SOLARIS 10 SECURITY. Technical Overview. Andreas Neuhold Systems Practice Lead Austria Sun Microsystems, GesmbH
|
|
- Darren Wade
- 8 years ago
- Views:
Transcription
1 SOLARIS 10 SECURITY Technical Overview Andreas Neuhold Systems Practice Lead Austria Sun Microsystems, GesmbH
2 Solaris 10 Lizenzen Millions ~ 7M ZFS 7,0 6,5 6,0 5,5 Solaris Container 5,0 4,5 4,0 3,5 3,0 DTrace x64 / x86 2,5 2,0 1,5 1,0 0,5 0,0 3/05 4/05 5/05 6/05 7/05 8/05 9/05 10/05 11/05 12/05 1/06 2/06 3/06 4/06 5/06 6/06 7/06 8/06 9/06 10/06 11/06 12/06 1/07 #2
3 ~ 7 Mio. registrierte Lizenzen 125 Performance Weltrekorde 800+ x64/x86 Plattformen unterstützt ISV Anwendungen verfügbar Hunderte OpenSource Anwendungen integriert und unterstützt Enthusiasmus der Kunden und Partner für Solaris 10 #3
4 Solaris Security New New Digital Certificates Everywhere IP Filter Firewall Secure Execution User & Process Rights Mgmt. Cryptographic Framework Secure By Default Networking Trusted Extensions Solaris 10 Operating System #4
5 Agenda: Solaris 10 Security Process and User Rights Management Network Security and Encrypted Communications Password Management and Auditing Container Security File Integrity Validation Minimization and Hardening Labeled Security Security Certification #5
6 Process & User Rights Management
7 Reduce Application Privileges Process Rights Management allows you to distribute rights among applications with finer granularity: Eliminates need to run applications as super user Reduces customer exposure to security attacks Compatible with existing applications Always turned on #7
8 Process Rights Management = Least Privileges minimale Privilegien für Prozesse > Aufgabe von "alles oder nichts" Rechtevergabe > root vs. Rest der Nutzer > meist wird nur ein Bruchteil benötigt > Device Zugriff > reservierte Netzwerkports > RT Priorität #8
9 PRM Example: Apache Web Server net_priv_addr proc_fork proc_exec Super User Service Manager ('webserved') Web Server #9
10 User Rights Management User Rights Management allows you to distribute rights to management roles with finer granularity. Users can then assume these rolls. Decomposes super user role Roles stored in naming service for centralization Auditing records 'real' user no anonymous admin! # 10
11 User Rights Management Software Installation Dtrace Debugging Developer Audit Review File Integrity Verification Internal Auditor System Administrator Backup Operator Super User User Rights Management Sys. Admin. User Roles # 11
12 Network Security & Encrypted Communications
13 Network Protection Solaris Security now provides even tougher defenses for your network. New IP Filter Firewall > Allows selective access to ports based on IP > Compatible/manageable like open source IPF TCP Wrappers > Limits access to TCP/UDP service using domain name > Permits selective access for partners, suppliers, etc... Secure By Default Network > Disables or protects many network services from attack > Minimizes network exposure of system # 13
14 Cryptographic Framework Commercial App PKCS 11 Open Source Web Server Sun Java Web Server Java VM Application OpenSSL NSS Java Enterprise System JCE Java Crypto. Extensions Consumer Interface (PKCS 11) User-Level Cryptographic Framework Provider Interface (PKCS 11) Sun Software Crypto. Plug-in (DES, 3DES, AES, Blowfish, RSA, MD5, SHA_, RC4) Hardware Accelerator UltraSparc T1 Hardware Crypto. Accelerator 6000 Now the framework for cryptography is standardized and extensible. Your current cryptographic choices and any future technology can easily plug in and just work. 'Unbreakable' cryptographic strength Standards-based framework Same API, software or hardware Extensible for future technologies # 14
15 Secure Remote Access Solaris Secure Shell Standards-based encrypted remote access Kerberos Single Sign On Standards-based enterprise single sign on IPSec/IKE Transparently encrypted communications between systems; no app modification Remote Worker Internet Apps & Data # 15
16 Password Management & Auditing
17 Password Management Solaris adds more layers of password security Password Complexity Checks Password History (0 26 passwords) Banned Password List (Dictionary) Compliments LDAP-based password controls for nonlocal accounts # 17
18 Solaris System Auditing Records and monitors everything that happens on the system User Access Computer Possible Intrusion Date Selected Log Records who did what, when and how Exports audit records to XML format for analysis by tools or intrusion detection systems Essential for Audit and Compliance Officers # 18
19 Container Security
20 Container Security Reduce risk by isolating applications in separate containers yet administer centrally Containers provide file, network, process, and resource isolation Administer from a single Global Zone App Server Web Server DB Server Application OS Server # 20
21 File Integrity Validation
22 File Integrity Verification Tools Basic Audit and Reporting Tool (BART) > Generate checksums; compared periodically Solaris Fingerprint Database > Validate your system today using: > sunsolve.sun.com Solaris Secure Execution Provides tools to validate the OS and your data to catch hackers in action. # 22
23 Solaris Secure Execution Provides real-time verification of OS components to prevent virus outbreaks or use of unauthorized applications Solaris 10: Most digitally signed OS on the planet Manually verify systems today with 'elfsign' Future update will verify integrity at load time Prevents unauthorized applications and patches Helps meet auditing requirements # 23
24 Solaris Minimization & Hardening
25 Solaris Minimization 191 MB Reduce risk by using the Reduced Networking Metacluster: Small install of Solaris with no network services > Nothing listening to network to be attacked! Basic building block turn on only what you want Save disk space 191 MB vs. 3 GB Used during manual or jumpstart install of Solaris # 25
26 Hardening: Secure By Default Networking Reduce exposure by limiting how system listens for network connections Turns off many services or sets them to 'local only' Uses Solaris Service Manager to turn on only what is needed for use Only Solaris Secure Shell listening to the network Fully functional desktop impervious to external attack # 26
27 More Options for Securing Solaris Solaris Security Toolkit v 4.2 Hardening > Sets secure system parameters > Allows undo of previously applied hardening Minimize during install > Uses repeatable profiles > Jumpstart integration Download Today: # 27
28 Labeled Security
29 Solaris Trusted Extensions New Adds labeled security to Solaris 10 Multi-level networking, printing Multi-level Interfaces Leverages User & Process RM Uses Containers Runs all Solaris applications High level of certification Solaris 10 Operating System # 29
30 Solaris Trusted Extensions Feature ab Solaris 10 11/06 Zielsetzung > > > > Daten nach Sicherheitslevel isolieren Netzwerk Datenfluß einfach reglementieren Erfüllung von Sicherheitsrichtlinien Alle Solaris Anwendungen bleiben lauffähig (= Solaris) Labeled Security für Solaris 10 > Multi-Level Networking, Printing, GUI > CAPP, RBACPP, EAL 4+ Mandatory Access Control basierend auf Label # 30
31 Solaris Trusted Extensions All objects are labeled, based on sensitivity Access governed by label hierarchal relationship Commercial Hierarchy Government Hierarchy Non-Hierarchical Executive Management Top Secret VP and Above Directors All Employees Trusted Extensions Secret Net Inc. Music Online Daisy's Florists Solaris 10 or Trusted Extensions Confidential Classified Trusted Extensions Mandatory Access Control & Security Labels # 31
32 Security Certification
33 Independent Validation 3rd Party Certifications EAL4+ (C2) (CAPP & RBACPP) EAL3 or EAL3+ SGI Irix SuSE RedHat SuSE IBM AIX Windows 2003 Solaris 8 HP-UX Solaris 9 EAL4 or EAL4+ (C2) (CAPP) Solaris 10 Trusted Solaris 8 Solaris 10 w/trusted Extensions* EAL4+ (B1) (CAPP, RBACPP, LSPP) Based on data from # 33
34 SOLARIS 10 SECURITY Technical Overview
35 Access Control Enforced Everywhere Stripe showing 'Restricted' Stripe showing 'Internal' Attempts to 'drag-and-drop' data between windows fails because user is not authorized to do so. Enforced when transferring data anywhere to anything on the system. # 35
36 Trusted Java Desktop System Details World's only labeled GNOME-based interface shipped with an OS Workplace Switcher NEW Task Switcher Trusted Stripe and Trusted Path Menu # 36
USING SOLARIS OPERATING SYSTEM SECURITY TO ADDRESS PAYMENT CARD INDUSTRY (PCI) DSS COMPLIANCE: A SYSTEMIC APPROACH TO SECURITY
USING SOLARIS OPERATING SYSTEM SECURITY TO ADDRESS PAYMENT CARD INDUSTRY (PCI) DSS COMPLIANCE: A SYSTEMIC APPROACH TO SECURITY Glenn Brunette, Distinguished Engineer, GSS Security Office Mark Thacker,
More informationOracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data
Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Will Fiveash presenter, Darren Moffat author Staff Engineer Solaris Kerberos Development Safe Harbor Statement The following
More informationAn Oracle White Paper August 2010. Using Oracle Solaris 10 to Overcome Security Challenges
An Oracle White Paper August 2010 Using Oracle Solaris 10 to Overcome Security Challenges Introduction... 1 Security Features in Oracle Solaris 10... 2 Reduce and Securely Delegate Privileges... 2 Network
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationUtilizing Solaris 10 Security Features. Presented by: Nate Rotschafer Peter Kiewit Institute Revised: August 8, 2005
Utilizing Solaris 10 Security Features Presented by: Nate Rotschafer Peter Kiewit Institute Revised: August 8, 2005 Solaris 10 Security Features Outline Solaris Development Least Privilege RBAC Service
More informationPractical Solaris 10 Security Glenn Brunette
Practical Solaris 10 Security Glenn Brunette Distinguished Engineer Sun Microsystems, Inc. Agenda Attacker Goals Attack Scenario Background Attack Defense Scenario Attack Detection Scenario Copyright 2006
More informationEnabling SSL and Client Certificates on the SAP J2EE Engine
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs SAP AG 1 Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine
More informationSecurity Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems
IT 4823 Information Security Administration Securing Operating Systems June 18 Security Maintenance Practices Basic proactive security can prevent many problems Maintenance involves creating a strategy
More informationSecuring sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant
Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV Nadav Elkabets Presale Consultant Protecting Your Data Encrypt Your Data 1 ProtectFile StorageSecure ProtectDB ProtectV Databases File
More informationWhy SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?
SaaS vs. COTS Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? Unlike COTS solutions, SIMCO s CERDAAC is software that is offered as a service (SaaS). This offers several
More informationDienstag, 15. November 2011. Security
Security Database Security Extreme - Example Configuration - SAOUG11 Security Peter Kestner Tech Director - Security ORACLE Technology Europe - Middle East - Africa Disclaimer This example will show features
More informationOracleAS Identity Management Solving Real World Problems
OracleAS Identity Management Solving Real World Problems Web applications are great... Inexpensive development Rapid deployment Access from anywhere BUT. but they can be an administrative and usability
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Security Inside-Out with Oracle Database 12c Denise Mallin, CISSP Oracle Enterprise Architect - Security The following is intended to outline our general product direction. It is intended for information
More informationCloud Security:Threats & Mitgations
Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer
More informationontune SPA - Server Performance Monitor and Analysis Tool
ontune SPA - Server Performance Monitor and Analysis Tool Product Components - ontune is composed of the Manager; the Agents ; and Viewers Manager - the core ontune component, and installed on the management/viewing
More informationSECURITY COMPARISON BETWEEN IBM WEBSPHERE MQ 7.5 AND APACHE ACTIVEMQ 5.9
SECURITY COMPARISON BETWEEN IBM WEBSPHERE MQ 7.5 AND APACHE ACTIVEMQ 5.9 Author: Timothy N. Scaggs, IBM, March 2014 Edited: Rodney Thomas, IBM, June, 2015 Table of Contents Executive Summary... 2 IBM WebSphere
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationDefense In-Depth to Achieve Unbreakable Database Security
Defense In-Depth to Achieve Unbreakable Database Security Qiang Lin, Ph.D Abstract Enterprises realize that sole reliance on generic security mechanisms does not provide the protection they need for their
More informationiscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi
iscsi Security (Insecure SCSI) Presenter: Himanshu Dwivedi Agenda Introduction iscsi Attacks Enumeration Authorization Authentication iscsi Defenses Information Security Partners (isec) isec Partners Independent
More informationSecurity Considerations White Paper for Cisco Smart Storage 1
Security Considerations White Paper for Cisco Smart Storage An open network is like a bank s vault with windows Bill Thomson Network-Attached Storage (NAS) is a relatively simple and inexpensive way to
More informationOPG Leadership Series Kickoff, Solaris Security Design. Casper Dik Sun Microsystems, Inc.
OPG Leadership Series Kickoff, Solaris Security Design September, Considerations 2005 Casper Dik Sun Microsystems, Inc. Solaris Security Design Principles Or how ten years changed my perspective on security
More informationBM482E Introduction to Computer Security
BM482E Introduction to Computer Security Lecture 7 Database and Operating System Security Mehmet Demirci 1 Summary of Lecture 6 User Authentication Passwords Password storage Password selection Token-based
More informationOracle Solaris: Aktueller Stand und Ausblick
Oracle Solaris: Aktueller Stand und Ausblick Detlef Drewanz Principal Sales Consultant, EMEA Server Presales The following is intended to outline our general product direction. It
More informationowncloud Architecture Overview
owncloud Architecture Overview Time to get control back Employees are using cloud-based services to share sensitive company data with vendors, customers, partners and each other. They are syncing data
More information9 th International Common Criteria Conference Designing the Trusted Service Bus for EAL5
9 th International Common Criteria Conference Designing the Trusted Service Bus for EAL5 David Ochel, atsec information security Brian Vetter, BlueSpace Software Agenda Objective Development of multi-level
More informationDiamondStream Data Security Policy Summary
DiamondStream Data Security Policy Summary Overview This document describes DiamondStream s standard security policy for accessing and interacting with proprietary and third-party client data. This covers
More information1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information
1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information The following is intended to outline our general product direction. It is intended for information purposes only,
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationAxway Validation Authority Suite
Axway Validation Authority Suite PKI safeguards for secure applications Around the world, banks, healthcare organizations, governments, and defense agencies rely on public key infrastructures (PKIs) to
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationSTEALTHbits Technologies, Inc. StealthAUDIT v5.1 System Requirements and Installation Notes
STEALTHbits Technologies, Inc. StealthAUDIT v5.1 System Requirements and Installation Notes June 2011 Table of Contents Overview... 3 Installation Overview... 3 Hosting System Requirements... 4 Recommended
More informationSteelcape Product Overview and Functional Description
Steelcape Product Overview and Functional Description TABLE OF CONTENTS 1. General Overview 2. Applications/Uses 3. Key Features 4. Steelcape Components 5. Operations Overview: Typical Communications Session
More informationHardening MySQL. Maciej Dobrzański maciek at psce.com @MushuPL http://www.psce.com/
Hardening MySQL Maciej Dobrzański maciek at psce.com @MushuPL http://www.psce.com/ In this presentation Database security Security features in MySQL The ugly truth Improving security DATABASE SECURITY
More informationSecurity Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation
Security Overview for Windows Vista Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Agenda User and group changes Encryption changes Audit changes User rights New and modified
More informationWebSphere DataPower Release 6.0.1 - FIPS 140-2 and NIST SP800-131a support.
WebSphere DataPower Release 6.0.1 - FIPS 140-2 and NIST SP800-131a support. 601DataPower_Security_NIST.ppt Page 1 of 17 This presentation discusses three new security features in the WebSphere DataPower
More informationipad in Business Security
ipad in Business Security Device protection Strong passcodes Passcode expiration Passcode reuse history Maximum failed attempts Over-the-air passcode enforcement Progressive passcode timeout Data security
More informationUser's Manual. Intego Remote Management Console User's Manual Page 1
User's Manual Intego Remote Management Console User's Manual Page 1 Intego Remote Management Console for Macintosh 2007 Intego, Inc. All Rights Reserved Intego, Inc. www.intego.com This manual was written
More informationHP A-IMC Firewall Manager
HP A-IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW101-20110805 Legal and notice information Copyright 2011 Hewlett-Packard Development Company, L.P. No part of this
More informationAvaya Operational Analyst 7.0 Security Guide COMPAS 109084 Issue 1.0 February 2005
Avaya Operational Analyst 7.0 Security Guide COMPAS 109084 Issue 1.0 February 2005 Target audience: System administrator Sensitivity: This document should be kept under tight control. This document describes
More informationWindows Remote Access
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
More informationGuardium Change Auditing System (CAS)
Guardium Change Auditing System (CAS) Highlights. Tracks all changes that can affect the security of database environments outside the scope of the database engine Complements Guardium's Database Activity
More informationSecurity Mgt. Tools and Subsystems
Security Mgt. Tools and Subsystems some attack and defense security tools at work Reconaissance Passive Active Penetration Classes of tools (network-bound) Passive Reconaissance Passively listen and analyze
More informationDokument Nr. 521.dw Ausgabe Februar 2013, Rev. 01. . Seite 1 von 11. 521d Seite 1 von 11
Eidgenössisches Departement für Wirtschaft, Bildung und Forschung WBF Staatssekretariat für Wirtschaft SECO Schweizerische Akkreditierungsstelle SAS Checkliste für die harmonisierte Umsetzung der Anforderungen
More informationHost Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)
Host Hardening (March 21, 2011) Abdou Illia Spring 2011 CERT Report on systems vulnerabilities Source: CERT Report @ http://www.kb.cert.org/vuls/bymetric 2 OS Vulnerability test Source: http://www.omninerd.com/articles/2006_operating_system_vulnerabilit
More informationKünftige Cyber-Attacken: Risiken und Techniken. Future Cyber attacks: Risks and techniques. Prof. Dr. T. Nouri Taoufik.Nouri@FHNW.CH. sd&m 16.09.
Künftige Cyber-Attacken: Risiken und Techniken Future Cyber attacks: Risks and techniques Prof. Dr. T. Nouri Taoufik.Nouri@FHNW.CH sd&m 16.09.08 Content 1. Hacking Techniques 2. Main Goals of IT-security
More informationCompliance and Security Challenges with Remote Administration
Sponsored by Netop Compliance and Security Challenges with Remote Administration A SANS Whitepaper January 2011 Written by Dave Shackleford Compliance Control Points Encryption Access Roles and Privileges
More informationREDUCE RISK WITH ORACLE SOLARIS 11
REDUCE RISK WITH ORACLE SOLARIS 11 MITIGATE RISKS WITH INTELLIGENT SECURITY CONTROLS KEY FEATURES Security in Silicon: Hardware-integrated cryptographic acceleration to protect both data and network. Reduce
More informationGENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET
http:// GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET Manisha Dawra 1, Ramdev Singh 2 1 Al-Falah School of Engg. & Tech., Vill-Dhauj, Ballabgarh-Sohna Road, Faridabad, Haryana (INDIA)-121004
More informationSecuring Data in Oracle Database 12c
Securing Data in Oracle Database 12c Thomas Kyte http://asktom.oracle.com/ Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationiphone in Business Security Overview
iphone in Business Security Overview iphone can securely access corporate services and protect data on the device. It provides strong encryption for data in transmission, proven authentication methods
More informationSecurity Enhanced Linux and the Path Forward
Security Enhanced Linux and the Path Forward April 2006 Justin Nemmers Engineer, Red Hat Agenda System security in an insecure world Red Hat Enterprise Linux Security Features An overview of Discretionary
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationSafeNet DataSecure vs. Native Oracle Encryption
SafeNet vs. Native Encryption Executive Summary Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an enterprise. Consequently, as enterprises
More informationDeploying iphone and ipad Security Overview
Deploying iphone and ipad Security Overview ios, the operating system at the core of iphone and ipad, is built upon layers of security. This enables iphone and ipad to securely access corporate services
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationGuidance Regarding Skype and Other P2P VoIP Solutions
Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,
More informationSecurity Advice for Instances in the HP Cloud
Security Advice for Instances in the HP Cloud Introduction: HPCS protects the infrastructure and management services offered to customers including instance provisioning. An instance refers to a virtual
More informationPowerSC Tools for IBM i
PowerSC Tools for IBM i A service offering from IBM Systems Lab Services PowerSC Tools for IBM i PowerSC Tools for IBM i helps clients ensure a higher level of security and compliance Client Benefits Simplifies
More informationGoodData Corporation Security White Paper
GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share
More informationXerox DocuShare Security Features. Security White Paper
Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a
More informationSecuring the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC
Securing the Journey to the Private Cloud Dominique Dessy RSA, the Security Division of EMC June 2010 Securing the Journey to The Private Cloud The Journey IT Production Business Production IT-As-A-Service
More informationManagement, Logging and Troubleshooting
CHAPTER 15 This chapter describes the following: SNMP Configuration System Logging SNMP Configuration Cisco NAC Guest Server supports management applications monitoring the system over SNMP (Simple Network
More informationAlliance Key Manager Solution Brief
Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major
More informationCMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis
CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems
More informationIntegrigy Corporate Overview
mission critical applications mission critical security Application and Database Security Auditing, Vulnerability Assessment, and Compliance Integrigy Corporate Overview Integrigy Overview Integrigy Corporation
More informationSNAP: Secure Network Access Partnering
SNAP: Secure Network Access Partnering (and Partnering for Secure Network Access ) Dynamic Coalition Formation at its best (sigmund@best). Inherent Security. HA. High-Performance. Server/Storage Virtualization.
More informationWhat in the heck am I getting myself into! Capitalware's MQ Technical Conference v2.0.1.5
SSL Certificate Management or What in the heck am I getting myself into! Table of Contents What is SSL and TLS? What do SSL and TLS do (and not do)? Keystore and Certificate Lifecycle Certificates Certificate
More informationEnterprise Security Critical Standards Summary
Enterprise Security Critical Standards Summary The following is a summary of key points in the Orange County Government Board of County Commissioners (OCGBCC) security standards. It is necessary for vendors
More informationbest Open Systems Day Fall 2006 Unterföhring Marco Kühn best Systeme GmbH kuehn@best.de
Project Crossbow best Open Systems Day Fall 2006 Unterföhring Marco Kühn best Systeme GmbH kuehn@best.de Agenda IP heute in Solaris 10 Crossbow Ziele Crossbow Virtual Networks Crossbow IP Instances 28.11.06
More informationEnd to end security for WebSphere MQ
End to end security for WebSphere MQ An Introduction to WebSphere MQ Advanced Message Security T.Rob Wyatt (t.rob.wyatt@us.ibm.com) Conference materials may not be reproduced in whole or in part without
More informationAn Oracle White Paper May 2010. How to Eliminate Web Page Hijacking Using Oracle Solaris 10 Security
An Oracle White Paper May 2010 How to Eliminate Web Page Hijacking Using Oracle Solaris 10 Security Introduction... 1 Oracle Solaris Security: Overview... 2 Oracle Solaris User and Process Rights Management...
More informationIBM Crypto Server Management General Information Manual
CSM-1000-0 IBM Crypto Server Management General Information Manual Notices The functions described in this document are IBM property, and can only be used, if they are a part of an agreement with IBM.
More informationFEATURE COMPARISON BETWEEN WINDOWS SERVER UPDATE SERVICES AND SHAVLIK HFNETCHKPRO
FEATURE COMPARISON BETWEEN WINDOWS SERVER UPDATE SERVICES AND SHAVLIK HFNETCHKPRO Copyright 2005 Shavlik Technologies. All rights reserved. No part of this document may be reproduced or retransmitted in
More informationQuickStart Guide for Managing Computers. Version 9.2
QuickStart Guide for Managing Computers Version 9.2 JAMF Software, LLC 2013 JAMF Software, LLC. All rights reserved. JAMF Software has made all efforts to ensure that this guide is accurate. JAMF Software
More informationData Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment
White Paper Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment Cisco Connected Analytics for Network Deployment (CAND) is Cisco hosted, subscription-based
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationCLOUD SECURITY: THE GRAND CHALLENGE
Government Ware: GovWare Singapore September 29, 2010 CLOUD SECURITY: THE GRAND CHALLENGE Glen Gooding Asia Pacific Security Leader IBM Corporation ggooding@au1.ibm.com Rest safe: Google saves the day
More informationWhere can I install GFI EventsManager on my network?
Installation Introduction Where can I install GFI EventsManager on my network? GFI EventsManager can be installed on any computer which meets the minimum system requirements irrespective of the location
More informationNixu SNS Security White Paper May 2007 Version 1.2
1 Nixu SNS Security White Paper May 2007 Version 1.2 Nixu Software Limited Nixu Group 2 Contents 1 Security Design Principles... 3 1.1 Defense in Depth... 4 1.2 Principle of Least Privilege... 4 1.3 Principle
More informationSolaris For The Modern Data Center. Taking Advantage of Solaris 11 Features
Solaris For The Modern Data Center Taking Advantage of Solaris 11 Features JANUARY 2013 Contents Introduction... 2 Patching and Maintenance... 2 IPS Packages... 2 Boot Environments... 2 Fast Reboot...
More informationBastille Linux: Security Through Transparency
Bastille Linux: Security Through Transparency Jon Lasser University of Maryland, Baltimore County (UMBC) jon@umbc.edu 2000 March 24 Overview A Brief History of Bastille Linux Philosophy Step-By-Step Overview
More informationCloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationChapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security
Chapter 12 Network Security Security Policy Life Cycle A method for the development of a comprehensive network security policy is known as the security policy development life cycle (SPDLC). Network Security
More informationNetwork Incident Report
To submit copies of this form via facsimile, please FAX to 202-406-9233. Network Incident Report United States Secret Service Financial Crimes Division Electronic Crimes Branch Telephone: 202-406-5850
More informationNetBrain Security Guidance
NetBrain Security Guidance 1. User Authentication and Authorization 1.1. NetBrain Components NetBrain Enterprise Server includes five components: Customer License Server (CLS), Workspace Server (WSS),
More informationProtecting Sensitive Data Reducing Risk with Oracle Database Security
Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database
More informationSCP - Strategic Infrastructure Security
SCP - Strategic Infrastructure Security Lesson 1 - Cryptogaphy and Data Security Cryptogaphy and Data Security History of Cryptography The number lock analogy Cryptography Terminology Caesar and Character
More information1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...
Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationCentral Agency for Information Technology
Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage
More informationHOB Remote Desktop VPN Secure access for remote workers and business partners to your enterprise network
HOB GmbH & Co. KG Schwadermühlstr. 3 90556 Cadolzburg Tel: +49 9103 / 715-0 Fax: +49 9103 / 715-271 E-Mail: support@hobsoft.com Internet: www.hobsoft.com HOB Remote Desktop VPN Secure access for remote
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 24 Windows and Windows Vista Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Windows and Windows Vista Security
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationPassword Self-Service for Novell edirectory. Brent McCormick Novell Corporate Technology Strategist
Password Self-Service for Novell edirectory Brent McCormick Novell Corporate Technology Strategist Audience by Industry Government Healthcare Financial Services Education Telecommunications Manufacturing
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationCompany Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
More informationWhere can I install GFI EventsManager on my network?
Installation Introduction Where can I install GFI EventsManager on my network? GFI EventsManager can be installed on any computer which meets the minimum system requirements irrespective of the location
More informationQuickDNS 4.6 Installation Instructions
QuickDNS 4.6 Installation Instructions for Windows, Solaris, Linux, FreeBSD and Mac OS Table of Contents INTRODUCTION 3 QuickDNS system requirements 3 INSTALLING QUICKDNS MANAGER 4 Windows installation
More information