CGHub Client Security Guide Documentation

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "CGHub Client Security Guide Documentation"

Transcription

1 CGHub Client Security Guide Documentation Release 3.1 University of California, Santa Cruz April 16, 2014

2 CONTENTS 1 Abstract 1 2 GeneTorrent: a secure, client/server BitTorrent GeneTorrent protocols Secure installation and use of the CGHub client Firewall configuration Secondary security mechanisms Managing CGHub user authentication Network resource utilization Frequently Asked Questions Why BitTorrent? Interaction with generic BitTorrent servers Bibliography 8 i

3 CHAPTER ONE ABSTRACT This document is intended to address local security concerns regarding the use of Cancer Genomic Hub s client software GeneTorrent. GeneTorrent s use of this TCP/IP based protocol, provides the benefit of a mature and efficient parallel file transfer protocol which replaces distributed peer-to-peer topology with restricted client-authenticated client/server communication, to implement secure transfers. CGHub clients communicate only with CGHub over client-authenticated SSL. The recommended client-side firewall configuration is described. 1

4 CHAPTER TWO GENETORRENT: A SECURE, CLIENT/SERVER BITTORRENT GeneTorrent uses the BitTorrent protocol [1], which is a highly efficient, mature, robust TCP/IP protocol for parallel file transfer. While the original design goal of BitTorrent is to support distributed peer-topeer (P2P) file transfer applications, GeneTorrent uses BitTorrent protocol in a more restricted client-server configuration. Instead of using distributed, unauthenticated volunteer seed node servers, all of the seed node servers are provided by CGHub at the San Diego Supercomputer Center. GeneTorrent clients do not publicly advertise or seed, they communicate only with servers provided by CGHub. Unlike P2P BitTorrent clients, GeneTorrent uses client-authenticated SSL connections to implement secure transfers. The figure below contrasts the GeneTorrent client-server model with peer-to-peer applications. firewall CGHub firewalls (a) BitTorrent peer-to-peer (b) GeneTorrent client-server Figure 2.1: Comparison of peer-to-peer and GeneTorrent network architectures. In (a), a peer-to-peer application has no central server, with all nodes being able to talk directly to any other node using the BitTorrent protocol. With GeneTorrent (b), BitTorrent file transfers are sent over parallel, SSL encrypted TCP connections directly between clients and the CGHub servers. 2.1 GeneTorrent protocols GeneTorrent uses three underlying protocols to implement both uploads and downloads: CGHub Web Services API queries via HTTPS to access the metadata. 2

5 CGHub Client Security Guide Documentation, Release 3.1 CGHub Transactor queries using the BitTorrent Tracker protocol via HTTPS. This is used to direct the client to the CGHub applications servers for parallel transfers Multiple, client-authenticated, SSL encrypted BitTorrent sockets that transfer the data files. To do a transfer, a client is authenticated as a valid NIH era/commons user and then authorized for the particular data set (TCGA, TARGET, etc) and action (upload or download). GeneTorrent communication is built on the OpenSSL library, which implements the Secure Sockets Layer (SSL v3) and Transport Layer Security (TLS v1) protocols [2]. CGHub encrypts the data with AES-256 [8] [4] and uses 2048-bit RSA keys that are encrypted with the sha1withrsaencryption algorithm [3] GeneTorrent protocols 3

6 CHAPTER THREE SECURE INSTALLATION AND USE OF THE CGHUB CLIENT This section covers best practices on configuring your network and system to allow GeneTorrent in a manner that does not compromise security. The secure use of the CGHub client is tied to the security requirements for using NCI limited access NCI data, as described in the dbgap Security Best Practices [6] document. 3.1 Firewall configuration CGHub clients require the following firewall configuration: Open up the firewall for only outgoing TCP connections to CGHub. Incoming connections are not required. We recommend allowing access to the full CGHub network: Host IP Address Protocol Ports *.cghub.ucsc.edu /24 TCP 443, , This provides a simple configuration and prevents problems as CGHub adds more servers to accommodate growing capacity. It is possible to use a more restrictive IP address range. Host IP Address Protocol Ports cghub.ucsc.edu TCP 443 tracker.cghub.ucsc.edu TCP app01.cghub.ucsc.edu TCP app02.cghub.ucsc.edu TCP app16.cghub.ucsc.edu TCP If the number of systems accessing CGHub is limited, configure firewalls to allow traffic to CGHub from only those systems. White list the CGHub servers to not perform intrusion prevention deep packet inspection (DPI), as it will slow down transfers and is not useful for SSL encrypted connections. 3.2 Secondary security mechanisms Since GeneTorrent runs as an unprivileged program, it is not possible for the client to enforce security. All CGHub security is enforced at the server. Client system network security, as with all networked applications, 4

7 CGHub Client Security Guide Documentation, Release 3.1 is enforced using firewalls. While a firewall should always be the first line of defense against disallowed network use, we recognize that restricted systems are often important to organizations as a secondary or internal security mechanism. We will work with institutions that desire locked down systems to provide optional, compile-time restrictions in GeneTorrent that meet their needs. These changes will be incorporated into the standard code base. If multiple institutions require the same set of restrictions, we will provide binary distributions of GeneTorrent that meet their needs. 3.3 Managing CGHub user authentication Users are authenticated with CGHub using their era/commons account [7]. Logging into era/commons via CGHub creates and downloads a CGHub credential associated with the user. The credential file contains a cryptographically encoded key which when decoded identifies the user to CGHub; the file has a.key extension. The CGHub credential is valid for 365 days, at which point a new credential must be created using the CGHub login facility. By having the authentication process create this certificate, operations against CGHub can be scripted without requiring a P.I. to reveal their era password. The CGHub credential should be protected with the same rigor as the data it allows you to access. If should not be stored in a public directory on your system. If you feel the security of your CGHub credential may have been compromised, please contact CGHub Support to have it revoked. 3.4 Network resource utilization GeneTorrent is a highly efficient protocol. It is possible to have a download consuming a large portion of a network s bandwidth. This can be address by using the --rate-limit option to control the transfer rate of a GeneTorrent instance Managing CGHub user authentication 5

8 CHAPTER FOUR FREQUENTLY ASKED QUESTIONS 4.1 Why BitTorrent? Q: Why did you use a product that uses BitTorrent protocol? Although it is used in a secure, client-server configuration, why set off all those red flags around torrents? A: Various parallel software transfer packages were considered, both commercial and open source. BitTorrent was chosen for the following reasons: BitTorrent is a mature, widely used protocol with several high-quality, free implementations available, along with associated tools to assist in debugging and analyzing behavior and traffic. It is a connection oriented transfer protocol, which integrates well with the SSL security model. BitTorrent is horizontally scalable across multiple systems on both the server and the client. To take advantage of gigabit networks, the entire system must be balanced to match the transfer rate of the network. Without redundant disk subsystems, disk I/O will be a bottleneck. BitTorrent allows us to parallelize transfers across multiple server systems with independent I/O subsystem. Currently the GeneTorrent client is restricted to multiple threads on a single system. However, the architecture allows for distributing downloads and uploads across multiple client systems. The random, block-orient nature of the BitTorrent protocol provides an ideal platform for implementing random, remote access to BAM files. This is a very important feature planned for CGHub that will allow an application to access BAM data for to small portions of the genome without download the full BAM. The GeneTorrent BitTorrent over SSL conforms to the OSI security model [5]. We believe that using a well mature, well-understood protocol provides a better foundation for a secure system than using a proprietary protocol. Our use of BitTorrent designed to take advantage of its performance advantages without supporting unauthorized and unintended transfers. The choice of a TCP-based protocol over UDP enables use of TCP s mature congestion avoidance algorithms. The ability to prevent network congestion is important for transfers over wide, diverse networks. 6

9 CGHub Client Security Guide Documentation, Release Interaction with generic BitTorrent servers Q: Other than by use of a firewall or other network-level security that only permits connections to CGHub IP addresses, is GeneTorrent in client capable of exchanging files from other BitTorrent servers? For example, could it connect to other BitTorrent servers running inside my network? Or could it connect to BitTorrent servers anywhere if my firewall is relatively permissive to outbound connections? A: Due to the additional, non-bittorrent, protocol steps used by GeneTorrent when initiating a transfer, GeneTorrent will not connect with standard BitTorrent programs. It would take non-trivial modifications to the GeneTorrent code to enable it to communicate with standard BitTorrent clients. It should be noted that there are freely available and easy to install standard BitTorrent clients that could be run in an environment within a permissive firewall. The design of modern computer systems places network security enforcement at the firewall level. The NCI data use agreements require sites to follow the dbgap Security Best Practices [6] guidelines for secure the network where GeneTorrent is used to download limited access NCI data Interaction with generic BitTorrent servers 7

10 BIBLIOGRAPHY [1] B. Cohen. The BitTorrent Protocol Specification Version February [2] T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol, Version 1.2. August [3] B. Kaliski and J. Staddon. PKCS #1: RSA Cryptography Specifications (RFC 2437). October [4] Arjen Lenstra. Unbelievable Security: Matching AES Security Using Public Key Systems. In Colin Boyd, editor, Advances in Cryptology - ASIACRYPT 2001, volume 2248 of Lecture Notes in Computer Science, pages Springer Berlin / Heidelberg, [5] Unknown. ISO :1989: Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture [6] Unknown. dbgap Best Practices Requirements: Security Best Practices - Level 2b [7] Unknown. era: Electronic Research Administration [8] National Institute of Standards and Technology. Federal Information Processing Standards Publication 197: Announcing the Advanced Encryption Standard (AES). November

From Centralization to Distribution: A Comparison of File Sharing Protocols

From Centralization to Distribution: A Comparison of File Sharing Protocols From Centralization to Distribution: A Comparison of File Sharing Protocols Xu Wang, Teng Long and Alan Sussman Department of Computer Science, University of Maryland, College Park, MD, 20742 August, 2015

More information

Guidance Regarding Skype and Other P2P VoIP Solutions

Guidance Regarding Skype and Other P2P VoIP Solutions Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Sync Security and Privacy Brief

Sync Security and Privacy Brief Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical

More information

Spreed Keeps Online Meetings Secure. Online meeting controls and security mechanism. www.spreed.com

Spreed Keeps Online Meetings Secure. Online meeting controls and security mechanism. www.spreed.com Spreed Keeps Online Meetings Secure Online meeting controls and security mechanism www.spreed.com Spreed Online Meeting is protected by the most advanced security features. Rest assured that your meetings

More information

Security Policy Revision Date: 23 April 2009

Security Policy Revision Date: 23 April 2009 Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure

More information

Bit Chat: A Peer-to-Peer Instant Messenger

Bit Chat: A Peer-to-Peer Instant Messenger Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Potential Targets - Field Devices

Potential Targets - Field Devices Potential Targets - Field Devices Motorola Field Devices: Remote Terminal Units ACE 3600 Front End Devices ACE IP Gateway ACE Field Interface Unit (ACE FIU) 2 Credential Cracking Repeated attempts to

More information

White Paper. BD Assurity Linc Software Security. Overview

White Paper. BD Assurity Linc Software Security. Overview Contents 1 Overview 2 System Architecture 3 Network Settings 4 Security Configurations 5 Data Privacy and Security Measures 6 Security Recommendations Overview This white paper provides information about

More information

BeamYourScreen Security

BeamYourScreen Security BeamYourScreen Security Table of Contents BeamYourScreen Security... 1 The Most Important Facts in a Nutshell... 3 Content Security... 3 User Interface Security... 3 Infrastructure Security... 3 In Detail...

More information

Examples Peer-to-Peer Applications. (Gnutella, Kazaa, BitTorrent, Skype)

Examples Peer-to-Peer Applications. (Gnutella, Kazaa, BitTorrent, Skype) Examples Peer-to-Peer Applications (Gnutella, Kazaa, BitTorrent, Skype) Second generation approach Gnutella Fully distributed approach Constructs Gnutella overlay network What is an overlay network? How

More information

MIKOGO SECURITY DOCUMENT

MIKOGO SECURITY DOCUMENT MIKOGO SECURITY DOCUMENT Table of Contents Page 2. 6. 6. The Most Important Facts in a Nutshell In Detail Application Firewall Compatibility Quality Management: ISO 9001 Certification Data Compression

More information

Benefits of Network Level Security at the RTU Level. By: Kevin Finnan and Philippe Willems

Benefits of Network Level Security at the RTU Level. By: Kevin Finnan and Philippe Willems By: Kevin Finnan and Philippe Willems Introduction New security capabilities at the remote terminal unit (RTU) level are substantially easing implementation of cyber security measures in SCADA systems.

More information

Steelcape Product Overview and Functional Description

Steelcape Product Overview and Functional Description Steelcape Product Overview and Functional Description TABLE OF CONTENTS 1. General Overview 2. Applications/Uses 3. Key Features 4. Steelcape Components 5. Operations Overview: Typical Communications Session

More information

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2 BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution

More information

A Reliable and Fast Data Transfer for Grid Systems Using a Dynamic Firewall Configuration

A Reliable and Fast Data Transfer for Grid Systems Using a Dynamic Firewall Configuration A Reliable and Fast Data Transfer for Grid Systems Using a Dynamic Firewall Configuration Thomas Oistrez Research Centre Juelich Juelich Supercomputing Centre August 21, 2008 1 / 16 Overview 1 UNICORE

More information

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

What is Firewall? A system designed to prevent unauthorized access to or from a private network. What is Firewall? A system designed to prevent unauthorized access to or from a private network. What is Firewall? (cont d) Firewall is a set of related programs, located at a network gateway server. Firewalls

More information

LBSEC. http://www.liveboxcloud.com

LBSEC. http://www.liveboxcloud.com 2014 LBSEC http://www.liveboxcloud.com LiveBox Srl does not release declarations or guarantee regarding this documentation and its use and declines any expressed or implied commercial or suitability guarantee

More information

GO-Global For Windows Security Aspects

GO-Global For Windows Security Aspects GO-Global For Windows Security Aspects Introduction GraphOn s GO-Global software gives the Windows Server operating system the capability to publish 32-bit Windows based applications to remote client desktops,

More information

GO-Global For Windows Security Aspects

GO-Global For Windows Security Aspects GO-Global For Windows Security Aspects Introduction GraphOn s GO-Global software gives the Windows Server operating system the capability to publish 32-bit Windows based applications to remote client desktops,

More information

LogMeIn Rescue Architecture

LogMeIn Rescue Architecture LogMeIn Rescue Architecture A technical overview of Rescue s architecture. Introduction...1 Data Confidentiality...2 Key Agreement...3 Message Exchange...3 Authentication and Authorization...4 Auditing

More information

Skype characteristics

Skype characteristics Advanced Networking Skype Renato Lo Cigno Credits for part of the original material to Saverio Niccolini NEC Heidelberg Skype characteristics Skype is a well known P2P program for real time communications

More information

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability Overview... 3 Installing Bridgit Software... 4 Installing Bridgit Software Services... 4 Creating a Server Cluster... 4 Using

More information

Secure Use of the New NHS Network (N3): Good Practice Guidelines

Secure Use of the New NHS Network (N3): Good Practice Guidelines Programme NPFIT Document Record ID Key Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0003.01 Prog. Director Mark Ferrar Status Approved Owner Tim Davis Version 1.0 Author Phil Benn Version

More information

Fig. 4.2.1: Packet Filtering

Fig. 4.2.1: Packet Filtering 4.2 Types of Firewalls /DKo98/ FIREWALL CHARACTERISTICS 1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the

More information

RevShield Software Suite Network Security Review

RevShield Software Suite Network Security Review Summary This document is aimed at professional network administrators. The information in this document is of a rather technical nature and very detailed. Based on this information, IT professionals can

More information

ENABLING DATA TRANSFER MANAGEMENT AND SHARING IN THE ERA OF GENOMIC MEDICINE. October 2013

ENABLING DATA TRANSFER MANAGEMENT AND SHARING IN THE ERA OF GENOMIC MEDICINE. October 2013 ENABLING DATA TRANSFER MANAGEMENT AND SHARING IN THE ERA OF GENOMIC MEDICINE October 2013 Introduction As sequencing technologies continue to evolve and genomic data makes its way into clinical use and

More information

EMC Data Protection Search

EMC Data Protection Search EMC Data Protection Search Version 1.0 Security Configuration Guide 302-001-611 REV 01 Copyright 2014-2015 EMC Corporation. All rights reserved. Published in USA. Published April 20, 2015 EMC believes

More information

MIGRATIONWIZ SECURITY OVERVIEW

MIGRATIONWIZ SECURITY OVERVIEW MIGRATIONWIZ SECURITY OVERVIEW Table of Contents Introduction... 2 Shared Security Approach... 2 Customer Best Practices... 2 Application Security... 4 Database Level Security... 4 Network Security...

More information

WHITE PAPER NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW

WHITE PAPER NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW INTRODUCTION As businesses adopt new technologies that touch or leverage critical company data, maintaining the highest level of security is their

More information

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013 CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access

More information

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY) E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system

More information

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment White Paper Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment Cisco Connected Analytics for Network Deployment (CAND) is Cisco hosted, subscription-based

More information

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1 UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1 As organizations unlock the true potential of meeting over the web as an alternative to costly and timeconsuming travel,

More information

Deployment Scenarios

Deployment Scenarios Deployment Scenarios Sun Cobalt Summary The Sun Cobalt is a network-based appliance for managing a large number of remote servers and for deploying services to these servers. A control station is deployed

More information

ReadyNAS Remote White Paper. NETGEAR May 2010

ReadyNAS Remote White Paper. NETGEAR May 2010 ReadyNAS Remote White Paper NETGEAR May 2010 Table of Contents Overview... 3 Architecture... 3 Security... 4 Remote Firewall... 5 Performance... 5 Overview ReadyNAS Remote is a software application that

More information

LogMeIn Rescue Architecture

LogMeIn Rescue Architecture A technical overview of s architecture. This paper provides a technical overview of the architecture behind LogMeIn. 1 Introduction 2 Data Confidentiality 3 Authentication 4 Key Agreement 5 Message Exchange

More information

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity USER GUIDE Lightweight Directory Access Protocol () Schoolwires Centricity TABLE OF CONTENTS Introduction... 1 Audience and Objectives... 1 Overview... 1 Servers Supported by Centricity... 1 Benefits of

More information

Configuring Security Features of Session Recording

Configuring Security Features of Session Recording Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

IP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw

IP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw IP Security IPSec, PPTP, OpenVPN Pawel Cieplinski, AkademiaWIFI.pl MUM Wroclaw Introduction www.akademiawifi.pl WCNG - Wireless Network Consulting Group We are group of experienced professionals. Our company

More information

Architecture Guidelines Application Security

Architecture Guidelines Application Security Executive Summary These guidelines describe best practice for application security for 2 or 3 tier web-based applications. It covers the use of common security mechanisms including Authentication, Authorisation

More information

Whitepaper : Using Unsniff Network Analyzer to analyze SSL / TLS

Whitepaper : Using Unsniff Network Analyzer to analyze SSL / TLS Whitepaper : Using Unsniff Network Analyzer to analyze SSL / TLS A number of applications today use SSL and TLS as a security layer. Unsniff allows authorized users to analyze these applications by decrypting

More information

Building A Secure Microsoft Exchange Continuity Appliance

Building A Secure Microsoft Exchange Continuity Appliance Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building

More information

Securing Ship-to-Shore Data Flow

Securing Ship-to-Shore Data Flow Securing Ship-to-Shore Data Flow Background on Common File Transfer Methods Today corporations, government entities, and other organizations rely on Electronic File Transfers as an important part of their

More information

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes. RimApp RoadBLOCK goes beyond simple filtering! Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes. However, traditional

More information

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more

More information

Network Security Essentials Chapter 5

Network Security Essentials Chapter 5 Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got

More information

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway Unifying Information Security Implementing TLS on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 3 2 Understanding TLS... 4 3 Clearswift s Application of TLS... 5 3.1 Opportunistic TLS...

More information

Mobile Admin Security

Mobile Admin Security Mobile Admin Security Introduction Mobile Admin is an enterprise-ready IT Management solution that generates significant cost savings by dramatically increasing the responsiveness of IT organizations facing

More information

TLS and SRTP for Skype Connect. Technical Datasheet

TLS and SRTP for Skype Connect. Technical Datasheet TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security

More information

LAB FORWARD. WITH PROService REMOTE SERVICE APPLICATION. Frequently Asked Questions

LAB FORWARD. WITH PROService REMOTE SERVICE APPLICATION. Frequently Asked Questions LAB FORWARD WITH PROService REMOTE SERVICE APPLICATION Frequently Asked Questions MORE WAYS TO INCREASE UPTIME AND IMPROVE PRODUCTIVITY. GENERAL INFORMATION Q: What is PROService? A: PROService is Beckman

More information

The increasing popularity of mobile devices is rapidly changing how and where we

The increasing popularity of mobile devices is rapidly changing how and where we Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to

More information

PowerChute TM Network Shutdown Security Features & Deployment

PowerChute TM Network Shutdown Security Features & Deployment PowerChute TM Network Shutdown Security Features & Deployment By David Grehan, Sarah Jane Hannon ABSTRACT PowerChute TM Network Shutdown (PowerChute) software works in conjunction with the UPS Network

More information

Intrusion Detection Systems

Intrusion Detection Systems Intrusion Detection Systems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/

More information

Secure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications. www.vidyo.com 1.866.99.VIDYO

Secure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications. www.vidyo.com 1.866.99.VIDYO TECHNICAL NOTE Secure VidyoConferencing SM Protecting your communications 2012 Vidyo, Inc. All rights reserved. Vidyo, VidyoTechnology, VidyoConferencing, VidyoLine, VidyoRouter, VidyoPortal,, VidyoRouter,

More information

Easy Setup Guide 1&1 CLOUD SERVER. Creating Backups. for Linux

Easy Setup Guide 1&1 CLOUD SERVER. Creating Backups. for Linux Easy Setup Guide 1&1 CLOUD SERVER Creating Backups for Linux Legal notice 1&1 Internet Inc. 701 Lee Road, Suite 300 Chesterbrook, PA 19087 USA www.1and1.com info@1and1.com August 2015 Copyright 2015 1&1

More information

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc. Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet

More information

Dionseq Uatummy Odolorem Vel Layered Security Approach

Dionseq Uatummy Odolorem Vel Layered Security Approach A P P L I C A T I O N B R I E F Aciduisismodo Hitachi Content Dolore Platform Eolore Dionseq Uatummy Odolorem Vel Layered Security Approach Highly Scalable, Cloud-enabled Platform Ensures Data Safety with

More information

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at www.ccsoftware.ca!

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at www.ccsoftware.ca! Quick Start Guide Cerberus FTP is distributed in Canada through C&C Software. Visit us today at www.ccsoftware.ca! How to Setup a File Server with Cerberus FTP Server FTP and SSH SFTP are application protocols

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

Security Guide July 2015

Security Guide July 2015 Security Guide July 2015 UCMojo, is a cloud hosted video and web collaboration service provided by a division of Global Interactive Solutions. We employ the technology and software provided by Zoom to

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

Security Policy. Security Policy. www.clickmeeting.com

Security Policy. Security Policy. www.clickmeeting.com Security Policy www.clickmeeting.com 1 Introduction ClickMeeting is a worldwide, solid and easy to use SaaS platform. It s core was constructed with the hi-end technology. Data security the highest priority

More information

Xerox DocuShare Security Features. Security White Paper

Xerox DocuShare Security Features. Security White Paper Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a

More information

IBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]

IBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public] IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System

More information

Windows Remote Access

Windows Remote Access Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by

More information

RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 18, 2006 Product Information Partner Name Microsoft Web Site http://www.microsoft.com/isaserver Product Name Internet

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

WebEx Security Overview Security Documentation

WebEx Security Overview Security Documentation WebEx Security Overview Security Documentation 8/1/2003: WebEx Communications Inc. WebEx Security Overview WebEx Security Overview Introduction WebEx Communications, Inc. provides real-time communication

More information

Spirent Abacus. SIP over TLS Test 编 号 版 本 修 改 时 间 说 明

Spirent Abacus. SIP over TLS Test 编 号 版 本 修 改 时 间 说 明 Spirent Abacus SIP over TLS Test 编 号 版 本 修 改 时 间 说 明 1 1. TLS Interview (Transport Layer Security Protocol) (1) TLS Feature Introduction: 1. TLS is a successor of Secure Sockets Layer (SSL), a cryptographic

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by

More information

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere White Paper 7KH#&KDOOHQJH Virtual Private Networks (VPNs) provides a powerful means of protecting the privacy and integrity

More information

R&S SITGate Next-Generation Firewall Secure access to Internet and cloud services

R&S SITGate Next-Generation Firewall Secure access to Internet and cloud services Secure Communications Product Brochure 02.00 R&S SITGate Next-Generation Firewall Secure access to Internet and cloud services R&S SITGate Next-Generation Firewall At a glance The R&S SITGate is a multifunctional,

More information

Introduction to Security and PIX Firewall

Introduction to Security and PIX Firewall Introduction to Security and PIX Firewall Agenda Dag 20 Föreläsning LAB CR 2006 Cisco Secure PIX Firewall Models and Features Firewall Operations Basic PIX Firewall concepts CR 2006 What is a firewall?

More information

Network Configuration Settings

Network Configuration Settings Network Configuration Settings Many small businesses already have an existing firewall device for their local network when they purchase Microsoft Windows Small Business Server 2003. Often, these devices

More information

Chapter 8 Router and Network Management

Chapter 8 Router and Network Management Chapter 8 Router and Network Management This chapter describes how to use the network management features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. These features can be found by

More information

Network Defense Tools

Network Defense Tools Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds ravikantvanjara@gmail.com What is Firewall? A firewall

More information

Complying with PCI Data Security

Complying with PCI Data Security Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 9 Firewalls and Intrusion Prevention Systems First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Firewalls and Intrusion

More information

ΕΠΛ 674: Εργαστήριο 5 Firewalls

ΕΠΛ 674: Εργαστήριο 5 Firewalls ΕΠΛ 674: Εργαστήριο 5 Firewalls Παύλος Αντωνίου Εαρινό Εξάμηνο 2011 Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized

More information

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute

More information

Acceleration of Data through SSL Virtual Private Networks

Acceleration of Data through SSL Virtual Private Networks Acceleration of Data through SSL Virtual Private Networks Rob Jansen University of Minnesota, Morris 600 East Fourth Street Morris, MN 56267 (123) 456-7890 jans0184@morris.umn.edu ABSTRACT A Virtual Private

More information

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order

More information

The ABCs of KVMs: How Remote KVM Switches Put You in Control of Your Data Center

The ABCs of KVMs: How Remote KVM Switches Put You in Control of Your Data Center How Remote KVM Switches Put You in Control of Your Data Center Lantronix, Inc. 15353 Barranca Parkway Irvine, CA 92618 Tel: +1 (800) 422-7055 Fax: +1 (949) 450-7232 www.lantronix.com Contents Introduction...

More information

Foglight NMS Overview

Foglight NMS Overview Page 1 of 5 Foglight NMS Overview Foglight Network Management System (NMS) is a robust and complete network monitoring solution that allows you to thoroughly and efficiently manage your network. It is

More information

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/ Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 6, Nov. 10, 2010 Firewalls, Intrusion Prevention, Intrusion Detection

More information

Transport and Security Specification

Transport and Security Specification Transport and Security Specification 15 July 2015 Version: 5.9 Contents Overview 3 Standard network requirements 3 Source and Destination Ports 3 Configuring the Connection Wizard 4 Private Bloomberg Network

More information

Three short case studies

Three short case studies Three short case studies peer to peer networking wireless systems search engines each includes issues of hardware processors, storage, peripherals, networks,... representation of information, analog vs.

More information

Overview - Using ADAMS With a Firewall

Overview - Using ADAMS With a Firewall Page 1 of 6 Overview - Using ADAMS With a Firewall Internet security is becoming increasingly important as public and private entities connect their internal networks to the Internet. One of the most popular

More information

Enterprise Security Critical Standards Summary

Enterprise Security Critical Standards Summary Enterprise Security Critical Standards Summary The following is a summary of key points in the Orange County Government Board of County Commissioners (OCGBCC) security standards. It is necessary for vendors

More information

BlackBerry Enterprise Service 10. Version: 10.2. Configuration Guide

BlackBerry Enterprise Service 10. Version: 10.2. Configuration Guide BlackBerry Enterprise Service 10 Version: 10.2 Configuration Guide Published: 2015-02-27 SWD-20150227164548686 Contents 1 Introduction...7 About this guide...8 What is BlackBerry Enterprise Service 10?...9

More information

Overview - Using ADAMS With a Firewall

Overview - Using ADAMS With a Firewall Page 1 of 9 Overview - Using ADAMS With a Firewall Internet security is becoming increasingly important as public and private entities connect their internal networks to the Internet. One of the most popular

More information

Networking. Sixth Edition. A Beginner's Guide BRUCE HALLBERG

Networking. Sixth Edition. A Beginner's Guide BRUCE HALLBERG Networking A Beginner's Guide Sixth Edition BRUCE HALLBERG Mc Graw Hill Education New York Chicago San Francisco Athens London Madrid Mexico City Milan New Delhi Singapore Sydney Toronto Contents Acknowledgments

More information

Preparing for GO!Enterprise MDM On-Demand Service

Preparing for GO!Enterprise MDM On-Demand Service Preparing for GO!Enterprise MDM On-Demand Service This guide provides information on...... An overview of GO!Enterprise MDM... Preparing your environment for GO!Enterprise MDM On-Demand... Firewall rules

More information

TFS ApplicationControl White Paper

TFS ApplicationControl White Paper White Paper Transparent, Encrypted Access to Networked Applications TFS Technology www.tfstech.com Table of Contents Overview 3 User Friendliness Saves Time 3 Enhanced Security Saves Worry 3 Software Componenets

More information