ADMAS Security Gateway
|
|
- Calvin Griffin
- 5 years ago
- Views:
Transcription
1 ADMAS Security Gateway White paper submitted in response to 2006 Annual ITEA Technology Review June 30, 2006 Submitted by: Aberdeen Test Center and ProObject, Inc Ridge Road, Suite 330 Hanover, MD Phone: FAX: Technical POCs: Tim Kitchens Wayne Parker Al Scramlin
2 Abstract The Test and Evaluation community faces a diverse array of embedded instrumentation challenges with respect to data collection, mobile device security and scalability. This white paper will describe how ProObject engineers and the U.S. Army Aberdeen Test Center (ATC) have applied open source Javabased technologies to address these challenges for the Test & Evaluation (T & E) community as well as the serendipitous benefits of the T&E user experience. 1 Introduction The U.S. Army s Aberdeen Test Center (ATC) tests a wide array of military systems including weapons systems, wheeled vehicles and tracked vehicles. In order to support Sensitive But Unclassified (SBU) data collection from equipment located at various testing facilities/ranges and as part of the Army s Versatile Information System On-line Integrated Nationwide (VISION) initiative, ATC deploys a large family of test instrumentation devices known as Advanced Modular Acquisition Systems (ADMAS). These devices form a networked community of embedded instrumentation (EI) devices and client applications. The EI devices communicate over wireless networks which present a set of unique challenges with regard to security, performance and reliability. The client applications are leveraged by test engineers for command and control and real-time monitoring of test configurations and components. Security is both critical and difficult to achieve in such a highly distributed environment. The ADMAS Security Gateway (ASG) project was undertaken specifically to provide a transparent, non-intrusive security solution. By leveraging leading edge open source 1 technologies such as Java, Java Management extensions (JMX), Java Cryptography Architecture (JCA), AspectJ, and Linux, the ASG project team has developed a highly secure, scalable and easy-to-deploy and maintain solution that addresses security while minimizing the impact to existing testing operations (i.e. during product rollout, etc.). This white paper describes the major ASG requirements and the challenges and constraints faced by the ASG project team, as well as the resulting system architecture of the ASG solution. Following this discussion, we will illustrate how the resulting system provides the serendipitous benefit of a greatly enhanced T & E user experience. 2 Requirements Test engineers leverage a variety of client applications to control and monitor distributed instrumentation devices that are deployed to various ranges throughout ATC. Figure 1 partially illustrates the test system architecture prior to deployment of the ASG system. 1 While some of these technologies do not, strictly speaking, meet all open source criteria (such as the type of license associated with the technology), for the purposes of this paper, we will consider them to be open in that their source code is made available.
3 Figure 1: Legacy System Architecture The below provides a brief description of the major components shown in the diagram: Test client application: Represents one of several types of client applications that interact with ADMAS devices for the purpose of command & control (e.g. change configuration settings) and real-time test monitoring. Test Item: Army equipment, such as, tanks, Humvees, generators etc. that are being tested at ATC test ranges and sites. ADMAS Device: Collects and records data from test items, such as vehicles, generators, etc. Data may include values for temperature, geographic location, voltage, etc. The primary objective of the ASG initiative was to provide enhanced security 2 for these ATC test configurations. The major requirements for the ASG project can be categorized into three distinct areas: 2 1. Security Prevent unauthorized network access to ADMAS device capabilities by: requiring user authentication enforcing role-based authorization disabling direct network routes to devices Provide an extensible user authentication architecture that allows for multiple logon For obvious reasons, we will not provide detailed information regarding the security mechanisms in use past, present or future.
4 mechanisms to co-exist (currently 2 mechanisms are required: logon via central authentication source and logon in a remote environment). The solution should also support the ability to easily add new authentication mechanisms in the future. 2. Legacy Integration Provide a non-intrusive security solution which minimizes the impact to existing operations from a client application, device and end user perspective. One implication of this requirement, for example, is that the ASG solution could not require significant changes to the ADMAS device's existing communications protocols and mechanisms. For example, ADMAS devices send messages to clients over UDP, transfer files via FTP and serve up web pages from an embedded web server. 3. Maintenance and Administration Provide remote deployment, administration and system diagnostic capabilities in a highly distributed ATC environment. In addition, the original (pre-asg) system architecture required that test client application users have a priori knowledge of the network addresses of ADMAS devices with which they wished to communicate. Network addresses represent low-level technical system details. Requiring such detailed technical knowledge presents a disadvantage to users of testing applications. The ASG project also sought to remedy this situation in order to improve the test application user's experience and increase user productivity. 3 The Solution 3.1 ASG Overview System Architecture The ASG architecture is based on the concept of a Proxy or Mediator architecture in which the gateway sits between the clients and devices and provides authenticated and authorized access to the command, control and monitoring operations already available on the ADMAS. Figure 2 below depicts the overall system-level view of the ASG.
5 Figure 2: ASG System Architecture The below provides a brief description of the major components shown in the diagram: Central authentication repository: The ASG supports two distinct authentication mechanisms, one of which is a centralized repository. The central repository is the source of user credentials for this mechanism. Test client application: Same as described in previous section except that clients now communicate with ASG Services instead of directly with ADMAS devices. ASG Client API: This is the object-oriented client-side Application Programming Interface (API) provided by the ASG to simplify and encapsulate all client-asg communications. This API is written in Java and is used by test client applications to communicate with ASG Services over the network. ASG Server: Provides the entry point for all communications between test client applications and ADMAS devices. As previously implied, a server acts as a sort of proxy between clients and one or more devices, ensuring that only properly secured communications occur. This is a Linux-based device and all ADMAS devices connect to it via either Ethernet or Firewire. The Server Device and its physically connected ADMAS Devices form a private network ALL communication to and from ADMAS Devices must go through the Server. The Server connects to the public
6 network via a second network interface. ASG Service: This is the hub from a software perspective of the ASG system. It is a custom Java-based software service that runs on every ASG Server. It provides user authentication and authorization for all ADMAS Devices. In addition to serving as a security gateway, it serves as an ADMAS proxy and provides many performancerelated optimizations that are necessary to compensate for the performance degradation that is a natural consequence of adding a communications layer between client applications and ADMAS Devices. Network Interface Filter: This is a local filter that runs aboard every ASG Server device in order to deny public access, other than via the ASG Service's defined interface, to the ASG and its attached ADMAS devices. Test Item: Same as description in previous section. ADMAS Device: Same as description in previous section. Although there are many other design and implementation details such as the software architecture of the ASG Service itself, the above provides a broad overview of the major system components and their relationships to one another Supported Protocols The ASG Client API interacts with ASG Services (and by proxy with the ADMAS devices attached to them) using multiple communications protocols i.e. TCP, UDP and HTTP. The ASG Client API abstracts away the details of the protocol used for any particular ASG Service interaction from the client application developer since this is considered an implementation detail of the ASG solution. Regardless of the protocol used between any two system components, the same authentication and authorization mechanisms are employed Dynamic Discovery As previously stated, prior to the development of the ASG system, users connected to ADMAS devices by providing the network address (i.e. IP address) of the device with which they wanted to communicate. To overcome this limitation, the ASG architecture introduced the notion of dynamic discovery. This discovery occurs at two major points within the system: 1) Between ADMAS devices and ASG Services: When an ADMAS device starts up, it begins broadcasting presence messages onto the ASG-ADMAS private network. The ASG Service is constantly listening for these messages. 2) Between test client applications and ASG Services: When an ASG Service starts up, it begins multicasting (similar to broadcasting) its own presence messages onto the public network (the one to which client applications are connected). The ASG Client API provides the ability for test client applications to register for notification of availability of ASG Services on the network.
7 This is clearly an advantage for both ASG administrators and client application users. Once an ASG is setup, ADMAS devices can be added in a plug and play fashion no ASG reconfiguration is required. From the user s perspective, interacting with realtime test collection resources is greatly simplified since she no longer must track network addresses. The ASG Client API will locate all ASG Services that control ADMAS devices that conform to the user s profile (via the user s profile attributes) and notify the test client application as services appear/disappear on the network The Role of Open Source Technology in the ASG Solution The ASG solution leveraged several open source technologies such as Java, Java Management extensions (JMX), Java Cryptography Architecture (JCA), AspectJ, and Linux to solve some of the ASG challenges presented. For example, Linux provided a highly customizable operating system that allowed tailoring based on the unique ASG requirements. Similarly, the Webmin tool simplified administrative tasks related to the Linux operating system. Java Management extensions (JMX), which is a Java framework developed primarily for administration and monitoring of remote resources, was selected as the core of the ASG clientserver remote communications infrastructure due to its fit with the ASG requirements and its flexibility. For instance, JMX provides many extension points that developers can take advantage of for customization of the framework. The ASG solution also leveraged an Aspect-Oriented Programming (AOP) framework - AspectJ - to mitigate several cross-cutting 3 issues. For example, this framework was applied to transparently handle network reliability issues such as frequently dropped network connections between distributed system components. Each of the selected technologies above fulfilled a specific purpose in solving the unique challenges presented by the ASG requirements. For each major requirement, an open source technology or tool was investigated and selected for incorporation into the overall architecture based on its capability to solve that specific requirement. 4 Lessons in Open Source Technologies Some of the most generally accepted benefits of open source software have to do with the availability of source code and the lack of licensing fees. If the source code is available, it can of course be modified to suit project needs and more easily be used to troubleshoot any issues that are encountered. If there are no licensing fees, cost is not an issue ( up front costs, in any case). However, as the ASG team came to realize, there is also a tremendous benefit to leveraging open source solutions for systems that have unusual or highly custom 3 The term cross-cutting is used in the AOP community to refer to those requirements that apply at multiple points within the system. Common examples would be logging, auditing and authorization.
8 requirements. There are several reasons for this: Best of breed : For any given software problem, there are likely multiple competing tools/implementations on the open source market. This allows the architect to select the implementation that best fulfills the specific requirement. What you need and only what you need: Due to the nature of open source software, implementations tend to be narrowly focused on a particular problem which results in a reduced footprint you get just the tool you need, no more, no less, in most cases. Commercial implementations cannot typically afford to be so narrowly focused for instance, an Aspect- Oriented Programming implementation would not likely be commercially viable. No one solution can solve the problem(s): When a highly domain-specific solution is required as was the case for ASG, there is no one technology or tool that can do the job. Such a specialized set of requirements necessitates the integration of many technologies. As stated above, there is often no commercially available technology and even if there were, the solution and support for the solution would be extremely expensive. Availability of expertise: Commercial tools tend to have a closed community of specialists. For the most part, there is a fairly narrow set of documentation and expertise available on the market. While this is acceptable when one or possibly two major technologies are in play, this does not work well when several are integrated into a solution. Of all the benefits associated with open source technologies, the most important for the ASG solution was the ability to modify the technology implementation to fit the domain-specific nature of the requirements. 5 Conclusion The ASG project team faced many challenges in addressing the highly domain-specific security requirements posed by the ATC environment. These requirements, along with the constraints imposed by the distributed nature of the testing environment, the many mature legacy systems already in place and the need to minimize the impact to existing operations during and after ASG rollout combined to create a formidable task. This paper illustrates how a flexible system architecture, based on open source technologies, can be designed in order to satisfy the requirements and constraints of such a dynamic environment. It also shows that it is possible to add value for the end user when undertaking projects whose primary goal is to solve an infrastructure issue (i.e. security). Not only does the ASG meet the stated goals of the project, but it also simplifies the test engineer s task in many ways, which will enhance productivity in the long run.
Sentinet for Microsoft Azure SENTINET
Sentinet for Microsoft Azure SENTINET Sentinet for Microsoft Azure 1 Contents Introduction... 2 Customer Benefits... 2 Deployment Topologies... 3 Cloud Deployment Model... 3 Hybrid Deployment Model...
More informationBehavior-Based IDS: StealthWatch Overview and Deployment Methodology
Behavior-Based IDS: Overview and Deployment Methodology Lancope 3155 Royal Drive, Building 100 Alpharetta, Georgia 30022 Phone: 770.225.6500 Fax: 770.225.6501 www.lancope.com techinfo@lancope.com Overview
More informationOverview SENTINET 3.1
Overview SENTINET 3.1 Overview 1 Contents Introduction... 2 Customer Benefits... 3 Development and Test... 3 Production and Operations... 4 Architecture... 5 Technology Stack... 7 Features Summary... 7
More informationSailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities
SailPoint IdentityIQ Integration with the BeyondInsight Platform Providing Complete Visibility and Auditing of Identities Table of Contents Executive Summary... 3 Identity and Access Management... 5 BeyondTrust
More informationMulti-Layered Security Framework for Metro-Scale Wi-Fi Networks
Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks A Security Whitepaper January, 2004 Photo courtesy of NASA Image exchange. Image use in no way implies endorsement by NASA of any of the
More informationCIP Security Pull Model from the Implementation Standpoint
CIP Security Pull Model from the Implementation Standpoint Jack Visoky Security Architect and Sr. Project Engineer Rockwell Automation Joakim Wiberg Team Manager Technology and Platforms HMS Industrial
More informationFive Key Considerations When Implementing Secure Remote Access to Your IIoT Machines. Blanch Huang Product Manager
Five Key Considerations When Implementing Secure Remote Access to Your IIoT Machines Blanch Huang Product Manager Abstract Industrial IoT (IIoT) and smart factory trends are redefining today s OEM business
More informationConfiguring Web Cache Services By Using WCCP
CHAPTER 44 Configuring Web Cache Services By Using WCCP This chapter describes how to configure your Catalyst 3560 switch to redirect traffic to wide-area application engines (such as the Cisco Cache Engine
More informationSentinet for Windows Azure VERSION 2.2
Sentinet for Windows Azure VERSION 2.2 Sentinet for Windows Azure 1 Contents Introduction... 2 Customer Benefits... 2 Deployment Topologies... 3 Isolated Deployment Model... 3 Collocated Deployment Model...
More informationUSING BRIDGES, ROUTERS AND GATEWAYS IN DATA ACQUISITION NETWORKS
USING BRIDGES, ROUTERS AND GATEWAYS IN DATA ACQUISITION NETWORKS Tom De Selms JDANS Lead Engineer Veridian Engineering thomas.deselms@veridian.com ABSTRACT Using acquisition networks requires an understanding
More informationIntel Active Management Technology Overview
Chapter 5 Intel Active Management Technology Overview Management is doing things right; leadership is doing the right things. Peter Drucker (1909 2005) As we discussed in the last chapter, Intel Active
More informationCisco ISR G2 Management Overview
Cisco ISR G2 Management Overview Introduction The new Cisco Integrated Services Routers Generation 2 (ISR G2) Family of routers delivers the borderless network that can transform the branch office and
More informationCisco Data Center Network Manager 5.1
Cisco Data Center Network Manager 5.1 Product Overview Modern data centers are becoming increasingly large and complex. New technology architectures such as cloud computing and virtualization are adding
More informationLessons Learned from SD-WAN Deployments on Six Continents. 21 September 2016 Tim Sullivan Co-founder & CEO
Lessons Learned from SD-WAN Deployments on Six Continents 21 September 2016 Tim Sullivan Co-founder & CEO Coevolve s perspective on SD-WAN Coevolve was established in 2014 to drive enterprise adoption
More informationTechnical papers Web caches
Technical papers Web caches Web caches What is a web cache? In their simplest form, web caches store temporary copies of web objects. They are designed primarily to improve the accessibility and availability
More informationARC BRIEF. ISA100 and Wireless Standards Convergence. By Harry Forbes
ARC BRIEF OCTOBER 1, 2010 ISA100 and Wireless Standards Convergence By Harry Forbes ISA100 is one of three standards competing in industrial wireless sensing. What is distinctive about ISA100? What are
More informationTraining UNIFIED SECURITY. Signature based packet analysis
Training UNIFIED SECURITY Signature based packet analysis At the core of its scanning technology, Kerio Control integrates a packet analyzer based on Snort. Snort is an open source IDS/IPS system that
More informationSnort: The World s Most Widely Deployed IPS Technology
Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,
More informationTesting the Performance of Applications Over Wide Area Networks
Testing the Performance of Applications Over Wide Area Networks Today s dispersed workforce requires responsive access to a wide variety of centrally managed applications. IT managers and network administrators
More informationNetMotion Mobility and Microsoft DirectAccess Comparison
Product Comparison and Comparison Guidelines for Comparing and optimizes and secures all traffic to mobile devices across any network, application or operating system. It provides IT with root cause detection
More informationNEW LIFE FOR EMBEDDED SYSTEMS IN THE INTERNET OF THINGS
NEW LIFE FOR EMBEDDED SYSTEMS IN THE INTERNET OF THINGS INNOVATORS START HERE. EXECUTIVE SUMMARY The Internet of Things (IoT) is no longer a fanciful vision. It is very much with us, in everything from
More informationReport. Middleware Proxy: A Request-Driven Messaging Broker For High Volume Data Distribution
CERN-ACC-2013-0237 Wojciech.Sliwinski@cern.ch Report Middleware Proxy: A Request-Driven Messaging Broker For High Volume Data Distribution W. Sliwinski, I. Yastrebov, A. Dworak CERN, Geneva, Switzerland
More informationCisco 5921 Embedded Services Router
Data Sheet Cisco 5921 Embedded Services Router The Cisco 5921 Embedded Services Router (ESR) is a Cisco IOS software router application. It is designed to operate on small, low-power, Linux-based platforms
More informationChallenges of Positive Train Control Interoperability
Challenges of Positive Train Control Interoperability Clark Palmer, Chief Technology Officer Meteorcomm, LLC Address: 1201 SW 7 th Street, Renton, WA 98057 Phone: 253 236 0115 E-Mail:cpalmer@meteorcomm.com
More informationThe SAP Internet Programming Model, Part 1
The SAP Internet Programming Model, Part 1 Since the first SAP ITS-enabled R/3 release (R/3 3.1G), the number of standard Internet Applications Components (IACs) provided by SAP has constantly increased.
More informationCHAPTER 8 FIREWALLS. Firewall Design Principles
CHAPTER 8 FIREWALLS Firewalls can be an effective means of protecting a local system or network of systems from network-based security threats while at the same time affording access to the outside world
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationDeployment Scenarios for Standalone Content Engines
CHAPTER 3 Deployment Scenarios for Standalone Content Engines This chapter introduces some sample scenarios for deploying standalone Content Engines in enterprise and service provider environments. This
More informationSubject: Adhoc Networks
ISSUES IN AD HOC WIRELESS NETWORKS The major issues that affect the design, deployment, & performance of an ad hoc wireless network system are: Medium Access Scheme. Transport Layer Protocol. Routing.
More informationDEPLOYMENT WHITE PAPER.
DEPLOYMENT WHITE PAPER www.seavusprojectviewer.com Deployment Options Seavus Project Viewer provides a wide variety of deployment options: Single User installation is a stand-alone, web downloadable configuration
More informationAxway Validation Authority Suite
Axway Validation Authority Suite PKI safeguards for secure applications Around the world, banks, healthcare organizations, governments, and defense agencies rely on public key infrastructures (PKIs) to
More informationOpenIAM Identity and Access Manager Technical Architecture Overview
OpenIAM Identity and Access Manager Technical Architecture Overview Overview... 3 Architecture... 3 Common Use Case Description... 3 Identity and Access Middleware... 5 Enterprise Service Bus (ESB)...
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationGeolocation and Application Delivery
F5 White Paper Geolocation and Application Delivery The data from geolocation providers offers highly valuable data to a variety of stakeholders and is no longer just for advertising. by Lori MacVittie
More informationLesson Learned CIP Version 5 Transition Program
Lesson Learned CIP Version 5 Transition Program CIP-002-5: BES Cyber Assets Version: December 7, 2015 This document is designed to convey lessons learned from NERC s various CIP version 5 transition activities.
More informationwhite paper SMS Authentication: 10 Things to Know Before You Buy
white paper SMS Authentication: 10 Things to Know Before You Buy SMS Authentication white paper Introduction Delivering instant remote access is no longer just about remote employees. It s about enabling
More informationthe Corba/Java Firewall
Firewall Security for Corba and J2EE/EJB with the IIOP Domain Boundary Controller Corba and Java-RMI based applications can be directly and securely made accessible to users outside the internal network,
More informationAzure Pack is one of Microsoft s most underrated tools.
content provided by sponsored by Making the Most of Azure Pack This free tool can bring an Azure-like environment to a private cloud. Find out what Azure Pack is and why it s useful. BY BRIEN M. POSEY
More informationMigrating Novell ZENworks 7 to Novell ZENworks 10 Configuration Management SP3
Migration Guide ZENWORKS Migrating Novell ZENworks 7 to Novell ZENworks 10 Configuration Management SP3 Migrating Novell ZENworks 7 to Novell SP3 Table of Contents: 2..... Your Guide to Easy Migration
More informationIdentify the features of network and client operating systems (Windows, NetWare, Linux, Mac OS)
Course Outline Network+ Duration: 5 days (30 hours) Learning Objectives: Install and configure a network card Define the concepts of network layers Understand and implement the TCP/IP protocol Install
More informationJeppesen Solution Integrator Overview DOCUMENT VERSION 1.0
Jeppesen Solution Integrator Overview DOCUMENT VERSION 1.0 OCTOBER 1, 2014 Jeppesen Solution Integrator Overview DOCUMENT VERSION 1.0 Contents Figures Tables v vii Introduction 1 Getting Started........................................................
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationConfiguring Cache Services Using the Web Cache Communication Protocol
Configuring Cache Services Using the Web Cache Communication Protocol Finding Feature Information, page 1 Prerequisites for WCCP, page 1 Restrictions for WCCP, page 2 Information About WCCP, page 3 How
More informationThinAir Server Platform White Paper June 2000
ThinAir Server Platform White Paper June 2000 ThinAirApps, Inc. 1999, 2000. All Rights Reserved Copyright Copyright 1999, 2000 ThinAirApps, Inc. all rights reserved. Neither this publication nor any part
More informationOpengear Technical Note
) 0 FO U N D Y FastIron Workgroup X N E T WO R K S C o n s o le L in k 0 P o w e r F F F F 0 0 0 0 0 0 S Y T R P S S T A T D U P L X S P E E D M O D E 0 0 -Port Standard KVM Switch Model B00-00 0 0 C at
More informationAWS Integration Guide
AWS Integration Guide Cloud-Native Security www.aporeto.com AWS Integration Guide Aporeto integrates with AWS to help enterprises efficiently deploy, manage, and secure applications at scale and the compute
More informationAutomating the Data Center
F5 White Paper This paper discusses an alternative architecture that supports data center automation and dynamic provisioning without operating system virtualization. by Lori MacVittie Technical Marketing
More informationAdapter for Mainframe
BEA WebLogic Java Adapter for Mainframe Introduction Release 5.1 Document Date: August 2002 Copyright Copyright 2002 BEA Systems, Inc. All Rights Reserved. Restricted Rights Legend This software and documentation
More informationService Mesh and Microservices Networking
Service Mesh and Microservices Networking WHITEPAPER Service mesh and microservice networking As organizations adopt cloud infrastructure, there is a concurrent change in application architectures towards
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Port Security Port Security helps to control access to logical and physical ports, protocols, and services. This
More informationReviewer s guide. PureMessage for Windows/Exchange Product tour
Reviewer s guide PureMessage for Windows/Exchange Product tour reviewer s guide: sophos nac advanced 2 welcome WELCOME Welcome to the reviewer s guide for NAC Advanced. The guide provides a review of the
More informationCisco Service-Oriented Network Architecture: Support and Optimize SOA and Web 2.0 Applications
Cisco Service-Oriented Network Architecture: Support and Optimize SOA and Web 2.0 Applications Executive Summary Today, Web 2.0 and service-oriented architectures (SOAs) are among the top issues of concern
More informationEvaluator Group Inc. Executive Editor: Randy Kerns
Avoiding an Infrastructure Cost Explosion as You Move to Exchange 2010 Metalogix Archive Manager Evaluator Group Inc. Technology Insight Series Executive Editor: Randy Kerns Version 1: January 2012 Copyright
More informationSecuring Wireless Networks by By Joe Klemencic Mon. Apr
http://www.cymru.com/ Securing Wireless Networks by By Joe Klemencic (faz@home.com) Mon. Apr 30 2001 Many companies make attempts to embrace new technologies, but unfortunately, many of these new technologies
More informationPart I. Windows XP Overview, Installation, and Startup COPYRIGHTED MATERIAL
Part I Windows XP Overview, Installation, and Startup COPYRIGHTED MATERIAL Chapter 1 What s New in Windows XP? Windows XP suffers somewhat from a dual personality. In some ways it is a significant release,
More informationUGANDA NATIONAL BUREAU OF STANDARDS LIST OF DRAFT UGANDA STANDARDS ON PUBLIC REVIEW
UGANDA NATIONAL BUREAU OF STANDARDS LIST OF DRAFT UGANDA STANDARDS ON PUBLIC REVIEW S/No. STANDARDS CODE TITLE(DESCRIPTION) SCOPE 1. DUS ISO/IEC 29151:2017 technology -- Security techniques -- Code of
More informationWCCPv2 and WCCP Enhancements
WCCPv2 and WCCP Enhancements Release 12.0(11)S June 20, 2000 This feature module describes the Web Cache Communication Protocol (WCCP) Enhancements feature and includes information on the benefits of the
More informationSNIA Discussion on iscsi, FCIP, and IFCP Page 1 of 7. IP storage: A review of iscsi, FCIP, ifcp
SNIA Discussion on iscsi, FCIP, and IFCP Page 1 of 7 IP storage: A review of iscsi, FCIP, ifcp SNIA IP Storage Forum With the advent of new IP storage products and transport protocol standards iscsi, FCIP,
More informationELIMINATE SECURITY BLIND SPOTS WITH THE VENAFI AGENT
ELIMINATE SECURITY BLIND SPOTS WITH THE VENAFI AGENT less discovery can t find all keys and certificates Key and certificate management is no longer just an IT function. So it cannot be treated the same
More informationLevel 1 Technical. Microsoft Lync Basics. Contents
Level 1 Technical Microsoft Lync Basics Contents 1 Glossary... 2 2 Introduction... 3 3 Integration... 4 4 Architecture... 6 Lync Server Editions... 6 Lync Server Roles... 6 Server Pools... 6 Front End
More informationMinfy MS Workloads Use Case
Contents Scope... 3 About CUSTOMER... Error! Bookmark not defined. Use Case Description... 3 Technical Stack... 3 AWS Architecture... Error! Bookmark not defined. AWS Solution Overview... 4 Risk Identified
More informationYour Data and Artificial Intelligence: Wise Athena Security, Privacy and Trust. Wise Athena Security Team
Your Data and Artificial Intelligence: Wise Athena Security, Privacy and Trust Wise Athena Security Team Contents Abstract... 3 Security, privacy and trust... 3 Artificial Intelligence in the cloud and
More informationOptimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution
DATASHEET Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution Features & Benefits Best-in-class VPN and vadc solutions A single point of access for all
More informationNetwork Connectivity and Mobility
Network Connectivity and Mobility BSAD 141 Dave Novak Topics Covered Lecture is structured based on the five elements of creating a connected world from the text book (with additional content) 1. Network
More informationWHITE PAPER. Good Mobile Intranet Technical Overview
WHITE PAPER Good Mobile Intranet CONTENTS 1 Introduction 4 Security Infrastructure 6 Push 7 Transformations 8 Differential Data 8 Good Mobile Intranet Server Management Introduction Good Mobile Intranet
More informationCommonwealth of Pennsylvania - Justice Network
Commonwealth of Pennsylvania - Justice Network Published: June 1999 FIORANO CUSTOMER SOLUTION Commonwealth of Pennsylvania uses Fiorano s solution to enhance public safety in the State by enabling Real
More informationMobile Apps Sample Solution
Mobile Apps Sample Solution 1 PREFERRED TARGET AUDIENCE Operations Management Team led by Christopher Giovanni, Chief Operating Officer at Crazy Taxi Cab Co. 2 PREFERRED SOLUTION Crazy Taxi Cab Co. liked
More informationiscsi Technology: A Convergence of Networking and Storage
HP Industry Standard Servers April 2003 iscsi Technology: A Convergence of Networking and Storage technology brief TC030402TB Table of Contents Abstract... 2 Introduction... 2 The Changing Storage Environment...
More informationIron Networks, Inc. Turnkey Converged Infrastructure-as-a-Service Platforms
Iron Networks, Inc. Turnkey Converged Infrastructure-as-a-Service Platforms Iron Networks builds turnkey converged cloud infrastructure platforms on industry-standard hardware that are optimized for faster,
More informationRadius, LDAP, Radius, Kerberos used in Authenticating Users
CSCD 303 Lecture 5 Fall 2018 Radius, LDAP, Radius, Kerberos used in Authenticating Users Kerberos Authentication and Authorization Previously Said that identification, authentication and authorization
More informationTransport and Security Specification
Transport and Security Specification 15 November 2017 Version: 6.3 Contents Overview 3 Standard network requirements 3 Source and Destination Ports 3 Configuring the Connection Wizard 4 Private Bloomberg
More informationDevice Discovery for Vulnerability Assessment: Automating the Handoff
Device Discovery for Vulnerability Assessment: Automating the Handoff O V E R V I E W While vulnerability assessment tools are widely believed to be very mature and approaching commodity status, they are
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationONUG SDN Federation/Operability
ONUG SDN Federation/Operability Orchestration A white paper from the ONUG SDN Federation/Operability Working Group May, 2016 Definition of Open Networking Open networking is a suite of interoperable software
More informationComplying with PCI DSS 3.0
New PCI DSS standards are designed to help organizations keep credit card information secure, but can cause expensive implementation challenges. The F5 PCI DSS 3.0 solution allows organizations to protect
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationMICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER
TECHNICAL WHITE PAPER MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY Abstract Organizations are in search of ways to more efficiently and securely use IT resources to increase innovation and minimize cost.
More informationMinfy MS Workloads Use Case
Contents Scope... 3 About Customer... 3 Use Case Description... 3 Technical Stack... 3 AWS Solution... 4 Security... 4 Benefits... 5 Scope This document provides a detailed use case study on Hosting GSP
More informationSOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2
Requirement Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence
More informationSECURITY & NETWORK WHITEPAPER
SECURITY & NETWORK WHITEPAPER Introduction With Mosaic Hub, teams in different locations can work together in realtime in a collaborative workspace like as if they're all in the same room. Mosaic brings
More informationChoosing The Best Firewall Gerhard Cronje April 10, 2001
Choosing The Best Firewall Gerhard Cronje April 10, 2001 1. Introduction Due to the phenomenal growth of the Internet in the last couple of year s companies find it hard to operate without a presence on
More informationGrid Computing with Voyager
Grid Computing with Voyager By Saikumar Dubugunta Recursion Software, Inc. September 28, 2005 TABLE OF CONTENTS Introduction... 1 Using Voyager for Grid Computing... 2 Voyager Core Components... 3 Code
More informationSecuring CS-MARS C H A P T E R
C H A P T E R 4 Securing CS-MARS A Security Information Management (SIM) system can contain a tremendous amount of sensitive information. This is because it receives event logs from security systems throughout
More informationThe Benefits of Wireless Infrastructure Management in the Cloud
WHITE PAPER The Benefits of Wireless Infrastructure Management in the Cloud High Performance Wireless Networks The Benefits of Wireless Infrastructure Management in the Cloud How the cloud maximizes IT
More informationData Model Considerations for Radar Systems
WHITEPAPER Data Model Considerations for Radar Systems Executive Summary The market demands that today s radar systems be designed to keep up with a rapidly changing threat environment, adapt to new technologies,
More informationOracle Mission Critical Support Platform. General. Installation. Troubleshooting. Inventory and Discovery. Frequently Asked Questions Release 2.
Oracle Mission Critical Support Platform Frequently Asked Questions Release 2.3 E23199-01 May 2011 General What is Oracle Mission Critical Support Platform? Is Oracle Mission Critical Support Platform
More informationCISCO SHIELDED OPTICAL NETWORKING
CISCO SHIELDED OPTICAL NETWORKING Dr. Gaurav Kumar Jain Regional College For Education, Research and Technology Email: gaurav.rinkujain.jain@gmail.com Tarun Kumawat JECRC,UDML,College of Engineering Purabi
More informationVirtual Private Networks (VPNs)
CHAPTER 19 Virtual Private Networks (VPNs) Virtual private network is defined as customer connectivity deployed on a shared infrastructure with the same policies as a private network. The shared infrastructure
More informationFast Track Model Based Design and Development with Oracle9i Designer. An Oracle White Paper August 2002
Fast Track Model Based Design and Development with Oracle9i Designer An Oracle White Paper August 2002 Fast Track Model Based Design and Development with Oracle9i Designer Executive Overivew... 3 Introduction...
More informationDeveloping Enterprise Cloud Solutions with Azure
Developing Enterprise Cloud Solutions with Azure Java Focused 5 Day Course AUDIENCE FORMAT Developers and Software Architects Instructor-led with hands-on labs LEVEL 300 COURSE DESCRIPTION This course
More informationTHE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS
THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS By Bill Graham and Michael Weinstein WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Driven by the convergence of cloud technology, rapidly
More informationSecuring Wireless LANs with Certificate Services
1 Securing Wireless LANs with Certificate Services PHILIP HUYNH University of Colorado at Colorado Springs Abstract Wireless Local Access Network (WLAN) is used popularly in almost everywhere from the
More informationIT and Instrumentation for industry. Modular RTU Controller: IoPAC 8000 Series. Cellular RTU Controller: iologik W5300 Series
Datasheet Modular RTU Controller: IoPAC 8000 Series Compliant with EN 50121-3-2, EN 50121-4 and essential sections of EN 50155 Supports C/C++ programming languages 2-port Ethernet switch for daisy-chain
More informationSafeguarding Cardholder Account Data
Safeguarding Cardholder Account Data Attachmate Safeguarding Cardholder Account Data CONTENTS The Twelve PCI Requirements... 1 How Reflection Handles Your Host-Centric Security Issues... 2 The Reflection
More informationVMware AirWatch Google Sync Integration Guide Securing Your Infrastructure
VMware AirWatch Google Sync Integration Guide Securing Your Email Infrastructure AirWatch v9.2 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
More informationThe R25 Robot Series
The R25 Robot Series Network Setup Guide Contents Overview 2 Configuration 3 On-Screen Menu Configuration 3 Network Test 4 USB Simple Configuration WEP and WPA/WPA2-Personal 5 USB Simple Configuration
More informationVol. 1 Technical RFP No. QTA0015THA
General Services Administration (GSA) Enterprise Infrastructure Solutions (EIS) and/or Inter-Agency Government traffic will be identified and routed through a secure latest-generation Managed Trusted Internet
More informationDesign and deliver cloud-based apps and data for flexible, on-demand IT
White Paper Design and deliver cloud-based apps and data for flexible, on-demand IT Design and deliver cloud-based apps and data for flexible, on-demand IT Discover the fastest and easiest way for IT to
More informationDeveloping an Enterprise Extranet Service
Developing an Enterprise Extranet Service White Paper www.aventail.com Tel 206.215.1111 Fax 206.215.1120 808 Howell Street Second Floor Seattle, WA 98101 Executive Summary A variety of market research
More informationIBM FlashSystem 720 & FlashSystem 820 Remote Support Overview
IBM FlashSystem 720 & FlashSystem 820 Remote Support Overview Copyright IBM Corporation 2014 i Applicable Products Product: IBM FlashSystem 720 Product Version(s): 6.3.1-p10, 6.3.0 Product: IBM FlashSystem
More information