|
|
- Tamsyn Bates
- 8 years ago
- Views:
Transcription
1 Secure U n i f i ed C o m m un i ca t i o n s Jaroslav Martan, C S E C C I E # j m artan@c isc o. c om 1
2 Obsah Typy bezpečno stníc h h r o zeb a o c h r ana před ni m i S r o v nání bezpečno sti tr adi ční a I P tel ef o ni e E I P u r i c h i r k o m v l nd-to -end sec ty ar tek tu a, bi nac e astno stí I P i n f r a s t r u k t u r a L A N, W A N F i r e w a lly B ezpečno stní f u nk c e I P tel ef o nu 2
3 Typy bezpečno s t níc h h r o zeb a o c h r a na před ni m i 3
4 P o hl e d y Uživa tel S o u k r o m í na be z p e čno st Může něk d o o d p o s l ech no u t m ůj h o v o r? Může něk d o na r u ši t m ůj h o v o r ( p o d v r h no u t s l o v a )? Z n e u ži t í Může něk d o v o l a t na m ůj účet? Můžu p o žád a t o b l o k o v ání o b t ěžu j ících h o v o r ů? A dminis tr áto r S po l e h l i v o s t a d o s t u pn o s t J e řešení o d o l né p r o t i D o S út o k ům, v i r ům? Z a b ez p ečení i h ned o d e d ne i ns t a l a ce/ u v ed ení d o p r o v o z u? D o h l e d M a na ger D o k ážu u ži v a t el i neb o šéf o v i r y ch l e p o s k y t no u t úd a j e o p r o b l em a t i ck ém h o v o r u? ( o b t ěžu j ící h o v o r, p r o b l em a t i ck ý h o v o r z a m ěs t na nce) E t i k a Můžu s l ed o v a t a k t i v i t u p r o b l em a t i ck éh o z a m ěs t na nce? Nák l a d y O p r áv nění v o l ání, r o z l i šení s o u k r o m ý ch a p r a co v ních h o v o r ů, účt o v ání h o v o r ů na k l i ent a K r i t i ck é s i t u a ce L z e v k r i t i ck ý ch s i t u a cích p r i o r i t i z o v a t h o v o r y? 4
5 D e f inic e id e ntity, inte g r ity, a so u k r o m í I Z k ý m j u m o o v u r c denti ta: půso b au tenti zac e, ter e zar čena žno st pr ádět či té ak e A u t e n t i za c e j e pr o c e s, k t e r ý m s e po s k y t u j e a pr o věřu j e i de n t i t a A u t o r i za c e j e pr o c e s, k t e r ý m j s o u s u b j e k t u s e zn ám o u i de n t i t o u dán a pr áva v s y s t ém u I nteg r i ta: U dr žu j e au tenti zo v ané spo j ení, k ter é zar u ču j e, že P a k e t při c h ází z důvěr y h o dn éh o zdr o j e, s e k t e r ý m s dílít e ši f r u O b s a h zpr ávy s e při pře n o s u n e zm ěn i l S o u k r o m í: Ši f r u j e pak et, aby byl o zar u čeno, že nem ůže bý t přečten nebo i nter pr eto v án něk ý m j i ný m 5
6 T y p y be z p e čno stníc h hr o z e b Z neu ži tí na nák l ady f i r m y (To l l f r au d) - ztr áta i denti ty O dpo sl ec h - ztr áta so u k r o m í N ar u šení přeno su - ztr áta i nteg r i ty O dm ítnu tí sl u žby - deni al o f ser v i c e 6
7 Oc hr ana p ře d be z p e čno stním i hr o z bam i Z n e u ži t í n a n ák la dy f i r m y ( T o ll f r a u d) zt r át a i de n t i t y O p r ávnění vo l ání, z áz na my o h o vo r ech ( C D R ), p r o ka z a tel ná identita O dpo s le c h zt r át a s o u k r o m í K o nf igu r a ce inf r a s tr u ktu r y, s l edo vání a el imina ce p o ku s ů o j ej í na r u šení, šif r o va ná ko mu nika ce N a r u še n í pře n o s u zt r át a i n t e g r i t y K o ntr o l a integr ity p řenášený ch inf o r ma cí O dm ít n u t í s lu žb y de n i a l o f s e r vi c e K o nf igu r a ce inf r a s tr u ktu r y, identif ika ce a el imina ce z dr o j e úto ku 7
8 S r o v nání bezpečno s t i t r a d i ční a I P t el ef o ni e 8
9 m H r o z by p r o U C j so u p o d o bné j ak o něk te r é hr o z by p r o tr ad iční ústře d ny Pře e sm H la s o v á s ch r ánk o, přepo j m ě na x x x x x x x x x TT oll FF rau d d 11 :: ěrování z hh lasové pošty International, P rem iu m Local PSTN TT oll FF rau d d 33 :: SS oc ial EE ng ine ee ring TT oll FF rau d d 22 :: TT rvalé pře e sm ěrování K a m a r ád i, po d o b u m é d o v o lené m i v o lejte na o ji link u d o pr áce Int l Local TT oll FF rau d d 44 :: II nte rní pom oc nícn c i Alice, přepo j m ě, pr o s ím, na x x x x x x x x International, P rem iu m Local PSTN International, P rem iu m Local Přes m ěr u ju tě 9
10 O H r o z by p r o U C j so u tak é p o d o bné těm, k te r é o hr o žu j í I P sítě ZZ tráta ta sou kk rom í ZZ tráta ta inte gg rity U l o ž $ U l o ž $ T a d y js o u f ina nční inf o r m a ce Zákaz ník Banka Pře e dd stírání id ee ntity O dd mm ítnu tít slu žb b yy V T S s m h o v o r y Já js em, po ílej i Já js em T o m, po s ílej m i h o v o r y K d e je m ůj o z na m o v a cí tón? B ody útok ů: Se r v e r y, G W, Z poždění, J i tte r, Z tr áty pak e tů, pás mo 1 0
11 I P T o l l F r au d CUCME Vo i c e G W CUCM I n ter n et I S D N P S T N V o i G W j e n d o I n t e r n e t u ( j a k o F W, V P r o u t e r n e b o o I P P h o v o r y ) S I P / H r t y o t e v n o o z s j e n J a k s m u j e h o v o r y? P o m o d i a l e r T u k a z u j e d o P S T C h m e z l a b l o k o v a t o z V o I P? = > A C L C U C M E m e b l o k o v a t u z e h o v o r y s m e m d o P S T = > r l i s t y C U C M K o m b i n o v a n I P P a P S T G W? = > T C L s i k o n t r o l u j z d r o j o v o u / o v o u I P a d r e s u ce při po á N pr -I po ře é pr přích í po í ěr cí -pe ů, 0 N ce ce přích í - ch ce po ěr N? co - á -I N cr pt ící cíl 1 1
12 E nd -t o -end I P s ec u r i t y a r c h i t ek t u r a, k o m bi na c e v l a s t no s t í I P inf r a s tr u k tu r a L AN, W F ir ew a lly AN 12
13 A r c hite c tu r e 1 5
14 Zásad y náv r hu z abe z p e če ní S tav ět v e v r stv ác h / zónác h tak, aby nar u šení j edno h o systém u nev edl o k nar u šení c el é sítě Tel ef o nní bezpečno st záv i sí na c el k o v é dato v é bezpečno sti N ej l epší bezpečno stní tec h no l o g i e není tak důl eži tá j ak o pr ak ti k o v aná bezpečno stní po l i ti k a S k u tečně bezpečný systém neex i stu j e. V ždy se j edná o h l edání k o m pr o m i su m ezi el i m i ni ac í r i zi k a a c eno u. 1 6
15 D e f e nse I n-d e p th M e tho d o l o g y A p p lica t ion & D a t a D a t a S ecu r it y Pa t ch M a n a g em en t I n t r u sion Pr ev en t ion V ir u s Pr ot ect ion H ost -B a sed F ir ew a ll S er v er H a r d en in g S t ro n g p assw o rds, f i l e A C L s E n dp o i n t se c uri t y an d se c ure c o m m un i c at i o n p at h s (S S L, T L S, I P S e c ) S e c uri t y up dat e m an ag e m e n t D ay -Z e ro at t ac k p ro t e c t i o n A n t i -V i rus up dat e s I n b o un d T C P /I P p o rt c o n t ro l O S h arde n i n g, aut h e n t i c at i o n, audi t i n g H ost S ecu r it y I n t er n a l N et w or k Per im et er S ecu r it y Ph y sica l secu r it y Policies, p r oced u r es, a n d a w a r en ess N e t w o rk se g m e n t s, N e t w o rk b ase d I D S F i re w al l s, A C L c o n f i g ure d ro ut e rs, V P N s Guards, l o c k s, ac c e ss c o n t ro l S e c uri t y p o l i c i e s, p ro c e dure s, e duc at i o n al o n g w i t h a b ac k up an d re st o re st rat e g y 1 7
16 O U C be z p e čno st: v r stv y Ca l l Ma n a g er O pti mali z ov aný S ID S/ anti v i r u s f i ltr y A KK oo nn cc oo vv á zz aa říz en í OO dděle né datov é a hh las ov é VLA N/ VPN FF ii rr ew aa ll l l nn eb oo AA CL RR ee gg uu lace pr ov oz uu Ins pe kk ce pr otok olů Vn ějš í s v ět LL AA N N // WW AA NN Vys ok á dos tu pnos t VLA N/ VPN AA CC L říz ee ní a ss le dov ání přís tu pu VPN nás tr oj e pr o s le dov ání pr ov oz u Internet IP W A N P S T N 1 8
17 M SS ee cc uu rr ity RR ee qq uu ir ee mm ee nts Systems Approach in Action S ec u re C o m m u ni c a ti o n a na g e Id enti ty a nd T ru s t T h rea t D ef ens e Inf ra s tru c tu re VLA N s e g me ntati on V3 PN R ou te au th e nti cati on Standar d A A A X D H C P Snoopi ng D A I, IP Sou r ce G F i r e w all ID S/ IPS u ar d C a l l P ro c es s i ng TLS (SSL) to ph one s IPSe c to g ate w ays Se cu r e e nr ollme nt D i g i tal C e r ti f i cate s Mu tu al A u th e nti cati on Se cu r e manag e me nt H ar de ne d O S Inte g r ate d C SA A nti -Vi r u s E nd p o i nts A u th e nti cate d and E ncr ypte d TLS Si g nali ng and SR TP Me di a D i g i tal C e r ti f i cate s Si g ne d F i r mw ar e Si g ne d C onf i g s Ig nor e G A R P D i s ab le PC acce s s to v oi ce VLA N A p p l i c a ti o ns SSL/ h ttps H / SIP s tandar ds Mu lti -Le v e l A dmi n C e r ti f i cate Tr u s t Li s t Toll F r au d Mi ti g ati on Mi n u nu s e d s e r v i ce s 1 9
18 Q o S j ak o be z p e čno stní nástr o j 20
19 Scavenger QoS och rana před D os/ W Jestliže se n ed o k ážem e z b a v it p r o b lém u, m ů žem e h o a lesp o ň m in im a liz o v a t? orm Če r v i ne b o D D o S ne j s o u b ěžné, j s o u to a no m ál i e O h r o že ní j e tře b a r o z u m ět, a b y b y l o m o žné: O 1. Z a mez it a no mál iím 2. D eteko va t divné ch o vání 3. R ea go va t na ně 4. O mez it j ej ich do p a d c h r a na i nte g r i ty s ítě Udr žet s íťo vé p r vky živé a o vl a da tel né Umo žnění to ků kr itický ch da t I m p l e m e nta c e i nte g r o v a né b e z p e čno s tní a r c h i te k tu r y 21
20 Scavenger Q o S o ch rana před D o S/ W o rm Reakce na anomál i e Při a b no r málním pr o v o z u ( w o r m, D o S ), k d y v íc e po čít a čů z půso b u j e pře t íže ní li nk y, po d e z ře lý pr o v o z pře d t ím o z na če n j a k o S c a v e ng e r j e a g r e si v ně z a h a z o v án S t a ni c e, k t e r é ne g e ne r u j í a b no r mální pr o v o z, mo h o u d ále k o mu ni k o v a t P o l i c e T h ro ttl e S c a v eng er (w h en C o ng es ted ) 24
21 Scavenger Q o S o ch rana před D o S/ W o rm P ot řeb a ag r eg ov anéh o p ol i ci ng u p od l e z d r oj e P er -P o r t/ P er -VL A N P o l i c er A g g r eg a te S o u r c e-b a s ed P o l i c er Si Víc e ma l ý c h to k ů můž e p r o jít p řes P er -P o r t/ P er -VL A N P o l i c er a g r eg o v a n ý p o l i c er r ea g u je n a a n o mál i i p o d l e z d r o je P r o h l edáva j ící čer vi ma j í vl iv na ka p a citu s ítě díky a gr ego va nému o b j emu p r o vo z u K a ždé p r o h l edávání neb o úto k j e s a mo s ta tný to k J ediný T C P / UD P to k p r o b l émy nez p ůs o b u j e J e nu tné a gr ego va t všech ny to ky p r o ka ždý j edinečný z dr o j, a b y b y l o mo žné identif iko va t a o z na čit ty to ky, kter é s e ch o va j í a b no r mál ně 26
22 O O Q O Scavenger Q o S o ch rana před D o S/ W o rm O ch r ana neb o omez ení d op ad u N a p a d en ý s y s tém c hr a n a k o n c o v éh s y s tému C i s co Se cu r i ty A g e nt A c c es s I nt e g r o v a ná síťo v á a r c h i t e k t u r a k o mb i nu j e t e c h no lo g i e pr o v y so k o u d o st u pno st, k v a li t u slu žb y a b e z pe čno st z a úče le m z a b r ánění ne b o o me z e ní út o k u Si Si D i s tr i b u ti o n c hr a n a l i n ek os Scav e ng e r C las s Si Co r e Si O c a n a s w i C E F R r s C hr tc hů ate Li mi te opp I n f i k o v a n ý z d r o j c hr a n a p řed úto k em C i s co G u ar d F i r e w all A C Ls & NB A R 27
23 L A N 29
24 I g no r e G A R P I P pr o to c o l th at al l o w s dev i c es to anno u nc e th em sel v es. B l o c k s ac c eptanc e o f G r atu i to u s A R P (G A R P ) by th e ph o ne. P r ev ents m al i c i o u s dev i c e f r o m assu m i ng th e i denti ty o f so m eth i ng el se (def au l t r o u ter ) to bec o m e m an-i n-th e- m i ddl e. Successfully stops Ettercap! I m not li ss te ni ng I m I m YY ou ar e e?? I m gg ee tti ng a ne w w addr ee ss s s.. 3 1
25 D y nam ic A R P I nsp e c tio n Dynamic binding of IP address to MAC address B u il t on DH CP S noop ing constru ct Use w ith IP S ou rce G u ard B inding establ ish ed w ith DH CP req u est R esets w ith l oss of l ink Av ail abl e in Cat-4 k now, 6 K & l ater aa-aa-aa-aa-aa-aa 11 // bb bb -b bb -b bb -b bb -b bb -b bb 11 // cc-cc-cc-cc-cc-cc 11 // dd-dd-dd-dd-dd-dd 11 // aa-aa-aa-aa-aa-aa DD AA I: No, you r e e not!! DD AA I: I don t th ii nk ss o!! b b -b b -b b -b b -b b -b b I m X X I m bb bb -b bb -b bb -b bb - bb bb -b bb cc-cc-cc-cc-cc-cc dd-dd-dd-dd-dd-dd 3 2
26 V o ic e V L A N T el efon bl ok u je v oice V L AN tagov ané p ak ety na sv ém PC p ortu Z PC nel z e odp osl ech nou t p rov oz tel efonu IP SS uu bnet BB Ph one VV LL AN = = IP SS uu bnet A PC VV LL AN = = 33 V oice V L AN Data V L AN 3 3
27 B l o c k P C A c c e ss to V o ic e V L A N (c o n t) Not so-su b tl e d i f f e r e n c e b e tw e e n p h on e m od e l i m p l e m e n ta ti on s & on l y b l oc k v oi c e V L A N, a l l ow i n g P C to r u n Q on a n y oth e r V L A N. ( M a k e s f or a n i n te r e sti n g C a ta l y st c on f i g u r a ti on b l oc k s a l l p a c k e ts c on ta i n i n g a n Q h e a d e r d oe sn t b l oc k a n y th i n g. IP SS uu bnet BB Ph one VV LL AN = = IP SS uu bnet A PC VV LL AN = = 33 V oice V L AN Data V L AN 3 4
28 D atac e nte r 3 7
29 C al l C o nt ro l P ro t ect i o n B as el i ne I nt erm ed i at e - A d vanced B a s el i ne Un ma n a g ed Ci s c o S ec u r i ty A g en t ( CS A ) A n ti -Vi r u s Ci s c o p a tc hes Interm ed i a te En a b l e Mu l ti -L ev el A d mi n Ma n a g ed Ci s c o S ec u r i ty A g en t A d v a nc ed I P S ec f o r I n ter -Cl u s ter T r u n k s A d v a n c ed O I n c l u d ed O S H a r d en i n g S S ec u r i ty S c r i p t CCM-O S -O p t i o n a l S e c u r i t y. c m d CCM-O S -O p t i o n a l S e c u r i t y -R e a d m e. d o c D i s a b l e I I S o n Ca l l Ma n a g er S u b s c r i b er s Mo v e D H CP Cl o s er T o En d p o i n ts Es ta b l i s h N T A d mi n P a s s w o r d P o l i c y W i n d o w s a n d I I S Vi r tu a l D i r ec to r y A CL ' s 3 9
30 C ent r ál ní cal l cont r ol D at a C ent er V P N C U C M C U C M CFB L3 L3 LA N s w i tch d a t a c e n t e r LA N s w i tch d a t a d a t a v o i c e MPLS v o i c e Le g e nda: eb G P s es s i o n S t a t i k a S C C P R T P 40
31 E x te r nal F W 41
32 F ir e w al l? A S A ano, al e... Protocol insp ection? H a S IP jsou sl ožité p rotok ol y. Imp l ementace se moh ou l išit, p roto je u ex terních sp ojení důl ežitější interop erabil ita N AT defau l t gatew ay 42
33 m m C U B E P ac k e t H and l ing Pr o t o c o l -i n d e p e n d e n t v i r t u a l c a l l d e s c r i p t o r I n c o m i n g n u m b e r a t c h i n g D TM F s e t t i n g s Pa y l o a d t y p e s e t t i n g s Voi ce A ppli cati on C ode L 7 Pr o t o c o l -i n d e p e n d e n t m e m o r y s t r u c t u r e s h o l d i n g c a l l s t a t e a n d a t t r i b u t e s ( CL I D, Ca l l e d #, Co d e c ) D i a l -p e e r D i a l -p e e r O u t g o i n g n u m b e r a t c h i n g D TM F s e t t i n g s Pa y l o a d t y p e s e t t i n g s S I P t r a n s m i t p o r t S I P l i s t e n p o r t Pa r s e m s g t o g e t n u m b e r Pa y l o a d t y p e s i n s p e c t e d S I P/ H Pr o t o c o l S t a c k R TP L i b r a r y D TM F x l a t i o n Co d e c F i l t e r i n g X c o d i n g Co n t r o l S I P/ H Pr o t o c o l S t a c k R TP L i b r a r y I P A d d r e s s r e w r i t t e n R TP Po r t n u m b e r Pa y l o a d t y p e R TP h e a d e r r e w r i t t e n I P a n d TCP p a c k e t r e c e i v e A CL s a p p l i e d F W / A L G / N A T a p p l i e d TCP U D P TL S D SP A PI D SP H ar dw ar e IO S Inf r as tr u ctu r e (A C Ls, F W, IPS, VPN) TCP U D P TL S I P a n d TCP p a c k e t t r a n s m A CL s a p p l i e d i t I n g r es s I / F H W LA N/ W A N Inte r f ace s Eg r es s I / F S i g n a l i n g M e d i a 43
34 T r u ste d R e l ay P o int 44
35 W Q T r u ste d R e l ay P o int (T R P ) Ov e r v ie w U C M a n a g e r U C Tr u s te d VLA N Tr av e r s al U C Tr u s te d os E nf or ce me nt Data VLAN S o f t w a r e Cl i e n t Si IP W AN B r a n c h R o u t e r A c c e s s S w i t c h I P Ph o n e s Si U C VLAN A c c e s s S w i t c h D i s t r i b u t i o n / Co r e S w i t c h A N A g g r e g a t i o n U C Tr u s te d F i r e w all C ontr ol B r a n c h R o u t e r A c c e s s S w i t c h S o f t w a r e f u nc t i o n t h a t r u ns o n C i sc o ne t w o r k d e v i c e s su c h a s c a mpu s sw i t c h e s a nd r o u t e r s (similar to an MTP) I nse r t e d i n t h e c a ll f lo w b y C U C M 7. 0 ( o r C U C M E 4. 0 ) b a se d o n c o nf i g Pr o v i d e s tru sted a nc h o r i ng po i nt f o r me d i a t o e na b le se v e r a l f u nc t i o na li t i e s ( Q o S e nf o r c e me nt, T r u st e d V L A N t r a v e r sa l,... ) 45
36 U C -tr u ste d (T R P ) I m p l e m e ntatio n CUCM CME UC-tru sted Q os Control CUCM 7. 0 T R P S ta n d a r d MT P c o n f i g u r a ti o n o n r o u ter I mp l i c i t i n CME B 2 B UA Ep ho n e mtp o p ti o n UC-tru sted V L AN Control CUCM 7. 0 T R P S ta n d a r d MT P c o n f i g u r a ti o n o n r o u ter I mp l i c i t i n CME B 2 B UA Ep ho n e mtp o p ti o n UC-tru sted F W Control F u tu r e CME + I O S F W c o l l o c a ted o n s a me p l a tf o r m, T V R F CUCM 7. 0 T R P CUCM i s VR F - u n a w a r e, b u t c a n c o n n ec t i n to VR F - s eg men ted n etw o r k s a i d ed b y I O S T R P T I O S Mu l ti -VR F a n d VR F tr a v er s a l i n T S R S T N / A N / A N / A S i n g l e-vr F S I P S R S T : T S CCP S R S T : T 46
37 U C -T r u ste d V L A N T r av e r sal C ont r ol l i ng A cces s t o U C V L A N s ( 1 ) U C VLA N Mechanisms based o n A C L s r el y o n p o r t nu mber s no w ay t o ensu r e o nl y t r u st ed media ent er s U C V L A N D ata VLA N 47
38 U C -T r u ste d V L A N T r av e r sal C ont r ol l i ng A cces s t o U C V L A N s ( 2 ) U C VLA N Mechanisms based o n A C L s r el y o n p o r t nu mber s no w ay t o ensu r e o nl y t r u st ed media ent er s U C V L A N T R P e na b le s y o u t o li mi t e nt r y i nt o U C V L A N o nly t o me d i a st r e a ms c o nt r o lle d b y C U C M o r C M E ( T ) Pr o v i d e s a n e f f e c t i v e a nd si mple me c h a ni sm t o c o nt r o l a c c e ss t o U C V L A N s D ata VLA N 48
39 T R P f o r V R F tr av e r sal S e r v i c e s V R F i s k no w n t o a ll o t h e r V R F s C C M a nd T R P r e si d e i n S e r v i c e s V R F S i g na li ng F lo w t o t h e C C M i n S e r v i c e s V R F M e d i a F lo w b e t w e e n V R F s o c c u r s t h r o u g h T R P w h e n C C M si g na ls t h e T R P t o a llo w t h e f lo w K E Y D a t a / V o i c e V R F s S e r v i c e s V R F S i ng l e v s. m u l ti i nter f ac e TR P? 49
40 Bezpečn o st n í f u n k c e I P t el ef o n u 50
41 P h o ne Secu ri t y B as el i ne I nt erm B a s el i ne S i g n ed F i r mw a r e I ma g es S i g n ed Co n f i g u r a ti o n F i l es D i s a b l e G r a tu i to u s A R P D i s a b l e P C Vo i c e VL A N A c c es s Interm ed i a te F o r c ed A c c o u n t Co d es ed i at e - A d vanced X D i g i ta l Cer ti f i c a tes o n s el ec ted en d p o i n ts En s u r es en d p o i n t i d en ti ty A d v a nc ed T L S ( S S L v 3 ) En c r y p ti o n f o r S i g n a l i n g S ec u r e R ea l T i me P r o to c o l f o r Med i a b i t A ES P r i v a c y I n d i c a to r 51
42 S e c u r ing the E nd p o ints and I nte r nal E d g e S ecu ring E ndp oints C erti f i c a tes d i s a l l o w ro g u e C C M a nd p h o ne i ns erti o n E nc ry p ti o n p rev ents m ed i a i nterp reta ti o n (i f i nterc ep ted ) S ecu ring Access S u p p o rt x B l o c k i ng P C a c c es s to v o i c e V L A N D i s a b l e/ E na b l e P C p o rt D A I a nd S o u rc e G u a rd p rev ent m a n-i n- th e-m i d d l e a tta c k s o r tra f f i c B l o c k A c c ep ta nc e o f G A R P i nterc ep ti o n B l o c k W eb A c c es s (etterc a p, d s ni f f ) B l o c k S etti ng s B u tto n D H C P s no o p i ng s to p s D H C P s p o o f i ng a nd s ta rv a ti o n a tta c k s S i g ned f i rm w a re a nd c o nf i g f i l es p rev ent s ec u ri ty f ea tu res f ro m b ei ng s u b v erted 52
43 W P C P o r t o n the P ho ne h en to tu rn PC p ort off? Configu ration CL I tel ep h o ny -s erv i c e s erv i c e p h o ne p c P o rt 1 S l u x ecu rity Pol icy cal s for secu re access to th e netw ork sing Ph one s s u ppor t x / / / / / / S u p p ort for x for mu l tip l e dev ices on one sw itch p ort C i s c o S w i tc h es s u p p o rt s ta rti ng Q 1C Y 0 7 * P h o ne s u p p o rt ro a d m a p p ed * * p h l l Prev ents access into netw ork from ones in common areas ik e obby *S ta tu s no t kno w n **N o t C o mmitted 53
44 P C P o r t o n the P ho ne W h en to tu r n P C po r t o n? S ec u r i ty P o l i c y do es no t c al l f o r x au th enti c ati o n N eed to u se C V TA (C i sc o V i deo Tel eph o ny A dv antag e) f o r V i deo N eed to au th enti c ate o nl y P C s and no t th e ph o nes Ph o ne s su ppo r t s pr o x y E A PO L -L o g o f f 54
45 S e c u r ing E nd p o ints Bl o c k S e t t i n g s Bu t t o n h o i c s i c p h o s s A c c s a u l 0 = E b l tel ep ny -s erv e erv e ne etti ng es 1 (d ef t: na ed ) Bl o c k S p a n n i n g f r o m P C p o r t tel ep h o ny -s erv i c e s erv i c e p h o ne s p a nt o P C P o rt 1 (d ef a u l t: 0 = E na b l ed ) Bl o c k Br o w s i n g i n t o t h e P h o n e tel ep h o ny -s erv i c e s erv i c e p h o ne w eb A c c es s 1 (d ef a u l t: 0 = E na b l ed ) 55
46 E nc r y p te d v o ic e 56
47 m T L S : T r ansp o r t L ay e r S e c u r ity Formerly known as SSL: Secure Sockets Layer 3.0 S u p p o rts a ny a p p l i c a ti o n p ro to c o l N eed s s ec u re m eth o d to ex c h a ng e s h a red s ec ret H T T P S C C P F T P L D A P B i -d i rec ti o na l P K I p a i rs f o r T L S u tu a l a u th enti c a ti o n T ru s t b a s ed o n c erti f i c a tes T C P S h a red s ec ret g enera ted IP u s i ng R S A B i -d i rec ti o na l ex c h a ng e o f c erti f i c a tes es ta b l i s h es Id enti ty H M A C p ro v i d es Integ ri ty E nc ry p ti o n o f f ers P ri v a c y C o m p u tes H a s h ed M es s a g e A u th enti c a ti o n C o d e (H M A C ) A l l o w s M D 5 o r S H A 1 C o nv enti o na l c ry p to g ra p h y u s i ng s h a red s ec ret D E S, 3 D E S, A E S R C 2, R C 4 ID E A 57
48 T L S : T r ansp o r t L ay e r S e c u r ity Cisco u ses T L S for secu re signal ing betw een CCM and IP p h ones B i -d i rec ti o na l ex c h a ng e o f c erti f i c a tes f o r m u tu a l a u th enti c a ti o n R S A S i g na tu res H M A C -S H A -1 a u th enti c a ti o n ta g s i ns u re p a c k et i nteg ri ty A E S C B C enc ry p ti o n p ro tec ts s es s i o n k ey s, D T M F to nes & o th er d a ta * * o nl y a t th i s ti m e C TL C li e nt T L S h as a % h it on Cal l Manager p erformance 58
49 S R T P : S e c u r e R T P IE T F R F C for transp ort of secu re media Uses AE S for both au th entication and encryp tion H igh th rou gh p u t, l ow p ack et ex p ansion V P X C C M PT s e q u e nce nu mb e r ti me s tamp s ynch r oni z ati on s ou r ce (SSR C ) i de nti f i e r contr i b u ti ng s ou r ce s (C C R C ) i de nti f i e r s R TP e x te ns i on (opti onal) R T P p a y l o a d SR TP MK I -- 0 b yte s f or v oi ce A u th e nti cati on tag -- 4 b yte s f or v oi ce E nc ry p ted p o rti o n A u th enti c a ted p o rti o n 59
50 S R T P : S e c u r e R T P S R T P i s th e tra ns p o rt f o r a u th enti c a ted a nd enc ry p ted m ed i a IE T F R F C U s es H M A C -S H A -1 f o r a u th enti c a ti o n & A E S C M f o r enc ry p ti o n K ey s d eri v ed i n C C M s ent to p h o nes o v er T L S C u rrentl y o nl y s u p p o rted o n O v er ti m e, S R T P w i l l ro l e o u t to a b ro a d ra ng e o f p h o nes, g a tew a y s a nd a p p l i c a ti o ns C TL C li e nt S R T P p ack ets add 1 5 microseconds to l atency and are 4-7 bytes bigger th an R T P p ack ets 60
51 C er t i f i cat e-b as ed A u t h ent i cat i on and E ncr y p t i on Pu bl ic K ey / Priv ate K ey Pair X v 3 Digital Certificate S el f -S i g ned (C C M ) M IC f ro m C i s c o M nf g ( ) L S C f ro m C A P F ( / ) Certificate T ru st L ist C T L C l i ent T ransp ort L ayer S ecu rity R S A S i g na tu res H M A C -S H A -1 A u th T a g s A E S C B C E nc ry p ti o n S ecu re R T P H M A C -S H A -1 A u th T a g s A E S C M E nc ry p ti o n In Cal l Manager 4. 0, s u p p o M c w i a u & T L S & S R T P rts IC erts th th enc r / s u p p o rt L S C c erts w a u th T L S i th 61
52 S tav o v é ik o ny na te l e f o nu A u te nti z ov aný h ov or (ši f r ov aná s i g nali z ace ) A u te nti z ov aný a ši f r ov aný h ov or (ši f r ov aná s i g nali z ace a médi a) Si g nali z ace j e au te nti z ov ána a ši f r ov ána
53 Secure Conferencing 6 3
54 H W C o nf e r e nc e B r id g e C o nf ig u r atio n P ag e 64
55 N ew S ecu r i t y L ev el C onf i g u r at i on on M eet -M e P ag e 65
56 E nc r y p ting S ig nal ing and M e d ia: S I P S i g na li ng a u t h e nt i c a t i o n a nd e nc r y pt i o n su ppo r t f o r S I P g a t e w a y s u si ng T L S a nd S I PS i n ( 6 ) T [ PI 3 ] M e d i a a u t h e nt i c a t i o n a nd e nc r y pt i o n su ppo r t f o r S I P e nd po i nt s u si ng S R T P i n ( 6 th r e le a se ) T [ PI 6 ] S u ppo r t e d F lo w s: C a ll H o ld, S i g na li ng F o r k i ng, C a ll R e d i r e c t i o n, C a ll T r a nsf e r Pa r t i a lly su ppo r t e d : T. 3 8 c a ll st a r t s a s v o i c e c a ll c a n u se R T P o r S R T P a nd w h e n i t sw i t c h e s t o T. 3 8 i t w i ll f a llb a c k t o R T P N o t S u ppo r t e d : C o nf e r e nc i ng, I PI P G W, M e d i a F o r k i ng T h e u se o f S I PS u r l r e q u i r e s a ll h o ps i n t h e si g na li ng pa t h u se T L S a nd S I PS a nd e nsu r e s T L S e nd -t o -e nd 66
57 W E ncr y p t i ng S i g nal i ng and M ed i a: M G C P, S C C P (11)T C C M (14 )T Media and S ignal ing Au th entication and E ncryp tion for MG CP Media encryp tion on T I DS Ps, I P S ec CCM A N Media and S ignal ing Au th entication and E ncryp tion for S R S T Media encryp tion on T I DS Ps T L S T L S MG C P G W S R T P T L S T L S S R T P S R S T S R T P S C C P T L S a nd S R T P S u p p o rt i n / / / / / /
58 M W W E nc r y p ting S ig nal ing and M e d ia: S I P S i g na l i ng a u th enti c a ti o n a nd enc ry p ti o n s u p p o rt f o r S IP g a tew a y s u s i ng T L S a nd S IP S i n (6 )T [ P I3 ] T L S C C M CCM A N Media and S ignal ing Au th entication and E ncryp tion for S IP PI6 T L S T L S SIP G S R T P T L S T L S S R T P S R T P ed i a a u th enti c a ti o n a nd enc ry p ti o n s u p p o rt f o r S IP end p o i nts u s i ng S R T P i n (6 th rel ea s e)t [ P I6 ] S IP T L S a nd S R T P S u p p o rt i n / / / / F u l l Intero p era b i l i ty B etw S C C P a nd S ec u re S IP een S ec u re 68
59 E nc r y p ting S ig nal ing and M e d ia: H M edia a u th entica tio n a nd encr y p tio n s u p p o r t f o r H endp o ints u s ing S R T P S igna l ing a u th entica tio n a nd encr y p tio n s u p p o r t f o r H ga tekeep er a nd ga tew a y s u s ing I P S ec M edia encr y p tio n s u p p o r t o n [ ( 1 4 ) T ], *, T I [ ( 6 ) T ] D S P s ( N M -H D A -4 F X S, A I M -V O I C E -3 0 a n d A I M -A T M -V O I C E -3 0 ) W ith o u t I P S E C th e key s u s ed f o r media encr y p tio n a r e s ent in cl ea r tex t GW I P S ec H C C M 5. 0 T L S S CCP IP S E C H / H C a p a b i l i ty neg o ti a ti o n i nc l u d es S R T P p a ra m eters ex c h a ng e S R T P * N o t s u p p o r ted w ith 69
60 E nc r y p ting S ig nal ing and M e d ia: M isc T L S a nd S R T P f o r O t h e r A ppli c a t i o ns C i sc o U ni t y 4. 0 ( 5 ) I PC C 7. 0 U se sr t p f a llb a c k t o a llo w u n-e nc r y pt e d c a lls t o le g a c y d e v i c e s W i t h no sr t p f a llb a c k f a llb a c k t o u n-e nc r y pt e d mo d e f a i ls, a nd c a lls a r e t e r mi na t e d. 70
61 W F ir e w al l s and E nc r y p te d V o ic e F i x -u ps lo se t h e i r a b i li t y t o i nspe c t C a n u se A C L s t o a llo w si g na li ng a nd R T P PI X a nd A S A 7. 0 su ppo r t s t h e e st a b li sh e d A C L pa r a me t e r k no w n i n C i sc o I O S b u t d o e sn t w o r k w i t h U D P W o r k i n pr o g r e ss C i sc o ; T L S Pr o x y ( A S A 7. 3 ), Pa ss-t h r u M T P R T P st r e a m i s sy mme t r i c a l a nd U D P i nspe c t w o r k s f o r g e ne r a t e d pa c k e t s, a nd c a n b e po t e nt i a lly u se d no t t e st e d A N 71
62 C i sc o S y st em s b ec o m es t h e f i r st, a n d t o d a t e st i l l t h e o n l y, I P -T el eph o n y v en d o r t o ea r n M i er c o m s h i g h est r a t i n g o f S ec u r e f o r i t s pr o v en a b i l i t y t o d ef en d a n I P ph o n e ser v i c e a g a i n st m a l i c i o u s a t t a c k. A n ex per t t ea m o f h a c k er s, a ssem b l ed a n d su per v i sed b y M i er c o m, c o u l d n o t d i sr u pt, o r ev en d i st u r b, ph o n e ser v i c e o r f ea t u r es a f t er t h r ee r o u n d -t h e-c l o c k d a y s o f so ph i st i c a t ed a t t a c k s. S e c u r i t y o f C i s c o C a l l M a n a g e r -b a s e d I P T e l e p h o n y a g a i n s t m a l i c i o u s h a c k e r a t t a c k s b y M i e r c o m 7 2
63 C o si z p ře d náš k y o d nést B ezpečno st U C není dána v l astno stm i j edno tl i v ý c h pr o du k tů (ši f r o v ání, o c h r ana,...), al e j ej i c h k o m bi nac í a ar c h i tek tu r o u řešení C i sc o nabízí pr o zabezpečení U C j edi nečno u k o m bi nac i řešení v i nf r astr u k tu ře i na k o nc o v ý c h pr v c íc h. O bo j í se i deál ně do pl ňu j e. 73
64 75
1.- L a m e j o r o p c ió n e s c l o na r e l d i s co ( s e e x p li c a r á d es p u é s ).
PROCEDIMIENTO DE RECUPERACION Y COPIAS DE SEGURIDAD DEL CORTAFUEGOS LINUX P ar a p od e r re c u p e ra r nu e s t r o c o rt a f u e go s an t e un d es a s t r e ( r ot u r a d e l di s c o o d e l a
More informationH ig h L e v e l O v e r v iew. S te p h a n M a rt in. S e n io r S y s te m A rc h i te ct
H ig h L e v e l O v e r v iew S te p h a n M a rt in S e n io r S y s te m A rc h i te ct OPEN XCHANGE Architecture Overview A ge nda D es ig n G o als A rc h i te ct u re O ve rv i ew S c a l a b ili
More informationDevice I n s t r u m en t a t io n E x a m p l es : I P S L A s & N et F l o w Presented by Emmanuel Tychon Techni cal M ark eti ng Eng i neer TU D resden, J anuary 1 7 th 2 0 0 7 1. C is co I O S I P
More informationW Cisco Kompetanse eek end 2 0 0 8 SMB = Store Mu ll ii gg hh eter! Nina Gullerud ng ulleru@ c is c o. c o m 1 Vår E n t e r p r i s e e r f a r i n g... 2 S m å o g M e llo m s t o r e B e d r i f t e
More informationG ri d m on i tori n g w i th N A G I O S (*) (*) Work in collaboration with P. Lo Re, G. S av a and G. T ortone WP3-I CHEP 2000, N F N 10.02.2000 M e e t i n g, N a p l e s, 29.1 1.20 0 2 R o b e r 1
More informationCampus Sustainability Assessment and Related Literature
Campus Sustainability Assessment and Related Literature An Annotated Bibliography and Resource Guide Andrew Nixon February 2002 Campus Sustainability Assessment Review Project Telephone: (616) 387-5626
More informationFirst A S E M R e c to rs C o n f e re n c e : A sia E u ro p e H ig h e r E d u c a tio n L e a d e rsh ip D ia l o g u e Fre ie U n iv e rsitä t, B e rl in O c to b e r 2 7-2 9 2 0 0 8 G p A G e e a
More information1. Oblast rozvoj spolků a SU UK 1.1. Zvyšování kvalifikace Školení Zapojení do projektů Poradenství 1.2. Financování 1.2.1.
1. O b l a s t r o z v o j s p o l k a S U U K 1. 1. Z v y š o v á n í k v a l i f i k a c e Š k o l e n í o S t u d e n t s k á u n i e U n i v e r z i t y K a r l o v y ( d á l e j e n S U U K ) z í
More informationSCHOOL PESTICIDE SAFETY AN D IN TEG R ATED PEST M AN AG EM EN T Statutes put into law by the Louisiana Department of Agriculture & Forestry to ensure the safety and well-being of children and school personnel
More informationPSTN. Gateway. Switch. Supervisor PC. Ethernet LAN. IPCC Express SERVER. CallManager. IP Phone. IP Phone. Cust- DB
M IPCC EXPRESS Product Solution (IPCC - IP Co n t a c t Ce n t e r ) E i n f ü h r u n g Ü b e r h u nd e r t M il l io ne n N u t ze r - P r o g no s e n zu f o l g e w e r d e n e s in d ie s e m J ah
More informationCisco Security Agent (CSA) CSA je v í c eúčelo v ý s o f t w a r o v ý ná s t r o j, k t er ý lze p o už í t k v ynuc ení r ů zný c h b ezp ečno s t ní c h p o li t i k. CSA a na lyzuje c h o v á ní a
More informationSCO TT G LEA SO N D EM O Z G EB R E-
SCO TT G LEA SO N D EM O Z G EB R E- EG Z IA B H ER e d it o r s N ) LICA TIO N S A N D M ETH O D S t DVD N CLUDED C o n t e n Ls Pr e fa c e x v G l o b a l N a v i g a t i o n Sa t e llit e S y s t e
More informationEnterprise Data Center A c h itec tu re Consorzio Operativo Gruppo MPS Case S t u d y : P r o g et t o D i sast er R ec o v er y Milano, 7 Febbraio 2006 1 Il G r u p p o M P S L a B a n c a M o n t e d
More informationSIV for VoiceXM 3.0: a n g u a g e a n d A p p l ica t ion D es ig n C on s id era t ion s Ken Rehor C i s c o S y s t em s, I nc. krehor@cisco.com March 05, 2009 G VoiceXM Application Architecture PSTN
More informationCollaboration in Public H e alth be tw e e n U niv e rs ity of H e id e lbe rg and U niv e rs ity of D ar e s S alaam How t h e c oop e r a t i on e m e r g e d Informal c ont ac t s from e arly 1 9
More informationACE-1/onearm #show service-policy client-vips
M A C E E x a m Basic Load Balancing Using O ne A r m M ode w it h S ou r ce N A T on t h e C isco A p p licat ion C ont r ol E ngine Goal Configure b a s ic l oa d b a l a nc ing (L a y er 3 ) w h ere
More informationUNDERSTANDING FLOW PROCESSING WITHIN THE CISCO ACE M ODULE Application de liv e r y pr odu cts can distr ib u te tr af f ic to applications and w e b se r v ice s u sing v ar y ing le v e ls of application
More informationPut the human back in Human Resources.
Put the human back in Human Resources A Co m p l et e Hu m a n Ca p i t a l Ma n a g em en t So l u t i o n t h a t em p o w er s HR p r o f essi o n a l s t o m eet t h ei r co r p o r a t e o b j ect
More informationFORT WAYNE COMMUNITY SCHOOLS 12 00 SOUTH CLINTON STREET FORT WAYNE, IN 468 02 6:02 p.m. Ma r c h 2 3, 2 015 OFFICIAL P ROCEED ING S Ro l l Ca l l e a r d o f h o o l u e e o f t h e r t y m m u t y h o
More informationI n la n d N a v ig a t io n a co n t r ib u t io n t o eco n o m y su st a i n a b i l i t y
I n la n d N a v ig a t io n a co n t r ib u t io n t o eco n o m y su st a i n a b i l i t y and KB rl iak s iol mi a, hme t a ro cp hm a5 a 2k p0r0o 9f i,e ls hv oa nr t ds eu rmv oedye l o nf dae cr
More informationi n g S e c u r it y 3 1B# ; u r w e b a p p li c a tio n s f r o m ha c ke r s w ith t his å ] í d : L : g u id e Scanned by CamScanner
í d : r ' " B o m m 1 E x p e r i e n c e L : i i n g S e c u r it y. 1-1B# ; u r w e b a p p li c a tio n s f r o m ha c ke r s w ith t his g u id e å ] - ew i c h P e t e r M u la e n PACKT ' TAÞ$Æo
More informatione Videobewaking ov er I P Marty K n o p e rt 1 A l l m z u l l b t g r u m a k h w k h w k z a l z r E p r m a r k t t c m a r k t Video vision: e vor en va n video en in de na ij e oek om st eb ik en
More informationVictims Compensation Claim Status of All Pending Claims and Claims Decided Within the Last Three Years
Claim#:021914-174 Initials: J.T. Last4SSN: 6996 DOB: 5/3/1970 Crime Date: 4/30/2013 Status: Claim is currently under review. Decision expected within 7 days Claim#:041715-334 Initials: M.S. Last4SSN: 2957
More informationm Future of learning Zehn J a hr e N et A c a d ei n E r f o l g s p r o g r a m Cisco E x p o 2 0 0 7 2 6. J u n i 2 0 0 7, M e sse W ie n C. D or n in g e r, b m u k k 1/ 12 P r e n t t z d e r p u t
More informationEM EA. D is trib u te d D e n ia l O f S e rv ic e
EM EA S e c u rity D e p lo y m e n t F o ru m D e n ia l o f S e rv ic e U p d a te P e te r P ro v a rt C o n s u ltin g S E p p ro v a rt@ c is c o.c o m 1 A g e n d a T h re a t U p d a te IO S Es
More informationApplication Note: Cisco A S A - Ce r t if ica t e T o S S L V P N Con n e ct ion P r of il e Overview: T h i s a p p l i ca ti o n n o te e x p l a i n s h o w to co n f i g u r e th e A S A to a cco m
More informationC o a t i a n P u b l i c D e b tm a n a g e m e n t a n d C h a l l e n g e s o f M a k e t D e v e l o p m e n t Z a g e bo 8 t h A p i l 2 0 1 1 h t t pdd w w wp i j fp h D p u b l i c2 d e b td S t
More informationVideo og IP TV - h v or da n p هv ir k es n et t v er k en e? t t a d A c c o u n t M a n a g S P / T o m S m t Ole-P et er R s er elec eg en 1 Hva gjorde vi u t en T V.... 2 2 0 0 m il l s am t idige
More informationData Center end users for 40G/100G and market dy nami c s for 40G/100G on S M F Adam Carter Ci s c o 1 W Now that 40GbE is part of the IEEE 802.3ba there will be a wid er array of applic ation s that will
More informationIronPort Gateway Security Products The Leader in Communication Security Reiner Baumann IronPort Systems The Principles of Industry Leadership A n a l y s t L e a d e r s h i p R e c o g n i z e d a s t
More informationHow to Subnet a Network How to use this paper Absolute Beginner: Read all Sections 1-4 N eed a q uick rev iew : Read Sections 2-4 J ust need a little h elp : Read Section 4 P a r t I : F o r t h e I P
More informationG d y n i a U s ł u g a r e j e s t r a c j i i p o m i a r u c z a s u u c z e s t n i k ó w i m p r e z s p o r t o w y c h G d y s k i e g o O r o d k a S p o r t u i R e k r e a c j i w r o k u 2 0
More informationUnit 16 : Software Development Standards O b jec t ive T o p r o v id e a gu ide on ho w t o ac h iev e so f t wa r e p r o cess improvement through the use of software and systems engineering standards.
More informationM Mobile Based Clinical Decision Support System Bhudeb Chakravarti & Dr. Suman Bhusan Bhattacharyya Provider & Public Health Group, VBU-HL P S aty am C om puter S ervices L im ited Bhudeb_ C hak ravarti@
More informationM Fast forward into th e fu tu re Accelerating b u s ines s o p p o rtu nity and natio nal p ro s p erity Viktor Kovacs anaging D irecto r H u ngary & Ad riatic R egio n C h a n g e t h e w o r l d» O
More informationB a rn e y W a r f. U r b a n S tu d ie s, V o l. 3 2, N o. 2, 1 9 9 5 3 6 1 ±3 7 8
U r b a n S tu d ie s, V o l. 3 2, N o. 2, 1 9 9 5 3 6 1 ±3 7 8 T e le c o m m u n ic a t io n s a n d th e C h a n g in g G e o g r a p h ie s o f K n o w le d g e T r a n s m is s io n in th e L a te
More informationPositioning 40 and 100 GbE in data center inter-sw itch l ink ap p l ications and 40GbE PM D recom m endations Adam Carter, Cisco Al essan dro B arb ieri, Cisco 1 m Data Center inter-s w itc h l ink ap
More informationproxy cert request dn, cert, Pkey, VOMS cred. (short lifetime) certificate: dn, ca, Pkey mod_ssl pre-process: parameters->
Overview of the New S ec u rity M od el WP6 Meeting V I D t G R I D C o nf er enc e B r c el o ne, 1 2-1 5 M y 2 0 0 3 Overview focus is on VOMS C A d e t il s r e in D 7. 6 Se cur it y D e sig n proxy
More informationd e f i n i c j i p o s t a w y, z w i z a n e j e s t t o m. i n. z t y m, i p o jі c i e t o
P o s t a w y s p o і e c z e t s t w a w o b e c o s у b n i e p e і n o s p r a w n y c h z e s z c z e g у l n y m u w z g lb d n i e n i e m o s у b z z e s p o і e m D o w n a T h e a t t i t uodf
More information3 k t h R e m e A c c e s s b t t t V T T c h t h p V T. Cl ic e ot rad io ut on nex o PN unnel yp e and oose e ap rop riat e PN unnel Int erfac e. 4.
C i s c o P r o f i l e C o n t a c t s & F e e d b a c k H e l p Cisc o SM B Sup p ort Assist ant Configure ASA/PIX as Easy VPN Server or Client H om e > W ork W it h M y Sec urit y D ev ic es > Cisc
More informationUsing Predictive Modeling to Reduce Claims Losses in Auto Physical Damage
Using Predictive Modeling to Reduce Claims Losses in Auto Physical Damage CAS Loss Reserve Seminar 23 Session 3 Private Passenger Automobile Insurance Frank Cacchione Carlos Ariza September 8, 23 Today
More informationM P L S /V P N S e c u rity. 2 0 0 1, C is c o S y s te m s, In c. A ll rig h ts re s e rv e d.
M P L S /V P N S e c u rity M ic h a e l B e h rin g e r < m b e h rin g @ c is c o.c o m > M b e h rin g - M P L S S e c u rity 2 0 0 1, C is c o S y s te m s, In c. A ll rig h ts re s e rv e d. 1 W h
More informationw ith In fla m m a to r y B o w e l D ise a se. G a s tro in te s tin a l C lin ic, 2-8 -2, K a s h iw a z a, A g e o C ity, S a ita m a 3 6 2 -
E ffic a c y o f S e le c tiv e M y e lo id L in e a g e L e u c o c y te D e p le tio n in P y o d e r m a G a n g re n o su m a n d P so r ia sis A sso c ia te d w ith In fla m m a to r y B o w e l D
More informationBonn Declaration on Regional Cooperation in Quality Assurance in Higher Education Adopted on 20 June 2007 during the Conference Enhancing Quality Across Borders R egional Cooperation in Quality Assurance
More informationIntИg r a ti o n d e s s o l u ti o ns IB M e t C i s c o : C o l l a b o r a ti o n e t C o m m u ni c a ti o ns U ni f i Иe s ( U C 2 ) Mathieu in tr at Sales Business ev elop ent anag er om unic at
More informationG S e r v i c i o C i s c o S m a r t C a r e u ي a d e l L a b o r a t o r i o d e D e m o s t r a c i n R ل p i d a V e r s i n d e l S e r v i c i o C i s c o S m a r t C a r e : 1 4 ع l t i m a A c
More informationB I N G O B I N G O. Hf Cd Na Nb Lr. I Fl Fr Mo Si. Ho Bi Ce Eu Ac. Md Co P Pa Tc. Uut Rh K N. Sb At Md H. Bh Cm H Bi Es. Mo Uus Lu P F.
Hf Cd Na Nb Lr Ho Bi Ce u Ac I Fl Fr Mo i Md Co P Pa Tc Uut Rh K N Dy Cl N Am b At Md H Y Bh Cm H Bi s Mo Uus Lu P F Cu Ar Ag Mg K Thomas Jefferson National Accelerator Facility - Office of cience ducation
More informationA n d r e w S P o m e r a n tz, M D
T e le h e a lth in V A : B r in g in g h e a lth c a r e to th e u n d e r s e r v e d in c lin ic a n d h o m e A n d r e w S P o m e r a n tz, M D N a tio n a l M e n ta l H e a lth D ir e c to r f
More informationAN EVALUATION OF SHORT TERM TREATMENT PROGRAM FOR PERSONS DRIVING UNDER THE INFLUENCE OF ALCOHOL 1978-1981. P. A. V a le s, Ph.D.
AN EVALUATION OF SHORT TERM TREATMENT PROGRAM FOR PERSONS DRIVING UNDER THE INFLUENCE OF ALCOHOL 1978-1981 P. A. V a le s, Ph.D. SYNOPSIS Two in d ep en d en t tre a tm e n t g ro u p s, p a r t ic ip
More informationO s OAM Requirements for 40/100 GE Eth ernet AI S? Gary Nicholl C is co S ys t e m I E E E 8 0 2. 3 b a T as k F orce M arch 1 8, 2 0 0 8 rlan d o, F L 1 O O O O Background E t h e r n e t i s r a p i
More informationW Regional Cooperation in the Field of A u tom otiv e E ngineering in S ty ria Dr. Peter Riedler 2 9.1 1.2 0 1 1 i e n GmbH Graz B u s ines s S trategy S ty ria 2 0 2 0 H is tory 1 9 9 4 1 9 9 5 1 9 9
More informationMPLS VPN (RFC2547bis) Seminar P c h i u p c h i. i u p c h i @ c i s c c Umberto os mberto@ os t os o. om Umberto P os c h i 1 MPLS What i t I s N o t an d What I t I s MPLS IS NOT a mechanism that allows
More informationW h a t is m e tro e th e rn e t
110 tv c h a n n e ls to 10 0 0 0 0 u s e rs U lf V in n e ra s C is c o S y s te m s 2 0 0 2, C is c o S y s te m s, In c. A ll rig h ts re s e rv e d. 1 W h a t is m e tro e th e rn e t O b je c tiv
More informationOpis przedmiotu zamówienia - zakres czynności Usługi sprzątania obiektów Gdyńskiego Centrum Sportu
O p i s p r z e d m i o t u z a m ó w i e n i a - z a k r e s c z y n n o c i f U s ł u i s p r z» t a n i a o b i e k t ó w G d y s k i e C eo n t r u m S p o r t us I S t a d i o n p i ł k a r s k i
More informationCREATE SHAPE VISUALIZE
SHAPE VISUALIZE B I M E q u i t y BIM Workflow Guide SHAPE VISUALIZE Introduction We o e to t e r t ook i t e BIM Workflow erie I t e o owi ter we wi o er e eryt i eeded or you to ter t e i o re ti i d
More informationPractice Writing the Letter A
Aa Practice Writing the Letter A A a A a Write a in the blank to finish each word. c t re h d Write A in the blank to finish each word. nn US ndy Bb Practice Writing the Letter B B b B l P b Write b in
More information<?xml version="1.0" encoding="utf-8"?> <soapenv:envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
Applicazioni Java W S con Ax is sistema di tr ac c iab il ità ag r o al imen tar e Ing. Mario G.C.A. Cimino M.G.C.A.Cimino, Applicazioni Java-W S con Ax is, D ipar t ime nt o d i I ng e g ne r ia d e ll
More informationPRIMER TESTIMONIO. -F o l i o n ú m e r o 1 2 0. ḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋḋ ESC RITU RA NU MERO TREINTA.- E n l a c i u d a d d e B u e n os A i r e s, c a p i t a l d e l a R e p ú b l i c
More informationOnline Department Stores. What are we searching for?
Online Department Stores What are we searching for? 2 3 CONTENTS Table of contents 02 Table of contents 03 Search 06 Fashion vs. footwear 04 A few key pieces 08 About SimilarWeb Stepping up the Competition
More informationThe Business Case for D om aink ey s I d ent ified M ail Andy Spillane V ic e P r es ident, Y ah o o! M February 13, 2006 ail 1 Fighting Spam & Email Abuse R eq uir es a M ulti-fac eted Appr o ac h DomainKeys
More information8 / c S t a n d a r d w y m a g a ń - e g z a m i n c z e l a d n i c z y dla zawodu Ś L U S A R Z Kod z klasyfikacji zawodów i sp e cjaln oś ci dla p ot r ze b r yn ku p r acy Kod z klasyfikacji zawodów
More informationCisco Unified Com m u nica t ions M a na g er 6. 0 I S A M, E d u c N o N o b 2 7, 2 0 0 7 Christian Greve atio n rthw est vem er 2 0 0 7 C i s c o S y s t e m s, I n c. A l l r i g h t s r e s e r v e
More informationOntwikkelingen van R o u ter N etwer ken Fred Rabouw 1 3-t i e r R o u t e r N e t w e r k e n. Core: forwarden van grote h oeveel h eden data. D i s tri b u ti e: Cl as s i fi c eren en fi l teren A c
More informationM Official Bologna S e m inar Joint d e gr e e s- A H allm ar k of t h e E u r op e an H igh e r E d u cat ion A r e a? R e s u l t s o f q u e s t i o n n a i r e s e n t t o B o l o g n a F o l l o w
More informationHow To Know If You Are A Good Or Bad Person
QuesCom I P -T E L E F O N I E & G S M -G A T E W A Y S Robert Urban D i rec tor I nternati onal S al es Agenda Üb e r Q u e s C o m K u n d e n M a r k t üb e r s i c h t Q u e s c o m Lös u n g Q u e
More informationInternationalization strategy of the SEPT Program Design of market-oriented training and ed u c ation p rod u c ts Utz D o r n b e r g e r ( Un i v e r s i ty o f L e i p zi g ) & N g u y e n T h i T h
More informationOverview of Spellings on www.spellzoo.co.uk
Overview of Spellings on www.spellzoo.co.uk Year 1 Set 1: CVC words Set 2: CVC and CCVC words Set 3: CVC, CCVC and CCVCC words Set 4: Words containing 'ch', 'sh', 'th' and 'wh' Set 5: Words ending in 'll',
More informationDrive your marketing with Cisco Get more from your SMB marketing with Cisco Marketing Serv ices Quick Reference Guide All co n t e n t s a r e C o p y r i g h t 20 0 8 C i s co S y s t e m s, I n c. All
More informationUnderstanding, Modelling and Improving the Software Process. Ian Sommerville 1995 Software Engineering, 5th edition. Chapter 31 Slide 1
Process Improvement Understanding, Modelling and Improving the Software Process Ian Sommerville 1995 Software Engineering, 5th edition. Chapter 31 Slide 1 Process improvement Understanding existing processes
More information1 9 / m S t a n d a r d w y m a g a ń - e g z a m i n m i s t r z o w s k i dla zawodu M E C H A N I K P O J A Z D Ó W S A M O C H O D O W Y C H Kod z klasyfikacji zawodów i sp e cjaln oś ci dla p ot r
More informationChem 115 POGIL Worksheet - Week 4 Moles & Stoichiometry Answers
Key Questions & Exercises Chem 115 POGIL Worksheet - Week 4 Moles & Stoichiometry Answers 1. The atomic weight of carbon is 12.0107 u, so a mole of carbon has a mass of 12.0107 g. Why doesn t a mole of
More informationIII Bienal de Autismo Página 1 / 43
III Bienal de Autismo Página 1 / 43 A Direcção da APPDA N ort e dá -v os as B oas V in das à I I I B ien al de Au t is m q u e es t a corres p on da à s v os s as ex p ect at iv as com o t em a em deb
More informationBLADE 12th Generation. Rafał Olszewski. Łukasz Matras
BLADE 12th Generation Rafał Olszewski Łukasz Matras Jugowice, 15-11-2012 Gl o b a l M a r k e t i n g Dell PowerEdge M-Series Blade Server Portfolio M-Series Blades couple powerful computing capabilities
More informationSEPTEMBER Unit 1 Page Learning Goals 1 Short a 2 b 3-5 blends 6-7 c as in cat 8-11 t 12-13 p
The McRuffy Kindergarten Reading/Phonics year- long program is divided into 4 units and 180 pages of reading/phonics instruction. Pages and learning goals covered are noted below: SEPTEMBER Unit 1 1 Short
More informationDer Bologna- P roz es s u nd d i e S t aat s ex am Stefan Bienefeld i na Service-St el l e B o l o g n a d er H R K Sem in a r D er B o l o g n a P ro z es s U m s et z u n g u n d M it g es t a l t u
More informationWorkload Management Services. Data Management Services. Networking. Information Service. Fabric Management
The EU D a t a G r i d I n f o r m a t i o n a n d M o n i t o r i n g S er v i c es The European D at ag ri d P roj ec t Team http://www.eu- d a ta g r i d.o r g DataGrid is a p ro j e c t f u n de d
More informationWith Rejoicing Hearts/ Con Amor Jovial. A Fm7 B sus 4 B Cm Cm7/B
for uli With Rejoic Herts/ on mor ol dition # 10745-Z1 ime ortez Keyord ccompniment y effy Honoré INTRO With energy ( = c 88) Keyord * m7 B sus 4 B 7/B mj 9 /B SMPL B 7 *Without percussion, egin he 1995,
More informationCLASS TEST GRADE 11. PHYSICAL SCIENCES: CHEMISTRY Test 6: Chemical change
CLASS TEST GRADE PHYSICAL SCIENCES: CHEMISTRY Test 6: Chemical change MARKS: 45 TIME: hour INSTRUCTIONS AND INFORMATION. Answer ALL the questions. 2. You may use non-programmable calculators. 3. You may
More informationB R T S y s te m in S e o u l a n d In te g r a te d e -T ic k e tin g S y s te m
Symposium on Public Transportation in Indian Cities with Special focus on Bus Rapid Transit (BRT) System New Delhi 20-21 Jan 2010 B R T S y s te m in S e o u l a n d In te g r a te d e -T ic k e tin g
More informationThuraya XT-LITE Simple. Reliable. Affordable.
Thuraya XT-LITE Simple. Reliable. Affordable. www.thuraya.com Follow us on /thurayatelecom Stayi n g c on n ec ted has n ever b een thi s eas y. In trodu c i n g T hu raya X T -LIT E, the wo r l d s be
More informationEmerging Security T h rea ts Maurizio Taffone m t affone@ c is c o. c om P rod uc t Manag er S ec urit y E urop ean Mark et s 1 Agenda Trends in Motivation E x ist ing t h rea t s a nd L e s s ons f r
More informationJCUT-3030/6090/1212/1218/1325/1530
JCUT CNC ROUTER/CNC WOODWORKING MACHINE JCUT-3030/6090/1212/1218/1325/1530 RZNC-0501 Users Guide Chapter I Characteristic 1. Totally independent from PC platform; 2. Directly read files from U Disk; 3.
More informationWorkload Management Services. Data Management Services. Networking. Information Service. Fabric Management
The EU D a t a G r i d D a t a M a n a g em en t (EDG release 1.4.x) T h e Eu ro p ean Dat agri d P ro j ec t T eam http://www.e u - d a ta g r i d.o r g DataGrid is a p ro j e c t f u n de d b y th e
More information\m r l pe r. Con fo rm e a l i a No rm a UN I EN ISO 1 4 0 0 1 : 2004
f F Reoolam en to \m r l pe r I ' u t i l izzo d e l l e a u tovettu re Co n fo rm e a l i a N o rm a U N I EN ISO 9 0 0 t : 2 0 0 8 Con fo rm e a l i a No rm a UN I EN ISO 1 4 0 0 1 : 2004 Regolamen to
More informationCIS CO S Y S T E M S. G u ille rm o A g u irre, Cis c o Ch ile. 2 0 0 1, C is c o S y s te m s, In c. A ll rig h ts re s e rv e d.
CIS CO S Y S T E M S A c c e s s T e c h n o lo g y T e le c o m /IT Co n n e c tiv ity W o rk s h o p G u ille rm o A g u irre, Cis c o Ch ile g m o.a g u irre @ c is c o.c o m S e s s io n N u m b e
More informationHow To Be A Successful Thai
D The Joint Master of Science eg ree C ou rse in V eterinary P u b l ic H eal th ( MScVPH), F U -C MU Dr. L e rt ra k S ri k i t j a k a rn R e g i o n a l C e n t re f o r V e t e ri n a ry P u b l i
More informationR e t r o f i t o f t C i r u n i s g e C o n t r o l
R e t r o f i t o f t C i r u n i s g e C o n t r o l VB Sprinter D e s c r i p t i o n T h i s r e t r o f i t c o n s i s t s o f i n s t a l l i n g a c r u i s e c o n t r o l s wi t c h k i t i n
More informationC + + a G iriş 2. K o n tro l y a p ıla rı if/e ls e b re a k co n tin u e g o to sw itc h D ö n g ü le r w h ile d o -w h ile fo r
C + + a G iriş 2 K o n tro l y a p ıla rı if/e ls e b re a k co n tin u e g o to sw itc h D ö n g ü le r w h ile d o -w h ile fo r F o n k s iy o n la r N e d ir? N a s ıl k u lla n ılır? P ro to tip v
More informationChem 115 POGIL Worksheet - Week 4 Moles & Stoichiometry
Chem 115 POGIL Worksheet - Week 4 Moles & Stoichiometry Why? Chemists are concerned with mass relationships in chemical reactions, usually run on a macroscopic scale (grams, kilograms, etc.). To deal with
More information1 7 / c S t a n d a r d w y m a g a ń - e g z a m i n c z e l a d n i c z y dla zawodu M E C H A N I K - M O N T E R M A S Z Y N I U R Z Ą D Z E Ń Kod z klasyfikacji zawodów i sp e cjaln oś ci dla p ot
More informationOPENBARE ZITTING 1. U ni f o r m e a l g e m e ne p o l i t i e v e r o r d e ni ng e n p u nc t u e l e i m p l e m e nt a t i e GAS ( g e m e e nt e l i j k e a d m i ni s t r a t i e v e s a nc t i
More informationExcel Invoice Format. SupplierWebsite - Excel Invoice Upload. Data Element Definition UCLA Supplier website (Rev. July 9, 2013)
Excel Invoice Format Excel Column Name Cell Format Notes Campus* Supplier Number* Invoice Number* Order Number* Invoice Date* Total Invoice Amount* Total Sales Tax Amount* Discount Amount Discount Percent
More informationCORSO AVANZATO DI NEGOZIAZIONE Un laboratorio intensivo per lo sviluppo e la pratic a d elle c apac ità neg oz iali Scotwork Italia S.r.l. C op y rig h t 2 0 0 6 1 O I m p l t l t z o l N o z n n l h l
More informationTransient Voltage Suppressor SMBJ5.0 - SMBJ440CA
Features: Glass passivated junction Low incremental surge resistance, excellent clamping capability 600W peak pulse power capability with a 10/1,000μs waveform, repetition rate (duty cycle): 0.01% Very
More informationUNIK4250 Security in Distributed Systems University of Oslo Spring 2012. Part 7 Wireless Network Security
UNIK4250 Security in Distributed Systems University of Oslo Spring 2012 Part 7 Wireless Network Security IEEE 802.11 IEEE 802 committee for LAN standards IEEE 802.11 formed in 1990 s charter to develop
More informationHR DEPARTMENTAL SUFFIX & ORGANIZATION CODES
HR DEPARTMENTAL SUFFIX & ORGANIZATION CODES Department Suffix Organization Academic Affairs and Dean of Faculty, VP AA 1100 Admissions (Undergraduate) AD 1330 Advanced Ceramics, Colorado Center for--ccac
More informationLEADING TECHNOLOGICAL INNOVATION & PRODUCTIVITY IMPROVEMENT ACROSS THE SUPPLY CHAIN
LEADING TECHNOLOGICAL INNOVATION & PRODUCTIVITY IMPROVEMENT ACROSS THE SUPPLY CHAIN AN EVALUATION OF THE ALC INTERMODAL VISIBILITY PILOT OF THE GS1 ELECTRONIC PRODUCT CODE INFORMATION SERVICE (EPCIS) STANDARD
More informationCisco Self-D efen d in g N et w Adaptive Threat Defense or k Latest Product Announcements 1 N ew Secu r it y Ch a llen g es E d g e F i r e w a l l i n g I n t r u s i o n & W o r m M i t i g a t i o n
More informationVoxeo CXP Analyzer Report Samples
Analysis of phone self-services including business tasks, customer behavior, application tuning, and system performance TABLE OF CONTENTS Introduction... 2 Business Task Analysis... 3 Personalization Analysis...
More information