without sacrificing performance or accessibility to the public network, and without adding cost to deployment. Fig 3: Firewall with explicit IP-to-IP rules for communication between VidyoRouters Regardless of whether an organization deploys a DMZ, VPN or other network topology, Vidyo provides cost-effective firewall traversal solutions that integrate with the topology and extend the reach of your video communications infrastructure beyond the private network securely. 7
8 The VidyoConferencing architecture is designed to be deployed in a modular and flexible manner. This allows different components to deployed on different network segments affording the ability adhere to strict network security policies. Virtual Meeting Room Access All Vidyo endpoints connect through the VidyoRouter and are not directly accessible from another endpoint. Even on public networks, Vidyo endpoints are therefore protected from unauthorized direct access through an IP address. The VidyoRouter architecture inherently provides the endpoint with a layer of security from third party hacking and voyeurism with built-in technology for spoof prevention, such as: encrypted token technology for session security, HTTPS with certificate support on login and TLS with certification for signaling, as mentioned previously in this document. No matter what Vidyo endpoint you utilize, your Vidyo meeting room is the core of your virtual office. Just like with a physical office, you may want to have an open-door policy for your Vidyo meeting room where anyone with an account on your VidyoPortal can drop in any time, or you may wish to close the door to your Vidyo meeting room. Vidyo affords you the flexibility to do both. If you prefer open door, you need not do anything. If you wish to control access, you have the ability to define a PIN for your room and share it only with the people that you want to have access to your room. When unauthenticated users join a meeting, they are identified as guests in the participant list so all participants know when to not discuss sensitive topics. Every user has the ability to change their hashed hyperlink to their personal meeting space as frequently as desired. In addition to the personal virtual meeting room, Vidyo also supports a one time use meeting room for scheduled meetings. When a meeting is scheduled a new meeting room is created with unique guest link, PIN code, and meeting ID. The one time meeting room eliminates conflicts between two disparate meetings taking place in the same meeting room. This is yet another level of security to provide control of sensitive information and make meetings more convenient. You also have moderation controls over your virtual meeting room when conferences are in session. As the meeting room owner you are also the moderator and, as the moderator you have advanced capabilities. This includes the ability to lock the meeting room preventing new participants from joining your meeting room. You can also control each participant s ability to send audio and video by using the mute buttons or you can disconnect anyone from the call with a simple click of a button. If desired, meeting rooms can be configured with a waiting room capability which prevents participants from seeing or hearing each other until the moderator joins the call. Conclusion Securing customer communications and private information without inhibiting the value and capability of the collaboration solution is a priority for Vidyo. With security in mind at the design stage of every new product developed, and a process in place for continuous monitoring, qualification and action to address new and emerging security threats, Vidyo delivers a visual collaboration platform that leverages industry standard and proven technologies with the goal of securing its users communications and private information. 8
9 For more information about Communications refer to the documentation located at or or contact your Vidyo sales representative or Vidyo Support. 9
10 Frequently Asked Questions Question 1 Question 2 Question 3 Does Vidyo perform security audits on its Vidyo servers and VidyoRoom solutions? Yes. Vidyo runs internal security scanners against its systems prior to software release. These internal scanners include Nexpose (Rapid7), Nessus (Tenable) and various OWASP tools. In addition, the external SSL Labs utility (Qualys) is run against Vidyo server components. Vidyo continuously evaluates new tools in this space to ensure that systems are tested with the utmost rigor. Vidyo periodically utilizes third parties to audit our products. Does Vidyo have any security certifications/compliance? Versions of VidyoPortal, VidyoRouter, VidyoGateway, VidyoRoom and VidyoDesktop have been tested and achieved JITC certification. Vidyo is now an approved vendor on the United States Department of Defense s Approved Products List (APL). What are the steps Vidyo takes to make sure that their Vidyo infrastructure components appliances are protected from hackers and virus attacks? The Vidyo infrastructure components are all Linux based. To prevent hackers from accessing the boxes themselves, Vidyo leverages the security features of Linux while hardening the box by closing all ports and services that are not used and disabling access to the underlying system without valid administrator credentials. Vidyo infrastructure components and VidyoRoom endpoints are locked down appliances with the goal of enabling only Vidyo validated software to be applied onto the system, preventing malicious content from being introduced into the network. Question 4 Question 5 Vidyo also works with customers to ensure they deploy their systems in a secure manner - for example, using firewalls, NAT's and management interfaces. How does Vidyo check that Vidyo infrastructure components and VidyoRoom systems are up to date with third party software security fixes? Vidyo has a multi-discipline Security Council that regularly monitors the latest vulnerabilities for the third party software elements used in the Vidyo solution and determines whether a particular Security Update is needed. Some resources that are monitored include Apache, Ubuntu Security Notices, NIST National Security Database, MITRE, OWASP, etc. Security patches are issued in a timely manner and all patches are rolled into the following system release. What is Vidyo s strategy when a security breach is identified in the 10
11 Question 6 Question 7 Question 8 code or in a 3rd party library that is used by Vidyo? When a potential security vulnerability is identified (whether it is within Vidyo's software or a third-party library), our Security Council immediately assesses the exploitability, impact and severity of the vulnerability. Based on these criteria, if/when it determines that it is appropriate Vidyo will: Issue a Security Bulletin with steps to mitigate the vulnerability and/or Issue a Security Update that permanently patches the vulnerability. Which SSL/TLS versions are supported or have been forced? Vidyo products support the following (in order of preference): TLS 1.2 TLS 1.1 TLS 1.0 Note: For Vidyo-to-Vidyo component communications, TLS is always used. For security reasons Vidyo no longer supports SSL 3.0. Does Vidyo use HTTPS connections for all infrastructure components and VidyoRoom systems? All web administration pages in Vidyo s infrastructure can be configured to use HTTPS. Does Vidyo have the ability to limit access to the Vidyo server appliances administrative functions to authorized network addresses only? As of VidyoPortal 3.0, all Management applications can be moved to the Management Interface (a second NIC on the VidyoPortal, VidyoRouter and VidyoGateway). This allows for segregation of Management and Production traffic. Customers can restrict access to the Management Network via ACL's on their firewalls, routers or switches. 11
12 Resources Find more information about the VidyoWorks platform and the Vidyo products described in this paper by using the links listed below. Vidyo Vidyo web site: Vidyo Support Center: Vidyo Resources (White Papers, Case Studies, Data Sheets, etc.): 12
13 Vidyo, Inc. (Corporate Headquarters) 433 Hackensack Ave., Hackensack, NJ 07601, USA Tel: Toll-free: EMEA +33 (0) APAC INDIA Vidyo, Inc. All rights reserved. Vidyo and other trademarks used herein are trademarks or registered trademarks of Vidyo, Inc. or their respective owners. All specifications subject to change without notice, system specifics may vary. Vidyo products are covered by one or more issued and/or pending US or foreign patents or patent applications. Visit for more information. Rev:
Secure enterprise meeting solution for team collaboration
Secure enterprise meeting solution for team collaboration VidyoConnect TM VidyoConnect : Secure enterprise TM : Secure meeting Embedded solution Video for team Communications collaboration Table of Contents
More informationSecure Embedded Video Communications
Secure Embedded Video Communications Table of Contents About the vidyo.io Service Secured Communication Security by Design Threat and Vulnerability Management Signaling Encryption Media Encryption Connecting
More informationThe Vidyo Conferencing Portfolio. Everything you need for HD video conferencing with incredible quality, reach and savings
The Vidyo Conferencing Portfolio Everything you need for HD video conferencing with incredible quality, reach and savings The Vidyo difference Vidyo is the leader in personal telepresence. We unlock the
More informationServices Description for VidyoCloud Services
Services Description for VidyoCloud Services March 2017 Vidyo, Inc. 433 Hackensack Ave Hackensack, NJ 07601 Table of Contents DESCRIPTION FOR VIDYOCLOUD SERVICES 3 SUBSCRIPTIONS 3 TEAM PLAN & ENTERPRISE
More informationVidyo Hosted Services Description for VidyoCloud Services
Vidyo Hosted Services Description for VidyoCloud Services June 2016 Vidyo, Inc. 433 Hackensack Ave Hackensack, NJ 07601 Table of Contents VIDYO HOSTED SERVICES DESCRIPTION FOR VIDYOCLOUD SERVICES 3 SUBSCRIPTIONS
More informationSafeguarding Cardholder Account Data
Safeguarding Cardholder Account Data Attachmate Safeguarding Cardholder Account Data CONTENTS The Twelve PCI Requirements... 1 How Reflection Handles Your Host-Centric Security Issues... 2 The Reflection
More informationGoogle Cloud Platform: Customer Responsibility Matrix. December 2018
Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationVidyoGateway. Administrator Guide. Product Version Document Version A February, 2017
VidyoGateway Administrator Guide Product Version 3.5.1 Document Version A February, 2017 2017 Vidyo, Inc. all rights reserved. Vidyo s technology is covered by one or more issued or pending United States
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationGoogle Cloud Platform: Customer Responsibility Matrix. April 2017
Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder
More informationSecurity in Bomgar Remote Support
Security in Bomgar Remote Support 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their
More informationWHITEPAPER. Security overview. podio.com
WHITEPAPER Security overview Podio security White Paper 2 Podio, a cloud service brought to you by Citrix, provides a secure collaborative work platform for team and project management. Podio features
More informationIBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights
IBM Secure Proxy Advanced edge security for your multienterprise data exchanges Highlights Enables trusted businessto-business transactions and data exchange Protects your brand reputation by reducing
More informationIBM SmartCloud Notes Security
IBM Software White Paper September 2014 IBM SmartCloud Notes Security 2 IBM SmartCloud Notes Security Contents 3 Introduction 3 Service Access 4 People, Processes, and Compliance 5 Service Security IBM
More informationCloud Security Whitepaper
Cloud Security Whitepaper Sep, 2018 1. Product Overview 3 2. Personally identifiable information (PII) 3 Using Lookback without saving any PII 3 3. Security and privacy policy 4 4. Personnel security 4
More informationINCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.
INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS Protect Critical Enterprise Applications and Cardholder Information with Enterprise Application Access Scope and Audience This guide is for
More informationVNC SDK security whitepaper
VNC Connect security whitepaper VNC SDK security whitepaper Version 1.2 Contents Introduction... 3 Security architecture... 4 Cloud infrastructure... 5 Client security... 7 Development procedures... 8
More informationIntegrating VoIP Phones and IP PBX s with VidyoGateway
Integrating VoIP Phones and IP PBX s with VidyoGateway Updated February 2011 INDEX: I. ABSTRACT.1 II. III. IV. VIDYOGATEWAY OVERVIEW.. 1 NETWORK TOPOLOGIES AND DEFINITIONS...2 CONNECTING TO VIDYOCONFERENCES
More informationHikCentral V.1.1.x for Windows Hardening Guide
HikCentral V.1.1.x for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1 Strict Password Policy... 2 1.2 Turn Off Windows Remote
More informationTECHNICAL NOTE Vidyo Server Security Update 18 for VidyoPortal, VidyoRouter, and VidyoGateway VIDYO
TECHNICAL NOTE Vidyo Server Security Update 18 for VidyoPortal, VidyoRouter, and VidyoGateway www.vidyo.com 1.866.99.VIDYO 2018 Vidyo, Inc. all rights reserved. Vidyo s technology is covered by one or
More informationPCI DSS and VNC Connect
VNC Connect security whitepaper PCI DSS and VNC Connect Version 1.2 VNC Connect security whitepaper Contents What is PCI DSS?... 3 How does VNC Connect enable PCI compliance?... 4 Build and maintain a
More informationWHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System
AirGap The Technology That Makes Isla a Powerful Web Malware Isolation System Introduction Web browsers have become a primary target for cyber attacks on the enterprise. If you think about it, it makes
More informationHikCentral V1.3 for Windows Hardening Guide
HikCentral V1.3 for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1Strict Password Policy... 2 1.2Turn Off Windows Remote
More informationVidyoConferencing. Administrator Guide. Product Version Document Version A April, 2017
VidyoConferencing Administrator Guide Product Version 3.4.6 Document Version A April, 2017 2017 Vidyo, Inc. all rights reserved. Vidyo s technology is covered by one or more issued or pending United States
More informationPolycom RealPresence Access Director System
Release Notes Polycom RealPresence Access Director System 4.0 June 2014 3725-78700-001D Polycom announces the release of the Polycom RealPresence Access Director system, version 4.0. This document provides
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationNIST Revision 2: Guide to Industrial Control Systems (ICS) Security
NIST 800-82 Revision 2: Guide to Industrial Control Systems (ICS) Security How CyberArk can help meet the unique security requirements of Industrial Control Systems Table of Contents Executive Summary
More informationSECURITY PRACTICES OVERVIEW
SECURITY PRACTICES OVERVIEW 2018 Helcim Inc. Copyright 2006-2018 Helcim Inc. All Rights Reserved. The Helcim name and logo are trademarks of Helcim Inc. P a g e 1 Our Security at a Glance About Helcim
More informationSecurity Guide Zoom Video Communications Inc.
Zoom unifies cloud video conferencing, simple online meetings, group messaging, and a softwaredefined conference room solution into one easy-to-use platform. Zoom offers the best video, audio, and wireless
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationSimple and Powerful Security for PCI DSS
Simple and Powerful Security for PCI DSS The regulations AccessEnforcer helps check off your list. Most merchants think they are too small to be targeted by hackers. In fact, their small size makes them
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationSecurity Architecture
Security Architecture RDX s top priority is to safeguard our customers sensitive information. Introduction RDX understands that our customers have turned over the keys to their sensitive data stores to
More informationVidyoWorks Integrated Vidyo Enabled Applications
Integrated Vidyo Enabled Applications Ben Pinkerton April, 2014 ABSTRACT: The VidyoWorks software platform enables you to embed point-to-point and interactive multi-point video, audio, and collaboration
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationTIBCO Cloud Integration Security Overview
TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationSecuring CS-MARS C H A P T E R
C H A P T E R 4 Securing CS-MARS A Security Information Management (SIM) system can contain a tremendous amount of sensitive information. This is because it receives event logs from security systems throughout
More informationPRACTICAL NETWORK DEFENSE VERSION 1
PRACTICAL NETWORK DEFENSE VERSION 1 The world s premiere online practical network defense course elearnsecurity has been chosen by students in over 140 countries in the world and by leading organizations
More informationTECHNOLOGY Introduction The Difference Protection at the End Points Security made Simple
APPGATE TECHNOLOGY UNIFIED TECHNOLOGY Introduction The AppGate solution truly delivers holistic security and access control where other approaches fall short. It is designed to address the security and
More informationMigrationWiz Security Overview
MigrationWiz Security Overview Table of Contents Introduction... 2 Overview... 2 Shared Security Approach... 2 Customer Best Practices... 2 Application Security... 4 Data Security and Handling... 4 Database
More informationHySecure Quick Start Guide. HySecure 5.0
HySecure Quick Start Guide HySecure 5.0 Last Updated: 25 May 2017 2012-2017 Propalms Technologies Private Limited. All rights reserved. The information contained in this document represents the current
More informationBeOn Security Cybersecurity for Critical Communications Systems
WHITEPAPER BeOn Security Cybersecurity for Critical Communications Systems Peter Monnes System Design Engineer Harris Corporation harris.com #harriscorp TABLE OF CONTENTS BeOn Security... 3 Summary...
More informationDesigning Workspace of the Future for the Mobile Worker
Designing Workspace of the Future for the Mobile Worker Paulo Jorge Correia Technical Solutions Architect Building Business Value Enable mobile workers and BYOD Locate and access remote experts Collaborate
More informationTestBraindump. Latest test braindump, braindump actual test
TestBraindump http://www.testbraindump.com Latest test braindump, braindump actual test Exam : CS0-001 Title : CompTIA Cybersecurity Analyst (CySA+) Exam Vendor : CompTIA Version : DEMO Get Latest & Valid
More informationVidyo Server for WebRTC. Administrator Guide
Vidyo Server for WebRTC Administrator Guide Product Version 3.2 Document Version A April, 2016 TABLE OF CONTENTS Overview... 1 Understanding the Configuration Procedure... 1 1. Using Vidyo Server for WebRTC
More informationepldt Web Builder Security March 2017
epldt Web Builder Security March 2017 TABLE OF CONTENTS Overview... 4 Application Security... 5 Security Elements... 5 User & Role Management... 5 User / Reseller Hierarchy Management... 5 User Authentication
More informationVidyoDesktop. Installation and User Guide
VidyoDesktop Installation and User Guide Product Version 3.6 Document Version C July, 2016 2016 Vidyo, Inc. All rights reserved. Vidyo s technology is covered by one or more issued or pending United States
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationPrecisionAccess Trusted Access Control
Data Sheet PrecisionAccess Trusted Access Control Defeats Cyber Attacks Credential Theft: Integrated MFA defeats credential theft. Server Exploitation: Server isolation defeats server exploitation. Compromised
More informationPND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access
The World s Premier Online Practical Network Defense course PND at a glance: Self-paced, online, flexible access 1500+ interactive slides (PDF, HTML5 and Flash) 5+ hours of video material 10 virtual labs
More informationMulti-Layered Security Framework for Metro-Scale Wi-Fi Networks
Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks A Security Whitepaper January, 2004 Photo courtesy of NASA Image exchange. Image use in no way implies endorsement by NASA of any of the
More informationVidyoConferencing VidyoGateway Operation Guide
VidyoConferencing VidyoGateway Operation Guide Version 2.0.4 Table of Contents 1 Document Overview 2 Definitions 5 Network Topologies 6 Setup Overview 7 VidyoGateway Configuration 17 Dialing Summaries
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationCIP Security Pull Model from the Implementation Standpoint
CIP Security Pull Model from the Implementation Standpoint Jack Visoky Security Architect and Sr. Project Engineer Rockwell Automation Joakim Wiberg Team Manager Technology and Platforms HMS Industrial
More informationHP Instant Support Enterprise Edition (ISEE) Security overview
HP Instant Support Enterprise Edition (ISEE) Security overview Advanced Configuration A.03.50 Mike Brandon Interex 03 / 30, 2004 2003 Hewlett-Packard Development Company, L.P. The information contained
More informationSecure Access & SWIFT Customer Security Controls Framework
Secure Access & SWIFT Customer Security Controls Framework SWIFT Financial Messaging Services SWIFT is the world s leading provider of secure financial messaging services. Their services are used and trusted
More informationENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE
ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE INTRODUCTION In line with commercial industry standards, the data center used by EndNote employs a dedicated security team to protect our
More informationSecurity in the Privileged Remote Access Appliance
Security in the Privileged Remote Access Appliance 2003-2018 BeyondTrust, Inc. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust, Inc. Other trademarks are the property
More informationActifio Data Security
Actifio Tech Brief Actifio Data Security All components of Actifio Copy Data Virtualization have been designed from the ground up with security in mind and the IP interfaces as traditional attack vectors
More informationSteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)
Internet Communications Made Safe SteelGate Overview SteelGate Overview SteelGate is a high-performance VPN firewall appliance that Prevent Eliminate threats & attacks at the perimeter Stop unauthorized
More informationSecurity for SIP-based VoIP Communications Solutions
Tomorrow Starts Today Security for SIP-based VoIP Communications Solutions Enterprises and small to medium-sized businesses (SMBs) are exposed to potentially debilitating cyber attacks and exploitation
More informationPolycom RealPresence Access Director System
Release Notes 3.1.1 April 2014 3725-78700-001C1 Polycom RealPresence Access Director System Polycom announces the release of the Polycom RealPresence Access Director system, version 3.1.1. This document
More informationInstalling and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.
Installing and Configuring VMware Identity Manager Connector 2018.8.1.0 (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationSecurity: The Key to Affordable Unmanned Aircraft Systems
AN INTEL COMPANY Security: The Key to Affordable Unmanned Aircraft Systems By Alex Wilson, Director of Business Development, Aerospace and Defense WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY
More informationTotal Security Management PCI DSS Compliance Guide
Total Security Management PCI DSS Guide The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations to help protect the security of credit card holders. These regulations apply to
More informationCourse overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)
Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience
More informationSecurity Fundamentals for your Privileged Account Security Deployment
Security Fundamentals for your Privileged Account Security Deployment February 2016 Copyright 1999-2016 CyberArk Software Ltd. All rights reserved. CAVSEC-PASSF-0216 Compromising privileged accounts is
More informationSecurity Specification
Security Specification Security Specification Table of contents 1. Overview 2. Zero-knowledge cryptosystem a. The master password b. Secure user authentication c. Host-proof hosting d. Two-factor authentication
More informationExam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo
Exam : 642-565 Title : Security Solutions for Systems Engineers(SSSE) Version : Demo 1. SomeCompany, Ltd. wants to implement the the PCI Data Security Standard to protect sensitive cardholder information.
More informationVidyo Software Maintenance Policy
Vidyo Software Maintenance Policy March, 2014 Doc. Rev A 2014 Vidyo, Inc. all rights reserved. Vidyo s technology is covered by one or more issued or pending United States patents, as more fully detailed
More informationPCI DSS and the VNC SDK
RealVNC Limited 2016. 1 What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) compliance is mandated by many major credit card companies, including Visa, MasterCard, American Express,
More informationLayer Security White Paper
Layer Security White Paper Content PEOPLE SECURITY PRODUCT SECURITY CLOUD & NETWORK INFRASTRUCTURE SECURITY RISK MANAGEMENT PHYSICAL SECURITY BUSINESS CONTINUITY & DISASTER RECOVERY VENDOR SECURITY SECURITY
More informationInterCall Virtual Environments and Webcasting
InterCall Virtual Environments and Webcasting Security, High Availability and Scalability Overview 1. Security 1.1. Policy and Procedures The InterCall VE ( Virtual Environments ) and Webcast Event IT
More informationFirewalls for Secure Unified Communications
Firewalls for Secure Unified Communications Positioning Guide 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 12 Firewall protection for call control
More informationSECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA
SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA CTO Office www.digi.me another Engineering Briefing digi.me keeping your data secure at all times ALL YOUR DATA IN ONE PLACE TO SHARE WITH PEOPLE WHO
More informationRecommendations for Device Provisioning Security
Internet Telephony Services Providers Association Recommendations for Device Provisioning Security Version 2 May 2017 Contact: team@itspa.org.uk Contents Summary... 3 Introduction... 3 Risks... 4 Automatic
More informationPCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity
Kaspersky Enterprise Cybersecurity Kaspersky Endpoint Security v3.2 Mapping 3.2 regulates many technical security requirements and settings for systems operating with credit card data. Sub-points 1.4,
More informationSECURE DATA EXCHANGE
POLICY-DRIVEN SOLUTIONS FOR SECURE DATA EXCHANGE Sending and receiving data is a fundamental part of daily business for nearly every organization. Companies need to share financial transaction details,
More informationAPPLICATION & INFRASTRUCTURE SECURITY CONTROLS
APPLICATION & INFRASTRUCTURE SECURITY CONTROLS ON THE KINVEY PLATFORM APPLICATION KINVEY PLATFORM SERVICES END-TO-END APPLICATION & INFRASTRUCTURE SERCURITY CONTROLS ENTERPRISE DATA & IDENTITY 2015 Kinvey,
More informationSecuring Access to Network Devices
Securing Access to Network s Data Track Technology October, 2003 A corporate information security strategy will not be effective unless IT administrative services are protected through processes that safeguard
More informationForeScout Extended Module for Carbon Black
ForeScout Extended Module for Carbon Black Version 1.0 Table of Contents About the Carbon Black Integration... 4 Advanced Threat Detection with the IOC Scanner Plugin... 4 Use Cases... 5 Carbon Black Agent
More informationHIPAA Regulatory Compliance
Secure Access Solutions & HIPAA Regulatory Compliance Privacy in the Healthcare Industry Privacy has always been a high priority in the health profession. However, since the implementation of the Health
More informationWhite paper. Combatant command (COCOM) next-generation security architecture
Combatant command () next-generation security architecture using NSA Suite B Table of Contents Combatant command () next-generation security architecture using NSA Suite B NSA Commercial Solution for Classified
More informationPractical Network Defense Labs
Practical Network Defense Labs ABOUT This document showcases my practical hands-on engagements in the elearnsecurity HERA labs environment for the Network Defense Professional certification course. I utilized
More informationRelease Notes. VidyoDesktop. for Windows and Mac. Anchor Version (17) June, 2015 Doc. Rev A
Release Notes VidyoDesktop for Windows and Mac Anchor Version 3.5.2 (17) June, 2015 Doc. Rev A 2015 Vidyo, Inc. all rights reserved. Vidyo s technology is covered by one or more issued or pending United
More informationSecurity context. Technology. Solution highlights
Code42 CrashPlan Security Code42 CrashPlan provides continuous, automatic desktop and laptop backup. Our layered approach to security exceeds industry best practices and fulfills the enterprise need for
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationhidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION
HID ActivOne USER FRIENDLY STRONG AUTHENTICATION We understand IT security is one of the TOUGHEST business challenges today. HID Global is your trusted partner in the fight against data breach due to misused
More informationUnleash the Power of Secure, Real-Time Collaboration
White Paper Unleash the Power of Secure, Real-Time Collaboration This paper includes security information for Cisco WebEx Meeting Center, Cisco WebEx Training Center, Cisco WebEx Support Center and Cisco
More informationThe Nasuni Security Model
White Paper Nasuni enterprise file services ensures unstructured data security and privacy, enabling IT organizations to safely leverage cloud storage while meeting stringent governance and compliance
More informationCrash course in Azure Active Directory
Crash course in Azure Active Directory Crash course in Azure Active Directory Competing today requires a focus on digital transformation and empowering everyone to be creative and work together securely.
More informationOracle Communications Services Gatekeeper
Oracle Communications Services Gatekeeper Security Guide Release 5.1 E36134-01 June 2013 Oracle Communications Services Gatekeeper Security Guide, Release 5.1 E36134-01 Copyright 2011, 2013, Oracle and/or
More informationT22 - Industrial Control System Security
T22 - Industrial Control System Security PUBLIC Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 1 Holistic Approach A secure application depends on multiple layers of protection and industrial
More informationGLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More informationIPM Secure Hardening Guidelines
IPM Secure Hardening Guidelines Introduction Due to rapidly increasing Cyber Threats and cyber warfare on Industrial Control System Devices and applications, Eaton recommends following best practices for
More informationREVISED 6 NOVEMBER 2018 COMPONENT DESIGN: UNIFIED ACCESS GATEWAY ARCHITECTURE
REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: UNIFIED ACCESS GATEWAY ARCHITECTURE Table of Contents Component Design: Unified Access Gateway Architecture Design Overview Network Deployment Options Authentication
More information