IMPROVING ANDROID SECURITY FOR AUTOMOTIVE WITH A DEFENSE-IN-DEPTH STRATEGY
|
|
- Martina Golden
- 7 years ago
- Views:
Transcription
1 IMPROVING ANDROID SECURITY FOR AUTOMOTIVE WITH A DEFENSE-IN-DEPTH STRATEGY INNOVATORS START HERE.
2 EXECUTIVE SUMMARY Automotive computer systems are increasingly integrated, and manage a number of convenience and safety features. In-vehicle infotainment (IVI) systems are also increasingly popular and are now expected, at least as options, on most vehicles. Android, with its rich development environment and friendly graphical and multimedia-based user interface, is an ideal match for this situation. But Android was not developed with high levels of security as a design requirement. Care must be taken when using Android in an automotive environment in order to avoid inadvertently creating high-risk situations and opening vulnerabilities that can be exploited by malicious code. This paper proposes ways to alleviate the known Android problems in an automotive environment, following a multilayered defense-in-depth strategy. TABLE OF CONTENTS Executive Summary Security Enhancement Strategy... 3 Defense in Depth Layers Secure Private Marketplace and App Preinstall Filter Security Enhanced Android Secure Boot and Firmware Management System Network Firewall Data Protection in Motion and at Rest Data Isolation... 5 Protection Coverage Conclusion White Paper
3 SECURITY ENHANCEMENT STRATEGY It is no secret that standard Android, as released by Google and implemented on hundreds of thousands of cellular and tablet devices, is not secure enough to work in an integrated automotive environment. The availability of hundreds of thousands of applications provides a seeming advantage. But most of these applications are designed and developed by programmers unfamiliar with the basic principles of software security, creating a huge potential attack surface and extreme risk. And combining the vulnerabilities in core Android with automotive systems creates additional risk. Standard Android must go through a series of security enhancements before deployment or connection to systems that are security sensitive. In a separate paper, we discussed the most common security vulnerabilities of Android. In this paper, we show how using appropriate enhancements makes it possible to create an Android environment that is sufficiently secure. The following paragraphs list a series of strategies which conform to a defense-in-depth 1 strategy, combining hardware separation and software enhancements to achieve a practical level of assurance of system security and safety (see Figure 1). Defense in depth is a best practice strategy in the computing security field. Android Sandbox Provides standard Android security SE Android Detects and prevents abnormal application behavior The goal is to create multiple layers of security, each of which protects the system in a different way that is as independent of other layers as is practical. This strategy makes it possible to prevent multiple types and categories of attacks from multiple types of attackers. The strategies listed here are all directed at the vehicle s electronic control unit (ECU) elements, specifically those based on Android. Other, non-android ECU elements may also benefit from some of these strategies. Strategies related to procedures, training, mechanical systems, social engineering, and other aspects of vehicle safety and security are not listed here. DEFENSE IN DEPTH LAYERS 1. Secure Private Marketplace and App Preinstall Filter The first layer of software protection is provided by a custom or private application marketplace combined with a mechanism to review applications before allowing them to be installed. Applications cannot be installed unless they were downloaded from the approved market and contain an approved electronic signature. Limiting the applications to those that pass a set of criteria ensures that they do not create vulnerabilities or worse, directly contain malware. Application verification is enhanced by relying on encryption keys retrieved during a secure device boot (see more on secure boot below). DeviceManagement Firmware Management Detects compromises to the system and notifies the proper authorities Updates system firmware to close vulnerabilities in deployed systems PRIVATE APP STORE Network MARKET APPLICATION Isolation Technologies Separate data to prevent a compromise of one component from compromising any other component Secure Boot In the case of a successful compromise, prevents the attacker from installing code permanently in the system PACKAGE MANAGER Firewall Prevents attacks from reaching the system Application Management Attestation/ Integrity Check Prevents high-risk applications from being installed on the system Periodically checks the system from afar against known golden images App Preinstall FIlter Veto Filter Veto? No Install Application Exit Physical Security Secures various ports and interfaces using physical means Figure 1: Defense in depth: Each layer provides a different kind of protection; to successfully attack the system, the attacker must find vulnerabilities in multiple layers Figure 2: Application preinstall filter 3 White Paper
4 2. Security Enhanced Android If any malware or damaging bugs are allowed to be installed, a second layer, Security Enhanced Android (SE Android), based on SELinux, provides mandatory access controls (MAC) that protect against unwanted access to data and system resources. It also helps prevent applications from sending information where that information should not go. Despite its stricter security model, SE Android is as fully featured as Android. SE Android provides a mechanism to detect attacks in progress and defend against them. It does so by creating a model of normal system behavior and enforcing that model. Any activity that does not conform to the model is assumed to be malicious, and SE Android prevents it from being successful. Furthermore, SE Android affects the entire system. On traditional Unix and Linux systems, there is a special account, called root, which has full privileges to do anything that the system is capable of doing. The root account bypasses the traditional security mechanisms entirely, as a sort of built-in back door. But SELinux and SE Android treat the root account like any other, and limit the activities that a process owned by root can perform. In this way, root is not root, so privilege escalation is not enough for the attacker. Instead, the attacker must escalate privileges and then gain access to the specific functionality they need, which is significantly more difficult. SE Android is available in Android v4.3 (Jelly Bean Maintenance Release 1) in permissive mode and in Android v4.4 (Jelly Bean Maintenance Release 2) in enforcing mode. The default security policy distributed in the Android Open Source Project (AOSP) is rather limited. In an automotive use case, the security policy would need to be strengthened, potentially implementing extensions to SE Android to cover even more of the standard system. 3. Secure Boot and Firmware Management System A third layer, secure boot combined with a secure firmware management system, prevents any intrusive malware or bugs from being installed as part of the system image, thus preventing a perpetual state of threat. This layer helps protect the overall integrity of the system. Secure Boot The purpose of a secure boot solution is to ensure that the firmware has not been tampered with. In general, this is accomplished by measuring an image before making use of it. (Attestion, on the other hand, measures an image while it is operational.) The boot stages are: Power on (rominit) to bootloader Bootloader(s) to Linux Linux to Android A good secure boot solution starts working during the power on code. This code is typically physically located in ROM (readonly memory), which the processor literally cannot write to, and is therefore invulnerable to post-manufacture attacks. It verifies the bootloader image and then starts the bootloader running. The bootloader then verifies the Linux stage by verifying that the Linux kernel image itself has not been tampered with, and that the root file system image has not been tampered with. During system build, these two components are packaged into boot.img. The next step is to verify the Android /system file system. The bootloader, Linux kernel, and root file system images are all relatively small and can be verified relatively quickly. But the /system file system is large, so a straightforward checksum or encryption signature check would take a very long time to complete. However, for a secure boot solution, this file system must be checked, so a different mechanism is used to avoid slowing the boot process to unacceptable levels. A secure boot sequence not only validates the system firmware, it also establishes a chain of trust that originates from unmodifiable hardware. System encryption keys can be part of the chain of trust which can then be used to validate applications, malware detection, communication, and data storage encryption. Device/Firmware Management Device/firmware upgrades require external connectivity to upgrade servers. Security measures can be applied to validate that the data comes from a secured source and the device or system only accepts updates from the single system that provides 4 White Paper
5 secure firmware management. This same mechanism is used to manage plugins and other application database contents on the Android device. 4. Network Firewall Another layer consists of a network firewall combined with functionality to detect and block certain kinds of attacks such as denial of services (DoS). Firewalls prevent exposure of unwanted services to a network and provide a shield against common network-based attacks. There are at least two open source firewall applications available: DroidWall and Android Firewall. But for an automotive application, a more comprehensive and customized solution is likely to be necessary in order to cover the broad networking environment. Commercial virus scanners for use on the Android systems (such as McAfee Mobile Security) are available, and a customized version of such a scanner may be appropriate for adding a firewall in an automotive environment. 5. Data Protection in Motion and at Rest Data must be protected in the automobile for both privacy and safety concerns, so data in motion over networks such as wireless, Wi-Fi, and Bluetooth must be encrypted to avoid interception. A commonly used technique is the secure socket layer (SSL) for TCP/IP communication of various sorts via the OpenSSL libraries. Virtual private networks (VPNs) can be used to establish a secure connection to a known source such as an automotive service center. This approach ensures that the end point (for example, the car dealer or manufacturer) is a known entity and that the connection is secure. Equally important is protecting data at rest when stored in volatile memory such as RAM, or more permanently in flash or hard disk storage. Ensuring proper encryption of data at rest, such as that specified in the FIPS standard, is critical. 6. Data Isolation Data isolation mechanisms can provide another layer of protection. Partitioning of major subsystems prevents user applications from affecting an entire system; by separating critical parts of the system from the less critical, it s possible to ensure the correct operation of the critical components even if an attack is successful in other parts of the system. Wind River has developed a domain partitioning system called lightweight partitioning (LWP) that provides partitioning at the Android OS level, separation of applications from each other, and protection against loss of the user s personal data. A bare metal hypervisor can help protect safety critical components by allowing a portion of the CPU to run a more secure operating system and interact directly with security sensitive components, while Android runs in an isolated system and is not allowed to interact directly with the secured components. This is a robust solution that make sense for aerospace, defense, and automotive applications where safety critical portions of the system must be physically protected from user-level applications. Isolation Using Lightweight Partitioning There are several distinct uses for an Android system in an automotive environment. The system would most frequently be used as the infotainment system for the driver and passengers. While the vehicle is in the service center, the Android system could be used as a secondary display to show diagnostic information. And in the event of an airbag deployment, the Android system could be used as an interface to an emergency service communication link that allows voice communication between the vehicle s occupants and the remote center, and transmits vehicle status data to better equip the remote center to understand the nature and severity of the problem. These three use cases have a common characteristic that makes them ideal for LWP: only one of them is active at any given time. When the vehicle is in the service center, the service configuration should be active and the other configurations inactive. After airbag deployment, the remote assistance configuration should be active and the others inactive. And at other times, the normal configuration should be active to allow the user a high-quality infotainment system. LWP allows time-domain isolation of these configurations, so that the appropriate one is active, and data from the other domains is hidden and unavailable. 5 White Paper
6 LWP is not the same as a multi-user implementation. In the case of LWP, multiple drivers have separate accounts using the normal Android multi-user feature for tablets, which was introduced in Android v4.2. LWP hides the applications and data installed in a specific domain, so that they are unavailable to attackers when that domain is not active. The data in inactive domains is kept encrypted and unmounted, so it can t even be seen, much less modified. Within the normal domain, each driver would have a separate account. The normal Android data, such as phonebook, media files, user-installed applications, and some system settings, is all kept private to the user s account using the normal, weak Android/ Linux sandbox. Service center applications and data are kept separate from user data, and are completely invulnerable to attacks made while the normal user domain is active. Similarly, applications and data for the remote assistance domain are kept separate from user data and from service center data 2. Isolation Using a Hypervisor In addition to, and complementary to, the domain isolation provided by LWP, it may also be appropriate to use a hypervisor solution. Because Android may be vulnerable to attacks that might allow an attacker to reprogram other ECUs on the vehicle, thereby creating a severe safety risk, the hypervisor can help limit the ability of the Android system to modify safety critical systems. The best method for preventing such attacks from affecting safety critical systems is to provide non-programmable hardware devices at the interface between the Android system and any buses connected to safety critical systems. This can be done either with a separate physical device, or with a hypervisor solution using the processor(s) of the Android system and a non-programmable hypervisor layer to filter the data. Separate devices would provide increased security, and a hypervisor solution would result in lower bill-of-materials costs. User data encrypted and not available when the service domain is active, so it cannot attack the service Service applications and data encrypted are not available when the user domain is active so it s not subject to attack DATA APP APP Common DATA APP APP Applications Dad s Account DATA Automotive System Secure OS Android Middleware Linux Kernel Mom s Account DATA APP APP Common Application APP APP DATA Hypervisor Teen s Account DATA Guet s Valet Account Applications hidden from specific users, but still available DATA Android Middleware Linux Kernel Figure 4: A hypervisor can provide a secure interlock to vehicle systems Figure 3: Lightweight partitioning and Android multi-users 6 White Paper
7 CONTACT WIND RIVER Visit contact to find your local Wind River sales contact, or call or write to PROTECTION COVERAGE The following table lists how to use the methods described above to protect against the various classes of vulnerabilities. Table 1: Caption Vulnerabilities and Solutions Class of Vulnerability Solutions Rootkits and other system-level threats, middleware vulnerabilities, image/video/audio vulnerabilities, and browser vulnerabilities Application vulnerabilities Service center vulnerabilities Botnets Prevent threats from being installed by using malware detection and virus scanners, and by managing applications based on authentication. When threats manage to get past those measures, prevent them from harming the system with SE Android MAC, and use device management to discover when malware has been installed and allow administrators to take appropriate action. If threats are undetected and get installed, prevent them from being installed permanently on the system with proper application authentication based on a chain of trust established at boot time via secure boot. Use firmware management to update system firmware and close newly discovered vulnerabilities for the lifetime of the vehicle. Use hardware isolation techniques to prevent malware from creating safety problems. Prevent threats from being installed by using malware detection and virus scanners, and by managing applications based on authentication. If threats are undetected and get installed, prevent them from being installed permanently on the system with proper application authentication based on a chain of trust established at boot time via secure boot. Use firmware management to update system firmware and close newly discovered vulnerabilities for the lifetime of the vehicle. Use hardware isolation techniques to prevent malware from creating safety problems. Prevent threats from being installed by using malware detection and virus scanners, and by managing applications based on authentication. When threats manage to get past those measures, use device management to discover when malware has been installed and allow administrators to take appropriate action. If threats are undetected and get installed, prevent them from being installed permanently on the system with proper application authentication based on a chain of trust established at boot time via secure boot. Use firmware management to update system firmware and close newly discovered vulnerabilities for the lifetime of the vehicle. Prevent threats from being installed by using malware detection and virus scanners, and by managing applications based on authentication. Prevent botnets from sending their payloads by using firewalls. When threats manage to get past those measures, prevent them from harming the system with SE Android MAC, and use device management to discover when malware has been installed and allow administrators to take appropriate action. If threats are undetected and get installed, prevent them from being installed permanently on the system with proper application authentication based on a chain of trust established at boot time via secure boot. Use firmware management to update system firmware and close newly discovered vulnerabilities for the lifetime of the vehicle. 7 White Paper
8 CONCLUSION Android as distributed by Google may be suitable for deployment as a stand-alone infotainment system that is not connected to any other automotive components, but when the infotainment system needs to be tied to other automotive components such as driver controls, vehicle status indicators, backup camera, environmental controls, and so on, standard Android does not provide the necessary level of protection. However, by using appropriate enhancements it is possible to create a secure environment. Together, the hardware isolation strategy and the multiple independent layers of software security provide a defense-in-depth barrier, and can help protect against the inherent vulnerabilities designed into Android. They make Android suitable for use in an integrated automotive environment where it is loosely coupled to other automotive components The LWP domain examples were chosen for clarity of explanation. It may be appropriate to combine the service center and remote assistance domains, or the normal and remote assistance domains. The important point is that normal infotainment use, which is at the highest risk, should be strongly isolated from service center functionality. Wind River is a world leader in embedded software for intelligent connected systems. The company has been pioneering computing inside embedded devices since 1981, and its technology is found in more than 1 billion products. To learn more, visit Wind River at Wind River Systems, Inc. The Wind River logo is a trademark of Wind River Systems, Inc., and Wind River and VxWorks are registered trademarks of Wind River Systems, Inc. Rev. 12/2013
WIND RIVER SECURE ANDROID CAPABILITY
WIND RIVER SECURE ANDROID CAPABILITY Cyber warfare has swiftly migrated from hacking into enterprise networks and the Internet to targeting, and being triggered from, mobile devices. With the recent explosion
More informationSophistication of attacks will keep improving, especially APT and zero-day exploits
FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint
More informationTHE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS
THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS By Bill Graham and Michael Weinstein INNOVATORS START HERE. EXECUTIVE SUMMARY Driven by the convergence of cloud technology, rapidly growing data
More informationWHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System
AirGap The Technology That Makes Isla a Powerful Web Malware Isolation System Introduction Web browsers have become a primary target for cyber attacks on the enterprise. If you think about it, it makes
More informationWIND RIVER INTELLIGENT DEVICE PLATFORM XT
WIND RIVER INTELLIGENT DEVICE PLATFORM XT The Foundation for Building Devices That Connect to the Internet of Things The opportunities presented by the burgeoning Internet of Things (IoT) may be new, but
More informationios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33
ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33 Why care about ios Security? 800M 800 million ios devices activated 130 million in last year 98%
More informationDell OpenManage Mobile Version 1.4 User s Guide (Android)
Dell OpenManage Mobile Version 1.4 User s Guide (Android) Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationBUSINESS PROTECTION. PERSONAL PRIVACY. ONE DEVICE.
BUSINESS PROTECTION. PERSONAL PRIVACY. ONE DEVICE. Enhanced Security for Your Network and Business Intelligence. Work Hard. Rest Easy. Today, employees are always on, which for you means always vulnerable.
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 2 Systems Threats and Risks Objectives Describe the different types of software-based attacks List types of hardware attacks Define
More informationTechnology in Action. Alan Evans Kendall Martin Mary Anne Poatsy. Eleventh Edition. Copyright 2015 Pearson Education, Inc.
Technology in Action Alan Evans Kendall Martin Mary Anne Poatsy Eleventh Edition Technology in Action Chapter 4 System Software: The Operating System, Utility Programs, and File Management. Chapter Topics
More informationUNCLASSIFIED Version 1.0 May 2012
Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice
More informationSECURITY IN THE INTERNET OF THINGS
The Intelligence in the Internet of Things SECURITY IN THE INTERNET OF THINGS Lessons from the Past for the Connected Future By AJ Shipley, Senior Director, Security Solutions, Wind River INNOVATORS START
More informationIS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS
More informationSmartphone Security. A Holistic view of Layered Defenses. David M. Wheeler, CISSP, CSSLP, GSLC. (C) 2012 SecureComm, Inc. All Rights Reserved
Smartphone Security A Holistic view of Layered Defenses David M. Wheeler, CISSP, CSSLP, GSLC 1 The Smartphone Market The smartphone security market is expected to grow at a rate of 44 percent annually
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationIn-Depth Look at Capabilities: Samsung KNOX and Android for Work
In-Depth Look at Capabilities: Samsung KNOX and Android for Work Silent Install Using the Samsung KNOX Workspace Mobile Device Management (MDM) APIs, IT admins can install and enable applications automatically.
More informationAnalysis of advanced issues in mobile security in android operating system
Available online atwww.scholarsresearchlibrary.com Archives of Applied Science Research, 2015, 7 (2):34-38 (http://scholarsresearchlibrary.com/archive.html) ISSN 0975-508X CODEN (USA) AASRC9 Analysis of
More informationHost-based Protection for ATM's
SOLUTION BRIEF:........................................ Host-based Protection for ATM's Who should read this paper ATM manufacturers, system integrators and operators. Content Introduction...........................................................................................................
More informationIBM Security QRadar Vulnerability Manager Version 7.2.1. User Guide
IBM Security QRadar Vulnerability Manager Version 7.2.1 User Guide Note Before using this information and the product that it supports, read the information in Notices on page 61. Copyright IBM Corporation
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationSecure Software Update Service (SSUS ) White Paper
White Paper Secure Software Update Service (SSUS ) White Paper Author: Document Version: r03c Jeffrey Menoher Publish Date: 9/6/2013 Secure. Reliable. Fast Problem Many software updates, including operating
More informationAdobe Flash Player and Adobe AIR security
Adobe Flash Player and Adobe AIR security Both Adobe Flash Platform runtimes Flash Player and AIR include built-in security and privacy features to provide strong protection for your data and privacy,
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationDoes your Citrix or Terminal Server environment have an Achilles heel?
CRYPTZONE WHITE PAPER Does your Citrix or Terminal Server environment have an Achilles heel? Moving away from IP-centric to role-based access controls to secure Citrix and Terminal Server user access cryptzone.com
More informationKaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking
Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationInfinity Acute Care System monitoring system
Infinity Acute Care System monitoring system Workstation security in a networked architecture Introduction The benefits of networked medical devices for healthcare facilities are compelling. However, the
More informationBYOD Guidance: BlackBerry Secure Work Space
GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationIBM Security QRadar Vulnerability Manager Version 7.2.6. User Guide IBM
IBM Security QRadar Vulnerability Manager Version 7.2.6 User Guide IBM Note Before using this information and the product that it supports, read the information in Notices on page 91. Product information
More informationBusiness Protection. Personal Privacy. One Device. Enhanced Security for Your Network and Business Intelligence.
Business Protection. Personal Privacy. One Device. Enhanced Security for Your Network and Business Intelligence. Work Hard. Rest Easy. Today, employees are always on, which for you means always vulnerable.
More informationfor businesses with more than 25 seats
for businesses with more than 25 seats ESET Business Solutions 1/6 Whether your business is just starting out or is established, there are a few things that you should expect from the software you use
More informationEndpoint protection for physical and virtual desktops
datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become
More informationHost/Platform Security. Module 11
Host/Platform Security Module 11 Why is Host/Platform Security Necessary? Firewalls are not enough All access paths to host may not be firewall protected Permitted traffic may be malicious Outbound traffic
More informationSecuring Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper
Securing Patient Data in Today s Mobilized Healthcare Industry Securing Patient Data in Today s Mobilized Healthcare Industry 866-7-BE-GOOD good.com 2 Contents Executive Summary The Role of Smartphones
More informationSECURITY: THE KEY TO AFFORDABLE UNMANNED AIRCRAFT SYSTEMS. By Alex Wilson, Director of Business Development, Aerospace and Defense
SECURITY: THE KEY TO AFFORDABLE UNMANNED AIRCRAFT SYSTEMS By Alex Wilson, Director of Business Development, Aerospace and Defense EXECUTIVE SUMMARY Cost efficiency and affordability will always be key
More informationInspection of Encrypted HTTPS Traffic
Technical Note Inspection of Encrypted HTTPS Traffic StoneGate version 5.0 SSL/TLS Inspection T e c h n i c a l N o t e I n s p e c t i o n o f E n c r y p t e d H T T P S T r a f f i c 1 Table of Contents
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationCMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis
CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems
More informationAddressing NIST and DOD Requirements for Mobile Device Management
Addressing NIST and DOD Requirements for Mobile Device Management Whitepaper 2013 ForeScout Technologies, Inc. All rights reserved. Call Toll-Free: 1.866.377.8771 www.forescout.com Contents 1. OVERVIEW
More informationSecurity Best Practices for Mobile Devices
Security Best Practices for Mobile Devices Background & Introduction The following document is intended to assist your business in taking the necessary steps needed to utilize the best security practices
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE IAD Best Practices for Securing Wireless Devices and Networks in National Security Systems IAG U/OO/814639-15 13 October
More informationSECURITY IN THE INTERNET OF THINGS
Lessons from the Past for the Connected Future INNOVATORS START HERE. EXECUTIVE SUMMARY Although it has been with us in some form and under different names for many years, the Internet of Things (IoT)
More informationAutomotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri
Automotive Ethernet Security Testing Alon Regev and Abhijit Lahiri 1 Automotive Network Security Cars are evolving Number of ECUs, sensors, and interconnects is growing Moving to Ethernet networks utilizing
More informationThe Advantages of a Firewall Over an Interafer
FIREWALLS VIEWPOINT 02/2006 31 MARCH 2006 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor organisation to the Centre for the Protection
More informationSystem i and System p. Customer service, support, and troubleshooting
System i and System p Customer service, support, and troubleshooting System i and System p Customer service, support, and troubleshooting Note Before using this information and the product it supports,
More informationCloud Security is a First Principle:
Cloud Security is a First Principle: Elements of Private Cloud Security Table of Contents Why the Security Minded are Drawn to Private Cloud Deployments....2 Security is the Driver Behind Private Clouds...3
More informationBlackBerry 10.3 Work and Personal Corporate
GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network
More informationUnified Threat Management Throughput Performance
Unified Threat Management Throughput Performance Desktop Device Comparison DR150818C October 2015 Miercom www.miercom.com Contents Executive Summary... 3 Introduction... 4 Products Tested... 6 How We Did
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More information1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis, K.Markantonakis@rhul.ac.uk
Proposed PhD Research Areas I am looking for strong PhD candidates to work on the projects listed below. The ideal candidate would have a mix of theoretical and practical skills, achieved a distinction
More informationMentor Embedded IVI Solutions
Mentor Embedded IVI Solutions Infotainment Instrument Cluster Andrew Patterson andrew_patterson@mentor.com Business Development Director Automotive Embedded Software mentor.com/embedded Android is a trademark
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationObjectives. Chapter 2: Operating-System Structures. Operating System Services (Cont.) Operating System Services. Operating System Services (Cont.
Objectives To describe the services an operating system provides to users, processes, and other systems To discuss the various ways of structuring an operating system Chapter 2: Operating-System Structures
More informationDeploying. Mac. Five best practices
Deploying Mac Five best practices Deploying Mac Today more than ever, IT teams are looking to support Mac users at work. These five best practices used by medium and large organizations like yours will
More informationLeading by Innovation McAfee Endpoint Security The Future of Malware-Detection: Activate protection on all Layers outside the Operating System
Leading by Innovation McAfee Endpoint Security The Future of Malware-Detection: Activate protection on all Layers outside the Operating System Dipl.-Inform. Rolf Haas Principal Security Engineer, S+,CISSP
More informationPrinterOn Mobile App for ios and Android
PrinterOn Mobile App for ios and Android User Guide Version 3.4 Contents Chapter 1: Getting started... 4 Features of the PrinterOn Mobile App... 4 Support for PrinterOn Secure Release Anywhere printer
More informationMicrosoft s Advantages and Goals for Hyper-V for Server 2016
Virtualization is a bedrock of modern cloud environments. Hypervisors manage the virtual machines in a cloud environments, providing six fundamental features, as shown in the table below. 1 Hypervisors
More informationIntel Cyber-Security Briefing: Trends, Solutions, and Opportunities
Intel Cyber-Security Briefing: Trends, Solutions, and Opportunities John Skinner, Director, Secure Enterprise and Cloud, Intel Americas, Inc. May 2012 Agenda Intel + McAfee: What it means Computing trends
More informationINSIGHTS CUPP COMPUTING MOBILE SECURITY MULTINATIONAL DECISIONMAKERS STUDY 2015
INSIGHTS CUPP COMPUTING MOBILE SECURITY MULTINATIONAL DECISIONMAKERS STUDY 2015 CHERYL HARRIS, PH.D. DECISIVE ANALYTICS LLC 575 MADISON AVENUE, 10 TH FL NEW YORK, NY 10022 917.628.6167 14. January 2015
More informationWindows Phone 8 Security Overview
Windows Phone 8 Security Overview This white paper is part of a series of technical papers designed to help IT professionals evaluate Windows Phone 8 and understand how it can play a role in their organizations.
More informationIntro to Firewalls. Summary
Topic 3: Lesson 2 Intro to Firewalls Summary Basic questions What is a firewall? What can a firewall do? What is packet filtering? What is proxying? What is stateful packet filtering? Compare network layer
More informationE21 Mobile Users Guide
E21 Mobile Users Guide E21 Mobile is the Mobile CRM companion to TGI s Enterprise 21 ERP software. Designed with the mobile sales force in mind, E21 Mobile provides real-time access to numerous functions
More informationSecurity Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2
BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationMaking Data Security The Foundation Of Your Virtualization Infrastructure
Making Data Security The Foundation Of Your Virtualization Infrastructure by Dave Shackleford hytrust.com Cloud Under Control P: P: 650.681.8100 Securing data has never been an easy task. Its challenges
More informationVirtualization System Security
Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability
More informationRemote 2014 Monitoring & Control. Securing Mobile Devices November 7 th 2014
Remote 2014 Monitoring & Control Securing Mobile Devices November 7 th 2014 Purpose / Agenda Ken Lewis, CISSP Director of Cross Domain Security Solutions for Tresys Technology Systems Security Engineer
More informationSecurity Considerations in Cloud Deployments Matthew Garrett <matthew.garrett@nebula.com>
Security Considerations in Cloud Deployments Matthew Garrett (cloud) Computing for the Enterprise Security concerns in traditional hosting Someone hacks your system Your hosting
More informationThe Benefits of SSL Content Inspection ABSTRACT
The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic
More informationGETTING STARTED WITH ANDROID DEVELOPMENT FOR EMBEDDED SYSTEMS
Embedded Systems White Paper GETTING STARTED WITH ANDROID DEVELOPMENT FOR EMBEDDED SYSTEMS September 2009 ABSTRACT Android is an open source platform built by Google that includes an operating system,
More informationSamsung SDS. Enterprise Mobility Management
Samsung SDS Enterprise Mobility Samsung SDS Enterprise Mobility Faster and Safer Samsung SDS Enterprise Mobility provides stronger security for enterprise mobility without Compromising usability of mobile
More informationAre free Android virus scanners any good?
Authors: Hendrik Pilz, Steffen Schindler Published: 10. November 2011 Version: 1.1 Copyright 2011 AV-TEST GmbH. All rights reserved. Postal address: Klewitzstr. 7, 39112 Magdeburg, Germany Phone +49 (0)
More informationWindows Phone 8 Security deep dive
October 2012 Windows Phone 8 Security deep dive David Hernie Technical Evangelist Microsoft Belux Office Microsoft Corporation All large screen, dual-core, LTE and NFC Nokia Lumia 920 Nokia Lumia 820 Samsung
More informationCourse Description. Course Audience. Course Outline. Course Page - Page 1 of 12
Course Page - Page 1 of 12 Windows 7 Enterprise Desktop Support Technician M-50331 Length: 5 days Price: $2,795.00 Course Description This five-day instructor-led course provides students with the knowledge
More informationWhite Paper: An Overview of the Samsung KNOX TM 2.0 Platform
: An Overview of the Samsung KNOX TM 2.0 Platform March 2014 Enterprise Mobility Solutions Samsung Electronics Co., Ltd. Contents Acronyms Introducing the Samsung KNOX 2.0 Platform What's New in the KNOX
More informationEndpoint protection for physical and virtual desktops
datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become
More informationSamsung KNOX User Guide KNOX for Consumers Edition
Samsung KNOX User Guide KNOX for Consumers Edition Version 1.3 Jan 07, 2015 Copyright Notice Copyright 2013 Samsung Electronics Co. Ltd. All rights reserved. Samsung is a registered trademark of Samsung
More informationSymantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper
Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper Details: Introduction When computers in a private network connect to the Internet, they physically
More informationTotal Protection for Enterprise-Advanced
System Requirements Total Protection for Enterprise-Advanced One integrated solution, one console, proven comprehensive protection McAfee Alert Manager 4.7.1 Free disk space 1.5 MB (complete installation)
More informationKaspersky Security 10 for Mobile Implementation Guide
Kaspersky Security 10 for Mobile Implementation Guide APPLICATION VERSION: 10.0 MAINTENANCE RELEASE 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful
More informationAndroid Security Data from the Frontlines
SESSION ID: MBS-T07R Android Security Data from the Frontlines security@android.com aludwig@google.com Goal of this talk Provide insight into overall Android security strategy. Discuss data that is being
More informationMOBILE MALWARE REPORT
TRUST IN MOBILE MALWARE REPORT THREAT REPORT: H2/2014 CONTENTS At a Glance 03-03 Forecasts and trends 04-04 Current situation: 4.500 new Android malware instances every day 05-05 Third-party App-Stores
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationTOP 3 STRATEGIES TO REDUCE RISK IN AUTOMOTIVE/IN-VEHICLE SOFTWARE DEVELOPMENT
TOP 3 STRATEGIES TO REDUCE RISK IN AUTOMOTIVE/IN-VEHICLE SOFTWARE DEVELOPMENT Go beyond error detection to ensure safety and security TABLE OF CONTENTS The Three Biggest Challenges...4 Ensure compliance
More informationCODE SIGNING. Why Developers Need to Digitally Sign Code and Applications. +1-888-690-2424 entrust.com
CODE SIGNING Why Developers Need to Digitally Sign Code and Applications +1-888-690-2424 entrust.com Table of contents Why Code Sign? Page 3 What is Code Signing? Page 4 Verifying Code Authenticity Page
More informationProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure
More informationLOGIIC Remote Access. Final Public Report. June 2015 1 LOGIIC - APPROVED FOR PUBLIC DISTRIBUTION
LOGIIC Remote Access June 2015 Final Public Report Document Title LOGIIC Remote Monitoring Project Public Report Version Version 1.0 Primary Author A. McIntyre (SRI) Distribution Category LOGIIC Approved
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationInteract Intranet Version 7. Technical Requirements. August 2014. 2014 Interact
Interact Intranet Version 7 Technical Requirements August 2014 2014 Interact Definitions... 3 Licenses... 3 On-Premise... 3 Cloud... 3 Pulic Cloud... 3 Private Cloud... 3 Perpetual... 3 Self-Hosted...
More informationFirewall Testing Methodology W H I T E P A P E R
Firewall ing W H I T E P A P E R Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness
More informationConnecting Software Connect Bridge - Mobile CRM Android User Manual
Connect Bridge - Mobile CRM Android User Manual Summary This document describes the Android app Mobile CRM, its functionality and features available. The document is intended for end users as user manual
More informationTechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security
Enterprise Mobility - Mobile Device Security Story Context: TechnoLabs has been focusing and offers Enterprise Mobility as one of its solution offering. No can deny the fact that mobile computing can bring
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationCyber Essentials Scheme
Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these
More informationMobile Device as a Platform for Assured Identity for the Federal Workforce
Mobile Device as a Platform for Assured Identity for the Federal Workforce Dr. Sarbari Gupta President and CEO, Electrosoft U.S. Army Information Technology Agency (ITA) Security Forum Fort Belvoir Electrosoft
More informationSierraware Overview. Simply Secure
Sierraware Overview Simply Secure Sierraware Software Suite SierraTEE/Micro Kernel TrustZone/GlobalPlatform TEE SierraVisor: Bare Metal Hypervisor Hypervisor for ARM Para-virtualization, TrustZone Virtualization,
More information