CGHub Client Security Guide Documentation
|
|
- Linette Watts
- 8 years ago
- Views:
Transcription
1 CGHub Client Security Guide Documentation Release 3.1 University of California, Santa Cruz April 16, 2014
2 CONTENTS 1 Abstract 1 2 GeneTorrent: a secure, client/server BitTorrent GeneTorrent protocols Secure installation and use of the CGHub client Firewall configuration Secondary security mechanisms Managing CGHub user authentication Network resource utilization Frequently Asked Questions Why BitTorrent? Interaction with generic BitTorrent servers Bibliography 8 i
3 CHAPTER ONE ABSTRACT This document is intended to address local security concerns regarding the use of Cancer Genomic Hub s client software GeneTorrent. GeneTorrent s use of this TCP/IP based protocol, provides the benefit of a mature and efficient parallel file transfer protocol which replaces distributed peer-to-peer topology with restricted client-authenticated client/server communication, to implement secure transfers. CGHub clients communicate only with CGHub over client-authenticated SSL. The recommended client-side firewall configuration is described. 1
4 CHAPTER TWO GENETORRENT: A SECURE, CLIENT/SERVER BITTORRENT GeneTorrent uses the BitTorrent protocol [1], which is a highly efficient, mature, robust TCP/IP protocol for parallel file transfer. While the original design goal of BitTorrent is to support distributed peer-topeer (P2P) file transfer applications, GeneTorrent uses BitTorrent protocol in a more restricted client-server configuration. Instead of using distributed, unauthenticated volunteer seed node servers, all of the seed node servers are provided by CGHub at the San Diego Supercomputer Center. GeneTorrent clients do not publicly advertise or seed, they communicate only with servers provided by CGHub. Unlike P2P BitTorrent clients, GeneTorrent uses client-authenticated SSL connections to implement secure transfers. The figure below contrasts the GeneTorrent client-server model with peer-to-peer applications. firewall CGHub firewalls (a) BitTorrent peer-to-peer (b) GeneTorrent client-server Figure 2.1: Comparison of peer-to-peer and GeneTorrent network architectures. In (a), a peer-to-peer application has no central server, with all nodes being able to talk directly to any other node using the BitTorrent protocol. With GeneTorrent (b), BitTorrent file transfers are sent over parallel, SSL encrypted TCP connections directly between clients and the CGHub servers. 2.1 GeneTorrent protocols GeneTorrent uses three underlying protocols to implement both uploads and downloads: CGHub Web Services API queries via HTTPS to access the metadata. 2
5 CGHub Client Security Guide Documentation, Release 3.1 CGHub Transactor queries using the BitTorrent Tracker protocol via HTTPS. This is used to direct the client to the CGHub applications servers for parallel transfers Multiple, client-authenticated, SSL encrypted BitTorrent sockets that transfer the data files. To do a transfer, a client is authenticated as a valid NIH era/commons user and then authorized for the particular data set (TCGA, TARGET, etc) and action (upload or download). GeneTorrent communication is built on the OpenSSL library, which implements the Secure Sockets Layer (SSL v3) and Transport Layer Security (TLS v1) protocols [2]. CGHub encrypts the data with AES-256 [8] [4] and uses 2048-bit RSA keys that are encrypted with the sha1withrsaencryption algorithm [3] GeneTorrent protocols 3
6 CHAPTER THREE SECURE INSTALLATION AND USE OF THE CGHUB CLIENT This section covers best practices on configuring your network and system to allow GeneTorrent in a manner that does not compromise security. The secure use of the CGHub client is tied to the security requirements for using NCI limited access NCI data, as described in the dbgap Security Best Practices [6] document. 3.1 Firewall configuration CGHub clients require the following firewall configuration: Open up the firewall for only outgoing TCP connections to CGHub. Incoming connections are not required. We recommend allowing access to the full CGHub network: Host IP Address Protocol Ports *.cghub.ucsc.edu /24 TCP 443, , This provides a simple configuration and prevents problems as CGHub adds more servers to accommodate growing capacity. It is possible to use a more restrictive IP address range. Host IP Address Protocol Ports cghub.ucsc.edu TCP 443 tracker.cghub.ucsc.edu TCP app01.cghub.ucsc.edu TCP app02.cghub.ucsc.edu TCP app16.cghub.ucsc.edu TCP If the number of systems accessing CGHub is limited, configure firewalls to allow traffic to CGHub from only those systems. White list the CGHub servers to not perform intrusion prevention deep packet inspection (DPI), as it will slow down transfers and is not useful for SSL encrypted connections. 3.2 Secondary security mechanisms Since GeneTorrent runs as an unprivileged program, it is not possible for the client to enforce security. All CGHub security is enforced at the server. Client system network security, as with all networked applications, 4
7 CGHub Client Security Guide Documentation, Release 3.1 is enforced using firewalls. While a firewall should always be the first line of defense against disallowed network use, we recognize that restricted systems are often important to organizations as a secondary or internal security mechanism. We will work with institutions that desire locked down systems to provide optional, compile-time restrictions in GeneTorrent that meet their needs. These changes will be incorporated into the standard code base. If multiple institutions require the same set of restrictions, we will provide binary distributions of GeneTorrent that meet their needs. 3.3 Managing CGHub user authentication Users are authenticated with CGHub using their era/commons account [7]. Logging into era/commons via CGHub creates and downloads a CGHub credential associated with the user. The credential file contains a cryptographically encoded key which when decoded identifies the user to CGHub; the file has a.key extension. The CGHub credential is valid for 365 days, at which point a new credential must be created using the CGHub login facility. By having the authentication process create this certificate, operations against CGHub can be scripted without requiring a P.I. to reveal their era password. The CGHub credential should be protected with the same rigor as the data it allows you to access. If should not be stored in a public directory on your system. If you feel the security of your CGHub credential may have been compromised, please contact CGHub Support support@cghub.ucsc.edu to have it revoked. 3.4 Network resource utilization GeneTorrent is a highly efficient protocol. It is possible to have a download consuming a large portion of a network s bandwidth. This can be address by using the --rate-limit option to control the transfer rate of a GeneTorrent instance Managing CGHub user authentication 5
8 CHAPTER FOUR FREQUENTLY ASKED QUESTIONS 4.1 Why BitTorrent? Q: Why did you use a product that uses BitTorrent protocol? Although it is used in a secure, client-server configuration, why set off all those red flags around torrents? A: Various parallel software transfer packages were considered, both commercial and open source. BitTorrent was chosen for the following reasons: BitTorrent is a mature, widely used protocol with several high-quality, free implementations available, along with associated tools to assist in debugging and analyzing behavior and traffic. It is a connection oriented transfer protocol, which integrates well with the SSL security model. BitTorrent is horizontally scalable across multiple systems on both the server and the client. To take advantage of gigabit networks, the entire system must be balanced to match the transfer rate of the network. Without redundant disk subsystems, disk I/O will be a bottleneck. BitTorrent allows us to parallelize transfers across multiple server systems with independent I/O subsystem. Currently the GeneTorrent client is restricted to multiple threads on a single system. However, the architecture allows for distributing downloads and uploads across multiple client systems. The random, block-orient nature of the BitTorrent protocol provides an ideal platform for implementing random, remote access to BAM files. This is a very important feature planned for CGHub that will allow an application to access BAM data for to small portions of the genome without download the full BAM. The GeneTorrent BitTorrent over SSL conforms to the OSI security model [5]. We believe that using a well mature, well-understood protocol provides a better foundation for a secure system than using a proprietary protocol. Our use of BitTorrent designed to take advantage of its performance advantages without supporting unauthorized and unintended transfers. The choice of a TCP-based protocol over UDP enables use of TCP s mature congestion avoidance algorithms. The ability to prevent network congestion is important for transfers over wide, diverse networks. 6
9 CGHub Client Security Guide Documentation, Release Interaction with generic BitTorrent servers Q: Other than by use of a firewall or other network-level security that only permits connections to CGHub IP addresses, is GeneTorrent in client capable of exchanging files from other BitTorrent servers? For example, could it connect to other BitTorrent servers running inside my network? Or could it connect to BitTorrent servers anywhere if my firewall is relatively permissive to outbound connections? A: Due to the additional, non-bittorrent, protocol steps used by GeneTorrent when initiating a transfer, GeneTorrent will not connect with standard BitTorrent programs. It would take non-trivial modifications to the GeneTorrent code to enable it to communicate with standard BitTorrent clients. It should be noted that there are freely available and easy to install standard BitTorrent clients that could be run in an environment within a permissive firewall. The design of modern computer systems places network security enforcement at the firewall level. The NCI data use agreements require sites to follow the dbgap Security Best Practices [6] guidelines for secure the network where GeneTorrent is used to download limited access NCI data Interaction with generic BitTorrent servers 7
10 BIBLIOGRAPHY [1] B. Cohen. The BitTorrent Protocol Specification Version February [2] T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol, Version 1.2. August [3] B. Kaliski and J. Staddon. PKCS #1: RSA Cryptography Specifications (RFC 2437). October [4] Arjen Lenstra. Unbelievable Security: Matching AES Security Using Public Key Systems. In Colin Boyd, editor, Advances in Cryptology - ASIACRYPT 2001, volume 2248 of Lecture Notes in Computer Science, pages Springer Berlin / Heidelberg, [5] Unknown. ISO :1989: Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture [6] Unknown. dbgap Best Practices Requirements: Security Best Practices - Level 2b [7] Unknown. era: Electronic Research Administration [8] National Institute of Standards and Technology. Federal Information Processing Standards Publication 197: Announcing the Advanced Encryption Standard (AES). November
From Centralization to Distribution: A Comparison of File Sharing Protocols
From Centralization to Distribution: A Comparison of File Sharing Protocols Xu Wang, Teng Long and Alan Sussman Department of Computer Science, University of Maryland, College Park, MD, 20742 August, 2015
More informationGuidance Regarding Skype and Other P2P VoIP Solutions
Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationSpreed Keeps Online Meetings Secure. Online meeting controls and security mechanism. www.spreed.com
Spreed Keeps Online Meetings Secure Online meeting controls and security mechanism www.spreed.com Spreed Online Meeting is protected by the most advanced security features. Rest assured that your meetings
More informationSecurity Policy Revision Date: 23 April 2009
Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure
More informationBit Chat: A Peer-to-Peer Instant Messenger
Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationWhite Paper. BD Assurity Linc Software Security. Overview
Contents 1 Overview 2 System Architecture 3 Network Settings 4 Security Configurations 5 Data Privacy and Security Measures 6 Security Recommendations Overview This white paper provides information about
More informationPotential Targets - Field Devices
Potential Targets - Field Devices Motorola Field Devices: Remote Terminal Units ACE 3600 Front End Devices ACE IP Gateway ACE Field Interface Unit (ACE FIU) 2 Credential Cracking Repeated attempts to
More informationWhat is Firewall? A system designed to prevent unauthorized access to or from a private network.
What is Firewall? A system designed to prevent unauthorized access to or from a private network. What is Firewall? (cont d) Firewall is a set of related programs, located at a network gateway server. Firewalls
More informationBenefits of Network Level Security at the RTU Level. By: Kevin Finnan and Philippe Willems
By: Kevin Finnan and Philippe Willems Introduction New security capabilities at the remote terminal unit (RTU) level are substantially easing implementation of cyber security measures in SCADA systems.
More informationBridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability
Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability Overview... 3 Installing Bridgit Software... 4 Installing Bridgit Software Services... 4 Creating a Server Cluster... 4 Using
More informationA Reliable and Fast Data Transfer for Grid Systems Using a Dynamic Firewall Configuration
A Reliable and Fast Data Transfer for Grid Systems Using a Dynamic Firewall Configuration Thomas Oistrez Research Centre Juelich Juelich Supercomputing Centre August 21, 2008 1 / 16 Overview 1 UNICORE
More informationSteelcape Product Overview and Functional Description
Steelcape Product Overview and Functional Description TABLE OF CONTENTS 1. General Overview 2. Applications/Uses 3. Key Features 4. Steelcape Components 5. Operations Overview: Typical Communications Session
More informationSecure Use of the New NHS Network (N3): Good Practice Guidelines
Programme NPFIT Document Record ID Key Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0003.01 Prog. Director Mark Ferrar Status Approved Owner Tim Davis Version 1.0 Author Phil Benn Version
More informationSkype characteristics
Advanced Networking Skype Renato Lo Cigno Credits for part of the original material to Saverio Niccolini NEC Heidelberg Skype characteristics Skype is a well known P2P program for real time communications
More informationBeamYourScreen Security
BeamYourScreen Security Table of Contents BeamYourScreen Security... 1 The Most Important Facts in a Nutshell... 3 Content Security... 3 User Interface Security... 3 Infrastructure Security... 3 In Detail...
More informationSecurity Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2
BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution
More informationFig. 4.2.1: Packet Filtering
4.2 Types of Firewalls /DKo98/ FIREWALL CHARACTERISTICS 1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the
More informationMIKOGO SECURITY DOCUMENT
MIKOGO SECURITY DOCUMENT Table of Contents Page 2. 6. 6. The Most Important Facts in a Nutshell In Detail Application Firewall Compatibility Quality Management: ISO 9001 Certification Data Compression
More informationData Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment
White Paper Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment Cisco Connected Analytics for Network Deployment (CAND) is Cisco hosted, subscription-based
More informationLogMeIn Rescue Architecture
LogMeIn Rescue Architecture A technical overview of Rescue s architecture. Introduction...1 Data Confidentiality...2 Key Agreement...3 Message Exchange...3 Authentication and Authorization...4 Auditing
More informationLogMeIn Rescue Architecture
A technical overview of s architecture. This paper provides a technical overview of the architecture behind LogMeIn. 1 Introduction 2 Data Confidentiality 3 Authentication 4 Key Agreement 5 Message Exchange
More informationRevShield Software Suite Network Security Review
Summary This document is aimed at professional network administrators. The information in this document is of a rather technical nature and very detailed. Based on this information, IT professionals can
More informationENABLING DATA TRANSFER MANAGEMENT AND SHARING IN THE ERA OF GENOMIC MEDICINE. October 2013
ENABLING DATA TRANSFER MANAGEMENT AND SHARING IN THE ERA OF GENOMIC MEDICINE October 2013 Introduction As sequencing technologies continue to evolve and genomic data makes its way into clinical use and
More informationDeployment Scenarios
Deployment Scenarios Sun Cobalt Summary The Sun Cobalt is a network-based appliance for managing a large number of remote servers and for deploying services to these servers. A control station is deployed
More informationLBSEC. http://www.liveboxcloud.com
2014 LBSEC http://www.liveboxcloud.com LiveBox Srl does not release declarations or guarantee regarding this documentation and its use and declines any expressed or implied commercial or suitability guarantee
More informationArchitecture Guidelines Application Security
Executive Summary These guidelines describe best practice for application security for 2 or 3 tier web-based applications. It covers the use of common security mechanisms including Authentication, Authorisation
More informationNetwork Configuration Settings
Network Configuration Settings Many small businesses already have an existing firewall device for their local network when they purchase Microsoft Windows Small Business Server 2003. Often, these devices
More informationWhitepaper : Using Unsniff Network Analyzer to analyze SSL / TLS
Whitepaper : Using Unsniff Network Analyzer to analyze SSL / TLS A number of applications today use SSL and TLS as a security layer. Unsniff allows authorized users to analyze these applications by decrypting
More informationSecuring Ship-to-Shore Data Flow
Securing Ship-to-Shore Data Flow Background on Common File Transfer Methods Today corporations, government entities, and other organizations rely on Electronic File Transfers as an important part of their
More informationMIGRATIONWIZ SECURITY OVERVIEW
MIGRATIONWIZ SECURITY OVERVIEW Table of Contents Introduction... 2 Shared Security Approach... 2 Customer Best Practices... 2 Application Security... 4 Database Level Security... 4 Network Security...
More informationQuestion Name C 1.1 Do all users and administrators have a unique ID and password? Yes
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationReadyNAS Remote White Paper. NETGEAR May 2010
ReadyNAS Remote White Paper NETGEAR May 2010 Table of Contents Overview... 3 Architecture... 3 Security... 4 Remote Firewall... 5 Performance... 5 Overview ReadyNAS Remote is a software application that
More informationUNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1
UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1 As organizations unlock the true potential of meeting over the web as an alternative to costly and timeconsuming travel,
More informationUSER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity
USER GUIDE Lightweight Directory Access Protocol () Schoolwires Centricity TABLE OF CONTENTS Introduction... 1 Audience and Objectives... 1 Overview... 1 Servers Supported by Centricity... 1 Benefits of
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationConfiguring Security Features of Session Recording
Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording
More informationNetwork Security Essentials Chapter 5
Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got
More informationIP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw
IP Security IPSec, PPTP, OpenVPN Pawel Cieplinski, AkademiaWIFI.pl MUM Wroclaw Introduction www.akademiawifi.pl WCNG - Wireless Network Consulting Group We are group of experienced professionals. Our company
More informationHow To Connect To Bloomerg.Com With A Network Card From A Powerline To A Powerpoint Terminal On A Microsoft Powerbook (Powerline) On A Blackberry Or Ipnet (Powerbook) On An Ipnet Box On
Transport and Security Specification 15 July 2015 Version: 5.9 Contents Overview 3 Standard network requirements 3 Source and Destination Ports 3 Configuring the Connection Wizard 4 Private Bloomberg Network
More informationSpirent Abacus. SIP over TLS Test 编 号 版 本 修 改 时 间 说 明
Spirent Abacus SIP over TLS Test 编 号 版 本 修 改 时 间 说 明 1 1. TLS Interview (Transport Layer Security Protocol) (1) TLS Feature Introduction: 1. TLS is a successor of Secure Sockets Layer (SSL), a cryptographic
More informationEnterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere
Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere White Paper 7KH#&KDOOHQJH Virtual Private Networks (VPNs) provides a powerful means of protecting the privacy and integrity
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationChapter 8 Router and Network Management
Chapter 8 Router and Network Management This chapter describes how to use the network management features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. These features can be found by
More informationWHITE PAPER NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW
NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW INTRODUCTION As businesses adopt new technologies that touch or leverage critical company data, maintaining the highest level of security is their
More informationEMC Data Protection Search
EMC Data Protection Search Version 1.0 Security Configuration Guide 302-001-611 REV 01 Copyright 2014-2015 EMC Corporation. All rights reserved. Published in USA. Published April 20, 2015 EMC believes
More informationSecure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications. www.vidyo.com 1.866.99.VIDYO
TECHNICAL NOTE Secure VidyoConferencing SM Protecting your communications 2012 Vidyo, Inc. All rights reserved. Vidyo, VidyoTechnology, VidyoConferencing, VidyoLine, VidyoRouter, VidyoPortal,, VidyoRouter,
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationNetwork Defense Tools
Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds ravikantvanjara@gmail.com What is Firewall? A firewall
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationUnifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway
Unifying Information Security Implementing TLS on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 3 2 Understanding TLS... 4 3 Clearswift s Application of TLS... 5 3.1 Opportunistic TLS...
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationPowerChute TM Network Shutdown Security Features & Deployment
PowerChute TM Network Shutdown Security Features & Deployment By David Grehan, Sarah Jane Hannon ABSTRACT PowerChute TM Network Shutdown (PowerChute) software works in conjunction with the UPS Network
More informationR&S SITGate Next-Generation Firewall Secure access to Internet and cloud services
Secure Communications Product Brochure 02.00 R&S SITGate Next-Generation Firewall Secure access to Internet and cloud services R&S SITGate Next-Generation Firewall At a glance The R&S SITGate is a multifunctional,
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationE-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)
E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system
More informationQuick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at www.ccsoftware.ca!
Quick Start Guide Cerberus FTP is distributed in Canada through C&C Software. Visit us today at www.ccsoftware.ca! How to Setup a File Server with Cerberus FTP Server FTP and SSH SFTP are application protocols
More informationBlackRidge Technology Transport Access Control: Overview
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
More informationConsiderations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.
Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet
More informationLAB FORWARD. WITH PROService REMOTE SERVICE APPLICATION. Frequently Asked Questions
LAB FORWARD WITH PROService REMOTE SERVICE APPLICATION Frequently Asked Questions MORE WAYS TO INCREASE UPTIME AND IMPROVE PRODUCTIVITY. GENERAL INFORMATION Q: What is PROService? A: PROService is Beckman
More informationTLS and SRTP for Skype Connect. Technical Datasheet
TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security
More informationLAB FORWARD. WITH PROService RMS TECHNOLOGY, ARCHITECTURE AND SECURITY INFORMATION FOR IT PROFESSIONALS
LAB FORWARD WITH PROService RMS TECHNOLOGY, ARCHITECTURE AND SECURITY INFORMATION FOR IT PROFESSIONALS Medical diagnostics are a vital part of the modern healthcare system, and instrument uptime is critical
More informationMany network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.
RimApp RoadBLOCK goes beyond simple filtering! Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes. However, traditional
More informationWindows Remote Access
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
More informationEasy Setup Guide 1&1 CLOUD SERVER. Creating Backups. for Linux
Easy Setup Guide 1&1 CLOUD SERVER Creating Backups for Linux Legal notice 1&1 Internet Inc. 701 Lee Road, Suite 300 Chesterbrook, PA 19087 USA www.1and1.com info@1and1.com August 2015 Copyright 2015 1&1
More informationWhat is a SSL VPN and How Does it Work?
Acceleration of Data through SSL Virtual Private Networks Rob Jansen University of Minnesota, Morris 600 East Fourth Street Morris, MN 56267 (123) 456-7890 jans0184@morris.umn.edu ABSTRACT A Virtual Private
More informationIntrusion Detection Systems
Intrusion Detection Systems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/
More informationSecurity Policy. Security Policy. www.clickmeeting.com
Security Policy www.clickmeeting.com 1 Introduction ClickMeeting is a worldwide, solid and easy to use SaaS platform. It s core was constructed with the hi-end technology. Data security the highest priority
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationGlobalSCAPE DMZ Gateway, v1. User Guide
GlobalSCAPE DMZ Gateway, v1 User Guide GlobalSCAPE, Inc. (GSB) Address: 4500 Lockhill-Selma Road, Suite 150 San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical
More informationΕΠΛ 674: Εργαστήριο 5 Firewalls
ΕΠΛ 674: Εργαστήριο 5 Firewalls Παύλος Αντωνίου Εαρινό Εξάμηνο 2011 Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
More informationMobile Admin Security
Mobile Admin Security Introduction Mobile Admin is an enterprise-ready IT Management solution that generates significant cost savings by dramatically increasing the responsiveness of IT organizations facing
More informationSecurity Issues with Distributed Web Applications
Security Issues with Distributed Web Applications Device Connectivity We are entering the era of Device Connectivity, which is the fourth wave of evolution for Internet-enabled applications. The first
More informationThree short case studies
Three short case studies peer to peer networking wireless systems search engines each includes issues of hardware processors, storage, peripherals, networks,... representation of information, analog vs.
More informationNetwork Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
More informationCopyright Telerad Tech 2009. RADSpa. HIPAA Compliance
RADSpa HIPAA Compliance 1. Introduction 3 1.1. Scope and Field of Application 3 1.2. HIPAA 3 2. Security Architecture 4 2.1 Authentication 4 2.2 Authorization 4 2.3 Confidentiality 4 2.3.1 Secure Communication
More informationUsing the Bionimbus Protected Data Cloud (PDC): Obtaining Access Credentials FAQ
Using the Bionimbus Protected Data Cloud (PDC): Obtaining Access Credentials FAQ It s very important that a PDC user is the only one who logs in with an account. If you have members of your lab that would
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationComputer Networks. Secure Systems
Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to
More informationGoToMyPC Corporate Advanced Firewall Support Features
F A C T S H E E T GoToMyPC Corporate Advanced Firewall Support Features Citrix GoToMyPC Corporate features Citrix Online s advanced connectivity technology. We support all of the common firewall and proxy
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationNetwork Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000
Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business
More informationWebEx Security Overview Security Documentation
WebEx Security Overview Security Documentation 8/1/2003: WebEx Communications Inc. WebEx Security Overview WebEx Security Overview Introduction WebEx Communications, Inc. provides real-time communication
More informationSoftware Defined Perimeter Working Group. SDP Hackathon Whitepaper
Software Defined Perimeter Working Group SDP Hackathon Whitepaper April 2014 2014 Cloud Security Alliance All Rights Reserved. All rights reserved. You may download, store, display on your computer, view,
More informationDionseq Uatummy Odolorem Vel Layered Security Approach
A P P L I C A T I O N B R I E F Aciduisismodo Hitachi Content Dolore Platform Eolore Dionseq Uatummy Odolorem Vel Layered Security Approach Highly Scalable, Cloud-enabled Platform Ensures Data Safety with
More informationPROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 9 Firewalls and Intrusion Prevention Systems First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Firewalls and Intrusion
More informationThe ABCs of KVMs: How Remote KVM Switches Put You in Control of Your Data Center
How Remote KVM Switches Put You in Control of Your Data Center Lantronix, Inc. 15353 Barranca Parkway Irvine, CA 92618 Tel: +1 (800) 422-7055 Fax: +1 (949) 450-7232 www.lantronix.com Contents Introduction...
More informationXerox DocuShare Security Features. Security White Paper
Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a
More informationHow To Protect Your Network From A Hacker Attack On Zcoo Ip Phx From A Pbx From An Ip Phone From A Cell Phone From An Uniden Ip Pho From A Sim Sims (For A Sims) From A
Contents 1. Introduction... 3 2. Embedded Security Solutions... 4 2.1 SSH Access... 4 2.2 Brutal SIP Flood... 4 2.3 SIP Register Limitation... 5 2.4 Guest calls... 5 3. Manually configure system to raise
More informationHow To Set Up Foglight Nms For A Proof Of Concept
Page 1 of 5 Foglight NMS Overview Foglight Network Management System (NMS) is a robust and complete network monitoring solution that allows you to thoroughly and efficiently manage your network. It is
More informationOverview - Using ADAMS With a Firewall
Page 1 of 6 Overview - Using ADAMS With a Firewall Internet security is becoming increasingly important as public and private entities connect their internal networks to the Internet. One of the most popular
More informationFirst Semester Examinations 2011/12 INTERNET PRINCIPLES
PAPER CODE NO. EXAMINER : Martin Gairing COMP211 DEPARTMENT : Computer Science Tel. No. 0151 795 4264 First Semester Examinations 2011/12 INTERNET PRINCIPLES TIME ALLOWED : Two Hours INSTRUCTIONS TO CANDIDATES
More informationComputer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 6, Nov. 10, 2010 Firewalls, Intrusion Prevention, Intrusion Detection
More informationOverview - Using ADAMS With a Firewall
Page 1 of 9 Overview - Using ADAMS With a Firewall Internet security is becoming increasingly important as public and private entities connect their internal networks to the Internet. One of the most popular
More informationWeb Conferencing: Unleash the Power of Secure, Real-Time Collaboration
White Paper Web Conferencing: Unleash the Power of Secure, Real-Time Collaboration This paper focuses on security information for Cisco WebEx Meeting Center, Cisco WebEx Training Center, Cisco WebEx Support
More information