SOLARIS 10 SECURITY. Technical Overview. Andreas Neuhold Systems Practice Lead Austria Sun Microsystems, GesmbH

Size: px
Start display at page:

Download "SOLARIS 10 SECURITY. Technical Overview. Andreas Neuhold Systems Practice Lead Austria Sun Microsystems, GesmbH"

Transcription

1 SOLARIS 10 SECURITY Technical Overview Andreas Neuhold Systems Practice Lead Austria Sun Microsystems, GesmbH

2 Solaris 10 Lizenzen Millions ~ 7M ZFS 7,0 6,5 6,0 5,5 Solaris Container 5,0 4,5 4,0 3,5 3,0 DTrace x64 / x86 2,5 2,0 1,5 1,0 0,5 0,0 3/05 4/05 5/05 6/05 7/05 8/05 9/05 10/05 11/05 12/05 1/06 2/06 3/06 4/06 5/06 6/06 7/06 8/06 9/06 10/06 11/06 12/06 1/07 #2

3 ~ 7 Mio. registrierte Lizenzen 125 Performance Weltrekorde 800+ x64/x86 Plattformen unterstützt ISV Anwendungen verfügbar Hunderte OpenSource Anwendungen integriert und unterstützt Enthusiasmus der Kunden und Partner für Solaris 10 #3

4 Solaris Security New New Digital Certificates Everywhere IP Filter Firewall Secure Execution User & Process Rights Mgmt. Cryptographic Framework Secure By Default Networking Trusted Extensions Solaris 10 Operating System #4

5 Agenda: Solaris 10 Security Process and User Rights Management Network Security and Encrypted Communications Password Management and Auditing Container Security File Integrity Validation Minimization and Hardening Labeled Security Security Certification #5

6 Process & User Rights Management

7 Reduce Application Privileges Process Rights Management allows you to distribute rights among applications with finer granularity: Eliminates need to run applications as super user Reduces customer exposure to security attacks Compatible with existing applications Always turned on #7

8 Process Rights Management = Least Privileges minimale Privilegien für Prozesse > Aufgabe von "alles oder nichts" Rechtevergabe > root vs. Rest der Nutzer > meist wird nur ein Bruchteil benötigt > Device Zugriff > reservierte Netzwerkports > RT Priorität #8

9 PRM Example: Apache Web Server net_priv_addr proc_fork proc_exec Super User Service Manager ('webserved') Web Server #9

10 User Rights Management User Rights Management allows you to distribute rights to management roles with finer granularity. Users can then assume these rolls. Decomposes super user role Roles stored in naming service for centralization Auditing records 'real' user no anonymous admin! # 10

11 User Rights Management Software Installation Dtrace Debugging Developer Audit Review File Integrity Verification Internal Auditor System Administrator Backup Operator Super User User Rights Management Sys. Admin. User Roles # 11

12 Network Security & Encrypted Communications

13 Network Protection Solaris Security now provides even tougher defenses for your network. New IP Filter Firewall > Allows selective access to ports based on IP > Compatible/manageable like open source IPF TCP Wrappers > Limits access to TCP/UDP service using domain name > Permits selective access for partners, suppliers, etc... Secure By Default Network > Disables or protects many network services from attack > Minimizes network exposure of system # 13

14 Cryptographic Framework Commercial App PKCS 11 Open Source Web Server Sun Java Web Server Java VM Application OpenSSL NSS Java Enterprise System JCE Java Crypto. Extensions Consumer Interface (PKCS 11) User-Level Cryptographic Framework Provider Interface (PKCS 11) Sun Software Crypto. Plug-in (DES, 3DES, AES, Blowfish, RSA, MD5, SHA_, RC4) Hardware Accelerator UltraSparc T1 Hardware Crypto. Accelerator 6000 Now the framework for cryptography is standardized and extensible. Your current cryptographic choices and any future technology can easily plug in and just work. 'Unbreakable' cryptographic strength Standards-based framework Same API, software or hardware Extensible for future technologies # 14

15 Secure Remote Access Solaris Secure Shell Standards-based encrypted remote access Kerberos Single Sign On Standards-based enterprise single sign on IPSec/IKE Transparently encrypted communications between systems; no app modification Remote Worker Internet Apps & Data # 15

16 Password Management & Auditing

17 Password Management Solaris adds more layers of password security Password Complexity Checks Password History (0 26 passwords) Banned Password List (Dictionary) Compliments LDAP-based password controls for nonlocal accounts # 17

18 Solaris System Auditing Records and monitors everything that happens on the system User Access Computer Possible Intrusion Date Selected Log Records who did what, when and how Exports audit records to XML format for analysis by tools or intrusion detection systems Essential for Audit and Compliance Officers # 18

19 Container Security

20 Container Security Reduce risk by isolating applications in separate containers yet administer centrally Containers provide file, network, process, and resource isolation Administer from a single Global Zone App Server Web Server DB Server Application OS Server # 20

21 File Integrity Validation

22 File Integrity Verification Tools Basic Audit and Reporting Tool (BART) > Generate checksums; compared periodically Solaris Fingerprint Database > Validate your system today using: > sunsolve.sun.com Solaris Secure Execution Provides tools to validate the OS and your data to catch hackers in action. # 22

23 Solaris Secure Execution Provides real-time verification of OS components to prevent virus outbreaks or use of unauthorized applications Solaris 10: Most digitally signed OS on the planet Manually verify systems today with 'elfsign' Future update will verify integrity at load time Prevents unauthorized applications and patches Helps meet auditing requirements # 23

24 Solaris Minimization & Hardening

25 Solaris Minimization 191 MB Reduce risk by using the Reduced Networking Metacluster: Small install of Solaris with no network services > Nothing listening to network to be attacked! Basic building block turn on only what you want Save disk space 191 MB vs. 3 GB Used during manual or jumpstart install of Solaris # 25

26 Hardening: Secure By Default Networking Reduce exposure by limiting how system listens for network connections Turns off many services or sets them to 'local only' Uses Solaris Service Manager to turn on only what is needed for use Only Solaris Secure Shell listening to the network Fully functional desktop impervious to external attack # 26

27 More Options for Securing Solaris Solaris Security Toolkit v 4.2 Hardening > Sets secure system parameters > Allows undo of previously applied hardening Minimize during install > Uses repeatable profiles > Jumpstart integration Download Today: # 27

28 Labeled Security

29 Solaris Trusted Extensions New Adds labeled security to Solaris 10 Multi-level networking, printing Multi-level Interfaces Leverages User & Process RM Uses Containers Runs all Solaris applications High level of certification Solaris 10 Operating System # 29

30 Solaris Trusted Extensions Feature ab Solaris 10 11/06 Zielsetzung > > > > Daten nach Sicherheitslevel isolieren Netzwerk Datenfluß einfach reglementieren Erfüllung von Sicherheitsrichtlinien Alle Solaris Anwendungen bleiben lauffähig (= Solaris) Labeled Security für Solaris 10 > Multi-Level Networking, Printing, GUI > CAPP, RBACPP, EAL 4+ Mandatory Access Control basierend auf Label # 30

31 Solaris Trusted Extensions All objects are labeled, based on sensitivity Access governed by label hierarchal relationship Commercial Hierarchy Government Hierarchy Non-Hierarchical Executive Management Top Secret VP and Above Directors All Employees Trusted Extensions Secret Net Inc. Music Online Daisy's Florists Solaris 10 or Trusted Extensions Confidential Classified Trusted Extensions Mandatory Access Control & Security Labels # 31

32 Security Certification

33 Independent Validation 3rd Party Certifications EAL4+ (C2) (CAPP & RBACPP) EAL3 or EAL3+ SGI Irix SuSE RedHat SuSE IBM AIX Windows 2003 Solaris 8 HP-UX Solaris 9 EAL4 or EAL4+ (C2) (CAPP) Solaris 10 Trusted Solaris 8 Solaris 10 w/trusted Extensions* EAL4+ (B1) (CAPP, RBACPP, LSPP) Based on data from # 33

34 SOLARIS 10 SECURITY Technical Overview

35 Access Control Enforced Everywhere Stripe showing 'Restricted' Stripe showing 'Internal' Attempts to 'drag-and-drop' data between windows fails because user is not authorized to do so. Enforced when transferring data anywhere to anything on the system. # 35

36 Trusted Java Desktop System Details World's only labeled GNOME-based interface shipped with an OS Workplace Switcher NEW Task Switcher Trusted Stripe and Trusted Path Menu # 36

USING SOLARIS OPERATING SYSTEM SECURITY TO ADDRESS PAYMENT CARD INDUSTRY (PCI) DSS COMPLIANCE: A SYSTEMIC APPROACH TO SECURITY

USING SOLARIS OPERATING SYSTEM SECURITY TO ADDRESS PAYMENT CARD INDUSTRY (PCI) DSS COMPLIANCE: A SYSTEMIC APPROACH TO SECURITY USING SOLARIS OPERATING SYSTEM SECURITY TO ADDRESS PAYMENT CARD INDUSTRY (PCI) DSS COMPLIANCE: A SYSTEMIC APPROACH TO SECURITY Glenn Brunette, Distinguished Engineer, GSS Security Office Mark Thacker,

More information

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Will Fiveash presenter, Darren Moffat author Staff Engineer Solaris Kerberos Development Safe Harbor Statement The following

More information

An Oracle White Paper August 2010. Using Oracle Solaris 10 to Overcome Security Challenges

An Oracle White Paper August 2010. Using Oracle Solaris 10 to Overcome Security Challenges An Oracle White Paper August 2010 Using Oracle Solaris 10 to Overcome Security Challenges Introduction... 1 Security Features in Oracle Solaris 10... 2 Reduce and Securely Delegate Privileges... 2 Network

More information

Utilizing Solaris 10 Security Features. Presented by: Nate Rotschafer Peter Kiewit Institute Revised: August 8, 2005

Utilizing Solaris 10 Security Features. Presented by: Nate Rotschafer Peter Kiewit Institute Revised: August 8, 2005 Utilizing Solaris 10 Security Features Presented by: Nate Rotschafer Peter Kiewit Institute Revised: August 8, 2005 Solaris 10 Security Features Outline Solaris Development Least Privilege RBAC Service

More information

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A

More information

Practical Solaris 10 Security Glenn Brunette

Practical Solaris 10 Security Glenn Brunette Practical Solaris 10 Security Glenn Brunette Distinguished Engineer Sun Microsystems, Inc. Agenda Attacker Goals Attack Scenario Background Attack Defense Scenario Attack Detection Scenario Copyright 2006

More information

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? SaaS vs. COTS Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? Unlike COTS solutions, SIMCO s CERDAAC is software that is offered as a service (SaaS). This offers several

More information

Enabling SSL and Client Certificates on the SAP J2EE Engine

Enabling SSL and Client Certificates on the SAP J2EE Engine Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs SAP AG 1 Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine

More information

Cloud Security:Threats & Mitgations

Cloud Security:Threats & Mitgations Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer

More information

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems IT 4823 Information Security Administration Securing Operating Systems June 18 Security Maintenance Practices Basic proactive security can prevent many problems Maintenance involves creating a strategy

More information

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV Nadav Elkabets Presale Consultant Protecting Your Data Encrypt Your Data 1 ProtectFile StorageSecure ProtectDB ProtectV Databases File

More information

Dienstag, 15. November 2011. Security

Dienstag, 15. November 2011. Security Security Database Security Extreme - Example Configuration - SAOUG11 Security Peter Kestner Tech Director - Security ORACLE Technology Europe - Middle East - Africa Disclaimer This example will show features

More information

OracleAS Identity Management Solving Real World Problems

OracleAS Identity Management Solving Real World Problems OracleAS Identity Management Solving Real World Problems Web applications are great... Inexpensive development Rapid deployment Access from anywhere BUT. but they can be an administrative and usability

More information

MySQL Security: Best Practices

MySQL Security: Best Practices MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes

More information

iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi

iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi Agenda Introduction iscsi Attacks Enumeration Authorization Authentication iscsi Defenses Information Security Partners (isec) isec Partners Independent

More information

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Copyright 2013, Oracle and/or its affiliates. All rights reserved. 1 Security Inside-Out with Oracle Database 12c Denise Mallin, CISSP Oracle Enterprise Architect - Security The following is intended to outline our general product direction. It is intended for information

More information

OPG Leadership Series Kickoff, Solaris Security Design. Casper Dik Sun Microsystems, Inc.

OPG Leadership Series Kickoff, Solaris Security Design. Casper Dik Sun Microsystems, Inc. OPG Leadership Series Kickoff, Solaris Security Design September, Considerations 2005 Casper Dik Sun Microsystems, Inc. Solaris Security Design Principles Or how ten years changed my perspective on security

More information

ontune SPA - Server Performance Monitor and Analysis Tool

ontune SPA - Server Performance Monitor and Analysis Tool ontune SPA - Server Performance Monitor and Analysis Tool Product Components - ontune is composed of the Manager; the Agents ; and Viewers Manager - the core ontune component, and installed on the management/viewing

More information

9 th International Common Criteria Conference Designing the Trusted Service Bus for EAL5

9 th International Common Criteria Conference Designing the Trusted Service Bus for EAL5 9 th International Common Criteria Conference Designing the Trusted Service Bus for EAL5 David Ochel, atsec information security Brian Vetter, BlueSpace Software Agenda Objective Development of multi-level

More information

owncloud Architecture Overview

owncloud Architecture Overview owncloud Architecture Overview Time to get control back Employees are using cloud-based services to share sensitive company data with vendors, customers, partners and each other. They are syncing data

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

Java / ActiveX Security. David Gristwood Senior Consultant Microsoft Ltd

Java / ActiveX Security. David Gristwood Senior Consultant Microsoft Ltd Java / ActiveX Security David Gristwood Senior Consultant Microsoft Ltd Security Issues Covers many areas: Transact business securely Ensure privacy of conversations Authenticate users in communications

More information

Defense In-Depth to Achieve Unbreakable Database Security

Defense In-Depth to Achieve Unbreakable Database Security Defense In-Depth to Achieve Unbreakable Database Security Qiang Lin, Ph.D Abstract Enterprises realize that sole reliance on generic security mechanisms does not provide the protection they need for their

More information

Security Considerations White Paper for Cisco Smart Storage 1

Security Considerations White Paper for Cisco Smart Storage 1 Security Considerations White Paper for Cisco Smart Storage An open network is like a bank s vault with windows Bill Thomson Network-Attached Storage (NAS) is a relatively simple and inexpensive way to

More information

SECURITY COMPARISON BETWEEN IBM WEBSPHERE MQ 7.5 AND APACHE ACTIVEMQ 5.9

SECURITY COMPARISON BETWEEN IBM WEBSPHERE MQ 7.5 AND APACHE ACTIVEMQ 5.9 SECURITY COMPARISON BETWEEN IBM WEBSPHERE MQ 7.5 AND APACHE ACTIVEMQ 5.9 Author: Timothy N. Scaggs, IBM, March 2014 Edited: Rodney Thomas, IBM, June, 2015 Table of Contents Executive Summary... 2 IBM WebSphere

More information

Steelcape Product Overview and Functional Description

Steelcape Product Overview and Functional Description Steelcape Product Overview and Functional Description TABLE OF CONTENTS 1. General Overview 2. Applications/Uses 3. Key Features 4. Steelcape Components 5. Operations Overview: Typical Communications Session

More information

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET http:// GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET Manisha Dawra 1, Ramdev Singh 2 1 Al-Falah School of Engg. & Tech., Vill-Dhauj, Ballabgarh-Sohna Road, Faridabad, Haryana (INDIA)-121004

More information

Oracle Solaris: Aktueller Stand und Ausblick

Oracle Solaris: Aktueller Stand und Ausblick Oracle Solaris: Aktueller Stand und Ausblick Detlef Drewanz Principal Sales Consultant, EMEA Server Presales The following is intended to outline our general product direction. It

More information

Hardening MySQL. Maciej Dobrzański maciek at psce.com @MushuPL http://www.psce.com/

Hardening MySQL. Maciej Dobrzański maciek at psce.com @MushuPL http://www.psce.com/ Hardening MySQL Maciej Dobrzański maciek at psce.com @MushuPL http://www.psce.com/ In this presentation Database security Security features in MySQL The ugly truth Improving security DATABASE SECURITY

More information

Axway Validation Authority Suite

Axway Validation Authority Suite Axway Validation Authority Suite PKI safeguards for secure applications Around the world, banks, healthcare organizations, governments, and defense agencies rely on public key infrastructures (PKIs) to

More information

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Security Overview for Windows Vista Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Agenda User and group changes Encryption changes Audit changes User rights New and modified

More information

BM482E Introduction to Computer Security

BM482E Introduction to Computer Security BM482E Introduction to Computer Security Lecture 7 Database and Operating System Security Mehmet Demirci 1 Summary of Lecture 6 User Authentication Passwords Password storage Password selection Token-based

More information

User's Manual. Intego Remote Management Console User's Manual Page 1

User's Manual. Intego Remote Management Console User's Manual Page 1 User's Manual Intego Remote Management Console User's Manual Page 1 Intego Remote Management Console for Macintosh 2007 Intego, Inc. All Rights Reserved Intego, Inc. www.intego.com This manual was written

More information

HP A-IMC Firewall Manager

HP A-IMC Firewall Manager HP A-IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW101-20110805 Legal and notice information Copyright 2011 Hewlett-Packard Development Company, L.P. No part of this

More information

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011) Host Hardening (March 21, 2011) Abdou Illia Spring 2011 CERT Report on systems vulnerabilities Source: CERT Report @ http://www.kb.cert.org/vuls/bymetric 2 OS Vulnerability test Source: http://www.omninerd.com/articles/2006_operating_system_vulnerabilit

More information

Windows Remote Access

Windows Remote Access Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by

More information

DiamondStream Data Security Policy Summary

DiamondStream Data Security Policy Summary DiamondStream Data Security Policy Summary Overview This document describes DiamondStream s standard security policy for accessing and interacting with proprietary and third-party client data. This covers

More information

Security Mgt. Tools and Subsystems

Security Mgt. Tools and Subsystems Security Mgt. Tools and Subsystems some attack and defense security tools at work Reconaissance Passive Active Penetration Classes of tools (network-bound) Passive Reconaissance Passively listen and analyze

More information

Avaya Operational Analyst 7.0 Security Guide COMPAS 109084 Issue 1.0 February 2005

Avaya Operational Analyst 7.0 Security Guide COMPAS 109084 Issue 1.0 February 2005 Avaya Operational Analyst 7.0 Security Guide COMPAS 109084 Issue 1.0 February 2005 Target audience: System administrator Sensitivity: This document should be kept under tight control. This document describes

More information

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information The following is intended to outline our general product direction. It is intended for information purposes only,

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams

More information

PowerSC Tools for IBM i

PowerSC Tools for IBM i PowerSC Tools for IBM i A service offering from IBM Systems Lab Services PowerSC Tools for IBM i PowerSC Tools for IBM i helps clients ensure a higher level of security and compliance Client Benefits Simplifies

More information

Securing Data in Oracle Database 12c

Securing Data in Oracle Database 12c Securing Data in Oracle Database 12c Thomas Kyte http://asktom.oracle.com/ Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes

More information

STEALTHbits Technologies, Inc. StealthAUDIT v5.1 System Requirements and Installation Notes

STEALTHbits Technologies, Inc. StealthAUDIT v5.1 System Requirements and Installation Notes STEALTHbits Technologies, Inc. StealthAUDIT v5.1 System Requirements and Installation Notes June 2011 Table of Contents Overview... 3 Installation Overview... 3 Hosting System Requirements... 4 Recommended

More information

Management, Logging and Troubleshooting

Management, Logging and Troubleshooting CHAPTER 15 This chapter describes the following: SNMP Configuration System Logging SNMP Configuration Cisco NAC Guest Server supports management applications monitoring the system over SNMP (Simple Network

More information

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN) MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file

More information

Security Advice for Instances in the HP Cloud

Security Advice for Instances in the HP Cloud Security Advice for Instances in the HP Cloud Introduction: HPCS protects the infrastructure and management services offered to customers including instance provisioning. An instance refers to a virtual

More information

An Oracle White Paper May 2010. How to Eliminate Web Page Hijacking Using Oracle Solaris 10 Security

An Oracle White Paper May 2010. How to Eliminate Web Page Hijacking Using Oracle Solaris 10 Security An Oracle White Paper May 2010 How to Eliminate Web Page Hijacking Using Oracle Solaris 10 Security Introduction... 1 Oracle Solaris Security: Overview... 2 Oracle Solaris User and Process Rights Management...

More information

ipad in Business Security

ipad in Business Security ipad in Business Security Device protection Strong passcodes Passcode expiration Passcode reuse history Maximum failed attempts Over-the-air passcode enforcement Progressive passcode timeout Data security

More information

Solaris For The Modern Data Center. Taking Advantage of Solaris 11 Features

Solaris For The Modern Data Center. Taking Advantage of Solaris 11 Features Solaris For The Modern Data Center Taking Advantage of Solaris 11 Features JANUARY 2013 Contents Introduction... 2 Patching and Maintenance... 2 IPS Packages... 2 Boot Environments... 2 Fast Reboot...

More information

WebSphere DataPower Release 6.0.1 - FIPS 140-2 and NIST SP800-131a support.

WebSphere DataPower Release 6.0.1 - FIPS 140-2 and NIST SP800-131a support. WebSphere DataPower Release 6.0.1 - FIPS 140-2 and NIST SP800-131a support. 601DataPower_Security_NIST.ppt Page 1 of 17 This presentation discusses three new security features in the WebSphere DataPower

More information

Xerox DocuShare Security Features. Security White Paper

Xerox DocuShare Security Features. Security White Paper Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a

More information

Alliance Key Manager Solution Brief

Alliance Key Manager Solution Brief Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major

More information

Künftige Cyber-Attacken: Risiken und Techniken. Future Cyber attacks: Risks and techniques. Prof. Dr. T. Nouri Taoufik.Nouri@FHNW.CH. sd&m 16.09.

Künftige Cyber-Attacken: Risiken und Techniken. Future Cyber attacks: Risks and techniques. Prof. Dr. T. Nouri Taoufik.Nouri@FHNW.CH. sd&m 16.09. Künftige Cyber-Attacken: Risiken und Techniken Future Cyber attacks: Risks and techniques Prof. Dr. T. Nouri Taoufik.Nouri@FHNW.CH sd&m 16.09.08 Content 1. Hacking Techniques 2. Main Goals of IT-security

More information

Integrigy Corporate Overview

Integrigy Corporate Overview mission critical applications mission critical security Application and Database Security Auditing, Vulnerability Assessment, and Compliance Integrigy Corporate Overview Integrigy Overview Integrigy Corporation

More information

Dokument Nr. 521.dw Ausgabe Februar 2013, Rev. 01. . Seite 1 von 11. 521d Seite 1 von 11

Dokument Nr. 521.dw Ausgabe Februar 2013, Rev. 01. . Seite 1 von 11. 521d Seite 1 von 11 Eidgenössisches Departement für Wirtschaft, Bildung und Forschung WBF Staatssekretariat für Wirtschaft SECO Schweizerische Akkreditierungsstelle SAS Checkliste für die harmonisierte Umsetzung der Anforderungen

More information

Compliance and Security Challenges with Remote Administration

Compliance and Security Challenges with Remote Administration Sponsored by Netop Compliance and Security Challenges with Remote Administration A SANS Whitepaper January 2011 Written by Dave Shackleford Compliance Control Points Encryption Access Roles and Privileges

More information

best Open Systems Day Fall 2006 Unterföhring Marco Kühn best Systeme GmbH kuehn@best.de

best Open Systems Day Fall 2006 Unterföhring Marco Kühn best Systeme GmbH kuehn@best.de Project Crossbow best Open Systems Day Fall 2006 Unterföhring Marco Kühn best Systeme GmbH kuehn@best.de Agenda IP heute in Solaris 10 Crossbow Ziele Crossbow Virtual Networks Crossbow IP Instances 28.11.06

More information

IBM Crypto Server Management General Information Manual

IBM Crypto Server Management General Information Manual CSM-1000-0 IBM Crypto Server Management General Information Manual Notices The functions described in this document are IBM property, and can only be used, if they are a part of an agreement with IBM.

More information

Guardium Change Auditing System (CAS)

Guardium Change Auditing System (CAS) Guardium Change Auditing System (CAS) Highlights. Tracks all changes that can affect the security of database environments outside the scope of the database engine Complements Guardium's Database Activity

More information

iphone in Business Security Overview

iphone in Business Security Overview iphone in Business Security Overview iphone can securely access corporate services and protect data on the device. It provides strong encryption for data in transmission, proven authentication methods

More information

Deploying iphone and ipad Security Overview

Deploying iphone and ipad Security Overview Deploying iphone and ipad Security Overview ios, the operating system at the core of iphone and ipad, is built upon layers of security. This enables iphone and ipad to securely access corporate services

More information

System Administration Training Guide. S100 Installation and Site Management

System Administration Training Guide. S100 Installation and Site Management System Administration Training Guide S100 Installation and Site Management Table of contents System Requirements for Acumatica ERP 4.2... 5 Learning Objects:... 5 Web Browser... 5 Server Software... 5

More information

REDUCE RISK WITH ORACLE SOLARIS 11

REDUCE RISK WITH ORACLE SOLARIS 11 REDUCE RISK WITH ORACLE SOLARIS 11 MITIGATE RISKS WITH INTELLIGENT SECURITY CONTROLS KEY FEATURES Security in Silicon: Hardware-integrated cryptographic acceleration to protect both data and network. Reduce

More information

Security Enhanced Linux and the Path Forward

Security Enhanced Linux and the Path Forward Security Enhanced Linux and the Path Forward April 2006 Justin Nemmers Engineer, Red Hat Agenda System security in an insecure world Red Hat Enterprise Linux Security Features An overview of Discretionary

More information

Guidance Regarding Skype and Other P2P VoIP Solutions

Guidance Regarding Skype and Other P2P VoIP Solutions Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,

More information

HowTo: Install Sun Solaris 10 inside VMware Workstation 5.5

HowTo: Install Sun Solaris 10 inside VMware Workstation 5.5 HowTo: Install Sun Solaris 10 inside VMware Workstation 5.5 For this HowTo we ll use VMware Workstation 5.5 RTM (build 18463) and Sun Solaris 10 release 03/05 x86/x64 DVD ISO image (Sun Solaris 10 SPARC

More information

QuickStart Guide for Managing Computers. Version 9.2

QuickStart Guide for Managing Computers. Version 9.2 QuickStart Guide for Managing Computers Version 9.2 JAMF Software, LLC 2013 JAMF Software, LLC. All rights reserved. JAMF Software has made all efforts to ensure that this guide is accurate. JAMF Software

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment White Paper Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment Cisco Connected Analytics for Network Deployment (CAND) is Cisco hosted, subscription-based

More information

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise

More information

SafeNet DataSecure vs. Native Oracle Encryption

SafeNet DataSecure vs. Native Oracle Encryption SafeNet vs. Native Encryption Executive Summary Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an enterprise. Consequently, as enterprises

More information

GoodData Corporation Security White Paper

GoodData Corporation Security White Paper GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share

More information

Complying with PCI Data Security

Complying with PCI Data Security Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring

More information

NetBrain Security Guidance

NetBrain Security Guidance NetBrain Security Guidance 1. User Authentication and Authorization 1.1. NetBrain Components NetBrain Enterprise Server includes five components: Customer License Server (CLS), Workspace Server (WSS),

More information

SCP - Strategic Infrastructure Security

SCP - Strategic Infrastructure Security SCP - Strategic Infrastructure Security Lesson 1 - Cryptogaphy and Data Security Cryptogaphy and Data Security History of Cryptography The number lock analogy Cryptography Terminology Caesar and Character

More information

Central Agency for Information Technology

Central Agency for Information Technology Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage

More information

White Paper How Noah Mobile uses Microsoft Azure Core Services

White Paper How Noah Mobile uses Microsoft Azure Core Services NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah

More information

CMS Operational Policy for Infrastructure Router Security

CMS Operational Policy for Infrastructure Router Security Chief Information Officer Office of Information Services Centers for Medicare & Medicaid Services CMS Operational Policy for Infrastructure Router Security September 2005 Document Number: CMS-CIO-POL-INF05-01

More information

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC Securing the Journey to the Private Cloud Dominique Dessy RSA, the Security Division of EMC June 2010 Securing the Journey to The Private Cloud The Journey IT Production Business Production IT-As-A-Service

More information

Bastille Linux: Security Through Transparency

Bastille Linux: Security Through Transparency Bastille Linux: Security Through Transparency Jon Lasser University of Maryland, Baltimore County (UMBC) jon@umbc.edu 2000 March 24 Overview A Brief History of Bastille Linux Philosophy Step-By-Step Overview

More information

Enterprise Security Critical Standards Summary

Enterprise Security Critical Standards Summary Enterprise Security Critical Standards Summary The following is a summary of key points in the Orange County Government Board of County Commissioners (OCGBCC) security standards. It is necessary for vendors

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 24 Windows and Windows Vista Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Windows and Windows Vista Security

More information

Thick Client Application Security

Thick Client Application Security Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two

More information

QuickDNS 4.6 Installation Instructions

QuickDNS 4.6 Installation Instructions QuickDNS 4.6 Installation Instructions for Windows, Solaris, Linux, FreeBSD and Mac OS Table of Contents INTRODUCTION 3 QuickDNS system requirements 3 INSTALLING QUICKDNS MANAGER 4 Windows installation

More information

What in the heck am I getting myself into! Capitalware's MQ Technical Conference v2.0.1.5

What in the heck am I getting myself into! Capitalware's MQ Technical Conference v2.0.1.5 SSL Certificate Management or What in the heck am I getting myself into! Table of Contents What is SSL and TLS? What do SSL and TLS do (and not do)? Keystore and Certificate Lifecycle Certificates Certificate

More information

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems

More information

HP IMC Firewall Manager

HP IMC Firewall Manager HP IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW102-20120420 Legal and notice information Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this

More information

Comprehensive Monitoring of VMware vsphere ESX & ESXi Environments

Comprehensive Monitoring of VMware vsphere ESX & ESXi Environments Comprehensive Monitoring of VMware vsphere ESX & ESXi Environments Table of Contents Overview...3 Monitoring VMware vsphere ESX & ESXi Virtual Environment...4 Monitoring using Hypervisor Integration...5

More information

Oracle Database 10g Security

Oracle Database 10g Security Oracle Database 10g Security Course information Days : 4 Total lessons : 20 Suggested Prerequisites : Oracle Database 10g: Administrator Workshop I Oracle Database 10g: Administrator Workshop II Training

More information

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere White Paper 7KH#&KDOOHQJH Virtual Private Networks (VPNs) provides a powerful means of protecting the privacy and integrity

More information

End to end security for WebSphere MQ

End to end security for WebSphere MQ End to end security for WebSphere MQ An Introduction to WebSphere MQ Advanced Message Security T.Rob Wyatt (t.rob.wyatt@us.ibm.com) Conference materials may not be reproduced in whole or in part without

More information

TimePictra Release 10.0

TimePictra Release 10.0 DATA SHEET Release 100 Next Generation Synchronization System Key Features Web-based multi-tier software architecture Comprehensive FCAPS management functions Software options for advanced FCAPS features

More information

SERVICE SCHEDULE PULSANT ENTERPRISE CLOUD SERVICES

SERVICE SCHEDULE PULSANT ENTERPRISE CLOUD SERVICES SERVICE SCHEDULE PULSANT ENTERPRISE CLOUD SERVICES This is a Service Schedule as defined in the Conditions. Where the Services set out in this Service Schedule form part of the Services to be supplied

More information

DMZ Gateways: Secret Weapons for Data Security

DMZ Gateways: Secret Weapons for Data Security A L I N O M A S O F T W A R E W H I T E P A P E R DMZ Gateways: Secret Weapons for Data Security A L I N O M A S O F T W A R E W H I T E P A P E R DMZ Gateways: Secret Weapons for Data Security EXECUTIVE

More information

FEATURE COMPARISON BETWEEN WINDOWS SERVER UPDATE SERVICES AND SHAVLIK HFNETCHKPRO

FEATURE COMPARISON BETWEEN WINDOWS SERVER UPDATE SERVICES AND SHAVLIK HFNETCHKPRO FEATURE COMPARISON BETWEEN WINDOWS SERVER UPDATE SERVICES AND SHAVLIK HFNETCHKPRO Copyright 2005 Shavlik Technologies. All rights reserved. No part of this document may be reproduced or retransmitted in

More information