What s New in Security
|
|
- Monica Ursula Singleton
- 7 years ago
- Views:
Transcription
1 System Frameworks #WWDC16 What s New in Security Session 706 Lucia Ballard Secure Transports Engineering Manager Simon Cooper Trusted Execution Engineering Manager 2016 Apple Inc. All rights reserved. Redistribution or public display not permitted without written permission from Apple.
2 What s New in Security?
3 What s New in Security? Network Security
4 What s New in Security? Network Security Cryptography APIs
5 What s New in Security? Network Security Cryptography APIs Platform Security on macos
6 What s New in Network Security Lucia Ballard Secure Transports Engineering Manager
7 Secure Communications
8 Secure Communications HTTPS is the new HTTP Confidentiality Data integrity
9 Secure Communications HTTPS is the new HTTP Confidentiality Data integrity Not all HTTPS is created equal
10 App Transport Security Current standards
11 App Transport Security Current standards For NSURLSession and NSURLConnection APIs
12 App Transport Security Current standards For NSURLSession and NSURLConnection APIs TLS v1.2
13 App Transport Security Current standards For NSURLSession and NSURLConnection APIs TLS v1.2 Strong crypto AES-128 and SHA-2
14 App Transport Security Current standards For NSURLSession and NSURLConnection APIs TLS v1.2 Strong crypto AES-128 and SHA-2 Forward secrecy ECDHE
15 App Transport Security Current standards For NSURLSession and NSURLConnection APIs TLS v1.2 Strong crypto AES-128 and SHA-2 Forward secrecy ECDHE Exceptions global or for particular domains
16 App Transport Security Enforcement
17 App Transport Security Enforcement Enforced at the end of 2016
18 App Transport Security Enforcement Enforced at the end of 2016 Reasonable justification required for most exceptions NSAllowsArbitraryLoads NSExceptionAllowsInsecureHTTPLoads NSExceptionMinimumTLSVersion
19 App Transport Security Enforcement Enforced at the end of 2016 Reasonable justification required for most exceptions NSAllowsArbitraryLoads NSExceptionAllowsInsecureHTTPLoads NSExceptionMinimumTLSVersion Example Communicating with a specific third-party server
20 App Transport Security Enforcement Enforced at the end of 2016 Reasonable justification required for most exceptions NSAllowsArbitraryLoads NSExceptionAllowsInsecureHTTPLoads NSExceptionMinimumTLSVersion Example Communicating with a specific third-party server
21 App Transport Security Enforcement
22 App Transport Security Enforcement New exceptions to make it easier
23 App Transport Security Enforcement New exceptions to make it easier Streaming media using AVFoundation
24 App Transport Security Enforcement New exceptions to make it easier Streaming media using AVFoundation Web content using WKWebView
25 App Transport Security Enforcement New exceptions to make it easier Streaming media using AVFoundation Web content using WKWebView NSAppTransportSecurity : Dictionary { NSAllowsArbitraryLoads : Boolean NSAllowsArbitraryLoadsInWebContent : Boolean }
26 Evolving Standards Deprecation of older algorithms
27 Evolving Standards Deprecation of older algorithms RC4 disabled by default
28 Evolving Standards Deprecation of older algorithms RC4 disabled by default SSLv3 disabled in SecureTransport
29 Evolving Standards Deprecation of older algorithms RC4 disabled by default SSLv3 disabled in SecureTransport Other algorithms showing their age SHA-1 3DES
30 Evolving Standards Deprecation of older algorithms RC4 disabled by default SSLv3 disabled in SecureTransport Other algorithms showing their age SHA-1 3DES Now is the time to upgrade your servers
31 Certificates
32 Certificates Strong TLS is not enough
33 Certificates Strong TLS is not enough Certificate ensures that you re talking to the right server
34 Certificates Today
35 Certificates Today Certificate Authority Server Client
36 Certificates Today Certificate Authority Server Client
37 Certificates Today Certificate Authority Server Client
38 Certificates Today What could go wrong?
39 Certificates Today What could go wrong? Certificate Authority Server Client
40 Certificates Today What could go wrong? Certificate Authority Server Attacker s Server Client
41 Certificates Today What could go wrong? Certificate Authority Server Attacker s Server Client
42 Certificates Today What could go wrong? Certificate Authority Server Attacker s Server Client
43 Certificate Transparency
44 Certificate Transparency Public verifiable logs of issued certificates
45 Certificate Transparency Public verifiable logs of issued certificates Anyone can submit a certificate to a log
46 Certificate Transparency Public verifiable logs of issued certificates Anyone can submit a certificate to a log Client checks for proof that certificate has been logged In the certificate itself In a TLS extension Delivered via OCSP stapling
47 Certificate Transparency How it works
48 Certificate Transparency How it works Certificate Authority Server Client
49 Certificate Transparency How it works Certificate Authority Log Server Client
50 Certificate Transparency How it works Certificate Authority Log Server Client
51 Certificate Transparency How it works Certificate Authority Log Server Client
52 Certificate Transparency How it works Certificate Authority Log Server Client
53 Certificate Transparency How it works Certificate Authority Log Server Client
54 Certificate Transparency Makes attacks more difficult Certificate Authority Server Attacker s Server Client
55 Certificate Transparency Makes attacks more difficult Certificate Authority Server Attacker s Server Client
56 Certificate Transparency Makes attacks more difficult Certificate Authority Certificate rejected by client Server Attacker s Server Client
57 Certificate Transparency Makes attacks more difficult Certificate Authority Log Server Attacker s Server Client
58 Certificate Transparency Makes attacks more difficult Publicly visible Certificate Authority Log Server Attacker s Server Client
59 Certificate Transparency How to try it out
60 Certificate Transparency How to try it out You can require Certificate Transparency through App Transport Security
61 Certificate Transparency How to try it out You can require Certificate Transparency through App Transport Security NSAppTransportSecurity { NSExceptionDomains { example.com : { NSRequiresCertificateTransparency : YES } } }
62 Certificate Transparency How to try it out You can require Certificate Transparency through App Transport Security NSAppTransportSecurity { NSExceptionDomains { example.com : { NSRequiresCertificateTransparency : YES } } } Proofs required from at least two logs More information at certificate-transparency.org
63 Revocation Best practices
64 Revocation Best practices Certificate Transparency does not replace revocation
65 Revocation Best practices Certificate Transparency does not replace revocation Recommended practice OCSP stapling Enhancement to the Online Certificate Status Protocol (OCSP)
66 OCSP Certificate Authority Server Client
67 OCSP Certificate Authority? Server Client
68 OCSP Certificate Authority? Server Client
69 OCSP Stapling Certificate Authority Server Client
70 OCSP Stapling Certificate Authority? Server Client
71 OCSP Stapling Certificate Authority? Server Client
72 OCSP Stapling Certificate Authority? Server Client
73 Benefits of OCSP Stapling
74 Benefits of OCSP Stapling Reliable, quick revocation information
75 Benefits of OCSP Stapling Reliable, quick revocation information Protects your users privacy
76 Benefits of OCSP Stapling Reliable, quick revocation information Protects your users privacy Deliver certificate transparency proofs as well
77 Benefits of OCSP Stapling Reliable, quick revocation information Protects your users privacy Deliver certificate transparency proofs as well Widely supported and backwards-compatible Now fully supported on all Apple platforms
78 Summary Network security
79 Summary Network security Move forward to secure algorithms and ciphers TLS v1.2, forward secrecy, and SHA-2 certificates
80 Summary Network security Move forward to secure algorithms and ciphers TLS v1.2, forward secrecy, and SHA-2 certificates Add your certificates to certificate transparency logs
81 Summary Network security Move forward to secure algorithms and ciphers TLS v1.2, forward secrecy, and SHA-2 certificates Add your certificates to certificate transparency logs Enable OCSP stapling
82 Cryptographic Improvements SecKey and smart cards
83 SecKey Improvements
84 SecKey Improvements API for asymmetric keys Unification of macos and ios APIs Support for common operations
85 SecKey Improvements API for asymmetric keys Unification of macos and ios APIs Support for common operations Replacement for deprecated CDSA calls
86 SecKey Improvements API for asymmetric keys Unification of macos and ios APIs Support for common operations Replacement for deprecated CDSA calls Replacement for asymmetric SecTransforms
87 CryptoTokenKit
88 CryptoTokenKit System support for cryptographic devices Smart cards, USB cryptographic tokens
89 CryptoTokenKit System support for cryptographic devices Smart cards, USB cryptographic tokens Out-of-the-box integration with system services Token content accessible through keychain Token cryptographic operations available using SecKey API
90 CryptoTokenKit System support for cryptographic devices Smart cards, USB cryptographic tokens Out-of-the-box integration with system services Token content accessible through keychain Token cryptographic operations available using SecKey API More information in Security Labs
91 What s New in Platform Security Simon Cooper Trusted Execution Engineering Manager
92 What s New in Security
93 What s New in Security How Software is Delivered
94 What s New in Security How Software is Delivered Developer ID
95 What s New in Security How Software is Delivered Developer ID Gatekeeper
96 What s New in Security How Software is Delivered Developer ID Gatekeeper Software Packaging
97 How Software is Delivered
98 Software Delivery for ios
99 Software Delivery for ios App Store
100 Software Delivery for ios App Store Xcode
101 Software Delivery for ios App Store Xcode Enterprise programs
102 Software Delivery for macos
103 Software Delivery for macos Mac App Store
104 Software Delivery for macos Mac App Store Developer ID
105 Software Delivery for macos Mac App Store Developer ID Xcode
106 Developer ID
107 What is Developer ID?
108 What is Developer ID? Deliver apps outside of the App Store
109 What is Developer ID? Deliver apps outside of the App Store Usually downloaded
110 What is Developer ID? Deliver apps outside of the App Store Usually downloaded Developer ID Signing Identity
111 What is Developer ID? Deliver apps outside of the App Store Usually downloaded Developer ID Signing Identity Developer ID Signed Apps treated specially
112 icloud for Developer ID NEW
113 icloud for Developer ID NEW Developer ID can now use icloud features icloud Drive icloud Keychain Push Notifications VPN
114 icloud for Developer ID
115 icloud for Developer ID Deliver icloud-enabled Apps outside of the App Store
116 icloud for Developer ID Deliver icloud-enabled Apps outside of the App Store Developer ID apps can now share data with icloud ios apps
117 icloud for Developer ID Deliver icloud-enabled Apps outside of the App Store Developer ID apps can now share data with icloud ios apps Deploy back to macos 10.9
118 icloud for Developer ID
119 icloud for Developer ID icloud Development testing today
120 icloud for Developer ID icloud Development testing today icloud Deployment Testing in upcoming seeds Export a Developer ID-signed Application Save a copy of the application signed with your Developer ID. Distribution using GM tools
121 Gatekeeper
122 What is Gatekeeper?
123 What is Gatekeeper? Controls what software is allowed to run on your Mac Mac App Store Mac App Store and identified developers Anywhere
124 What is Gatekeeper? Controls what software is allowed to run on your Mac Mac App Store Mac App Store and identified developers Anywhere Prompts user before first run
125 Changes to Gatekeeper
126 Changes to Gatekeeper Changing the default options Mac App Store Mac App Store and identified Developers Can still open anyway
127 Changes to Gatekeeper
128 Changes to Gatekeeper Repackaging problem Gatekeeper enhancement
129 Repackaging Problem App Correctly Signed App Container: Zip, DMG, ISO Code or Code equivalent External Resources Libraries, plugins, HTML, Lua, Python, etc.
130 Repackaging Problem App Correctly Signed App Code or Code equivalent External Resources Libraries, plugins, HTML, Lua, Python, etc.
131 Repackaging Problem App Code or Code equivalent External Resources Libraries, plugins, HTML, Lua, Python, etc.
132 Repackaging Problem App External Resources
133 Repackaging Problem App External Resources
134 Repackaging Problem App External Resources
135 Repackaging Problem App External Resources
136 Repackaging Problem App Malicious Content
137 Repackaging Problem
138 Repackaging Problem Not affected From the Mac App Store In a signed Apple Installer package
139 Repackaging Problem
140 Repackaging Problem Affected ZIP Disk Images (DMGs) ISO Images Other archive formats
141 Repackaging Problem Affected ZIP Disk Images (DMGs) ISO Images Other archive formats Maybe affected 3rd-party installers
142 Repackaging Problem
143 Repackaging Problem Need your help
144 Repackaging Problem Need your help We need to protect customers
145 Containers ZIP, DMG, ISO App External Resources
146 Signing Disk Images App External Resources
147 Signing Disk Images Using macos or later App External Resources
148 Signing Disk Images Using macos or later Use the codesign tool App External Resources
149 Signing Disk Images Using macos or later Use the codesign tool Signatures are embedded App External Resources
150 Signing Disk Images Using macos or later Use the codesign tool Signatures are embedded Backwards-compatible with older OS releases App External Resources
151 Signing Disk Images Using macos or later Use the codesign tool Signatures are embedded Backwards-compatible with older OS releases App External Resources For assistance, come to the Security Labs
152 Packaging Advice Do these Avoid the problem Put resources inside App Bundle App
153 Packaging Advice Do these Avoid the problem Put resources inside App Bundle App Internal Resources
154 Packaging Advice Do these
155 Packaging Advice Do these Distributing an App Bundle? Deliver via the Mac App Store Sign the App - Package in a Zip Archive - Verify signature before release Signed Apple Installer package
156 Packaging Advice Do these
157 Packaging Advice Do these For a container with Apps and resources Signed Disk Image Sign any content in the container Sign the disk image App External Resources Verify signatures before release
158 Packaging Advice
159 Packaging Advice Do These Adding personalization or licensing information Use extended attribute on bundle root see TN2206 Sign a personalized Disk Image
160 Packaging Advice Do These Do Not Do This Adding personalization or licensing information Use extended attribute on bundle root see TN2206 Modify your app after signing Deliver an app with a broken signature Use an ISO image Sign a personalized Disk Image
161 NEW Gatekeeper Enhancement Protecting customers
162 Gatekeeper Path Randomization NEW
163 Gatekeeper Path Randomization NEW Supplements existing Gatekeeper protections
164 Gatekeeper Path Randomization NEW Supplements existing Gatekeeper protections No change for Mac App Store apps
165 Gatekeeper Path Randomization NEW Supplements existing Gatekeeper protections No change for Mac App Store apps No change for previously run apps
166 Gatekeeper Path Randomization NEW Supplements existing Gatekeeper protections No change for Mac App Store apps No change for previously run apps Applies to newly downloaded apps
167 Gatekeeper Path Randomization NEW Supplements existing Gatekeeper protections No change for Mac App Store apps No change for previously run apps Applies to newly downloaded apps Applies to apps on unsigned Disk Images
168 Gatekeeper Path Randomization In a folder or Disk Image Your App Extra Resources
169 Gatekeeper Path Randomization When app is running Your App
170 Gatekeeper Path Randomization When app is running Your App
171 Gatekeeper Path Randomization When app is running? Your App
172 Gatekeeper Path Randomization Does not apply
173 Gatekeeper Path Randomization Does not apply User moves just the app bundle Must only move a single app bundle
174 Gatekeeper Path Randomization Does not apply User moves just the app bundle Must only move a single app bundle Signed Disk Images
175 Gatekeeper Path Randomization Does not apply User moves just the app bundle Must only move a single app bundle Signed Disk Images Signed Apple installer package
176 Gatekeeper Path Randomization Does not apply User moves just the app bundle Must only move a single app bundle Signed Disk Images Signed Apple installer package Apps from the Mac App Store
177 Summary Sign what you deliver Check the signatures are valid
178 More Information
179 Labs Security & Privacy Lab 1 Frameworks Lab C Wednesday 9:00AM Security & Privacy Lab 2 Frameworks Lab B Thursday 9:00AM
180
End User Devices Security Guidance: Apple ios 8
GOV.UK Guidance End User Devices Security Guidance: Apple ios 8 Published Contents 1. Changes since previous guidance 2. Usage scenario 3. Summary of platform security 4. How the platform can best satisfy
More informationEnd User Devices Security Guidance: Apple OS X 10.10
GOV.UK Guidance End User Devices Security Guidance: Apple OS X 10.10 Published Contents 1. Changes since previous guidance 2. Usage scenario 3. Summary of platform security 4. How the platform can best
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationKey & Data Storage on Mobile Devices
Key & Data Storage on Mobile Devices Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at Outline Why is this topic so delicate? Keys & Key Management High-Level Cryptography
More informationEverything is Terrible
Everything is Terrible A deep dive into provisioning and code signing Hello and welcome to Everything is Terrible. This is a deep dive talk into the processes behind provisioning and code signing on Apple
More informationEnhancing Web Application Security
Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor
More informationDeploying iphone and ipad Security Overview
Deploying iphone and ipad Security Overview ios, the operating system at the core of iphone and ipad, is built upon layers of security. This enables iphone and ipad to securely access corporate services
More informationApple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...
More informationios Team Administration Guide (Legacy)
ios Team Administration Guide (Legacy) Contents About ios Development Team Administration 5 At a Glance 6 Team Admins Manage Team Membership and Assign Roles in the Member Center 6 Development Devices
More informationMac OS X Security Checklist:
Mac OS X Security Checklist: Implementing the Center for Internet Security Benchmark for OS X Recommendations for securing Mac OS X The Center for Internet Security (CIS) benchmark for OS X is widely regarded
More informationAD CS. http://technet.microsoft.com/en-us/library/cc731564.aspx
AD CS AD CS http://technet.microsoft.com/en-us/library/cc731564.aspx Active Directory Certificate Services (AD CS) is an Identity and Access Control security technology that provides customizable services
More informationGuidance End User Devices Security Guidance: Apple OS X 10.9
GOV.UK Guidance End User Devices Security Guidance: Apple OS X 10.9 Published 23 January 2014 Contents 1. Changes since previous guidance 2. Usage Scenario 3. Summary of Platform Security 4. How the Platform
More informationAnalyzing the Security Schemes of Various Cloud Storage Services
Analyzing the Security Schemes of Various Cloud Storage Services ECE 646 Project Presentation Fall 2014 12/09/2014 Team Members Ankita Pandey Gagandeep Singh Bamrah Pros and Cons of Cloud Storage Services
More informationCiphire Mail. Abstract
Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationCertificates and Application Resigning
Certificates and Application Resigning Introduction In the following chapters we will be reviewing how to resign an application along with how to get the needed resources for the process. To successfully
More informationSSL Report: ebfl.srpskabanka.rs (91.240.6.48)
Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > SSL Report: (91.240.6.48) Assessed on: Sun, 03 Jan 2016 15:46:07 UTC HIDDEN Clear cache Scan Another» Summary Overall
More informationApp Distribution Guide
App Distribution Guide Contents About App Distribution 10 At a Glance 11 Enroll in an Apple Developer Program to Distribute Your App 11 Generate Certificates and Register Your Devices 11 Add Store Capabilities
More informationSBClient SSL. Ehab AbuShmais
SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three
More informationMigrating Trend Micro Mobile Security for Enterprise (TMMS) 8.0 to TMMS 9.0 Patch 1
Migrating Trend Micro Mobile Security for Enterprise (TMMS) 8.0 to TMMS 9.0 Patch 1 Migrating TMMS 8.0 to version 9.0 Patch 1 involves the following steps: 1. Pre-migration 2. Backing up the database and
More informationCRYPTOGRAPHY AS A SERVICE
CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,
More informationHTTPS is Fast and Hassle-free with CloudFlare
HTTPS is Fast and Hassle-free with CloudFlare 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com In the past, organizations had to choose between performance and security when encrypting their
More informationApache Milagro (incubating) An Introduction ApacheCon North America
Apache Milagro (incubating) An Introduction ApacheCon North America Apache Milagro will establish a new independent security framework for the Internet A Distributed Cryptosystem Secure the Future of the
More informationRSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide
RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks
More informationGuide for Generating. Apple Push Notification Service Certificate
Guide for Generating Apple Push Notification Service Certificate Contents Generating and Using APNs Certificate... 5 Understanding APNs Certificate... 6 Generating an APNs Certificate... 7 Initial Steps...
More informationCleaning Encrypted Traffic
Optenet Documentation Cleaning Encrypted Traffic Troubleshooting Guide iii Version History Doc Version Product Date Summary of Changes V6 OST-6.4.300 01/02/2015 English editing Optenet Documentation
More informationSecurity for Mac Computers in the Enterprise
Security for Mac Computers in the Enterprise October, 2012 Mountain Lion 10.8 Contents Introduction 3 Service and App Protection 4 Gatekeeper 4 Digital Signatures and Developer IDs 4 App Sandboxing 5 Mandatory
More informationGuidance End User Devices Security Guidance: Apple ios 7
GOV.UK Guidance End User Devices Security Guidance: Apple ios 7 Updated 10 June 2014 Contents 1. Changes since previous guidance 2. Usage Scenario 3. Summary of Platform Security 4. How the Platform Can
More informationBest Practice Guide (SSL Implementation) for Mobile App Development 最 佳 行 事 指 引. Jointly published by. Publication version 1.
Best Practice Guide (SSL Implementation) for Mobile App Development 流 動 應 用 程 式 (SSL 實 施 ) 最 佳 行 事 指 引 香 港 電 腦 事 故 協 調 中 心 ] Jointly published by [ 專 業 資 訊 保 安 協 會 ] Hong Kong Computer Emergency Response
More informationPenetration Testing for iphone Applications Part 1
Penetration Testing for iphone Applications Part 1 This article focuses specifically on the techniques and tools that will help security professionals understand penetration testing methods for iphone
More informationHow to configure Mac OS X Server
How to configure Mac OS X Server By Rob Buckley In the previous article in this series, we showed you how to secure a Mac using the functions built into its operating system, OS X. See photo story here
More informationSSL BEST PRACTICES OVERVIEW
SSL BEST PRACTICES OVERVIEW THESE PROBLEMS ARE PERVASIVE 77.9% 5.2% 19.2% 42.3% 77.9% of sites are HTTP 5.2% have an incomplete chain 19.2% support weak/insecure cipher suites 42.3% support SSL 3.0 83.1%
More informationArchitecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference
Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise
More information9243054 Issue 1. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation
9243054 Issue 1 Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation VPN Client User s Guide 9243054 Issue 1 Reproduction, transfer, distribution or storage of part or all of
More informationAPNS Certificate generating and installation
APNS Certificate generating and installation Quick Guide for generating and installing an Apple APNS Certificate Version: x.x MobiDM Quick Guide for APNS Certificate Page 1 Index 1. APPLE APNS CERTIFICATE...
More informationHow to generate an APNs Certificate to use the Apple MDM protocol via the portal
How to generate an APNs Certificate to use the Apple MDM protocol via the portal Introduction Before you can manage ios devices with your device management portal you will need an Apple Push Notification
More informationDeploying Management and Security Agents to Mobile Devices. Deploying Mgmt and Security Agents
Deploying Management and Security Agents to Mobile Devices John Engels Principal Product Manager Symantec Scott Jareo Field Enablement Engineering Symantec Agenda 1 Symantec MDM Agent Options 2 Mobile
More informationAdvanced Administration
BlackBerry Enterprise Service 10 BlackBerry Device Service Version: 10.2 Advanced Administration Guide Published: 2014-09-10 SWD-20140909133530796 Contents 1 Introduction...11 About this guide...12 What
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationSSL A discussion of the Secure Socket Layer
www.harmonysecurity.com info@harmonysecurity.com SSL A discussion of the Secure Socket Layer By Stephen Fewer Contents 1 Introduction 2 2 Encryption Techniques 3 3 Protocol Overview 3 3.1 The SSL Record
More informationPUBLIC Secure Login for SAP Single Sign-On Implementation Guide
SAP Single Sign-On 2.0 SP04 Document Version: 1.0-2014-10-28 PUBLIC Secure Login for SAP Single Sign-On Implementation Guide Table of Contents 1 What Is Secure Login?....8 1.1 System Overview.... 8 1.1.1
More informationThe safer, easier way to help you pass any IT exams. Exam : 9L0-518. OS X Server Essentials 10.8 Exam. Title : Version : Demo 1 / 6
Exam : 9L0-518 Title : OS X Server Essentials 10.8 Exam Version : Demo 1 / 6 1.In Server app, which procedure will configure OS X Server to let members of a specific group use the Messages service? A.
More informationipad in Business Security
ipad in Business Security Device protection Strong passcodes Passcode expiration Passcode reuse history Maximum failed attempts Over-the-air passcode enforcement Progressive passcode timeout Data security
More informationUsing Microsoft Visual Studio 2010. API Reference
2010 API Reference Published: 2014-02-19 SWD-20140219103929387 Contents 1... 4 Key features of the Visual Studio plug-in... 4 Get started...5 Request a vendor account... 5 Get code signing and debug token
More informationPCI Compliance Considerations
PCI Compliance Considerations This article outlines implementation considerations when deploying the Barracuda Load Balancer ADC in an environment subject to PCI Data Security Standard (PCI DSS) compliance.
More informationios 8 Security and Privacy Changes
ios 8 Security and Privacy Changes Alban Diquet December 5th, 2014 Agenda Data Protection in ios 8 HealthKit Custom Keyboards Local Authentication Privacy Changes Introduction ios 8.0 was released on September
More informationStandardizing PKI in Higher Education Apple PKI and Universal Hi-Ed Spec proposal
Standardizing PKI in Higher Education Apple PKI and Universal Hi-Ed Spec proposal Shawn Geddis Security Consulting Engineer, Apple Enterprise geddis@apple.com 703-264-5103 1 Agenda A View of Apples PKI
More informationFileMaker. Installation and New Features Guide. for FileMaker Pro 15 and FileMaker Pro 15 Advanced
FileMaker Installation and New Features Guide for FileMaker Pro 15 and FileMaker Pro 15 Advanced 2007-2016 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California
More informationAdministration Guide. BlackBerry Enterprise Service 12. Version 12.0
Administration Guide BlackBerry Enterprise Service 12 Version 12.0 Published: 2015-01-16 SWD-20150116150104141 Contents Introduction... 9 About this guide...10 What is BES12?...11 Key features of BES12...
More informationEncryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1
Encryption, Data Integrity, Digital Certificates, and SSL Developed by Jerry Scott 2002 SSL Primer-1-1 Ideas Behind Encryption When information is transmitted across intranets or the Internet, others can
More informationGame Center Programming Guide
Game Center Programming Guide Contents About Game Center 8 At a Glance 9 Some Game Resources Are Provided at Runtime by the Game Center Service 9 Your Game Displays Game Center s User Interface Elements
More informationKey Management and Distribution
Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationSecurity Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
More informationios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33
ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33 Why care about ios Security? 800M 800 million ios devices activated 130 million in last year 98%
More informationSecure Sockets Layer
SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. For web browsing, email, faxing, other data transmission. In typical use, only the server is authenticated
More informationVMware Horizon FLEX User Guide
Horizon FLEX 1.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this
More informationIT Networks & Security CERT Luncheon Series: Cryptography
IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI
More informationIs Your SSL Website and Mobile App Really Secure?
Is Your SSL Website and Mobile App Really Secure? Agenda What is SSL / TLS SSL Vulnerabilities PC/Server Mobile Advice to the Public Hong Kong Computer Emergency Response Team Coordination Centre 香 港 電
More informationMobile Device as a Platform for Assured Identity for the Federal Workforce
Mobile Device as a Platform for Assured Identity for the Federal Workforce Dr. Sarbari Gupta President and CEO, Electrosoft U.S. Army Information Technology Agency (ITA) Security Forum Fort Belvoir Electrosoft
More informationZenprise Device Manager 6.1
Zenprise Device Manager 6.1 APPLE APNS CERTIFICATE SETUP GUIDE Rev 6.10.00 2 ZENPRISE DEVICE MANAGER 6.1 APPLE APNS CERTIFICATE SETUP GUIDE 2011 Zenprise, Inc. All rights reserved. This manual, as well
More informationSecurity Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2
BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationWIRELESS LAN SECURITY FUNDAMENTALS
WIRELESS LAN SECURITY FUNDAMENTALS Jone Ostebo November 2015 #ATM15ANZ @ArubaANZ Learning Goals Authentication with 802.1X But first: We need to understand some PKI And before that, we need a cryptography
More informationBest Practices for SIP Security
Best Practices for SIP Security IMTC SIP Parity Group Version 21 November 9, 2011 Table of Contents 1. Overview... 33 2. Security Profile... 33 3. Authentication & Identity Protection... 33 4. Protecting
More informationEncrypting and signing e-mail
Encrypting and signing e-mail V1.0 Developed by Gunnar Kreitz at CSC, KTH. V2.0 Developed by Pehr Söderman at ICT, KTH (Pehrs@kth.se) V3.0 Includes experiences from the 2009 course V3.1 Adaptation for
More informationWhite Paper. The risks of authenticating with digital certificates exposed
White Paper The risks of authenticating with digital certificates exposed Table of contents Introduction... 2 What is remote access?... 2 Authentication with client side digital certificates... 2 Asymmetric
More informationWhat We Do: Simplify Enterprise Mobility
What We Do: Simplify Enterprise Mobility AirWatch by VMware is the global leader in enterprise-grade mobility solutions across every device, every operating system and every mobile deployment. Our scalable
More informationHow to Obtain an APNs Certificate for CA MDM
How to Obtain an APNs Certificate for CA MDM Contents How to Obtain an APNs Certificate for CA MDM Verify Prerequisites Obtaining Root and Intermediate Certificates Create a Certificate Signing Request
More informationI. Configuring Digital signature certificate in Microsoft Outlook 2003:
I. Configuring Digital signature certificate in Microsoft Outlook 2003: In order to configure Outlook 2003 to use the new message security settings please follow these steps: 1. Open Outlook. 2. Go to
More informationGenerating an Apple Enterprise MDM Certificate
Good Mobile Control Server Generating an Apple Enterprise MDM Certificate Updated 09/30/11 Overview... 1 Generating Your Apple Certificate Using a Mac... 1 Generating Your Apple Certificate Using Windows...
More informationKony MobileFabric Messaging. Demo App QuickStart Guide. (Building a Sample Application
Kony MobileFabric Kony MobileFabric Messaging Demo App QuickStart Guide (Building a Sample Application Apple ios) Release 6.5 Document Relevance and Accuracy This document is considered relevant to the
More informationiphone in Business Security Overview
iphone in Business Security Overview iphone can securely access corporate services and protect data on the device. It provides strong encryption for data in transmission, proven authentication methods
More informationMobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard
Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More informationConfiguration Guide. BES12 Cloud
Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
More informationKnappsack ios Build and Deployment Guide
Knappsack ios Build and Deployment Guide So you want to build and deploy an ios application to Knappsack? This guide will help walk you through all the necessary steps for a successful build and deployment.
More informationAdobe Flash Player and Adobe AIR security
Adobe Flash Player and Adobe AIR security Both Adobe Flash Platform runtimes Flash Player and AIR include built-in security and privacy features to provide strong protection for your data and privacy,
More informationQuickStart Guide for Mobile Device Management. Version 8.6
QuickStart Guide for Mobile Device Management Version 8.6 JAMF Software, LLC 2012 JAMF Software, LLC. All rights reserved. JAMF Software has made all efforts to ensure that this guide is accurate. JAMF
More informationDashlane Security Whitepaper
Dashlane Security Whitepaper November 2014 Protection of User Data in Dashlane Protection of User Data in Dashlane relies on 3 separate secrets: The User Master Password Never stored locally nor remotely.
More informationGetting the most from Apple Mail
Getting the most from Apple Mail Larry Kerschberg, Roy Wagner, Jonathan Bernstein and Friends February 28, 2015 1 Topics Mail on Macs and ios devices Configuring your accounts IMAP Folders VIP Contacts,
More informationHow To Package In Composer 2.5.2.2 (Amd64)
Composer User Guide Version 9.1 JAMF Software, LLC 2013 JAMF Software, LLC. All rights reserved. JAMF Software has made all efforts to ensure that this guide is accurate. JAMF Software 301 4th Ave S Suite
More informationios Enterprise Deployment Overview
ios Enterprise Deployment Overview ios devices such as ipad and iphone can transform your business. They can significantly boost productivity and give your employees the freedom and flexibility to work
More informationAdministering Jive Mobile Apps
Administering Jive Mobile Apps Contents 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios... 3 Native Apps and Push Notifications...4 Custom App Wrapping for ios... 5 Native
More informationServer based signature service. Overview
1(11) Server based signature service Overview Based on federated identity Swedish e-identification infrastructure 2(11) Table of contents 1 INTRODUCTION... 3 2 FUNCTIONAL... 4 3 SIGN SUPPORT SERVICE...
More informationSmart Card Setup Guide
Smart Card Setup Guide K Apple Computer, Inc. 2006 Apple Computer, Inc. All rights reserved. Under the copyright laws, this manual may not be copied, in whole or in part, without the written consent of
More informationHP ProtectTools Embedded Security Guide
HP ProtectTools Embedded Security Guide Document Part Number: 364876-001 May 2004 This guide provides instructions for using the software that allows you to configure settings for the HP ProtectTools Embedded
More informationBuzzTouch ios Push Notifications
BuzzTouch ios Push Notifications Niraj Shah January 27, 2013 Version 1.1 BuzzTouch ios Push Notifications 1 Introduction 1.1 An overview of Apple's Push Notifications 5 2 On the Mac with Keychain Access
More informationAutomatic updates for Websense data endpoints
Automatic updates for Websense data endpoints Topic 41102 / Updated: 25-Feb-2014 Applies To: Websense Data Security v7.6, v7.7.x, and v7.8 Endpoint auto-update is a feature that lets a network server push
More informationAppConnect FAQ for MobileIron Technology Partners! AppConnect Overview
AppConnect FAQ for MobileIron Technology Partners! AppConnect Overview What is AppConnect? AppConnect is a MobileIron product that secures and protects enterprise mobile apps. It manages the complete lifecycle
More informationSmart Card Authentication. Administrator's Guide
Smart Card Authentication Administrator's Guide October 2012 www.lexmark.com Contents 2 Contents Overview...4 Configuring the applications...5 Configuring printer settings for use with the applications...5
More informationYour First App Store Submission
Your First App Store Submission Contents About Your First App Store Submission 4 At a Glance 5 Enroll in the Program 5 Provision Devices 5 Create an App Record in itunes Connect 5 Submit the App 6 Solve
More informationUSER GUIDE WWPass Security for Email (Outlook) For WWPass Security Pack 2.4
USER GUIDE WWPass Security for Email (Outlook) For WWPass Security Pack 2.4 March 2014 TABLE OF CONTENTS Chapter 1 Welcome... 4 Introducing WWPass Security for Email (Outlook)... 5 Supported Outlook Products...
More informationMCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory. Chapter 11: Active Directory Certificate Services
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 11: Active Directory Certificate Services Objectives Describe the components of a PKI system Deploy the Active Directory
More informationSecurity Technical. Overview. BlackBerry Enterprise Server for Microsoft Exchange. Version: 5.0 Service Pack: 4
BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 4 Security Technical Overview Published: 2014-01-17 SWD-20140117135425071 Contents 1 New in this release...10 2 Overview...
More informationGuidance Regarding Skype and Other P2P VoIP Solutions
Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,
More informationPersonalSign Digital IDs GCC Certificate Installation Guide Rev. 1.2
PersonalSign Digital IDs GCC Certificate Installation Guide Rev. 1.2 BEFORE YOU BEGIN: 1. Review System Requirements found at http://www.globalsign.com/digital_certificate/personalsign/how_do_i_buy.html
More informationIBM TRIRIGA Anywhere Version 10 Release 4. Installing a development environment
IBM TRIRIGA Anywhere Version 10 Release 4 Installing a development environment Note Before using this information and the product it supports, read the information in Notices on page 9. This edition applies
More information