eduvpn François Kooman
|
|
- Arron Thompson
- 6 years ago
- Views:
Transcription
1 eduvpn François Enschede,
2 Me Software Developer (PHP, C) Freelancer traveling around Europe Used to work for SURFnet Now: lead developer eduvpn / Let s Connect!
3 eduvpn vs Let s Connect Let s Connect is the software project eduvpn is a branded Let s Connect for higher education and research
4 Outline Screenshot Parade Let s Connect! Technology Campus Integration Application Integration Distribution / Federation Future
5 Screenshot Parade
6
7
8
9
10
11 Let s Connect for Windows
12 eduvpn for Windows
13 Let s Connect!
14 What A free software, easy to use VPN service you can host yourself!
15 Let s Connect! Project started 3.5 years ago as eduvpn Initially funded by SURFnet (NL) Now many (international) partners involved: GÉANT, NORDUnet, Vietsch Foundation, DeiC, AARnet, RIPE Community Fund, SIDN Fonds, NLnet, Commons Conservancy Won ISOC Internet Innovation Award 2018!
16 Use Cases Protect against attackers on (insecure) WiFi networks Access (private) networks at your organization or at home
17 Who is this for? NRENs / ISPs Organizations (self hosting) Hacker spaces Individuals Cheaper than buying a VPN subscription! Easy to share with your friends!
18 Let s Connect! FLOSS (Free/Libre Open Source Software) AGPLv3+ Easy to install on everything from 3/month VPS, Raspberry Pi to 128 core bare metal with 10+GBit network Runs on Debian >= 9, Red Hat Enterprise Linux/CentOS >= 7, Fedora >= 25 Web interface for users and administrators Guest Usage Native Applications (also FLOSS) Privacy by Design & Default! Survived two source code security audits to date
19 Audits 2017 Radically Open Security (ROS) 2018 Radboud University, Nijmegen, The Netherlands
20 Privacy Does not log originating IP address (default) Does log VPN IP + connection time, removed after 30 days (default) You can find a user using the IP that was reported (abuse) together with the time of the incident With eduvpn we only know a persistent identifier of the user, have to ask SURFconext for actual user identity Can block the user without knowing the identity of the user
21 Trust (I/II) You need to trust 1) Your device (laptop, smartphone) 2) WiFi network / ethernet 3) ISP 4) The service you are using
22 Trust (II/II) VPN helps if you don t trust 2 and/or 3 ISP provides insecure crappy modem ISP is recording metadata/monitoring everything, for fun and profit! Sometimes you trust 2 and/or 3 more than your VPN provider! Too many stories of untrustworthy VPN providers... If you don t trust 1 and/or 4, it is game over Your Android phone last received a security update in March 2016 Tinder doesn t encrypt pictures, leaks swiping behavior If you use Facebook or Google, oh well...
23 Technology
24 Technology OpenVPN OpenVPN >= 2.4 Most secure configuration OAuth 2.0 Bearer tokens with Public Key Cryptography
25 OpenVPN Why? Audited (openvpn-nl) Works over TCP (port 443) Easy to setup Turns out not so easy to set up correctly Available everywhere ( ) Easy integration with ACLs, 2FA,
26 OpenVPN Configuration disasters SELinux Network (Adaptive) Compression Verifying 2FA / ACL MTU ios
27 OpenVPN We want unmodified OpenVPN clients to work with Let s Connect! We want unmodified OpenVPN server to work with Let s Connect!
28 OpenVPN We want to use normal way of running OpenVPN on Linux Use systemd for init scripts Work without hard dependency on Let s Connect! Except of course when 2FA/ACL is enabled, we need to verify it somehow!
29 OpenVPN Take care of generating Server configuration CA / certificates Let the OS take care of process management KISS This turned out to be very reliable!
30 Cryptography AES-256-GCM SHA256 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 TLS >= 1.2 TLS Auth / TLS Crypt
31 Network Full IPv6 support Connecting to VPN (and inside VPN) (IPv6) NAT or Public IP addresses
32 Scaling #OpenVPN processes ~= #CPU cores Can quickly become very expensive AES-NI helps a lot not for connection setup, but during active connection Maximum 64 clients per OpenVPN process Bigger Deployments 8 Profiles ~ 4096 IP addresses (concurrent users) 4096 / 64 = 64 OpenVPN processes Start with 8 cores, can easily grow!
33 Architecture Host eduvpn instances for institutes but allow self hosting as well! Easy to scale instances Start with one VM for all instances Allow moving instances without breaking VPNs Dedicated VM Bare metal Raspberry Pi
34 Campus Integration
35 Lightpaths Guaranteed bandwidth to campus from eduvpn server(s) Use organizations (public) IP addresses Use organization packet filter / firewall
36 Authorization ACL on VPN usage Only allow members of (LDAP) group to access certain VPN profiles Supports SURFteams / VOOT as well
37 Application Integration
38 OAuth Protocol (framework) to authorize (native) applications to act on your behalf
39 OAuth 1) Client opens browser with URL of authorization server (AS) 2) AS makes sure user is authenticated, and then prompt for authorization 3) Browser redirects back to client Special URL scheme, localhost, claimed HTTPS URL 4) Client exchanges authorization code for access token 5) Client uses access token to talk to API
40
41
42
43
44 Distribution / Federation
45 Trust Allow establishing trust between multiple Let s Connect! deployments SURFnet runs their server in Amsterdam AARnet runs their server in Perth Users of the server provided by SURFnet can use the VPN provided by AARnet
46 Why? Load balancing Sharing costs for creating a federated/distributed VPN provider network Route around errors on the network when reaching certain destinations Leveraging existing trust networks, e.g. Hacker spaces/communities to create a trusted VPN provider network Allow users choice of VPN server to use (latency, jurisdiction,...)
47 How? Leverage OAuth 2.0 Bearer tokens used for Native Application integration Public Key Signatures over Bearer tokens
48 Flow 1) Application loads list of VPN services part of the federation, i.e. Discovery file 2) Application obtains OAuth Bearer token at their home VPN service 3) Obtained token can be used at all providers part of the federation
49 Discovery
50 Future Target PHP 7.2 Red Hat Enterprise Linux/CentOS 8 Debian 10 (probably Debian 11...) Setup a (distributed) not for profit friends of friends VPN service with Let s Connect as testing ground Look into using WireGuard as a replacement for OpenVPN High(er) level implementation OpenVPN for all platforms (using native VPN APIs) Use better protocol than HTTP(S) between nodes
51 Questions / Discussion François Kooman
52 eva eduvpn Visitor Access SMS eduvpn to or use the apps! Account valid for 2 days (48h)
Configuring OpenVPN on pfsense
Configuring OpenVPN on pfsense Configuring OpenVPN on pfsense Posted by Glenn on Dec 29, 2013 in Networking 0 comments In this article I will go through the configuration of OpenVPN on the pfsense platform.
More informationESP Egocentric Social Platform
ESP Egocentric Social Platform T. J. Purtell, Ian Vo, Monica S. Lam With: Kanak Biscuitwala, Willem Bult, Dan Boneh, Ben Dodson, Steve Fan, and Frank Wang, Global Social Platforms Ideal for Meeting strangers
More informationSecurity Guide Zoom Video Communications Inc.
Zoom unifies cloud video conferencing, simple online meetings, group messaging, and a softwaredefined conference room solution into one easy-to-use platform. Zoom offers the best video, audio, and wireless
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationSingle Sign-On. Introduction
Introduction DeliverySlip seamlessly integrates into your enterprise SSO to give your users total email security and an extra set of robust communications tools. Single sign-on (SSO) systems create a single
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationSecuring MQTT. #javaland
Securing MQTT #javaland 2017 www.bestppt.com INTRODUCTION Dominik Obermaier @dobermai Disclaimer Obligatory Disclaimer: All security suggestions and guidelines in this talk are collected from real-world
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationAccessing CharityMaster data from another location
Accessing CharityMaster data from another location When all of your computers are on the same Local Area Network (LAN), you can place the back end files (including your data and the Word templates) onto
More informationGrandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide
Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide Table of Contents SUPPORTED DEVICES... 5 INTRODUCTION... 6 GWN7000 VPN FEATURE... 7 OPENVPN CONFIGURATION... 8 OpenVPN
More informationCirius Secure Messaging Single Sign-On
Cirius Secure Messaging seamlessly integrates into your enterprise SSO to give your users total email security and an extra set of robust communications tools. Single sign-on (SSO) systems create a single
More informationNGFW Security Management Center
NGFW Security Management Center Release Notes 6.5.3 Revision A Contents About this release on page 2 System requirements on page 2 Build number and checksums on page 4 Compatibility on page 5 New features
More informationProxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking
NETWORK MANAGEMENT II Proxy Servers Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking resources from the other
More informationPersonal Internet Security Basics. Dan Ficker Twin Cities DrupalCamp 2018
Personal Internet Security Basics Dan Ficker Twin Cities DrupalCamp 2018 Overview Security is an aspiration, not a state. Encryption is your friend. Passwords are very important. Make a back-up plan. About
More informationNetScaler for Apps and Desktops CNS-222; 5 Days; Instructor-led
NetScaler for Apps and Desktops CNS-222; 5 Days; Instructor-led Course Description Designed for students with little or no previous NetScaler, NetScaler Gateway or Unified Gateway experience, this course
More informationBYOD Success Kit. Table of Contents. Current state of BYOD in enterprise Checklist for BYOD Success Helpful Pilot Tips
Table of Contents Current state of BYOD in enterprise Checklist for BYOD Success Helpful Pilot Tips 2 Current State of BYOD in the Enterprise Defining BYOD Bring-Your-Own-Device (BYOD): a business practice
More informationNetwork Administrator s Guide
Overview Network Administrator s Guide Beam is a comprehensive Smart Presence system that couples high-end video, high-end audio, and the freedom of mobility for a crisp and immersive, video experience
More informationSingle Sign-On. Introduction. Feature Sheet
Feature Sheet Single Sign-On Introduction CipherPost Pro seamlessly integrates into your enterprise single sign-on (SSO) to give your users total email security and an extra set of robust communications
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationOpenvpn Client Do Not Change Default Gateway
Openvpn Client Do Not Change Default Gateway I currently have a router using OpenVPN in client mode to connect to a host Is it possible to make OpenVPN the default gateway for everyone connected So what
More informationWhy do we really want an ID/locator split anyway?
Why do we really want an ID/locator split anyway? Dave Thaler dthaler@microsoft.com MobiArch 2008 1 Starting from basics Users deal with names, not addresses (esp. in IPv6) Humans need friendly identifiers
More informationBEST PRACTICES FOR PERSONAL Security
BEST PRACTICES FOR PERSONAL Email Security Sometimes it feels that the world of email and internet communication is fraught with dangers: malware, viruses, cyber attacks and so on. There are some simple
More informationGrandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide
Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide Table of Contents INTRODUCTION... 4 SCENARIO OVERVIEW... 5 CONFIGURATION STEPS... 6 Core Site Configuration... 6 Generate Self-Issued Certificate
More informationCloudFleet Documentation
CloudFleet Documentation Release 0.1 The CloudFleet Team Sep 27, 2017 Contents 1 Table of Contents 3 1.1 Getting Started.............................................. 3 1.2 Getting Started for Hackers.......................................
More informationWireless Terminal Emulation Advanced Terminal Session Management (ATSM) Device Management Stay-Linked
Wireless Terminal Emulation Advanced Terminal Session Management (ATSM) Device Management Stay-Linked Secure Communications Stay-Linked Secure Communications Guide Page 1 Rev. 10.0.0 Dated: 04/26/10 Table
More informationSecure Container DME. SecureContainer - DME is available for ios and Android.
Secure Container DME Soliton SecureContainer - DME is a remote access solution enabling employees to securely access corporate data using their mobile devices. Corporate e-mail, calendar, to-do s and other
More informationFor those who might be worried about the down time during Lync Mobility deployment, No there is no down time required
I was trying to find out the Lync Mobility service step by step deployment guide along with the Publishing rule for TMG but couldn't find anywhere except how to install MCX and Auto discovery Service,
More informationThis paper introduces the security policies, practices, and procedures of Lucidchart.
Lucidchart Security Abstract This paper introduces the security policies, practices, and procedures of Lucidchart. The paper lays out the architecture security of this software-as-a-service product. It
More informationG/On. G/On is available for Windows, MacOS and Linux (selected distributions).
G/On Soliton G/On is a remote access solution which establishes connections between a remote device and application servers inside an organisations network. A secure gateway is used to separate the remote
More informationAdministering Jive Mobile Apps
Administering Jive Mobile Apps Contents 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios... 3 Custom App Wrapping for ios... 4 Native App Caching: Android...4 Native App
More informationThe Current State of OAuth 2. Aaron Open Source Bridge Portland, June 2011
The Current State of OAuth 2 Aaron Parecki Open Source Bridge Portland, June 2011 A Brief History Before OAuth aka the Dark Ages If a third party wanted access to an account, you d give them your password.
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationopenid connect all the things
openid connect all the things @pquerna CTO, ScaleFT CoreOS Fest 2017-2017-07-01 Problem - More Client Devices per-human - Many Cloud Accounts - More Apps: yay k8s - More Distributed Teams - VPNs aren
More informationProviding Secure, Fast and Available
Providing Secure, Fast and Available SharePoint with F5 BIG-IP John Lee, Federal Systems Engineer Version 3.0 Rate Shaping TCP Express SSL Caching XML Compression OneConnect TCP Express ASM Web Accel 3
More informationThe specifications and information in this document are subject to change without notice. Companies, names, and data used
WEBADM PUBLISHING PROXY The specifications and information in this document are subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted.
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationVMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway
VMware AirWatch Content Gateway for Linux VMware Workspace ONE UEM 1811 Unified Access Gateway You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationFederated login to native applications
Federated login to native applications The right way Author: S. Veeke Version: 1.0 Date: 22-04-2016 Moreelsepark 48 3511 EP Utrecht The Netherlands PO Box 19035 3501 DA Utrecht The Netherlands +31 (0)
More informationTutorial: Building the Services Ecosystem
Tutorial: Building the Services Ecosystem GlobusWorld 2018 Steve Tuecke tuecke@globus.org What is a services ecosystem? Anybody can build services with secure REST APIs App Globus Transfer Your Service
More informationUnlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.
Unlocking Office 365 without a password How to Secure Access to Your Business Information in the Cloud without needing to remember another password. Introduction It is highly likely that if you have downloaded
More informationCloud Native Security. OpenShift Commons Briefing
Cloud Native Security OpenShift Commons Briefing Amir Sharif Co-Founder amir@aporeto.com Cloud Native Applications Challenge Security Change Frequency x 10x 100x 1,000x Legacy (Pets) Servers VMs Cloud
More informationQualys SAML & Microsoft Active Directory Federation Services Integration
Qualys SAML & Microsoft Active Directory Federation Services Integration Microsoft Active Directory Federation Services (ADFS) is currently supported for authentication. The Qualys ADFS integration must
More informationTLS 1.1 Security fixes and TLS extensions RFC4346
F5 Networks, Inc 2 SSL1 and SSL2 Created by Netscape and contained significant flaws SSL3 Created by Netscape to address SSL2 flaws TLS 1.0 Standardized SSL3 with almost no changes RFC2246 TLS 1.1 Security
More informationArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith
ArcGIS Enterprise Security: An Introduction Gregory Ponto & Jeff Smith Agenda ArcGIS Enterprise Security Model Portal for ArcGIS Authentication Authorization Building the Enterprise Encryption Collaboration
More informationBIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 13.1
BIG-IP Access Policy Manager : Authentication and Single Sign-On Version 13.1 Table of Contents Table of Contents Authentication Concepts... 15 About AAA server support... 15 About AAA high availability
More informationWhere s my DNS? Sara Dickinson IDS 2. Where s my DNS?
Sara Dickinson sara@sinodun.com Stub to recursive The DNS protocol is evolving DoT: DNS-over-TLS DoH: DNS-over-HTTPS (WIP) DoT RFC7858 standard May 2016 Implemented to-date in standard open source DNS
More information/****************************************************************************\ DAS Release for Solaris, Linux, and Windows
/****************************************************************************\ DAS Release 3.0.0 for Solaris, Linux, and Windows Copyright 1991-2012 Information Security Corp. All rights reserved. This
More informationCampus Wi-Fi. Set up access to eduroam: the University Wi-Fi network
Campus Wi-Fi Set up access to eduroam: the University Wi-Fi network Contents Before you get online... 2 Using eduroam... 3 Connect a phone/tablet... 3 Connect a PC/laptop... 4 Troubleshooting... 6 Help
More informationAC750 Dual Band WiFi Router
Performance & Use AC750 WiFi - speeds up to 300+450Mbps Simultaneous dual band reduces interference Upgrade your WiFi to support new AC devices Up to 3x faster than 802.11n Compatible with 802.11ac laptop
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationedusafe Network Func2on Virtualiza2on lite Lightning
edusafe Network Func2on Virtualiza2on lite Lightning Talk @NTW2015 Brian Bach Mortensen, NORDUnet Challenges TradiAonally a lot of focus have been on catering large science users with Big Pipes Core network
More informationInterCall Virtual Environments and Webcasting
InterCall Virtual Environments and Webcasting Security, High Availability and Scalability Overview 1. Security 1.1. Policy and Procedures The InterCall VE ( Virtual Environments ) and Webcast Event IT
More informationSetup PureVPN Windows Software
Setup PureVPN Windows Software Here s everything you need to know about PureVPN s Windows software. You can follow this page to learn everything about PureVPN Windows software. Things to consider: Before
More informationRadius, LDAP, Radius, Kerberos used in Authenticating Users
CSCD 303 Lecture 5 Fall 2018 Radius, LDAP, Radius, Kerberos used in Authenticating Users Kerberos Authentication and Authorization Previously Said that identification, authentication and authorization
More informationSecuring ArcGIS Services
Federal GIS Conference 2014 February 10 11, 2014 Washington DC Securing ArcGIS Services James Cardona Agenda Security in the context of ArcGIS for Server Background concepts Access Securing web services
More informationHow to Secure SSH with Google Two-Factor Authentication
How to Secure SSH with Google Two-Factor Authentication WELL, SINCE IT IS QUITE COMPLEX TO SET UP, WE VE DECIDED TO DEDICATE A WHOLE BLOG TO THAT PARTICULAR STEP! A few weeks ago we took a look at how
More informationNew methods to protect the network. Deeper visibility with Cisco NGFW Next Generation Firewall
New methods to protect the network. Deeper visibility with Cisco NGFW Next Generation Firewall Claudiu Onisoru, Senior Network Specialist Cisco Connect - 15 May 2014 1 Agenda Frontal Communication: Who
More informationFIVE REASONS YOU SHOULD RUN CONTAINERS ON BARE METAL, NOT VMS
WHITE PAPER FIVE REASONS YOU SHOULD RUN CONTAINERS ON BARE METAL, NOT VMS Over the past 15 years, server virtualization has become the preferred method of application deployment in the enterprise datacenter.
More informationPureVPN's OpenVPN Setup Guide for pfsense (2.3.2)
PureVPN's OpenVPN Setup Guide for pfsense (2.3.2) pfsense is an open source firewall and router that is available completely free of cost. It offers load balancing, unified threat management along with
More informationRKN 2015 Application Layer Short Summary
RKN 2015 Application Layer Short Summary HTTP standard version now: 1.1 (former 1.0 HTTP /2.0 in draft form, already used HTTP Requests Headers and body counterpart: answer Safe methods (requests): GET,
More informationAbout DPI-SSL. About DPI-SSL. Functionality. Deployment Scenarios
DPI-SSL About DPI-SSL Configuring Client DPI-SSL Settings Configuring Server DPI-SSL Settings About DPI-SSL About DPI-SSL Functionality Deployment Scenarios Customizing DPI-SSL Connections per Appliance
More informationGoogle Identity Services for work
INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new
More informationOperating system hardening
Operating system Comp Sci 3600 Security Outline 1 2 3 4 5 6 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications
More informationUSER MANUAL. VIA IT Deployment Guide for Firmware 2.3 MODEL: P/N: Rev 7.
USER MANUAL MODEL: VIA IT Deployment Guide for Firmware 2.3 P/N: 2900-300631 Rev 7 www.kramerav.com Contents 1 Introduction 1 1.1 User Experience 2 1.2 Pre-Deployment Planning 2 2 Connectivity 3 2.1 Network
More informationHTTPS is Fast and Hassle-free with Cloudflare
HTTPS is Fast and Hassle-free with Cloudflare 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com In the past, organizations had to choose between performance and security when encrypting their
More informationNSG100 Nebula Cloud Managed Security Gateway
Managed Security Gateway The Zyxel Nebula Cloud Managed Security Gateway is built with remote management and ironclad security for organizations with growing numbers of distributed sites. With the extensive
More informationLECTURE WK4 NETWORKING
LECTURE WK4 NETWORKING Workbook and Quiz Workbook o Due in WK5 o Must hand in a hard copy to the tutor as well as an online submission Quiz o In the practical class o 30mins to complete the quiz o Short,
More informationAll-in one security for large and medium-sized businesses.
All-in one security for large and medium-sized businesses www.entensys.com sales@entensys.com Overview UserGate UTM provides firewall, intrusion detection, anti-malware, spam and content filtering, and
More informationContents. Configuring SSH 1
Contents Configuring SSH 1 Overview 1 How SSH works 1 SSH authentication methods 2 SSH support for Suite B 3 FIPS compliance 3 Configuring the device as an SSH server 4 SSH server configuration task list
More informationHow-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018
How-to Guide: Tenable.io for Microsoft Azure Last Updated: November 16, 2018 Table of Contents How-to Guide: Tenable.io for Microsoft Azure 1 Introduction 3 Auditing the Microsoft Azure Cloud Environment
More informationHySecure Quick Start Guide. HySecure 5.0
HySecure Quick Start Guide HySecure 5.0 Last Updated: 25 May 2017 2012-2017 Propalms Technologies Private Limited. All rights reserved. The information contained in this document represents the current
More informationDemonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions. Andrei Costin
Demonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions Topic Prerequisites Security concepts Security-related concepts (e.g., entropy) Virtualization
More informationDelivering Large Scale WebRTC. Richard Tworek Principal WebRTC Strategies Twitter: rmtworek. WebRTC STRATEGIES 11/25/2013
11/25/2013 1 Delivering Large Scale WebRTC Richard Tworek Principal WebRTC Strategies rtworek@webrtcstrategies.com Twitter: rmtworek 11/25/2013 WebRTC STRATEGIES 2 Panelists Michal Raz Vice President,
More informationNSG50/100/200 Nebula Cloud Managed Security Gateway
NSG50/100/200 Managed The Zyxel Managed is built with remote management and ironclad security for organizations with growing numbers of distributed sites. With the extensive suite of security features
More informationVMware AirWatch Content Gateway Guide for Linux For Linux
VMware AirWatch Content Gateway Guide for Linux For Linux Workspace ONE UEM v9.7 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
More informationSystem Requirements. Network Administrator Guide
System Requirements Network Administrator Guide 1 Beam Network Administrator Guide Suitable Technologies, Inc. May 2018 Beam is a comprehensive Presence System that couples high-end video, high-end audio,
More informationVMware Identity Manager vidm 2.7
RSA SECURID ACCESS Standard Agent Implementation Guide VMware Daniel R. Pintal, RSA Partner Engineering Last Modified: August 19, 2016 Solution Summary VMware Identity
More informationHow-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018
How-to Guide: Tenable Nessus for Microsoft Azure Last Updated: April 03, 2018 Table of Contents How-to Guide: Tenable Nessus for Microsoft Azure 1 Introduction 3 Auditing the Microsoft Azure Cloud Environment
More informationIf you re a Facebook marketer, you re likely always looking for ways to
Chapter 1: Custom Apps for Fan Page Timelines In This Chapter Using apps for Facebook marketing Extending the Facebook experience Discovering iframes, Application Pages, and Canvas Pages Finding out what
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : 642-504 Title : Securing Networks with Cisco Routers and Switches Vendors
More informationCYBER RISK CONSULTING. Smartphone Security Issues
CYBER RISK CONSULTING Blackhat Briefings Europe 2004 Smartphone Security Issues May 2004 Luc DELPHA Maliha RASHID 1. Introduction Why smartphones? Functionalities Operating Systems Supported Connectivity
More informationThis release of the product includes these new features that have been added since NGFW 5.5.
Release Notes Revision B McAfee Next Generation Firewall 5.7.4 Contents About this release New features Enhancements Known limitations Resolved issues System requirements Installation instructions Upgrade
More informationBeBanjo Infrastructure and Security Overview
BeBanjo Infrastructure and Security Overview Can you trust Software-as-a-Service (SaaS) to run your business? Is your data safe in the cloud? At BeBanjo, we firmly believe that SaaS delivers great benefits
More informationtcpcrypt: real transport-level encryption Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford.
tcpcrypt: real transport-level encryption Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford. What would it take to encrypt the vast majority of TCP traffic? Performance
More informationPrinterOn Security Discussion Paper Enterprise Edition. PrinterOn Enterprise security framework-in depth
PrinterOn Security Discussion Paper Enterprise Edition PrinterOn Enterprise security framework-in depth Contents Contents ii Executive Summary 1 Glossary 2 PrinterOn Overview 2 PrinterOn Architecture 3
More informationAlcatel OmniAccess 200 Series
Alcatel OmniAccess Alcatel OmniAccess 200 Series Security Appliance The corporate enterprise s most valued asset is mission critical data whether it is accessed by only a few or many thousands of employees.
More informationIPv6 at Google. Lorenzo Colitti
IPv6 at Google Lorenzo Colitti lorenzo@google.com Why? IPv4 address space predictions (G. Huston) To put it into perspective... Iljitsch van Beijnum, Ars Technica Why IPv6? Cost Buying addresses will be
More informationREMOTE ACCESS SSL BROWSER & CLIENT
REMOTE ACCESS SSL BROWSER & CLIENT Course 4001 1 SSL SSL - Comprised of Two Components Browser Clientless Access SSL Client SSL Browser SSL Client 2 SSL Remote Access Key Features! Part of GTA s remote
More informationEtanova Enterprise Solutions
Etanova Enterprise Solutions Networking» 2018-02-24 http://www.etanova.com/technologies/networking Contents HTTP Web Servers... 6 Apache HTTPD Web Server... 6 Internet Information Services (IIS)... 6 Nginx
More informationSecuring VMware NSX-T J U N E 2018
Securing VMware NSX-T J U N E 2018 Securing VMware NSX Table of Contents Executive Summary...2 NSX-T Traffic [Control, Management, and Data]...3 NSX Manager:...7 NSX Controllers:...9 NSX Edge:...10 NSX-T
More informationVPN Solutions for Zerto Virtual Replication to Azure. IPSec Configuration Guide
VPN Solutions for Zerto Virtual Replication to Azure IPSec Configuration Guide VERSION 1.0 AUGUST 2017 Table of Contents 1. Overview... 2 1.1 Use Cases... 2 2. Proofs of Concept and Lab Usage... 2 2.1
More informationPULSE CONNECT SECURE APPCONNECT
PULSE CONNECT SECURE APPCONNECT A Micro VPN That Allows Specific Applications on Mobile Devices to Independently Leverage the Connect Secure Gateway Product Release 8.1 Document Revision 1.0 Published:
More informationSECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA
SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA CTO Office www.digi.me another Engineering Briefing digi.me keeping your data secure at all times ALL YOUR DATA IN ONE PLACE TO SHARE WITH PEOPLE WHO
More informationSAP Security in a Hybrid World. Kiran Kola
SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal
More informationOn the Internet, nobody knows you re a dog.
On the Internet, nobody knows you re a dog. THREATS TO DISTRIBUTED APPLICATIONS 1 Jane Q. Public Big Bank client s How do I know I am connecting to my bank? server s Maybe an attacker...... sends you phishing
More informationMaking life simpler for remote and mobile workers
: Technology GoToMyPC Technology Making life simpler for remote and mobile workers Learn why GoToMyPC is the most secure, cost-effective and easy-to-use solution for providing remote access to the desktop.
More informationADFS integration with Ibistic Commerce Platform A walkthrough of the feature and basic configuration
IBISTIC TECHNOLOGIES ADFS integration with Ibistic Commerce Platform A walkthrough of the feature and basic configuration Magnus Akselvoll 19/02/2014 Change log 26/06/2012 Initial document 19/02/2014 Added
More informationGood Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy
Good Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy SESSION ID: CSV-W01 Bryan D. Payne Director of Security Research Nebula @bdpsecurity Cloud Security Today Cloud has lots of momentum
More informationCisco Wide Area Application Services (WAAS) Mobile
Cisco Wide Area Application Services (WAAS) Mobile Product Overview Cisco Wide Area Application Services (WAAS) Mobile extends Cisco WAAS Software application acceleration benefits to mobile employees
More informationTechnical Overview. Version March 2018 Author: Vittorio Bertola
Technical Overview Version 1.2.3 26 March 2018 Author: Vittorio Bertola vittorio.bertola@open-xchange.com This document is copyrighted by its authors and is released under a CC-BY-ND-3.0 license, which
More information