Who is Watching You? Video Conferencing Security
|
|
- Hubert Fowler
- 8 years ago
- Views:
Transcription
1 Who is Watching You? Video Conferencing Security Navid Jam Member of Technical Staff March 1, 2007 SAND# C Computer and Network Security Security Systems and Technology Video Conference and Collaborative Technologies Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy s National Nuclear Security Administration under contract DE-AC04-94AL
2 Something to think about Communication Devices Let s Compare 2
3 Something to think about Communication Devices Vs. Polycom VSX
4 Something to think about Communication Devices Vs. Polycom VSX 8000 Linksys WVC200 Wireless PTZ Internet Camera with Audio 4
5 Something to think about Communication Devices Vs. Polycom VSX 8000 MSRP $12,999 Linksys WVC200 Wireless PTZ Internet Camera with Audio Difference of: MSRP $12,700 MSRP $299 5
6 Embedded Devices Specialized hardware and software TCP/IP That have embedded beneficial services like: FTP Telnet HTTP SNMP H.323 Etc. How secure are these devices? 6
7 Ocean s 11 Intelligence Gathering Hacking / Information Operations Using IT systems to aid physical attack 7
8 Agenda Introduction The Center for Cyber Defenders (CCD) Methodology Findings Best Practices Future Research Conclusion 8
9 Introduction Embedded IP devices Using video conferencing as case study Video Conferencing usage has increased Video Conferencing Technology (VCT) Vendors pushing new features IP VoIP Data collaboration Etc Little focus on security We have AES encryption, therefore we are secure Who is responsible for securing these devices? Networking Computer Security Video Conferencing What about patch management? 9
10 VCT Architecture 10
11 Basic Protocols H.320 ISDN H.323 Video over IP T.120 Collaborative data sharing HD Video, POTS, etc. 11
12 15-20 students a year Focus on information security Malicious Code Analysis Network Programming OS Analysis Vulnerability Assessments Forefront of IP Video Conferencing Security Highlighting the work done by students and other staff at SNL over the past 4 years Codec s (Polycom and Tandberg) Desktop Camera s Network Infrastructure (Polycom, Tandberg & Cisco) Stay tuned for future announcements 12
13 Methodology Knowing Your Adversary What is your threat? 13
14 Red Teaming - Methodology Six phases of research, planning, and attacking 14
15 Gain Administrative Access Attack Tree 15
16 Goals Attack with the following goals: Compromise the system any way possible Conduct an independent assessment of the vulnerabilities and risks of using Video Conferencing Technology Develop industry best practices Analyze the site implementation Develop tools to aid in vulnerability assessment of VCT devices 16
17 Overview of Findings Gaining Administrative Access Diagnostics Mode Packet Sniffing Web Vulnerabilities Surveillance Capturing and Viewing Traffic Auto Calling Encryption Audio and Video Streaming Making Surveillance Covert Transmitting Information to an Outside Source Hosting Files ISDN / IP Enabling and Concealing Services Other Attacks Will only vaguely describe some 17
18 Gaining Administrative Access Gaining Administrative Access Diagnostics Mode Packet Sniffing Web Vulnerabilities 18
19 Gain Administrative Access Diagnostics Mode BootUI mode Physical Access Hold power button for 10 seconds while booting up Remote Force BootUI mode with buffer overflow 2005, Software Version# 7.5.2d Attack BootUI Copy off the contents of flash to single file Run strings and grep on file Can t prevent physical attack Unable to log BootUI mode s occurrence 19
20 Gain Administrative Access Diagnostics Mode Analyzing a chip dump Also saves password history 20
21 Gain Administrative Access Packet Sniffing Telnet and FTP passwords are unencrypted which makes it easy to sniff the network and obtain them 21
22 Gain Administrative Access Web Vulnerabilities Unauthenticated CGI s Buffer Overflows Get requests Post requests 22
23 Gain Administrative Access Unauthenticated CGI s 2004, Software Version# Returns administrative password Returns a list of all addresses in the address book Returns a list of all video calls the device has participated 23
24 Exploiting a buffer overflow vulnerability Gain Administrative Access Buffer Overflows 2005, Software Version# 7.5.2d Upload a single file to the web server 24
25 Exploiting a buffer overflow vulnerability (contd.) Gain Administrative Access Buffer Overflows 2005, Software Version# 7.5.2d The system stops requiring authentication for Telnet and FTP connections (until next reboot) 25
26 Gain Administrative Access Get / Post Requests 2006, Software Version#8.5 Able to retrieve admin password unauthenticated Able to change admin password unauthenticated Some.file has this comment in code /*. We may want to look into making this more secure */ Number of web vulnerabilities New Security Mode features Encryption features, HTTPS, TelnetS, FTPS etc. Perform all attacks / steaming encrypted 26
27 Gain Administrative Access What does this mean? Having administrative rights gives a person complete control of the Polycom device, including: Placing script on device that will automatically dial a third device when called Configure the device to accept any call Smuggle file to an outside network using the Polycom device Change password, preventing legitimate users from using the device Forcing the device to use a gatekeeper which can falsify audio and video 27
28 Surveillance Surveillance Capturing and Viewing Traffic Auto Calling Encryption Video and Audio Streaming Covert Audio Streaming Making Surveillance Covert 28
29 Surveillance Capturing and Viewing Traffic Capture with Ethereal Decode and view with Observer 29
30 Surveillance Capturing and Viewing Traffic 30
31 Surveillance Auto Calling Use scripts to initiate calls to third party Livermore Albuquerque Attacker 31
32 Surveillance Auto Calling Use scripts to initiate calls to third party Albuquerque Viewstation in Albuquerque has a previously loaded script 32
33 Surveillance Auto Calling Use scripts to initiate calls to third party Livermore Albuquerque Livermore calls Albuquerque 33
34 Surveillance Auto Calling Use scripts to initiate calls to third party Livermore Albuquerque Attacker Viewstation in Albuquerque runs the script which calls Attacker s Viewstation 34
35 Surveillance Encryption Video & Audio Streaming 2006, Software Version# 8.5 Making changes through encrypted channels Streaming Audio and Video Making audio streaming covert 35
36 Surveillance What does this mean? Any conference that uses VCT devices on an unencrypted network can be recorded and replayed by anyone connected to that network Any conference that uses Polycom VCT devices can be eavesdropped on using auto dialing with ISDN and IP 36
37 Transmitting Information to an Outside Source Hosting Files Upload files unauthenticated files to the Polycom web server Upload files to the Polycom with FTP and an administrative password. Maximum file size that can be uploaded: Viewstation VS Software Release MB Viewstation FX Software Release 5.1 FX 3MB VS 4000 Software Release FX 3MB VSX 8000 Software Release 8.5 3MB 37
38 Transmitting Information to an Outside Source Hosting Files 2005, Software Version# 7.5.2d Telnet to the web services (port 80) and use the PUT command Initial attempts caused the device to crash erratically 38
39 Transmitting Information to an Outside Source IP / ISDN System files can be accessed and modified. Fooling OS to think files are system files by giving them the same names ISDN line can be used to transfer data outside 2006, Software Version# 8.5 IP traffic can be encrypted as well Enabling and concealing services 39
40 Transmitting Information to an Outside Source What does this mean? Information can be passed to an outside source using the Polycom VCT devices, such as: Sensitive information a user intentionally added to system files Configuration files Call logs Administrator password 40
41 Other Attacks Deny Service Inject / Falsify Video Using: Gatekeepers Gateways Use VCT devices a launching point for other attacks Compromised Host Java / Java Script Programs Port Scanners Vulnerability Scanners Enterprise Management 41
42 What About Tandberg? 2004, Software Version# Classic Model E2.1 and E4.0 Not Perfect... all pages on the Tandberg device could be requested if the leading / is left off the get request sent to the HTTP server get Request Rejected 42
43 Tandberg Continued get Request Accepted without Authentication 43
44 Tandberg Continued Administrator Password Set using get and plugin_set 44
45 What About Tandberg Some problems in 2004 Auto Dialing Uploading / Transmitting files (9 megabytes) Surveillance Better vendor support wrt security More stable IP stack Targeted attacks ongoing 45
46 Best Practices for VCT Devices Device Physically secure the devices Update firmware Disable all unneeded and rarely used protocols (i.e. FTP, Telnet, SNMP, and HTTP*) Disable auto answer for incoming calls Develop a strong administrator password and change it periodically Restart the devices on a weekly basis Take a snapshot (MD5, SHA[n]) of all of the system files and periodically verify that they have not been modified (or just reinstall the OS periodically) 46
47 Best Practices for VCT Devices Network Use Access Control Lists (ACL's) and/or routers to help secure the network on which the devices operate Any computer (IP) allowed past the ACL needs to be well guarded as to make sure surveillance software is not installed that could allow that computer to sniff the traffic and send it offsite Use VLAN's Encryption should be used on the network across all WAN links as well as internally for important calls Ensure the router/switch/firewall is kept up to date 47
48 Best Practices for VCT Devices Management Server Keep the server up to date with security patches Limit access to the server via strict ACL's Encrypt traffic between the management clients and devices 48
49 Best Practices for VCT Devices Policy Shut off the devices when they are not in use Develop and enforce a strong password policy Develop policies that forbid circumventing network security to sniff/monitor traffic Develop working relationship and information sharing with vendor based on Service Level Agreements Conduct routine security audits of devices Conduct periodic reviews/scans to audit ACL's and ensure they are working 49
50 Sandia Security Switch (S3) Patent Pending TSCM approved 62 50
51 Open PCS Architecture for Interoperable Design (OPSAID) Designed for add-on security for embedded devices SCADA Video Conferencing Legacy systems Etc. Provides for: Secure management / configuration Logging and monitoring capabilities Firewalls IDS Encryption 51
52 Further Areas for Research Impact of connecting with other vulnerable Codec s Inserting malicious code into video stream ISDN Gatekeepers, Gateway s and Bridges as another means of attack T.120 security issues Room Controllers Systematic approach to security Codec Network Conference Room / Desktop 52
53 Conclusion Many benefits to video conferencing Polycom devices continue to be insecure Polycom is making a number of security improvements, however, more of a bandage than a comprehensive security overhaul Tandberg has better vendor support wrt security Technical and policy based recommendations to help mitigate some of the current threat Multilayered approach to security ACL's VLAN's Encryption User training 53
54 Navid Jam Questions / Comments 54
55 Environment 55
56 Gather Information About Devices Google White papers Documentation Nessus Other vulnerability scanners Spiders Social engineering etc 56
57 S3 Block Diagram 57
Thick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationDistrict of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification
1.1 Multipoint Control Unit (MCU) A. The MCU shall be capable of supporting (20) continuous presence HD Video Ports at 720P/30Hz resolution and (40) continuous presence ports at 480P/30Hz resolution. B.
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More informationNetwork Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
More informationGV-iView HD V1 for ipad
GV-iView HD V1 for ipad Article ID: GV10-11-03-07 Release Date: 03/07/2011 GV-iView HD V1 function is introduced to support ipad for the mobile surveillance application. System Requirements Handheld Device
More informationNetwork Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion
Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann
More informationThe Trivial Cisco IP Phones Compromise
Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002
More informationVoice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005
Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in
More informationGoals. Understanding security testing
Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities Learning Objectives Name the common categories of vulnerabilities Discuss common system
More informationInformation Security. Training
Information Security Training Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin
More informationINTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM
INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM Okumoku-Evroro Oniovosa Lecturer, Department of Computer Science Delta State University, Abraka, Nigeria Email: victorkleo@live.com ABSTRACT Internet security
More informationA POLYCOM WHITEPAPER Polycom. Recommended Best Security Practices for Unified Communications
Polycom Recommended Best Security Practices for Unified Communications March 2012 Unified Communications (UC) can be viewed as another set of data and protocols utilizing IP networks. From a security perspective,
More informationINDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer
More informationHardening Guide. Installation Guide
Installation Guide About this Document The intended use of this guide is to harden devices and also provide collateral for deployment teams to deal with local network policy, configurations and specification.
More informationPolycom Recommended Best Security Practices for Unified Communications
Polycom Recommended Best Security Practices for Unified Communications October 2015 Unified Communications (UC) can be viewed as another set of data and protocols utilizing IP networks. From a security
More informationUsing Nessus to Detect Wireless Access Points. March 6, 2015 (Revision 4)
Using Nessus to Detect Wireless Access Points March 6, 2015 (Revision 4) Table of Contents Introduction... 3 Why Detect Wireless Access Points?... 3 Wireless Scanning for WAPs... 4 Detecting WAPs using
More informationSecuring SIP Trunks APPLICATION NOTE. www.sipera.com
APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)
More informationKISUMU LAW COURTS: SPECIFICATIONS FOR A UNIFIED COMMUNICATION SYSTEM / VOICE OVER INTERNET PROTOCOL (VOIP) SOLUTION. Page 54 of 60
SPECIFICATIONS FOR A UNIFIED COMMUNICATION SYSTEM / VOICE OVER INTERNET PROTOCOL (VOIP) SOLUTION Page 54 of 60 UNIFIED COMMUNICATION SYSTEM (VOIP) PROPOSAL FOR KISUMU JUDICIARY COURTS. 1.0 PARTICULARS
More informationOwn your LAN with Arp Poison Routing
Own your LAN with Arp Poison Routing By: Rorik Koster April 17, 2006 Security is a popular buzzword heard every day throughout our American culture and possibly even more so in our global economy. From
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More informationFor version 3.7.12p (September 4, 2012)
Zephyr Xstream INSTALLATION For version 3.7.12p (September 4, 2012) The following information applies to Zephyr Xstream units currently running a version ending in p or i. If your Xstream is running software
More information1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network
WP 1004HE Part 5 1. Cyber Security White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network Table of Contents 1. Cyber Security... 1 1.1 What
More informationNetwork Security Infrastructure Testing
Network Security Infrastructure Testing Version 1.2 October 12, 2005 Prepared by: Sandia National Laboratories Center for SCADA Security Project Lead Ray Parks Technical Lead Jason Hills Technical Support
More informationLifeSize UVC Multipoint Deployment Guide
LifeSize UVC Multipoint Deployment Guide May 2014 LifeSize UVC Multipoint Deployment Guide 2 LifeSize UVC Multipoint LifeSize UVC Multipoint is a software MCU optimized for conferences that mix high definition
More informationLab 5.5.3 Developing ACLs to Implement Firewall Rule Sets
Lab 5.5.3 Developing ACLs to Implement Firewall Rule Sets All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 8 Device Interface
More informationLifeSize Video Communications Systems Administrator Guide
LifeSize Video Communications Systems Administrator Guide November 2009 Copyright Notice 2005-2009 LifeSize Communications Inc, and its licensors. All rights reserved. LifeSize Communications has made
More informationCOLLABORATE ROOM PRO 510/520/610/620 RELEASE VERSION 1.0.2 (167.0.94.0) - W7PQ20/PQ21/PQ22 September 2015 Introduction
RELEASE NOTES COLLABORATE Room Pro Media Appliance COLLABORATE ROOM PRO 510/520/610/620 RELEASE VERSION 1.0.2 (167.0.94.0) - W7PQ20/PQ21/PQ22 September 2015 This release includes improvements and fixes
More informationMedical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DR V2.0
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak DR V2.0 Version 1.0 Eastman Kodak Company, Health Imaging Group Page 1 Table of Contents Table of Contents
More informationWiFi Security Assessments
WiFi Security Assessments Robert Dooling Dooling Information Security Defenders (DISD) December, 2009 This work is licensed under a Creative Commons Attribution 3.0 Unported License. Table of Contents
More informationProtecting Critical Infrastructure
Protecting Critical Infrastructure SCADA Network Security Monitoring March 20, 2015 Table of Contents Introduction... 4 SCADA Systems... 4 In This Paper... 4 SCADA Security... 4 Assessing the Security
More informationHigh-performance VoIP Traffic Optimizer Client Solution
AP-VTO200 VoIP Traffic Optimizer Client High-performance VoIP Traffic Optimizer Client Solution AddPac Technology 2014, Sales and Marketing www.addpac.com Contents Product Overview Benefits and Features
More informationPrestige 202H Plus. Quick Start Guide. ISDN Internet Access Router. Version 3.40 12/2004
Prestige 202H Plus ISDN Internet Access Router Quick Start Guide Version 3.40 12/2004 Table of Contents 1 Introducing the Prestige...3 2 Hardware Installation...4 2.1 Rear Panel...4 2.2 The Front Panel
More informationSecurity Testing in Critical Systems
Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base
More informationQuick Installation Guide
V2.01 Model: FI9821W Quick Installation Guide Indoor HD Pan/Tilt Wireless IP Camera Black White For Windows OS ------- Page 1 For MAC OS ------- Page 16 ShenZhen Foscam Intelligent Technology Co., Ltd
More informationConsiderations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.
Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet
More informationPotential Targets - Field Devices
Potential Targets - Field Devices Motorola Field Devices: Remote Terminal Units ACE 3600 Front End Devices ACE IP Gateway ACE Field Interface Unit (ACE FIU) 2 Credential Cracking Repeated attempts to
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationVulnerability Assessment and Penetration Testing
Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationViewStation EX, ViewStation FX, and VS4000, Version 6.0.5
ViewStation EX, ViewStation FX, and VS4000, Version 6.0.5 Polycom is pleased to announce the version 6.0.5 software release for Polycom ViewStation EX/FX/VS4000 systems. What s New in This Release? Polycom
More informationHUAWEI 9000 HD Video Endpoint V100R011. Security Maintenance. Issue 02. Date 2013-05-28 HUAWEI TECHNOLOGIES CO., LTD.
V100R011 Issue 02 Date 2013-05-28 HUAWEI TECHNOLOGIES CO., LTD. 2013. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent
More informationΕΠΛ 674: Εργαστήριο 5 Firewalls
ΕΠΛ 674: Εργαστήριο 5 Firewalls Παύλος Αντωνίου Εαρινό Εξάμηνο 2011 Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
More informationVoice over IP (VoIP) Vulnerabilities
Voice over IP (VoIP) Vulnerabilities The Technical Presentation Diane Davidowicz NOAA Computer Incident Response Team N-CIRT diane.davidowicz@noaa.gov "Security problems in state of the art IP-Telephony
More informationhttp://www.it-exams.com
-The fastest and guaranteed way to certy now! http://www.it-exams.com Exam Number : SY0-301 Exam Name : Security+ Certification Exam 2011 version Version : Demo QUESTION NO: 1 Actively monitoring data
More informationTopics in Network Security
Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure
More informationIP Ports and Protocols used by H.323 Devices
IP Ports and Protocols used by H.323 Devices Overview: The purpose of this paper is to explain in greater detail the IP Ports and Protocols used by H.323 devices during Video Conferences. This is essential
More informationMedical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak CR V4.1 Version 1.0 Eastman Kodak Company, Health Imaging Group Page 1 Table of Contents Table of Contents
More informationPRINTER SECURITY AUDIT: THE UNIVERSITY OF VIRGINIA. Kevin Savoy, CPA, CISA, CISSP Brian Daniels, CISA, GCFA
PRINTER SECURITY AUDIT: THE UNIVERSITY OF VIRGINIA Kevin Savoy, CPA, CISA, CISSP Brian Daniels, CISA, GCFA Who cares about network printers? Why should anybody care about securing the printers when there
More informationIP Telephony Management
IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient
More informationIntroduction to Cyber Security / Information Security
Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationMedical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak Capture Link Server V1.00 Version 1.0 Eastman Kodak Company, Health Imaging Group Page 1 Table of Contents
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationQuick Installation Guide
V48.01 Model: FI8919W Quick Installation Guide Outdoor Pan/Tilt Wireless IP Camera For Windows OS ------- Page 1 For MAC OS ------- Page 15 ShenZhen Foscam Intelligent Technology Co., Ltd Quick Installation
More informationPolycom RealPresence Access Director System
Release Notes 3.1 January 2014 3725-78700-001C Polycom RealPresence Access Director System Polycom announces the release of the Polycom RealPresence Access Director system, version 3.1. This document provides
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationNetwork Security: Introduction
Network Security: Introduction 1. Network security models 2. Vulnerabilities, threats and attacks 3. Basic types of attacks 4. Managing network security 1. Network security models Security Security has
More informationMedical Device Security Health Group Digital Output
Medical Device Security Health Group Digital Output Security Assessment Report for the Kodak Color Medical Imager 1000 (CMI-1000) Software Version 1.1 Part Number 1G0434 Revision 2.0 June 21, 2005 CMI-1000
More informationSecurity Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net
Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those
More informationVillains and Voice Over IP
Villains and Voice Over IP Heather Bonin ECE 578 March 7, 2004 Table of Contents Introduction... 3 How VOIP Works... 3 Ma Bell and her Babies... 3 VoIP: The New Baby on the Block... 3 Security Issues...
More informationSecure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications. www.vidyo.com 1.866.99.VIDYO
TECHNICAL NOTE Secure VidyoConferencing SM Protecting your communications 2012 Vidyo, Inc. All rights reserved. Vidyo, VidyoTechnology, VidyoConferencing, VidyoLine, VidyoRouter, VidyoPortal,, VidyoRouter,
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationREPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB
REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB Conducted: 29 th March 5 th April 2007 Prepared By: Pankaj Kohli (200607011) Chandan Kumar (200607003) Aamil Farooq (200505001) Network Audit Table of
More informationDeployment Guide for Maximum Security Environments Polycom HDX Systems, Version 3.0.5
Polycom HDX Systems, Version 3.0.5 A warning about operating in a maximum security environment The maximum security profile is designed to lock down communications to the most stringent requirements of
More informationAdditional Security Considerations and Controls for Virtual Private Networks
CYBER SECURITY OPERATIONS CENTRE APRIL 2013 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL REFERENCES
More informationWeb Application Security
Web Application Security Prof. Sukumar Nandi Indian Institute of Technology Guwahati Agenda Web Application basics Web Network Security Web Host Security Web Application Security Best Practices Questions?
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationIP Wireless / Wired Camera NIGHT VISION & REMOTE PAN/TILT ROTATE. User Manual
IP Wireless / Wired Camera NIGHT VISION & REMOTE PAN/TILT ROTATE User Manual WELCOME This model IP Camera is an integrated wireless IP Camera solution. It combines a high quality digital Video Camera with
More informationRELEASE NOTES. March 2014. COLLABORATE Room Release Version 3.2.4-12.0.0.057. New Features. Issues Fixed. Known Issues
RELEASE NOTES COLLABORATE Room Video Conferencing (Revision 1.5) March 20, 2014 COLLABORATE Room Release Notes March 2014 COLLABORATE Room Release Version 3.2.4-12.0.0.057 Supports URI dialing formats
More informationHigh-performance VoIP Traffic Optimizer Client Solution
GSM Gateway VoIP Traffic Optimizer Client High-performance VoIP Traffic Optimizer Client Solution AddPac Technology 2014, Sales and Marketing www.addpac.com Contents Product Overview Benefits and Features
More informationFundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals
Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure.
More informationLifeSize Networker Installation Guide
LifeSize Networker Installation Guide November 2008 Copyright Notice 2006-2008 LifeSize Communications Inc, and its licensors. All rights reserved. LifeSize Communications has made every effort to ensure
More informationSecurity Issues with Integrated Smart Buildings
Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern
More informationAvaya TM G700 Media Gateway Security. White Paper
Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional
More information1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained
home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:
More informationAvaya G700 Media Gateway Security - Issue 1.0
Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise
More informationQuick Installation Guide
V46.01 Model: FI8918W Quick Installation Guide Indoor Pan/Tilt Wireless IP Camera Black White For Windows OS ------- Page 1 For MAC OS ------- Page 11 ShenZhen Foscam Intelligent Technology Co., Ltd Quick
More informationITEC441- IS Security. Chapter 15 Performing a Penetration Test
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationHow To Classify A Dnet Attack
Analysis of Computer Network Attacks Nenad Stojanovski 1, Marjan Gusev 2 1 Bul. AVNOJ 88-1/6, 1000 Skopje, Macedonia Nenad.stojanovski@gmail.com 2 Faculty of Natural Sciences and Mathematics, Ss. Cyril
More informationLAB FORWARD. WITH PROService RMS TECHNOLOGY, ARCHITECTURE AND SECURITY INFORMATION FOR IT PROFESSIONALS
LAB FORWARD WITH PROService RMS TECHNOLOGY, ARCHITECTURE AND SECURITY INFORMATION FOR IT PROFESSIONALS Medical diagnostics are a vital part of the modern healthcare system, and instrument uptime is critical
More informationHong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望
Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination
More informationCyber Security for SCADA/ICS Networks
Cyber Security for SCADA/ICS Networks GANESH NARAYANAN HEAD-CONSULTING CYBER SECURITY SERVICES www.thalesgroup.com Increasing Cyber Attacks on SCADA / ICS Systems 2 What is SCADA Supervisory Control And
More informationTABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY
IT FIREWALL POLICY TABLE OF CONTENT 1. INTRODUCTION... 3 2. TERMS AND DEFINITION... 3 3. PURPOSE... 5 4. SCOPE... 5 5. POLICY STATEMENT... 5 6. REQUIREMENTS... 5 7. OPERATIONS... 6 8. CONFIGURATION...
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationTimbuktu Pro for Windows, version 8
Timbuktu Pro for Windows, version 8 Release Notes, version 8.6.8 May 2010 This document contains important information about Timbuktu Pro for Windows, version 8. If you have additional questions, consult
More informationJoe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security
Joe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security CIP-005-3 Audit Approach, ESP Diagrams, Industry Best Practices September 24 25, 2013 SALT LAKE CITY, UTAH
More informationCodes of Connection for Devices Connected to Newcastle University ICT Network
Code of Connection (CoCo) for Devices Connected to the University s Author Information Security Officer (Technical) Version V1.1 Date 23 April 2015 Introduction This Code of Connection (CoCo) establishes
More informationLab 8.4.2 Configuring Access Policies and DMZ Settings
Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set
More informationE-commerce Production Firewalls
E-commerce Production Firewalls A Proper Security Design 2006 Philip J. Balsley. This document and all information contained herein is the sole and exclusive property of Philip J. Balsley. All rights reserved.
More informationWeb Engineering Web Application Security Issues
Security Issues Dec 14 2009 Katharina Siorpaes Copyright 2009 STI - INNSBRUCK www.sti-innsbruck.at It is NOT Network Security It is securing: Custom Code that drives a web application Libraries Backend
More informationOverview of Banking Application Security and PCI DSS Compliance for Banking Applications
Overview of Banking Application Security and PCI DSS Compliance for Banking Applications Thought Paper www.infosys.com/finacle Universal Banking Solution Systems Integration Consulting Business Process
More informationGuidelines for Website Security and Security Counter Measures for e-e Governance Project
and Security Counter Measures for e-e Governance Project Mr. Lalthlamuana PIO, DoICT Background (1/8) Nature of Cyber Space Proliferation of Information Technology Rapid Growth in Internet Increasing Online
More informationNational Video Conferencing Service (NVCS) Service Catalogue Version 1.1
National Video Conferencing Service (NVCS) Service Catalogue Version 1.1 March 2016 Service ID Service List Status GO LIVE date Page 101 Management of VC Endpoints Live 31/05/2013 2 102 Support of Desktop
More informationAdministrator s Guide for the Polycom Video Control Application (VCA)
Administrator s Guide for the Polycom Video Control Application (VCA) Version 1.1 November 2007 Edition 3725-26448-004/A Trademark Information Polycom and the Polycom logo design are registered trademarks
More informationMedical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0 Page 1 of 9 Table of Contents Table of Contents... 2 Executive Summary...
More informationSecuring end devices
Securing end devices Securing the network edge is already covered. Infrastructure devices in the LAN Workstations Servers IP phones Access points Storage area networking (SAN) devices. Endpoint Security
More informationΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science
ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized Internet users
More information