control system vulnerabilities > analysis of 5 years of field data
|
|
- Flora Shelton
- 5 years ago
- Views:
Transcription
1 control system vulnerabilities > analysis of 5 years of field data Jonathan Pollet, CISSP, CAP, PCIP Red Tiger Security [on behalf of the DHS CSSP program - contract #240704] 1
2 Jonathan Pollet CISSP, PCIP, CAP 12 Years of Electrical Engineering, SCADA, Industrial Controls, and IT Experience PLC Programming and SCADA System Design and Commissioning Wireless RF and Telecommunications Design and Startup Front-end Web Development for SCADA data Backend Database design for SCADA data Acting CIO for Major Oil Company for 2 years Enterprise IT Management Last 8 Years Focused on SCADA and IT Security Published White Papers on SCADA Security early in 2001 Focused research and standards development for SCADA Security since 2002 Conducted over 120 security assessments on Critical Infrastructure systems Conducted over 75 International conferences and workshops on CIP Developed safe security assessment methodology for live SCADA Systems Co-developed the SCADA Security Advanced 5-day training course 2
3 outline background on the project review of ISA99 architecture model source for data used in the analysis interesting results avg. # of days between vulnerability disclosure and discovery where in the architecture are most vulns being discovered does the type of vulnerabilities change throughout the architecture workstation HMI vulnerabilities ranked by OS network vs. host/application vulns throughout the architecture interesting security findings on control system networks Q & A 3
4 project background Over 38,000 control system vulnerabilities collected over 5 years from mid-2002 to 2008 Over 100 security assessments performed on critical infrastructure facilities such as electric power generation plants, transmission energy control centers, chemical plants, water plants, and oil/gas production, refining, and pipeline systems Vulnerability analysis and classification conducted under research project facilitated by INL and funded through the DHS Control Systems Security Program contract # ISA99 architecture model used to classify where the vulnerabilities were discovered in the systems 4
5 5
6 data source what was collected? From mid-2002 to 2008, vulnerability data was stripped of any client information and the raw vulnerabilities were captured in a database Vulnerability ID (auto-numbered from entry number 1) Vulnerability Title (title for the vulnerability) Security Zone or Location (location based on the ISA99 model where the vulnerability was located) Disclosure Date (date when vulnerability was disclosed) Discovery Date (date when vulnerability was discovered by the team and entered into the database) Days Between Disclosure and Discovery (time between disclosure and detection) Vulnerability Detailed Description Vulnerability Suggested Remediation Steps 6
7 interesting results avg. # of days between vulnerability disclosure and discovery all field data was exported from the database to an excel spreadsheet containing over 38,000 rows, and much of the analysis had to be performed manually since we captured when the vulnerability was disclosed in the public, and also captured when the vulnerability was discovered and entered into the database, we were able to perform a simple diff against these two fields vulnerabilities that were never disclosed in the public were thrown out of this particular exercise since negative or zero entries would throw off the calculations the maximum number of days between when a vulnerability was disclosed in the public and when it was found during an assessment was over 3 years! the average was 331 days, or close to 1 year. this means that on average most SCADA and process control environments contained latent vulnerabilities, probably with compiled exploits, and were not discovered until almost a year later, and would not have been discovered had not the asset owner funded the assessment. 7
8 where are the vulnerabilities being discovered? Vulnerabilities by Location in Architecture 11,8% 0,3% 0,0% 16,9% Level 5 - Internet DMZ zone Level 4 - Enterprise LAN zone Level 3 - Operations DMZ 24,7% Level 2 - Supervisory HMI LAN 46,3% Level 1 - Controller LAN Level 0 - Instrumentations bus network 8
9 does the type of vulnerabilities change throughout the architecture? classified each vulnerability by the system that was impacted and where the vulnerability was found in the architecture The data set emerged a common set of system types at each network zone or segment: Server Applications Web Server Platforms (Apache and IIS) Business Applications Shopping Cart Applications Applications written on PHP platform Applications written on ASP or.net platform Database Servers (MS SQL, mysql, and Oracle) FTP Servers Portal Servers (Blogs, Forums, etc ) Workstation (client) vulnerabilities 9
10 systems impacted at the Internet DMZ zone Internet DMZ Vulnerabilities 0,0% Server Applications 1,2% 11,4% 12,7% Web Server Platforms (Apache and IIS) Business Applications 5,6% Shopping Chart Applications 10,0% 23,3% Applications written on PHP platform Applications written on ASP or.net platform Database Servers (MS SQL, mysql, and Oracle) FTP Servers 25,8% 7,8% Portal Servers (Blogs and Forums) 2,2% Workstation (client) vulnerabilities 10
11 systems impacted at the Enterprise LAN zone Enterprise LAN Vulnerabilities Server Applications 12,5% 9,7% Web Server Platforms (Apache and IIS) Business Applications 1,2% 5,9% Shopping Chart Applications 19,3% Applications written on PHP platform 12,6% Applications written on ASP or.net platform Database Servers (MS SQL, mysql, and Oracle) 5,9% FTP Servers 4,6% 5,0% 23,4% Portal Servers (Blogs and Forums) Workstation (client) vulnerabilities 11
12 systems impacted at the Operations DMZ zone Operations DMZ Vulnerabilities Server Applications 3,3% 6,0% 5,5% Web Server Platforms (Apache and IIS) 3,9% Business Applications Shopping Chart Applications 19,8% 41,4% Applications written on PHP platform Applications written on ASP or.net platform Database Servers (MS SQL, mysql, and Oracle) 2,3% FTP Servers 1,5% 1,1% 15,3% Portal Servers (Blogs and Forums) Workstation (client) vulnerabilities 12
13 workstation HMI vulnerabilities ranked by OS Supervisory HMI LAN Vulnerabilities Microsoft-based Operating System or Applications 1,4% Red Hat Linux Operating System or Applications 2,4% 4,4% 11,5% Tru64 Operating System or Applications HPUX Operating System or Applications 8,3% IBM AIX Operating System or Applications 6,7% 62,2% FreeBSD Operating System or Applications 2,2% 0,9% SCO UNIX Operating System or Applications Sun Solaris Operating System or Applications SuSE Linux Operating System or Applications 13
14 only logged 105 controller LAN vulnerabilities, but QnX showed up as the most typical source Controller LAN Vulnerabilities 15,2% 19,0% Vulnerabilities in Controller LAN due to Phone/Telecom Equip Vulnerabilities in Controller LAN due to QNX 65,7% Misc. Vulnerabilities 14
15 network vs. host/application vulns throughout the architecture 100% 90% 80% Network versus Host/Application Vulnerabilities by Location in Architecture 70% 64,0% 60% 50% 95,1% 96,7% 90,7% Host/Application 40% 30% 20% 35,4% Network 10% 0% 3,4% 3,3% Level 5 - Internet DMZ zone Level 4 - Enterprise LAN zone 9,3% Level 3 - Operations DMZ Level 2 - Supervisory HMI LAN 15
16 interesting security findings on control system networks VOIP (Voice over IP) Systems Software license cracking executables (CD-key generators) Network Video Recording Devices Torrent client software on Supervisor HMI LAN Network Surveillance Equipment and Software Adult Video Directory Scripts Paging Software Server (i.e. Air Messenger Server connected to both the SCADA and Internet for SMTP relay out) Online Dating Service Databases America Online Clients Advanced Forensics Format (AFF) archives Gaming Software Servers MP3 Music and Video Playing Software including itunes agsm - a freeware game server info monitoring utility Alien Arena 2006 Gold Edition Streaming Music and Radio software with vulnerabilities Counter Strike Brood Wars BitTorrent Clients (for peer-to-peer file sharing) Battlefield 1942 Server and Clients Quake 2 and Quake 3 Game Servers found in Supervisor HMI LAN MSN and other IM chat clients Soldier of Fortune II Anonymous FTP Servers running waiting for connections 16
17 but wait theres more Apache Web Servers and Linux hosts un-patched for over 2 years APC Battery Backup UPS systems with vulnerable Web Interface Several web blog site engines running in control system DMZ Office grade Linksys, Belkin, and D-Link WiFi devices on Supervisory HMI LAN IM clients found installed and contained vulnerabilities on Supervisory HMI LAN Windows 95 found installed on hosts in Supervisory HMI LAN (no longer supported by MS) Windows NT found installed on hosts in Supervisory HMI LAN (no longer supported by MS) Windows Vista found used as OS for operator consoles in Supervisory HMI LAN IRC Chat Servers found installed on hosts in the Operational DMZ LAN Nintendo Entertainment System (NES) Game Simulator Netscape Browser vulnerabilities detected in Supervisor HMI LAN Multi-function Printer/Fax/Scanner device vulnerabilities 17
18 summary / take away points 331 = the average time in days between when a vulnerability was disclosed in the public versus when it was discovered in an industrial control systems assessment the intermediate Operations DMZ network that sites between the Enterprise network and the industrial control systems had the most vulnerabilities attributed to its zone web server and back-end database vulnerability findings comprised the largest number of vulnerabilities found in these Operations DMZ network we need more web app testing! network devices are better managed in the Internet DMZ and Enterprise LAN networks where the IT or IS department has clear ownership of managing the network devices number of client workstation vulnerabilities also increased deeper into the real-time operations networks, thus proving we still have a patch problem in our industry vulnerabilities with Windows operating systems or Windows applications also accounted for the overwhelming majority of vulnerabilities for systems in the Supervisory HMI LAN Vulnerabilities and Exploits will continue to be found at a rapid pace for SCADA HMI Applications built for Windows, Web-Enabled SCADA Browser Applications, and Embedded PLC devices 18
19 q & a contact info jonathan pollet principal consultant jpollet@redtigersecurity.com office: mobile:
CoreMax Consulting s Cyber Security Roadmap
CoreMax Consulting s Cyber Security Roadmap What is a Cyber Security Roadmap? The CoreMax consulting cyber security unit has created a simple process to access the unique needs of each client and allows
More informationNetwork Architectural Design for Cybersecurity in a Virtual World
Network Architectural Design for Cybersecurity in a Virtual World Standards Certification Education & Training Publishing Conferences & Exhibits Kenneth Frische aesolutions 2016 ISA Water / Wastewater
More informationElectricity for Free? The Dirty Underbelly of SCADA and Smart Meters
sorry Electricity for Free? The Dirty Underbelly of SCADA and Smart Meters Jonathan Pollet, CISSP, CAP, PCIP July 2010 Table of Contents Introduction...3! Power Generation, Transmission, and Distribution...4!
More informationOracle Business Intelligence Publisher. 1 Oracle Business Intelligence Publisher Certification. Certification Information 10g Release 3 (
Oracle Business Intelligence Publisher Certification Information 10g Release 3 (10.1.3.4.1) E12692-06 July 2009 This document outlines the certified hardware and software configurations for Oracle Business
More informationTestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified
TestOut Network Pro - English 4.1.x COURSE OUTLINE Modified 2017-07-06 TestOut Network Pro Outline - English 4.1.x Videos: 141 (18:42:14) Demonstrations: 81 (10:38:59) Simulations: 92 Fact Sheets: 145
More informationFirewalls (IDS and IPS) MIS 5214 Week 6
Firewalls (IDS and IPS) MIS 5214 Week 6 Agenda Defense in Depth Evolution of IT risk in automated control systems Security Domains Where to put firewalls in an N-Tier Architecture? In-class exercise Part
More informationAn Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)
An Operational Cyber Security Perspective on Emerging Challenges Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL) Johns Hopkins University Applied Physics Lab (JHU/APL) University
More information@sec the information security provider
Security Monitor Automated Security Management - Possibilities and Limitations Chris Wahl; atsec information security GmbH 1 for Gesellschaft für Informatik e.v., Fachgruppe SECMGT Workshop: Managed Security
More informationVeritas Provisioning Manager
Veritas Provisioning Manager Automated server provisioning, part of the Veritas Server Foundation suite, automates server provisioning and management from physical bare metal discovery and OS installation
More informationValidate Pre-Deployment and Live Networks and Applications
IxChariot 8 Validate Pre-Deployment and Live Networks and Applications Key Features New HTML5-based web interface zero client installation; browser-based IxChariot 8 is a new version of the industry's
More informationThe Center for Internet Security
The Center for Internet Security Measurably reducing risk through collaboration, consensus, & practical security management Content of this Presentation: I. Background II. Univ. of CA Schools Rights and
More informationIntroduction to ICS Security
Introduction to ICS Security Design. Build. Protect. Presented by Jack D. Oden, June 1, 2018 ISSA Mid-Atlantic Information Security Conference, Rockville, MD Copyright 2018 Parsons Federal 2018 Critical
More informationADMINISTERING SYSTEM CENTER 2012 CONFIGURATION MANAGER
CENTER OF KNOWLEDGE, PATH TO SUCCESS Website: ADMINISTERING SYSTEM CENTER 2012 CONFIGURATION MANAGER Course 10747D; Duration: 5 Days; Instructor-led WHAT YOU WILL LEARN This course describes how to configure
More informationTeamDefend. Organizational and Inter-Organizational Cyber Defense Training
TeamDefend Organizational and Inter-Organizational Cyber Defense Training S C I E N C E AP P L I C AT I O N S I N T E R N AT I O N AL C O R P O R AT I O N Agenda Background on Cyber Exercises Introduction
More informationAn Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist
An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist Standards Certification Education & Training Publishing Conferences & Exhibits Speakers: Bryan L. Singer, CISM, CISSP, CAP
More informationIE102: SCADA Programming, Maintenance & Troubleshooting
IE102: SCADA Programming, Maintenance & Troubleshooting IE102 Rev.001 CMCT COURSE OUTLINE Page 1 of 5 Training Description: This course is designed to provide a thorough understanding of the fundamental
More informationPerceptive DataTransfer
Perceptive DataTransfer System Overview Guide Version: 6.5.x Written by: Product Knowledge, R&D Date: May 2017 2017 Lexmark. All rights reserved. Lexmark is a trademark of Lexmark International, Inc.,
More informationIE156: ICS410: ICS/SCADA Security Essentials
IE156: ICS410: ICS/SCADA Security Essentials IE156 Rev.001 CMCT COURSE OUTLINE Page 1 of 6 Training Description: In this five-day intensive training, participants will develop and reinforce a common language
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationTraining Venue and Dates September, 2019 $4,000 Dubai, UAE PLC & SCADA Systems Trainings will be conducted in any of the 5 star hotels.
Training Title PLC & SCADA SYSTEMS Training Duration 5 days Training Venue and Dates 5 15-19 September, 2019 $4,000 Dubai, UAE PLC & SCADA Systems Trainings will be conducted in any of the 5 star hotels.
More informationTestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified
TestOut Network Pro - English 5.0.x COURSE OUTLINE Modified 2018-03-06 TestOut Network Pro Outline - English 5.0.x Videos: 130 (17:10:31) Demonstrations: 78 (8:46:15) Simulations: 88 Fact Sheets: 136 Exams:
More informationSysAid Technical Presentation. Phone (Toll-Free US): Phone: +972 (3)
SysAid Technical Presentation www.sysaid.com sales@sysaid.com Phone (Toll-Free US): 1-800-686-7047 Phone: +972 (3) 533-3675 SysAid Overview A Global ITSM Solution Provider Technology Built for You Customer-Driven
More informationP a g e 1. Teknologisk Institut. Online kursus k SysAdmin & DevOps Collection
P a g e 1 Online kursus k72751 SysAdmin & DevOps Collection P a g e 2 Title Estimated Duration (hrs) Ruby on Rails - Fundamentals 1,5 Ruby on Rails - Database Fundamentals 1,22 Python: The Basics 3,5 Python:
More informationAdministering System Center 2012 Configuration Manager
Administering System Center 2012 Configuration Manager Duration: 5 Days Course Code:10747D About this Course This course describes how to configure and manage a System Center 2012 R Configuration Manager
More informationCustomer Training Catalog Course Descriptions CN OSS
Customer Training Catalog Course Descriptions Customer Training Catalog Course Descriptions CN OSS HUAWEI Learning Service 2014 COMMERCIAL IN CONFIDENCE 1 CONTENTS Customer Training Catalog Course Descriptions
More informationChanging face of endpoint security
Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L
More informationBEA WebLogic Mobility Server Installation Guide
BEA WebLogic Mobility Server Installation Guide Version 3.4 March 2006 Copyright Copyright 1995-2005 BEA Systems, Inc. All Rights Reserved. Restricted Rights Legend This software is protected by copyright,
More informationIndustrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets
Industrial Cyber Security ICS SHIELD Top-down security for multi-vendor OT assets OT SECURITY NEED Industrial organizations are increasingly integrating their OT and IT infrastructures. The huge benefits
More informationOracle Enterprise Manager. 1 Introduction. System Monitoring Plug-in for Oracle Enterprise Manager Ops Center Guide 11g Release 1 (
Oracle Enterprise Manager System Monitoring Plug-in for Oracle Enterprise Manager Ops Center Guide 11g Release 1 (11.1.3.0.0) E18950-03 November 2011 This document provides describes the System Monitoring
More informationeroom 7.x: Supported Configuration Matrix last updated: 9 August 2005
eroom 7.x: Supported Configuration Matrix last updated: 9 August 2005 Software / Hardware Version(s) eroom Version(s) Level of Support Comments Browsers: Microsoft Internet Explorer - Windows 5.01, 5.5,
More informationManaging Your Enterprise from Microsoft Windows
Managing Your Enterprise from Microsoft Windows Jon Haworth Senior Consultant Solution Services HP OpenView jonathon_haworth@hp.com Tel: +44 1344 365439 Agenda! Overview of ManageX and OVO/W. Architecture
More informationPrincess Nourah bint Abdulrahman University. Computer Sciences Department
Princess Nourah bint Abdulrahman University Computer Sciences Department 1 And use http://www.w3schools.com/ PHP Part 1 Objectives Introduction to PHP Computer Sciences Department 4 Introduction HTML CSS
More informationCyber Security Bryan Owen PE Principal Cyber Security Manager October 11, 2016
Cyber Security Bryan Owen PE Principal Cyber Security Manager October 11, 2016 Agenda Overview What s new in PI Security Demo What s coming next Call to Action 2 Cyber Security is more of a Marathon than
More informationHRSD Position Description: UNIX Systems Administrator
HRSD Position Description: UNIX Systems Administrator Section I. Section II. Section III. Position Reference Information a. Department Finance and Administration b. Division Information Technology c. Position
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationRIPE RIPE-17. Table of Contents. The Langner Group. Washington Hamburg Munich
RIPE RIPE-17 Table of Contents The Langner Group Washington Hamburg Munich RIPE Operations Technology Management Plan (MP-17) 0.1 Purpose... 4 0.2 Process Overview... 4 0.3 Implementation Scope... 5 0.4
More informationREF IC012 PLC & SCADA Systems Feb $4,250 Abu Dhabi, UAE
Training Title PLC & SCADA SYSTEMS Training Duration 5 days Training Venue and Dates REF IC012 PLC & SCADA Systems 5 05 09 Feb $4,250 Abu Dhabi, UAE Training Fees 4,250 US$ per participant for Public Training
More informationTraining Fees 4,250 US$ per participant for Public Training includes Materials/Handouts, tea/coffee breaks, refreshments & Buffet Lunch
Training Title PLC & SCADA SYSTEMS Training Duration 5 days Training Venue and Dates REF IC012 PLC & SCADA Systems 5 04-08 Feb $4,250 Abu Dhabi, UAE Training Fees 4,250 US$ per participant for Public Training
More informationHyperion System 9 BI+ Analytic Services
Hyperion System 9 BI+ Analytic The Hyperion System 9 BI+ Analytic release 9.3 Support Matrix includes support information for the following areas: Operating Systems o Server o Client Web / Application
More informationDell helps you simplify IT
Dell helps you simplify IT Workshops the first step. Reduce desktop and data center complexity. Improve productivity. Innovate. Dell IT Consulting Services New Edition 2011 Introduction Are you spending
More informationAQU Information Systems Fundamentals Spring 2012 Pg. 9.1
AQU Information Systems Fundamentals Spring 2012 Pg. 9.1 c h a p t e r 9 THE INTERNET & THE NEW INFORMATION TECHNOLOGY INFRASTRUCTURE 9.1 LEARNING OBJECTIVES Describe features of infrastructure & connectivity
More informationManaging Patches Using SanerNow. 4.0 User Guide
Managing Patches Using SanerNow 4.0 User Guide Contents PATCH MANAGEMENT... 3 Missing Patches... 3 To install missing patches a single time... 3 To install missing patches using an automated task... 4
More informationUCOS User-Configurable Open System
UCOS User-Configurable Open System User-Configurable Open System (UCOS) UCOS is a complete control system solution. It includes graphical development software, a graphical human machine interface (HMI),
More informationVulnerability Disclosure
Vulnerability Disclosure Rita Wells National SCADA Test Bed DoE-OE September 09, 2008 Department of Energy-Office of Electricity Delivery and Energy Reliability: National SCADA Test Bed Program Mission
More informationInside WebSphere Application Server
Inside WebSphere Application Server The anatomy of WebSphere Application Server is quite detailed so, for now, let's briefly outline some of the more important parts. The following diagram shows the basic
More informationHyperion System 9 Strategic Finance release
Hyperion System 9 Strategic Finance release 9.2.0.3 The Hyperion System 9 Strategic Finance release 9.2.0.3.0 Matrix includes support information for the following areas: Operating Systems o Server o Client
More informationBelarc Product Description
Belarc Product Description BelManage Base Belarc's architecture is based on a single enterprise-wide server and database. There is no requirement to maintain local servers or scanners. Belarc's discovery
More informationADVANCED SCADA CONTROL SYSTEMS
Training Title ADVANCED SCADA CONTROL SYSTEMS Training Duration 5 days Training Venue and Dates Advanced SCADA Control System 5 08 12 Sep $3,750 Abu Dhabi, UAE In any of the 5 star hotel. The exact venue
More informationCourse 10747D: Administering System Center 2012 Configuration Manager Exam Code:
Course 10747D: Administering System Center 2012 Configuration Manager Exam Code: 70-243 Course Outline Module 1: Overview of System Center 2012 R2 Configuration Manager In this module, you will learn about
More informationIBM Maximo Anywhere Version 7 Release 6. Planning, installation, and deployment IBM
IBM Maximo Anywhere Version 7 Release 6 Planning, installation, and deployment IBM Note Before using this information and the product it supports, read the information in Notices on page 65. This edition
More informationSNOW LICENSE MANAGER (7.X)... 3
SYSTEM REQUIREMENTS Products Snow License Manager Snow Inventory Server, IDR, IDP Client for Windows Client for Linux Client for Unix Client for OS X Oracle Scanner Snow Integration Manager Snow Distribution
More informationIndustrial Security - Protecting productivity. Industrial Security in Pharmaanlagen
- Protecting productivity Industrial Security in Pharmaanlagen siemens.com/industrialsecurity Security Trends Globally we are seeing more network connections than ever before Trends Impacting Security
More informationExtended Search Administration
IBM Lotus Extended Search Extended Search Administration Version 4 Release 0.1 SC27-1404-02 IBM Lotus Extended Search Extended Search Administration Version 4 Release 0.1 SC27-1404-02 Note! Before using
More informationForeScout CounterACT. Plugin. Configuration Guide. Version 2.1
ForeScout CounterACT Core Extensions Module: DHCP Classifier Plugin Version 2.1 Table of Contents About the DHCP Classifier Plugin... 3 What to Do... 3 Requirements... 3 Verify That the Plugin Is Running...
More informationPerceptive DataTransfer
Perceptive DataTransfer System Overview Version: 6.2.x Written by: Product Documentation, R&D Date: January 2013 2013 Perceptive Software. All rights reserved CaptureNow, ImageNow, Interact, and WebNow
More informationOracle WebCenter WSRP Consumer
Oracle WebCenter WSRP Consumer Installation Guide Release 10g Release 3 (10.3) October 2008 Installation Guide for Oracle WebCenter WSRP Consumer, Release 10g Release 3 (10.3) Copyright 2007, 2008, Oracle
More informationNetwork Applications and Protocols
Network Applications and Protocols VoIP (Voice over Internet Protocol) Voice over IP (VoIP) is a methodology and group of technologies for the delivery of voice communications and multimedia sessions over
More informationSNOW LICENSE MANAGER (7.X)... 3
SYSTEM REQUIREMENTS Products Snow License Manager Snow Inventory Server, IDR, IDP Client for Windows Client for Linux Client for Unix Client for OS X Oracle Scanner External Data Provider Snow Distribution
More informationServer Monitoring. AppDynamics Pro Documentation. Version 4.1.x. Page 1
Server Monitoring AppDynamics Pro Documentation Version 4.1.x Page 1 Server Monitoring......................................................... 4 Standalone Machine Agent Requirements and Supported Environments............
More informationMicrosoft Office User Manual 2007 Pack 2 Process
Microsoft Office User Manual 2007 Pack 2 Process The Microsoft Office Configuration Analyzer Tool (OffCAT) 2.0 provides a quick Service Pack 3 provides the latest updates to the 2007 Microsoft Office Suite.
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationRequirements for ALEPH 500 Installation
PROJECT DOCUMENTATION Requirements for ALEPH 500 Installation Ltd., 2002, 2003 Last Update: July 31, 2003 Table of Contents 1. SERVER HARDWARE AND SOFTWARE REQUIREMENTS... 3 1.1 Server...3 1.2 Filesystem
More informationVeritas NetBackup 6.5 Clients and Agents
Veritas NetBackup 6.5 Clients and Agents The Veritas NetBackup Platform Next-Generation Data Protection Overview Veritas NetBackup provides a simple yet comprehensive selection of innovative clients and
More informationDescriptions for CIS Classes (Fall 2017)
Descriptions for CIS Classes (Fall 2017) Major Core Courses 1. CIS 1015. INTRODUCTION TO COMPUTER INFORMATION SYSTEMS. (3-3-0). This course provides students an introductory overview to basic computer
More informationSecretary of State Information Management Strategy
Information Management Strategy Prepared For:STATE OF CALIFORNIA SECRETARY OF STATE 1500 11TH STREET SACRAMENTO, CA 95814 VERSION 1.5 REVISION DATE: JULY 6, 2012 Table of Contents 1 General Information...3
More informationJBOSS OPERATIONS NETWORK FAQ Answers to frequently asked questions
Answers to frequently asked questions General Product Q: What is JBoss Operations Network? A: JBoss Operations Network is a middleware and application management solution that provides a single point of
More informationHyperion System 9 Financial Management release
Hyperion System 9 Financial Management release 9.2.0.3 The Hyperion System 9 Financial Management release 9.2.0.3 Matrix includes support information for the following areas: Operating Systems o Server
More informationBigFix 2018 Roadmap. Aram Eblighatian. Product Manager IBM BigFix. 14 May, 2018
BigFix 2018 Roadmap Aram Eblighatian Product Manager IBM BigFix 14 May, 2018 What's New in BigFix? BigFix Platform BigFix Platform v9.5.7 Released Oct. 2017 Gathering Performance improvements (WebUI and
More information01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments
More informationMicrosoft Windows Apple Mac OS X
Products Snow License Manager Snow Inventory Server, IDR, IDP Client for Windows Client for Linux Client for Unix Client for OS X Oracle Scanner External Data Provider Snow Distribution Date 2014-09-09
More informationSystem Architecture Overview. Version 1.1.1
System Architecture Overview Version 1.1.1 The information in this document is subject to modification without any previous notice. Data used in the examples are fictitious. It is prohibited to reproduce
More informationMicrosoft SDL 한국마이크로소프트보안프로그램매니저김홍석부장. Security Development Lifecycle and Building Secure Applications
Release Conception Microsoft SDL Security Development Lifecycle and Building Secure Applications KRnet 2010 2010. 6. 22. 한국마이크로소프트보안프로그램매니저김홍석부장 Hongseok.Kim@microsoft.com Agenda Applications under Attack
More informationTABLE OF CONTENTS 1. INTRODUCTION DEFINITIONS Error! Bookmark not defined REASON FOR ISSUE 2 3. RELATED DOCUMENTS 2 4.
TABLE OF CONTENTS 1. INTRODUCTION 1 1.1 DEFINITIONS Error! Bookmark not defined. - 2 2. REASON FOR ISSUE 2 3. RELATED DOCUMENTS 2 4. OVERVIEW 2-3 5. HARDWARE ARCHITECTURE 3 6. SUPPORTED CONFIGURATIONS
More informationDeploying ISA100 Wireless Distributed Networks. YC Cheng NEXCOM 2016/09/27
Deploying ISA100 Wireless Distributed Networks YC Cheng NEXCOM 2016/09/27 Go Industrial Wireless for IIOT Industrial IoT Industrial Wireless Sensor Network Industrial Wi-Fi Backbone Industrial Network
More informationANZSCO Descriptions The following list contains example descriptions of ICT units and employment duties for each nominated occupation ANZSCO code. And
ANZSCO Descriptions The following list contains example descriptions of ICT units and employment duties for each nominated occupation ANZSCO code. Content 261311 - Analyst Programmer... 2 135111 - Chief
More informationJulia Levedag, Vera Gutbrod RIG and Product Management SAP AG
Setting Up Portal Roles in SAP Enterprise Portal 6.0 Julia Levedag, Vera Gutbrod RIG and Product Management SAP AG Learning Objectives As a result of this workshop, you will be able to: Understand the
More informationIntroductory Visualizing Technology
Introductory Visualizing Technology Seventh Edition Chapter 5 System Software Learning Objectives 5.1 Explain What an Operating System Does 5.2 Compare Desktop Operating Systems 5.3 Configure a Desktop
More informationLANDesk for ThinkVantage Technologies ecosystem now expanded to include enhanced offerings
Lenovo United States Announcement 107-556, dated September 18, 2007 LANDesk for ThinkVantage Technologies ecosystem now expanded to include enhanced offerings Description...2 Prices...7 At a glance New
More informationVideo Architectures Eyes on the Future: The Benefits of Wireless Technology for Fixed Video Surveillance
S O L U T I O N PA P E R Video Architectures Eyes on the Future: The Benefits of Wireless Technology for Fixed Video Surveillance Table of Contents Fixed Video Surveillance: The Big Three... 3 Wireless
More informationFILE / ORACLE 11I MANUAL EBOOK
21 January, 2018 FILE / ORACLE 11I MANUAL EBOOK Document Filetype: PDF 518.24 KB 0 FILE / ORACLE 11I MANUAL EBOOK Apache Overview 11i and R12. What is your Oracle Apps 11i Webserver Version and how to
More informationYou Can t Manage What You Don t Monitor SEL Integrated Systems and Information Management
You Can t Manage What You Don t Monitor SEL Integrated Systems and Information Management Copyright SEL 2004 Integrated Systems Efficiently, Securely Replace Dedicated SCADA, Metering and Equipment Monitoring
More informationExhibit 4.1: Pricing and Volumes Matrix VA UC
VA180815UC Exhibit 4.1 Pricing and Volumes Matrix VA180815UC COMMONWEALTH OF VIRGINIA VIRGINIA INFORMATION TECHNOLOGIES AGENCY (VITA) SUPPLY CHAIN MANAGEMENT DIVISION 11751 MEADOWVILLE LANE CHESTER, VIRGINIA
More informationWebsphere Force Uninstall Application Server 7 Linux Installation
Websphere Force Uninstall Application Server 7 Linux Installation You also use Installation Manager to easily uninstall the packages that it installed. Linux Intel, os=linux,arch=x86, Linux Intel 32 bit
More informationCybersecurity Overview
Cybersecurity Overview DLA Energy Worldwide Energy Conference April 12, 2017 1 Enterprise Risk Management Risk Based: o Use of a risk-based approach for cyber threats with a focus on critical systems where
More informationEnsuring Your Plant is Secure Tim Johnson, Cyber Security Consultant
Ensuring Your Plant is Secure Tim Johnson, Cyber Security Consultant 1 The Foxboro Evo TM Process Automation System Addressing the needs across your operation today and tomorrow. 2 Industrial Control Systems
More informationTable of Contents Release Notes 2013/03/25. Introduction in OS Deployment Manager. in Security Manager System Requirements
Release Notes Release Notes 2013/03/25 Table of Contents Introduction... 3 Deployment Manager... 3 New Features in Deployment Manager... 3 Security Manager... 6 New Features in Security Manager... 6 OS
More informationTrustwave Managed Security Testing
Trustwave Managed Security Testing SOLUTION OVERVIEW Trustwave Managed Security Testing (MST) gives you visibility and insight into vulnerabilities and security weaknesses that need to be addressed to
More informationSelected Sections of Applied Informatics
Selected Sections of Applied Informatics M.Sc. Marcin Koniak koniakm@wt.pw.edu.pl http://www2.wt.pw.edu.pl/~a.czerepicki Based on lecture: Dr inż. Andrzej Czerepicki a.czerepicki@wt.pw.edu.pl 2018 Lecture
More informationPLC Training - Intermediate
PLC Training - Intermediate Contact us Today for a FREE quotation to deliver this course at your company?s location. https://www.electricityforum.com/onsite-training-rfq This Intermediate PLC Training
More informationInternet Scanner 7.0 Service Pack 2 Frequently Asked Questions
Frequently Asked Questions Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions April 2005 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Internet Security Systems (ISS)
More informationIBM Tivoli Application Dependency Discovery Manager Version Sensors and supported target systems
IBM Tivoli Application Dependency Discovery Manager Version 7.2.1 Sensors and supported target systems IBM Tivoli Application Dependency Discovery Manager Version 7.2.1 Sensors and supported target systems
More informationProduct Name DCS v MozyPro v2.0 Summary Multi-platform server-client online (Internet / LAN) backup software with web management console
Summary Multi-platform server-client online (Internet / LAN) backup software with web management console Windows and MAC platform server client backup software Supported Platforms 32 / 64 bit OS Supported
More informationSiebel 7 Integration With Primus eserver Version 5.1
Siebel Systems, Inc. Siebel 7 Integration With Primus eserver Version 5.1 Technical Integration Brief Integration Overview... 1 Business Case... 1 Integration Architecture... 2 Validation Summary... 3
More informationIBM EXAM QUESTIONS & ANSWERS
IBM 000-105 EXAM QUESTIONS & ANSWERS Number: 000-105 Passing Score: 650 Time Limit: 60 min File Version: 65.5 http://www.gratisexam.com/ IBM 000-105 EXAM QUESTIONS & ANSWERS Exam Name: Power Systems with
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More information10747D: ADMINISTERING SYSTEM CENTER 2012 CONFIGURATION MANAGER
10747D: ADMINISTERING SYSTEM CENTER 2012 CONFIGURATION MANAGER DURATION 5 days INTRODUCTION This course describes how to configure and manage a System Center 2012 R2 Configuration Manager site and its
More informationDelivers cost savings, high definition display, and supercharged sharing
TM OpenText TM Exceed TurboX Delivers cost savings, high definition display, and supercharged sharing OpenText Exceed TurboX is an advanced solution for desktop virtualization and remote access to enterprise
More informationAerospace Integrated Data Exchange Architecture (IDEA)
Aerospace Integrated Data Exchange Architecture (IDEA) Jeff Lang (310) 336-5935 jeffrey.a.lang@aero.org The Aerospace Corporation 2008 IDEA Features IDEA has been used by The Aerospace Corporation s Concept
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More information