Size: px
Start display at page:

Download ""

Transcription

1 Cisco Network Admission Control Grzegorz Dobrowolski, Cisco Systems

2 Agenda W p r o w adz eni e J ak t o z r o b i ć i nac z ej N AC K o m p o nent y N AC D z i ałani e N AC P r z y k łady z as t o s o w ani a

3 Wprowadzenie

4 M GG ww E w o l u c j a z agr o żeń R o z m i a r c el u E sk al ac j a z ag r o że n i a d l a i n stytu c j i Wpły w n a i n f r a s t r u k t u r ę św i a t o w ą S i e c i R e g i o n a l n e Wi e l e S i e c i P o j e d y n c z a s i e ć P o j e d y n c z y k o m pu t e r D n i T y g o d n i e II II -g aa GG en MM aa cc rr o I I GG en vv ii rr uu ss ee ss Boot DD ee nn ii aa l l of vv ii rr uu ss ee ss SS ee rr vv ii cc ee i n u t y II II I I GG en DD ii ss tr ii bb uu te d d DD ee nn ii aa l l of SS ee rr vv ii cc ee Bl ee nn dd ee d d th rr ee aa ts S ek u n d y NN aa ss tt ęp nn e en er aa cc jj e FF ll aa ss h h tt hh rr ea tt ss OO gg rr oo mm nn e DD DD oo SS ww yy ww oo ły w w.. PP rr zz ez oo rr mm WW oo rr m m aa tt aa kk uu jj ąc yy pp aa yy ll oo aa dd

5 i CZAS JEST KRYTYCZNY!!! Sz y b k o ś ć o b e c n y c h a t a k ów Lata 8 0 -te 9 0 -te Z wyk l e m i j ały tyg o dn i e a c z asem m i esi ąc e z an i m p o j awi ały si ę z ab ez p i ec z en i a p r z ed z ag r o żen i am A tak i p r z eb i eg ały w c i ąg u g o dz i n T o b ył c z as n a z i den tyf i k o wan i e z ag r o żen i a i ak tual i z ac j e w system ac h o c h r o n y Po u p ły w i e c z a s u p ot r z e bn e g o n a p r z e c z y t a n i e p ołow y t e g o s l a j du T w oj a s i e ć i w s z y s t k i e p r a c u j ąc e w n i e j a p l i k a c j ę będą n i e dos t ęp n e!!!!!! A tak i o db ywaj ą si ę w c i ąg u sek un d S Q L S l am m er W o r m : P o dwaj an i e c o 8.5 sek un dy P o 3 m i n : 55M sc an ów/ sek. Ł ąc z e 1G b j est wysyc an e p o 1 m i n uc i e S Q L S l am m er to O S T R Z EŻEN I E. N o wsz e r o b ak i są z dec ydo wan i e sz yb sz e.

6 Z m i ana w y m agań w R S EI L S N I LE I E N T I Z N I N T T E E GG R R O A W T A E N DE S W ecb u u d r i o t y w, a I P n e C,w W u r i z r ąd el esz ens i a s i ec i o w e A p p lic a tio n A w a r e z i n n y m i u s łu g a m i M I P a (Vn a o g i em c e, enw t i r el es s, M S t o o d r ua g l a e) r A p p ro a c h C en t r a l n e z a r z ąd z a n i e H D i efg h en A s v ea i i n l a Db i epl i t y t h M S z u erl t i o l a k y i erz a S k r eces u r i t y V (K i r o t u m a p l i u z teder y S, er v i c es S S c era w l a erb l y e, S i eć) K o n t r o l a d o s t ęp u d o s i ec i z ak r es i e b ez p i ec z eńs t w a A D A P D T A O PT W A I LV N E E O S c elh f r -Po n r o a v p i s r z i o edn i n g a S n elo mf -O a lp i a t i m m i i z i n g E S l aels f t -Dy c efz n ene d i n g A d a p tu jes ięd o z m ia n w k o n d y c ji b ez p i ec z eńs t w a

7 J ak t o zrob ić inac zej c zy l i.. N et work A dm is s ion C ont rol

8 S i eć b ez N et w o r k Adm i s s i o n C o nt r o l 1. N i ec h r o n i o n y h o s t żąd a d o s t ęp u n a z ew n ąt r z B R A N C H L U B C A M P U S 2. P o ła c z en i e d o p u s z c z o n e S i eć f i r m o w a 3. D a l s z e i n f ek o w a n i e p r z ez z a r a żo n y s y s t em C A M P U S

9 QQ C i s c o N et w o r k Adm i s s i o n C o nt r o l : C o s i ę dz i ej e 1. N i ec h r o n i o n y h o s t żąd a d o s t ęp u n a z ew n ąt r z 2. K w a r a n t a n n a 3. Z a t r z y m a n i e i n f ek c j i ; p o z o s t a łe h o s t y o b r o n i o n e B R A N C H C A M P U S S i e ć f i r m o w a C i s c o T r u s t A g e n t R e m e d i a t i o n uu aa rr aa nn tt ii nn e e VV LL AA NN

10 Q i R o z w i ąz ani e N et w o r k Adm i s s i o n C o nt r o l N A C : W y k o r z y s t a n i e s i ec i d o i n t el i g en t n eg o n a r z u c en i a u p r a w n i eń d o s t ęp o w y c h n a b a z i e s ec u r i t y p o s t u r e u r z ąd z en i a k o ńc o w eg o C h a r a k t er y s t y k a N A C : Wszechobecne rr ozwi ązani e dd ll a wszystkich mm ee to dd pp ołaczeo aczeń H ost żąd aj ący d ost ęp u d o si eci C i sc o T r ust A g en t C r eden ti al s EA P / U D P, EA P / x S i eci owe ur ząd zeni a d ost ęp owe 1 2 N o tyf i k ac j a 6 W i p o l i c ym usz en e y 5 C r eden ti al s R A D I U S U p r awn i en i a do stęp u 4 P o l i c y (A A A ) 2a S ev er C r eden ti al s P ol i cy S er v er P od ej m owani e d ecy zj i Z g o dn y? 3 H T T P S A V S er v er SS pr aa ww dd zz aa wszystkie hh oo ss tt yy Wy kk or zy st uj e ii nwest yy cj e w si eće i op rr og rr am owani e ant yy wi rr usowe UU ss łu u gg ii Q uu aa rr aa nn tt ii nn e e && rr ee mm ee dd ii aa tt ii oo nn SS kk aa ll oo ww aa ll nn ee rr oo zz ww ii ąz z aa nn ii ee

11 K om ponent y rozwiązania N et work A dm is s ion C ont rol

12 c z y l i c o j e s t p o t r z e b n e d l a wd r o że n i a r o z wi ąz a n i a NAC Wymagania d l a N A C : C i sc o I O S v (8)T l u b n o wsz y I O S se c u r i ty (f i r e wal l f e atu r e se t) C i sc o T r u st A g e n t z ai n stal o wan y n a h o stac h (P C, l ap to p, e tc. ) C i sc o S e c u r e A c c e ss C o n tr o l S e r v e r (A C S ) v 3. 3 Z n aj o m o ść k o n f i g u r ac j i l i st d o stęp o wyc h (ac c e ss c o n tr o l l i st - A C L ) Z n aj o m o ść k o n f i g u r ac j i : au th e n ti c ati o n, au th o r i z ati o n an d ac c o u n ti n g (A A A ) w C i sc o A C S

13 M M NAC Ko mm pp oo nn ee nn tt yy ll oo gg ii cc zz nn ee S i eci owe ur ząd zeni e d ost ęp owe S ec ur i ty A p p P l ug -i n s C T A E A P ou D P R A D I U S H C A P C T A C T A A A A S er v er P ol i cy S er v er A p l i k acj e N A C -E nabl ed C i sc o S ec ur i ty A g en t M c f ee V i r uss c an (J ul y) C i sco T r ust A g ent (N T, , X P ) R out er (8 3 x -7 2 x x ) C i sco S ecur e A C S T r end M i cr o C ont r ol anag er S ym an tec S A V & S C S (ED A P c usto m er s o n l y) T r en d M i c r o O f f i c es c an oni t or i ng & R ep or t i ng

14 O Cisco Security Agent Rozwiąza n ie H I P S n owe j g e n e r a c j i c h r o n a se r we r ów i stac j i r o b o c z yc h W y k r y wa i u n ie m ożl iwia d ok on a n ie n a d u ży c ia U n ik a l n a a n a l iza za c h owa ń c h r on i p r ze d zn a n y m i j a k i n ie zn a n y m i za g r oże n ia m i O c h r on a m. in. p r ze d : M yd o o m W 3 2. B l aste r F i z z e r B u g b e ar S o b i g. E S Q L S l am m e r S i r c am. A C o d e R e d N i m d a W 3 2. N e tsk I wi e l o m a i n n ym i, BEZ u p d a t e ó w s y g n a t u r!

15 M I ntegra cj a z CSA K er n el S h i m W r a p p er s I P S S er wer W eb A p l i k ac j e W eb NDIS H T T P K l i en t E-m ai l C O M I n ter c ep to r T DI SS hi mm I n stan t essen g er s s Sy s t e m C a l l R e g i s t r y Jąd r o H ar dwar e I O F i l e Sy s t e m C S A j e i o k o m p o n e n m o p c j o n n st war to śc wym te al ym P o z wal a n a z ap e wn i e n i e i n te g r al n o śc i O S D o s t a r c z a i n f o r m a c j e o O S (w t y m i n f o o p a t c h & h o t f i x ) W z m a c n i a s t a c j ę k o ńc o w ą, j es t o n a b a r d z i ej o d p o r n a n a a t a k C h r o n i C T A p r z ed a p p l i c a t i o n s p o o f i n g D ed y k o w a n a p o l i t y k a (p o l i c y ), k t ór a r o z u m i e z a c h o w a n i e C T A W sp ar c i e d l a N A C C S A p o C S A 4. 5 z a w i er a C T A i n t eg r a c j i z C T A / N A C

16 Z a l ety CSA A d r e su j e z ag r o że n i a d ay-z e r o O b n i ża k o sz ty z wi ąz an e z atak i e m E l i m i n u j e k we sti e z wi ąz an e z n i e d o stęp n o śc i ą syste m ów O b n i o b c i n i z e z h o f i x i I p h i e m ża ąże a wi ąz an t am atc o wan O b n i ża k o sz ty z wi ąz an e z o d two r z e n i e m d an yc h P o j e d yn c z e, d e d yk o wan e r o z wi ąz an i e, wi e l e f u n k c j i b e z p i e c z e ństwa, m ały wp ływ n a wyd aj n o ść stac j i r o b o c z e j K l u c z o wy k o m p o n e n t N A C

17 Ap l ik a cj e N AC-E na b l ed M c A f e e V i r u s S c a n 7. 0, 7. 1, 8. 0 i S ym an te c S A V 9. 0 [ A V ] & S C S 2. 0 [ A V, F W, H I D S ] T r e n d M i c r o O f f i c es c a n C o r p o r a t e E d i t i o n & T r en d M i c r o C o n t r o l M a n a g er i n t eg r a t i o n - O f f i c es c a n C E 6. 5 C T A w k o m p l ec i e z O f f i c es c a n I B M I B M / T i v o l i (p l a n o w a n e) A p l i k ac j e two r z o n e n i e z al e żn i e

18 O Agent k om unik a cyj ny C is c o T r u s t A g e n t d p o wi ad a n a wywo łan i a z u r z ąd z e n i a si e c i o we g o (N e two r k A c c e ss D e v i c e ) z żąd an i e m p r z e słan i a se c u r i ty c r e d e n ti al s d l a h o sta Z b i e r i n f o r m j e o i e b e z p i e c z e z o p r o g r o i N A C n l e d i n o e g o n h o h, i e g o j r u i C S A a ac stan ństwa am wan a -e ab stal wan a stac tak ak an tywi s K o m u n i k u j e se c u r i ty c r e d e n ti al s h o sta d o u r z ąd z e n i a si e c i o we g o (N A D ) C i sc o s T r u st A g e n t j e st d o łąc z an e d o o p r o g r am o wan i a C i sc o i o p r o g r am o wan i a an tywi r u so we g o N A C -e n ab l e d

19 M Cisco TT rust Agent Architektura C l i en t A p p l i c ati o n (A n ti -v i r us) C l i en t A p p l i c ati o n (H I P S / C S A ) C l i en t A p p l i c ati o n (X Y Z - ser v i c e) A p l i k acj e d ost ar czaj ące P ost ur e C r ed ent i al A n ti -V i r us P o stur e P l ug i n H I P S (C S A ) P o stur e P l ug i n X Y Z ser v i c e P o stur e P l ug i n Lo g g i n g S er v i c e EA P eth o ds C T A P o stur e P l ug i n C T A S er v i ce NAD

20 NN Cisco T rust Agent ( CT A) AV CC ll ii ee nn tt EE nn dd pp oo ii nn t t AA pp pp ll ii cc aa tt ii oo nn CC SS A EAP/TLV API EAP/U D P BB rr oo kk ee r r && SS ee cc uu rr ii tt yy CC ii ss cc o o TT rr uu ss t t AA gg en tt An y y Ap pp A g en t k o m u n i k a c y j n y i n s t a l o w a n y n a h o śc i e W i n d o w s NT, X P, T r z y p o d s t a w o w e f u n k c j e K o m u n i k a c j a d o s i e c i (E AP o U DP ) K o m u n i k a c j a d o a p l i k a c j i (E AP / T L V b r o k e r ) U w i e r z y t e l n i e n i e w AC S & s z y f r a c j a k o m u n i k a c j i I n t eg r a c j a z a p l i k a c j a m i P o c z ąt k o w o : O S & AV p a t c h e s P r o d u c e n c i : M c Af e e, S y m a n t e c, T r e n d M i c r o D o s t ęp n o ść K o m p o n e n t b e z k o s z t o w y, d o s t ęp n y n a C C O ee two rr kk

21 N etwork Access D ev ices D e l r t e r y, p r ł, p u n k t y d t u b e r g a u r n b e c t s c g oc owe ou ze ąc zn ik os ęp zp ze wod owe o or z ząd ze ia zp ie ze ńs wa ie iowe o Ż ąd aj ą c r e d e n ti al s b e z p i e c z e ństwa z u r z ąd z e ń k o ńc o wyc h (h o stów) P r z e syłaj ą j e st d o se r we r ów p o l i c y S e r r p o l i c r z p r z e e d e i p o d e j m u j d e c j o d o i e d o e c i d z i e l e n i e d o u, o d m o k n e. we y y sp awd aj ą słan an ą yz ę stęp si (u stęp wa, war an tan a tc ) U r z z e n i e c i o e r k A c c e D e v i c e N A D r o z d e c j o d o i e d o e c i p o d j p r z e z r r p o l i c ąd a si we (N two ss ) wp wad aj ą yz ę stęp si ętą se we y y

22 F unk cj e routera w z a k resie N AC R O U T E R J E S T P U N K T E M WY M U S Z E N I A P O L I C Y Wy k r y wa ur ząd zeni a, k t ór e p owi nny zost ać sp r awd zone p r zed wp uszczeni em d o d al szej częsci si eci I ni cj uj e p r oces sp r awd zani a p ost ur e (Intercept-A C L ) W sp ar c i e dl a l i st wyj ątk ów o p ar te o adr es I P l ub M A C P r z esyła p o stur e c r eden ti al s do A C S D p r t r y k l i m v d a ok onuj e ełneg o sp awd zeni a p ost ur e w bi e cy czny (a cti e ta pa th ) S p r awd za st at us C T A st at us p r zez S t at us Q uer y cy k l i czni e, sp awd za t eż czy t en sam k l i ent k or zy st a z d aneg o ad r esu I P C y k l i czni e wy sy ła t eż L 3 E A P S t at us Q uer y (i na cti v e d a ta pa th ) D l a ap l i k ac j i z D H C P (g dz i e m o że n astęp i ć p r z yp i san i e dan eg o adr esu I P do i n n eg o h o sta) Wy m usza up r awni eni a d l a uży t k owni k a na właści wy m i nt er f ej si e D yn am i c z n e A C L O p c j o n al n i e U R L R edi r ec ti o n (k ey f o r n o n -r esp o n si v e dev i c e f eedb ac k ) O bsług uj e ur ząd zeni a ni e od p owi ad aj ące na wy wołani a (bez zai nst al owaneg o C T A ) W yk r ywa p r z ez EA P o U D P ti m eo ut N o tyf i k ac j a j est wysłan a do A C S, sk ąd p r z esyłan e są up r awn i en i a dl a użytk o wn i k a/ ur z ądz en i a

23 a P l a tf orm y routerów wsp iera j ące N AC N A C j es t w s p i er a n y w w er s j a c h I O S w g r u p i e f u n k c j o n a l n ej b ez p i ec z eńs t w s i ec i o w eg o o d w er s j i (8 )T. A d v anced S ecur i t y, A d v anced S er v i ces, A d v anced E nt er p r i se T A K * * * - st ar sze p l at f or m y wsp i er aj ą N A C w k l asy czny ch wer sj ach f unk cj onal ny ch I O S w wer sj i T. R out er y t e ni e m aj ą wer sj i A d v anced w T A d v anced S ecur i t y A d v anced E nt er p r i se S er v i ces A d v anced I P S er v i ces S P S er v i ces I P V oi ce I P B ase E nt er p r i se S er v i ces E nt er p r i se B ase C i s c o 7 2 x x C i s c o 3 7 x x C i s c o , E N T S e r i e s C i s c o X M, C i s c o , , , , , V, C i s c o 8 3 x C i s c o 7 4 x x, 7 3 x x, 7 1 x x C i s c o 5 x x x C i s c o C i s c o C O S e r i e s C i s c o C i s c o n o n -X M M o d e l s C i s c o , , Tak * Tak Tak * Tak Tak Tak *?????? N i e N i e N i e N i e N i e

24 Serwery p ol icy C i o S e c u r e A c c e C o n o l S e r v e r p o d k o m p o n e n m u r r p o l i c sc ss tr stawo wy t syste se we ów y C i sc o A C S sp r awd z a i n f o r m ac j e d o tyc z ąc e k o n d yc j i b e z p i e c z e ństwa u r z ąd z e ń o tr z ym an e z u r z ąd z e n i a si e c i o we g o (N e two r k A c c e ss D e v i c e ) i o k r e śl a właśc i wą p o l i tyk ę/ o p c j ę d o stęp u d o si e c i d o z aap l i k o wan i a S e r we r y p o l i c y ap l i k ac j i an tywi r u so wyc h wsp ółp r ac u j ą z C i sc o A C S d l a d o k ład n i e j sz e g o sp r awd z e n i a i n f r o r m ac j i p r z e słan yc h z h o sta C i sc o A C S wysyła d e c yz j ę o d o stęp i e d o si e c i d o u r z ąd z e n i a si e c i o we g o (dopuś ć do s i e c i, z a b r oń dos t ępu do s i e c i, k w a r a n t a n n a, og r a n i c z e n i e dos t ępu do s i e c i )

25 Cisco Secure Access Control Serv er C i s c o S u r A C S n a j p o p u l a r n i s z y s w A A A R A D I U S ec e ej er er Sprawdza użyt k o wn ik ów i urządzen ia i przypis uj e im właśc iwe uprawn ien ia do s iec i (do urządzeń/ apl ik ac j i) Z a p ew n i a k l u c z o w e u s łu g i d l a d z i a ła n i a C i s c o N et w o r k A d m i s s i o n C o n t r o l : P rzeg l ąda i s prawdza c reden t ial s o t rzym h o s t ów an e z K o m un ik uj e s ię z A V P o l ic y Serv ers dl a do k ładn iej s zeg o s prawdzen ia o t rzym an yc h dan yc h O k reśl a właśc iwy po zio m do s t ępu w o parc iu o po l ic y P rzes yła dec yzj ę o do s t ępie do s iec i do urządzen ia s iec io weg o U W A G A : U r z ąd z e n i a C i sc o : P r z e łąc z n i k i, R o u te r y, u r z ąd z e n i a V o i c e, V P N, u r z ąd z e n i a b e z p i e c z e ństwa si e c i o we g o, u r z ąd z e n i a b e z p r z e wo d o we, u r z ąd z e n i a S to r ag e i u r z ąd z e n i a C o n te n t są p r z yg o to wan e d o wsp ar c i a N A C

26 #! = +3,00, = ) 4 %,3 0; = 4 ; R F )0 )0 V # " # GW GV [! Z ] \H " \H F unk cj e Cisco Secure ACS S ER W ER A A A J ES T P U N K T EM N A R Z U C A J ĄC Y M P O LI C Y I P U N K T EM D EC Y Z Y J N Y M O db i er a c r eden ti al s z ur z ądz eń k o ńc o wyc h (h o stów) D o k o n uj e p r o c esu A A A n a o tr z ym an yc h c r eden ti al s " :(. <1 9(:; ,5 %)% '54 21 %,3 /01 /%.%- *+, () &'% $% 7EF ED 4 8. )% 0 *C*(. 78BA >) I H G O ,3 N M(. (% )0 KL.5 +3 (%5 (0 ) J% /) (&15 (% (0 :) ) 20 (0,5 (% '54 %,3 1+ TP RU (% '54 %,3 1+ TP RS ', + 4 = QP> X W W k o n f i g j i r o i n f o r m j h o k o o o ysyła dan e do ur ac do uter a, wysyła ac ę do sta ńc weg Z Y X _^ V ] " V

27 W W m W W P P oo ss tt uu rr e e CC rr ee dd ee nn tt ii aa ll s s,, kk tt ór r ee m oo gg ą bb yy ć ss pp rr aa ww dd zz aa nn ee pp rr zz ee zz AA CC SS Cisco Agent C T A 1. 0 ers j a C T A N s t o n o W j s t o n o azwa ys em u perac yj eg ers a ys em u perac yj eg C S A Z ain s t al o wan e Serv ic e P ac k i Z ain s t al o wan e h o t f ix y ers j a C SA St an C SA (c zy uruc h o m io n y) F Q D N - C SA -M C (V M S) D at a o s t at n ieg o przes łan ia dan yc h przez C SA -M C (V M S) I nne op rogra m A n ti -V i r u s I n n e owa nie N azwa o pro g ram o wan ia A V l ub j eg o iden t yf ik at o r W ers j a o pro g ram o wan ia ers j a Sc an en g in e ers j a pl ik u D A T / pat t ern St an A V (c zy uruc h o m io n y) D at a wys łan ia pl ik u D A T / pat t ern Z al eżn e o d pro duc en t a N M C 2 F W & H I D p. SY SC S.0 zawiera S I n n e w y m a g a n e i n f o r m a c j e n i e r o z p o z n a w a n e p r z ez C i s c o S ec u r e A C S m o g ą b y ć p r z es ła n e d o V en d o r P o l i c y S er v er d l a s p r a w d z en i a

28 Serwer system u a ntywirusowego A pl ik ac j e N A C -en abl ed m o g ą przes yłać do s prawdzen ia c reden t ial s, k t óre n ie będą zro zum iałe dl a s erwera A A A C r e d e n t i a l s m o g ą z a wi e r a ć s p e c y f i c z n e d a n e w f o r m a c i e s t o s o wa n y m t y l k o p r z e z d o s t a wc ę r o z wi ąz a n i a a n t y wi r u s o we g o U m o żl i wi e n i e d o s t a wc o m r o z wi ąz a ń a n t y wi r u s o wy c h s p r a wd z a n i a d o d a t k o wy c h p a r a m e t r ów Serwer A A A m o że działać j ak o pro x y dl a s pec yf ic zn yc h dan yc h ( c reden t ial s ) przes łan ie ic h do s erwera s ys t em u an t ywirus o weg o Z as t o s o wan ie pro t o k o łu H C A P dl a s prawdzan ia o n -l in e H C A P H o s t C r e d e n t i a l A u t h o r i z a t i o n P r o t o c o l ( o p a r t y o H T T P S ) j e s t wy k o r z y s t y wa n y w k o m u n i k a c j i A A A -d o -S e r we r A V Serwer s ys t em u an t ywirus o weg o s prawdza c reden t ial s i in f o rm uj e s erwer A A A o rezul t ac ie S e r we r A A A j e s t w d a l s z y m c i ąg u p u n k t e m p o d e j m o wa n i a o s t a t e c z n e j d e c y z j i O bec n ie do s t ępn e pro duk t y z o pis an ą s k al ą in t eg rac j i: T r e n d M i c r o C o n t r o l M a n a g e r - O f f i c e S c a n C E 6. 5 Z apewn ien ie przej rzys t ej s eparac j i po l it yk i A V o d po l it yk i k o n f ig urac j i s iec i i zas ad do s t ępu do n iej.

29 System y z a rz ąd z a nia N AC CiscoW ork s V P N / S ecu rity M a na gem ent S ol u tion (V M S ) Z ar z d z an i e e l e m e n tam i N A C CiscoW ork s S ecu rity I nf orm a tion M a na ger S ol u tion (S I M S ) Z ap e wn i a n ar z d z i a m o n i to r i n g u i r ap o r to wan i a P rod u cenci op rogra m owa nia a nty wiru sowego (ora z inny ch a p l ik a cj i N AC-ena b l ed ) równie d osta rcz a j a na rz ed z ia z a rz a d z a nia d l a w a snego op rogra m owa nia (np. AV )

30 CiscoW ork s Security I nf orm a tion M a na gem ent Sol ution ( CW SI M S) Zbiera i in t erp ret u j e in f o rm ac j e o z d arz en iac h o t rz y m y w an e z I O S s y s l o g i A C S M o n it o rin g w c z as ie rz ec z y w is t y m Konsola N A C P r ez entacj a wyni k ów: og ólna i sz cz eg ółowa R ap o rt o w an ie N A C R apor ty z g od ności D la ur z ad z eni a, g r upy, użytk owni k a A k cj e z m i any H osty od r z ucone R apor ty cz asowe d la h ostów od r z uconych (po j ak i m cz asi e m og a si e ponowni e połącz yć) O k r eśleni e cr ed enti al postur e apli k acj i A d m i ni str acj a r oz wi az ani em

31 Z a l ety SI M Sol ution Znakomita pe r spe kty wa wid oc z nośc i sie c i Pozwala n a wgląd w s t r um i en i e dan y c h i um ożli wi a ok r eślen i e s ec ur i t y pos t ur e Pozwala n a s zy b k ą i łat wą i den t y f i k ac j ę r ealn y c h zagr ożeń i n ar us zeń b ezpi ec zeńs t wa O b niże nie T C O z wiąz ane g o z z ar z ąd z anie m i monitor owanie m b e z pie c z e ństwa Z m n i ej s zen i e zas ob ów n i ezb ędn y c h do zar ządzan i a i adm i n i s t r ac j i Dzi ęk i s zy b k i ej i den t y f i k ac j i n ar us zeń b ezpi ec zeńs t wa um ożli wi a os zc zędn ośc i c zas u, zas ob ów i k os zt ów. Zg od ność z e stand ar d ami monitor owania i z ar z ąd z ania sie c ią Z apewn i en i e zgodn ośc i z ob ec n y m i s t an dar dam i m on i t or i n gu i zar ządzan i a s i ec i ą S zy b k i e dos t os owan i e s i ę do n owy c h Długot er m i n owa oc h r on a zeb r an y c h dan y c h s t at y s t y c zn y c h s t an dar dów

32 Działan ie N e t w o r k A d m is s io n C o n t r o l

33 N AC p rz eb ieg p rocesu Przykła d o wa t o p o l o g i a i s c e n a ri u s z p o łą c ze n i a L aptop I P : A A A S er v er I P : S er wer A V I P : S r I P P P N A C tacj a obocz a : unk t wym usz eni a oli cy S er wer D N S I P : S er wer R em ed i ati on I P : S er wer pli k ów I P : Uży t k o wn i k l a pt o pa po t r z e b u j e u z y s k a ć d o s t ęp d o z a s o b ów s e r we r a pl i k ów

34 T e r m i n o l o g i a L i s t y d o s t ęp o we i n t e rc e p t i d e f a u l t I n t er c ept A C L T a li sta d ostępowa ok r eśla, j ak i r uch będ z i e ur uch am i ał pr oces spr awd z ani a postur e S k ład ni a A C L : S tand ar d lub E x tend ed per m i t d ok onaj spr awd z eni a postur e d la teg o r uch u d eny ni e d ok onuj spr awd z eni a postur e d la teg o r uch u P r z ypi sywana d o i nter f ej su (-ów) r outer a I n t er f ac e (lub def ault ) A C L T d r r d d k d z a li sta ostępowa ok eśla uch opusz cz ony om yślni e bez oni ecz ności ok onani a spr awd eni a postur e R uch m oże tr af i ać z ar ówno w li stę d ostępową I nter cept j ak i d om yślną D ostęp ok r eślony pr z ez d om yślną A C L j est d opusz cz ony po spr awd z eni u postur e S k ład ni a A C L : S tand ar d lub E x tend ed P r z ypi sywana d o i nter f ej su (-ów) r outer a G d y ni e j est sk onf i g ur owana cały r uch j est d opusz cz any D ownload able A C L (opar ta o poli cy) m od yf i k uj ę tą li stę d ostępową A C L

35 W N AC p rz eb ieg p rocesu K ro k 1 L a p t o p d o ko n u j e D N S L o o ku p d l a S e rwe ra p l i ków L aptop I P : A V V end or S er v er I P : or k stati on I P : N A C 1 (conf i g )# i p ad m i ssi on nam e N A C eapoud p li st N A C 1 (conf i g )# access-li st per m i t i p h ost any N A C 1 (conf i g )# access-li st per m i t ud p any h ost eq 5 3 N A C 1 (conf i g )# i nter f ace e0 / 0 N A C 1 (conf i g -i f )# i p access-g r oup N A C 1 (conf i g -i f )# i p ad m i ssi on N A C i n D N S S er v er I P : I n terc ept A C L P ie r F wsz i le S yer vpakie er t z L aptopa I P : wpad a d o I nte r c e pt A C L R em ed i ati on S er v er I P : Default A C L D ostęp d o se r we r a D N S j e st d opusz c z ony

36 A V V end or S er v er I P : F i le S er v er I P : R em ed i ati on S er v er I P : , + NAC p r z e b i e g p r o c e s u K ro ki 2 3 A A A S er v er I P : K ro k 2 : N A D ( ro uter) py ta C T A o «po sture» L aptop I P : W or k stati on I P : D N S S er v er I P : N A C E nf or cem ent P oi nt K ro k 3 : P o sture C red en ti als są z b i eran e prz ez C T A $ #" $&% #" ) ' * (!

37 W O m N p p K 4 s t u C d e n t i a l s n e d o s e A A A AC rz eb ieg rocesu ro k Po re re wys ła rwe ra L aptop I P : A A A S er v er I P : A V V end or S er v er I P : or k stati on I P : N A C E nf or cem P oi nt K ro k 4 : L apto p z wrac a «P o sture C red en ti als», k tóre są prz ek az y wan e d o serwera A A A d o sprawd z en i a ent D N S S er v er I P : F i le S er v er I P : R em ed i ati on S er v er I P : pc j a: S erwer A A A o że prz esłać c z ęść «C red en ti als» d o sprawd z en i a d o serwera A V

38 W O m N AC p rz eb ieg p rocesu L a p t o p n i e j e s t zg o d n y z Po l i c y ( K wa ra n t a n n a ) L aptop I P : A A A S er v er I P : L apto p m o że uz y sk ać po łąc z en i e z serwerem A V V end or S er v er R em ed i ato n d la upd ate u I P : z aso b ów d la spełn i en i a po li c y or k stati on I P : N A C E nf or cem P oi nt pc j a: S erwer A A A wy sy ła n o ty fi k ac j ę d o L apto pa, k tóra o że b y ć po k az an a uży tk o wn i k o wi z a po śred n i c twem C T A ent D N S S er v er I P : R em ed i ati on S er v er I P : F i le S er v er I P : S erwer A A A S erv er wy sy ła k o n fi g urac j ę d o ro utera, k tóra um o żli wi a lapto po wi d o stęp ty lk o d o serwera R em ed i ati o n per m i t i p h os t h os t

39 W N AC p rz eb ieg p rocesu L a p t o p zg o d n y z p o l i c y ( Z d ro wy ) L aptop I P : A A A S er v er I P : A V V end or S er v er I P : or k stati on I P : N A C E nf or cem P oi nt ent D N S S er v er I P : R em ed i ati on S er v er I P : F i le S er v er I P : S erwer A A A wy sy ła k o n fi g urac j ę d o ro utera, k tóra um o żli wi a lapto po wi pełn y d o stęp d o si ec i pe r mit ip h ost any

40 W N AC p rz eb ieg p rocesu H o s t N o n -R e s p o n s i v e - b e z a g e n t a C T A L aptop I P : K ro k 3 : N A D ( ro uter) py ta C T A o «po sture» A A A S er v er I P : A V V end or S er v er I P : or k stati on I P : N A C E nf or cem P oi nt ent D N S S er v er I P : F i le S er v er I P : R em ed i ati on S er v er I P : S tac j a ro b o c z a n i e m a z ai n stalo wan eg o ag en ta C T A S tac j a r ob oc z a nie umie od powie d z ie ć na z apy tanie r oute r a o postur e c r e d e ntial s W y g asa time out ustawiony na r oute r z e d l a oc z e kiwania na od powie d ź z C T A U r z ąd z e nia, któr e nie od powiad aj ą na z apy tania z r oute r a o N A C są naz y wane N on-r e sponsiv e

41 W N AC p rz eb ieg p rocesu O b s łu g a h o s t ów N o n -R e s p o n s i v e p rze z C i s c o A C S N A D wy s y ła c r eden t i als dla uży t k own i k a b ez k li en t a C T A do s er wer a A A A ab y ws k azać L aptop że ur ządzen i e j es t N on I P -R : es pon s. 1 i v. 1 e 5 0 A A A S er v er I P : S er wer A A A wy s y ła k on f i gur ac j ę do r out er a dla uży t k own i k a b ez k li en t a per m A V V end or S er v er i t i p h ost any I P : or k stati on I P : S tacj a r obocz a ni e m a z ai nstalowaneg o k li enta C T A N A C E nf or cem P oi nt ent S tac j a r ob oc z a uz y skuj e upr awnie nia d ostępu d o D N S i se r we r a pl ików F i le S er v er I P : D N S S er v er I P : R em ed i ati on S er v er I P : F un k c j o n aln o ść A C S - N etwo rk A c c ess R estri c ti o n ( N A R ) m o że b y ć równ i eż wy k o rz y stan a d la uz y sk an i a fun k c j o n aln o śc i o party c h o ad res I P h o sta lub ad res M A C.

42 W N AC p rz eb ieg p rocesu R o u t e r E x c e p t i o n L i s t s d l a h o s t ów N o n -R e s p o n s i v e L aptop I P : or k stati on I P : UW A G A : P r z ewi d z i ane d la ur z ąd z eń tak i ch j ak d r uk ar k i etc. D la stacj i r obocz ych bez z ai nstalowaneg o k li enta C T A należy używać k onf i g ur acj i użytk owni k a bez k li enta d ostępnej w A C S F i le S er v er I P : D N S S v I P R i S v I P er er : em ed ati on er er : N A C 1 (conf i g )# i d enti ty poli cy N A C -C L N A C 1 (conf i g -i d enti ty-poli cy)# access-g r oup N A C acl N A C 1 (conf i g )# i p access-li st ex tend ed N A C acl per m i t i p any h ost N A C 1 (conf i g )# i d enti ty pr of i le eapoud p N A C 1 (conf i g -i d enti ty-pr of )# d ev i ce auth or i z e i p-ad d r ess poli cy N A C -C L

43 N AC p rz eb ieg p rocesu - p od sum owa nie 1 I P E A P oud P A C S S ie ć C T A 3 R oute r H C A P S e r we r A V 1. Pak i et I P wpada w I n t er c ept A C L n a r out er ze Dom y śln a A C L ok r eśla poc ząt k owe war un k i dos t ępu do s i ec i 2. R out er ur uc h am i a pos t ur e v ali dat i on z C T A (E A PoUDP) 3. C T A wy s y ła pos t ur e c r eden t i als do r out er a (E A PoUDP) 4. R out er wy s y ła pos t ur e c r eden t i als do A A A (E A PoR A DI US ) 5. G dy pot r zeb n e, A A A dzi ała j ak o pr ox t dla pos t ur e v ali dat i on n a s er wer ze A V (H C A P) 6. A A A oc en i a pos t ur e ( Z dr owy, K war an t an n a, ) 7. A A A wy s y ła A c c es s -A c c ept z ogr an i c zen i am i A C L s / UR L per poli c y do r out er a 8. H os t ot r zy m uj e/ n i e ot r zy m uj e, ot r zy m uj e z ogr an i c zen i am i dos t ęp do s i ec i I P

44 Cyk l icz na k ontrol a 1. Ur ządzen i e n i eak t y wn e Pot wi er dzen i e, c zy ur ządzen i e z dan y m adr es em n i e uległo zm i an i e L 3 E A P S tatus Q uer y : N owa m etod a E A P pom i ęd z y C T A i r outer em (ni e A C S ) R outer cyk li cz ni e od pytuj e by upewni ć si ę że : 1 ) C T A j est wci ąż z ai nstalowane i ak tywne 2 ) ur z ąd z eni e k ońcowe j est wci ąż tym sam ym autor yz owanym ur z ąd z eni em 3 ) P ostur e ni e uleg ło z m i ani u Uwi er z ytelni eni e opar te o k eyed M A C 2. K on i ec zn ość pon own ego s pr awdzen i a pos t ur e s pr awdzen i e c i ągłośc i zgodn ośc i C T A wsk az uj e z m i anę postur e pr z ez br ak od powi ed z i na S tatus Q uer y, ur uch am i aj ąc pr oces ponowneg o spr awd z eni a

1.- L a m e j o r o p c ió n e s c l o na r e l d i s co ( s e e x p li c a r á d es p u é s ).

1.- L a m e j o r o p c ió n e s c l o na r e l d i s co ( s e e x p li c a r á d es p u é s ). PROCEDIMIENTO DE RECUPERACION Y COPIAS DE SEGURIDAD DEL CORTAFUEGOS LINUX P ar a p od e r re c u p e ra r nu e s t r o c o rt a f u e go s an t e un d es a s t r e ( r ot u r a d e l di s c o o d e l a

More information

8 / c S t a n d a r d w y m a g a ń - e g z a m i n c z e l a d n i c z y dla zawodu Ś L U S A R Z Kod z klasyfikacji zawodów i sp e cjaln oś ci dla p ot r ze b r yn ku p r acy Kod z klasyfikacji zawodów

More information

1 9 / m S t a n d a r d w y m a g a ń - e g z a m i n m i s t r z o w s k i dla zawodu M E C H A N I K P O J A Z D Ó W S A M O C H O D O W Y C H Kod z klasyfikacji zawodów i sp e cjaln oś ci dla p ot r

More information

1 7 / c S t a n d a r d w y m a g a ń - e g z a m i n c z e l a d n i c z y dla zawodu M E C H A N I K - M O N T E R M A S Z Y N I U R Z Ą D Z E Ń Kod z klasyfikacji zawodów i sp e cjaln oś ci dla p ot

More information

H ig h L e v e l O v e r v iew. S te p h a n M a rt in. S e n io r S y s te m A rc h i te ct

H ig h L e v e l O v e r v iew. S te p h a n M a rt in. S e n io r S y s te m A rc h i te ct H ig h L e v e l O v e r v iew S te p h a n M a rt in S e n io r S y s te m A rc h i te ct OPEN XCHANGE Architecture Overview A ge nda D es ig n G o als A rc h i te ct u re O ve rv i ew S c a l a b ili

More information

Cisco Security Agent (CSA) CSA je v í c eúčelo v ý s o f t w a r o v ý ná s t r o j, k t er ý lze p o už í t k v ynuc ení r ů zný c h b ezp ečno s t ní c h p o li t i k. CSA a na lyzuje c h o v á ní a

More information

Enterprise Data Center A c h itec tu re Consorzio Operativo Gruppo MPS Case S t u d y : P r o g et t o D i sast er R ec o v er y Milano, 7 Febbraio 2006 1 Il G r u p p o M P S L a B a n c a M o n t e d

More information

Campus Sustainability Assessment and Related Literature

Campus Sustainability Assessment and Related Literature Campus Sustainability Assessment and Related Literature An Annotated Bibliography and Resource Guide Andrew Nixon February 2002 Campus Sustainability Assessment Review Project Telephone: (616) 387-5626

More information

G d y n i a U s ł u g a r e j e s t r a c j i i p o m i a r u c z a s u u c z e s t n i k ó w i m p r e z s p o r t o w y c h G d y s k i e g o O r o d k a S p o r t u i R e k r e a c j i w r o k u 2 0

More information

C o a t i a n P u b l i c D e b tm a n a g e m e n t a n d C h a l l e n g e s o f M a k e t D e v e l o p m e n t Z a g e bo 8 t h A p i l 2 0 1 1 h t t pdd w w wp i j fp h D p u b l i c2 d e b td S t

More information

e Videobewaking ov er I P Marty K n o p e rt 1 A l l m z u l l b t g r u m a k h w k h w k z a l z r E p r m a r k t t c m a r k t Video vision: e vor en va n video en in de na ij e oek om st eb ik en

More information

G ri d m on i tori n g w i th N A G I O S (*) (*) Work in collaboration with P. Lo Re, G. S av a and G. T ortone WP3-I CHEP 2000, N F N 10.02.2000 M e e t i n g, N a p l e s, 29.1 1.20 0 2 R o b e r 1

More information

Device I n s t r u m en t a t io n E x a m p l es : I P S L A s & N et F l o w Presented by Emmanuel Tychon Techni cal M ark eti ng Eng i neer TU D resden, J anuary 1 7 th 2 0 0 7 1. C is co I O S I P

More information

W Cisco Kompetanse eek end 2 0 0 8 SMB = Store Mu ll ii gg hh eter! Nina Gullerud ng ulleru@ c is c o. c o m 1 Vår E n t e r p r i s e e r f a r i n g... 2 S m å o g M e llo m s t o r e B e d r i f t e

More information

ACE-1/onearm #show service-policy client-vips

ACE-1/onearm #show service-policy client-vips M A C E E x a m Basic Load Balancing Using O ne A r m M ode w it h S ou r ce N A T on t h e C isco A p p licat ion C ont r ol E ngine Goal Configure b a s ic l oa d b a l a nc ing (L a y er 3 ) w h ere

More information

1. Oblast rozvoj spolků a SU UK 1.1. Zvyšování kvalifikace Školení Zapojení do projektů Poradenství 1.2. Financování 1.2.1.

1. Oblast rozvoj spolků a SU UK 1.1. Zvyšování kvalifikace Školení Zapojení do projektů Poradenství 1.2. Financování 1.2.1. 1. O b l a s t r o z v o j s p o l k a S U U K 1. 1. Z v y š o v á n í k v a l i f i k a c e Š k o l e n í o S t u d e n t s k á u n i e U n i v e r z i t y K a r l o v y ( d á l e j e n S U U K ) z í

More information

SCO TT G LEA SO N D EM O Z G EB R E-

SCO TT G LEA SO N D EM O Z G EB R E- SCO TT G LEA SO N D EM O Z G EB R E- EG Z IA B H ER e d it o r s N ) LICA TIO N S A N D M ETH O D S t DVD N CLUDED C o n t e n Ls Pr e fa c e x v G l o b a l N a v i g a t i o n Sa t e llit e S y s t e

More information

I n s t r u k c j a o b s ł u g i p r o g r a m u Program Finansowo-K się gowy w e r s j a 1. 1 p o d W i n d o w s. W y d a w n i c t w o " G I D E X " S Z C Z E C I N - m a j - 2 0 0 2 W y ł ą c z n

More information

d e f i n i c j i p o s t a w y, z w i z a n e j e s t t o m. i n. z t y m, i p o jі c i e t o

d e f i n i c j i p o s t a w y, z w i z a n e j e s t t o m. i n. z t y m, i p o jі c i e t o P o s t a w y s p o і e c z e t s t w a w o b e c o s у b n i e p e і n o s p r a w n y c h z e s z c z e g у l n y m u w z g lb d n i e n i e m o s у b z z e s p o і e m D o w n a T h e a t t i t uodf

More information

SIV for VoiceXM 3.0: a n g u a g e a n d A p p l ica t ion D es ig n C on s id era t ion s Ken Rehor C i s c o S y s t em s, I nc. krehor@cisco.com March 05, 2009 G VoiceXM Application Architecture PSTN

More information

Application Note: Cisco A S A - Ce r t if ica t e T o S S L V P N Con n e ct ion P r of il e Overview: T h i s a p p l i ca ti o n n o te e x p l a i n s h o w to co n f i g u r e th e A S A to a cco m

More information

I n la n d N a v ig a t io n a co n t r ib u t io n t o eco n o m y su st a i n a b i l i t y

I n la n d N a v ig a t io n a co n t r ib u t io n t o eco n o m y su st a i n a b i l i t y I n la n d N a v ig a t io n a co n t r ib u t io n t o eco n o m y su st a i n a b i l i t y and KB rl iak s iol mi a, hme t a ro cp hm a5 a 2k p0r0o 9f i,e ls hv oa nr t ds eu rmv oedye l o nf dae cr

More information

m Future of learning Zehn J a hr e N et A c a d ei n E r f o l g s p r o g r a m Cisco E x p o 2 0 0 7 2 6. J u n i 2 0 0 7, M e sse W ie n C. D or n in g e r, b m u k k 1/ 12 P r e n t t z d e r p u t

More information

SCHOOL PESTICIDE SAFETY AN D IN TEG R ATED PEST M AN AG EM EN T Statutes put into law by the Louisiana Department of Agriculture & Forestry to ensure the safety and well-being of children and school personnel

More information

Opis przedmiotu zamówienia - zakres czynności Usługi sprzątania obiektów Gdyńskiego Centrum Sportu

Opis przedmiotu zamówienia - zakres czynności Usługi sprzątania obiektów Gdyńskiego Centrum Sportu O p i s p r z e d m i o t u z a m ó w i e n i a - z a k r e s c z y n n o c i f U s ł u i s p r z» t a n i a o b i e k t ó w G d y s k i e C eo n t r u m S p o r t us I S t a d i o n p i ł k a r s k i

More information

Practice Writing the Letter A

Practice Writing the Letter A Aa Practice Writing the Letter A A a A a Write a in the blank to finish each word. c t re h d Write A in the blank to finish each word. nn US ndy Bb Practice Writing the Letter B B b B l P b Write b in

More information

Using Predictive Modeling to Reduce Claims Losses in Auto Physical Damage

Using Predictive Modeling to Reduce Claims Losses in Auto Physical Damage Using Predictive Modeling to Reduce Claims Losses in Auto Physical Damage CAS Loss Reserve Seminar 23 Session 3 Private Passenger Automobile Insurance Frank Cacchione Carlos Ariza September 8, 23 Today

More information

FORT WAYNE COMMUNITY SCHOOLS 12 00 SOUTH CLINTON STREET FORT WAYNE, IN 468 02 6:02 p.m. Ma r c h 2 3, 2 015 OFFICIAL P ROCEED ING S Ro l l Ca l l e a r d o f h o o l u e e o f t h e r t y m m u t y h o

More information

Put the human back in Human Resources.

Put the human back in Human Resources. Put the human back in Human Resources A Co m p l et e Hu m a n Ca p i t a l Ma n a g em en t So l u t i o n t h a t em p o w er s HR p r o f essi o n a l s t o m eet t h ei r co r p o r a t e o b j ect

More information

PSTN. Gateway. Switch. Supervisor PC. Ethernet LAN. IPCC Express SERVER. CallManager. IP Phone. IP Phone. Cust- DB

PSTN. Gateway. Switch. Supervisor PC. Ethernet LAN. IPCC Express SERVER. CallManager. IP Phone. IP Phone. Cust- DB M IPCC EXPRESS Product Solution (IPCC - IP Co n t a c t Ce n t e r ) E i n f ü h r u n g Ü b e r h u nd e r t M il l io ne n N u t ze r - P r o g no s e n zu f o l g e w e r d e n e s in d ie s e m J ah

More information

The Business Case for D om aink ey s I d ent ified M ail Andy Spillane V ic e P r es ident, Y ah o o! M February 13, 2006 ail 1 Fighting Spam & Email Abuse R eq uir es a M ulti-fac eted Appr o ac h DomainKeys

More information

Victims Compensation Claim Status of All Pending Claims and Claims Decided Within the Last Three Years

Victims Compensation Claim Status of All Pending Claims and Claims Decided Within the Last Three Years Claim#:021914-174 Initials: J.T. Last4SSN: 6996 DOB: 5/3/1970 Crime Date: 4/30/2013 Status: Claim is currently under review. Decision expected within 7 days Claim#:041715-334 Initials: M.S. Last4SSN: 2957

More information

First A S E M R e c to rs C o n f e re n c e : A sia E u ro p e H ig h e r E d u c a tio n L e a d e rsh ip D ia l o g u e Fre ie U n iv e rsitä t, B e rl in O c to b e r 2 7-2 9 2 0 0 8 G p A G e e a

More information

Bonn Declaration on Regional Cooperation in Quality Assurance in Higher Education Adopted on 20 June 2007 during the Conference Enhancing Quality Across Borders R egional Cooperation in Quality Assurance

More information

UNDERSTANDING FLOW PROCESSING WITHIN THE CISCO ACE M ODULE Application de liv e r y pr odu cts can distr ib u te tr af f ic to applications and w e b se r v ice s u sing v ar y ing le v e ls of application

More information

Unit 16 : Software Development Standards O b jec t ive T o p r o v id e a gu ide on ho w t o ac h iev e so f t wa r e p r o cess improvement through the use of software and systems engineering standards.

More information

IronPort Gateway Security Products The Leader in Communication Security Reiner Baumann IronPort Systems The Principles of Industry Leadership A n a l y s t L e a d e r s h i p R e c o g n i z e d a s t

More information

G S e r v i c i o C i s c o S m a r t C a r e u ي a d e l L a b o r a t o r i o d e D e m o s t r a c i n R ل p i d a V e r s i n d e l S e r v i c i o C i s c o S m a r t C a r e : 1 4 ع l t i m a A c

More information

Video og IP TV - h v or da n p هv ir k es n et t v er k en e? t t a d A c c o u n t M a n a g S P / T o m S m t Ole-P et er R s er elec eg en 1 Hva gjorde vi u t en T V.... 2 2 0 0 m il l s am t idige

More information

How to Subnet a Network How to use this paper Absolute Beginner: Read all Sections 1-4 N eed a q uick rev iew : Read Sections 2-4 J ust need a little h elp : Read Section 4 P a r t I : F o r t h e I P

More information

Collaboration in Public H e alth be tw e e n U niv e rs ity of H e id e lbe rg and U niv e rs ity of D ar e s S alaam How t h e c oop e r a t i on e m e r g e d Informal c ont ac t s from e arly 1 9

More information

Positioning 40 and 100 GbE in data center inter-sw itch l ink ap p l ications and 40GbE PM D recom m endations Adam Carter, Cisco Al essan dro B arb ieri, Cisco 1 m Data Center inter-s w itc h l ink ap

More information

3 k t h R e m e A c c e s s b t t t V T T c h t h p V T. Cl ic e ot rad io ut on nex o PN unnel yp e and oose e ap rop riat e PN unnel Int erfac e. 4.

3 k t h R e m e A c c e s s b t t t V T T c h t h p V T. Cl ic e ot rad io ut on nex o PN unnel yp e and oose e ap rop riat e PN unnel Int erfac e. 4. C i s c o P r o f i l e C o n t a c t s & F e e d b a c k H e l p Cisc o SM B Sup p ort Assist ant Configure ASA/PIX as Easy VPN Server or Client H om e > W ork W it h M y Sec urit y D ev ic es > Cisc

More information

Data Center end users for 40G/100G and market dy nami c s for 40G/100G on S M F Adam Carter Ci s c o 1 W Now that 40GbE is part of the IEEE 802.3ba there will be a wid er array of applic ation s that will

More information

G d y n i a B u d o w a b o i s k a w i e l o f u n k c y j n e g o o n a w i e r z c h n i p o l i u r e t a n o w e j p r z y S z k o l e P o d s t a w o w e j n r 3 5 w G d y n i N u m e r o g ł o s

More information

i n g S e c u r it y 3 1B# ; u r w e b a p p li c a tio n s f r o m ha c ke r s w ith t his å ] í d : L : g u id e Scanned by CamScanner

i n g S e c u r it y 3 1B# ; u r w e b a p p li c a tio n s f r o m ha c ke r s w ith t his å ] í d : L : g u id e Scanned by CamScanner í d : r ' " B o m m 1 E x p e r i e n c e L : i i n g S e c u r it y. 1-1B# ; u r w e b a p p li c a tio n s f r o m ha c ke r s w ith t his g u id e å ] - ew i c h P e t e r M u la e n PACKT ' TAÞ$Æo

More information

R e t r o f i t o f t C i r u n i s g e C o n t r o l

R e t r o f i t o f t C i r u n i s g e C o n t r o l R e t r o f i t o f t C i r u n i s g e C o n t r o l VB Sprinter D e s c r i p t i o n T h i s r e t r o f i t c o n s i s t s o f i n s t a l l i n g a c r u i s e c o n t r o l s wi t c h k i t i n

More information

M Official Bologna S e m inar Joint d e gr e e s- A H allm ar k of t h e E u r op e an H igh e r E d u cat ion A r e a? R e s u l t s o f q u e s t i o n n a i r e s e n t t o B o l o g n a F o l l o w

More information

Der Bologna- P roz es s u nd d i e S t aat s ex am Stefan Bienefeld i na Service-St el l e B o l o g n a d er H R K Sem in a r D er B o l o g n a P ro z es s U m s et z u n g u n d M it g es t a l t u

More information

III Bienal de Autismo Página 1 / 43

III Bienal de Autismo Página 1 / 43 III Bienal de Autismo Página 1 / 43 A Direcção da APPDA N ort e dá -v os as B oas V in das à I I I B ien al de Au t is m q u e es t a corres p on da à s v os s as ex p ect at iv as com o t em a em deb

More information

IntИg r a ti o n d e s s o l u ti o ns IB M e t C i s c o : C o l l a b o r a ti o n e t C o m m u ni c a ti o ns U ni f i Иe s ( U C 2 ) Mathieu in tr at Sales Business ev elop ent anag er om unic at

More information

proxy cert request dn, cert, Pkey, VOMS cred. (short lifetime) certificate: dn, ca, Pkey mod_ssl pre-process: parameters->

proxy cert request dn, cert, Pkey, VOMS cred. (short lifetime) certificate: dn, ca, Pkey mod_ssl pre-process: parameters-> Overview of the New S ec u rity M od el WP6 Meeting V I D t G R I D C o nf er enc e B r c el o ne, 1 2-1 5 M y 2 0 0 3 Overview focus is on VOMS C A d e t il s r e in D 7. 6 Se cur it y D e sig n proxy

More information

CORSO AVANZATO DI NEGOZIAZIONE Un laboratorio intensivo per lo sviluppo e la pratic a d elle c apac ità neg oz iali Scotwork Italia S.r.l. C op y rig h t 2 0 0 6 1 O I m p l t l t z o l N o z n n l h l

More information

EM EA. D is trib u te d D e n ia l O f S e rv ic e

EM EA. D is trib u te d D e n ia l O f S e rv ic e EM EA S e c u rity D e p lo y m e n t F o ru m D e n ia l o f S e rv ic e U p d a te P e te r P ro v a rt C o n s u ltin g S E p p ro v a rt@ c is c o.c o m 1 A g e n d a T h re a t U p d a te IO S Es

More information

Thuraya XT-LITE Simple. Reliable. Affordable.

Thuraya XT-LITE Simple. Reliable. Affordable. Thuraya XT-LITE Simple. Reliable. Affordable. www.thuraya.com Follow us on /thurayatelecom Stayi n g c on n ec ted has n ever b een thi s eas y. In trodu c i n g T hu raya X T -LIT E, the wo r l d s be

More information

«С e n tra l- A s ia n E le c tric - P o w e r C o rp o ra tio n», JS C

«С e n tra l- A s ia n E le c tric - P o w e r C o rp o ra tio n», JS C J o in t - s t o c k c o m p C E N T R A L - A S IA N E L E C T R IC P O W a n y E R C O R P O R A T IO N I n t e r n a l A u d i t P O L IC Y o f J o in t - S t o c k C o m p a n y C E N T R A L - A S

More information

M Fast forward into th e fu tu re Accelerating b u s ines s o p p o rtu nity and natio nal p ro s p erity Viktor Kovacs anaging D irecto r H u ngary & Ad riatic R egio n C h a n g e t h e w o r l d» O

More information

BLADE 12th Generation. Rafał Olszewski. Łukasz Matras

BLADE 12th Generation. Rafał Olszewski. Łukasz Matras BLADE 12th Generation Rafał Olszewski Łukasz Matras Jugowice, 15-11-2012 Gl o b a l M a r k e t i n g Dell PowerEdge M-Series Blade Server Portfolio M-Series Blades couple powerful computing capabilities

More information

Future Trends in Airline Pricing, Yield. March 13, 2013

Future Trends in Airline Pricing, Yield. March 13, 2013 Future Trends in Airline Pricing, Yield Management, &AncillaryFees March 13, 2013 THE OPPORTUNITY IS NOW FOR CORPORATE TRAVEL MANAGEMENT BUT FIRST: YOU HAVE TO KNOCK DOWN BARRIERS! but it won t hurt much!

More information

Second Grade Phonics Scope and Sequence With Concepts of Print and Phonemic Awareness

Second Grade Phonics Scope and Sequence With Concepts of Print and Phonemic Awareness Second Grade Phonics Scope and Sequence With Concepts of Print and Phonemic Awareness Revised 8/22/13 CCSS CCSS.ELA-Literacy.RF.2.3 Know and apply grade-level phonics and word analysis skills in decoding

More information

Morningstar Document Research

Morningstar Document Research Morningstar Document Research FORM8-K EMC INSURANCE GROUP INC - EMCI Filed: May 11, 2016 (period: May 11, 2016) Report of unscheduled material events or corporate changes. The information contained herein

More information

Vom prozessorientierten Wissensmanagement zum intelligenten Engineering-Portal

Vom prozessorientierten Wissensmanagement zum intelligenten Engineering-Portal Vom prozessorientierten Wissensmanagement zum intelligenten Engineering-Portal Praxisbericht aus der Entwicklung von Hochauftriebsystemen für Verkehrsflugzeuge KnowTech Stuttgart, 24.-25.10.2012 Thomas

More information

Online Department Stores. What are we searching for?

Online Department Stores. What are we searching for? Online Department Stores What are we searching for? 2 3 CONTENTS Table of contents 02 Table of contents 03 Search 06 Fashion vs. footwear 04 A few key pieces 08 About SimilarWeb Stepping up the Competition

More information

B R T S y s te m in S e o u l a n d In te g r a te d e -T ic k e tin g S y s te m

B R T S y s te m in S e o u l a n d In te g r a te d e -T ic k e tin g S y s te m Symposium on Public Transportation in Indian Cities with Special focus on Bus Rapid Transit (BRT) System New Delhi 20-21 Jan 2010 B R T S y s te m in S e o u l a n d In te g r a te d e -T ic k e tin g

More information

PRIMER TESTIMONIO. -F o l i o n ú m e r o 1 2 0. ḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋ ESC RITU RA NU MERO TREINTA.- E n l a c i u d a d d e B u e n os A i r e s, c a p i t a l d e l a R e p ú b l i c

More information

C e r t ifie d Se c u r e W e b

C e r t ifie d Se c u r e W e b C r t ifi d S c u r W b Z r t ifizi r t Sic h r h it im W b 1 D l gat s N ic o las M ay n c o u r t, C EO, D r am lab T c h n o lo gi s A G M ar c -A n d r é B c k, C o n su lt an t, D r am lab T c h n

More information

M I L I TARY SPEC I F I CAT I ON A I RPLANE STRENGTH ANO R I G I D I TY OATA AND REPORTS

M I L I TARY SPEC I F I CAT I ON A I RPLANE STRENGTH ANO R I G I D I TY OATA AND REPORTS mm L - A - 88688 ( AS ) ANENOMENT 24 MAY 99 M L TARY SPEC F CAT ON A RPLANE STRENGTH ANO R G D TY OATA AND REPORTS Th s amendmen t f o r ms a pa r t o f M L - A - 8868, da t ed 20 Ma y 987, and s app r

More information

Ontwikkelingen van R o u ter N etwer ken Fred Rabouw 1 3-t i e r R o u t e r N e t w e r k e n. Core: forwarden van grote h oeveel h eden data. D i s tri b u ti e: Cl as s i fi c eren en fi l teren A c

More information

W Regional Cooperation in the Field of A u tom otiv e E ngineering in S ty ria Dr. Peter Riedler 2 9.1 1.2 0 1 1 i e n GmbH Graz B u s ines s S trategy S ty ria 2 0 2 0 H is tory 1 9 9 4 1 9 9 5 1 9 9

More information

Drive your marketing with Cisco Get more from your SMB marketing with Cisco Marketing Serv ices Quick Reference Guide All co n t e n t s a r e C o p y r i g h t 20 0 8 C i s co S y s t e m s, I n c. All

More information

Understanding, Modelling and Improving the Software Process. Ian Sommerville 1995 Software Engineering, 5th edition. Chapter 31 Slide 1

Understanding, Modelling and Improving the Software Process. Ian Sommerville 1995 Software Engineering, 5th edition. Chapter 31 Slide 1 Process Improvement Understanding, Modelling and Improving the Software Process Ian Sommerville 1995 Software Engineering, 5th edition. Chapter 31 Slide 1 Process improvement Understanding existing processes

More information

B I N G O B I N G O. Hf Cd Na Nb Lr. I Fl Fr Mo Si. Ho Bi Ce Eu Ac. Md Co P Pa Tc. Uut Rh K N. Sb At Md H. Bh Cm H Bi Es. Mo Uus Lu P F.

B I N G O B I N G O. Hf Cd Na Nb Lr. I Fl Fr Mo Si. Ho Bi Ce Eu Ac. Md Co P Pa Tc. Uut Rh K N. Sb At Md H. Bh Cm H Bi Es. Mo Uus Lu P F. Hf Cd Na Nb Lr Ho Bi Ce u Ac I Fl Fr Mo i Md Co P Pa Tc Uut Rh K N Dy Cl N Am b At Md H Y Bh Cm H Bi s Mo Uus Lu P F Cu Ar Ag Mg K Thomas Jefferson National Accelerator Facility - Office of cience ducation

More information

Scope and Sequence - Synthetic Phonics Schedule

Scope and Sequence - Synthetic Phonics Schedule Correspondences () Kindy/Prep/Pre-Primary Kindy/Prep/Pre-Primary Term 1 Basic Code Power 1 Getting to Grips with Handwriting s m c t g p a o I, the, was, to, are, she Reading and beginning to spell Vocabulary

More information

Payor Sheet for Medicare Part D/ PDP and MA-PD

Payor Sheet for Medicare Part D/ PDP and MA-PD Payor Specification Sheet for MEDICARE PART D/PDP AND MA-PD PRIME THERAPEUTICS LLC CLIENTS JANUARY 1, 2006 (Page 1 of 8) BIN: PCN: See BINs on page 2 (in bold red type) See PCNs on page 2 (in bold red

More information

CREATE SHAPE VISUALIZE

CREATE SHAPE VISUALIZE SHAPE VISUALIZE B I M E q u i t y BIM Workflow Guide SHAPE VISUALIZE Introduction We o e to t e r t ook i t e BIM Workflow erie I t e o owi ter we wi o er e eryt i eeded or you to ter t e i o re ti i d

More information

Overview of Spellings on www.spellzoo.co.uk

Overview of Spellings on www.spellzoo.co.uk Overview of Spellings on www.spellzoo.co.uk Year 1 Set 1: CVC words Set 2: CVC and CCVC words Set 3: CVC, CCVC and CCVCC words Set 4: Words containing 'ch', 'sh', 'th' and 'wh' Set 5: Words ending in 'll',

More information

M Mobile Based Clinical Decision Support System Bhudeb Chakravarti & Dr. Suman Bhusan Bhattacharyya Provider & Public Health Group, VBU-HL P S aty am C om puter S ervices L im ited Bhudeb_ C hak ravarti@

More information

Workload Management Services. Data Management Services. Networking. Information Service. Fabric Management

Workload Management Services. Data Management Services. Networking. Information Service. Fabric Management The EU D a t a G r i d D a t a M a n a g em en t (EDG release 1.4.x) T h e Eu ro p ean Dat agri d P ro j ec t T eam http://www.e u - d a ta g r i d.o r g DataGrid is a p ro j e c t f u n de d b y th e

More information

UNIK4250 Security in Distributed Systems University of Oslo Spring 2012. Part 7 Wireless Network Security

UNIK4250 Security in Distributed Systems University of Oslo Spring 2012. Part 7 Wireless Network Security UNIK4250 Security in Distributed Systems University of Oslo Spring 2012 Part 7 Wireless Network Security IEEE 802.11 IEEE 802 committee for LAN standards IEEE 802.11 formed in 1990 s charter to develop

More information

AN EVALUATION OF SHORT TERM TREATMENT PROGRAM FOR PERSONS DRIVING UNDER THE INFLUENCE OF ALCOHOL 1978-1981. P. A. V a le s, Ph.D.

AN EVALUATION OF SHORT TERM TREATMENT PROGRAM FOR PERSONS DRIVING UNDER THE INFLUENCE OF ALCOHOL 1978-1981. P. A. V a le s, Ph.D. AN EVALUATION OF SHORT TERM TREATMENT PROGRAM FOR PERSONS DRIVING UNDER THE INFLUENCE OF ALCOHOL 1978-1981 P. A. V a le s, Ph.D. SYNOPSIS Two in d ep en d en t tre a tm e n t g ro u p s, p a r t ic ip

More information

RELEASE OF LIABILITY, WAIVER OF CLAIMS, ASSUMPTION OF RISKS AND INDEMNITY AGREEMENT

RELEASE OF LIABILITY, WAIVER OF CLAIMS, ASSUMPTION OF RISKS AND INDEMNITY AGREEMENT RELEASE OF LIABILITY, WAIVER OF CLAIMS, ASSUMPTION OF RISKS AND INDEMNITY AGREEMENT BY SIGNING THIS DOCUMENT, YOU WILL GIVE UP CERTAIN LEGAL RIGHTS, INCLUDING THE RIGHT TO SUE, CLAIM DAMAGES AND SEEK COMPENSATION

More information

QuesCom I P -T E L E F O N I E & G S M -G A T E W A Y S Robert Urban D i rec tor I nternati onal S al es Agenda Üb e r Q u e s C o m K u n d e n M a r k t üb e r s i c h t Q u e s c o m Lös u n g Q u e

More information

CUSTOMER INFORMATION SECURITY AWARENESS TRAINING

CUSTOMER INFORMATION SECURITY AWARENESS TRAINING CUSTOMER INFORMATION SECURITY AWARENESS TRAINING IN T RO DUCT ION T h i s c o u r s e i s d e s i g n e d to p r o v i d e yo u w i t h t h e k n o w l e d g e to p r o t e c t y o u r p e r s o n a l

More information

JCUT-3030/6090/1212/1218/1325/1530

JCUT-3030/6090/1212/1218/1325/1530 JCUT CNC ROUTER/CNC WOODWORKING MACHINE JCUT-3030/6090/1212/1218/1325/1530 RZNC-0501 Users Guide Chapter I Characteristic 1. Totally independent from PC platform; 2. Directly read files from U Disk; 3.

More information

Form: Parental Consent for Blood Donation

Form: Parental Consent for Blood Donation A R C Wt, C 20006 Ptl Ct f B i Ifi T f t y t ll f i y tl t q y t l A R C ly. Pl ll 1-800-RE-CROSS (1-800-733-2767) v. if y v q r t t i I iv t f yr,, t, y v t t: 1. Y y t t l i ly, 2. Y y t t t l i ( k

More information

OPENBARE ZITTING 1. U ni f o r m e a l g e m e ne p o l i t i e v e r o r d e ni ng e n p u nc t u e l e i m p l e m e nt a t i e GAS ( g e m e e nt e l i j k e a d m i ni s t r a t i e v e s a nc t i

More information

MPLS VPN (RFC2547bis) Seminar P c h i u p c h i. i u p c h i @ c i s c c Umberto os mberto@ os t os o. om Umberto P os c h i 1 MPLS What i t I s N o t an d What I t I s MPLS IS NOT a mechanism that allows

More information

HB 2517. REFERENCE TI TLE: f i r e a r ms ; s t a t e pr e e mpt i on; pe na l t i e s

HB 2517. REFERENCE TI TLE: f i r e a r ms ; s t a t e pr e e mpt i on; pe na l t i e s REFERENCE TI TLE: f i r e a r ms ; s t a t e pr e e mpt i on; pe na l t i e s St a t e of Ar i z ona Hous e of Re pr e s e nt a t i ve s Fi f t y- f i r s t Le gi s l a t ur e Se c ond Re gul a r Se s

More information

Ataques d e N eg açã o d e S er v i ço (D os / D D os ) Téc n i c as d e M i t i g açã o u t i l i z an d o a R e d e Andrey Lee E ng enh ei ro de S i s t em S erv i c e P ro v i ders a s 2 0 0 6 C i s

More information

HR DEPARTMENTAL SUFFIX & ORGANIZATION CODES

HR DEPARTMENTAL SUFFIX & ORGANIZATION CODES HR DEPARTMENTAL SUFFIX & ORGANIZATION CODES Department Suffix Organization Academic Affairs and Dean of Faculty, VP AA 1100 Admissions (Undergraduate) AD 1330 Advanced Ceramics, Colorado Center for--ccac

More information

D The Joint Master of Science eg ree C ou rse in V eterinary P u b l ic H eal th ( MScVPH), F U -C MU Dr. L e rt ra k S ri k i t j a k a rn R e g i o n a l C e n t re f o r V e t e ri n a ry P u b l i

More information

CROMERR Made Easier Eric Cleckler, Alabama DEM Greg Mitchell, U.S. EPA

CROMERR Made Easier Eric Cleckler, Alabama DEM Greg Mitchell, U.S. EPA CROMERR Made Easier Eric Cleckler, Alabama DEM Greg Mitchell, U.S. EPA 2015 Exchange Network National Meeting Supporting the Business of Environmental Protection September 29 October 1, 2015 Sheraton Philadelphia

More information

Workload Management Services. Data Management Services. Networking. Information Service. Fabric Management

Workload Management Services. Data Management Services. Networking. Information Service. Fabric Management The EU D a t a G r i d I n f o r m a t i o n a n d M o n i t o r i n g S er v i c es The European D at ag ri d P roj ec t Team http://www.eu- d a ta g r i d.o r g DataGrid is a p ro j e c t f u n de d

More information

Internationalization strategy of the SEPT Program Design of market-oriented training and ed u c ation p rod u c ts Utz D o r n b e r g e r ( Un i v e r s i ty o f L e i p zi g ) & N g u y e n T h i T h

More information

Excel Invoice Format. SupplierWebsite - Excel Invoice Upload. Data Element Definition UCLA Supplier website (Rev. July 9, 2013)

Excel Invoice Format. SupplierWebsite - Excel Invoice Upload. Data Element Definition UCLA Supplier website (Rev. July 9, 2013) Excel Invoice Format Excel Column Name Cell Format Notes Campus* Supplier Number* Invoice Number* Order Number* Invoice Date* Total Invoice Amount* Total Sales Tax Amount* Discount Amount Discount Percent

More information

Auburn University Style Guide & Identification Standards Manual

Auburn University Style Guide & Identification Standards Manual y E k H PM 28 C 9 C MY M y K v B 10 k 0% : 60 64 % % x 11 C M MY Y K v 6 97 1% : % P PM 17 C 2 M MY Y K v 6 88 6% : % P PM 15 8 PM 17 2 B R G ID E & PM ID P E 15 8 T IC IF T IO PM 17 2 D T R D M L 0 0

More information

bow bandage candle buildings bulb coins barn cap corn

bow bandage candle buildings bulb coins barn cap corn b c bow bandage candle buildings bulb coins barn cap corn Copyright (C) 1999 Senari Programs Page 1 SoundBox Montessori d f darts dice door dove forest farm film foot fish Copyright (C) 1999 Senari Programs

More information

CROSS REFERENCE. Cross Reference Index 110-122. Cast ID Number 110-111 Connector ID Number 111 Engine ID Number 112-122. 2015 Ford Motor Company 109

CROSS REFERENCE. Cross Reference Index 110-122. Cast ID Number 110-111 Connector ID Number 111 Engine ID Number 112-122. 2015 Ford Motor Company 109 CROSS REFERENCE Cross Reference Index 110-122 Cast ID Number 110-111 Connector ID Number 111 112-122 2015 Ford Motor Company 109 CROSS REFERENCE Cast ID Number Cast ID Ford Service # MC Part # Part Type

More information

SEATTLE CENTRAL COMMUNITY COLLEGE DIVISION OF SCIENCE AND MATHEMATICS. Oxidation-Reduction

SEATTLE CENTRAL COMMUNITY COLLEGE DIVISION OF SCIENCE AND MATHEMATICS. Oxidation-Reduction SEATTLE CENTRAL COMMUNITY COLLEGE DIVISION OF SCIENCE AND MATHEMATICS OxidationReduction Oxidation is loss of electrons. (Oxygen is EN enough to grab e away from most elements, so the term originally meant

More information