Secure distribution of the device identity in mobile access network. Konstantin Shemyak senior security specialist, Nokia Siemens Networks
|
|
- Naomi O’Brien’
- 8 years ago
- Views:
Transcription
1 Secure distribution of the device identity in mobile access network Konstantin Shemyak senior security specialist, Nokia Siemens Networks 1 MobiSec-2010 Secure distribution of the device identity in mobile access network / KSh / May 2010
2 Telecommunication network: an overview User equipment Radio access network Transport network ( Non-access stratum ) Core network Internet Radical changes in radio access network do not seem to notably affect the security situation (standardization!) Security of the core network is still in tight hands of operators Security of the transport network raises issues 2 MobiSec-2010 Secure distribution of device identity in mobile access network / Konstantin Shemyak / May 2010
3 Telecommunication network Internet Originated and evolved as commercial network Links physically owned Access in most cases controlled, in most cases paid Users always identified Originated as military university network Links owned by side providers Access often anonymous, often free Difference in the acceptance level and expectations from users: A home appliance, same availability and reliability expected Gift from the heaven great if it works Viruses / malware / spyware Call technical support Reinstall Windows 3 MobiSec-2010 Secure distribution of device identity in mobile access network / Konstantin Shemyak / May 2010
4 New threats to telco networks Remote attacks against base stations, core nodes network is in general more easily accessible Local physical attacks to the equipment equipment is smarter and uses more open components Node IP network (Internet) Malicious or captured host(s) MME S-GW UPE 76 7 Attack examples 1. Tamper with 2. Rogue nodes 3. Tamper with nw node 4. Disturb transmission 5. Jam radio (~DoS) 6. Tamper with core nodes 7. Tamper with terminal Outdoor site 6 Some potential attacks Threats: lost of confidentiality/privacy, data theft, DoS, unauthorized services 4 MobiSec-2010 Secure distribution of device identity in mobile access network / Konstantin Shemyak / May 2010
5 Telecom IP network security: should it be difficult? Internet security: somewhere good (banks?), somewhere very poor (botnets, malware, spying/tracking, privacy breaches) Cost the only question Generally, when it was standardized it was done radio access security, user security (SIM) starting from GSM otherwise sometimes yes, often not privacy, access control Technically all means are there and have already been for quite a while IPSec, TLS, user authentication with cryptographic credentials or host authentication 5 MobiSec-2010 Secure distribution of device identity in mobile access network / Konstantin Shemyak / May 2010
6 Authentication of IP hosts 1. pre-shared secrets 2. RSA keys 3. PGP keys 4. X.509 certificates. Standardization status GSM, WCDMA: Non-access stratum (transport) network protection is considered operator s internal business and not covered LTE: 3GPP , sec.11 mandates support (not necessarily usage) or IPSec/IKE and X.509 certificates. 6 MobiSec-2010 Secure distribution of device identity in mobile access network / Konstantin Shemyak / May 2010
7 Telecom-specific problems: initial identity distribution Base station become cheaper (questionably ), smaller, often located in places, which are more difficult (=expensive) to access than regular controlled premises Plug-and-play base stations and selforganizing networks are the buzz Logistics (of many our customers at least) does not leave a convenient place/time for maintenance by the operator operators are not willing at all to do any maintenance of their equipment Without initial trusted identity, transport network is as secure as the Internet is At the moment, there is no generic way for connecting PKIs of two organizations: buying certificates certifying by common party crosscertifying out-of-band delivery 7 MobiSec-2010 Secure distribution of device identity in mobile access network / Konstantin Shemyak / May 2010
8 The Secure Identity Distribution solution 1. Base stations are issued vendor certificate at the factory. Hardware information (serial number) is in the subject field No customer-specific or area-specific data it is normally not known at the manufacturing phase would increase logistics complexity and manufacturing costs 2. An identity management server is delivered to the operator. Has built-in trust to the operator s certificate One server per customer, no critical high-availability requirements Either acts as stand-alone (root) operator s certificate authority (CA), or as a RA connected to the operator s CA 3. Identity management server recognizes the vendor certificate, authenticates the base station in the operator s network, and issues the operator s certificate. Starting from that moment, operator has sole control over the identity of the network element Certificate 1 Name xxx Public Key 1 Validity IDM server Certificate 1 Name xxx Public Key 1 Validity 8 MobiSec-2010 Secure distribution of device identity in mobile access network / Konstantin Shemyak / May 2010
9 Device identity enrollment 1/ 2 : up to delivery 7. Deliver 1. Manufacture 2. Create keypair Operator HW DB Factory RA IDM Certificate 1 Name xxx Public Key 1 Validity 5. Deliver shipment data 4. Return the certificate 3. Request certificate 9 MobiSec-2010 Secure distribution of device identity in mobile access network / Konstantin Shemyak / May 2010
10 Device identity enrollment 2 / 2 after installation 8. Connect new NE Certificate 1 Name xxx Public Key 1 Validity 10. IPSec connection establishment (IKE) 9. Request operator s certificate Certificate 1 Name xxx Public Key 1 Validity IDM server HW DB 11. Start secure communications Peer node e.g., controller, gateway 10 MobiSec-2010 Secure distribution of device identity in mobile access network / Konstantin Shemyak / May 2010
11 Summary of SID messaging IDM Vendor HW DB server Station on site NE is manufactured and preconfigured with own certificate with serial # (or any other HW ID) in the subject field NE is shipped to operator Share shipment data Serial # check Request a certificate Identity proof: Own serialbased cert signed by vendor. Operator s IDM has trust to it. NE connected and powered on untrusted, identity proof is required operator s certificate IKE established with peered NE secure communication with peer nodes (e.g. or controller) can be started 11 MobiSec-2010 Secure distribution of device identity in mobile access network / Konstantin Shemyak / May 2010
12 Summary Mobile network operators would (probably) like to have their network secure but not at any price! the security solution will not fly if it is too expensive (in sense of either initial investment or lifetime maintenance) For rapidly evolving networks, distribution of the initial trust is an expensive and sensitive procedure A cost-efficient method, especially well suited for base stations, is described optimized for existing business relationships between equipment vendor and network operator works already now (no waiting for standardization, vendor/operator PKI integration), but is completely future-proof. 12 MobiSec-2010 Secure distribution of device identity in mobile access network / Konstantin Shemyak / May 2010
13 Thank you! 13 MobiSec-2010 Secure distribution of the device identity in mobile access network / KSh / May 2010
14 Standard security components: IPSec/IKE, TLS IPSec and TLS are the standardized means to encrypt and authenticate the IP traffic. Data can not be eavesdropped or modified (without receiver noticing this). Note: SSL is a predecessor of TLS, now obsolete. Do not use this abbreviation. In order to encrypt/authenticate anything, keys are needed. IKE is a protocol used with IPSec for key negotiation. Normally IKE and IPSec are used together. TLS itself contains key negotiation. Both solutions first exchange some control information including key agreement Note: this can be done without ever sending key over the network. What s the difference? Usually implemented in Application Operating system Operating system HW/drivers Protocol stack App Transport IP MAC/Phys Security solution TLS Equally strong cryptographically IPSec IPSec is usually implemented and managed inside the OS. TLS is an OS service which is normally available directly to the applications. In most cases, one is easier to manage than the other. Typically, IPSec is more suitable for host-wide configuration, and TLS for application-wide. Examples: VPN client / Web browser 14 MobiSec-2010 Secure distribution of device identity in mobile access network / Konstantin Shemyak / May 2010
How to secure an LTE-network: Just applying the 3GPP security standards and that's it?
How to secure an LTE-network: Just applying the 3GPP security standards and that's it? Telco Security Day @ Troopers 2012 Peter Schneider Nokia Siemens Networks Research 1 Nokia Siemens Networks 2012 Intro
More informationLTE transport network security Jason S. Boswell Head of Security Sales, NAM Nokia Siemens Networks
LTE transport network security Jason S. Boswell Head of Security Sales, NAM Nokia Siemens Networks 1 Nokia Siemens Networks New evolved Networks - new security needs Walled Garden Transport & Protocols
More informationScenario: Remote-Access VPN Configuration
CHAPTER 7 Scenario: Remote-Access VPN Configuration A remote-access Virtual Private Network (VPN) enables you to provide secure access to off-site users. ASDM enables you to configure the adaptive security
More informationAn Oracle White Paper December 2013. The Value of Diameter Signaling in Security and Interworking Between 3G and LTE Networks
An Oracle White Paper December 2013 The Value of Diameter Signaling in Security and Interworking Between 3G and LTE Networks Introduction Today s mobile networks are no longer limited to voice calls. With
More informationScenario: IPsec Remote-Access VPN Configuration
CHAPTER 3 Scenario: IPsec Remote-Access VPN Configuration This chapter describes how to use the security appliance to accept remote-access IPsec VPN connections. A remote-access VPN enables you to create
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationSecuring Distribution Automation
Securing Distribution Automation Jacques Benoit, Cooper Power Systems Serge Gagnon, Hydro-Québec Luc Tétreault, Hydro-Québec Western Power Delivery Automation Conference Spokane, Washington April 2010
More informationCyberoam Configuration Guide for VPNC Interoperability Testing using DES Encryption Algorithm
Cyberoam Configuration Guide for VPNC Interoperability Testing using DES Encryption Algorithm Document Version:2.0-12/07/2007 IMPORTANT NOTICE Elitecore has supplied this Information believing it to be
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More information4G Mobile Networks At Risk
07.05.1203 Consortium Attack analysis and Security concepts for MObile Network infastructures supported by collaborative Information exchange 4G Mobile Networks At Risk The ASMONIA Threat and Risk Analysis
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationMobile Devices Security: Evolving Threat Profile of Mobile Networks
Mobile Devices Security: Evolving Threat Profile of Mobile Networks SESSION ID: MBS-T07 Anand R. Prasad, Dr.,ir., Selim Aissi, PhD Objectives Introduction Mobile Network Security Cybersecurity Implications
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationUsing Entrust certificates with VPN
Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark
More informationOtas%serumquis%es%explibu%sanimet%et%aut%omnisse Otas%serumquis%es%explibu%sanimet%et%aut%omnisse%nimpore%rendae% nonecerum% NUCLEUS BVBA MATTIAS GENIAR SENIOR SYSTEM ENGINEER dolorem.% MATTIAS@NUCLEUS.BE
More informationMobile Device Management A Functional Overview
Mobile Device Management A Functional Overview Gopal Tatte #1, Dr. G. R. Bamnote #2 1# ME 1 st Yr. Department of Computer Science and Engineering, Sant Gadge Baba Amravati University Prof Ram Meghe Institute
More informationTLS and SRTP for Skype Connect. Technical Datasheet
TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security
More informationConfiguring TheGreenBow VPN Client with a TP-LINK VPN Router
Configuring TheGreenBow VPN Client with a TP-LINK VPN Router This chapter describes how to configure TheGreenBow VPN Client with a TP-LINK router. This chapter includes the following sections: Example
More informationMcAfee Firewall Enterprise 8.2.1
Configuration Guide FIPS 140 2 Revision A McAfee Firewall Enterprise 8.2.1 The McAfee Firewall Enterprise FIPS 140 2 Configuration Guide, version 8.2.1, provides instructions for setting up McAfee Firewall
More informationSECURING DATA IN TRANSIT
SECURING DATA IN TRANSIT illumio.com WP20150729 CONTENTS OVERVIEW 3 Business drivers 3 Current challenges with securing data in transit 3 The Illumio solution 3 CURRENT APPROACHES TO SECURING DATA IN TRANSIT
More informationOn LTE Security: Closing the Gap Between Standards and Implementation
On LTE Security: Closing the Gap Between Standards and Implementation A Thesis submitted to the Faculty of Worcester Polytechnic Institute In partial fulfillment for the requirements for the Degree of
More informationNokia Networks. security you can rely on
Nokia Networks security you can rely on Protecting communication networks is critical 7 billion mobile subscriptions in 2014 1 Mobile broadband network traffic expected to grow by a factor of 1,000 by
More informationHughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R
HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R HughesNet Managed Broadband Network Services include a high level of end-toend security utilizing a robust architecture designed by
More informationEntrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.
Entrust Managed Services PKI Getting an end-user Entrust certificate using Entrust Authority Administration Services Document issue: 2.0 Date of issue: June 2009 Revision information Table 1: Revisions
More informationCONTENTS. PCI DSS Compliance Guide
CONTENTS PCI DSS COMPLIANCE FOR YOUR WEBSITE BUILD AND MAINTAIN A SECURE NETWORK AND SYSTEMS Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not
More informationPublic Key Infrastructure (PKI)
Public Key Infrastructure (PKI) In this video you will learn the quite a bit about Public Key Infrastructure and how it is used to authenticate clients and servers. The purpose of Public Key Infrastructure
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationLTE Security How Good Is It?
LTE Security How Good Is It? Michael Bartock IT Specialist (Security) National Institute of Standards & Technology Jeffrey Cichonski IT Specialist (Security) National Institute of Standards & Technology
More informationMcAfee Firewall Enterprise 8.3.1
Configuration Guide Revision A McAfee Firewall Enterprise 8.3.1 FIPS 140-2 The McAfee Firewall Enterprise FIPS 140-2 Configuration Guide, version 8.3.1, provides instructions for setting up McAfee Firewall
More informationPublic Key Infrastructure
UT DALLAS Erik Jonsson School of Engineering & Computer Science Public Key Infrastructure Murat Kantarcioglu What is PKI How to ensure the authenticity of public keys How can Alice be sure that Bob s purported
More informationHMS Industrial Networks
HMS Industrial Networks Putting industrial applications on the cloud Whitepaper Best practices for managing and controlling industrial equipment remotely. HMS Industrial Networks AB Stationsgatan 37 30245
More informationPermeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions
Permeo Technologies WHITE PAPER HIPAA Compliancy and Secure Remote Access: Challenges and Solutions 1 Introduction The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996 has had an
More informationConfiguration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview
Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall Overview This document describes how to implement IPSec with pre-shared secrets establishing
More informationSecurity MWC 2014. 2013 Nokia Solutions and Networks. All rights reserved.
Security MWC 2014 2013 Nokia Solutions and Networks. All rights reserved. Security Ecosystem overview Partners Network security demo + End-user security demo + + + + NSN end-to-end security solutions for
More informationIndustrial Communication. Securing Industrial Wireless
Industrial Communication Whitepaper Securing Industrial Wireless Contents Introduction... 3 Wireless Applications... 4 Potential Threats... 5 Denial of Service... 5 Eavesdropping... 5 Rogue Access Point...
More informationFundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals
Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure.
More informationInternal Server Names and IP Address Requirements for SSL:
Internal Server Names and IP Address Requirements for SSL: Guidance on the Deprecation of Internal Server Names and Reserved IP Addresses provided by the CA/Browser Forum June 2012, Version 1.0 Introduction
More informationMAC Web Based VPN Connectivity Details and Instructions
MAC Web Based VPN Connectivity Details and Instructions UMDNJ s Web-based VPN utilizes an SSL Based Cisco Application that provides VPN functionality without having to install a full client for end users
More informationAchieving Truly Secure Cloud Communications. How to navigate evolving security threats
Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.
More informationAvaya TM G700 Media Gateway Security. White Paper
Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional
More informationAvaya G700 Media Gateway Security - Issue 1.0
Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise
More informationAuthentication as a Service for LTE Base Stations
White Paper Authentication as a Service for LTE Base Stations Prepared by Patrick Donegan Senior Analyst, Heavy Reading www.heavyreading.com on behalf of www.symantec.com May 2012 New Network Security
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationCertificate Management. PAN-OS Administrator s Guide. Version 7.0
Certificate Management PAN-OS Administrator s Guide Version 7.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationChapter 4 Virtual Private Networking
Chapter 4 Virtual Private Networking This chapter describes how to use the virtual private networking (VPN) features of the FVL328 Firewall. VPN tunnels provide secure, encrypted communications between
More informationSecurity Characteristics of Cryptographic Mobility Solutions
Security Characteristics of Cryptographic Mobility Solutions Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 sarbari@electrosoft-inc.com http://www.electrosoft-inc.com Agenda What is a Cryptographic
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationThe Cisco ASA 5500 as a Superior Firewall Solution
The Cisco ASA 5500 as a Superior Firewall Solution The Cisco ASA 5500 Series Adaptive Security Appliance provides leading-edge firewall capabilities and expands to support other security services. Firewalls
More informationA SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1
A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 1 Royal Holloway, University of London 2 University of Strathclyde ABSTRACT Future mobile
More informationehealth Ontario EMR Connectivity Guidelines
ehealth Ontario EMR Connectivity Guidelines Version 1.3 Revised March 3, 2010 Introduction Ontario s new ehealth strategy includes the use of commercially-available high-speed Internet to meet Electronic
More informationMobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall
Mobile security and your EMR Presented by: Shawn Tester & Allen Cornwall Date: October 14, 2011 Overview General Security Challenges & best practices Mobile EMR interfaces - EMR Access - Today & Future
More informationSecurity in Global IP Networks
Security Technology for the Internet Security in Global IP Networks Tatu Ylönen SSH Communications Security Corp What are global IP networks? The Internet The consumer internet Global uncontrolled
More informationBuilding Robust Security Solutions Using Layering And Independence
Building Robust Security Solutions Using Layering And Independence Fred Roeper Neal Ziring Information Assurance Directorate National Security Agency Session ID: STAR-401 Session Classification: Intermediate
More informationHow To Use A Femtocell (Hbn) On A Cell Phone (Hbt) On An Ipad Or Ipad (Hnt) On Your Cell Phone On A Sim Card (For Kids) On The Ipad/Iph
. Femtocell: Femtostep to the Holy Grail... Ravishankar Borgaonkar, Kévin Redon.. Technische Universität Berlin, SecT ravii/kredon@sec.t-labs.tu-berlin.de TROOPERS 2011, 30 March 2011 3G/UMTS femtocells
More informationTable of Contents. Introduction
viii Table of Contents Introduction xvii Chapter 1 All About the Cisco Certified Security Professional 3 How This Book Can Help You Pass the CCSP Cisco Secure VPN Exam 5 Overview of CCSP Certification
More informationVPN SECURITY POLICIES
TECHNICAL SUPPORT NOTE Introduction to the VPN Menu in the Web GUI Featuring ADTRAN OS and the Web GUI Introduction This Technical Support Note shows the different options available in the VPN menu of
More informationConfiguring Digital Certificates
CHAPTER 36 This chapter describes how to configure digital certificates and includes the following sections: Information About Digital Certificates, page 36-1 Licensing Requirements for Digital Certificates,
More informationAuthentication. Authentication in FortiOS. Single Sign-On (SSO)
Authentication FortiOS authentication identifies users through a variety of methods and, based on identity, allows or denies network access while applying any required additional security measures. Authentication
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationMobile Devices Security: Evolving Threat Profile of Mobile Networks
Mobile Devices Security: Evolving Threat Profile of Mobile Networks MBS-W07 Selim Aissi, PhD Objectives Mobile Security Threat Landscape Mobile Network Security Cybersecurity Implications, Mitigations
More informationAPNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0
APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
More informationLink Layer and Network Layer Security for Wireless Networks
Link Layer and Network Layer Security for Wireless Networks Interlink Networks, Inc. May 15, 2003 1 LINK LAYER AND NETWORK LAYER SECURITY FOR WIRELESS NETWORKS... 3 Abstract... 3 1. INTRODUCTION... 3 2.
More informationHow to Set Up an IPsec Connection Between Two Ingate Firewalls/SIParators (including SIP)
How to Set Up an IPsec Connection Between Two Ingate Firewalls/SIParators (including SIP) Lisa Hallingström Paul Donald Bogdan Musat Adnan Khalid Per Johnsson Rickard Nilsson Table of Contents How to configure
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationHMS Industrial Networks. Putting industrial applications on the cloud
HMS Industrial Networks Putting industrial applications on the cloud Whitepaper Best practices for managing and controlling industrial equipment remotely. HMS Industrial Networks Inc 35 E Wacker Drive,
More informationCommon Remote Service Platform (crsp) Security Concept
Siemens Remote Support Services Common Remote Service Platform (crsp) Security Concept White Paper April 2013 1 Contents Siemens AG, Sector Industry, Industry Automation, Automation Systems This entry
More informationHow To Industrial Networking
How To Industrial Networking Prepared by: Matt Crites Product: Date: April 2014 Any RAM or SN 6xxx series router Legacy firmware 3.14/4.14 or lower Subject: This document provides a step by step procedure
More information70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network
70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network Course Number: 70 299 Length: 1 Day(s) Course Overview This course is part of the MCSA training.. Prerequisites
More informationSecurity Digital Certificate Manager
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
More informationNCP Secure Enterprise Management Next Generation Network Access Technology
Data Sheet NCP Secure Enterprise Management Next Generation Network Access Technology General description NCP Secure Enterprise Management is the central component of the NCP Next Generation Network Access
More informationAuthenticity of Public Keys
SSL/TLS EJ Jung 10/18/10 Authenticity of Public Keys Bob s key? private key Bob public key Problem: How does know that the public key she received is really Bob s public key? Distribution of Public Keys!
More informationRemote Connectivity for mysap.com Solutions over the Internet Technical Specification
Remote Connectivity for mysap.com Solutions over the Technical Specification June 2009 Remote Connectivity for mysap.com Solutions over the page 2 1 Introduction SAP has embarked on a project to enable
More informationDigital certificates and SSL
Digital certificates and SSL 20 out of 33 rated this helpful Applies to: Exchange Server 2013 Topic Last Modified: 2013-08-26 Secure Sockets Layer (SSL) is a method for securing communications between
More informationLaboratory Exercises V: IP Security Protocol (IPSec)
Department of Electronics Faculty of Electrical Engineering, Mechanical Engineering and Naval Architecture (FESB) University of Split, Croatia Laboratory Exercises V: IP Security Protocol (IPSec) Keywords:
More information7.1. Remote Access Connection
7.1. Remote Access Connection When a client uses a dial up connection, it connects to the remote access server across the telephone system. Windows client and server operating systems use the Point to
More informationHughesNet Broadband VPN End-to-End Security Using the Cisco 87x
HughesNet Broadband VPN End-to-End Security Using the Cisco 87x HughesNet Managed Broadband Services includes a high level of end-to-end security features based on a robust architecture designed to meet
More informationChallenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved
Siemens AG - Corporate Technology - IT Security Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved Not a single
More informationUsing IKEv2 on Juniper Networks Junos Pulse Secure Access Appliance
Using IKEv2 on Juniper Networks Junos Pulse Secure Access Appliance Juniper Networks, Inc. 1 Table of Contents Before we begin... 3 Configuring IKEv2 on IVE... 3 IKEv2 Client Side Configuration on Windows
More informationOn the features and challenges of security and privacy in distributed internet of things. C. Anurag Varma achdc@mst.edu CpE 6510 3/24/2016
On the features and challenges of security and privacy in distributed internet of things C. Anurag Varma achdc@mst.edu CpE 6510 3/24/2016 Outline Introduction IoT (Internet of Things) A distributed IoT
More informationAdvanced Administration
BlackBerry Enterprise Service 10 BlackBerry Device Service Version: 10.2 Advanced Administration Guide Published: 2014-09-10 SWD-20140909133530796 Contents 1 Introduction...11 About this guide...12 What
More informationBest Practices for Securing IP Telephony
Best Practices for Securing IP Telephony Irwin Lazar, CISSP Senior Analyst Burton Group Agenda VoIP overview VoIP risks Mitigation strategies Recommendations VoIP Overview Hosted by VoIP Functional Diagram
More informationSecuring Your Software for the Mobile Application Market
WHITE PAPER: SECURING YOUR SOFTWARE FOR THE MOBILE APPLICATION MARKET White Paper Securing Your Software for the Mobile Application Market The Latest Code Signing Technology Securing Your Software for
More informationHow NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements
How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards
More informationKey Management Best Practices
White Paper Key Management Best Practices Data encryption is a fundamental component of strategies to address security threats and satisfy regulatory mandates. While encryption is not in itself difficult
More informationWindows Web Based VPN Connectivity Details & Instructions
VPN Client Overview UMDNJ s Web based VPN utilizes an SSL (Secure Socket Layer) Based Cisco Application that provides VPN functionality without having to install a full client for end users running Microsoft
More informationSecuring an IP SAN. Application Brief
Securing an IP SAN Application Brief All trademark names are the property of their respective companies. This publication contains opinions of StoneFly, Inc., which are subject to change from time to time.
More informationSecurity Executive Summary. Securing LTE Radio Access Networks Effectively
Security Executive Summary Securing LTE Radio Access Networks Effectively LTE networks require a dedicated security solution As an all-ip technology, LTE brings new capabilities to improve the customer
More informationStudy Paper on Security Accreditation Scheme for SIM
May 2014 MOBILE Study Paper on Security Accreditation Scheme for SIM TEC TELECOMMUNICATION ENGINEERING CENTRE KHURSHID LAL BHAWAN, JANPATH NEW DELHI - 110001 INDIA 1 Introduction... 4 2 Security Threats...
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationGuidance End User Devices Security Guidance: Apple ios 7
GOV.UK Guidance End User Devices Security Guidance: Apple ios 7 Updated 10 June 2014 Contents 1. Changes since previous guidance 2. Usage Scenario 3. Summary of Platform Security 4. How the Platform Can
More informationSS7 & LTE Stack Attack
SS7 & LTE Stack Attack Ankit Gupta Black Hat USA 2013 akg0x11@gmail.com Introduction With the evolution of IP network, Telecom Industries are using it as their core mode of communication for their network
More informationCyberoam IPSec VPN Client Configuration Guide Version 4
Cyberoam IPSec VPN Client Configuration Guide Version 4 Document version 1.0-410003-25/10/2007 IMPORTANT NOTICE Elitecore has supplied this Information believing it to be accurate and reliable at the time
More informationUsing BroadSAFE TM Technology 07/18/05
Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security
More informationVPN Wizard Default Settings and General Information
1. ProSecure UTM Quick Start Guide This quick start guide describes how to use the IPSec VPN Wizard to configure IPSec VPN tunnels on the ProSecure Unified Threat Management (UTM) Appliance. The IP security
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More information