Improving IoT Security: the role of the manufacturer. Eliot Lear
|
|
- Jason Patrick
- 6 years ago
- Views:
Transcription
1 Improving IoT Security: the role of the manufacturer Eliot Lear
2 Introduction
3 A View Through a Light Bulb Connected Spaces is a big deal Automated and efficient lighting Room assignment and scheduling Changing of conditions for different customer profiles
4 A non-networked light bulb On/Off Dim (Power) Color (R,G,B,W) %
5 A networked lightbulb On/Off Dim (Power) Color (R,G,B,W) % Identity Crypto $ Data model Discovery S/W management Network Enterprise + Internet
6 Introducing Raul Rohas Entire house Internetenabled A single lightbulb took down his IoT house. It was an SNMP bug. From Fusion.net (3 March 2015)
7 What do manufacturers wish to avoid
8
9 General Threats To Defend Against Attacker causes device to not perform its function or to malfunction Attacker uses device to attack other systems By AMIR MARINE (Wikimedia) - Own work, CC BY-SA 3.0,
10 The Network Administrator s Problem: Number of Types of Things $ $
11 Cost of configuration Static environments Dynamic systems +
12 What access should a device have?
13 A common design pattern: the cloud Clouds offer- A rendezvous point Substantial processing power Cloud capabilities will continue to expand.
14 Understanding the attack surface Mobile phone Controllers Internet
15 Understanding the attack surface Mobile phone Controllers Internet Manufacturer Usage Descriptions
16 Assumptions and Assertions Assumptions A Thing has a single use or a small number of uses. Things are tightly constrained. Very VERY dumb. Resource constraints are tight. Even those Things that can protect themselves today may not be able to do so tomorrow Network administrators are the ultimate arbiters of how their networks will be used Assertions Because a Thing has a single or a small number of intended uses, it all other uses must be unintended Any intended use can be clearly identified by the manufacturer All other uses can be warned against in a statement by the manufacturer Manufacturers are in a generally good position to make the distinction
17 Translating intent into config Any intended use can be clearly identified by the manufacturer All other uses can be warned against in a statement by the manufacturer access-list 10 permit host controller.mfg.example.com access-list 10 deny any any
18 Expressing Manufacturer Usage Descriptions Device emits a URI using DHCP, LLDP, or through 802.1ar Router or firewall queries connected.example.com for policy associated with that URI Internet Device Access Switch MUD Controller MUD File Server
19 How to locate the policy? A URL Manufacturer Model
20 The MUD File { "ietf-acl:access-lists": { "ietf-acl:access-list": [ { "acl-name": "mud v4in", "acl-type": "ipv4-acl", "ietf-mud:packet-direction": "to-device", "access-list-entries": { "ace": [ { "rule-name": "clout0-in", "matches" : { "ietf-mud:direction-initiated" : "from-device" }, "actions": { "permit": [ null ] } }, { "rule-name": "entin0-in", "matches": { "ietf-mud:controller": " "ietf-mud:direction-initiated" : "to-device" }, "actions": { "permit": [ null ] } } ] } }, { "acl-name": "mud v4out", "acl-type": "ipv4-acl", "ietf-mud:packet-direction": "from-device",.
21 Expressing Manufacturer Usage Descriptions More precise config is instantiated Site returns abstracted XML (based on YANG) to device or firewall Internet Device Access Switch MUD Controller Allow access to just controller.connected.example.com MUD File Server
22 Benefits Customer Reduces target surface of exploding number of devices No additional CAPEX Helps to reduce OPEX through efficiency gains Standards-based approach uses existing equipment Manufacturer Reduces product risk at almost no cost Will increase customer satisfaction and reduce support costs Avoids the front page Standards-based approach Reduces risk of government technology mandates
23 What does it mean to be connected?? Open Innovation Open Access Limited Access Only published uses to authorized devices
24 In search of that happy middle: MUD Classes (same) manufacturer controller
25 Summary: Manufacturer Usage Descriptions A URI Use of {dhcp, EAP-TLS, lldp} to get it out Retrieval of a MUD file from a server Instantiation of class information onto the router
26 What is this Thing on my network?
27 802.1AR with EAP-TLS: a scalable approach, but Luminaire EAP-TLS makes use of certificates to identify new elements Intranet Assertion about device is initially from manufacturer, and then from administrator. NOT from the device! Requires a common trust anchor Thermostat Constrained devices lack capacity for common trust anchors Registrar
28 ANIMA Flow: Actors Cloud Service New Entity Proxy Domain Vendor Service Enrolled in the domain Logical entity or physical after 1 st hop Handles fragmentation issues Factory Default for all settings/configuration The domain Registration Authority, Certificate Authority, Authorization Database etc
29 Problems to solve New Entity Connectivity & Discovery Proxy handles fragmentation Authentication Authentication Domain Authorization Vendor Service Data Storage Authz model Imprint Enroll
30 Discovery, Connectivity New Entity Proxy Domain Vendor Service Connectivity & Discovery New entity boots in CLEAN STATE RFC3927 IPv4 Link-Local Address RFC4862 IPv6 Stateless Address Autoconfiguraion < design for this RFC6763/RFC6762 mdns query (or ietf-anima-grasp-02 GRASP query) using unsolicited broadcasts.
31 New Entity Authentication New Entity Proxy Domain Vendor Service Connectivity & Discovery Authentication (d)tls established. This is to-be RFC7030 EST with a bootstrapping extension. The New Entity authenticates with IEEE 802.1AR credentials The Domain authenticates with current Domain credentials which the new entity *PROVISIONALLY* accepts. This is to support (d)tls model and is EST compatible.
32 Authorization by the Domain New Entity Proxy Domain Vendor Service Connectivity & Discovery Authentication Authorization <Verify 802.1AR credential against white list?> Extract MASA server information from 802.1AR credential extensions (via MUD extensions) else the registrar needs to be configured appropriately
33 Logging or Decision by the Vendor New Entity Proxy Domain Vendor Service Connectivity & Discovery Authentication Authorization Logging Authz model OPTIONAL: MASA *or* NETCONF ownership voucher flow NOTE: Can occur in advance!! MASA: Manufacturer Authorized Signing Authority A certified log mechanism: Append Only, Cryptographically Assured, Publically Auditable - CT All decisions made within the Domain. The MASA only facilitates logging. EST extensions NETCONF: Vendor service knows which Domain owns which device
34 Transmit back to device New Entity Proxy Domain Vendor Service Connectivity & Discovery Authentication Authentication Authorization Logging Authz model Provisional authentication now replaced with vendor authorized message (Verify then forward the Vendor Service response)
35 Imprint New Entity Proxy Domain Vendor Service Connectivity & Discovery Authentication Authentication Authorization Logging Authz model Imprint Device verifies Logging proof or signed Vendor authorization. At this point the Device has key material of the Domain
36 Device Enrolls: Joins domain New Entity Proxy Domain Vendor Service Connectivity & Discovery Authentication Authentication Authorization Logging Authz model Imprint Enroll
37 What you get and don t with all of that What you get Device gets a trust root and a certificate for the local deployment Local deployment now has authenticated the device Device can connect to network using certificate What you don t get Automated selection of network (working on that) Automated profiling of the device (MUD) Application-specific authorization model (but you have an identity anchor to build such a thing)
38 Parting Thoughts
39 We need something broader than BCP 38 Who Needs to do what? What do Thing manufacturers need to do? What do home routers and firewalls need to do? What do service providers need to do? What do consumers need to do? What do governments need to do?
40 So what should manufacturers do? 1. Recognize that they have to do some stuff 2. Make use of good coding practices (like turning off unused services) 3. Establish an incident response capability 4. Establish appropriate software management processes 5. Identify device and its profile to the network (Nearly) all of this has been done by others!
41 Future work: the heavy lifting WPA Personal in the home is suboptimal (shared keys) By Cwawebber - Own work, CC BY 3.0
42 More information draft-ietf-opsawg-mud-01 draft-ietf-anima-bootstrap-keyinfra-04 draft-lear-network-helps-01
43
Improving IoT Security: the role of the manufacturer. Eliot Lear
Improving IoT Security: the role of the manufacturer Eliot Lear Introduction The latest IoT Growth Chart IoT Units Installed Base Grand Total 25b+ 3.8b 4.9b 6.4b 2014 2015 2016 2017 2018 2019 2020 Source:
More informationSECURE HOME GATEWAY PROJECT
SECURE HOME GATEWAY PROJECT - PROTOTYPE DEVELOPMENT IoT SECURITY FOCUSED IDEA & VISION CHALLENGES Lead by: Jacques Latour, CTO, CIRA Labs Canadian Internet Registration Authority Jacques.Latour [@] cira.ca
More informationSECURE HOME GATEWAY PROJECT
SECURE HOME GATEWAY PROJECT ICANN63 BARCELONA OCTOBER 22, 2018 Jacques Latour, CTO, CIRA Labs Canadian Internet Registration Authority Jacques.Latour [@] cira.ca Today's home network and IoT products and
More informationSecurity Architecture for the Internet of Things (IoT) in Commercial Buildings
White Paper Security Architecture for the Internet of Things (IoT) in Commercial Buildings March 2018 Piotr Polak (Philips Lighting) Copyright Fairhair Alliance 2018 Fairhair Alliance: IoT Security March
More informationBRSKI document status. Authors: Max Pritikin, Michael Richardson and Kent Watsen
BRSKI document status Authors: Max Pritikin, Michael Richardson and Kent Watsen BRSKI document significant editorial changes Version -06: major rewrite of document. We took most content and put it into
More informationDraft-richardson-anima-smartpledge BRSKI enrollment for Smart Pledges. Or: How do I bootstrap operator-less Registrars
Draft-richardson-anima-smartpledge BRSKI enrollment for Smart Pledges Or: How do I bootstrap operator-less Registrars Michael Richardson* Jacques Latour Faud Khan * All bad ideas are mine https://www.sandelman.ca/ssw/ietf/anima/smartpledge/ietf103_smartpledge/ietf103_smartpledge.html
More informationA Reference Model for Autonomic Networking draft-behringer-anima-reference-model-03.txt
A Reference Model for Autonomic Networking 93 rd IETF, 20 July 2015 Michael Behringer Brian Carpenter Toerless Eckert 1 Reference Model High Level View Autonomic Function B ASA ASA Registrar ASA ASAs deployed
More informationInternet Engineering Task Force (IETF) Category: Standards Track ISSN: D. Romascanu March 2019
Internet Engineering Task Force (IETF) Request for Comments: 8520 Category: Standards Track ISSN: 2070-1721 E. Lear Cisco Systems R. Droms Google D. Romascanu March 2019 Manufacturer Usage Description
More informationAutonomic Networking BRKGEN Michael Behringer
Autonomic Networking BRKGEN-2999 Michael Behringer Autonomic Networking Intro How We Got Here Our First Goal Was: Automatic Network Security External NOC External How to Distinguish inside from outside
More informationNETCONF Access Control
NETCONF Access Control draft-bierman-netconf-access-control-01 IETF 77, March 2010 Andy Bierman andyb@iwl.com Agenda Why does NETCONF need a standard access control model (ACM)? What are the functional
More informationIPv6 Security (Theory vs Practice) APRICOT 14 Manila, Philippines. Merike Kaeo
IPv6 Security (Theory vs Practice) APRICOT 14 Manila, Philippines Merike Kaeo merike@doubleshotsecurity.com Current IPv6 Deployments Don t break existing IPv4 network Securing IPv6 Can t secure something
More informationAutonomic Control Plane A Virtual Out Of Band Channel
Autonomic Control Plane A Virtual Out Of Band Channel Alvaro Retana (aretana@cisco.com) Distinguished Engineer, Cisco Services Slides by Michael Behringer. We all know: SDN Will Save The World Yes, but
More informationIntroduction to Device Trust Architecture
Introduction to Device Trust Architecture July 2018 www.globalplatform.org 2018 GlobalPlatform, Inc. THE TECHNOLOGY The Device Trust Architecture is a security framework which shows how GlobalPlatform
More informationChapter 5. Security Components and Considerations.
Chapter 5. Security Components and Considerations. Technology Brief Virtualization and Cloud Security Virtualization concept is taking major portion in current Data Center environments in order to reduce
More informationIPv6 Implementation Best Practices For Service Providers
IPv6 Implementation Best Practices For Service Providers Brandon Ross Chief Network Architect and CEO 2013 Utilities Telecom Council Network Utility Force www.netuf.net @NetUF RFC 6540 - IPv6 Support Required
More informationBeOn Security Cybersecurity for Critical Communications Systems
WHITEPAPER BeOn Security Cybersecurity for Critical Communications Systems Peter Monnes System Design Engineer Harris Corporation harris.com #harriscorp TABLE OF CONTENTS BeOn Security... 3 Summary...
More informationSecurity and Privacy in the Internet of Things : Antonio F. Skarmeta
Security and Privacy in the Internet of Things : Antonio F. Skarmeta University of Murcia (UMU) SPAIN Motivation Security and privacy concerns were always there but we need to move from
More informationCredential Management for Internet of Things Devices
Credential Management for Internet of Things Devices Internet Protocol for Smart Objects (IPSO) Alliance Editors: Hannes Tschofenig, ARM Limited Ned Smith, Intel Contributors: Mark Baugher, Consultant
More informationSession initiation protocol & TLS
POSH bof Session initiation protocol & TLS Olle E. Johansson, IETF 87 Berlin, July 2013 oej@edvina.net * @oej v 1.42 Executive summary: SIP security filosophy: Let s put a nice and soft fluffy TLS wrapper
More informationSmart Grid Security. Selected Principles and Components. Tony Metke Distinguished Member of the Technical Staff
Smart Grid Security Selected Principles and Components Tony Metke Distinguished Member of the Technical Staff IEEE PES Conference on Innovative Smart Grid Technologies Jan 2010 Based on a paper by: Anthony
More informationDRAFT REVISIONS BR DOMAIN VALIDATION
DRAFT REVISIONS BR 3.2.2.4 DOMAIN VALIDATION (Feb. 15, 2016) Summary of changes The primary purpose of this change is to replace Domain Validation item 7 "Using any other method of confirmation which has
More informationeidas Interoperability Architecture Version November 2015
eidas Interoperability Architecture Version 1.00 6. November 2015 1 Introduction This document specifies the interoperability components of the eidas-network, i.e. the components necessary to achieve interoperability
More informationNETCONF WG IETF 96 (Berlin)
Zero Touch Provisioning for NETCONF/RESTCONF Call Home dra>-ie@-netconf-zerotouch-09 NETCONF WG IETF 96 (Berlin) Recap At IETF 95, we reviewed a significantly updated dra> and its 4 open issues. 2 issues
More informationAn Autonomic Control Plane draft-ietf-anima-autonomic-control-plane- 05 (ietf98:06 - ietf99:08)
An Autonomic Control Plane draft-ietf-anima-autonomic-control-plane- 05 (ietf98:06 - ietf99:08) 99 th IETF, July 2017 Michael Behringer (editor), Toerless Eckert (editor), Steinthor Bjarnasson 1 06-07:
More informationMobility best practice. Tiered Access at Google
Mobility best practice Tiered Access at Google How can IT leaders enable the productivity of employees while also protecting and securing corporate data? IT environments today pose many challenges - more
More informationStrong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing LANCEN LACHANCE VICE PRESIDENT PRODUCT MANAGEMENT GLOBALSIGN WHAT YOU WILL LEARN TODAY 1 2 3 Examining of security risks with smart connected products Implementing
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationUsing the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway
Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Applying Application Delivery Technology to Web Services Overview The Cisco ACE XML Gateway is the newest
More informationJuniper Sky ATP Getting Started
Juniper Sky ATP Getting Started Ready. Set. Let s go! Configure your SRX Series device, log into the Juniper Sky ATP web portal, and begin using Juniper Sky ATP. Configure the SRX Series Device to Begin
More informationA Reference Model for Autonomic Networking draft-behringer-anima-reference-model-00.txt
A Reference Model for Autonomic Networking 92 nd IETF, 27 Mar 2015 Michael Behringer Brian Carpenter Toerless Eckert 1 Background History A Framework for Autonomic Networking Jun 2012 draft-behringer-autonomic-network-framework-00.txt
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationSoftware Security and Exploitation
COMS E6998-9: 9: Software Security and Exploitation Lecture 8: Fail Secure; DoS Prevention; Evaluating Components for Security Hugh Thompson, Ph.D. hthompson@cs.columbia.edu Failing Securely and Denial
More informationTenable for Palo Alto Networks
How-To Guide Tenable for Palo Alto Networks Introduction This document describes how to deploy Tenable SecurityCenter and Nessus for integration with Palo Alto Networks next-generation firewalls (NGFW).
More informationHow to get a trustworthy DNS Privacy enabling recursive resolver
How to get a trustworthy DNS an analysis of authentication mechanisms for DNS s Willem Toorop NLnet Labs (presenter) Melinda Shore Fastly Benno Overeinder NLnet Labs DNS over TLS What are the actors, and
More informationTechnical Overview. Version March 2018 Author: Vittorio Bertola
Technical Overview Version 1.2.3 26 March 2018 Author: Vittorio Bertola vittorio.bertola@open-xchange.com This document is copyrighted by its authors and is released under a CC-BY-ND-3.0 license, which
More informationExamTorrent. Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you
ExamTorrent http://www.examtorrent.com Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you Exam : 400-251 Title : CCIE Security Written Exam (v5.0) Vendor : Cisco Version
More informationFixed Internetworking Protocols and Networks. IP mobility. Rune Hylsberg Jacobsen Aarhus School of Engineering
Fixed Internetworking Protocols and Networks IP mobility Rune Hylsberg Jacobsen Aarhus School of Engineering rhj@iha.dk 1 2011 ITIFN Mobile computing Vision Seamless, ubiquitous network access for mobile
More informationFederation Operator Practice: Metadata Registration Practice Statement
eduid Luxembourg Federation Operator Practice: Metadata Registration Practice Statement Authors S. Winter Publication Date 2015-09-08 Version 1.0 License This template document is license under Creative
More informationThe Internet of Things and Security
INTERNAL USE ONLY The Internet of Things and Security Chuck DePalma CISSP CISM Network and Cloud Security Architect The Internet of Things 1998 Adoption of Mosaic Browsers 0ver 250 Millions of Internet
More informationCCIE Wireless v3 Workbook Volume 1
CCIE Wireless v3 Workbook Volume 1 Table of Contents Diagrams and Tables 7 Topology Diagram 7 Table 1- VLANs and IP Subnets 8 Table 2- Device Management IPs 9 Table 3- Device Credentials 10 Table 4- Term
More informationThe Value of Cisco Compatible Extensions (CCX) for Mobile Computers
The Value of Cisco Compatible Extensions (CCX) for Mobile Computers Originally Published: October 2007 Updated: April 2010, October 2012 A White Paper from Laird Technologies IEEE and industry standards
More informationP2PSIP Draft Charter. Dean Willis March 2006
P2PSIP Draft Charter Dean Willis March 2006 Purpose The purpose of the Peer-to-Peer (P2P) Session Initiation Protocol working group (P2PSIP WG) is to develop guidelines and mechanisms for the use of the
More informationRoot KSK Roll Update Webinar
Root KSK Roll Update Webinar Matt Larson, VP of Research 11 October 2017 1 Who has KSK-2017 configured as a trust anchor? Until recently, there was no way to know which trust anchors validators have configured
More informationTrusted Computing Group
Trusted Computing Group Backgrounder May 2003 Copyright 2003 Trusted Computing Group (www.trustedcomputinggroup.org.) All Rights Reserved Trusted Computing Group Enabling the Industry to Make Computing
More informationTHE FUTURE OF AUTHENTICATION FOR THE INTERNET OF THINGS
THE FUTURE OF AUTHENTICATION FOR THE INTERNET OF THINGS FIDO ALLIANCE WEBINAR MARCH 28, 2017 1 INTRODUCTION TO THE FIDO ALLIANCE ANDREW SHIKIAR SENIOR DIRECTOR OF MARKETING MARCH 28, 2017 2 THE FACTS ON
More informationIoT security based on the DPK platform
Zz S E C U M O B I. WHITE PAPER IoT security based on the DPK platform Powered by Ethereum David Khoury Elie Kfoury ABSTRACT Public key distribution remains one of the main security weaknesses in many
More informationCIP Security Pull Model from the Implementation Standpoint
CIP Security Pull Model from the Implementation Standpoint Jack Visoky Security Architect and Sr. Project Engineer Rockwell Automation Joakim Wiberg Team Manager Technology and Platforms HMS Industrial
More informationLevel 1 Technical Firewall Traversal & Security. Level 1 Technical. Firewall Traversal & Security. V2 Page 1 of 16
Level 1 Technical Firewall Traversal & Security V2 Page 1 of 16 Contents 1 - Introduction... 3 Introduction... Error! Bookmark not defined. Available Resources... 8 2 - Overview... 4 Level 1 Recap... Error!
More informationNETWORK THREATS DEMAN
SELF-DEFENDING NETWORK NETWORK THREATS DEMAN NEW SECURITY: STRATEGIES TECHNOLOGIES Self-Propagating Threats A combination of: self propagating threats Collaborative applications Interconnected environments
More informationFederated Identity Management and Network Virtualization
Federated Identity Management and Network Virtualization Yang Cui and Kostas Pentikousis 3rd ETSI Future Networks Workshop 10 April 2013 Sophia Antipolis, France The opinions expressed in this presentation
More informationmdns/dnssd Threat Model
IETF91 13 November 2014 Honolulu DNSSD WG mdns/dnssd Threat Model draft-rafiee-dnssd-mdns-threatmodel-01 Author: Hosnieh Rafiee www.huawei.com HuaweiTechnologies Duesseldorf GmbH, Munich, Germany Unicast
More informationCCIE Wireless v3.1 Workbook Volume 1
CCIE Wireless v3.1 Workbook Volume 1 Table of Contents Diagrams and Tables 7 Topology Diagram 7 Table 1- VLANs and IP Subnets 8 Table 2- Device Management IPs 9 Table 3- Device Credentials 10 Table 4-
More informationSetting Up Secure Device Provisioning for Enrollment in a PKI
Setting Up Secure Device Provisioning for Enrollment in a PKI This module describes how to use Secure Device Provisioning (SDP) in a public key infrastructure (PKI). SDP is a web-based certificate enrollment
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationDolby Conference Phone. Configuration guide for Cisco Unified Communications Manager
Dolby Conference Phone Configuration guide for Cisco Unified Communications Manager Version 3.1 22 February 2017 Copyright 2017 Dolby Laboratories. All rights reserved. Dolby Laboratories, Inc. 1275 Market
More informationData Structure Mapping
This appendix provides information about the data objects that are migrated, partially migrated, and not migrated from, Release 5.5 or later to Cisco ISE, Release 2.3., page 1 Supported Data Objects for
More informationData Structure Mapping
This appendix provides information about the data objects that are migrated, partially migrated, and not migrated from Cisco Secure ACS, Release 5.5 or later to Cisco ISE, Release 2.3., on page 1 Supported
More informationBACnet Secure Connect
BACnet Secure Connect A Secure Infrastructure for Building Automation David Fisher Bernhard Isler Michael Osborne SSPC 135 IT Working Group Contents A Secure Infrastructure for Building Automation... 1
More informationIntroduction to the DANE Protocol
Introduction to the DANE Protocol ICANN 46 April 10, 2013 Internet Society Deploy360 Programme Providing real-world deployment info for IPv6, DNSSEC and other Internet technologies: Case Studies Tutorials
More informationConfiguring Remote Access using the RDS Gateway
Configuring Remote Access using the RDS Gateway Author: AC, SNE Contents Introduction... 3 Pre-requisites... 3 Supported Operating Systems... 3 Installing the I.T. Services Certificate Authority Root Certificate...
More informationCisco - ASA Lab Camp v9.0
Cisco - ASA Lab Camp v9.0 Code: 0007 Lengt h: 5 days URL: View Online Based on our enhanced SASAC v1.0 and SASAA v1.2 courses, this exclusive, lab-based course, provides you with your own set of equipment
More informationPROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL
Q&A PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL This document answers questions about Protected Extensible Authentication Protocol. OVERVIEW Q. What is Protected Extensible Authentication Protocol? A.
More informationWatson Developer Cloud Security Overview
Watson Developer Cloud Security Overview Introduction This document provides a high-level overview of the measures and safeguards that IBM implements to protect and separate data between customers for
More informationFederation Operator Practice: Metadata Registration Practice Statement
CEDIA Federation Operator Practice: Metadata Registration Practice Statement Authors Claudio Chacon A. Publication Oct 2014 Date Version 0.2 License This template document is license under Creative Commons
More informationAdding value to your MS customers
Securing Microsoft Adding value to your MS customers Authentication - Identity Protection Hardware Security Modules DataSecure - Encryption and Control Disc Encryption Offering the broadest range of authentication,
More informationDGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide. Figure 9-1 Port Security Global Settings window
9. Security DGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide Port Security 802.1X AAA RADIUS TACACS IMPB DHCP Server Screening ARP Spoofing Prevention MAC Authentication Web-based
More informationIPv6 Security Safe, Secure, and Supported.
IPv6 Security Safe, Secure, and Supported. Andy Davidson Hurricane Electric and LONAP adavidson@he.net Twitter: @andyd MENOG 9 Muscat, Oman, Tuesday 4 th October 2011 Don t Panic! IPv6 is not inherently
More informationDisk Encryption Buyers Guide
Briefing Paper Disk Encryption Buyers Guide Why not all solutions are the same and how to choose the one that s right for you.com CommercialSector Introduction We have written this guide to help you understand
More informationLTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security
LTI Security Intelligent & integrated Approach to Cyber & Digital Security Overview As businesses are expanding globally into new territories, propelled and steered by digital disruption and technological
More informationInternet Engineering Task Force (IETF) Category: Informational October 2011 ISSN:
Internet Engineering Task Force (IETF) R. Barnes Request for Comments: 6394 BBN Technologies Category: Informational October 2011 ISSN: 2070-1721 Abstract Use Cases and Requirements for DNS-Based Authentication
More informationNew Approaches to Connected Device Security
New Approaches to Connected Device Security Erik Jacobson Architecture Marketing Director Arm Arm Techcon 2017 - If you connect it to the Internet, someone will try to hack it. - If what you put on the
More informationipad in Business Mobile Device Management
ipad in Business Mobile Device Management ipad supports Mobile Device Management, giving businesses the ability to manage scaled deployments of ipad across their organizations. These Mobile Device Management
More informationNext Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop
Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop PACS Integration into the Identity Infrastructure Salvatore D Agostino CEO, IDmachines LLC 8 th Annual
More informationUse Cases for Argonaut Project -- DRAFT Page
Use Cases for Argonaut Project -- DRAFT Page 1 Use Cases for Argonaut Project DRAFT V0.3 March 03, 2015 Use Cases for Argonaut Project -- DRAFT Page 2 Introduction The Argonaut Project seeks to rapidly
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationRequest for Comments: E. Demaria Telecom Italia J. Bournelle Orange Labs R. Lopez University of Murcia September 2009
Network Working Group Request for Comments: 5637 Category: Informational G. Giaretta Qualcomm I. Guardini E. Demaria Telecom Italia J. Bournelle Orange Labs R. Lopez University of Murcia September 2009
More informationMobile Security Fall 2012
Mobile Security 14-829 Fall 2012 Patrick Tague Class #9 The Internet of Things Partial slide credit to L. Zoia and Y. Zhang Announcements If you haven't signed up for a Survey presentation (two teams,
More informationEthane: taking control of the enterprise
Ethane: taking control of the enterprise Martin Casado et al Giang Nguyen Motivation Enterprise networks are large, and complex, and management is distributed. Requires substantial manual configuration.
More informationOn the Internet, nobody knows you re a dog.
On the Internet, nobody knows you re a dog. THREATS TO DISTRIBUTED APPLICATIONS 1 Jane Q. Public Big Bank client s How do I know I am connecting to my bank? server s Maybe an attacker...... sends you phishing
More informationKnobs, Levers, Dials and Switches: Now and Then (please sir, may I have some more?)
Knobs, Levers, Dials and Switches: Now and Then (please sir, may I have some more?) Draft-jones-opsec-01.txt opsec@ops.ietf.org (mailing list) October 20, 2003 George M. Jones October
More information10/4/2016. Advanced Windows Services. IPv6. IPv6 header. IPv6. IPv6 Address. Optimizing 0 s
Advanced Windows Services IPv6 IPv6 FSRM, FCI, DAC and RMS PKI IPv6 IP is the foundation of nearly all communication The number of addresses is limited Technologies like NAT help in addition to enhancements
More informationCreating User Manageable Security Zones
Creating User Manageable Security Zones The Boeing SCADAnet Technology Craig Dupler, Boeing Eric Byres, Byres Security Inc. Three Important Things for Security 1. Simplicity 2. Bite-size e Pieces 3. Clear
More informationMake security part of your client systems refresh
Make security part of your client systems refresh Safeguard your information with Dell Data Security Solutions while boosting productivity and reducing costs Your organization might have many reasons for
More informationFabric Development Update & Discussion. Binh Nguyen
Fabric Development Update & Discussion Binh Nguyen New Inspiration: Simple but Effective 2 And can make $ 3 Background: Architecture membership No SPoF No SPoT peer Endorser application SDK Keys 1 Endorse
More information2012 Cisco and/or its affiliates. All rights reserved. 1
2012 Cisco and/or its affiliates. All rights reserved. 1 Policy Access Control: Challenges and Architecture UA with Cisco ISE Onboarding demo (BYOD) Cisco Access Devices and Identity Security Group Access
More informationInsights on IPv6 Security
Insights on IPv6 Security Bilal Al Sabbagh, MSc, CISSP, CISA, CCSP Senior Information & Network Security Consultant NXme FZ-LLC Information Security Researcher, PhD Candidate Stockholm University bilal@nxme.net
More informationU.S. E-Authentication Interoperability Lab Engineer
Using Digital Certificates to Establish Federated Trust chris.brown@enspier.com U.S. E-Authentication Interoperability Lab Engineer Agenda U.S. Federal E-Authentication Background Current State of PKI
More informationIPv6 Security Vendor Point of View. Eric Vyncke, Distinguished Engineer Cisco, CTO/Consulting Engineering
IPv6 Security Vendor Point of View Eric Vyncke, evyncke@cisco.com Distinguished Engineer Cisco, CTO/Consulting Engineering 1 ARP Spoofing is now NDP Spoofing: Threats ARP is replaced by Neighbor Discovery
More informationSIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)
security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, 29.03.2006, Atlanta, GA (USA) 2006 SWITCH Content and Firewall and NAT Privacy / Encryption SpIT / Authentication Identity General
More informationThe Emerging Role of a CDN in Facilitating Secure Cloud Deployments
White Paper The Emerging Role of a CDN in Facilitating Secure Cloud Deployments Sponsored by: Fastly Robert Ayoub August 2017 IDC OPINION The ongoing adoption of cloud services and the desire for anytime,
More informationSecuring Devices in the Internet of Things
AN INTEL COMPANY Securing Devices in the Internet of Things WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe
More informationInternet Engineering Task Force (IETF) Category: Informational. June 2014
Internet Engineering Task Force (IETF) Request for Comments: 7211 Category: Informational ISSN: 2070-1721 S. Hartman Painless Security D. Zhang Huawei Technologies Co. Ltd. June 2014 Operations Model for
More informationControl Plane Protection
Control Plane Protection Preventing accidentally on purpose We really talking about making sure routers do what we expect. Making sure the route decision stays under our control. Layer 2 Attacks ARP injections
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including steep financial losses, damage
More informationSecure wired and wireless networks with smart access control
Secure wired and wireless networks with smart access control Muhammad AbuGhalioun Senior Presales Consultant Hewlett-Packard Enterprise Aruba Saudi Arabia Managing risk in today s digital enterprise Increasingly
More informationCisco TelePresence Basic Cisco VCS configuration
Cisco TelePresence Basic Cisco VCS configuration Deployment Guide D14651.02 September 2011 Cisco VCS Control with Cisco VCS Expressway X7.0 Contents Document revision history 5 Introduction 6 Out of scope
More informationModule 9. Configuring IPsec. Contents:
Configuring IPsec 9-1 Module 9 Configuring IPsec Contents: Lesson 1: Overview of IPsec 9-3 Lesson 2: Configuring Connection Security Rules 9-11 Lesson 3: Configuring IPsec NAP Enforcement 9-21 Lab: Configuring
More informationConsiderations for using short-term certificates
Considerations for using short-term certificates draft-nir-saag-star Yoav Nir Thomas Fossati Yaron Sheffer Toerless Eckert Why are we doing this? Lots of interest in short-term certificates In the standards
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including
More information