Data Security using Encryption in SwiftStack

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Data Security using Encryption in SwiftStack"

Transcription

1 Data Security using Encryption in SwiftStack May 2015 Copyright 2015 SwiftStack, Inc. swiftstack.com Page 1 of 11

2 Table of Contents Introduction... 3 Defining Three Threat Models... 3 Encrypted Data and The Key... 3 Protecting Data In Flight... 4 Encrypting End-User Traffic... 4 Data Traffic... 4 Authentication Traffic... 4 Impacts of Encryption... 5 Encrypting the Controller s Management Traffic... 5 Encrypting Intra-Cluster Traffic... 5 Protecting Data At Rest... 7 Client-Side Encryption (User)... 7 Advantages... 7 Disadvantages... 7 System-Side Encryption... 7 Advantages... 8 Disadvantages... 8 Device-Level Encryption... 8 Advantages... 9 Disadvantages... 9 Related Topic: Secure Deletion of Data Object-Level Deletion Device-Level Erasure Conclusion Copyright 2015 SwiftStack, Inc. swiftstack.com Page 2 of 11

3 Introduction Many people have asked how to leverage encryption with the SwiftStack Object Storage System. Within the general topic of encryption, there are several strategies to understand and consider each designed to protect against a certain type of threat. We describe in this whitepaper the most common object storage encryption strategies and options for implementing them with SwiftStack. Defining Three Threat Models To understand how a particular encryption strategy will protect your data, it is necessary to understand the threat against which you are protecting. For the purposes of this paper, we will define three types of threats to consider as you protect the data in your SwiftStack Object Storage System: 1. Data in Flight This category of threat includes the possibility of someone intercepting or eavesdropping data traffic between your client applications and your storage system. Whether it is a malicious person sharing the network in a coffee shop or someone who gained unauthorized access to your corporate network, the tools to capture and read data as it is sent are freely available and easy to use. 2. Data at Rest If data has been stored on a physical device (e.g., hard drive, flash device, tape drive) and that device later leaves the control of the data s owner (e.g., for repair or decommission, due to theft), there is a possibility that someone will attempt to read the data stored on the device. 3. Hacker or Rogue Administrator If someone gains administrative privileges to a storage system, whether rightfully or wrongfully, it will most likely be possible for him or her to access the data in flight or at rest within that system while it is up and running. The remainder of this paper will discuss ways to protect against these threat models when using SwiftStack Object Storage. Encrypted Data and The Key Fundamental to any encryption strategy is the concept that a key is required to encrypt and decrypt data. The idea, assuming the encryption algorithm is strong enough, is that once a piece of data has been encrypted with a specific key, that data can only be decrypted with the same key and is completely useless, unreadable, and unrecoverable without the key. For that reason, a well-devised plan for key management is as important as encrypting data in the first place. Copyright 2015 SwiftStack, Inc. swiftstack.com Page 3 of 11

4 Protecting Data In Flight Encrypting End-User Traffic Data Traffic The first location of potential encryption is at the SwiftStack proxy layer, which handles communication between the end-user application and the storage system. Many SwiftStack implementations are public-facing, meaning the proxy services are available over the Internet. As such, it is desirable to leverage encryption at this layer so that any third parties that gain access to the communication between the end-user and the object storage system cannot make sense of the encrypted traffic even if they capture it while in flight. Because the object storage system uses HTTP as its transport protocol, encryption at this stage is straightforward. Using TLS 1, SwiftStack leverages industry-standard cryptographic protocols to ensure data transferred over the wire is secure. This is the same protocol and scheme used in a web browser when visiting a secure site, such as (typically indicated by a lock icon in your browser - See Figure 1). Figure 1 - Example of TLS encrypted website This feature is easily configured within the SwiftStack management console by simply enabling HTTPS (see Figure 2). To complete the process, required certificates would need to be uploaded. Figure 2 - Enabling HTTPS support in SwiftStack Authentication Traffic Aside from the protection of the data being transferred, another benefit to this implementation is that the user interaction with the SwiftStack system for authenticating and receiving a token is also encrypted. Tokens allow a user to authenticate once in a period of time instead of doing so with each and every connection to the storage system enhancing the storage system s performance. Even for an object storage system used in a protected network where data traffic encryption is not considered as important, it may still be highly desirable to use encryption during authentication to protect the 1 Sometimes referred to as SSL, which is a predecessor to TLS and as a protocol has been deprecated. Copyright 2015 SwiftStack, Inc. swiftstack.com Page 4 of 11

5 transfer of user credentials and authentication tokens. Otherwise, if a third party obtains access to an end-user s authentication token, they can use the object storage system with all of the privileges of the user. Impacts of Encryption Delivering encryption requires an investment of resources. There are two main considerations when encrypting end-user traffic to and from the storage system: 1. Increased CPU Load: There is added computational overhead on the proxy machines to perform the encryption and decryption of traffic. While modern CPUs do this efficiently, the resources of a proxy server will be constrained when handling simultaneous TLS traffic streams when compared to non-encrypted streams. 2. Managing Certificates: There is complexity in setting up and using certificates for endpoint encryption termination. A certificate must be purchased from a trusted certificate authority and, along with the private key, must then be distributed to all of the proxy machines within the object storage system. Alternatively, when using internal or self-signed certificates, the pretrusted certificate images must also be distributed to all clients using the system in order for them to trust the storage application. Look for the SSL Certificate Bundle document at swiftstack.com/docs which describes certificate management within a SwiftStack storage environment. Encrypting the Controller s Management Traffic The SwiftStack Controller creates a persistent link between itself and all nodes within the system using a Linux tunnel interface and leveraging OpenVPN for encryption. This means that all traffic between the controller and each node is encrypted automatically. There are no configuration options required to enable this feature. Encrypting Intra-Cluster Traffic After data is received by the proxy, it will likely be redirected to one of the storage nodes within the cluster for storage or retrieval. The communication link between the proxy server and the storage nodes is NOT encrypted for a variety of reasons: 1. It is assumed that the network between the proxy and storage nodes is a local area network (LAN) and is private. There is no assumed immediate value in encrypting the data traversing this network. 2. The added overhead of encrypting these traffic streams can be significant. Within a SwiftStack cluster, processes are constantly checking each other s status, resulting in a significant amount of communication to be encrypted. In addition, reading and writing data is designed to be as streamlined as possible. Encryption overhead at this layer would unnecessarily slow down these operations. Copyright 2015 SwiftStack, Inc. swiftstack.com Page 5 of 11

6 3. If security needs are high enough where internal data should be encrypted, performing the data encryption at the object layer instead of the network layer is a better choice. See the Protecting Data at Rest section below for details. 4. In special cases, such as when leveraging SwiftStack s Global Clusters feature where a cluster MAY span across a wide area network, point-to-point VPN setups can be configured to achieve data encryption over the WAN link. This configuration is beyond the scope of this document, but you may contact SwiftStack sales or support for additional guidance. For situations where encryption of intra-cluster traffic is a requirement, SwiftStack recommends implementing a layer-two encryption technology at the switching layer such as MACsec, also known as IEEE 802.1AE. Copyright 2015 SwiftStack, Inc. swiftstack.com Page 6 of 11

7 Protecting Data At Rest After data has been stored in the object storage system, encryption is commonly used to protect the data at rest. The basic strategy is to ensure that anyone who gets access to physical storage devices (through legitimate or illegitimate means) can see only encrypted data but does not have the necessary key to decrypt it. There are a number of viable strategies for encrypting data at rest, each with advantages and disadvantages to consider. Client-Side Encryption (User) The most robust method of protecting data at rest within the storage system is to encrypt the object before it is even written to the storage system. This way, the data that is written to disk is not viewable by any party who may gain access to the physical storage devices. While data would be encrypted endto-end, it is still advisable to use secure networking as a best practice. In addition, this strategy protects against the rogue administrator threat as well, because the raw data on disk cannot be decrypted by anyone without the appropriate key, which is held by the original user who put the object into the system. This is the most secure strategy for protecting object data at rest; in fact, it is the only strategy discussed in this paper which protects against the rogue administrator threat! The main downside is that it puts the requirement on the end-user to perform some level of encryption before putting data into the system, so key management is now the responsibility of the end-user or application using the storage system. Advantages Data cannot be read by accessing physical devices Data cannot be read by rogue administrators with system access Users have the flexibility to choose the appropriate encryption tools for each use case Data in the system can be securely deleted simply by purging related encryption keys Disadvantages End-users or applications must manage and retain encryption keys End-user system CPUs must perform encryption/decryption operations System-Side Encryption With a system-side encryption strategy, unencrypted data is sent to the storage system (over a secure connection via TLS/SSL). As the system receives data, it is encrypted enroute to the storage media (e.g., hard drives, flash devices). Inversely, when data is requested, the storage system decrypts the data before sending it back to the end-user. Copyright 2015 SwiftStack, Inc. swiftstack.com Page 7 of 11

8 The primary reason this strategy may be considered instead of client-side encryption is that it removes the requirement for end-users to manage their encryption keys. However, by storing encryption keys within the storage system, this strategy no longer protects against the rogue-administrator threat. If an adversary obtains access to the object storage system and has the ability to read the data at rest, he or she would also have the ability to read the key used to encrypt the data, thereby nullifying any security value. SwiftStack does not currently offer system-side encryption. Along with others in the OpenStack development community, SwiftStack has outlined a plan for implementation. When it is implemented, the encryption feature is expected to utilize middleware to leverage third-party key management systems for external key escrow. Advantages Data cannot be read by accessing physical devices End-users and applications do not need to manage encryption keys Disadvantages Not currently available in SwiftStack No protection against rogue administrators Storage system CPUs must perform encryption/decryption operations External key management systems have a high cost Device-Level Encryption Raw object data is written to disk in the exact way it is received by the SwiftStack Object Storage System. As noted above, client-side encryption (i.e., encrypting an object before it is put into the storage system) is the most secure method for protecting data at rest, however, another common strategy is to use device-level encryption. The main advantage to implementing a block device encryption system is that if a drive is removed from the storage system, you have reasonable assurances that a third party who comes into physical contact with that drive will not be able to decrypt the data stored on it. This strategy does not, however, protect against the rogue administrator threat. There are two primary ways to implement block device encryption with SwiftStack: 1. Use LUKS (Linux Unified Key Setup): Each SwiftStack storage node is built using a Linux operating system, and Linux has a built-in encryption tool that can ensure raw blocks of data on each drive are encrypted. Linux itself encrypts and decrypts data on-the-fly as needed. Configuration is simple, but administrators have to manage the keys used to unlock each drive when the Linux system is booted. Copyright 2015 SwiftStack, Inc. swiftstack.com Page 8 of 11

9 A brief demonstration video for using LUKS is available here: Demo Video: Using Linux Encryption (LUKS) with SwiftStack 2. Use self-encrypting hardware: Several hardware vendors now offer self-encrypting drives (SEDs) or drive controllers which offer automatic encryption. SEDs each contain their own key and encrypt or decrypt data as it is written to or read from the drive. There is no system CPU load for encryption operations elsewhere in the infrastructure, but each drive must be unlocked to be used. This unlocking can be a manual step for each drive in a node (e.g. 90 drives) when booting a node, or additional software is required for managing the credentials to lock or unlock the SEDs. Advantages Data cannot be read by accessing physical devices SEDs offer instant-erase features simply by changing a drive s encryption key With SEDs, no CPU load is required elsewhere for encryption/decryption operations Disadvantages Key management is still required No protection against rogue administrators For LUKS, the SwiftStack Nodes CPUs must perform encryption/decryption operations Copyright 2015 SwiftStack, Inc. swiftstack.com Page 9 of 11

10 Related Topic: Secure Deletion of Data A related topic worth considering is the secure deletion of existing data. In an object storage system like SwiftStack, this is commonly discussed in one of two contexts: object-level deletion or device-level erasure. Object-Level Deletion Sometimes, users of a SwiftStack Object Storage System need to securely delete an object from the system. The implication is that all physical bits associated with that data are wiped such that the object cannot be restored again. Unfortunately, the eventually consistent architecture of the object storage engine, which enables globally distributed clusters that scale to exabytes, makes it very difficult to ensure that a deleted object can never be retrieved again in the future (e.g., if a failed storage node containing a copy of the object is repaired and returned to service in the cluster). So, if secure data deletion guarantees are required, SwiftStack recommends leveraging client-side encryption before the object is placed into the system. That way, after the command to delete an object is sent to the system and the original encrypting keys are purged, there is no way to decrypt any object data that may temporarily remain in the system. Device-Level Erasure When a device such as a hard drive is intentionally removed from a storage system, corporate policy may require the data on it be completely erased before retirement, repair, or reuse. Past strategies including physical device destruction, degaussing, and overwriting data have been time-consuming and expensive. By leveraging encryption, however, one only needs to separate the device from any associated encryption keys to render the data on it useless and effectively erased. In particular, vendors of self-encrypting drives offer a feature that allows the encryption key within the SED to be changed in a matter of seconds, effectively erasing the drive and making it safe to use again or send away. Copyright 2015 SwiftStack, Inc. swiftstack.com Page 10 of 11

11 Conclusion In summary, when considering an encryption strategy, it is important to first determine the threat models against which you want to protect. Then, consider the advantages and disadvantages for each strategy that offers the level of protection you require. In this paper, we discussed three threat models: eavesdropping data in flight, unauthorized access of data at rest on hardware that has been removed from a storage system, and unauthorized access of live data in a storage system by a rogue administrator or hacker. We then discussed strategies to protect against these threats either on the client-side, in the storage system, or at the device-level and the advantages and disadvantages for each. If you choose only one, SwiftStack recommends the client-side encryption strategy, as it provides the most complete protection against known threats, offers the most flexibility, and enables secure deletion of data in the system. For a truly secure infrastructure, consider coupling this with other strategies within (e.g., self-encrypting hardware) and outside the storage system (e.g., intrusion detection, anti-virus) as well. Copyright 2015 SwiftStack, Inc. swiftstack.com Page 11 of 11

XTREMIO DATA AT REST ENCRYPTION

XTREMIO DATA AT REST ENCRYPTION White Paper XTREMIO DATA AT REST ENCRYPTION Abstract Data at Rest Encryption is a mandatory requirement in various industries that host private or sensitive data. This white paper introduces and explains

More information

Secure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications. www.vidyo.com 1.866.99.VIDYO

Secure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications. www.vidyo.com 1.866.99.VIDYO TECHNICAL NOTE Secure VidyoConferencing SM Protecting your communications 2012 Vidyo, Inc. All rights reserved. Vidyo, VidyoTechnology, VidyoConferencing, VidyoLine, VidyoRouter, VidyoPortal,, VidyoRouter,

More information

Keep Your Data Secure: Fighting Back With Flash

Keep Your Data Secure: Fighting Back With Flash Keep Your Data Secure: Fighting Back With Flash CONTENTS: Executive Summary...1 Data Encryption: Ensuring Peace of Mind...2 Enhanced Encryption and Device Decommission in the Enterprise...3 Freeing Up

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

ReadyNAS Remote White Paper. NETGEAR May 2010

ReadyNAS Remote White Paper. NETGEAR May 2010 ReadyNAS Remote White Paper NETGEAR May 2010 Table of Contents Overview... 3 Architecture... 3 Security... 4 Remote Firewall... 5 Performance... 5 Overview ReadyNAS Remote is a software application that

More information

Wireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com

Wireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com Wireless VPN White Paper WIALAN Technologies, Inc. http://www.wialan.com 2014 WIALAN Technologies, Inc. all rights reserved. All company and product names are registered trademarks of their owners. Abstract

More information

Management of Hardware Passwords in Think PCs.

Management of Hardware Passwords in Think PCs. Lenovo Corporation March 2009 security white paper Management of Hardware Passwords in Think PCs. Ideas from Lenovo Notebooks and Desktops Workstations and Servers Service and Support Accessories Introduction

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Maginatics Security Architecture

Maginatics Security Architecture Maginatics Security Architecture What is the Maginatics Cloud Storage Platform? Enterprise IT organizations are constantly looking for ways to reduce costs and increase operational efficiency. Although

More information

Enterprise SED Presentation. TCG Storage WG Marketing

Enterprise SED Presentation. TCG Storage WG Marketing Enterprise SED Presentation TCG Storage WG Marketing Goal of this Presentation High Level description of how Self-Encrypting Drives (SEDs) utilize cryptography to protect user data Target Use Cases for

More information

Frequently Asked Questions: EMC Isilon Data at Rest Encryption Solution

Frequently Asked Questions: EMC Isilon Data at Rest Encryption Solution 1 Frequently Asked Questions: EMC Isilon Data at Rest Encryption Solution Table of Contents What s New? Target Customers Customer Benefits Competitive Positioning Technical Sales Questions General Sales

More information

Self-Encrypting Hard Disk Drives in the Data Center

Self-Encrypting Hard Disk Drives in the Data Center Technology Paper Self-Encrypting Hard Disk Introduction At least 35 U.S. states now have data privacy laws that state if you encrypt data-at-rest, you don t have to report breaches of that data. U.S. Congressional

More information

Benefits of Network Level Security at the RTU Level. By: Kevin Finnan and Philippe Willems

Benefits of Network Level Security at the RTU Level. By: Kevin Finnan and Philippe Willems By: Kevin Finnan and Philippe Willems Introduction New security capabilities at the remote terminal unit (RTU) level are substantially easing implementation of cyber security measures in SCADA systems.

More information

EMC DATA DOMAIN ENCRYPTION A Detailed Review

EMC DATA DOMAIN ENCRYPTION A Detailed Review White Paper EMC DATA DOMAIN ENCRYPTION A Detailed Review Abstract The proliferation of publicized data loss, coupled with new governance and compliance regulations, is driving the need for customers to

More information

ipad in Business Security

ipad in Business Security ipad in Business Security Device protection Strong passcodes Passcode expiration Passcode reuse history Maximum failed attempts Over-the-air passcode enforcement Progressive passcode timeout Data security

More information

PrivyLink Internet Application Security Environment *

PrivyLink Internet Application Security Environment * WHITE PAPER PrivyLink Internet Application Security Environment * The End-to-end Security Solution for Internet Applications September 2003 The potential business advantages of the Internet are immense.

More information

Security Overview Introduction Application Firewall Compatibility

Security Overview Introduction Application Firewall Compatibility Security Overview Introduction ShowMyPC provides real-time communication services to organizations and a large number of corporations. These corporations use ShowMyPC services for diverse purposes ranging

More information

A secure way to monitor your emergency lighting over the internet

A secure way to monitor your emergency lighting over the internet ESM Remote Access: A secure way to monitor your emergency lighting over the internet WHITE PAPER EXECUTIVE SUMMARY ETAP Safety Manager (ESM) features web-based monitoring and management of your emergency

More information

Secure Use of the New NHS Network (N3): Good Practice Guidelines

Secure Use of the New NHS Network (N3): Good Practice Guidelines Programme NPFIT Document Record ID Key Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0003.01 Prog. Director Mark Ferrar Status Approved Owner Tim Davis Version 1.0 Author Phil Benn Version

More information

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their

More information

Mobile Admin Security

Mobile Admin Security Mobile Admin Security Introduction Mobile Admin is an enterprise-ready IT Management solution that generates significant cost savings by dramatically increasing the responsiveness of IT organizations facing

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

Xerox Mobile Print Cloud

Xerox Mobile Print Cloud September 2012 702P00860 Xerox Mobile Print Cloud Information Assurance Disclosure 2012 Xerox Corporation. All rights reserved. Xerox and Xerox and Design are trademarks of Xerox Corporation in the United

More information

Kaspersky Lab s Full Disk Encryption Technology

Kaspersky Lab s Full Disk Encryption Technology Kaspersky Lab s Full Disk Encryption Technology In the US alone, an estimated 12,000 laptops are lost or stolen each week. According to the Ponemon Institute, a laptop is stolen every 53 seconds; more

More information

SharePlus Enterprise: Security White Paper

SharePlus Enterprise: Security White Paper INFRAGISTICS, INC. SharePlus Enterprise: Security White Paper Security Overview Anand Raja, Gustavo Degeronimi 6/29/2012 SharePlus ensures Enterprise data security by implementing and interoperating with

More information

iphone in Business Security Overview

iphone in Business Security Overview iphone in Business Security Overview iphone can securely access corporate services and protect data on the device. It provides strong encryption for data in transmission, proven authentication methods

More information

Complying with PCI Data Security

Complying with PCI Data Security Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring

More information

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October 2015. Page 1 of 9

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October 2015. Page 1 of 9 Security CLOUD VIDEO CONFERENCING AND CALLING Whitepaper October 2015 Page 1 of 9 Contents Introduction...3 Security risks when endpoints are placed outside of firewalls...3 StarLeaf removes the risk with

More information

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2 Contents Introduction--1 Content and Purpose of This Guide...........................1 User Management.........................................2 Types of user accounts2 Security--3 Security Features.........................................3

More information

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such

More information

Xerox DocuShare Security Features. Security White Paper

Xerox DocuShare Security Features. Security White Paper Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a

More information

Credit Card Security

Credit Card Security Credit Card Security Created 16 Apr 2014 Revised 16 Apr 2014 Reviewed 16 Apr 2014 Purpose This policy is intended to ensure customer personal information, particularly credit card information and primary

More information

Deploying SwiftStack Object Storage for Storage Made Easy

Deploying SwiftStack Object Storage for Storage Made Easy Deploying SwiftStack Object Storage for Storage Made Easy March 2015 Page 1 Table of Contents Table of Contents Introduction Preparation Basic Integration Steps Example: Configuring a Cloud Drive Client

More information

Chapter 5. Data Communication And Internet Technology

Chapter 5. Data Communication And Internet Technology Chapter 5 Data Communication And Internet Technology Purpose Understand the fundamental networking concepts Agenda Network Concepts Communication Protocol TCP/IP-OSI Architecture Network Types LAN WAN

More information

technical brief browsing to an installation of HP Web Jetadmin. Internal Access HTTP Port Access List User Profiles HTTP Port

technical brief browsing to an installation of HP Web Jetadmin. Internal Access HTTP Port Access List User Profiles HTTP Port technical brief in HP Overview HP is a powerful webbased software utility for installing, configuring, and managing networkconnected devices. Since it can install and configure devices, it must be able

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

Full Drive Encryption Security Problem Definition - Encryption Engine

Full Drive Encryption Security Problem Definition - Encryption Engine 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 Full Drive Encryption Security Problem Definition - Encryption Engine Introduction for the FDE Collaborative Protection Profiles

More information

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses Professional Integrated Appliance for Small and Medium-sized businesses Benefits Clientless Secure Remote Access Seamless Integration behind the Existing Firewall Infrastructure UTM Security Integration

More information

Navigating Endpoint Encryption Technologies

Navigating Endpoint Encryption Technologies Navigating Endpoint Encryption Technologies Whitepaper November 2010 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS

More information

Installing and Configuring vcenter Multi-Hypervisor Manager

Installing and Configuring vcenter Multi-Hypervisor Manager Installing and Configuring vcenter Multi-Hypervisor Manager vcenter Server 5.1 vcenter Multi-Hypervisor Manager 1.1 This document supports the version of each product listed and supports all subsequent

More information

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1 UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1 As organizations unlock the true potential of meeting over the web as an alternative to costly and timeconsuming travel,

More information

Projectplace: A Secure Project Collaboration Solution

Projectplace: A Secure Project Collaboration Solution Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the

More information

Deploying iphone and ipad Security Overview

Deploying iphone and ipad Security Overview Deploying iphone and ipad Security Overview ios, the operating system at the core of iphone and ipad, is built upon layers of security. This enables iphone and ipad to securely access corporate services

More information

Solid-State Drives with Self-Encryption: Solidly Secure

Solid-State Drives with Self-Encryption: Solidly Secure Solid-State Drives with Self-Encryption: Solidly Secure 09/22/2011 Michael Willett Storage Security Strategist SAMSUNG SOLID STATE DRIVES Solid-State Drives SSD ADVANTAGES SOLID STATE DRIVES Save $$ on

More information

COORDINATED THREAT CONTROL

COORDINATED THREAT CONTROL APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,

More information

Building A Secure Microsoft Exchange Continuity Appliance

Building A Secure Microsoft Exchange Continuity Appliance Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building

More information

YOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION.

YOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION. YOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next Your Data Under Siege. Defend it with Encryption. 1.0 Keeping up with the

More information

Security Considerations for DirectAccess Deployments. Whitepaper

Security Considerations for DirectAccess Deployments. Whitepaper Security Considerations for DirectAccess Deployments Whitepaper February 2015 This white paper discusses security planning for DirectAccess deployment. Introduction DirectAccess represents a paradigm shift

More information

Famly ApS: Overview of Security Processes

Famly ApS: Overview of Security Processes Famly ApS: Overview of Security Processes October 2015 Please consult http://famly.co for the latest version of this paper Page 1 of 10 Table of Contents 1. INTRODUCTION TO SECURITY AT FAMLY... 3 2. PHYSICAL

More information

SSL VPN vs. IPSec VPN

SSL VPN vs. IPSec VPN SSL VPN vs. IPSec VPN White Paper 254 E. Hacienda Avenue Campbell, CA 95008 www.arraynetworks.net (408) 378-6800 1 SSL VPN vs. IPSec VPN Copyright 2002 Array Networks, Inc. SSL VPN vs. IPSec VPN White

More information

Data Security and Governance with Enterprise Enabler

Data Security and Governance with Enterprise Enabler Copyright 2014 Stone Bond Technologies, L.P. All rights reserved. The information contained in this document represents the current view of Stone Bond Technologies on the issue discussed as of the date

More information

The Hidden Dangers of Public WiFi

The Hidden Dangers of Public WiFi WHITEPAPER: OCTOBER 2014 The Hidden Dangers of Public WiFi 2 EXECUTIVE SUMMARY 4 MARKET DYNAMICS 4 The Promise of Public WiFi 5 The Problem with Public WiFi 6 MARKET BEHAVIOR 6 Most People Do Not Protect

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

MAC Web Based VPN Connectivity Details and Instructions

MAC Web Based VPN Connectivity Details and Instructions MAC Web Based VPN Connectivity Details and Instructions UMDNJ s Web-based VPN utilizes an SSL Based Cisco Application that provides VPN functionality without having to install a full client for end users

More information

Topics in Network Security

Topics in Network Security Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure

More information

Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities

Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities WHITE PAPER: ENTERPRISE SECURITY Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities White Paper: Enterprise Security Symantec Backup Exec 11d for Windows Servers Contents Executive

More information

TECHNICAL NOTE REFERENCE DOCUMENT. Improving Security for Axis Products. Created: 4 October 2007. Last updated: 11 October 2007. Rev: 1.

TECHNICAL NOTE REFERENCE DOCUMENT. Improving Security for Axis Products. Created: 4 October 2007. Last updated: 11 October 2007. Rev: 1. TECHNICAL NOTE REFERENCE DOCUMENT Improving Security for Axis Products Created: 4 October 2007 Last updated: 11 October 2007 Rev: 1.0 TABLE OF CONTENTS 1 INTRODUCTION 3 2 BEST-PRACTICE SECURITY POLICIES

More information

DiamondStream Data Security Policy Summary

DiamondStream Data Security Policy Summary DiamondStream Data Security Policy Summary Overview This document describes DiamondStream s standard security policy for accessing and interacting with proprietary and third-party client data. This covers

More information

SwiftStack Filesystem Gateway Architecture

SwiftStack Filesystem Gateway Architecture WHITEPAPER SwiftStack Filesystem Gateway Architecture March 2015 by Amanda Plimpton Executive Summary SwiftStack s Filesystem Gateway expands the functionality of an organization s SwiftStack deployment

More information

Deploying F5 with Microsoft Active Directory Federation Services

Deploying F5 with Microsoft Active Directory Federation Services F5 Deployment Guide Deploying F5 with Microsoft Active Directory Federation Services This F5 deployment guide provides detailed information on how to deploy Microsoft Active Directory Federation Services

More information

Remote Access VPN Solutions

Remote Access VPN Solutions Remote Access VPN Solutions P/N 500187 June 2000 Check Point Software Technologies Ltd. In this Document: Introduction Page 3 Remote Access VPN Defined Page 3 Business Case Page 4 Key Requirements Page

More information

Managing Multi-Hypervisor Environments with vcenter Server

Managing Multi-Hypervisor Environments with vcenter Server Managing Multi-Hypervisor Environments with vcenter Server vcenter Server 5.1 vcenter Multi-Hypervisor Manager 1.0 This document supports the version of each product listed and supports all subsequent

More information

Proto Balance SSL TLS Off-Loading, Load Balancing. User Manual - SSL. http://www.protonet.co.za/

Proto Balance SSL TLS Off-Loading, Load Balancing. User Manual - SSL. http://www.protonet.co.za/ Proto Balance SSL TLS Off-Loading, Load Balancing http://www.protonet.co.za/ User Manual - SSL Copyright c 2003-2010 Shine The Way 238 CC. All rights reserved. March 13, 2010 Contents 1. Introduction........................................................................

More information

INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM

INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM Okumoku-Evroro Oniovosa Lecturer, Department of Computer Science Delta State University, Abraka, Nigeria Email: victorkleo@live.com ABSTRACT Internet security

More information

GlobalSCAPE Wide Area File Services

GlobalSCAPE Wide Area File Services Wide Area File Services: Document Collaboration for the Distributed Business Environment The days of having everyone on a project together in the same office have long passed. To expand global reach and

More information

Securing Information in LiveBackup

Securing Information in LiveBackup . Atempo, Inc. Securing Information in LiveBackup How LiveBackup secures data in transmission and storage Date: December 7, 2007 Author: Amy Gracer, Version: alb.lbsg.311.2 en Copyright 2008 Atempo Inc.

More information

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment White Paper Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment Cisco Connected Analytics for Network Deployment (CAND) is Cisco hosted, subscription-based

More information

An examination of information security issues, methods and securing data with LTO-4 tape drive encryption Introduction

An examination of information security issues, methods and securing data with LTO-4 tape drive encryption Introduction Silverton Consulting, Inc. StorInt Briefing An examination of information security issues, methods and securing data with LTO-4 tape drive encryption Introduction Each month many companies, big or small,

More information

On the features and challenges of security and privacy in distributed internet of things. C. Anurag Varma achdc@mst.edu CpE 6510 3/24/2016

On the features and challenges of security and privacy in distributed internet of things. C. Anurag Varma achdc@mst.edu CpE 6510 3/24/2016 On the features and challenges of security and privacy in distributed internet of things C. Anurag Varma achdc@mst.edu CpE 6510 3/24/2016 Outline Introduction IoT (Internet of Things) A distributed IoT

More information

Achieving PCI Compliance Using F5 Products

Achieving PCI Compliance Using F5 Products Achieving PCI Compliance Using F5 Products Overview In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity

More information

ADOBE CONNECT ENTERPRISE SERVER 6

ADOBE CONNECT ENTERPRISE SERVER 6 Chapter 1: ADOBE CONNECT ENTERPRISE SERVER 6 SSL CONFIGURATION GUIDE Copyright 2006 Adobe Systems Incorporated. All rights reserved. Adobe Connect Enterprise Server 6, for Windows If this guide is distributed

More information

ACER ProShield. Table of Contents

ACER ProShield. Table of Contents ACER ProShield Table of Contents Revision History... 3 Legal Notices... 4 Executive Summary... 5 Introduction... 5 Protection against unauthorized access... 6 Why ACER ProShield... 7 ACER ProShield...

More information

Whitepaper : Using Unsniff Network Analyzer to analyze SSL / TLS

Whitepaper : Using Unsniff Network Analyzer to analyze SSL / TLS Whitepaper : Using Unsniff Network Analyzer to analyze SSL / TLS A number of applications today use SSL and TLS as a security layer. Unsniff allows authorized users to analyze these applications by decrypting

More information

Internet Privacy Options

Internet Privacy Options 2 Privacy Internet Privacy Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014 Common/Reports/internet-privacy-options.tex, r892 1 Privacy Acronyms

More information

High Security Online Backup. A Cyphertite White Paper February, 2013. Cloud-Based Backup Storage Threat Models

High Security Online Backup. A Cyphertite White Paper February, 2013. Cloud-Based Backup Storage Threat Models A Cyphertite White Paper February, 2013 Cloud-Based Backup Storage Threat Models PG. 1 Definition of Terms Secrets Passphrase: The secrets passphrase is the passphrase used to decrypt the 2 encrypted 256-bit

More information

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2 BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution

More information

Security Architecture Whitepaper

Security Architecture Whitepaper Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer

More information

Getting a Secure Intranet

Getting a Secure Intranet 61-04-69 Getting a Secure Intranet Stewart S. Miller The Internet and World Wide Web are storehouses of information for many new and legitimate purposes. Unfortunately, they also appeal to people who like

More information

ReadyNAS Replicate. Software Reference Manual. 350 East Plumeria Drive San Jose, CA 95134 USA. November 2010 202-10727-01 v1.0

ReadyNAS Replicate. Software Reference Manual. 350 East Plumeria Drive San Jose, CA 95134 USA. November 2010 202-10727-01 v1.0 ReadyNAS Replicate Software Reference Manual 350 East Plumeria Drive San Jose, CA 95134 USA November 2010 202-10727-01 v1.0 2010 NETGEAR, Inc. All rights reserved. No part of this publication may be reproduced,

More information

Catapult PCI Compliance

Catapult PCI Compliance Catapult PCI Compliance Table of Contents Catapult PCI Compliance...1 Table of Contents...1 Overview Catapult (PCI)...2 Support and Contact Information...2 Dealer Support...2 End User Support...2 Catapult

More information

Virtual Private Networks Secured Connectivity for the Distributed Organization

Virtual Private Networks Secured Connectivity for the Distributed Organization Virtual Private Networks Secured Connectivity for the Distributed Organization FORTINET VIRTUAL PRIVATE NETWORKS PAGE 2 Introduction A Virtual Private Network (VPN) allows organizations to securely connect

More information

How Endpoint Encryption Works

How Endpoint Encryption Works WHITE PAPER: HOW ENDPOINT ENCRYPTION WORKS........................................ How Endpoint Encryption Works Who should read this paper Security and IT administrators Content Introduction to Endpoint

More information

That Point of Sale is a PoS

That Point of Sale is a PoS SESSION ID: HTA-W02 That Point of Sale is a PoS Charles Henderson Vice President Managed Security Testing Trustwave @angus_tx David Byrne Senior Security Associate Bishop Fox Agenda POS Architecture Breach

More information

Acceleration of Data through SSL Virtual Private Networks

Acceleration of Data through SSL Virtual Private Networks Acceleration of Data through SSL Virtual Private Networks Rob Jansen University of Minnesota, Morris 600 East Fourth Street Morris, MN 56267 (123) 456-7890 jans0184@morris.umn.edu ABSTRACT A Virtual Private

More information

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has

More information

Video Conferencing and Security

Video Conferencing and Security Video Conferencing and Security Using the Open Internet and Encryption for Secure Video Communications & Guidelines for Selecting the Right Level of Security for Your Organization 1 Table of Contents 1.

More information

Understanding SSL VPN Sample Excerpt

Understanding SSL VPN Sample Excerpt Understanding SSL VPN Sample Excerpt 3 How SSL VPNs Work As described in Chapter 1, SSL VPN products allow users to establish secure remoteaccess sessions from virtually any Internet-connected web browser.

More information

White Paper How Noah Mobile uses Microsoft Azure Core Services

White Paper How Noah Mobile uses Microsoft Azure Core Services NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah

More information

WebEx Security Overview Security Documentation

WebEx Security Overview Security Documentation WebEx Security Overview Security Documentation 8/1/2003: WebEx Communications Inc. WebEx Security Overview WebEx Security Overview Introduction WebEx Communications, Inc. provides real-time communication

More information

Introduction to Mobile Access Gateway Installation

Introduction to Mobile Access Gateway Installation Introduction to Mobile Access Gateway Installation This document describes the installation process for the Mobile Access Gateway (MAG), which is an enterprise integration component that provides a secure

More information

A Performance Analysis of Gateway-to-Gateway VPN on the Linux Platform

A Performance Analysis of Gateway-to-Gateway VPN on the Linux Platform A Performance Analysis of Gateway-to-Gateway VPN on the Linux Platform Peter Dulany, Chang Soo Kim, and James T. Yu PeteDulany@yahoo.com, ChangSooKim@yahoo.com, jyu@cs.depaul.edu School of Computer Science,

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

Tel: 905.940.9000 Toll-Free: 800.668.5769 Fax: 905.940.9009 Oct 2005 Email: info@cail.com Website: www.cail.com. CAIL Security Facility

Tel: 905.940.9000 Toll-Free: 800.668.5769 Fax: 905.940.9009 Oct 2005 Email: info@cail.com Website: www.cail.com. CAIL Security Facility Tel: 905.940.9000 Toll-Free: 800.668.5769 Fax: 905.940.9009 Oct 2005 Email: info@cail.com Website: www.cail.com CAIL Security Facility Table of Contents A. Overview B. CAIL Security Solutions C. Summary

More information

TOP SECRETS OF CLOUD SECURITY

TOP SECRETS OF CLOUD SECURITY TOP SECRETS OF CLOUD SECURITY Protect Your Organization s Valuable Content Table of Contents Does the Cloud Pose Special Security Challenges?...2 Client Authentication...3 User Security Management...3

More information

Cisco Application Networking for BEA WebLogic

Cisco Application Networking for BEA WebLogic Cisco Application Networking for BEA WebLogic Faster Downloads and Site Navigation, Less Bandwidth and Server Processing, and Greater Availability for Global Deployments What You Will Learn To address

More information

Secured email Enterprise eprivacy Suite

Secured email Enterprise eprivacy Suite EMAIL SECURITY SOLUTIONS TECHNOLOGY REPORT Secured email Enterprise eprivacy Suite JANUARY 2007 www.westcoastlabs.org 2 EMAIL SECURITY SOLUTIONS TECHNOLOGY REPORT CONTENTS Secured email Enterprise eprivacy

More information

Cisco Application Networking for IBM WebSphere

Cisco Application Networking for IBM WebSphere Cisco Application Networking for IBM WebSphere Faster Downloads and Site Navigation, Less Bandwidth and Server Processing, and Greater Availability for Global Deployments What You Will Learn To address

More information

Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway

Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway TESTING & INTEGRATION GROUP SOLUTION GUIDE Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway INTRODUCTION...2 RADWARE SECUREFLOW... 3

More information

"ASM s INTERNATIONAL E-Journal on Ongoing Research in Management and IT"

ASM s INTERNATIONAL E-Journal on Ongoing Research in Management and IT To Study the Overall Cloud Computing Security Using Virtual Private Network. Aparna Gaurav Jaisingpure/Gulhane Email id: aparnagulhane@gmail.com Dr.D.Y.Patil Vidya Pratishthan s Dr. D.Y Patil College of

More information