Best Practices for keeping your Oracle Solaris workloads secure CON6298
|
|
- Mariah Anthony
- 6 years ago
- Views:
Transcription
1
2 Best Practices for keeping your Oracle Solaris workloads secure CON6298 Darren J Moffat Senior Principal Engineer Oracle Solaris Engineering October, 2017
3 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle. 3
4 Continuous Security 3 Axis of Risk needs 3 Axis of Control 4
5 Threat #1:Stolen privileged user credentials People 5
6 100 % Of investigated data breaches involved stolen credentials Privileged User Access needs more control than a simple 8 character password Administrators have too many passwords Source: Mandiant Threat Report, 2015 Copyright 2017 Oracle and/or its affiliates. All rights reserved. 6
7 Oracle Solaris Helps mitigate Credential Abuse/Misuse Time & Location Based Delegation Activity-based profiles delivered with Solaris. Not just a framework Built in Multi-Factor Authentication Smartcard & Standards based One Time Password Secure Remote Audit and Logging 7
8 Authentication/Account Management Core PAM modules UNIX pam_unix_{auth,cred,account} Password (using strong hashes) Time/Day based Access LDAP Kerberos One Time Password (New in Solaris 11.3 SRU) IETF Standards Based HOTP or TOTP Compatible with Google Authenticator, Yubikey and many others Smartcard pam_pkcs11 + PC/SC + USB CCID (New in Solaris 11.3 SRU)
9 Control Where & When Scoping RBAC Profiles Qualification of profile assignments to: user/host/netgroup LDAP lookup order: Host specific Netgroup specific Unqualified Allows granting a user rights on a subset of hosts Use in conjunction with Time Based control & Multi-factor For Example: Network Management only granted Mon-Fri 9-5 on development hosts Require use of Password + OTP
10 Authentication Authentication policy set per system: /etc/security/policy.conf:pam_policy=ldap Per User authentication policy overrides Policy stored with RBAC data # usermod S ldap K pam_policy=krb5 darrenm # usermod S ldap K pam_policy=otp darrenm # usermod S ldap K pam_policy=unix darrenm
11 Granting administrator rights Directly assigned to users, alternative to using shared account roles # usermod S ldap K profiles+= Network Management darrenm $ pfexec ipadm create-addr # usermod K auth_profiles+= Network Management darrenm $ ipadm create-addr Re-authentication by darrenm is required to use profile: Network Management (Use ^C to cancel) Password: ************ OTP Code: ******
12 Auditing Who, What, When, Where, Why First introduced with SunOS 3.5 as unbundled extra On by default in Solaris 11 Events generated by privileged programs, syscalls, kernel subsystems Events grouped into Classes Upload events to Oracle Audit Vault, or send binary trail over secure transport or use syslog Session Annotation (at login and privilege elevation) planned for 11.4
13 Threat #2:Unpatched and misconfigured systems Platform 13
14 99.9% Of the exploited vulnerabilities were compromised more than a year after the CVE was published Source: Verizon Data Breach Investigations Report, 2015 Copyright 2017 Oracle and/or its affiliates. All rights reserved. 14
15 Exploited Vulnerabilities Compromised 74% OF ORGANIZATIONS TAKE 3 MONTHS+ TO PATCH Source: Verizon Data Breach Investigations Report, 2015; IIOUG Data Security Survey,
16 Install Compliant Minimized Oracle Solaris If it isn t installed You don t need to patch the security vulnerabilities Your auditor won t get false positives on versions It can t be configured in a non-compliant way Group packages as starting points Add only what you need Packages removed from a group stay removed unless required in future for a dependency. Better to start small & add than start big & remove Signed packages using secure transport from boot loader onwards pkg:/group/system/solaris-minimal-server Minimal supported installation pkg:/group/system/solaris-small-server Adds major features such as Oracle Solaris Zones pkg:/group/system/solaris-large-server Adds most features including automated installer, many more services pkg:/group/prerequisite/oracle/oracle-rdbmsserver-12-1-preinstall Oracle Database dependencies pkg:/group/prerequisite/oracle/oracle-ebsserver-r12-preinstall Oracle E-Buisiness Server R12 dependencies 16
17 One Step Security Patching # pkg update solaris-11-cpu@latest The solaris-11-cpu IPS package contains the CVE number to package version mapping. Integrated with Compliance Reporting
18 Simple Administration Major Financial Customer s Experiences Patching Oracle Solaris vs. Red Hat Machines/Administrator Red Hat Enterprise Linux X Solaris 11 MANAGE 4000 Servers/Admin Step Security Patching 18
19 Exploit Mitigation Introduction Prevent or reduce the ability of an attacker to take advantage of a bug Study attackers techniques, deploy counter measures Tradeoff between performance, usability and security Not all scenarios/mitigations are the same Some require hardware support Others require compiler support The best are runtime defences the OS gives you without performance impact NONE are full proof
20 Exploit Mitigation Architectural features Support of Architecture-provided protections Intel SMEP (Supervisor Mode Execution Prevention) SPARC fully separated user/kernel address space Reduced Kernel information leaking /proc wchan, netstat socket addresses, modinfo module addresses Per process/binary software mitigations
21 Exploit mitigation features: sxadm(8) NXSTACK Non Executable Stack NXHEAP Non Executable Heap ASLR Address Space Layout Randomisation sxadm delcust Install Time Policy Been around since Solaris 2.6 but now controlled via sxadm(8) Now on by default Tag at build time with: -z nxstack=enable disable New in 11.3, not enabled system wide by default since there are a small number of legitimate uses for an executable HEAP. Tag binaries at build time with: -z nxheap=enable disable Added 11.1 Not enabled system wide by default Go back to vendor delivered defaults svccfg extract security-extensions 21
22 Silicon Secured Memory Available in Oracle SPARC S7, T7, M7, T8, M8 systems First hardware based memory protection Stops attackers from accessing application memory inappropriately Always on without compromise Improved efficiency & more secure and higher available applications Compatible with current applications Public API in libadi or system allocator Pointer B Pointer A Pointer Y Application GO GO M7 Processor Memory 22
23 Oracle SPARC Exploit Mitigation with SSM planned for 11.4 ADISTACK Non Executable Stack ADIHEAP Non Executable Heap Kernel ADI Automatic detection of buffer overflows that overwrite the register save area of a stack frame when the save area contains valid contents. Heap allocators (such as malloc() in libc) may use this feature to reliably detect adjacent buffer overflows and statistically defend against stray pointers and use-after-free. Kernel Heap Memory and buffer tag protection. Not able to be disabled so doesn t show up in sxadm. 23
24 Continuous Security Protection Tamper Resistant Immutable Systems Reduce risk of establishing a foothold Prevent administrator mistakes Update even though it s un-writable by admin users and applications Tamper Evident Software Firmware to Applications Install only known, trusted software Verified Boot 24
25 Immutable System Lock down a system with preconfigured security profiles Trusted Services via SMF planned for 11.4 Strict Full read only root file system, log and audit remotely Fixed Configuration write to most of /var, local audit/log trail Flexible modify configuration, binaries still read-only Dynamic-zones As Fixed but allows add/remove of zones 25
26 Lifecycle: Immutable Zones Example # zonecfg -z myzone 'set file-mac-profile=fixed-configuration # zoneadm -z myzone boot # zlogin myzone [Connected to zone 'myzone' pts/3] myzone# rm /etc/passwd rm: /etc/passwd: override protection 644 (yes/no)? y rm: /etc/passwd not removed: Read-only file system myzone# pkg install emacs pkg install: Could not complete the operation on /var/pkg/lock: read-only filesystem.
27 Sandboxing Applications Control Privileged and Non Privileged Applications File read & write privileges take pathnames {file_write}:/var/log/my-app-errors.log net_privaddr: Port number ranges and protocol {net_privaddr}:443/tcp proc_setid: username or uid range proc_exec: pathname File and proc_exec can use wildcards in last path component eg: {proc_exec}:/usr/bin/*
28 My auditor says delete all the setuid root programs! Sandboxing setuid root programs The setuid bit for a root owned file is now just a marker Kernel upcalls to pfexecd asking for privilege specification Examples: Forced Privilege:solaris:cmd:RO::/usr/lib/utmp_update:\ privs={zone}\:/system/volatile/utmp* Forced Privilege:solaris:cmd:RO::/usr/sbin/ping:\ privs=net_icmpaccess,sys_ip_config Forced Privilege:solaris:cmd:RO::/usr/sbin/traceroute:\ privs=net_icmpaccess,net_rawaccess Forced Privilege:solaris:cmd:RO::/usr/sbin/whodo:privs=proc_owner
29 Compliance Reporting Why Solaris Compliance reporting? Auditors want comprehensive reports Don t always have deep knowledge of OS, Application, Deployment Context Auditors often use tools which use wrong interfaces for OS release Configuration reporting is a low value activity for expensive staff Provide correct compliance check interfaces for OS release Provide vendor interpretation of security controls (> 200 Checks in 11.3) Don t force customers to use 3 rd party products Integrate with them using standard data formats SCAP/OVAL/XCCDF Integrates with Oracle Enterprise Manager Compliance Pack 29
30 Simple, Tailor-able Compliance Reporting 30
31 Threat #3:Direct data access Data 31
32 Network Security is Not Enough: Protect the Data! IT Layers Most Vulnerable To Attacks Allocation of Resources To Secure IT Layer Database 52% Network 67% Network 34% Application 15% Application 11% Database 15% Middleware 4% Middleware 3% Source: CSO Online MarketPulse, 2013
33 Data at Rest Encryption with ZFS High Performance hardware accelerated crypto on SPARC & Intel platforms FIPS validated cryptography ZFS Online key wrapping key and data key change ZFS encryption works with compression and deduplication All ZFS filesystem data & metadata encrypted Available in Solaris & Oracle ZFS Storage Appliance
34 Standards Based Key Management KMIP Key Management Interoperability Protocol Standardised by OASIS Several Oracle product groups are active participants or hold key roles Delivered in Solaris 11.3 SRU Libkmip, pkcs11_kmip, kmipcfg Provides integration to Oracle Key Vault (OKV) for Solaris eg, ZFS data set encryption & Oracle Database TDE wrapping keys in OKV
35 Install and Maintain Security & Compliance Traditional or DevOps Deployment Develop & Test Generate Reports for Compliance Lock Down VM Create Unified Archive Securely Deploy into Production Generate Reports for Compliance Oracle Solaris Zones Lock Down Read-Only Unified Archive 35
36 Leading Crypto Performance. Easiest to use, best integrated Security, Compliance and data protection. Combined with best of breed open source security tools, Compliance Auditor Friendly All Supported at least until
37 37
38
Modern and Fast: A New Wave of Database and Java in the Cloud. Joost Pronk Van Hoogeveen Lead Product Manager, Oracle
Modern and Fast: A New Wave of Database and Java in the Cloud Joost Pronk Van Hoogeveen Lead Product Manager, Oracle Scott Lynn Director of Product Management, Oracle Linux and Oracle Solaris, Oracle October
More informationCOMPUTE CLOUD SERVICE. Moving to SPARC in the Oracle Cloud
COMPUTE CLOUD SERVICE Moving to A new way forward: SPARC in the. Does your IT organization support mission-critical applications that would benefit from the unsurpassed security performance of SPARC servers
More informationOracle Solaris 11.4 Beta Secure. Simple. Cloud-Ready.
Oracle Solaris 11.4 Beta Secure. Simple. Cloud-Ready. Oracle Solaris is optimized to secure your data, simplify the system and application lifecycle, and streamline your cloud journey while protecting
More informationRBAC in Solaris 10. Darren J Moffat Staff Engineer, Networking & Security Sun Microsystems, Inc. 7 th October 2004
RBAC in Solaris 10 Darren J Moffat Staff Engineer, Networking & Security Sun Microsystems, Inc. 7 th October 2004 Agenda Least Privilege / RBAC in Solaris 10 SMF - Service Management Framework Zones (N1
More informationOracle Solaris 11: No-Compromise Virtualization
Oracle Solaris 11: No-Compromise Virtualization Oracle Solaris 11 is a complete, integrated, and open platform engineered for large-scale enterprise environments. Its built-in virtualization provides a
More informationOracle Solaris Virtualization: From DevOps to Enterprise
Oracle Solaris Virtualization: From DevOps to Enterprise Duncan Hardie Principal Product Manager Oracle Solaris 17 th November 2015 Oracle Confidential Internal/Restricted/Highly Restricted Safe Harbor
More informationHigh Availability for Enterprise Clouds: Oracle Solaris Cluster and OpenStack
High Availability for Enterprise Clouds: Oracle Solaris Cluster and OpenStack Eve Kleinknecht Principal Product Manager Thorsten Früauf Principal Software Engineer November 18, 2015 Safe Harbor Statement
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationSecurity Compliance and Data Governance: Dual problems, single solution CON8015
Security Compliance and Data Governance: Dual problems, single solution CON8015 David Wolf Director of Product Management Oracle Development, Enterprise Manager Steve Ries Senior Systems Architect Technology
More informationMySQL Enterprise Security
MySQL Enterprise Security Mike Frank Product Management Director Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only,
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationPavel Anni Oracle Solaris 11 Feature Map. Slide 2
Slide 1 Pavel Anni Oracle Solaris 11 Feature Map Slide 2 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into
More informationCreating Resources on the ZFS Storage Appliance
Oracle Enterprise Manager Ops Center Creating Non-Global Zones Using a SAN Storage Library 12c Release 3 (12.3.0.0.0) E65613-01 October 2015 This guide provides an end-to-end example for how to use Oracle
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More informationOracle Enterprise Manager Ops Center. Overview. What You Need. Create Oracle Solaris 10 Zones 12c Release 3 ( )
Oracle Enterprise Manager Ops Center Create Oracle Solaris 10 Zones 12c Release 3 (12.3.0.0.0) E60027-01 June 2015 This guide provides an end-to-end example for how to use Oracle Enterprise Manager Ops
More informationSecurity in the Privileged Remote Access Appliance
Security in the Privileged Remote Access Appliance 2003-2018 BeyondTrust, Inc. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust, Inc. Other trademarks are the property
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform
More informationPatching and Updating your VM SUSE Manager. Donald Vosburg, Sales Engineer, SUSE
Patching and Updating your VM SUSE Manager Donald Vosburg, Sales Engineer, SUSE dvosburg@suse.com Why should I care? I just clone my base VM image, and after that it is not my problem... Understand the
More informationOracle Enterprise Manager Ops Center
Oracle Enterprise Manager Ops Center Configure and Install Guest Domains 12c Release 3 (12.3.2.0.0) E60042-03 June 2016 This guide provides an end-to-end example for how to use Oracle Enterprise Manager
More informationPrivilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer
Privilege Security & Next-Generation Technology Morey J. Haber Chief Technology Officer mhaber@beyondtrust.com Agenda The Next-Gen Threat Landscape o Infomatics, Breaches & the Attack Chain o Securing
More informationIT infrastructure layers requiring Privileged Identity Management
White Paper IT infrastructure layers requiring Privileged Identity Management Abstract Much of today s IT infrastructure is structured as different layers of devices (virtual and physical) and applications.
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationFirmware Updates for Internet of Things Devices
Firmware Updates for Internet of Things Devices Brendan Moran, Milosch Meriac, Hannes Tschofenig Drafts: draft-moran-suit-architecture draft-moran-suit-manifest 1 WHY DO WE CARE? 2 IoT needs a firmware
More informationAgenda. Copyright 2015 Centrify Corporation. All Rights Reserved. 1
Agenda 1. Trends Impacting Data Security 2. Best Practices (subset) to Minimize the Attack Surface 3. 10 Best Practices (appendix) 4. Case Study (appendix) Copyright 2015 Centrify Corporation. All Rights
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 ! 2 Oracle VM Introduction Adam Hawley, Senior Director Virtualization, Oracle January 15, 2013 Safe Harbor Statement The following is intended to outline our general product direction. It is intended
More informationSecurity: The Key to Affordable Unmanned Aircraft Systems
AN INTEL COMPANY Security: The Key to Affordable Unmanned Aircraft Systems By Alex Wilson, Director of Business Development, Aerospace and Defense WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY
More informationSecurity Readiness Assessment
Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting Copyright 2015 Oracle and/or its affiliates. All rights reserved. Cloud Era Requires Identity-Centric Security SaaS PaaS IaaS
More informationOracle Enterprise Manager Ops Center. Introduction. What You Will Need. Configure and Install Root Domains 12c Release 3 (
Oracle Enterprise Manager Ops Center Configure and Install Root Domains 12c Release 3 (12.3.0.0.0) E60040-01 June 2015 This guide provides an end-to-end example for how to use Oracle Enterprise Manager
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationOperating system hardening
Operating system Comp Sci 3600 Security Outline 1 2 3 4 5 6 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications
More informationOracle Corporation 1
1 Solaris 11 for Developers Webinar Series Simplify your Development with Zones, ZFS and Crossbow (TCP/IP) Eric Reid, Stefan Schneider Oracle Systems ISV Engineering 2 Solaris 11 for Developers Webinar
More informationSecurity context. Technology. Solution highlights
Code42 CrashPlan Security Code42 CrashPlan provides continuous, automatic desktop and laptop backup. Our layered approach to security exceeds industry best practices and fulfills the enterprise need for
More informationApplication security : going quicker
Application security : going quicker The web application firewall example Agenda Agenda o Intro o Application security o The dev team approach o The infra team approach o Impact of the agility o The WAF
More information2-4 April 2019 Taets Art and Event Park, Amsterdam CLICK TO KNOW MORE
Co-Host Host 2-4 April 2019 Taets Art and Event Park, Amsterdam CLICK TO KNOW MORE Oracle Cloud Computing Strategy Han Wammes Public Sector Market Development Manager 1 Copyright 2012, Oracle and/or its
More informationA new Distributed Security Model for Linux Clusters
A new Distributed Security Model for Linux Clusters Makan.Pourzandi@Ericsson.Com Open Systems Lab Montréal Canada June, 2004 Rev PA1 07/05/04 1 Outline Context Distributed Security Distributed Access Control
More informationGSE/Belux Enterprise Systems Security Meeting
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. 1 In the news Microsoft Exposes Scope of Botnet Threat By Tony Bradley, October 15, 2010 Microsoft's
More informationOracle Linux, Virtualization & OEM12 Discussion Sahil Mahajan / Sundeep Dhall
Oracle Linux, Virtualization & OEM12 Discussion Sahil Mahajan / Sundeep Dhall 1 Copyright 2011, 2013, Oracle and/or its affiliates. All rights reserved. reserved. Insert Information Protection Policy Classification
More informationVirtual Machine Encryption Security & Compliance in the Cloud
Virtual Machine Encryption Security & Compliance in the Cloud Pius Graf Director Sales Switzerland 27.September 2017 Agenda Control Your Data In The Cloud Overview Virtual Machine Encryption Architecture
More informationOracle Enterprise Manager Ops Center E Introduction
Oracle Enterprise Manager Ops Center Discover an Oracle ZFS Storage Appliance and Configure Storage Libraries 12c Release 2 (12.2.2.0.0) E40770-03 December 2014 This guide provides an end-to-end example
More informationOracle Enterprise Manager Ops Center. Introduction. Creating Oracle Solaris 11 Zones 12c Release 2 ( )
Oracle Enterprise Manager Ops Center Creating Oracle Solaris 11 Zones 12c Release 2 (12.2.2.0.0) E41230-04 February 2015 This guide provides an end-to-end example for how to use Oracle Enterprise Manager
More informationManaging Your Privileged Identities: The Choke Point of Advanced Attacks
Managing Your Privileged Identities: The Choke Point of Advanced Attacks Shirief Nosseir EMEA Alliances Director Identity & API Management Tuesday, 16 May 2017 Agenda Why Privileged Access Management Why
More informationSecuring Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)
Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) A Guide to Leveraging Privileged Account Security to Assist with SWIFT CSCF Compliance Table of Contents Executive Summary...
More informationFlexible Laufzeitumgebungen für Software - Einfach aufgebaut
Flexible Laufzeitumgebungen für Software - Einfach aufgebaut Detlef Drewanz Master Principal Sales Consultant Systems Sales Consulting Northern Europe 17. November, 2015 Copyright 2014 Oracle and/or its
More informationArchitecture. Steven M. Bellovin October 27,
Architecture Steven M. Bellovin October 27, 2015 1 Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache
More informationLiferay Security Features Overview. How Liferay Approaches Security
Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................
More information<Insert Picture Here> Oracle Solaris 11 Security
Oracle Solaris 11 Security Glenn Faden Solaris Security Oracle Corporation Security in Oracle Solaris 11 Built-in, flexible, transparent, hardware assisted Authentication SSH X.509
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More informationSailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities
SailPoint IdentityIQ Integration with the BeyondInsight Platform Providing Complete Visibility and Auditing of Identities Table of Contents Executive Summary... 3 Identity and Access Management... 5 BeyondTrust
More informationYubico with Centrify for Mac - Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Yubico with Centrify for Mac - Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationBEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management.
More informationMySQL CLOUD SERVICE. Propel Innovation and Time-to-Market
MySQL CLOUD SERVICE Propel Innovation and Time-to-Market The #1 open source database in Oracle. Looking to drive digital transformation initiatives and deliver new modern applications? Oracle MySQL Service
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationOracle Solaris 11 Virtualization
Oracle Solaris 11 Virtualization 1 Introduction This lab will introduce us to the basics of Oracle Solaris 11 virtualization, also known as Zones. You will become familiar with the basic operations of
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationOracle Solaris 10 Recommended Patching Strategy
1 Oracle Solaris 10 Recommended Patching Strategy Gerry Haskins, Director, Software Patch Services Oracle Solaris Systems 11 th January 2011 The following is intended to outline our
More informationSecurity Fundamentals for your Privileged Account Security Deployment
Security Fundamentals for your Privileged Account Security Deployment February 2016 Copyright 1999-2016 CyberArk Software Ltd. All rights reserved. CAVSEC-PASSF-0216 Compromising privileged accounts is
More informationAXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure
AXIAD IDS CLOUD SOLUTION Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure Logical Access Use Cases ONE BADGE FOR CONVERGED PHYSICAL AND IT ACCESS Corporate ID badge for physical
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 13: Operating System Security Department of Computer Science and Engineering University at Buffalo 1 Review Previous topics access control authentication session
More informationKey Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge
Key Threats Internet was just growing Mail was on the verge Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering Key Threats Code Red and Nimda (2001), Blaster (2003), Slammer
More informationArchitecture. Steven M. Bellovin October 31,
Architecture Steven M. Bellovin October 31, 2016 1 Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache
More informationLecture 10. Denial of Service Attacks (cont d) Thursday 24/12/2015
Lecture 10 Denial of Service Attacks (cont d) Thursday 24/12/2015 Agenda DoS Attacks (cont d) TCP DoS attacks DNS DoS attacks DoS via route hijacking DoS at higher layers Mobile Platform Security Models
More informationMobilePASS. Security Features SOFTWARE AUTHENTICATION SOLUTIONS. Contents
MobilePASS SOFTWARE AUTHENTICATION SOLUTIONS Security Features Contents Introduction... 2 Technical Features... 2 Security Features... 3 PIN Protection... 3 Seed Protection... 3 Security Mechanisms per
More informationHIPAA Compliance Assessment Module
Quick Start Guide HIPAA Compliance Assessment Module Instructions to Perform a HIPAA Compliance Assessment Performing a HIPAA Compliance Assessment 2 HIPAA Compliance Assessment Overview 2 What You Will
More informationApplication Container Cloud
APPLICATION CONTAINER CLOUD Application Container Cloud with Java SE and Node The Best Java SE and Node Cloud. Get the choice of either Oracle Java SE Advanced, including Flight Recorder for production
More informationChapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Securing Privileged Accounts with an Integrated IDM Solution Olaf.Stullich@oracle.com Product Manager, Oracle Mike Laramie Oracle Cloud for Industry Architecture Team Buddhika Kottahachchi OPAM Architect
More informationMcAfee Database Security
McAfee Database Security Sagena Security Day 6 September 2012 September 20, 2012 Franz Hüll Senior Security Consultant Agenda Overview database security DB security from McAfee (Sentrigo) VMD McAfee Vulnerability
More informationKeys and Passwords. Steven M. Bellovin October 17,
Keys and Passwords Steven M. Bellovin October 17, 2010 1 Handling Long-Term Keys Where do cryptographic keys come from? How should they be handled? What are the risks? As always, there are tradeoffs Steven
More informationPartner Center: Secure application model
Partner Center: Secure application model The information provided in this document is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including
More informationIT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,
IT Security Training MS-500: Microsoft 365 Security Administration $2,595.00 4 Days Upcoming Dates Course Description Day 1: Managing Microsoft 365 Identity and Access (MS-500T01-A) Help protect against
More informationSpectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment. Orin Jeff Melnick
Spectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment Orin Thomas @orinthomas Jeff Melnick Jeff.Melnick@Netwrix.com In this session Vulnerability types Spectre Meltdown Spectre
More informationWeb Servers and Security
Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache has 49%; IIS has 36% (source: http://news.netcraft.com/archives/2008/09/30/
More informationOracle Secure Backup 12.1 Technical Overview
Oracle Secure Backup 12.1 Technical Overview February 12, 2015 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and
More informationOracle Enterprise Manager Ops Center. Introduction. Provisioning Oracle Solaris 10 Operating Systems 12c Release 2 ( )
Oracle Enterprise Manager Ops Center Provisioning Oracle Solaris 10 Operating Systems 12c Release 2 (12.2.2.0.0) E47810-03 December 2014 This document provides an end-to-end example for how to use Oracle
More informationMapping BeyondTrust Solutions to
TECH BRIEF Taking a Preventive Care Approach to Healthcare IT Security Table of Contents Table of Contents... 2 Taking a Preventive Care Approach to Healthcare IT Security... 3 Improvements to be Made
More informationMarkLogic Server. Common Criteria Evaluated Configuration Guide. MarkLogic 9 May, Copyright 2019 MarkLogic Corporation. All rights reserved.
Common Criteria Evaluated Configuration Guide 1 MarkLogic 9 May, 2017 Last Revised:9.0-3, September, 2017 Copyright 2019 MarkLogic Corporation. All rights reserved. Table of Contents Table of Contents
More informationUnlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.
Unlocking Office 365 without a password How to Secure Access to Your Business Information in the Cloud without needing to remember another password. Introduction It is highly likely that if you have downloaded
More informationECE 471 Embedded Systems Lecture 22
ECE 471 Embedded Systems Lecture 22 Vince Weaver http://www.eece.maine.edu/~vweaver vincent.weaver@maine.edu 31 October 2018 Don t forget HW#7 Announcements 1 Computer Security and why it matters for embedded
More informationDisk Encryption Buyers Guide
Briefing Paper Disk Encryption Buyers Guide Why not all solutions are the same and how to choose the one that s right for you.com CommercialSector Introduction We have written this guide to help you understand
More information18-642: Security Mitigation & Validation
18-642: Security Mitigation & Validation 11/27/2017 Security Migitation & Validation Anti-Patterns for security mitigation & validation Poorly considered password policy Poorly considered privilege management
More informationOracle Enterprise Manager 12c Sybase ASE Database Plug-in
Oracle Enterprise Manager 12c Sybase ASE Database Plug-in May 2015 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only,
More informationOracle Real Application Clusters (RAC) Your way to the Cloud
Oracle Real Application Clusters (RAC) Your way to the Cloud Angelo Pruscino Senior Vice President Oracle RAC Development November 18, 2014 Safe Harbor Statement The following is intended to outline our
More informationIdentity Management In Red Hat Enterprise Linux. Dave Sirrine Solutions Architect
Identity Management In Red Hat Enterprise Linux Dave Sirrine Solutions Architect Agenda Goals of the Presentation 2 Identity Management problem space What Red Hat Identity Management solution is about?
More informationWhat s New in MySQL 5.7 Geir Høydalsvik, Sr. Director, MySQL Engineering. Copyright 2015, Oracle and/or its affiliates. All rights reserved.
What s New in MySQL 5.7 Geir Høydalsvik, Sr. Director, MySQL Engineering Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationOracle Enterprise Manager Ops Center. Introduction. Creating Oracle Solaris 11 Zones Guide 12c Release 1 ( )
Oracle Enterprise Manager Ops Center Creating Oracle Solaris 11 Zones Guide 12c Release 1 (12.1.0.0.0) E27336-01 April 2012 This guide provides an end-to-end example for how to use Oracle Enterprise Manager
More informationSUSE Manager Roadmap OS Lifecycle Management from the Datacenter to the Cloud
SUSE Manager Roadmap OS Lifecycle Management from the Datacenter to the Cloud Joachim Werner Senior Product Manager joe@suse.com Jeff Lindholm Sales Engineer Jlindholm@suse.com SUSE and Linux Workloads
More informationLinux Systems Security. Security Design NETS Fall 2016
Linux Systems Security Security Design NETS1028 - Fall 2016 Designing a Security Approach Physical access Boot control Service availability and control User access Change control Data protection and backup
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationKarthik Bharathy Program Manager, SQL Server Microsoft
Karthik Bharathy Program Manager, SQL Server Microsoft Key Session takeaways Understand the many views of SQL Server Look at hardening SQL Server At the network level At the access level At the data level
More informationMobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationOracle Secure Backup 12.2 What s New. Copyright 2018, Oracle and/or its affiliates. All rights reserved.
Oracle Secure Backup 12.2 What s New Copyright 2018, Oracle and/or its affiliates. All rights reserved. Safe Harbor Statement The following is intended to outline our general product direction. It is intended
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationSoftware Vulnerability Assessment & Secure Storage
Software Vulnerability Assessment & Secure Storage 1 Software Vulnerability Assessment Vulnerability assessment is the process of identifying flaws that reside in an OS, application software or devices
More informationSecurity Architecture
Security Architecture RDX s top priority is to safeguard our customers sensitive information. Introduction RDX understands that our customers have turned over the keys to their sensitive data stores to
More informationBUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology
BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology ebook BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS
More information