Transparent cryptographic embedded computer system
|
|
- Imogene Arnold
- 8 years ago
- Views:
Transcription
1 Transparent cryptographic embedded computer system Juraj Michalák* Slovak University of Technology Faculty of Informatics and Information Technologies Ilkovičova 3, Bratislava, Slovakia Abstract. The paper deals with the security of application layer protocols and their data. The security functions are implemented by an embedded computer system. We mean security mostly in terms of public key encryption and signing of transported data. The aim is to design and implement software for that security including its monitoring and administration and of encryption keys administration as well. In particular, we focus on automatized public key on-the-fly encryption and signing of electronic mail messages according to S/MIME standard through embedded computer system, of which function can be shortly described as brouter with transparent SMTP proxy. 1 Introduction Nowadays we live in world where an enormous number of common people with only pseudo-understanding of technical details are fairishly using personal computers and the Internet in a large extent. It was difficult task for IT personel to achieve this goal. If we lived in utopian world, there would be no danger of using all those new technologies. But empathy is exception rather than the rule. Therefore, security has been developing all the time. Security as the result of humanity or bestiality? Security is source of the complicacy for common users. There are two basic types of security settings, simplified (mainly for common users) and professional security settings, which have impact on quality of security. Finally the acquired security depends also on end-user interaction. Solutions without end-user interaction like * Supervisor: Assoc. Professor Dr. Ing. Ladislav Hudec CSc., Institute of Computer Systems and Networks, Faculty of Informatics and Information Technologies STU in Bratislava. IIT.SRC 2009, Bratislava, April 29, 2009, pp. 1 8.
2 2 Juraj Michalák IPsec 1, VPN 2 and TLS/SSL 3 are preferred because of common users, who don t like to interact too much and they are origin of considerable number of security incidents too. Solutions mentioned above provide security for transfer between communication endpoints and are insufficient for type of communication like SMTP (Simple Mail Transfer Protocol [6]), where messages travels from the node where message was created to the destination node potentially via several nodes. S/MIME is appropriate standard for secure electronic mail messaging [10], [4]. In this paper, S/MIME is employed to provide automatized secure electronic mail messaging between organization boundaries without common user interaction needed and without necessity of extensive configuration changes to existing infrastructure. The proposed embedded computer system was implemented in GNU/Linux environment with use of linux bridge, ebtables, netfilter, iptables, advanced routing and tproxy patch to achieve brouter with transparent SMTP proxy functionality (see 4.1). In order to get the S/MIME and X.509 [5] certification functionality, cryptlib [5] was chosen as basic cryptographic library. 2 Embedded computer system Alix system board from PC Engines as embedded computer system was chosen. It contains 5x86 compatible CPU and used operating system is Voyage Linux (Debian derivative) which has been developing directly for this platform. This environment is very similar to standard GNU/Linux PC. 2.1 Technical details Most interesting technical details [7]: 500 MHz AMD Geode LX800 CPU 256 MB DDR DRAM Storage: CompactFlash socket Power: DC jack or passive POE, min. 7V to max. 20V, peak power consumption is about 6W without minipci cards and USB devices Three front panel LEDs, one pushbutton Expansion: 1 minipci slot, LPC bus Connectivity: 3x 100Mbit Ethernet channels (Via VT6105M 10/100) I/O: DB9 serial port, dual USB 2.0 port Board size: 6 x 6" (152.4 x mm) 1 IPsec (Internet Protocol Security) is suite of protocols for securing IP (Internet Protocols) communication in network layer of the OSI (Open Systems Interconnection) reference model. 2 VPN (Virtual Private Network) has many applications. One common is authentication and content encryption. 3 TLS (Transport Layer Security)/SSL (Secure Socket Layer) are cryptographic protocols for security and integrity of communication over TCP/IP.
3 Transparent cryptographic embedded computer system 3 Firmware: tinybios 3 Designed software overview Presented embedded computer system provides automatized security for the messages transported between organization boundaries. More accurately, it provides transparent SMTP proxy [13] for communication between local and remote SMTP server and according to designed logic it is able to encrypt and sign or decrypt and verify the authenticity of transported messages by S/MIME standard. The benefit of this transparent solution is that there is no need to change local SMTP server configuration. Figure 1. Network environment overview. Our application is represented by local process on the embedded system. SMTP communication passing over embedded system has to be redirected into TCP/IP stack 4 of Linux kernel in order to be delivered to that local process and the rest of communication is bridged 5. Therefore, the embedded system is considered a brouter 6. The local process performs on-the-fly processing of SMTP communication because it has to be transparent and also the storage resources of embedded system are limited. Two cryptographic standards were analysed, OpenPGP [10] and S/MIME. Only the latter was adopted because electronic signature is placed after signed data in its message format, what is inevitable for on-the-fly signing (signature can be computed after all of message data are known [10]). 4 TCP/IP stack or Internet protocol Suite is set of communication protocols and may be viewed as set of layers. 5 Network bridge connects multiple network segments at data link layer according to the IEEE 802.1D standard 6 Brouter or Bridge Router works as network bridge and as router at the same time.
4 4 Juraj Michalák As S/MIME was adopted, PKI based on X.509 is used for certificate creation, registration, verification, revocation and other handling. Central management server is used for certificate distribution in community of our embedded systems but also local administration web interface can be used to manage local certificate database of one embedded system. Community of embedded systems is set of embedded systems which are intended to secure the messages transferred with one another. 4 Details of concept In previous section we have described the basic concept of our solution. More details are mentioned in this section. 4.1 Brouter with transparent SMTP proxy All communication is bridged except SMTP which is redirected to kernel s routing process what is implemented by Linux bridge [12] and ebtables [3], [9]. SMTP communication is then in routing process redirected to our local process which finally establishes connection with SMTP client (initiator of connection) and server. Both are in assumption that they are communicating directly. This is achieved by TProxy patch for netfilter and iptables and by Linux advanced routing [1]. Local process provides mentioned automatized on-the-fly encryption and signing. Figure 2. Detailed view of brouter with transparent proxy Two modes of bridge interface are implemented:
5 Transparent cryptographic embedded computer system 5 Bridge interface has assigned local IP address (statically or dynamically by local DHCP 7 server). So the embedded system is reachable from local network. Bridge interface has assigned special IP address (only for internal usage) and has disabled use of ARP 8 protocol. ARP table is managed by self implemented ARP manager tool which inspects SMTP packets in order to insert address mapping records into ARP table. This mode of operation is unconventional but provides fully transparent and plug-and-play solution with administration through central management server. 4.2 On-the-fly S/MIME Our local application must understand SMTP and MIME [4] in order to collect enough information to make message encryption or decryption decision. For S/MIME enveloping and signing we have used cryptlib cryptographic library [5]. For example we look at S/MIME enveloping process [10]: 1. Generate pseudorandom session key for symmetric encryption algorithm. 2. For each recipient, encrypt the session key with his public key. 3. For each recipient, prepare a block RecipientInfo that contains an identifier of the recipient s public key certificate, an identifier of the session key encryption algorithm, and the encrypted session key. 4. Encrypt the MIME entity content with the session key the CMS object was created which consists of RecipientInfo block and encrypted MIME entity. 5. Create new MIME entity from that CMS object which has to be encoded into textual form (e.g. by Base64 encoding). 4.3 Message securing logic Firstly we divide community of users into two sets called local and remote users. Local users own accounts on local SMTP server and by contrast remote users own e- mail accounts on remote SMTP server. Every embedded system has its own private key and certificate (key pair). For advanced security users also can have their own private key and certificate. Basic premise is that our application on embedded system has available local private key database of local users and certificate database of remote embedded systems, local users and remote users. The latter one contains certificates of all remote embedded systems and users for which will be messages secured (also as premise). These databases are managed locally by web interface administrator or in automatized fashion by central management server. Messages can be signed with use of embedded system s private key or even local user s private key but message authenticity is 7 DHCP (Dynamic Host Configuration Protocol) is network application protocol used by devices in order to obtain configuration for its operation in an Internet Protocol network environment. 8 ARP (Address Resolution Protocol) is protocol for building table which is used for translation of network layer address into data link layer address.
6 6 Juraj Michalák always considered in regard to embedded system, because the system signs messages not user s workstation. Basic rules for message securing: Encrypt outbound message if the recipient s certificate (or only remote embedded system s certificate) is available. Then sign the message with private key of sender or embedded system. If recipient s certificate is not available, outbound message is not encrypted. Optionally sign the message with use of sender s private key, but create detached S/MIME signature because it is probable that recipient has no S/MIME capable tool. This can lead to expansion of S/MIME because recipient can be interested by presence of that digital signature in received message. Inbound encrypted message is decrypted if the corresponding private key is available. If inbound message is signed and corresponding certificate is available in local database the signature is verified. If that certificate is not available, it is added into database and process of its validity checking is started. After the validity has been checked, certificate can be used for signature verification. Question is what to do with messages for mixed recipients who are recipients with and without certificate in local database. There are two policies for this situation, the first one is restrictive where message is encrypted and sent only to recipients with available certificate. Second is liberal, message is handled as with the first policy and in addition it is sent unaltered to recipients without certificate in local database. Problem is that message sending has to be divided in encrypted message sending and unaltered message sending. It has two solutions: Second concurrent connection to original destination SMTP server is created for unaltered message delivery. Some SMTP servers prohibit multiple concurrent connections from one source, what means that this solution is not usable every time. Second concurrent connection to dedicated SMTP Relay server is created for unaltered message delivery. That server then delivers unaltered message to original destination SMTP server. Our embedded system attempts to apply the first solution and the result of this effort is stored into database for given destination SMTP server. If result is negative second solution is used. 4.4 Concurrent server design Our embedded system has to handle many hundreds or thousands of concurrent connections between SMTP clients and server. Nowadays the huge volume of spam is also considerable. So there is a need to have good concurrent server design. Thread pool design pattern was used in form of pre-threaded server with per thread connection accept [11]. One connection thread is in fact represented by two threads, one for client-server direction and another for server-client direction of
7 Transparent cryptographic embedded computer system 7 communication. As a defense against spam the application layer SMTP tar-pitting was implemented. 5 Conclusion Our embedded computer system provides confidentiality, integrity and authenticity for electronic messages transferred between organization boundaries according to S/MIME standard. Network transparency and minimal requirements for changes in existing infrastructure and configuration are its worthwile features. For administration local web interface and central management server can be used. Central management server is also responsible for automatized distribution of certificates in community of embedded systems. It can be done manually too, by local web interface. At least one certification and registration authority is required because of PKI and one SMTP Relay server is required because of mentioned solution for delivery of messages with mixed recipients. Design of some application parts is modular what affords opportunity to easily implement for example new cryptographic module with use of another cryptographic library (e.g. openssl). Our transparent SMTP proxy also allows combating spam in real time by tarpitting and also by possible spam detection plug-ins. This real time technique is popular because of early spam elimination which does not pose claims on organization s storage and bandwidth. This paper was worked out in frame of Diploma thesis Embedded systems for encryption of application protocols and in frame of the VEGA project No. 1/0649/09 entitled Security and reliability in distributed computer systems and mobile computer networks. References [1] Balazs, S.: Introduction to TProxy and its features. [Online; accessed December 2nd, 2008]. Available at: [2] Cooper, D., Santesson, S., Farrell, S. et al.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. [Online]. May RFC (Request for Comments) series Available at: [3] Ebtables: Ethernet bridge frame table administration. [Online; accessed December 2nd, 2008]. May Available at: [4] Freed, N., Borenstein, N.: Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies. [Online]. November RFC (Request for Comments) series Available at:
8 8 Juraj Michalák [5] Gutmann, P.: Cryptlib Security Toolkit [Online]. Version July Available at: ftp://ftp.franken.de/pub/crypt/cryptlib/manual.pdf [6] Klensin, J.: Simple Mail Transfer Protocol. [Online]. October RFC (Request for Comments) series Available at: [7] PC Engines GmbH: Alix.2 / Alix.3 / Alix.6 series system boards. [Online; accessed February 16th, 2009]. Available at: [8] Ramsdell, S.: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification. [Online]. July RFC (Request for Comments) series Available at: [9] Schuymer, B., Fedchick, N.: Ebtables/Iptables interaction on a Linux-based bridge. [Online; accessed December 2nd, 2008]. Available at: [10] Stallings, W.: Cryptography and Network Security Principles and Practices. 4th ed. Prentice Hall, p. ISBN Chapter 15. Electronic Mail Security [11] Stevens, W.R., Fenner, B., Rudoff, A.M.: UNIX Network Programming: The Sockets Networking API. 3rd ed. Vol. 1. Addison Wesley, ISBN Chapter 30. Client/Server Design Alternatives. [12] The Linux Foundation: Net: Bridge. [Online; accessed December 2nd, 2008]. Available at: [13] Transparent SMTP proxy. In Wikipedia: the free encyclopedia [Online]. St. Petersburg (Florida): Wikimedia Foundation, 2001-, last modified on 24 January Available at:
How To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationOVERVIEW OF TYPICAL WINDOWS SERVER ROLES
OVERVIEW OF TYPICAL WINDOWS SERVER ROLES Before you start Objectives: learn about common server roles which can be used in Windows environment. Prerequisites: no prerequisites. Key terms: network, server,
More informationA Noval Approach for S/MIME
Volume 1, Issue 7, December 2013 International Journal of Advance Research in Computer Science and Management Studies Research Paper Available online at: www.ijarcsms.com A Noval Approach for S/MIME K.Suganya
More informationSecure web transactions system
Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends
More informationUnifying Information Security. Implementing Encryption on the CLEARSWIFT SECURE Email Gateway
Unifying Information Security Implementing Encryption on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 4 2 Encryption Options... 5 3 Basics of Encryption... 7 3.1 Public Key... 7 3.2 Private
More informationInternet Security. Contents. ITS335: IT Security. Internet Security. Secure Email. Summary
2 : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2 January 2015 its335y14s2l10, Steve/Courses/2014/s2/its335/lectures/internet.tex, r3506
More informationFirewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.
ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October 2013 its335y13s2l08, Steve/Courses/2013/s2/its335/lectures/firewalls.tex,
More informationFirewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary
2 : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October 2013 its335y13s2l08, Steve/Courses/2013/s2/its335/lectures/firewalls.tex, r2958
More informationEncryption of E-Mail Traffic
Encryption of E-Mail Traffic White Paper Version 1.1 Date: 2009-06-08 Foreword On the initiative of some German automotive manufacturers work has started on a series of white papers on the subject of e-mail
More informationChapter 6 Electronic Mail Security
Cryptography and Network Security Chapter 6 Electronic Mail Security Lectured by Nguyễn Đức Thái Outline Pretty Good Privacy S/MIME 2 Electronic Mail Security In virtually all distributed environments,
More informationLoad Balance Router R258V
Load Balance Router R258V Specification Hardware Interface WAN - 5 * 10/100M bps Ethernet LAN - 8 * 10/100M bps Switch Reset Switch LED Indicator Power - Push to load factory default value or back to latest
More informationCS 356 Lecture 27 Internet Security Protocols. Spring 2013
CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationImplementing Cisco IOS Network Security
Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationSecurity Policy Revision Date: 23 April 2009
Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure
More informationNetwork Security - Secure upper layer protocols - Background. Email Security. Question from last lecture: What s a birthday attack? Dr.
Network Security - Secure upper layer protocols - Dr. John Keeney 3BA33 Question from last lecture: What s a birthday attack? might think a m-bit hash is secure but by Birthday Paradox is not the chance
More informationThe basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.
Elements of Email Email Components There are a number of software components used to produce, send and transfer email. These components can be broken down as clients or servers, although some components
More informationBasic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet
Basic Networking Concepts 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet 1 1. Introduction -A network can be defined as a group of computers and other devices connected
More informationWhat is VLAN Routing?
Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one
More informationGENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET
http:// GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET Manisha Dawra 1, Ramdev Singh 2 1 Al-Falah School of Engg. & Tech., Vill-Dhauj, Ballabgarh-Sohna Road, Faridabad, Haryana (INDIA)-121004
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationWhat is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?
What is a Firewall? Computer Security Firewalls fire wall 1 : a wall constructed to prevent the spread of fire 2 usually firewall : a computer or computer software that prevents unauthorized access to
More informationFirewall, Mail and File server solution
Firewall, Mail and File server solution Table of Contents Introduction......2 Overview......3 Detailed description....4 Firewall......4 Other services offered by IPCop:......4 Mail and File Server......5
More informationGigabit Multi-Homing VPN Security Router
As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is a ideal to help the SMBs increase the broadband
More informationIPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region
IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express
More informationNATIONAL SECURITY AGENCY Ft. George G. Meade, MD
NATIONAL SECURITY AGENCY Ft. George G. Meade, MD Serial: I732-010R-2008 30 April 2008 Network Infrastructure Division Systems and Network Analysis Center Activating Authentication and Encryption for Cisco
More informationALL-AIO-2321P ZERO CLIENT
ALL-AIO-2321P ZERO CLIENT PCoIP AIO Zero Client The PCoIPTM technology is designed to deliver a user s desktop from a centralized host PC or server with an immaculate, uncompromised end user experience
More informationIINS Implementing Cisco Network Security 3.0 (IINS)
IINS Implementing Cisco Network Security 3.0 (IINS) COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationChapter 32 Internet Security
Chapter 32 Internet Security Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 32: Outline 32.1 NETWORK-LAYER SECURITY 32.2 TRANSPORT-LAYER SECURITY 32.3
More informationSecure Client Applications
Secure Client Applications Networking Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 26 June 2014 Common/Reports/secure-client-apps.tex, r900 1/26 Acronyms
More informationElectronic Mail Security. Email Security. email is one of the most widely used and regarded network services currently message contents are not secure
Electronic Mail Security CSCI 454/554 Email Security email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either in transit or by
More informationVPN Solutions SECURITY SOFTWARE. Product Information
VPN Solutions SECURITY SOFTWARE Product Information A new approach to VPN solution INFOTECS VPN solutions under the ViPNet brand have many technologic distinguishing features, which set them apart from
More informationConsiderations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.
Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More informationHow To Pass A Credit Course At Florida State College At Jacksonville
Form 2A, Page 1 FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE COURSE NUMBER: CTS 2658 COURSE TITLE: PREREQUISITE(S): COREQUISITE(S): Managing Network Security CNT 2210 with grade
More informationA Heterogeneous Internetworking Model with Enhanced Management and Security Functions
Session 1626 A Heterogeneous Internetworking Model with Enhanced Management and Security Functions Youlu Zheng Computer Science Department University of Montana Yan Zhu Sybase, Inc. To demonstrate how
More informationCS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email
CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11 - Secure
More informationNetworking Devices. Lesson 6
Networking Devices Lesson 6 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Network Interface Cards Modems Media Converters Repeaters and Hubs Bridges and
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationGigabit Content Security Router
Gigabit Content Security Router As becomes essential for business, the crucial solution to prevent your connection from failure is to have more than one connection. PLANET is the Gigabit Content Security
More informationRemote Connectivity for mysap.com Solutions over the Internet Technical Specification
Remote Connectivity for mysap.com Solutions over the Technical Specification June 2009 Remote Connectivity for mysap.com Solutions over the page 2 1 Introduction SAP has embarked on a project to enable
More information642 523 Securing Networks with PIX and ASA
642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall
More informationNETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
More informationTable of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2
Table of Contents 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2 2 Features and Benefits 2-1 Key Features 2-1 Support for the Browser/Server Resource Access Model 2-1 Support for Client/Server
More informationYealink Technical White Paper. Contents. About VPN... 3. Types of VPN Access... 3. VPN Technology... 3 Example Use of a VPN Tunnel...
1 Contents About... 3 Types of Access... 3 Technology... 3 Example Use of a Tunnel... 4 Yealink IP Phones Compatible with... 5 Installing the Open Server... 5 Installing the Open Server on the Linux Platform...
More informationLayer 3 Network + Dedicated Internet Connectivity
Layer 3 Network + Dedicated Internet Connectivity Client: One of the IT Departments in a Northern State Customer's requirement: The customer wanted to establish CAN connectivity (Campus Area Network) for
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationEthernet. Ethernet. Network Devices
Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking
More informationBreak Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.
Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost. Peplink. All Rights Reserved. Unauthorized Reproduction Prohibited Presentation Agenda Peplink Balance Pepwave MAX Features
More informationAssociate in Science Degree in Computer Network Systems Engineering
Moorpark College Associate in Science Degree in Computer Network Systems Engineering To earn an Associate in Science Degree with a major in Computer Network Systems Engineering, students complete 40.5-45
More informationCustomized Data Exchange Gateway (DEG) for Automated File Exchange across Networks
Customized Data Exchange Gateway (DEG) for Automated File Exchange across Networks *Abhishek Vora B. Lakshmi C.V. Srinivas National Remote Sensing Center (NRSC), Indian Space Research Organization (ISRO),
More informationProtecting and controlling Virtual LANs by Linux router-firewall
Protecting and controlling Virtual LANs by Linux router-firewall Tihomir Katić Mile Šikić Krešimir Šikić Faculty of Electrical Engineering and Computing University of Zagreb Unska 3, HR 10000 Zagreb, Croatia
More informationNetwork Security Fundamentals
APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6
More informationRouterBOARD 1000. product overview. September, 2008. 4Gon www.4gon.co.uk info@4gon.co.uk Tel: +44 (0)1245 808295 Fax: +44 (0)1245 808299
RouterBOARD 1000 product overview September, 2008 key features 1333 MHz CPU (1000/1200/1333/1500 MHz optional) adjustable CPU clock lead free parts compact size - 140x160mm) four 10/100/1000 Mbit/s Gigabit
More informationTHE BCS PROFESSIONAL EXAMINATIONS BCS Level 6 Professional Graduate Diploma in IT. April 2009 EXAMINERS' REPORT. Network Information Systems
THE BCS PROFESSIONAL EXAMINATIONS BCS Level 6 Professional Graduate Diploma in IT April 2009 EXAMINERS' REPORT Network Information Systems General Comments Last year examiners report a good pass rate with
More informationCryptography and Network Security Chapter 15
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North
More informationImplementing Cisco IOS Network Security v2.0 (IINS)
Implementing Cisco IOS Network Security v2.0 (IINS) Course Overview: Implementing Cisco IOS Network Security (IINS) v2.0 is a five-day instructor-led course that is presented by Cisco Learning Partners
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationAPNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)
APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &
More informationAvailability Digest. www.availabilitydigest.com. Redundant Load Balancing for High Availability July 2013
the Availability Digest Redundant Load Balancing for High Availability July 2013 A large data center can comprise hundreds or thousands of servers. These servers must not only be interconnected, but they
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationOverview of Computer Networks
Overview of Computer Networks Client-Server Transaction Client process 4. Client processes response 1. Client sends request 3. Server sends response Server process 2. Server processes request Resource
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationALL-ZC-2140P-DVI PCoIP Zero Client Overview
ALL-ZC-2140P-DVI PCoIP Zero Client Overview TERA2140 DVI PCoIP Zero Client Overview Teradici is the developer of the PC-over-IP (PCoIP) remote desktop protocol, which is leveraged in several VDI solutions
More informationWhat is a SSL VPN and How Does it Work?
Acceleration of Data through SSL Virtual Private Networks Rob Jansen University of Minnesota, Morris 600 East Fourth Street Morris, MN 56267 (123) 456-7890 jans0184@morris.umn.edu ABSTRACT A Virtual Private
More informationAPNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0
APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
More informationSecure Network Communications FIPS 140 2 Non Proprietary Security Policy
Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles
More informationz/os Firewall Technology Overview
z/os Firewall Technology Overview Mary Sweat E - Mail: sweatm@us.ibm.com Washington System Center OS/390 Firewall/VPN 1 Firewall Technologies Tools Included with the OS/390 Security Server Configuration
More informationComputer System Management: Hosting Servers, Miscellaneous
Computer System Management: Hosting Servers, Miscellaneous Amarjeet Singh October 22, 2012 Partly adopted from Computer System Management Slides by Navpreet Singh Logistics Any doubts on project/hypo explanation
More informationQoS VPN Router. www.tendacn.com
G3 QoS VPN Router www.tendacn.com G3 QoS VPN Router What It Does G3 is a Qos VPN router for Small Business, Branch Office & Internet Cafe. Smart bandwidth control and Multi WAN load balance realize optimal
More informationNetwork Security Protocols
Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination
More informationChapter 7. Address Translation
Chapter 7. Address Translation This chapter describes NetDefendOS address translation capabilities. Dynamic Network Address Translation, page 204 NAT Pools, page 207 Static Address Translation, page 210
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationA Model Design of Network Security for Private and Public Data Transmission
2011, TextRoad Publication ISSN 2090-424X Journal of Basic and Applied Scientific Research www.textroad.com A Model Design of Network Security for Private and Public Data Transmission Farhan Pervez, Ali
More informationHow To Protect Your Firewall From Attack From A Malicious Computer Or Network Device
Ch.9 Firewalls and Intrusion Prevention Systems Firewalls: effective means of protecting LANs Internet connectivity is essential for every organization and individuals introduces threats from the Internet
More informationINF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationChapter 12 Supporting Network Address Translation (NAT)
[Previous] [Next] Chapter 12 Supporting Network Address Translation (NAT) About This Chapter Network address translation (NAT) is a protocol that allows a network with private addresses to access information
More informationHow To Secure Mail Delivery
FortiMail Identity Based Encryption A Business Enabler WHITE PAPER FORTINET FortiMail Identity Based Encryption - A Business Enabler PAGE 2 Contents Business Need Secure Mail Delivery... 3 Challenges with
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More informationUPPER LAYER SWITCHING
52-20-40 DATA COMMUNICATIONS MANAGEMENT UPPER LAYER SWITCHING Gilbert Held INSIDE Upper Layer Operations; Address Translation; Layer 3 Switching; Layer 4 Switching OVERVIEW The first series of LAN switches
More informationChapter 9. IP Secure
Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.
More informationChapter 5. Data Communication And Internet Technology
Chapter 5 Data Communication And Internet Technology Purpose Understand the fundamental networking concepts Agenda Network Concepts Communication Protocol TCP/IP-OSI Architecture Network Types LAN WAN
More informationStandards and Products. Computer Security. Kerberos. Kerberos
3 4 Standards and Products Computer Security Standards and Products Public Key Infrastructure (PKI) IPsec SSL/TLS Electronic Mail Security: PEM, S/MIME, and PGP March 24, 2004 2004, Bryan J. Higgs 1 2
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationIP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw
IP Security IPSec, PPTP, OpenVPN Pawel Cieplinski, AkademiaWIFI.pl MUM Wroclaw Introduction www.akademiawifi.pl WCNG - Wireless Network Consulting Group We are group of experienced professionals. Our company
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationHow To Encrypt Data With Encryption
USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security
More informationDeep-Secure Mail Guard Feature Guide
Deep-Secure Mail Guard Feature Guide The Deep-Secure Mail Guard provides a rich selection of message security functionality and content policy options to Simple Message Transfer Protocol (SMTP) and/or
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationWhat communication protocols are used to discover Tesira servers on a network?
Understanding device discovery methods in Tesira OBJECTIVES In this application note, basic networking concepts will be summarized to better understand how Tesira servers are discovered over networks.
More information19531 - Telematics. 14th Tutorial - Proxies, Firewalls, P2P
19531 - Telematics 14th Tutorial - Proxies, Firewalls, P2P Bastian Blywis Department of Mathematics and Computer Science Institute of Computer Science 10. February, 2011 Institute of Computer Science Telematics
More informationALL-ZC-2321P-PoE PCoIP PoE Zero Client Overview
ALL-ZC-2321P-PoE PCoIP PoE Zero Client Overview TERA2321 PCoIP PoE Zero Client Overview Teradici is the developer of the PC-over-IP (PCoIP) remote desktop protocol, which is leveraged in several VDI solutions
More informationInternet Privacy Options
2 Privacy Internet Privacy Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014 Common/Reports/internet-privacy-options.tex, r892 1 Privacy Acronyms
More information