An ITU-T Vision on SPAM

Size: px
Start display at page:

Download "An ITU-T Vision on SPAM"

Transcription

1 International Telecommunication Union Aspectos Jurídicos del Comercio Electrónico An ITU-T Vision on SPAM Sesión 9 Telecommunication Standardization Bureau Simão Campos Counsellor, ITU-T Study Group 16 1 AntiSpam Forum 2004 CABASE / AMDIA Buenos Aires, Argentina, 3 June 2004 Overview Information about ITU High-level directives Understanding the problem Towards a standards-based solution Some existing ITU-T foundational standards Some additional ITU Resources Conclusion About ITU Additional Slides 3 4 ITU Structure ITU-T Study Groups Radiocommunication Sector (ITU-R / BR) Study Groups Strategic Planning Unit (SPU) Secretary General Telecommunication Standardization Sector (ITU-T / TSB) Study Groups Telecom Telecommunication Development Sector (ITU-D / BDT) Study Groups The International Telecommunication Union is an international organization within the United Nations System where governments and the private sector coordinate global telecom networks and services SG 2 Operational aspects of service provision, networks and performance SG 3 Tariff and accounting principles including related telecommunications economic and policy issues SG 4 Telecommunication management, including TMN SG 5 Protection against electromagnetic environment effects SG 6 Outside plant SG 9 Integrated broadband cable networks and television and sound transmission SG 11 Signalling requirements and protocols SG 12 End-to-end transmission performance of networks and terminals SG 13 Multi-protocol and IP-based networks and their internetworking SG 15 Optical and other transport networks SG 16 Multimedia services, systems and terminals SG 17 Data networks and telecommunication software SSG Special Study Group "IMT-2000 and beyond" TSAG Telecommunication Standardization Advisory Group 5 6 1

2 ITU-T Study Group 17 Lead Study Group for Communication System Security Coordination/prioritization of security efforts Development of core security Recommendations Manage the ITU-T Security Project Maintain Compendia on Security-related Recommendations and Security Definitions Network / Protocol perspective Existing Recommendations include Security architecture, model, frameworks, and protocols for open systems (X.800- & X.270-series) Trusted Third Party Services (X.842/X.843) Public-key and attribute certificate frameworks (X.509) Security architecture for end-to-end communications (X.805) ITU-T Study Group 2 Lead SG on Service Definition, Numbering, Routing and Global Mobility Users perspective principles of service provision, definition and operational requirements of service emulation; numbering, naming, addressing requirements and resource assignment routing and interworking requirements; human factors operational aspects networks and associated performance requirements interworking between traditional and evolving telecommunication networks; Existing Recommendations include E.408 (ex-e.sec.1): Telecommunication networks security requirements >> E.409 (ex-e.sec.2): Incident organization and security incident handling >> Handbook on IP Policy (under development) >> 7 8 ITU Plenipotentiary Conference 2002 Resolution Strengthening the role of ITU in information and communication network security High level directives resolves 1 to review ITU's current activities in information and communication network security; 2 to intensify work within existing ITU study groups in order to: a) reach a common understanding on the importance of information and communication network security by studying standards on technologies, products and services with a view to developing recommendations, as appropriate; b) seek ways to enhance exchange of technical information in the field of information and communication network security, and promote cooperation among appropriate entities; c) report on the result of these studies annually to the ITU Council Two Phases: Geneva, December 2003 Tunis, November 2005 Website Phase 1 Output Documents: Declaration of Principles Plan of Action URL: >> Declaration of Principles Build confidence and security in the use of ICTs (Sec.5, pg.5, para.35, 36, 37) Strengthening the trust framework Prevention of cybercrime/misuse of ICT Fight SPAM (unsolicited electronic messages)

3 Plan of Action (Action Line C5) Cooperation of all stakeholders (gov ts, civil society, private sector) Guidelines, legislation, share good practices User education (privacy, etc) National legal instruments for formal recognition of electronic documents (e.g. authentication) Strengthen real-time incident handling and response Development of secure and reliable applications Contributions to the intergov l agencies working groups (e.g. ITU) Understanding the problem A Taxonomy Vulnerabilities, Threats and Risks General Guidance/Architecture Network perspective ( SG 17) Users perspective ( SG 2) System/Application-Specific ( SGs 4, 9, 11, 13, 15, 16, SSG) Secure Infrastructure End-to-end security Vulnerability: something to be exploited threat model (e.g. SS7) design (e.g. Ambiguities in BGP4 parameters) implementation (e.g. SNMP & ASN.1) configuration (e.g b WiFi) Threat: people willing to exploit a vulnerability (hackers, criminals, terrorists, etc) Risk: the consequences of such an exploitation (data loss, fraud, loss of public confidence, etc) While threats change over time, security vulnerabilities exist throughout the life of a protocol Risks must be continuously reassessed!!! SPAM: a security risk (among other things ) Security vulnerabilities Threat analysis Implementation Configuration combined with a security threat (abusive ers, virus creators, etc) produces a security risk: SPAM Towards a standards-based solution

4 What to do? Pragmatism Learned-lessons for a comprehensive framework X.400 SMTP Foundational standards Protocol requirements Standardizers & Implementors Best practices Users perspective New or revised standards Transitional measures Clarify role of different players: ICT industry; governments; users (merchants; ISPs; private persons) Learned-lessons Security considerations are a must! Understand SMTP vulnerabilities; e.g. Lack of authentication mechanisms (positive identification of the sender) (Eric Allman, creator of sendmail, et alii) No mechanism for an inbound host to selectively refuse a message (J.Postel, RFC706, 1975) Consider solutions already available in other frameworks e.g. ITU-T Rec. X.400 & X.500 Collect the best of existing Best Practices Players: all A way forward Roles of Government Pragmatic, multi-pronged approach Educate users for safe use of existing systems Identify relevant existing or new Foundational Standards Standards: a technical specification developed in an open environment, through a consensus-based decision process!!! Standardizers & Implementors: agree on Foundational standards; agree on specific Standards Governments: identify actions that can help solve the problem (executive and legislative actions) Implementors: closely apply the agreed Standards Users and User Groups: strive to adhere to defined standards and disseminate Best Practices Legislative Create new or adapt existing national legislation to curb abuses and ensure protection of consumer s rights Executive Public education initiatives X.509 Public key Infrastructure / Digital Signature Example: Spanish government >> Joint activity between regulators: Sharing skills, knowledge, experience Where legislation exists, joint enforcement Multilateral frameworks for international cooperation (ITU BDT: drafting group of 6 countries; Dec.2004) Roles of Users Flock together Share experiences Develop Best Practices Participate in the debate, contribute to the next steps influence the standardizers Learn about secure practices Recognize that the problem is beyond only Spam Irrelevant information & information overload Need of change in paradigm / practices: (Opt-in) distribution channels (RSS) Electronic collaboration tools / distributed workspaces Instant messaging Some existing ITU-T foundational standards

5 Three Layers VULNERABILITIES Three Planes X Security Architecture for End-to-End Communications Security Layers Applications Security * * * Services Security Infrastructure Security End User Plane Control Plane Management Plane Access Control Authentication Non-repudiation Data Confidentiality Communication Security Data Integrity Availability Privacy THREATS Destruction Corruption Removal Disclosure Interruption ATTACKS 8 Security Dimensions SecMan_F.1 * Conventional Security dimensions New concepts in X.805 (extra slides) Vulnerabilities can exist in each Layer, Plane and Dimension 72 Security Perspectives (3 Layers 3 Planes 8 Dimensions) 25 X.400 Message handling system and service overview First approved: 1984 (now in its version 5) Defines Message Handling System (MHS) elements of service for User Agent (UA)-to-UA [Mail Client] Message Transfer Agent (MTA)-to-MTA, UA-to-MTA, and UA-to-Message Storage (MS) [Mail Server] Application Layer security services: confidentiality, integrity, authentication, non-repudiation and access control 26 X.509 OSI/The Directory: Publickey and attribute certificate frameworks 1st edition in 1988; 5th in preparation Written to satisfy multiple needs Extensibility allows organizations to enhance as needed Good cooperation between ITU, ISO, and IETF In products such as securing browser traffic and signing executable code Laws enabling electronic/digital signature Some additional ITU Resources ITU Resources ITU-T Recommendations >> ITU Activities on Countering Spam >> ITU SPU newslog on Spam >> Virtual Conference on Regulatory Cooperation on Spam (30/Mar/2004) >> Conclusions ITU WSIS Thematic Meeting on Countering Spam (Geneva, 7-9/Jul/2004) >> (template for a multilateral MoU for a framework & future collaborative action)

6 Conclusions: Problem recognition The social problems and network congestion caused by Internet SPAM are well recognized In the future, as the line between Internet appliances and telecommunications devices blur, there are opportunities for even greater misuse Action is needed, but the problem is complex Conclusions: Key factors for success and challenges Understand existing vulnerabilities Take advantage of learned lessons and adopt a pragmatic, multi-pronged approach: patches & fixes for the short-term look for a mid- & long-term solution Develop a set of global and compatible open, consensus-based Standards Solutions need to consider national sovereignty & cost aspects Partnership between all players Rethink paradigms & practices to minimize information overload (T) (F) ITU / Place des Nations CH1211 Geneva 20 Switzerland Thank You! Simão Ferraz de Campos Neto joined the ITU-TSB in 2002 and is the Counsellor for ITU-T Study Group 16, where standardization work takes place on multimedia services, protocols, systems, terminals and media coding. He was the Coordinator in TSB of the 2003 ITU-T Informal Forum Summit, and has also organized several workshops (IP and Multimedia in Satellites, Telecommunications for Disaster Relief and recently on Standardization in E-health). Prior to joining ITU in 2002, Mr Campos worked as a scientist in COMSAT Laboratories performing standards representation and quality assessment for digital voice coding systems. A Senior Member of the IEEE, Mr Campos authored several academic papers and position papers, and served in the review committee of several IEEE-sponsored conferences. He was the editor of the first edition of the TSB Security Manual. Mr Campos received in 1993 an MSc on Telecommunications from the State University of Campinas, Brazil, and a BSc in Electronic Engineering from the same university in International Telecommunication Union Supplemental Material ITU-T Security Blocks Some X-series Recommendations Overview of Technical Solutions Detailed ITU Structure AntiSpam Forum 2004 CABASE / AMDIA Buenos Aires, Argentina, 3 June 2004 ITU-T Security Building Blocks Security Architecture Framework X.800 Security architecture X.802 Lower layers security model X.803 Upper layers security model X.805 Security architecture for systems providing end-to-end communications X.810 Security frameworks for open systems: Overview X.811 Security frameworks for open systems: Authentication framework X.812 Security frameworks for open systems: Access control framework X.813 Security frameworks for open systems: Non-repudiation framework X.814 Security frameworks for open systems: Confidentiality framework X.815 Security frameworks for open systems: Integrity framework X.816 Security frameworks for open systems: Security audit and alarms framework Protocols X.273 Network layer security protocol X.274 Transport layer security protocol Security in Frame Relay X.272 Data compression and privacy over frame relay networks Security Techniques X.841 Security information objects for access control X.842 Guidelines for the use and management of trusted third party services X.843 Specification of TTP services to support the application of digital signatures Directory Services and Authentication X.500 Overview of concepts, models and services X.501 Models X.509 Public-key and attribute certificate frameworks X.519 Protocol specifications Network Management Security M.3010 Principles for a telecommunications management network M.3016 TMN Security Overview M TMN management services for IMT-2000 security management M.3320 Management requirements framework for the TMN X-Interface M.3400 TMN management functions Systems Management X.733 Alarm reporting function X.735 Log control function X.736 Security alarm reporting function X.740 Security audit trail function X.741 Objects and attributes for access control Facsimile T.30 Annex G Procedures for secure Group 3 document facsimile transmission using the HKM and HFX system T.30 Annex H Security in facsimile Group 3 based on the RSA algorithm T.36 Security capabilities for use with Group 3 facsimile terminals T.503 Document application profile for the interchange of Group 4 facsimile documents T.563 Terminal characteristics for Group 4 facsimile apparatus Televisions and Cable Systems J.91 Technical methods for ensuring privacy in long-distance international television transmission J.93 Requirements for conditional access in the secondary distribution of digital television on cable television systems J.170 IPCablecom security specification Multimedia Communications H.233 Confidentiality system for audiovisual services H.234 Encryption key management and authentication system for audiovisual services H.235 Security and encryption for H-series (H.323 and other H.245-based) multimedia terminals H.323 Annex J Packet-based multimedia communications systems Security for H.323 Annex F (Security for simple endpoint types) H Directory services architecture for H.235 H.530 Symmetric security procedures for H.323 mobility in H.510 Some ITU-T X-series Recommendations

7 X.805 is a Multi Part Standard Joint Project with ISO/IEC JTC 1/SC 27, Information technology Security techniques IT network security Part 1: Network security management Part 2: Network security architecture (X.805) Part 3: Securing communications between networks using security gateways Part 4: Remote access Part 5: Securing communications across networks using virtual private networks 37 Three Layers VULNERABILITIES Three Planes X Security Architecture for End-to-End Communications Security Layers Applications Security * * * Services Security Infrastructure Security End User Plane Control Plane Management Plane Access Control Authentication Non-repudiation Data Confidentiality Communication Security Data Integrity Availability Privacy THREATS Destruction Corruption Removal Disclosure Interruption ATTACKS 8 Security Dimensions SecMan_F.1 * Conventional Security dimensions New concepts in X.805 (next slide) Vulnerabilities can exist in each Layer, Plane and Dimension 72 Security Perspectives (3 Layers 3 Planes 8 Dimensions) 38 X.805 Security Dimensions X.805 differentiates Privacy (association of users to their action) /Confidentiality (eavesdropping, tampering, etc) Communication security dimension ensures that information flows only between authorized end points (information is not diverted or intercepted between these end points) Access Control security: prevention of unauthorized access to resources. It is related but beyond authentication. Availability dimension: avoid network interruption (includes network restoration, disaster recovery, etc) X.402 MHS Overall architecture Security procedures and Object Identifiers for use in MHS protocols to implement Application Layer services related to: confidentiality, integrity, authentication, non-repudiation and access control X.500 OSI/The Directory: Overview of concepts, models and services Procedures for interconnection of information processing systems to provide directory services and its security features Alternative: LDAP X.509 Specifies Public-key certificate binds name of entity to a public key if certificate issuer trusted then the entity can be authenticated by the use of the associated private key Attribute certificate asserts an entity s privileges, i.e. its right, to access information or services replaces the need for managing rights in the asset holding system

8 X.509 is widely used Public-key certificates are widely deployed prevents the classic man-in-the-middle attack used in Secure Sockets Layer (SSL) to secure browser traffic protect content and authenticates source replacing notarized signatures in some areas Initial products did not need to be pure e.g. early, and some current, browsers do not check certificate revocation status Some attribute certificate implementations are being studied Example: Spain s Fabrica Nacional de Moneda y Timbre Public Certificate Programme >> Overview of Technical Solutions What is Spam? (1) What is Spam? (2) No universally-agreed definition Term generally describes unsolicited electronic communications over personal computers or mobile handsets Objective is usually to market commercial products or services But also the method of choice for delivery of viruses Scam mail by fraud artists to deceive users into releasing privileged information (credit card numbers, account info, etc) One of the major plagues affecting today's digital world Efficiency loss Other hidden costs But it is beyond only Spam Irrelevant information & information overload Need of change in paradigm / practices: (Opt-in) distribution channels (RSS) Electronic collaboration tools / distributed workspaces Instant messaging Overview of Technical Solutions At the source server Three stages for implementing measures against Spam: At the source server At the destination server At the end user client Source rate limiting Limit how many s can be sent from the source server within a given timeframe Authentication Source server provides mechanisms whereby the destination server, or the end-user client can verify that the is indeed sent out by the source server and/or by the claimed user Payment Server mechanism to charge the user for sending out via the source server Hard cash or virtual cash (e.g. CPU cycles in a challengeresponse system)

9 At the destination server At the end user client Destination rate limiting Limit how many s can be received by the destination server within a given timeframe Destination reputation system Destination server determines whether to admit an incoming based on the known (bad or good) reputation of the source server Based on earlier behavior mail servers (blacklist/ whitelist) Checksum approach Server keeps a hash of every received message and a frequency count of the number of hits of that hash High counts indicate mass mailing Local tables (large sites) or distributed tables (small & medium sites) Static filtering approach Simple, constant rules (e.g. Outlook, procmail) Adaptive filtering approach Dynamic rules (e.g. Bayesian filters) Reputation system (end-user client) Messages classified according to earlier behavior of source mail servers (based on black & white lists) Challenge-response system as possible second criteria Structure of ITU (detailed) Plenipotentiary Conference Radiocommunication Sector Telecommunication Standardization Sector Development Sector Council World/Regional Conferences Radiocommunication Assembly World Telecommunication Standardization Assembly (WTSA) World/Regional Conferences World Conferences on International Telecommunications Radio Regulations Board Study Groups Study Groups Study Groups Coordination Committee Secretary-General Deputy Secretary-General Director Advisory Group Director Advisory Group Director Advisory Group General Secretariat Bureau Bureau Bureau 51 9

PROPOSAL 20. Resolution 130 of Marrakesh on the role of ITU in information and communication network security

PROPOSAL 20. Resolution 130 of Marrakesh on the role of ITU in information and communication network security PROPOSAL 20 Resolution 130 of Marrakesh on the role of ITU in information and network security Submitted by the following Member States: Germany (Federal Republic of), Austria, Belarus (Republic of), Bulgaria

More information

Part 2: ICT security standards and guidance documents

Part 2: ICT security standards and guidance documents Part 2: ICT security standards and guidance documents Version 3.0 April, 2007 Introduction The purpose of this part of the Security Standards Roadmap is to provide a summary of existing, approved ICT security

More information

ICT Security Cybersecurity CYBEX Overview of activities in ITU-T with focus on Study Group 17

ICT Security Cybersecurity CYBEX Overview of activities in ITU-T with focus on Study Group 17 ICT Security Cybersecurity CYBEX Overview of activities in ITU-T with focus on Study Group 17 TSB Briefing to the Regional Offices, 28 Feb 2011 Martin Euchner Advisor of ITU-T Study Group 17 Martin.Euchner@itu.int

More information

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security International Telecommunication Union ITU-T Y.2740 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (01/2011) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS

More information

Cybersecurity for ALL

Cybersecurity for ALL Cybersecurity for ALL An Overview of ITU s Cybersecurity Activities UNECE International Conference on Technological Readiness for Innovationbased Competitiveness 30 in Geneva, Switzerland Christine Sund

More information

INTERNATIONAL TELECOMMUNICATION UNION

INTERNATIONAL TELECOMMUNICATION UNION INTERNATIONAL TELECOMMUNICATION UNION TELECOMMUNICATION STANDARDIZATION SECTOR STUDY PERIOD 2009-2012 English only Original: English Question(s): 4/17 Geneva, 11-20 February 2009 Ref. : TD 0244 Rev.2 Source:

More information

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications Draft ITU-T Recommendation X.805 (Formerly X.css), architecture for systems providing end-to-end communications Summary This Recommendation defines the general security-related architectural elements that

More information

ITU-T E.118. The international telecommunication charge card

ITU-T E.118. The international telecommunication charge card International Telecommunication Union ITU-T E.118 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (05/2006) SERIES E: OVERALL NETWORK OPERATION, TELEPHONE SERVICE, SERVICE OPERATION AND HUMAN FACTORS International

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Third Edition by William Stallings Lecture slides by Shinu Mathew John http://shinu.info/ Chapter 1 Introduction http://shinu.info/ 2 Background Information Security requirements

More information

Overview of ITU Cybersecurity Activities

Overview of ITU Cybersecurity Activities Overview of ITU Cybersecurity Activities Workshop on NGN Regulation & Migration Strategies 13 & 15 October 2010 New Delhi, India Sameer Sharma Senior Advisor ITU Regional Office for Asia and the Pacific

More information

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech Advanced Topics in Distributed Systems Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech Security Introduction Based on Ch1, Cryptography and Network Security 4 th Ed Security Dr. Ayman Abdel-Hamid,

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information

NGN Migration Strategies and Access Modernization. 26 May 2011 Dhaka

NGN Migration Strategies and Access Modernization. 26 May 2011 Dhaka Overview of ITU Cybersecurity Activities NGN Migration Strategies and Access Modernization 26 May 2011 Dhaka Sameer Sharma Senior Advisor ITU Regional Office for Asia and the Pacific 1 Agenda Why Cybersecurity?

More information

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security International Telecommunication Union ITU-T Y.2723 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (11/2013) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS

More information

IoT Prospects of Worldwide Development and Current Global Circumstances

IoT Prospects of Worldwide Development and Current Global Circumstances IoT Prospects of Worldwide Development and Current Global Circumstances Dr. Bilel Jamoussi Chief Study Groups Department Telecommunication Standardization Bureau, ITU www.itu.int/itu-t/go/iot 1 IoT in

More information

INTERNATIONAL TELECOMMUNICATION UNION

INTERNATIONAL TELECOMMUNICATION UNION INTERNATIONAL TELECOMMUNICATION UNION ITU-T X.680 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Amendment 1 (06/99) SERIES X: DATA NETWORKS AND OPEN SYSTEM COMMUNICATIONS OSI networking and system aspects

More information

Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1 Cryptography and Network Security Chapter 1 Acknowledgments Lecture slides are based on the slides created by Lawrie Brown Chapter 1 Introduction The art of war teaches us to rely not on the likelihood

More information

Chap. 1: Introduction

Chap. 1: Introduction Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed

More information

World Summit on Information Society (WSIS) Forum 2013. 16 May 2013

World Summit on Information Society (WSIS) Forum 2013. 16 May 2013 World Summit on Information Society (WSIS) Forum 2013 Toolkit for creating ICT-based services using mobile communications for e- government services 16 May 2013 Hani Eskandar ICT Applications coordinator

More information

ITU-T Y.2001. General overview of NGN

ITU-T Y.2001. General overview of NGN INTERNATIONAL TELECOMMUNICATION UNION ITU-T Y.2001 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (12/2004) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS

More information

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶 Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course

More information

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005 State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology

More information

ORGANIZACION DE LOS ESTADOS AMERICANOS ORGANIZATION OF AMERICAN STATES FINAL REPORT

ORGANIZACION DE LOS ESTADOS AMERICANOS ORGANIZATION OF AMERICAN STATES FINAL REPORT ORGANIZACION DE LOS ESTADOS AMERICANOS ORGANIZATION OF AMERICAN STATES Comisión Interamericana de Telecomunicaciones Inter-American Telecommunication Commission II MEETING OF PERMANENT CONSULTATIVE COMMITTEE

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

Information System Security

Information System Security Information System Security Chapter 1:Introduction Dr. Lo ai Tawalbeh Faculty of Information system and Technology, The Arab Academy for Banking and Financial Sciences. Jordan Chapter 1 Introduction The

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s

More information

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0 EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single

More information

ITU National Cybersecurity/CIIP Self-Assessment Tool

ITU National Cybersecurity/CIIP Self-Assessment Tool ITU National Cybersecurity/CIIP Self-Assessment Tool ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication Development Sector April 2009 Revised Draft For

More information

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations. Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 0 Reader s s Guide The art of war teaches us to rely

More information

Telecommunication Origin Identification. Jie Zhang Vice chair, ITU-T SG2 Zhangjie@ritt.cn

Telecommunication Origin Identification. Jie Zhang Vice chair, ITU-T SG2 Zhangjie@ritt.cn ITU Workshop on Origin Identification and Alternative Calling Procedures (Geneva, Switzerland, 19-20(AM) 2012) Telecommunication Origin Identification Jie Zhang Vice chair, ITU-T SG2 Zhangjie@ritt.cn Main

More information

Fundamentals of Network Security - Theory and Practice-

Fundamentals of Network Security - Theory and Practice- Fundamentals of Network Security - Theory and Practice- Program: Day 1... 1 1. General Security Concepts... 1 2. Identifying Potential Risks... 1 Day 2... 2 3. Infrastructure and Connectivity... 2 4. Monitoring

More information

SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Telecommunication security. Framework of security technologies for home network

SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Telecommunication security. Framework of security technologies for home network International Telecommunication Union ITU-T X.1111 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (02/2007) SERIES X: DATA NETWORKS, OPEN SSTEM COMMUNICATIONS AND SECURIT Telecommunication security Framework

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Converged Video Network Security

Converged Video Network Security S T R A T E G I C W H I T E P A P E R Converged Video Network Security How service providers can counter with the various security risks associated with implementing IPTV This white paper: Describes the

More information

Network Security Administrator

Network Security Administrator Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze

More information

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11. Content 1.Introduction to Data and Network Security. 2. Why secure your Network 3. How Much security do you need, 4. Communication of network systems, 5. Topology security, 6. Cryptosystems and Symmetric

More information

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012 Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret

More information

Cloud Computing Standards: Overview and ITU-T positioning

Cloud Computing Standards: Overview and ITU-T positioning ITU Workshop on Cloud Computing (Tunis, Tunisia, 18-19 June 2012) Cloud Computing Standards: Overview and ITU-T positioning Dr France Telecom, Orange Labs Networks & Carriers / R&D Chairman ITU-T Working

More information

Standards for VoIP in the Enterprise

Standards for VoIP in the Enterprise Standards for VoIP in the Enterprise By: John Elwell (John.Elwell@siemens.com) Rue du Rhône 114- CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org Traditional Enterprise

More information

VOICE OVER IP SECURITY

VOICE OVER IP SECURITY VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

ITU Cybersecurity Work Programme to Assist Developing Countries 2007-2009

ITU Cybersecurity Work Programme to Assist Developing Countries 2007-2009 ITU Cybersecurity Work Programme to Assist Developing Countries 2007-2009 ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication Development Sector December

More information

The global challenge

The global challenge The global challenge CYBERCRIME The global challenge Cybercrime has developed from an emerging crime to a serious manifestation of crime with great practical relevance With the emerging use of computer

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

INSTANT MESSAGING SECURITY

INSTANT MESSAGING SECURITY INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part

More information

IY2760/CS3760: Part 6. IY2760: Part 6

IY2760/CS3760: Part 6. IY2760: Part 6 IY2760/CS3760: Part 6 In this part of the course we give a general introduction to network security. We introduce widely used security-specific concepts and terminology. This discussion is based primarily

More information

TELECOMMUNICATION NETWORKS

TELECOMMUNICATION NETWORKS THE USE OF INFORMATION TECHNOLOGY STANDARDS TO SECURE TELECOMMUNICATION NETWORKS John Snare * Manager Telematic and Security Systems Section Telecom Australia Research Laboratories Victoria TELECOMMUNICATIONS

More information

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors March 25-27, 2014 Steven A. Kunsman i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors ABB Inc. March 26, 2015 Slide 1 Cyber Security for Substation

More information

Managing internet security

Managing internet security Managing internet security GOOD PRACTICE GUIDE Contents About internet security 2 What are the key components of an internet system? 3 Assessing internet security 4 Internet security check list 5 Further

More information

ITU Global Cybersecurity Agenda (GCA)

ITU Global Cybersecurity Agenda (GCA) International Telecommunication Union ITU Global Cybersecurity Agenda (GCA) Framework for International Cooperation in Cybersecurity ITU 2007 All rights reserved. No part of this publication may be reproduced,

More information

Cryptography and Network Security Sixth Edition by William Stallings

Cryptography and Network Security Sixth Edition by William Stallings Cryptography and Network Security Sixth Edition by William Stallings Chapter 1 Overview The combination of space, time, and strength that must be considered as the basic elements of this theory of defense

More information

The IDA Catalogue. of GENERIC SERVICES. Interchange of Data between Administrations

The IDA Catalogue. of GENERIC SERVICES. Interchange of Data between Administrations Interchange of Data between Administrations EUROPEAN COMMISSION ENTERPRISE DIRECTORATE- GENERAL INTERCHANGE OF DATA BETWEEN ADMINISTRATIONS PROGRAMME Interchange of Data between Administrations 2 of Generic

More information

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY) E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE

FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE Form 2A, Page 1 FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE COURSE NUMBER: CTS 2658 COURSE TITLE: PREREQUISITE(S): COREQUISITE(S): Managing Network Security CNT 2210 with grade

More information

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1 JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

SECURITY TRENDS-ATTACKS-SERVICES

SECURITY TRENDS-ATTACKS-SERVICES SECURITY TRENDS-ATTACKS-SERVICES 1.1 INTRODUCTION Computer data often travels from one computer to another, leaving the safety of its protected physical surroundings. Once the data is out of hand, people

More information

RESOLUTION 102 (REV. BUSAN, 2014)

RESOLUTION 102 (REV. BUSAN, 2014) RESOLUTION 102 (REV. BUSAN, 2014) ITU's role with regard to international public policy issues pertaining to the Internet and the management of Internet resources, including domain names and addresses

More information

Evaluate the Usability of Security Audits in Electronic Commerce

Evaluate the Usability of Security Audits in Electronic Commerce Evaluate the Usability of Security Audits in Electronic Commerce K.A.D.C.P Kahandawaarachchi, M.C Adipola, D.Y.S Mahagederawatte and P Hewamallikage 3 rd Year Information Systems Undergraduates Sri Lanka

More information

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.

More information

Overview An Evolution. Improving Trust, Confidence & Safety working together to fight the e-mail beast. Microsoft's online safety strategy

Overview An Evolution. Improving Trust, Confidence & Safety working together to fight the e-mail beast. Microsoft's online safety strategy Overview An Evolution Improving Trust, Confidence & Safety working together to fight the e-mail beast Holistic strategy Prescriptive guidance and user education, collaboration & technology Evolution of

More information

Secure System Solution and Security Technology

Secure System Solution and Security Technology Secure System Solution and Security Technology Hitachi Review Vol. 47 (1998), No. 6 245 Chisato Konno, D.Sc. Mitsuhiro Tsunoda Yasushi Kuba Satoru Tezuka OVERVIEW: The and intranet systems are rapidly

More information

IBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]

IBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public] IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System

More information

Status Report on IP/Telecommunications Interworking

Status Report on IP/Telecommunications Interworking GSC#5/RAST#8 Williamsburg, Virginia, USA 23-26 August 1999 GSC5 (99) 32 SOURCE: TITLE: Committee T1 Status Report on IP/Telecommunications Interworking AGENDA ITEM: 10.6 DOCUMENT FOR: Decision Discussion

More information

---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model---

---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model--- ---Information Technology (IT) Specialist (GS-2210) IT Security Model--- TECHNICAL COMPETENCIES Computer Forensics Knowledge of tools and techniques pertaining to legal evidence used in the analysis of

More information

-SETTING ORGANIZATIONS

-SETTING ORGANIZATIONS APPENDIX D STANDARD AND S TANDARD-S -SETTING ORGANIZATIONS William Stallings Copyright 2008 D.1 THE IMPORTANCE OF STANDARDS...2 D.2 INTERNET STANDARDS AND THE INTERNET SOCIETY...3 The Internet Organizations

More information

Module 7 Security CS655! 7-1!

Module 7 Security CS655! 7-1! Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed

More information

Table of Contents. Introduction. Audience. At Course Completion

Table of Contents. Introduction. Audience. At Course Completion Table of Contents Introduction Audience At Course Completion Prerequisites Certified Professional Exams Student Materials Course Outline Introduction This four-day, instructor-led course provides students

More information

The Benefits of SSL Content Inspection ABSTRACT

The Benefits of SSL Content Inspection ABSTRACT The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic

More information

NETWORK SECURITY ASPECTS & VULNERABILITIES

NETWORK SECURITY ASPECTS & VULNERABILITIES NETWORK SECURITY ASPECTS & VULNERABILITIES Luis Sousa Cardoso FIINA President Brdo pri Kranju, 19. in 20. maj 2003 1 Background Importance of Network Explosive growth of computers and network - To protect

More information

redcoal EmailSMS for MS Outlook and Lotus Notes

redcoal EmailSMS for MS Outlook and Lotus Notes redcoal EmailSMS for MS Outlook and Lotus Notes Technical Support: support@redcoal.com Or visit http://www.redcoal.com/ All Documents prepared or furnished by redcoal Pty Ltd remains the property of redcoal

More information

Security Guidelines for. Next Generation Networks. Office of the Telecommunications Authority

Security Guidelines for. Next Generation Networks. Office of the Telecommunications Authority Security Guidelines for Next Generation Networks Office of the Telecommunications Authority 1 April 2010 FOREWORD In Hong Kong, public telecommunications operators (hereafter referred to as operators )

More information

SHORT MESSAGE SERVICE SECURITY

SHORT MESSAGE SERVICE SECURITY SHORT MESSAGE SERVICE SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in

More information

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,

More information

FTA Computer Security Workshop. Secure Email

FTA Computer Security Workshop. Secure Email FTA Computer Security Workshop Secure Email March 8, 2007 Stan Wiechert, KDOR IS Security Officer Outline of Presentation The Risks associated with Email Business Constraints Secure Email Features Some

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

ITU-T E.123. Notation for national and international telephone numbers, e-mail addresses and Web addresses

ITU-T E.123. Notation for national and international telephone numbers, e-mail addresses and Web addresses INTERNATIONAL TELECOMMUNICATION UNION ITU-T E.123 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (02/2001) SERIES E: OVERALL NETWORK OPERATION, TELEPHONE SERVICE, SERVICE OPERATION AND HUMAN FACTORS International

More information

Network & Information Security Policy

Network & Information Security Policy Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk

More information

Application Notes. Introduction. Contents. Managing IP Centrex & Hosted PBX Services. Series. VoIP Performance Management. Overview.

Application Notes. Introduction. Contents. Managing IP Centrex & Hosted PBX Services. Series. VoIP Performance Management. Overview. Title Series Managing IP Centrex & Hosted PBX Services Date July 2004 VoIP Performance Management Contents Introduction... 1 Quality Management & IP Centrex Service... 2 The New VoIP Performance Management

More information

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia NETWORK SECURITY Farooq Ashraf Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia O u t l i n e o f t h e P r e s e n t a t i o n What is Security

More information

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions

More information

ALL ALL. rsecurity. Cybersec. for ITU s Work for a Safer World. International Telecommunication Union

ALL ALL. rsecurity. Cybersec. for ITU s Work for a Safer World. International Telecommunication Union ALL ALL Cybersec rsecurity for ITU s Work for a Safer World International Telecommunication Union ITU as a Forum for International Cooperation in Cybersecurity ITU Secretary-General has identified Cybersecurity

More information

MEMORANDUM. Characterisation of actions to combat spam. Analysis of responses to questionnaire

MEMORANDUM. Characterisation of actions to combat spam. Analysis of responses to questionnaire MEMORANDUM Characterisation of actions to combat spam Analysis of responses to questionnaire INDEX 1. Background to questionnaire... 3 2. Analysis of responses to questionnaire... 4 2.1 Question 1 - What

More information

Technical Standards for Information Security Measures for the Central Government Computer Systems

Technical Standards for Information Security Measures for the Central Government Computer Systems Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

REGULATIONS FOR THE SECURITY OF INTERNET BANKING REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

Draft WGIG Issues Paper on Spam

Draft WGIG Issues Paper on Spam Draft WGIG Issues Paper on Spam 1. Issue Spam directly engages a very wide range of stakeholders that includes individual consumers, all organizations of whatever size in the private and public sectors

More information

This document is a preview generated by EVS

This document is a preview generated by EVS INTERNATIONAL STANDARD ISO/IEC 29180 First edition 2012-12-01 Information technology Telecommunications and information exchange between systems Security framework for ubiquitous sensor networks Technologies

More information

Email Migration Project Plan for Cisco Cloud Email Security

Email Migration Project Plan for Cisco Cloud Email Security Sales Tool Email Migration Project Plan for Cisco Cloud Email Security 2014 Cisco and/or its affiliates. All rights reserv ed. This document is Cisco Conf idential. For Channel Partner use only. Not f

More information

CSCI 4541/6541: NETWORK SECURITY

CSCI 4541/6541: NETWORK SECURITY 1 CSCI 4541/6541: NETWORK SECURITY COURSE INFO CSci 4541/6541 Tuesdays 6:10pm 8:40pm Bell Hall 108 Office Hours: Tuesdays 2:30pm 4:30pm Dr. Nan Zhang Office: SEH 4590 Phone: (202) 994-5919 Email: nzhang10

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 6: Protocols and Standards A. O Riordan, latest revision 2015 Some slides from Fitzgerald and Dennis, 2010 Networking Protocols A networking protocol is a set of rules

More information

Securing Distribution Automation

Securing Distribution Automation Securing Distribution Automation Jacques Benoit, Cooper Power Systems Serge Gagnon, Hydro-Québec Luc Tétreault, Hydro-Québec Western Power Delivery Automation Conference Spokane, Washington April 2010

More information