Medium Grade Features For Military Messaging
|
|
- Cynthia Mason
- 8 years ago
- Views:
Transcription
1 Medium Grade Features For Military Messaging Christopher D. Bonatti IECA, Inc Turkey Foot Road Darnestown, MD Abstract Two grades of messaging service have evolved independently in two different communities. The military messaging community has evolved an expectation of a high grade of messaging functionality. In contrast, the Internet messaging community has long provided a low grade of messaging functionality in keeping with the Internet s simple and best effort paradigms. Commercial use of the Internet and military reliance on commercial off the shelf (COTS) products are forcing both communities to evolve to a common level of service the so called medium grade messaging. Standards bodies and industry fora have been working, often disjointedly, for several years to elaborate definitions of medium grade messaging features. This paper attempts to capture and refine a unified set of functional definitions for medium grade messaging drawing from a variety of sources. I INTRODUCTION Military messaging has evolved over many decades to establish expectations for a high grade of messaging functionality. This is reflected today in the level of service described in Allied Communications Publication (ACP) 123 [1] for International Telecommunications Union (ITU) Telecommunications Standardization Sector (ITU-T) X.400 series of recommendations [2]. The Simple Mail Transfer Protocol (SMTP), which is used widely on the Internet, has long provided a low grade of messaging functionality in keeping with the Internet s simple and best effort paradigms. Commercial electronic mail systems now embrace Internet mail, but are also striving to provide a higher level of messaging functionality to its users; a so called medium grade of messaging services. Meanwhile, military messaging systems are under pressure to reduce functionality and admit commercial off the shelf (COTS) products. These factors are forcing both communities to evolve to a common level of service, described herein as medium grade messaging. Standards bodies and consortia have both attempted to direct the drive to medium grade messaging by defining its requirements. The International Telecommunications Union (ITU) Telecommunications Standardization Sector (ITU-T) and the International Organization for Standardization (ISO) have amended the X.400 series of recommendations [2 and 3] with additional functionality to provide what they term Business Class Messaging (BCM) [4 through 7]. The Electronic Mail Association (EMA) developed a Business Quality Messaging (BQM) Functional Specification [8]. More recently, the U.S. Department of Defense (DoD) is developing a strategy and profile for Medium Grade Messaging (MGM) [9 and 10]. While all of these initiatives have their differences, a core set of requirements for what makes a messaging system medium grade appear to be emerging. II MODEL AND CRITERIA The various standards bodies and consortia that have attempted to define possible medium grade messaging features have varied in their results, in part because of differences in their approach and scope. Some studies, such as the effort, have attempted to model messaging from the very concrete perspective of application programming interfaces (APIs). Others, such as the effort, have taken a more generic service-oriented approach. In order to bridge these diverse different viewpoints, it is necessary to establish a uniform model and set of criteria for identifying possible business class features. For simplicity, this paper asserts a common definition of both the messaging model and the scope of a medium grade feature. GENERIC MESSAGING MODEL The messaging model that is assumed for the purposes of this discussion is necessarily simple. Fig. 1 depicts the model and its relationship to existing models. The messaging model includes a generic message exchange service whose properties are assumed to be broadly similar to COTS suites of SMTP or X.400 products. The functionality of the exchange service Services Provided Human User Services Provided Originating Submission Transport Layer Network/Internet Layer Data Link/Network Layer Physical Layer Virtual Association (Peer Protocol) Services Provided Network Service Service Transport Layer Network/Internet Layer Data Link/Network Layer Physical Layer Retrieval Recipient s Fig. 1. A generic messaging model is helpful in avoiding debates about underlying technology. Page 1
2 subsumes that of message store (MS), distribution list (DL), translation gateways, and other common features of messaging systems. It is intended to collect all of the functions of the messaging service provider within the model. Further refinement of the exchange service is not possible without becoming technology-specific. ISO BCM DoD MGM The messaging model also includes user agents (s), which act on behalf of the human user to submit and take delivery of messages. The is the focus for all content-oriented services that are provided on an originator-to-recipient basis. Both the message exchange service and the s operate as application layer entities, and provide services to the human user. Security services may apply equally throughout the messaging model. CRITERIA FOR MEDIUM GRADE FEATURES In the context of this paper, a feature is an element of protocol, service or procedure that results in some quantifiable service being provided to either the originator or recipient(s) of messages. In evaluating potential features for a medium grade messaging service, the following prioritized criteria were used to assess the overall merit of each feature. Good MGM features should: Be independent of particular implementation strategy or protocols; Apply to a broad community of users; and Not be provided by common configurations of COTS message handling systems. Ideally, some commonality was also sought among different medium grade initiatives (e.g.,, ISO BCM). However, in some cases, features failing to meet this criterion were included based on strengths in other areas. Fig. 2 illustrates the ideal relationship between the different medium grade initiatives and the features in this paper. III DESCRIPTION OF COMMON FEATURES Several medium grade messaging features stand out as obvious deficiencies in the existing state of the industry, while other features are more esoteric but provide excellent benefits to the user for implementation costs that are quite low. Most of the features from the former category apply to the message exchange service, while most of the latter are instantiated only as additional EMA BQM Features identified as common in this paper. Fig. 2. A Venn diagram shows the approximate relationship between the various medium grade definitions and the set of common features. fields in the message content. Table 1 summarizes the set of features discussed in this section, and lists their respective types and origins. Table. 1. The common medium grade features originate from a variety of specifications. Feature Name Type Origin(s) Transaction-style Processing for Reliability Delivery and Nondelivery Notifications Receipt Notifications Delivery Priority Maximum Lifetime Distribution List Expansion DL Exempted Recipients ACP 123 ACP 123 ACP 123 Access Control Security Page 2
3 Feature Name Type Origin(s) Confidentiality Security Integrity Security Non-repudiation of Origin Non-repudiation of Receipt Security Labeling Globally Unique Identifier Security Security Security Content Precedence Content Obsoleting Content Distribution Codes Authorization Time Manual Handling Instructions Information Category Originator Reference Other Recipients Circulation List Recipients Content MESSAGE EXCHANGE SERVICE FEATURES A robust message exchange service is critical to any medium grade messaging product or service. Necessarily features include high reliability, delivery and non-delivery notifications, message delivery priority, receipt notifications, message delivery priority, maximum message lifetime, distribution list (DL) expansion, and DL exempted recipients. Transaction-style Processing for Reliability Medium grade exchange services should be implemented so as to ensure reliability of message submission, transfer and delivery. A transactional style of processing must be adopted to provide an acceptable level of reliability in a distributed system. For messaging protocol engines, this constitutes design of message transfer agents (MTAs) and user agents (s) to reach a stable and recoverable state of message processing (e.g., logged into the in-queue and saved to non-volatile storage) before acknowledging a completion of any message transfer. Other factors such as graceful recovery from a systems failure also need to be considered. Delivery and Non-delivery Notifications Notifying the originator when a message cannot be delivered to its intended recipients is a basic feature of nearly all messaging systems. Notification that a successful delivery has taken place is also very important in many business scenarios, but is only now beginning to be widely supported. Delivery notifications are important because they often constitute a report of the delivery from a neutral third party. They also provide an indication of when a particular message reached the recipient company or organization regardless of how quickly that company may have processed the information. In business processes that involve submission deadlines, this type of information can be quite valuable to the originator. Receipt Notifications Receipt notifications provide a positive confirmation that the has processed the message. What constitutes processing varies widely, but usually entails opening a message and may even entail manually confirming reading and understanding the message. This capability is crucial in business scenarios in which hand-off of responsibility is required. Receipt notifications are usually generated by the recipient s, but are part of the message exchange functions. Delivery Priority A prioritized message exchange service is important for optimizing resource utilization for scenarios in which: a) The cost of transmission is high, or; b) The available transmission resources are saturated. Both of these situations are more common than is generally realized particularly in the small business sector. Prioritized message exchange allows urgent messages to be expedited by MTAs (causing the urgent messages to be sent before less urgent traffic) perhaps causing an intermittent network connection to be opened ahead of schedule. Conversely, this feature allows more aggressive cost control for a company s Page 3
4 overall messaging system. This is because the high level of service required for urgent messages need not be maintained for the bulk of the message traffic. Maximum Lifetime Many types of information exchanged using message handling are perishable. Services that allow the originator to provide an indication of this perishability, in the form of an expiry time, reduce transfer costs and adverse impacts on recipients. Distribution List Expansion Distribution lists (DLs) go by many names in the messaging industry depending on their exact characteristics and implementation. Sometimes called address lists (ALs), mail lists (MLs), or merely mail exploders; this ability to support sending messages to a centrally managed list of recipients is a critical medium grade messaging feature. DLs are used to support the dissemination of information to teams and business units of all sizes, and to support on line discussion in distributed fora. DL Exempted Recipients Some messaging systems enable the originator to specify particular recipients that should be omitted from the set of recipients resulting from DLs. This capability is quite useful in circumstances where the business process requires a small number of recipients to be excluded from a widespread distribution. Examples include collection of personnel performance appraisal inputs, or exclusion of traveling users from large file distributions. Support of this feature is not yet widespread, and is thus a key product discriminator. SECURITY FEATURES Protection of message traffic with security services is increasingly important to any medium grade messaging product or service. Necessarily features include access control, message confidentiality, message integrity, non-repudiation of origin, non-repudiation of delivery, message security labeling, and message sequence integrity. Access Control Control of access to the messaging infrastructure has become a more appreciated issue in recent years. Recent increases in theft of service, denial of service attacks, and anonymous Internet junk mail (i.e., spam ) have increased awareness of this deficiency in many messaging systems. Countermeasures recently deployed against these threats include submission control based on originating network address and restriction of transfer only operations on many MTAs. Stronger means are also possible based on cryptographic authentication mechanisms, but these are not yet broadly supported by industry. Confidentiality Services that prevent the disclosure of the content of a message to anyone other than the authorized recipients are a vital part of the messaging security requirement for medium grade messaging. Business processes that involve personal, proprietary or classified information cannot be safely conducted over messaging without this service. confidentiality is usually provided by encryption supported by protected exchange of a onetime shared symmetric key. The key exchange is usually performed within the messaging protocols. Integrity Basic message integrity is an essential requirement of the transfer service, but protection against deliberate tampering or modification enters the realm of security. This service is necessary in any medium grade messaging product or service. integrity is usually provided by use of a digital signature over the message, but may also be provided by application of secure hash or other encryption functions. Non-repudiation of Origin Non-repudiation of origin is the capability for the recipient to be able to demonstrate to a third party that the originator of a message is actually who they claim to be. Business processes that involve authorized approval cannot be safely conducted over messaging without this service. Non-repudiation of origin is usually provided by use of a digital signature over the message. Non-repudiation of Receipt Non-repudiation of receipt is the capability for the originator to be able to demonstrate to a third party that the intended recipient of a message has actually received it, and is who they claim to be. Nonrepudiation of receipt is usually provided by use of a digital signature over some form of receipt. Security Labeling security labeling allows the originator to attach an indication of the message s sensitivity to disclosure or other threats. Labeling is of growing importance in medium grade messaging as commercial enterprises recognize benefits from a compartmentalization approach to handling proprietary information. The ASN.1 data structure SecurityLabel, originally described in International Telegraph and Telephone Page 4
5 Consultative Committee (CCITT) 1 recommendation X.411:1988 [11], has become a de-facto standard because of its adoption in numerous secure messaging and directory efforts. However, subsequent definition of the security-categories field of the X.411 label has proven to be controversial, and is continuing in NATO, the Combined Communications Electronics Board (CCEB), and ISO Subcommittee 27 (SC27). CONTENT FEATURES The content of the message itself must provide a number of vital services to adequately support medium grade messaging. Necessarily features include a globally unique message identifier, a precedence indication, an obsoleting indication, distribution codes, an authorization time, manual handling instructions, an information category, an originator reference, other recipients, and the circulation list. Globally Unique Identifier s should be associated with a globally unique identifier to facilitate correlation of duplicates, allow cross-referencing of messages, and support management functions. Global uniqueness can easily be achieved by appending an appropriate time code or serial number to a uniquely registered user name or address. Many messaging systems already provide globally unique identifiers, but limit their effectiveness by conveying them in varying protocol fields (e.g., often X- extension headers in SMTP). Precedence s should contain an indication of the originator s perceived importance, or relevance, of the message (i.e., precedence) to each recipient of the message. This precedence value might be used to affect how the message is presented to the user (e.g., highlights or colors), or might trigger automatic alerts (e.g., via pager). Each recipient might have a different precedence. This service may or may not be directly tied to the message delivery priority service described for the exchange service. Obsoleting s should contain the globally unique message identifier of any other messages that by its receipt are rendered outdated or obsolete. This service addresses the perishability of messages from a different 1 Note that CCITT was later reorganized into the ITU-T. The term CCITT is used here for historical accuracy. perspective than the maximum message lifetime service described for the exchange service. This service aims to reduce confusion on the part of recipients as a result of message perishability. Distribution Codes The distribution codes service enables the originator to provide the recipient s with information to support the redistribution of the message either within the messaging system (e.g., auto-forwarding) or externally (e.g., hard copy distribution). It may also provide information to features such as automatic alerts (e.g., pager). Authorization Time The authorization time indication service enables the originator to indicate to the recipient the date and time at which a message was formally authorized. Depending upon local requirements, this date and time stamp may vary from the date and time when the message was submitted to the transfer system. Manual Handling Instructions The manual handling instructions indication service enables the originator to indicate to the recipient any post-delivery instructions (e.g., recipient handling remarks) that may accompany the message. The service might provide instructions consisting of free form text that may state special requests for recipient handling, or instructions for how to process body data. Information Category The information category indication service enables the originator to indicate to the recipient the character of the information contained in the message. The service might provide a registered identifier for each particular category, or free form information describing the nature of the communication. The recipient may use the information provided by this service to affect the presentation of messages to the recipient, or to affect any other local processing functions. A specific definition of information category values and semantics should be mutually supported by the originator and the recipient. Examples of possible information category values include: draft message, press release, contractual commitment, and policy statement. Originator Reference The originator reference indication service enables the originator to indicate to a recipient a reference value, chosen by the originator, to be used within the organization of the originator as an internal reference. Examples of possible references include: file number, claim number, and legal case number. This information may be used by the recipient in later communications Page 5
6 with the originator, possibly by other means, concerning a particular message. Other Recipients The other recipients indication service enables an originator to indicate to a recipient the names of intended recipients who will receive a message without the use of messaging (e.g., via fax). The service should also allow indication of which category, such as primary (i.e., To: ) or copy (i.e., Cc: ), the other recipients should be considered. Circulation List Recipients The circulation list recipients indication service enables the originator to indicate to the recipient a list of recipients to which the originator requests the message be serially distributed. In this context, recipients that have received the message are said to be "checked" in the circulation list. The circulation list should be updated by the recipient and included in a forwarded IPM sent to the next recipient that has not been checked. This service models a common business practice for circulating pertinent materials to small groups for comment. IV CONCLUSION This paper attempts to capture and refine a unified set of emerging functional requirements for medium grade messaging drawn from a variety of sources. Three types of features are identified: message exchange features, security features and content features. The message exchange features tend to address well known deficiencies in the existing state of the messaging industry. These tend to be the most complex features from an implementation standpoint, but represent well-understood concepts and technology. Security features address an already broad, and still growing, market segment. These tend to be more straightforward to implement, but are fraught with open standardization issues. The content features are more esoteric but provide excellent benefits to the user for generally low implementation costs. 2. ITU-T X.400 Series: Data Communication Networks: Handling Systems, ISO/IEC Series: Information Technology Handling Systems (MHS), ISO/IEC PDAM 4: Business Class 5. ISO/IEC PDAM 4: Business Class 6. ISO/IEC PDAM 4: Business Class 7. ISO/IEC PDAM 4: Business Class 8. Business Quality Messaging Functional Specification, Electronic Mail Association (EMA) Business Quality Messaging (BQM) Special Interest Group (SIG), November Defense Messaging System (DMS) Medium Grade Messaging Strategy, Defense Information Systems Agency (DISA), 7 August 1998 (DRAFT). 10. Protocols Profile for Department of Defense Medium Assurance Messaging, Mitre Corp., Revision 2.0, January CCITT X.411:1988: Data Communication Networks: Handling Systems: Transfer System: Abstract Service Definition And Procedures, The various medium grade development efforts exhibit a strong correlation of both objectives and outcome. Yet none of these activities appears to have gained a strong beachhead in the commercial products arena. This suggests that efforts should be made to harmonize the various definitions of medium grade messaging for the purpose of promoting a larger, more lucrative market for developers. V REFERENCES 1. ACP 123: Common Messaging Strategy and Procedures, November Page 6
THE SECURITY ISSUE. Chris J Mitchell
THE SECURITY ISSUE Chris J Mitchell Foreword This paper is not intended to be a complete overview of its subject area. It is being prepared as a written accompaniment to a talk to be given at the Value
More informationCryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 0 Reader s s Guide The art of war teaches us to rely
More informationAdvanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech
Advanced Topics in Distributed Systems Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech Security Introduction Based on Ch1, Cryptography and Network Security 4 th Ed Security Dr. Ayman Abdel-Hamid,
More informationChap. 1: Introduction
Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed
More informationDefense Message System Messaging, Directory Services, and Security Services
Defense Message System Messaging, Directory Services, and Security Services Abstract Wayne DeLoria, DMS Integration Manager, DISA, D24 Alex Sharpe, Susan May, and Chris Bonatti, Booz Allen & Hamilton Inc.
More informationCryptography and Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Shinu Mathew John http://shinu.info/ Chapter 1 Introduction http://shinu.info/ 2 Background Information Security requirements
More informationCommon Security Protocol (CSP) ACP 120. June 1998
Common Security Protocol (CSP) ACP 120 June 1998 UNCLASSIFIED I ORIGINAL (Reverse Blank) Foreword 1. ACP120, COMMON SECURITY PROTOCOL, is an UNCLASSIFIED publication. Periodic accounting is not required.
More informationSERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security
International Telecommunication Union ITU-T Y.2740 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (01/2011) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS
More informationInformation System Security
Information System Security Chapter 1:Introduction Dr. Lo ai Tawalbeh Faculty of Information system and Technology, The Arab Academy for Banking and Financial Sciences. Jordan Chapter 1 Introduction The
More informationLecture II : Communication Security Services
Lecture II : Communication Security Services Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 What is Communication
More informationCryptography and Network Security Chapter 1
Cryptography and Network Security Chapter 1 Acknowledgments Lecture slides are based on the slides created by Lawrie Brown Chapter 1 Introduction The art of war teaches us to rely not on the likelihood
More informationIY2760/CS3760: Part 6. IY2760: Part 6
IY2760/CS3760: Part 6 In this part of the course we give a general introduction to network security. We introduce widely used security-specific concepts and terminology. This discussion is based primarily
More informationTHE SECURITY ARCHITECTURE OF THE SECURE MOBILE MESSAGING DEMONSTRATOR
THE SECURITY ARCHITECTURE OF THE SECURE MOBILE MESSAGING DEMONSTRATOR Chris Mitchell, Dave Rush and Michael Walker Issue c2 13th April 1988 1. INTRODUCTION Locator is part of the Mobile Information Systems
More informationHP PROTECTTOOLS EMAIL RELEASE MANAGER
HP PROTECTTOOLS EMAIL RELEASE MANAGER Business white paper HP ProtectTools Email Release Manager provides enhancements to the Microsoft Exchange and Outlook clients. HP has developed HP ProtectTools Email
More informationTable: Security Services (X.800)
SECURIT SERVICES X.800 defines a security service as a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers. Also the
More informationElectronic Data Interchange (EDI) Messaging Security
Essay 18 Electronic Data Interchange (EDI) Messaging Security Ted Humphreys The modern economy and the future wealth and prosperity of industry and commerce rely increasingly on the exchange of data and
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationHP ProtectTools Email Release Manager
HP ProtectTools Email Release Manager White Paper Introduction... 2 User Interface... 3 Configuration... 3 Message Properties... 3 Message Classification Prompt... 3 Labels... 5 Destinations... 5 Users...
More informationNETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia
NETWORK SECURITY Farooq Ashraf Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia O u t l i n e o f t h e P r e s e n t a t i o n What is Security
More informationCOM 17 LS 05 E. English only Original: English TELECOMMUNICATION STANDARDIZATION SECTOR. Question(s): 9/17
Question(s): 9/17 INTERNATIONAL TELECOMMUNICATION UNION TELECOMMUNICATION STANDARDIZATION SECTOR STUDY PERIOD 2005-2008 LIAISON STATEMENT Source: Q.9/17 Rapporteur Group (Tokyo, 15-17 November 2004) Title:
More informationCHAPTER THREE, Network Services Management Framework
CHAPTER THREE, Acronyms and Terms 3-3 List of Figures 3-4 1 Introduction 3-5 2 Architecture 3-6 2.1 Entity Identification & Addressing 3-7 2.2 Management Domain Registration and Information Service 3-7
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More informationINTERNATIONAL TELECOMMUNICATION UNION
INTERNATIONAL TELECOMMUNICATION UNION ITU-T Y.2902 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Amendment 4 (11/2008) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION
More informationMANAGEMENT OF SECURE SYSTEMS AND SECURITY WITHIN OSI 1
MANAGEMENT OF SECURE SYSTEMS AND SECURITY WITHIN OSI 1 Chris J. Mitchell Computer Science Department Royal Holloway and Bedford New College University of London Egham Hill Egham Surrey TW20 0EX England
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationCOSC 472 Network Security
COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html
More informationE-mail Management: A Guide For Harvard Administrators
E-mail Management: A Guide For Harvard Administrators E-mail is information transmitted or exchanged between a sender and a recipient by way of a system of connected computers. Although e-mail is considered
More informationWildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks
WildFire Reporting When malware is discovered on your network, it is important to take quick action to prevent spread of the malware to other systems. To ensure immediate alerts to malware discovered on
More informationIntegration Using the MultiSpeak Specification
Integration Using the MultiSpeak Specification By: Gary A. McNaughton, Cornice Engineering, Inc. and Robert Saint, National Rural Electric Cooperative Association Introduction Over the years many different
More informationNetwork Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶
Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course
More informationINTERNATIONAL TELECOMMUNICATION UNION DATA COMMUNICATION NETWORKS: OPEN SYSTEMS INTERCONNECTION (OSI); SECURITY, STRUCTURE AND APPLICATIONS
INTERNATIONAL TELECOMMUNICATION UNION CCITT X.800 THE INTERNATIONAL TELEGRAPH AND TELEPHONE CONSULTATIVE COMMITTEE DATA COMMUNICATION NETWORKS: OPEN SYSTEMS INTERCONNECTION (OSI); SECURITY, STRUCTURE AND
More informationSecuring Distribution Automation
Securing Distribution Automation Jacques Benoit, Cooper Power Systems Serge Gagnon, Hydro-Québec Luc Tétreault, Hydro-Québec Western Power Delivery Automation Conference Spokane, Washington April 2010
More informationPart 2: ICT security standards and guidance documents
Part 2: ICT security standards and guidance documents Version 3.0 April, 2007 Introduction The purpose of this part of the Security Standards Roadmap is to provide a summary of existing, approved ICT security
More informationRHODE ISLAND. Electronic Business Transactions (EBT) Standards. for Electronic Data Interchange (EDI) in a Restructured Electric Industry
RHODE ISLAND Electronic Business Transactions (EBT) Standards for Electronic Data Interchange (EDI) in a Restructured Electric Industry PREPARED BY: THE NARRAGANSETT ELECTRIC COMPANY AUGUST 1999 TABLE
More informationTHREATS AND VULNERABILITIES FOR C 4 I IN COMMERCIAL TELECOMMUNICATIONS: A PARADIGM FOR MITIGATION
THREATS AND VULNERABILITIES FOR C 4 I IN COMMERCIAL TELECOMMUNICATIONS: A PARADIGM FOR MITIGATION Joan Fowler and Robert C. Seate III Data Systems Analysts, Inc. 10400 Eaton Place, Suite 400 Fairfax, VA
More informationBuilding on a Foundation for Growth: Integrating DLP with Message Security Infrastructure
Building on a Foundation for Growth: Integrating DLP with Message Security Infrastructure An ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) White Paper Prepared for RSA, The Security Division of EMC April 2010
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More informationWhy you need secure email
Why you need secure email WHITE PAPER CONTENTS 1. Executive summary 2. How email works 3. Security threats to your email communications 4. Symmetric and asymmetric encryption 5. Securing your email with
More informationDraft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications
Draft ITU-T Recommendation X.805 (Formerly X.css), architecture for systems providing end-to-end communications Summary This Recommendation defines the general security-related architectural elements that
More informationPineApp TM Mail Encryption Solution TM
PineApp TM Mail Encryption Solution TM How to keep your outgoing messages fully secured. October 2008 Modern day challenges in E-Mail Security Throughout the years, E-Mail has evolved significantly, emerging
More informationFTA Computer Security Workshop. Secure Email
FTA Computer Security Workshop Secure Email March 8, 2007 Stan Wiechert, KDOR IS Security Officer Outline of Presentation The Risks associated with Email Business Constraints Secure Email Features Some
More informationCiphire Mail. Abstract
Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the
More information544 Computer and Network Security
544 Computer and Network Security Section 1: Introduction Dr. E.C. Kulasekere Sri Lanka Institute of Information Technology - 2005 Background Information Security requirements have changed in recent times
More information3GPP TS 32.372 V8.0.0 (2008-12)
TS 32.372 V8.0.0 (2008-12) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Telecommunication management; Security services for Integration
More informationResearch Involving Human Biological Materials: Ethical Issues and Policy Guidance Executive Summary
Research Involving Human Biological Materials: Ethical Issues and Policy Guidance Executive Summary Introduction Biomedical researchers have long studied human biological materials such as cells collected
More informationSPAM FILTER Service Data Sheet
Content 1 Spam detection problem 1.1 What is spam? 1.2 How is spam detected? 2 Infomail 3 EveryCloud Spam Filter features 3.1 Cloud architecture 3.2 Incoming email traffic protection 3.2.1 Mail traffic
More informationHow To Choose Security Class S0 For An Extended Ats Message Service
ATNP/WG3 WP/15-38 17/01/99 AERONAUTICAL TELECOMMUNICATIONS NETWORK PANEL(ATNP) WORKING GROUP 3 - APPLICATIONS AND UPPER LAYERS Honolulu, 19-22 January 1999 (fifteenth meeting) Agenda Item 5.4 : Ground-Ground
More informationIdentity Management Initiatives in identity management and emerging standards Presented to Fondazione Ugo Bordoni Rome, Italy
Identity Management Initiatives in identity management and emerging standards Presented to Fondazione Ugo Bordoni Rome, Italy November 18, 2008 Teresa Schwarzhoff Computer Security Division Information
More informationINTERNATIONAL TELECOMMUNICATION UNION
INTERNATIONAL TELECOMMUNICATION UNION TELECOMMUNICATION STANDARDIZATION SECTOR STUDY PERIOD 2009-2012 English only Original: English Question(s): 4/17 Geneva, 11-20 February 2009 Ref. : TD 0244 Rev.2 Source:
More informationElectronic business conditions of use
Electronic business conditions of use This document provides Water Corporation s Electronic Business Conditions of Use. These are to be applied to all applications, which are developed for external users
More informationVendor Questionnaire
Instructions: This questionnaire was developed to assess the vendor s information security practices and standards. Please complete this form as completely as possible, answering yes or no, and explaining
More informationKeeping SCADA Networks Open and Secure DNP3 Security
Keeping SCADA Networks Open and Secure DNP3 Security June 2008 DNP3 Protocol DNP3 protocol has become widely accepted within water and electrical utilities worldwide for SCADA communications with field
More informationGuidelines 1 on Information Technology Security
Guidelines 1 on Information Technology Security Introduction The State Bank of Pakistan recognizes that financial industry is built around the sanctity of the financial transactions. Owing to the critical
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationQuality Procedures and Work Instructions Manual
Quality Procedures and Work Instructions Manual Revision Number: (1) ISSUED TO: MANUAL NO: REVISION NO: ISSUE DATE: President Date 1 ii. Table of Contents 1 of 4 0 Section Number Name Revision Date i.
More informationSERVICE LEVEL AGREEMENT
SERVICE LEVEL AGREEMENT This Service Level Agreement (SLA) is provided by ECS and is intended to define services and responsibilities between ECS and customer. ECS along with contracted 3 rd party partners
More informationONLINE INTEREST-BASED ADVERTISING ACCOUNTABILITY PROGRAM PROCEDURES. Policy Oversight By: The National Advertising Review Council (NARC)
ONLINE INTEREST-BASED ADVERTISING ACCOUNTABILITY PROGRAM PROCEDURES Policy Oversight By: The National Advertising Review Council (NARC) Administered By: The Council of Better Business Bureaus, Inc. (CBBB)
More informationData Storage Security in Cloud Computing
Data Storage Security in Cloud Computing Prashant M. Patil Asst. Professor. ASM s, Institute of Management & Computer Studies (IMCOST), Thane (w), India E_mail: prashantpatil11@rediffmail.com ABSTRACT
More informationTELECOMMUNICATION SERVICE MANAGEMENT
CITR TECHNICAL JOURNAL VOLUME 1 1 TELECOMMUNICATION SERVICE MANAGEMENT QINZHENG KONG, GRAHAM CHEN, AND GLENN HOLLIMAN Abstract The development of standard platform approaches to the management of telecommunication
More informationEnrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 --------------
w Microsoft Volume Licensing Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 Enrollment for Education Solutions number Microsoft to complete --------------
More informationReference Guide for Security in Networks
Reference Guide for Security in Networks This reference guide is provided to aid in understanding security concepts and their application in various network architectures. It should not be used as a template
More informationCPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS
CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS MARCH 2011 Acknowledgements This Viewpoint is based upon the Recommended Practice: Configuring and Managing Remote Access
More informationMicrosoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10
Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID This Microsoft Online Services Security Amendment ( Amendment ) is between
More informationContent-Centric Networking Applications For Medical Devices and Healthcare Management Systems
Content-Centric Networking Applications For Medical Devices and Healthcare Management Systems DISCUSSION DOCUMENT JULY 2012. PARC, 3333 Coyote Hill Road, Palo Alto, California 94304 USA +1 650 812 4000
More information82-03-10 Development and Implementation of Security Standards John P. Hopkinson Payoff
82-03-10 Development and Implementation of Security Standards John P. Hopkinson Payoff This article describes the groups involved in the process of developing standards for information security. The method
More informationCSCI 4541/6541: NETWORK SECURITY
1 CSCI 4541/6541: NETWORK SECURITY COURSE INFO CSci 4541/6541 Tuesdays 6:10pm 8:40pm Bell Hall 108 Office Hours: Tuesdays 2:30pm 4:30pm Dr. Nan Zhang Office: SEH 4590 Phone: (202) 994-5919 Email: nzhang10
More informationChapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory
There are actually two distinct aspects to the use of public-key encryption in this regard: The distribution of public keys. The use of public-key encryption to distribute secret keys. 9.1 Distribution
More informationGE Measurement & Control. Cyber Security for NEI 08-09
GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4
More informationHow To Block Ndr Spam
How to block NDR spam Spam generates an enormous amount of traffic that is both time-consuming to handle and resource intensive. Apart from that, a large number of organizations have been victims of NDR
More informationSnow Agent System Pilot Deployment version
Pilot Deployment version Security policy Revision: 1.0 Authors: Per Atle Bakkevoll, Johan Gustav Bellika, Lars, Taridzo Chomutare Page 1 of 8 Date of issue 03.07.2009 Revision history: Issue Details Who
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationDocument DRM: Replacing Encryption as the Standard for Document Protection
Document DRM: Replacing Encryption as the Standard for Document Protection Keywords DRM, Encryption, PGP, IRM, Enterprise Rights Management Summary DRM Is presented as a superior replacement for encryption
More informationEmail Management and Security Good Practice Guide. August 2009
Email Management and Security Good Practice Guide August 2009 contents 1 Introduction to Good Practice Guides 3 2 Email Management and Security Overview 3 2.1 Understanding Good and Better Practice 4 3
More informationThe DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions
The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More information7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.
Content 1.Introduction to Data and Network Security. 2. Why secure your Network 3. How Much security do you need, 4. Communication of network systems, 5. Topology security, 6. Cryptosystems and Symmetric
More informationThe Wang DMS/DII High Assurance Guard. PRODUCT PLAN (Draft)
The Wang DMS/DII High Assurance Guard PRODUCT PLAN (Draft) TS-300 and SAGE are trademarks of Wang Government Services, Inc. NEOR and MESSAGEWARE are trademarks of NEOR Limited. D500 OpenDirectory is a
More informationOhio Supercomputer Center
Ohio Supercomputer Center Security Education and Awareness No: Effective: OSC-6 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationCryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationCertification Practice Statement
FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification
More informationCloud Services. Email Anti-Spam. Admin Guide
Cloud Services Email Anti-Spam Admin Guide 10/23/2014 CONTENTS Introduction to Anti- Spam... 4 About Anti- Spam... 4 Locating the Anti- Spam Pages in the Portal... 5 Anti- Spam Best Practice Settings...
More informationIndustry. Cyber Security. Information Sharing at the Technical Level. Guidelines
NATO Communications and Information Agency (NCI Agency) - Industry Cyber Security Information Sharing at the Technical Level Guidelines Effective date: 28 March 2014 Revision No: Rev 1 Change History Revision
More informationThe Business Benefits of Logging
WHITEPAPER The Business Benefits of Logging Copyright 2000-2011 BalaBit IT Security All rights reserved. www.balabit.com 1 Table of Content Introduction 3 The Business Benefits of Logging 4 Security as
More informationSecure web transactions system
Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends
More informationASIA/PAC AERONAUTICAL TELECOMMUNICATION NETWORK SECURITY GUIDANCE DOCUMENT
INTERNATIONAL CIVIL AVIATION ORGANIZATION ASIA AND PACIFIC OFFICE ASIA/PAC AERONAUTICAL TELECOMMUNICATION NETWORK SECURITY GUIDANCE DOCUMENT DRAFT Second Edition June 2010 3.4H - 1 TABLE OF CONTENTS 1.
More informationSECTION 1: INTRODUCTION
3117 NETWORK ARCHITECTURE STANDARD OWNER: Security Management Branch ISSUE DATE: 10/25/2011 DISTRIBUTION: All Employees REVISED DATE: 7/1/2013 SECTION 1: INTRODUCTION The California Department of Technology
More informationSummary of CIP Version 5 Standards
Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have
More information2007-03-23. Meetings where appropriate a TC/SC chairman should remind participants of the above at each meeting
Administrative Circular AC/10/2007 2007-03-23 TO ALL NATIONAL COMMITTEES TO TECHNICAL COMMITTEES AND SUBCOMMITTEES Dear Sir/Madam, New Common IEC, ISO, ITU Patent Rights Policy Following approval by the
More informationVICTOR VALLEY COMMUNITY COLLEGE DISTRICT ADMINISTRATIVE PROCEDURE. Computer Use - Computer and Electronic Communication Systems.
VICTOR VALLEY COMMUNITY COLLEGE DISTRICT ADMINISTRATIVE PROCEDURE GENERAL INSTITUTION Chapter 3 Computer Use - Computer and Electronic Communication Systems AP 3720(a) Contents 1.0 Introduction...1 2.0
More informationManaged Hosting & Datacentre PCI DSS v2.0 Obligations
Any physical access to devices or data held in an Melbourne datacentre that houses a customer s cardholder data must be controlled and restricted only to approved individuals. PCI DSS Requirements Version
More informationNetwork Security. Network Security Hierarchy. CISCO Security Curriculum
Network Security Network Security Hierarchy Material elaborat dupa: CISCO Security Curriculum Kenny Paterson s Lectures for: M.Sc. in Information Security, Royal Holloway, University of London 1 Objectives
More informationTestimony of. Patrick Heim. Chief Information Security Officer. on behalf of the. Kaiser Permanente Medical Care Program
Testimony of Patrick Heim Chief Information Security Officer on behalf of the Kaiser Permanente Medical Care Program Clinical Operations Workgroup Medical Device Hearing March 28, 2011 1 Good afternoon
More informationSite to Site Virtual Private Networks (VPNs):
Site to Site Virtual Private Networks Programme NPFIT DOCUMENT RECORD ID KEY Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0002.01 Prog. Director Mark Ferrar Owner Tim Davis Version 1.0
More informationNotes on Network Security - Introduction
Notes on Network Security - Introduction Security comes in all shapes and sizes, ranging from problems with software on a computer, to the integrity of messages and emails being sent on the Internet. Network
More informationIn-Network Translation User s Guide
GXS EDI Services In-Network Translation User s Guide GC34-3282-02 Third Edition (November 2005) This book replaces GC34-3282-01. Copyright GXS, Inc. 1998, 2005. All rights reserved. Government Users Restricted
More informationINTERNATIONAL TELECOMMUNICATION UNION $!4! #/--5.)#!4)/..%47/2+3 /0%. 3934%-3 ).4%2#/..%#4)/. /3) 3%#52)49 3425#452%!.$!00,)#!4)/.
INTERNATIONAL TELECOMMUNICATION UNION ##)44 8 THE INTERNATIONAL TELEGRAPH AND TELEPHONE CONSULTATIVE COMMITTEE $!4! #/--5.)#!4)/..%47/2+3 /0%. 3934%-3 ).4%2#/..%#4)/. /3) 3%#52)49 3425#452%!.$!00,)#!4)/.3
More information