The Savage Curtain: Mobile SSL Failures
|
|
- Bartholomew Chapman
- 5 years ago
- Views:
Transcription
1 The Savage Curtain: Mobile SSL Failures
2 Who are these guys? Tony Trummer - Staff Security Engineer aka SecBro Tushar Dalvi - Sr. Security Engineer & Pool Hustler
3 A Private Little War Our Click to edit Master textdoes styles employer generally not have prior knowledge of, condone, support or otherwise endorse our research
4 The Menagerie { Apps Click are to edit Masteroftext styles mash-ups native and web code { Java, Objective C, Swift, etc. { Developers control SSL/TLS security settings
5 Basics Fourthseveral level TLS provides security features { Encryption { Authenticity { Integrity In apps, unlike browsers, whether you see a certificate warning is up to the app developer.
6 Wolf in the Fold { the ONLY against TLS Clickistoreally edit Master textprotection styles Man-in-the (MitM) attacks Second middle level Third level { MitM is significantly easier to perform against mobile devices
7 Tomorrow Is Yesterday Before dismissing the idea of large Second level attacks... scale or supply-chain { Recent reports of pre-installed trojans Fourth level on low-end» Android Fifth leveldevices { In 2013, Nokia was found to be performing MitM on customer traffic, reportedly for performance reasons { In 2013, reports surfaced claiming that the NSA and GCHQ ( Flying Pig ) were actually performing real-world MitM attacks
8 The Immunity Syndrome Infosec folks often roll their eyes when they Second level read statements on sites or in apps that tout Third level Fourth TLS uselevel and how big their keys are
9 Journey to Babel One Click to edit Master styles night, after a fewtext drinks, we decided to Second level starting with proxying their test some apps, web requests
10 Into Darkness
11 First aspect of certificate validation The app or level OS must verify the certificate is Second cryptographically signed by the private key of a» trusted Certificate Authority Fifth level
12 Proper certificate validation Certificatelevel is signed by the private key of a trusted CA? Second Is this an intermediate certificate? Trusted Root CA
13 Forget Something? Tony Tushar
14 A Piece of the Action
15 A Taste of Armageddon
16 The Trouble with Tribbles
17 The Trouble with Tribbles
18 Testing for CA validation use proxy { Configure Click todevice edit to Master text styles { Configure Second BurpSuite's level proxy listener to Generate a level CA-signed per-host Third certificate» Fifththe level { DO NOT install proxy's CA certificate on the test device { Verify you see a certificate warning in the native mobile browser { Step through each section of the app { If you see HTTPS traffic, in Burpsuite, the app failed
19 Second aspect of validation Click to edit Master text styles Does the Subject Common or Alternative name match the hostname of Fourth thelevel site you're visiting?
20 Proper certificate validation Does the Common or Subject Alternative Name Match the hostname? Traces back to Trusted Root CA
21 By any other name
22 By any other name
23
24 The Apple
25 And the Children Shall Lead
26 Amok Time
27 By any other name
28 By any other name
29 Testing for proper hostname validation { Install Portswigger CA cert on device { Configure your device to use a proxy { Configure proxy listener Fourth level to Generate a CAsigned certificate with a specific hostname» Fifth level { Set the hostname to foobar.com { Verify you see a certificate warning in the native mobile browser { Step through each section of the mobile app { If you see HTTPS traffic, the app failed
30 Proper certificate validation Does the Common or Subject Alternative Name Match the DNS hostname? Second level Not expired? Not revoked? Traces back to Trusted Root CA
31 Damn it, Jim!
32 The Naked Time { Credit card Click to numbers, edit Master text styles passwords, Secondand/or level session cookies
33 Dagger of the mind { Unencrypted credit text styles Click to edit Master card information Second level { Tier 1Third PCIlevel merchant { 10 million+ installations
34 Court Martial FTC Clickvs. to edit Master text styles Fandango & Credit Karma level flaws cited in the { One ofthird the major Fourth level suit was failure to validate SSL certificates on mobile applications { Agreed to establish comprehensive security programs { Agreed to undergo independent security assessments every other year for 20 years { Scolded publicly for not keeping their privacy promises to consumers
35
36 SSL session caching Click to edit Master text styles { During the initial handshake Second level the certificate Third level is validated { Subsequent client requests re-use the previous handshake and do not re-validate the certificate { TOFU (Trust On First Use)
37 The Enemy Within would Second How a level bad guy get my phone?» Fifth level it more likely Why is mobile? on
38 Patterns of Force If I have physical access, couldn't I just... { Install malicious Fourth level app { Access your data
39 Turnabout Intruder Since Click to session edit Master text styles SSL caching only Second level checks the certificate once, you Thirditlevel only need on the device for as long it takes you to make the first connection, after which you can delete it
40 The City on the Edge of Forever Second level how long to { Server decides accept the cached session { In other words, the bad guy gets to decide how long to accept the cached session... { We refer to this feature as EverPWN
41
42 Shields Up! { Review your code { Implement policy { Test pre-release { Train developers
43 Shields Up! In Android, investigate these: text styles Click to edit Master { TrustManager { SSLSocket getinsecure { SSLSocketFactory { HostNameVerifier In ios, investigate these areas: { Don't use AFNetworking < v { _AFNETWORKING_ALLOW _INVALID_SSL_CERTIFICATES_ { SetAllowsAnyHTTPSCertificate { kcfstreamsslallowsanyroot
44 Shields Up! { Pinning Certificate Click to edit Master text styles { Dev Third and level prod signing certificates are required to be different in both ios and Android { Build validation models based on which certificate is used to sign the app
45 Live Long and Prosper Contact Clickand to edit Master text styles testing instructions: Trummer: Tony Tushar Dalvi: R.I.P Reggie Destin
Secure Communication in Client-Server Android Apps
Secure Communication in Client-Server Android Apps With a bias towards mobile banking applications. AFRICA HACKON CONFERENCE, 2016. Convergent Security. whoami Masters Candidate Ethical Hacker Web Developer
More informationManage Mobile Security Incidents Like A Boss
Manage Mobile Security Incidents Like A Boss Ismail Guneydas Security Manager/Faculty Kimberly Clark/Texas A&M 10/02/2015 Legal Notice From My Lawyer The opinions expressed in this presentation represent
More informationMan in the Middle Attacks and Secured Communications
FEBRUARY 2018 Abstract This document will discuss the interplay between Man in The Middle (MiTM/ MITM) attacks and the security technologies that are deployed to prevent them. The discussion will follow
More informationBut where'd that extra "s" come from, and what does it mean?
SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying
More informationCreate Decryption Policies to Control HTTPS Traffic
Create Decryption Policies to Control HTTPS Traffic This chapter contains the following sections: Overview of Create Decryption Policies to Control HTTPS Traffic, page 1 Managing HTTPS Traffic through
More informationThis document describes the configuration of Secure Sockets Layer (SSL) decryption on the FirePOWER Module using ASDM (On-Box Management).
Contents Introduction Prerequisites Requirements Components Used Background Information Outbound SSL Decryption Inbound SSL Decryption Configuration for SSL Decryption Outbound SSL decryption (Decrypt
More informationCryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent
More informationBrowser Trust Models: Past, Present and Future
Wednesday June 5, 2013 (9:00am) Browser Trust Models: Past, Present and Future Jeremy Clark & Paul C. van Oorschot School of Computer Science Carleton University, Ottawa, Canada 1 Quick Review: SSL/TLS
More informationConfiguring SSL. SSL Overview CHAPTER
7 CHAPTER This topic describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section are:
More informationConfiguring SSL. SSL Overview CHAPTER
CHAPTER 8 Date: 4/23/09 This topic describes the steps required to configure your ACE (both the ACE module and the ACE appliance) as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination.
More informationBlue Coat ProxySG First Steps Solution for Controlling HTTPS SGOS 6.7
Blue Coat ProxySG First Steps Solution for Controlling HTTPS SGOS 6.7 Legal Notice Copyright 2018 Symantec Corp. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Blue Coat, and the
More informationMobile Payment Application Security. Security steps to take while developing Mobile Application s. SISA Webinar.
Mobile Payment Application Security Security steps to take while developing Mobile Application s About SISA Payment Security Specialists PCI Certification Body (PCI Qualified Security Assessor) Payment
More informationCSM - How to install Third-Party SSL Certificates for GUI access
CSM - How to install Third-Party SSL Certificates for GUI access Contents Introduction Prerequisites Requirements Components Used CSR creation from the User Interface Identity Certificate Upload into CSM
More informationConfiguring SSL CHAPTER
7 CHAPTER This chapter describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section
More informationStudying TLS Usage in Android Apps
Studying TLS Usage in Android Apps Abbas Razaghpanah, Arian Akhavan Niaki, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Johanna Amann, Phillipa Gill Paper: ACM CoNext 2017 Encryption is Everywhere However
More informationTrust Infrastructure of SSL
Trust Infrastructure of SSL CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL Trust 1 SSL/TLS The main workhorse of secure Internet communication. Everyday, billions of
More informationBlue Coat Security First Steps Solution for Controlling HTTPS
Solution for Controlling HTTPS SGOS 6.5 Legal Notice Copyright 2017 Symantec Corp. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Blue Coat, and the Blue Coat logo are trademarks
More informationExpedition. Hardening Guide Version Palo Alto Networks, Inc.
Expedition Hardening Guide Version 1.0 1 Palo Alto Networks, Inc. www.paloaltonetworks.com 2018 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. You can find
More informationCNIT 129S: Securing Web Applications. Ch 3: Web Application Technologies
CNIT 129S: Securing Web Applications Ch 3: Web Application Technologies HTTP Hypertext Transfer Protocol (HTTP) Connectionless protocol Client sends an HTTP request to a Web server Gets an HTTP response
More informationHow to Render SSL Useless. Render SSL Useless. By Ivan Ristic 1 / 27
How to Render SSL Useless By Ivan Ristic 1 / 27 Who is Ivan Ristic? 1) ModSecurity (open source web application firewall), 2) Apache 2 / 33 Security (O Reilly, 2005), 3) SSL Labs (research and assessment
More informationCertificate reputation. Dorottya Papp
Certificate reputation Dorottya Papp Motivation Verification on a digital certificate does not reveal important factors Is it a fake certificate? (Hash collision) Was it mistakenly issued? (Comodo scandal)
More informationDefeating All Man-in-the-Middle Attacks
Defeating All Man-in-the-Middle Attacks PrecisionAccess Vidder, Inc. Defeating All Man-in-the-Middle Attacks 1 Executive Summary The man-in-the-middle attack is a widely used and highly preferred type
More informationCrypto meets Web Security: Certificates and SSL/TLS
CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationConfiguring F5 for SSL Intercept
Configuring F5 for Welcome to the F5 deployment guide for configuring the BIG-IP system for SSL intercept (formerly called with Air Gap Egress Inspection). This document contains guidance on configuring
More informationEnhancing Exchange Mobile Device Security with the F5 BIG-IP Platform
Enhancing Exchange Mobile Device Security with the F5 BIG-IP Platform By the F5 business development team for the Microsoft Global Alliance Version 1.0 Introduction As the use of mobile devices in the
More informationSecurity Fundamentals
COMP 150-IDS: Internet Scale Distributed Systems (Spring 2015) Security Fundamentals Noah Mendelsohn Tufts University Email: noah@cs.tufts.edu Web: http://www.cs.tufts.edu/~noah Copyright 2012 & 2015 Noah
More informationSecurity Specification
Security Specification Security Specification Table of contents 1. Overview 2. Zero-knowledge cryptosystem a. The master password b. Secure user authentication c. Host-proof hosting d. Two-factor authentication
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationSecuring Connections for IBM Traveler Apps. Bill Wimer STSM for IBM Collaboration Solutions December 13, 2016
Securing Connections for IBM Traveler Apps Bill Wimer (bwimer@us.ibm.com), STSM for IBM Collaboration Solutions December 13, 2016 IBM Technote Article #21989980 Securing Connections for IBM Traveler mobile
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationUnderstanding Traffic Decryption
The following topics provide an overview of SSL inspection, describe the prerequisites for SSL inspection configuration, and detail deployment scenarios. Traffic Decryption Overview, page 1 SSL Handshake
More informationLecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from
Lecture 15 PKI & Authenticated Key Exchange COSC-260 Codes and Ciphers Adam O Neill Adapted from http://cseweb.ucsd.edu/~mihir/cse107/ Today We will see how signatures are used to create public-key infrastructures
More informationMan in the middle attack on TextSecure Signal. David Wind IT SeCX 2015
Man in the middle attack on TextSecure Signal David Wind IT SeCX 2015 $ whoami David Wind Information Security Master student @ University of Applied Science St. Pölten Working for XSEC infosec GmbH since
More informationBreaking SSL Why leave to others what you can do yourself?
Breaking SSL Why leave to others what you can do yourself? By Ivan Ristic 1/ 26 Who is Ivan Ristic? 1) ModSecurity (open source web application firewall), 2) Apache 2/ 33 Security (O Reilly, 2005), 3)
More informationSSL/TLS Deployment Best Practices
Version 1.0 24 Feb 2012 SSL/TLS Deployment Best Practices Ivan Ristic Qualys SSL Labs Introduction SSL/TLS is a deceptively simple technology. It is easy to deploy, and it just works... except that it
More informationCVE / "POODLE"
NCP Volume License Server (Win32/64) Service Release: 2.00 build 19725 Date: April 2017 Prerequisites Operating System Support The following Microsoft Operating Systems are supported with this release:
More informationUnderstand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS
Last Updated: Oct 31, 2017 Understand the TLS handshake Understand client/server authentication in TLS RSA key exchange DHE key exchange Explain certificate ownership proofs in detail What cryptographic
More informationSecure Sockets Layer (SSL) / Transport Layer Security (TLS)
Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 20 th November 2017 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationCOSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS
COSC 301 Network Management Lecture 15: SSL/TLS and HTTPS Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 15: SSL/TLS and HTTPS 1 Today s Focus WWW WWW How to secure web applications?
More informationChapter 4: Securing TCP connections
Managing and Securing Computer Networks Guy Leduc Chapter 5: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section
More informationManaging SSL/TLS Traffic Flows
Some protocols, such as HTTPS, use Secure Sockets Layer (SSL) or its follow-on version, Transport Layer Security (TLS), to encrypt traffic for secure transmissions. Because encrypted traffic cannot be
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationConfiguring OpenVPN on pfsense
Configuring OpenVPN on pfsense Configuring OpenVPN on pfsense Posted by Glenn on Dec 29, 2013 in Networking 0 comments In this article I will go through the configuration of OpenVPN on the pfsense platform.
More informationManaging Certificates
CHAPTER 12 The Cisco Identity Services Engine (Cisco ISE) relies on public key infrastructure (PKI) to provide secure communication for the following: Client and server authentication for Transport Layer
More informationTransport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
More informationCheck Point Connectra Citrix Troubleshooting (4th Edition) October 10, 2005
Check Point Connectra Citrix Troubleshooting (4th Edition) October 10, 2005 IMPORTANT Check Point recommends that customers stay up-to-date with the latest service packs, HFAs and versions of security
More informationCYAN SECURE WEB HOWTO. SSL Intercept
CYAN SECURE WEB HOWTO January 2009 Applies to: CYAN Secure Web 1.6 and above allows you to inspect SSL encrypted traffic. Therefore all filter mechanisms can be applied to HTTPS traffic. Without, all data
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationOCSP Stapling. Let the web server protect the users! SWITCHpki Team Bern, SWITCH 1
Stapling Let the web server protect the users! SWITCHpki Team pki@switch.ch Bern, 29.03.2017 2017 SWITCH 1 Rejecting Revoked Certificates Web browsers should check whether a web server's SSL certificate
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationPOA Bridge. Security Assessment. Cris Neckar SECUREWARE.IO
POA Bridge Security Assessment Cris Neckar SECUREWARE.IO Executive Summary The engagement team performed a limited scope, source code assessment of POA Network s POA Bridge. The purpose of this assessment
More informationSecuring Internet Communication: TLS
Securing Internet Communication: TLS CS 161: Computer Security Prof. David Wagner March 11, 2016 Today s Lecture Applying crypto technology in practice Two simple abstractions cover 80% of the use cases
More informationBalabit s Privileged Session Management and Remote Desktop Protocol Scenarios
Balabit s Privileged Session Management and Remote Desktop Protocol Scenarios May 02, 2018 Abstract Common RDP scenarios for Balabit s Privileged Session Management (PSM) Copyright 1996-2018 Balabit, a
More informationAuditing IoT Communications with TLS-RaR
Auditing IoT Communications with TLS-RaR Judson Wilson, Henry Corrigan-Gibbs, Riad S. Wahby, Keith Winstein, Philip Levis, Dan Boneh Stanford University Auditing Standard Devices MITM Used for: security
More informationOWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example
Proxy Caches and Web Application Security Using the Recent Google Docs 0-Day as an Example Tim Bass, CISSP Chapter Leader, Thailand +66832975101, tim@unix.com AppSec Asia October 21, 2008 Thailand Worldwide
More informationInternet security and privacy
Internet security and privacy SSL/TLS 1 Application layer App. TCP/UDP IP L2 L1 2 Application layer App. SSL/TLS TCP/UDP IP L2 L1 3 History of SSL/TLS Originally, SSL Secure Socket Layer, was developed
More informationSecuring MQTT. #javaland
Securing MQTT #javaland 2017 www.bestppt.com INTRODUCTION Dominik Obermaier @dobermai Disclaimer Obligatory Disclaimer: All security suggestions and guidelines in this talk are collected from real-world
More informationExinda How To Guide: SSL Acceleration. Exinda ExOS Version Exinda Networks, Inc.
Exinda How To Guide: SSL Acceleration Exinda ExOS Version 7.4.3 2 Copyright All rights reserved. No parts of this work may be reproduced in any form or by any means - graphic, electronic, or mechanical,
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationElastic Load Balancing. User Guide. Date
Date 2018-07-20 Contents Contents 1 Product Description... 4 1.1 What Is Elastic Load Balancing (ELB)?... 4 1.2 Load Balancer Type... 4 1.3 Basic Architecture... 5 1.3.1 Classic Load Balancer... 5 1.3.2
More informationVMware Tunnel Guide for Windows Installing the VMware Tunnel for your AirWatch environment
VMware Tunnel Guide for Windows Installing the VMware Tunnel for your AirWatch environment AirWatch v9.1 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard
More informationAndroid Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.
Android Mobile Single Sign-On to VMware Workspace ONE SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.3 You can find the most up-to-date technical documentation on the VMware
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationSecurity issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.
Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed
More informationSecuring Connections with Digital Certificates in Router OS. By Ezugu Magnus PDS Nigeria
Securing Connections with Digital Certificates in Router OS By Ezugu Magnus PDS Nigeria About the Presenter MikroTik Certifications My Contact details: Mikrotik Certified Engineer (MTCNA,MTCRE,MTCWE,MTCTCE,MTCUME,MTCINE)
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationSecuring Internet Communication
Securing Internet Communication CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/
More informationInstallation and usage of SSL certificates: Your guide to getting it right
Installation and usage of SSL certificates: Your guide to getting it right So, you ve bought your SSL Certificate(s). Buying your certificate is only the first of many steps involved in securing your website.
More informationInnovative uses as result of DNSSEC
Innovative uses as result of DNSSEC AKA: Some happenings in the DANE* WG in the IETF. * DNS-based Authentication of Named Entities Some background... When you connect to https://www.example.com you use
More informationVMware Tunnel on Linux. VMware Workspace ONE UEM 1811
VMware Workspace ONE UEM 1811 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback
More informationGrandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide
Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide Table of Contents SUPPORTED DEVICES... 5 INTRODUCTION... 6 GWN7000 VPN FEATURE... 7 OPENVPN CONFIGURATION... 8 OpenVPN
More informationNetwork Device Provisioning
Network Device Provisioning Spring Internet2 Meeting April 23, 2013 Jim Jokl University of Virginia 1 The Problem Set Enable the use of strong authentication Passwords are painful and phishing is easy
More informationVMware Tunnel Guide for Windows
VMware Tunnel Guide for Windows Installing the VMware Tunnel for your Workspace ONE UEM environment Workspace ONE UEM v9.5 Have documentation feedback? Submit a Documentation Feedback support ticket using
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationThe Six Most Dangerous New Attack Techniques And What s Coming Next? Ed Skoudis CounterHackChallenge
The Six Most Dangerous New Attack Techniques And What s Coming Next? MODERATOR: Alan Paller SANS Institute PANELISTS: Ed Skoudis CounterHackChallenge Johannes Ullrich SANS Internet Storm Center Session
More informationENTRUST CONNECTOR Installation and Configuration Guide Version April 21, 2017
ENTRUST CONNECTOR Installation and Configuration Guide Version 0.5.1 April 21, 2017 2017 CygnaCom Solutions, Inc. All rights reserved. Contents What is Entrust Connector... 4 Installation... 5 Prerequisites...
More informationTopics. Ensuring Security on Mobile Devices
Ensuring Security on Mobile Devices It is possible right? Topics About viaforensics Why mobile security matters Types of security breaches and fraud Anticipated evolution of attacks Common mistakes that
More informationHow to Set Up External CA VPN Certificates
To configure a client-to-site, or site-to-site VPN using s created by External CA, you must create the following VPN s for the VPN service to be able to authenticate Before you begin Use an external CA
More informationSSL Report: ( )
Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > www.workbench.nationaldataservice.org SSL Report: www.workbench.nationaldataservice.org (141.142.210.100) Assessed on:
More informationEvaluating the Security Risks of Static vs. Dynamic Websites
Evaluating the Security Risks of Static vs. Dynamic Websites Ballard Blair Comp 116: Introduction to Computer Security Professor Ming Chow December 13, 2017 Abstract This research paper aims to outline
More informationCertificate Management
Certificate Management This guide provides information on...... Configuring the NotifyMDM server to use a Microsoft Active Directory Certificate Authority... Using Certificates from Outside Sources...
More informationVendor: Citrix. Exam Code: 1Y Exam Name: Implementing Citrix NetScaler 10.5 for App and Desktop Solutions. Version: Demo
Vendor: Citrix Exam Code: 1Y0-253 Exam Name: Implementing Citrix NetScaler 10.5 for App and Desktop Solutions Version: Demo QUESTION 1 A Citrix Administrator needs to configure a single virtual server
More informationConfiguring SSL Security
CHAPTER9 This chapter describes how to configure SSL on the Cisco 4700 Series Application Control Engine (ACE) appliance. This chapter contains the following sections: Overview Configuring SSL Termination
More informationISY994 Series Network Security Configuration Guide Requires firmware version Requires Java 1.8+
ISY994 Series Network Security Configuration Guide Requires firmware version 4.5.4+ Requires Java 1.8+ 1 Introduction Universal Devices, Inc. takes ISY security extremely seriously. As such, all ISY994
More informationGrandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide
Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide Table of Contents INTRODUCTION... 4 SCENARIO OVERVIEW... 5 CONFIGURATION STEPS... 6 Core Site Configuration... 6 Generate Self-Issued Certificate
More informationSecuring ArcGIS Services
Federal GIS Conference 2014 February 10 11, 2014 Washington DC Securing ArcGIS Services James Cardona Agenda Security in the context of ArcGIS for Server Background concepts Access Securing web services
More informationUCS Manager Communication Services
Communication Protocols, page 1 Communication Services, page 1 Non-Secure Communication Services, page 3 Secure Communication Services, page 5 Network-Related Communication Services, page 12 Communication
More informationBackdooring the Front Door
Backdooring the Front Door About me Software Engineer by trade Hacker by passion Lock picker for fun The best puzzles are not meant to be solved All opinions are my own, and may not reflect those of my
More informationM2M / IoT Security. Eurotech`s Everyware IoT Security Elements Overview. Robert Andres
M2M / IoT Security Eurotech`s Everyware IoT Security Elements Overview Robert Andres 23. September 2015 The Eurotech IoT Approach : E2E Overview Application Layer Analytics Mining Enterprise Applications
More informationCONVERTIGO SDK THE ULTIMATE CLIENT MOBILE API FOR CONVERTIGO MBAAS
CONVERTIGO SDK THE ULTIMATE CLIENT MOBILE API FOR CONVERTIGO MBAAS WHY CONVERTIGO SDK? Abstracts Mobile app developer from protocol complexity Gives simple cross-platform API to access Convertigo MBaaS
More informationUsing SSL to Secure Client/Server Connections
Using SSL to Secure Client/Server Connections Using SSL to Secure Client/Server Connections, page 1 Using SSL to Secure Client/Server Connections Introduction This chapter contains information on creating
More informationSecuring ArcGIS Server Services An Introduction
2013 Esri International User Conference July 8 12, 2013 San Diego, California Technical Workshop Securing ArcGIS Server Services An Introduction David Cordes & Derek Law Esri - Redlands, CA Agenda Security
More informationScan Report Executive Summary
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 11/20/2017 Scan expiration date: 02/18/2018 Part 2. Component
More informationInstall the ExtraHop session key forwarder on a Windows server
Install the ExtraHop session key forwarder on a Windows server Published: 2018-07-23 The ExtraHop session key forwarder runs as a process on a monitored Windows server running SSL services. The forwarder
More informationSSL Report: bourdiol.xyz ( )
Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > bourdiol.xyz > 217.70.180.152 SSL Report: bourdiol.xyz (217.70.180.152) Assessed on: Sun Apr 19 12:22:55 PDT 2015 HIDDEN
More informationF5 BIG-IQ Centralized Management: Device. Version 5.3
F5 BIG-IQ Centralized Management: Device Version 5.3 Table of Contents Table of Contents BIG-IQ Centralized Management Overview... 5 About BIG-IQ Centralized Management... 5 Device Discovery and Basic
More informationVII. Corente Services SSL Client
VII. Corente Services SSL Client Corente Release 9.1 Manual 9.1.1 Copyright 2014, Oracle and/or its affiliates. All rights reserved. Table of Contents Preface... 5 I. Introduction... 6 Chapter 1. Requirements...
More informationVeeam Cloud Connect. Version 8.0. Administrator Guide
Veeam Cloud Connect Version 8.0 Administrator Guide June, 2015 2015 Veeam Software. All rights reserved. All trademarks are the property of their respective owners. No part of this publication may be reproduced,
More informationLessons from the Human Immune System Gavin Hill, Director Threat Intelligence
Lessons from the Human Immune System Gavin Hill, Director Threat Intelligence HLA ID: 90FZSBZFZSB 56BVCXVBVCK 23YSLUSYSLI 01GATCAGATC Cyber space is very similar to organic realm Keys & certificates are
More information