Securing an IP SAN. Application Brief
|
|
- Helena McCarthy
- 8 years ago
- Views:
Transcription
1 Securing an IP SAN Application Brief All trademark names are the property of their respective companies. This publication contains opinions of StoneFly, Inc., which are subject to change from time to time. This publication is copyright by StoneFly, Inc. and is intended for use only by recipients authorized by StoneFly, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of StoneFly, Inc., is in violation of U.S. copyright law.
2 Introduction Storage Area Networks (SANs) provide a high-speed network for storing and retrieving data. With storage networking, a dedicated high-speed network allows files and data to transfer between storage devices and client machines directly, bypassing the traditional server bottlenecks and network control. In this way, increased flexibility and performance are achieved by separating control from data. SANs deliver the capability for any server to access any storage device. Though this is extremely powerful and cost effective, it is obvious that security measures must be in place to prevent illegal access to data and to prevent accidental corruption or loss of data. Networked storage can introduce security vulnerabilities. To counter these weaknesses, it is important to adopt storage-specific security policies and practices. Network infrastructures and storage networks must be evaluated from end to end and secured at every point of vulnerability. Security and Compliance To add to the security complexity issue, compliance with regulatory requirements has proven difficult for many organizations. Regulations dramatically impact data security, retention and storage requirements. These regulations include, but are not limited to: HIPPA for insurance, healthcare and medical providers SEC 17a-3 and 17a-4 for brokers and dealers in the financial services industry The Sarbanes-Oxley Act for public companies and institutions to regulate corporate and public accounting practices to ensure that financial statements are accurate Significant penalties and fines can result from regulatory violations, such as the unauthorized viewing of private medical records (HIPAA). IT departments now must report to upper management the risk that their networks face as well as give assurances that their storage and security practices comply with appropriate laws. IP SAN Security While the iscsi protocol itself provides quality of service and security features, the advanced services offered by TCP/IP internetworking can be immediately applied to iscsi traffic. For security, IP offers easily deployed mechanisms such as Access Control Lists (ACLs) and Virtual Private Networks (VPNs) and is compatible with more sophisticated capabilities such as IP Security (IPSec) and advanced data encryption algorithms or public key infrastructure (PKI). Because iscsi must accommodate inflows, such as , from untrusted IP environments, the iscsi specification allows for implementing multiple security methods. Given the vulnerability of corporate networks and the current regulatory climate, the good news is that you can reduce the risk to your storage network, protect your company's data assets, and better align security practices with the requirements of your environment. Considering Security Options There are two important considerations when evaluating IP storage security. First, the nature of Ethernet-based IP storage networks mean they are exposed to the same security vulnerabilities as those by traditional IP networks with connection to Internet traffic. As such, the same technologies and solutions may be used. The second consideration is performance degradation due to security measures. While performance for encrypted data may be acceptable for traditional LAN data traffic over IP networks, the level of degradation may be unacceptable for storage networks due to their high data rates and short time-out conditions. For example, data encryption of storage StoneFly, Inc. Page 2 of 7
3 traffic, performed by IPSec protocols, may induce significant delays for traffic between two high-speed SANs. Using IPSec, therefore, may require specialized hardware for the encryption/decryption process just to ensure acceptable performance. A sound security policy is an important tool for creating a secure LAN/SAN and may employ several different security mechanisms. Below is an overview of several security methods. Separate the LAN from the SAN At the very least, keep IP SAN storage on a physically separate network. Duplicate the key advantage of the Fibre Channel network: its physical separation from the IP network. Keep management of the IP SAN on a different subnet. StoneFly recommends both of these actions with its IP SAN. Firewalls Just as you place a firewall between your corporate LAN and the outside world, you can place a packet-filtering firewall between the IP SAN and the hosts. By restricting access to the IP SAN storage devices you can make it more difficult for an internal attacker to access the devices. Configure the filtering rules to only allow traffic to and from specific IP SAN ports and addresses. Use firewalls that support Network Address Translation to hide the real addresses and port numbers of the IP SAN devices from the outside world. One issue with firewalls is that they do not currently support the iscsi protocol so they can only be used for protection in the LAN. It will be highly desirable to have a firewall system built with the iscsi protocol because firewalls filter out multiple connections, which iscsi relies on for performance. Firewalls that support iscsi may become more common in the future. Virtual Private Networks (VPNs) For iscsi SANs behind a gateway, a VPN (virtual private network) could securely connect initiators and targets and differentiate between traffic that requires security and traffic that doesn't. The difference comes down to the risk of security threats and whether the network topology stresses security at the network edge or at each individual node. Security at the edge raises infrastructure costs but allows multiple nodes to share security resources. Security at each node means data is secure, but every device that handles secure data must have its own security-processing resources, potentially at a greater overall cost. Devices in which you can optionally implement security will cover the needs of the security market without raising costs for users that don't need or won't pay for security. This may mean building a virtual private network that makes a tunnel around the information and lets it be seen only by authorized users. Alternatively, some of the highspeed VPN appliances in the market may be deployed. VPNs are often combined with other cryptographic authentication methods. For example, IPSec support may be integrated in the initiator and the target, or be provided by a standalone device such as a VPN appliance. One solution for Organizations that want to prevent unauthorized internal LAN access to block level data is to install VPNs to prevent LAN access to the SAN. Some VPNs support additional security measures such as IPSec or another type of encryption. StoneFly, Inc. Page 3 of 7
4 For more IP SAN protection, especially to prevent insiders from gaining unauthorized access, VPNs can be located in the Storage Network as well. RADIUS The RADIUS protocol is a widely used protocol for performing network authentication, authorization, and accounting (AAA) functions. It is used to control remote and local user access - via dial-in, VPN, firewall, wireless, LAN, or any combination. RADIUS is primarily implemented by using a dedicated RADIUS server. RADIUS servers are designed to provide the foundation for network identity services in a secure and easy-to-manage implementation. Access Control The measures discussed so far, provide security within the physical storage network and storage subsystems. Another critical security aspect is the access to the logical volumes and its administration on the servers. This allows a hacker using a spoofed address to gain access to the IP storage device, without the additional challenge of obtaining root (or similar) access. At that point the intruder could read and write data with the same privileges as the spoofed host. With IP SANs this type of attack can be launched from anywhere inside or outside of the corporate network. Software that controls access to data volumes is an effective tool that manages potential data corrupting issues. Each user, application, or group can be assigned different access privileges for every storage volume. This is usually accomplished through the volume manager as part of the OS and file system environment on the server. A storage management solution should provide direction on storage provisioning to maintain these storage access rights of the volume manager on the host. Access Control for iscsi is volume or host-based rather than user-based. StoneFly supports Access Control Lists (ACLs) for both hosts and volumes. Access Control is strengthened by using CHAP. CHAP The iscsi protocol specifies a variety of security capabilities, including the use of Challenge Handshake Authentication Protocol (CHAP) during initial iscsi login to restrict access to targets. CHAP allows you to set a Password or Secret as a gatekeeper for communication between a host initiator and a volume. Combined, access control lists and CHAP provide a high degree of security to ensure that only specified hosts have access to Storage Concentrator volumes. StoneFly, Inc. Page 4 of 7
5 CHAP is supported at the Volume Level and at the Host level in the StoneFly Storage Concentrator. Depending on the host initiator, you may want to specify host CHAP, volume CHAP, both host and volume with the same or different secrets, or use neither. Encryption Once you have access controls in place, encryption is the next logical step in securing data stored in an IP SAN. Encryption provides restriction if access controls are circumvented. In other words, encryption should stop someone who has already broken through the first line of defense. Encryption forms the next barrier of entry for data at rest. Encryption is the conversion of data into a form that cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so it can be understood. The use of encryption/decryption is as old as the art of communication. In wartime, a cipher, often incorrectly called a "code," was employed to keep the enemy from obtaining the contents of transmissions. Simple ciphers include the substitution of letters for numbers, the rotation of letters in the alphabet, and the "scrambling" of voice signals by inverting the sideband frequencies. More complex ciphers work according to sophisticated computer algorithms that rearrange the data bits in digital signals. In order to easily recover the contents of an encrypted signal, the correct decryption key is required. The key is an algorithm that "undoes" the work of the encryption algorithm. Alternatively, a computer can be used in an attempt to "break" the cipher. The more complex the encryption algorithm, the more difficult it becomes to decrypt the information without access to the key. The major downside to encryption is the substantial performance hit to servers and applications. Several storage security vendors, such as Decru, Kasten Chase, and Neoscale offer high-speed encryption solutions for storage traffic. Encryption solutions that reside below iscsi such as IPSec require no special negotiation between iscsi end devices and are transparent to the upper layers. For other authentication implementations such as Kerberos or Public/Private Key exchanges, the iscsi Login Phase provides text fields for negotiating the type of security supported by both end devices. If the negotiation is successful, the data exchanged between iscsi devices will be formatted for appropriate security validation required by the agreed upon security routine. An Internet Storage Name Server (isns) may also be used to assist this process by, for example, serving as a repository for public keys. IPSec The iscsi standard requires that IPSec be supported, but allows its use to be optional. Not all hardware vendors currently include support for IPSec. iscsi HBAs and storage systems are available both with and without IPSec security. Some solutions, such as the StoneFly Storage Concentrator can support the storage of encrypted data, but not the actual encryption/decryption process. IPSec supports two encryption modes: Transport and Tunnel. Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encrypts both the header and the payload. On the receiving side, an IPSec-compliant device decrypts each packet. StoneFly, Inc. Page 5 of 7
6 For IPSec to work, the sending and receiving devices must share a public key. This is accomplished through a protocol known as IP Encapsulating Security Payload (ESP) and Internet Key Exchange (IKEv2) Protocol, which allows the receiver to obtain a public key and authenticate the sender using digital certificates. Public Key Infrastructure (PKI) PKI is based on a pair of mathematically related public and private keys. While the private key is carefully safeguarded, the public key is linked to subject identifier information (e.g., name and other information) in a digitally signed public key certificate, where the subject is the owner of the public/private key pair. This linkage or binding is made possible by including specified data in the certificate, which is essentially a specially formatted file generated in accordance with industry standards. The certificate itself and the public and private keys are then used by systems to represent the individual or entity that is the subject identified by the certificate. In some cases, they will be used in the process of creating and verifying digital signatures. Therefore, it is critical for a relying party application (i.e., an application that relies on the use of a certificate) to have confidence that the certificate correctly and accurately identifies the subject and subject s public key, as well as the issuer of the certificate. The distinguishing feature of PKI is the use of the certificate published by a Certification Authority to confirm the identity, and other relevant information about the entity that holds the certificate. Secure Socket Layer Secure Sockets Layer (SSL) is a specially designed PKI protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a private key to encrypt data that's transferred over the SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http. SSL support is built into the StoneFly Storage Concentrator, which uses https and password protection. Application Software Security Many software applications support security, such as encryption. For example, StoneFly Backup Advantage allows encrypting data both for transmission over un-secure networks and for storage on third-party vaults. The data is always encrypted in the same manner (blowfish algorithm), but key management policies differ depending on the customer needs. For customers that need only network security the keys are randomly chosen for every session. Data is encrypted on Client and the keys are discarded at the end. The entire process is completely transparent to the user; all the user has to do is to enable encryption. Summary Since iscsi security is based on the same technology used for TCP/IP security today, a single SAN with secure iscsi initiators can easily span over a WAN with storage devices and servers in multiple locations. By providing security in iscsi end-nodes, the storage network and data network can eventually converge to maximize network bandwidth usage, lower network management costs, and share the same fabric switch equipment, without the concern of security breaches and illegal access to information. Protecting data in an IP SAN is relatively straightforward due to the iscsi specification, which allows for implementing multiple security methods. While the iscsi protocol itself provides quality of service and security features, the advanced services offered by TCP/IP internetworking can be immediately applied to iscsi traffic. Vendors such as StoneFly StoneFly, Inc. Page 6 of 7
7 support a variety of security methods both explicitly and implicitly, giving IP SAN users the means to form a sound security strategy. StoneFly, Inc. Page 7 of 7
Virtual Private Networks
Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationComputer Networks. Secure Systems
Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to
More informationInternet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols 2011-11-22. ETSF10 Internet Protocols 2011
Internet Security Voice over IP ETSF10 Internet Protocols 2011 Kaan Bür & Jens Andersson Department of Electrical and Information Technology Internet Security IPSec 32.1 SSL/TLS 32.2 Firewalls 32.4 + Voice
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationRemote Access Security
Glen Doss Towson University Center for Applied Information Technology Remote Access Security I. Introduction Providing remote access to a network over the Internet has added an entirely new dimension to
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationINTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002
INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationSecurity Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationRegulatory Compliance Solutions for Security and Privacy
Regulatory Compliance Solutions for Security and Privacy Nobuyuki Osaki SAN Solutions Lab Hitachi America Ltd Hitachi and Hitachi Data Systems Hitachi Ltd Founded 1910 One of the World s Largest Integrated
More informationProtecting a Corporate Network with ViPNet. Best Practices in Configuring the Appropriate Security Level in Your ViPNet Network
Protecting a Corporate Network with ViPNet Best Practices in Configuring the Appropriate Security Level in Your ViPNet Network Introduction Scope ViPNet technology protects information systems by means
More informationSSL Overview for Resellers
Web Security Enterprise Security Identity Verification Services Signing Services SSL Overview for Resellers What We ll Cover Understanding SSL SSL Handshake 101 Market Opportunity for SSL Obtaining an
More informationCS 356 Lecture 27 Internet Security Protocols. Spring 2013
CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationWhite Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
More informationINF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationState of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005
State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More informationReport to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999
Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer February 3, 1999 Frame Relay Frame Relay is an international standard for high-speed access to public wide area data networks
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More informationWhat is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?
What is a Firewall? Computer Security Firewalls fire wall 1 : a wall constructed to prevent the spread of fire 2 usually firewall : a computer or computer software that prevents unauthorized access to
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationThe Benefits of SSL Content Inspection ABSTRACT
The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic
More informationBest practices for protecting network data
Best practices for protecting network data A company s value at risk The biggest risk to network security is underestimating the threat to network security. Recent security breaches have proven that much
More informationApplication Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )
Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationNetwork Security. Chapter 9 Integrating Security Services into Communication Architectures
Network Security Chapter 9 Integrating Security Services into Communication Architectures Network Security (WS 00): 09 Integration of Security Services Motivation: What to do where?! Analogous to the methodology
More informationVirtual Private Networks: IPSec vs. SSL
Virtual Private Networks: IPSec vs. SSL IPSec SSL Michael Daye Jr. Instructor: Dr. Lunsford ICTN 4040-001 April 16 th 2007 Virtual Private Networks: IPSec vs. SSL In today s society organizations and companies
More informationWireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com
Wireless Security Overview Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com Ground Setting Three Basics Availability Authenticity Confidentiality Challenge
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationnwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
More informationExecutive Summary and Purpose
ver,1.0 Hardening and Securing Opengear Devices Copyright Opengear Inc. 2013. All Rights Reserved. Information in this document is subject to change without notice and does not represent a commitment on
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationIntroduction to Computer Security
Introduction to Computer Security Network Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Circuit switching vs. packet switching OSI and TCP/IP layered models TCP/IP encapsulation
More informationUnderstand Wide Area Networks (WANs)
Understand Wide Area Networks (WANs) Lesson Overview In this lesson, you will review: Dial-up Integrated services digital networks (ISDN) Leased lines Virtual private networks (VPN) Wide area networks
More informationTechnical papers Virtual private networks
Technical papers Virtual private networks This document has now been archived Virtual private networks Contents Introduction What is a VPN? What does the term virtual private network really mean? What
More informationHigh Performance VPN Solutions Over Satellite Networks
High Performance VPN Solutions Over Satellite Networks Enhanced Packet Handling Both Accelerates And Encrypts High-Delay Satellite Circuits Characteristics of Satellite Networks? Satellite Networks have
More informationAsheville-Buncombe Technical Community College Department of Networking Technology. Course Outline
Course Number: SEC 150 Course Title: Security Concepts Hours: 2 Lab Hours: 2 Credit Hours: 3 Course Description: This course provides an overview of current technologies used to provide secure transport
More informationFirewall Architecture
NEXTEP Broadband White Paper Firewall Architecture Understanding the purpose of a firewall when connecting to ADSL network services. A Nextep Broadband White Paper June 2001 Firewall Architecture WHAT
More informationSteelcape Product Overview and Functional Description
Steelcape Product Overview and Functional Description TABLE OF CONTENTS 1. General Overview 2. Applications/Uses 3. Key Features 4. Steelcape Components 5. Operations Overview: Typical Communications Session
More informationChapter 32 Internet Security
Chapter 32 Internet Security Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 32: Outline 32.1 NETWORK-LAYER SECURITY 32.2 TRANSPORT-LAYER SECURITY 32.3
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More informationProtocol Security Where?
IPsec: AH and ESP 1 Protocol Security Where? Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos
More informationPRIVACY, SECURITY AND THE VOLLY SERVICE
PRIVACY, SECURITY AND THE VOLLY SERVICE Delight Delivered by EXECUTIVE SUMMARY The Volly secure digital delivery service from Pitney Bowes is a closed, secure, end-to-end system that consolidates and delivers
More informationSite to Site Virtual Private Networks (VPNs):
Site to Site Virtual Private Networks Programme NPFIT DOCUMENT RECORD ID KEY Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0002.01 Prog. Director Mark Ferrar Owner Tim Davis Version 1.0
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More informationSecurity Policy Revision Date: 23 April 2009
Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure
More informationICTTEN8195B Evaluate and apply network security
ICTTEN8195B Evaluate and apply network security Release 1 ICTTEN8195B Evaluate and apply network security Modification History Release Release 2 Comments This version first released with ICT10 Integrated
More informationWhite Paper. BD Assurity Linc Software Security. Overview
Contents 1 Overview 2 System Architecture 3 Network Settings 4 Security Configurations 5 Data Privacy and Security Measures 6 Security Recommendations Overview This white paper provides information about
More informationUsing Application Layer Technology to Overcome the Impact of Satellite Circuit Latency on VPN Performance
Using Application Layer Technology to Overcome the Impact of Satellite Circuit Latency on VPN Performance Ground Control February 2003 Abstract This paper explains the source of severe throughput degradation
More informationTrustNet CryptoFlow. Group Encryption WHITE PAPER. Executive Summary. Table of Contents
WHITE PAPER TrustNet CryptoFlow Group Encryption Table of Contents Executive Summary...1 The Challenges of Securing Any-to- Any Networks with a Point-to-Point Solution...2 A Smarter Approach to Network
More informationSecure Remote Monitoring of the Critical System Infrastructure. An Application Note from the Experts in Business-Critical Continuity
Secure Remote Monitoring of the Critical System Infrastructure An Application Note from the Experts in Business-Critical Continuity TABLE OF CONTENTS Introduction................................................2
More informationImplementing Secured Converged Wide Area Networks (ISCW) Version 1.0
COURSE OVERVIEW Implementing Secure Converged Wide Area Networks (ISCW) v1.0 is an advanced instructor-led course that introduces techniques and features that enable or enhance WAN and remote access solutions.
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationOverview. Protocols. VPN and Firewalls
Computer Network Lab 2015 Fachgebiet Technische h Informatik, Joachim Zumbrägel Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls VPN-Definition VPNs (Virtual Private Networks)
More informationHow To Secure My Data
How To Secure My Data What to Protect??? DATA Data At Rest Data at Rest Examples Lost Infected Easily Used as Backup Lent to others Data Corruptions more common Stolen Left at airports, on trains etc Hard
More informationTim Bovles WILEY. Wiley Publishing, Inc.
Tim Bovles WILEY Wiley Publishing, Inc. Contents Introduction xvii Assessment Test xxiv Chapter 1 Introduction to Network Security 1 Threats to Network Security 2 External Threats 3 Internal Threats 5
More information7.1. Remote Access Connection
7.1. Remote Access Connection When a client uses a dial up connection, it connects to the remote access server across the telephone system. Windows client and server operating systems use the Point to
More informationChapter 9 Integrating Security Services into Communication Architectures
Network Security Chapter 9 Integrating Security Services into Communication Architectures Prof. Dr.-Ing. Georg Carle Chair for Computer Networks & Internet Wilhelm-Schickard-Institute for Computer Science
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationHow To Pass A Credit Course At Florida State College At Jacksonville
Form 2A, Page 1 FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE COURSE NUMBER: CTS 2658 COURSE TITLE: PREREQUISITE(S): COREQUISITE(S): Managing Network Security CNT 2210 with grade
More informationSecurity in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
More informationNetworking Security IP packet security
Networking Security IP packet security Networking Security IP packet security Copyright International Business Machines Corporation 1998,2000. All rights reserved. US Government Users Restricted Rights
More informationThis chapter describes how to set up and manage VPN service in Mac OS X Server.
6 Working with VPN Service 6 This chapter describes how to set up and manage VPN service in Mac OS X Server. By configuring a Virtual Private Network (VPN) on your server you can give users a more secure
More informationSecure Use of the New NHS Network (N3): Good Practice Guidelines
Programme NPFIT Document Record ID Key Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0003.01 Prog. Director Mark Ferrar Status Approved Owner Tim Davis Version 1.0 Author Phil Benn Version
More informationSecurity. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key
Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder
More informationAchieving High Availability & Rapid Disaster Recovery in a Microsoft Exchange IP SAN April 2006
Achieving High Availability & Rapid Disaster Recovery in a Microsoft Exchange IP SAN April 2006 All trademark names are the property of their respective companies. This publication contains opinions of
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationWireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com
Wireless VPN White Paper WIALAN Technologies, Inc. http://www.wialan.com 2014 WIALAN Technologies, Inc. all rights reserved. All company and product names are registered trademarks of their owners. Abstract
More informationSecure SCADA Network Technology and Methods
Secure SCADA Network Technology and Methods FARKHOD ALSIHEROV, TAIHOON KIM Dept. Multimedia Engineering Hannam University Daejeon, South Korea sntdvl@yahoo.com, taihoonn@paran.com Abstract: The overall
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 3 Firewalls Specific Instructional Objectives On completion of this lesson, the students will be able to answer: What a firewall is? What are the design goals of Firewalls
More informationIPV6 vs. SSL comparing Apples with Oranges
IPV6 vs. SSL comparing Apples with Oranges Reto E. Haeni r.haeni@cpi.seas.gwu.edu The George Washington University Cyberspace Policy Institute 2033 K Str. Suite 340 N Washington DC 20006 Washington DC,
More informationChapter 17 Determining Windows 2000 Network Security Strategies
625 CHAPTER 17 Determining Windows 2000 Network Security Strategies Today, most organizations want their computer infrastructure connected to the Internet because it provides valuable services to their
More informationACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0
ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Fundamental Principles of a Secure Network
More informationIntroduction to Computer Security
Introduction to Computer Security Network Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Circuit switching vs. packet switching OSI and TCP/IP layered models TCP/IP encapsulation
More informationData-at-Rest Encryption Addresses SAN Security Requirements
Data-at-Rest Encryption Addresses SAN Security Requirements QLogic 2500 Series Fibre Channel Adapters Meet Enterprise Security Needs Key Findings SAN security via encryption is necessary for protecting
More informationSCADA/Business Network Separation: Securing an Integrated SCADA System
SCADA/Business Network Separation: Securing an Integrated SCADA System This white paper is based on a utility example but applies to any SCADA installation from power generation and distribution to water/wastewater
More informationGuideline for setting up a functional VPN
Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the
More informationVPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls
Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls Computer Net Lab/Praktikum Datenverarbeitung 2 1 VPN - Definition VPNs (Virtual Private Networks) allow secure data transmission
More informationConfiguring Windows 2000/XP IPsec for Site-to-Site VPN
IPsec for Site-to-Site VPN November 2002 Copyright 2002 SofaWare Technologies Inc, All Rights Reserved. Reproduction, adaptation, or translation with prior written permission is prohibited except as allowed
More informationSolutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance
White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationSonicOS 5.9 / 6.0.5 / 6.2 Log Events Reference Guide with Enhanced Logging
SonicOS 5.9 / 6.0.5 / 6.2 Log Events Reference Guide with Enhanced Logging 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION:
More informationFirewall Introduction Several Types of Firewall. Cisco PIX Firewall
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls
More informationHow NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements
How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards
More information1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network
WP 1004HE Part 5 1. Cyber Security White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network Table of Contents 1. Cyber Security... 1 1.1 What
More informationCisco Certified Security Professional (CCSP)
529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Security Professional (CCSP) Program Summary This instructor- led program with a combination
More information