Government. In Italiano, per favore? Ou en rançais, s il vous plait? Or in German after all? There Is no such thing as a talking car?

Size: px
Start display at page:

Download "Government. In Italiano, per favore? Ou en rançais, s il vous plait? Or in German after all? There Is no such thing as a talking car?"

Transcription

1 The IT Security Report by Issue Business Security Automotive Government High Security In Italiano, per favore? Ou en rançais, s il vous plait? Or in German after all? There Is no such thing as a talking car? Fingerprints in German Embassies Two masters do not get in each other's way Role-based system offers PAX staff the web content they need in the language they speak. The web offering of an insurance company is so extensive that even the staff often have trouble navigating through the website. Insurance brokers give up after a few clicks if they do not immediately find the they need and reach for the phone to get answers to their questions from the insurance company. With the rise in electronically mapped processes, e.g. online application forms for various services, finding one s way is becoming increasingly difficult. Car-to-car communication made secure. The EU is calling for the number of road fatalities to be cut by half by This is the reason why the automotive industry is currently developing solutions to make driving safer and increase driver protection. In future, ve - hicles are to be able to exchange with one another ad hoc while on the road without requiring driver intervention. This will allow for dangers to be recognized in time, e.g. icy road conditions. In spite of new regulations, Germans living abroad can still apply for new passports at German embassies. The introduction of electronic fingerprints in passports in Germany went off without a hitch. The integration into visas is to follow soon. But what does this change mean for Germans living abroad? ZIVIT uses next-generation SINA Boxes. The Centre for Information Processing and Information Technology (ZIVIT) has relied on proven SINA technology for quite a while now. ZIVIT opted again for SINA in a new project to ensure secure data transfer. The new system must be highly failure-proof. For this reason, ZIVIT is now using the next generation of our SINA Boxes. Find more on this issue on page 3 Find more on this issue on page 8 Find more on this issue on page 9 Find more on this issue on page 14

2 EDITORIAL CONTENT In Italiano, per favore? Ou en français, s il vous 03 plait? Or in German after all? Dear Reader, back in 2005, we hosted a meeting with the press on the subject of industrial espionage together with Dr Udo Helmbrecht, President of the German Federal Office for Information Security, and security consultant Dr Otto D. Mayer. The bottom line: High Dr. Rainer Baumgart security is not the privilege of national authorities it is also indispensable for companies. Some enterprises became sensitised to this as a result and have invested in the security of their IT infrastructure. Current talks with our customers from the private sector have indicated to us that this issue has again been placed on management agendas. The number of attacks against companies grew dramatically over the past year it is open season with competitors at home and abroad on the lookout for secret research results and business strategies. The interview with Anita Brandt-Zimmermann, Head of the Department for Counter-Espionage in the Ministry of the Interior of the German State of North Rhine-Westphalia, on page 4 confirms what we know from experience. Sufficient cause for us to make the fight against industrial espionage our top priority. At the CeBIT 2008, we focus on protection against espionage attacks and present you with solutions for the security of your IT. Our co-operation with Swiss-based Visonys AG also contributes to protecting your systems against attackers. Ensure adequate security in your web portals by preventing hackers from accessing your applications in the first place with visonysairlock. We cordially invite you to our Managed Security Forum which we started in collaboration with other IT security providers. You will find the times and further on the Forum on page 7. We would like to take this opportunity to reiterate that we welcome your ideas and critical feedback. Simply send us an Espionage Germany under attack 04 IT Security Check Whoever does not behave according to the 06 Code of Conduct gets kicked Reinforcement with pros: 07 Managed Security Forum 2008 There Is no such thing as a talking car? 08 Fingerprints in German Embassies 09 Healthy security for personal data 10 NXP has epass chips tested by secunet 11 Cryptography meets biometrics 12 Electronically stamped 13 Two masters do not get in each other's way 14 What is? Do you speak SINA? 15 Your data are secure on the road CeBIT We wish you pleasant reading. Yours faithfully Rainer Baumgart 2

3 Business Security In Italiano, per favore? Ou en français, s il vous plait? Or in German after all? Role-based system offers PAX staff the web content they need in the language they speak Continuance of page 1 PAX, the Swiss life assurance company, recognised this problem and found a solution: It commissioned secunet to integrate the Web-based single sign-on system SAM Web from Evidian. With this system, each of the insurance company's staff members or brokers can access precisely the content they need after signing on under This saves time and reduces the stress of lengthy searches on the web. In addition, users are offered the content they need in the language they want an important feature in view of Switzerland s many languages. All of this occurs via a role-based system in which all members of staff and brokers create their profiles once and receive content and forms personalised to suit them. played. They can electronically process and save the customer data directly on site. The advantage for customers: Their data is processed quickly and securely. Questions resulting from unintelligible forms no longer arise. And it is good for brokers: Data is entered directly in electronic format, which saves time they would otherwise need to type the from the form when back in the office. PAX s own staff have an addi - tional advantage: Thanks to single sign-on, they have direct online access to their web mail without having to sign on again. A further advantage, especially for Management: The solution ensures audit trail compliance. It is possible to track precisely which staff member accessed what when. This is an important step towards the automated implementation of PAX s security policy. Günther Mellinger Phone: Instead of carrying reams of paper about, brokers only take along their notebook with UMTS card when visiting customers. After signing on, a clear list containing precisely the and forms they need for the meeting with the customer is dis- After the log-in on each insurance broker gets personalised contents and forms and enters data electronically during the conversation. 3

4 Business Security Espionage Germany under attack Industrial and commercial espionage* are serious issues in Germany. However, many companies underestimate the danger. Ms Anita Brandt-Zimmermann, Head of the Department for Counter-Espionage in the Ministry of the Interior of the German State of North Rhine-Westphalia, answered our questions. Ms Brandt-Zimmermann, how would you rate the danger of industrial espionage in Germany? The likelihood of a company becoming the target of espion - age is high. Germany is a very attractive target due to the innovative strength of its companies and because numerous hightech corporations are located here. The geopolitical situation and the important role in the EU and NATO make Germany even more attractive as a target. Industrial spies steal know-how in order to catch up with successful industrial nations without expensive and time-consuming research. Do you think espionage will continue to be on the in - crease? Yes, we have to expect an increase, unfortunately. Re - nowned auditing companies such as Ernst & Young, KPMG or PricewaterhouseCoopers have dealt with this phenomenon for quite a while now. According to a PwC study, the volume of product piracy and industrial espionage in affected companies has been on a steady rise since This is demonstrated by, among other things, the continuously increasing number of knock-offs, counterfeits and plagiarisms which are often the result of industrial espionage. The fact that an increasing number of suspected espionage cases is reported to the counterespionage department at the There are no industries that spies are not interested in. It can hit anybody. For example, plagiarised pastries of a German baker were found in China. Office for Protection of the Constitution in North Rhine-Westphalia is yet another indication of an increase of the espionage activities. What is the resulting damage? The estimated damages amounts to up to 20 billion euros per year. What are the most frequently used methods of spies? Are there specific patterns? The IT of a company is one possibility of obtaining and therefore a preferred target of industrial espion - age. For example, it is possible to attack an unguarded notebook containing data that is not secured. The notebook of a tra - veller is borrowed for 10 minutes from the hotel room or the empty conference room and the unsecured data is accessed. Another method of obtaining consists of sending an with a Trojan in the attachment. The offenders first find out which topics are interesting to the target person. Then they send an e- mail that relates to this topic and that purports to originate from some sort of personal context. This appeals to the target person who disregards the security rules. Often, companies do not even notice they are being spied on, for instance that is being tapped. They only see that sales decrease. However, staff also becomes the target of espionage attacks in other situations. The term social engineering refers to the siphoning off of from trustful partners. The attacker creates an atmosphere of well-being with the intention of throwing his part- 4

5 Business Security ner off guard so that he disregards his normal precautions and unintentionally discloses pertinent. What are the consequences for the economy and companies in Germany? The economy must adjust to the increased threat potential and safeguard companies appropriately against attacks. Companies must always be aware of the fact that their know-how is attractive to foreign intelligence services. Maximum caution is required during stays abroad. Security/ awareness concepts should be created if that has not already been done. How can companies protect themselves? Can you tell our readers where to obtain additional? The first step to protect a company is to identify the core knowhow, i. e. the data that must be absolutely protected. Companies do not have to identify this know-how by themselves. For example, the counter-espionage department in North Rhine-Westphalia provides competent support. The department offers free and neutral consulting and assistance though specially trained staff. All is treated confidentially. In addition, companies should devise a comprehensive security concept including staff, organisational and material issues with a focus on awareness and implement this concept in their corporate identity. Reliable protection against espionage requires all staff of the company to be integrated in the planning of precautions. An online test that we offer on the website of the Office for Protection of the Constitution in North Rhine-Westphalia enables companies to assess the hazard. The test takes 5 minutes. It is performed via an encrypted line and is tap-proof. More on How secure is your company? Take the online test at the counter-espionage department of North Rhine-Westphalia: wirtschaftsspionage Commercial and industrial espionage *The terms commercial espionage and industrial espionage are often used synonymously. However, they relate to different issues: Industrial espionage relates to activities which are aimed at siphoning off corporate know-how; such activities are controlled by foreign intelligence services. The Office for Protection of the Constitution is concerned with preventing such espionage activities. However, espionage activities can also be performed by foreign or domestic private competitors. This type of eavesdropping of private competitors is referred to as commercial espionage. Police and public prosecution service are in charge of prosecution in such cases. IT Security Check 2008 IT security is only given top priority in 50 % of companies 47.8 % of IT decision-makers respond in the affirmative to the question as to whether company management has declared the issue of IT security a top priority. This is the conclusion of the secunet study IT Security Check 2008, in which 881 IT decisionmakers from various industries were surveyed in October and November This is quite remarkable since many companies today are subject to compliance or corporate governance rules. It is not rare that managing directors can be held responsible for inadequate IT security. Providers of financial services and trade seem to be aware of the problem. The values of 55.3 % and 61.0 % in these fields are above average. In industrial companies, only two in five company leaders (39.3 %) are involved in securing their IT. IT security is also on the agenda of leaders of companies with more than employees: 62.1 % take care of the issue personally. More it-sicherheitscheck on 5

6 Business Security Whoever does not behave according to the Code of Conduct gets kicked HAMBURG WASSER, a public water supply and waste water disposal company, protects Web applications for customers and staff with visonysairlock. Approximately 30,000 inhabit - ants of the City of Hamburg conveniently manage their personal data at their water supply company via the Internet by using the online service of HAMBURG WASSER, the largest municipal water supply company. Customers can view their meter readings and invoices, make direct debit authorisations and change their address data with just a few mouse clicks. This online service is secured by the Web Application Firewall (WAF) visonysairlock. Now, yet another application operates under the WAF shield: The approx. 1,700 staff of the com - pany can now securely communicate via the groupware system Lotus Notes, protected by visonysairlock. This means hard times for attackers from the Internet using methods such as cross-site scripting, SQL injection or cookie poisoning. To secure our Web application, a central, especially secure access was to be created. And we wanted to connect future systems via this access as well, says Peter Saile, Head of Systems Planning at HAMBURG WASSER. Competent consulting by secunet, the service range and the excellent references are what made the difference and convinced us in selecting visonys- Airlock. With this solution, HAMBURG WASSER opted for a highly effective approach to protect their Web applications. The concept is easy to explain: Whoever does not behave according to the Code of Conduct gets kicked or is not allowed in in the first place. This way, attackers do not even get access to security-rel - evant points of attack for compromising Web applications. For this purpose, the rules for using the offered Web contents were precisely defined. Users who observe these rules gain full access to the Web contents and services offered. Everybody else has to stay out. The Web Application Firewall operates before the Web server, thus relieving it from security tasks. This way, unauthorised queries are automatically blocked by comprehensive filters and unauthorised users are rejected by upstream authentication. The successful start of visonysairlock has paved the way for other Web applications such as Internet portals for plumbers or facility management companies, ex - plains Saile. Main functions of visonysairlock 4.1 at a glance: Secure and high-availability operation of Web applications due to prevention of attacks Multi-level filtering of all user input Upstream user authentication with secure session handling Highly secure reverse proxy with SSL termination Comprehensive logging and alerting, monitoring and reporting with the possibility of integration into management systems Reduced total costs for development, maintenance and operation of applications Project implementation: Visonys AG and secunet Security Networks AG 6

7 Business Security Reinforcement with pros: Managed Security Forum 2008 Why do it all yourself if others can do it better? Without extensive planning and regular adjustments in response to the latest requirements and threats from the Internet, not even the most expensive IT protection systems will pay off. Managed Security is a guarantee for ongoing protection against the latest attack methods. IT experts safeguard operations, mainten - ance and updates of your systems. Together with partners from the IT security sector, we will be holding a series of al events and discussions on the issue of Managed Security Services in the months to come. The forum is a cross-enterprise platform for and dis - cussion which is to contribute to the clarification and establishment of Managed Security Services. We would like to provide participants not only with theoretical knowledge but, more importantly, also with exclusive hands-on case studies. Participating companies: ComputaCenter Integralis McAfee secunet Sonicwall Symantec Unisys Verisign Verizon Dates and places April 2, 2008: Frankfurt Maritim Hotel Theodor-Heuss-Allee 3 May 7, 2008: Düsseldorf Hotel Hilton Georg-Glock-Strasse 20 Issues to be focused on: Legal Requirements & Compliance Cost-efficiency & Benchmarking Implementation and Control Strategies Benefits for Enterprise IT Enterprise IT and Security Service Providers as Partners Contracts for Areas of Responsibility and Competence, SLAs, OLAs May 29, 2008: Hamburg Hotel Lindtner Heimfelder Strasse 123 June 16, 2008: Munich Airport Marriott Hotel Alois-Steinecker-Strasse 20 More on For detailed on the individual presentations and to register, please visit +++ Events +++ Important dates +++ Events +++ CeBIT Hannover March 4-9, 2008 RSA Conference San Francisco April 7-11, 2008 Security Document World London April 22-23, 2008 AFCEA Bonn May 7-8, th Annual Congress: Software in Automobiles Stuttgart June 2-3, 2008 VÖB-Service Congress Frankfurt am Main June 2-3, 2008 SINA User Day Bonn June 3-4, 2008 TranSec World Expo Amsterdam June 11-12, 2008 D A CH Security Berlin June 24-25,

8 Automotive There is no such thing as a talking car? Car-to-car communication made secure Dr. Marc Lindlbauer Phone: Continuance of page 1 This is referred to as Local Danger Warning, and requires an open communication interface to the vehicle which is on continuous communication stand-by. As part of the World Wide Web, the in-vehicle network is also a potential target for Internet threats such as viruses, worms and Trojans as well as DoS (Denial of Service) and buffer overflow attacks. The security challenges involved in setting up open Internet access in the ve - hicle have a variety of parallels to those in conventional computer networks. secunet has developed two methods which provide effective protection against known Internet attacks. Both methods are based on the principle of recognising possible attacks on site in the vehicle and neutralising their impact by means of appropriate protection measures in the vehicle: Secure Communication Unit The Secure Communication Unit (SCU) is a method to ensure availability of the communication channels from and to the vehicle. In the event that the communication interface of the vehicle is attacked, the SCU ensures that the remaining vehicle applications can continue to run securely. This means, for example, that in the case of a DoS attack, the overload is detected and the SCU terminates the connection. The master Internet application, such as a browser, remains unaffected and does not crash as a result of the DoS attack. Finally, the SCU re-establishes the connection so that it is possible to run the vehicle application again. secunet Protection Unit There is a second danger which looms in the form of data which gets access via the Internet connection and which may contain manipulated or malicious code. The secunet Protection Unit (PU) rounds off the protection mechan - isms of the SCU at application level. The main tasks of a PU are to ensure integrity and protect against manipulation: Ensuring integrity refers to monitoring the runtime environment of a control unit and the static program memory with regard to the origin of existing and incoming data. Manipulation protection refers to monitoring unauthorised changes to the program code or the data. If the monitoring logic detects behaviour which deviates from the specifications, appropriate measures are initiated, e.g. denial of access or initialisation of emergency run properties. In co-operation with a supplier, a PC-based proof of concept of the SCU was presented at this year's IAA. Porting to an embedded chip is a subsequent step planned for In the final version, the SCU will be available as a separate micro-controller or as an extension to such a controller. The next issue of secuview will provide you with further on the Secure Communication Unit 8

9 Government Fingerprints in German Embassies In spite of new regulations, Germans living abroad can still apply for new passports at German embassies Continuance of page 1 Just like all other Germans, they need a new passport every ten years. Prior to the introduction of biometric features, they simply handed in their passport photos at the embassies which were then mailed to Germany along with the signed applications. For the staff at the embassies, this was a quick and easy process. Most of the work i. e. creating the passport was done in Germany. This changed with the introduction of biometric features. Today, an employee at the embassy first has to check the passport photograph for its biometric suitability and then take fingerprints of two fingers of the applicant for a passport and all ten fingers for visas. Speed and reliability were not the only requirements concerning the biometric solution it had to be Linux-compatible since the German Federal Foreign Office had migrated its entire IT to this Open Source operating system a number of years ago. In biomiddle addition, flexibility was a major concern in the selection of the solution. The components, such as fingerprint scanners or passport readers, should be replaceable without having to change the entire system. Therefore, the German Federal Foreign Office opted for secunet's biomiddle. This biometric middleware runs under Linux and can be easily reconfigured when devices need to be replaced. In addition, only a single scanner is needed which scans two or ten fingers, as required. Another challenge: The electronic fingerprints for visas are stored in ANSI/NIST format, but coded in data groups for passports. No problem for our solution which ensures that all these processes can run on a single workplace. Therefore, the extra time that goes along with the extra work for the staff at the embassies can be kept to a mini - mum. The sensitive data is then transferred to Germany highly encrypted with SINA, another secunet solution. Marco Breitenstein Phone:

10 Government Healthy security for personal data The secunet network connector protects the network of providers of medical services and the transfer of patient data Gregor Boeckeler Phone: The largest healthcare project in Europe involves an impressive number of stakeholders: 80 million persons with health insurance, pharmacies, physicians, 65,000 dentists, hospitals and approx. 270 health insurance companies. The objective of the project is the introduction of the electronic health card in Germany. Of course, meticulous planning with numerous test runs and a long time to final implementation are absolutely indispensable for a project of this magnitude. For the preparations to be co - ordinated by a central organisation, the gematik gmbh was founded, a company for telematics applications for the electronic health card. Its task is to ensure the introduction, maintenance and further development of the health card, the electronic prescription and other telematics applications such as the electronic patient file. Data protection and security are key issues in the project. The personal data of the patients must be protected in a reliable way in particular during the electronic transfer between the parties involved. For connection to the healthcare telematics network, physicians practices, pharmacies and others therefore need a connector. This connector consists of various components: the application connector software, a hardware platform and the network connector software. The latter protects the application connector software and the network of the medical service providers from attacks and ensures secure Internet connections, i. e. it is the basis of maximum security. The secunet network connector protects the connection between the various participants so that the personal data can be transmitted in a secure way. Developed on the basis of our highsecurity solution SINA, it has already passed the gematik function test for the offline field tests and successfully overcome the first obstacle for field tests. Certification according to Common Criteria as required by gematik is currently in progress. Leading suppliers of the connector, among them Siemens, already rely on our technology. 10

11 Government NXP has epass chips tested by secunet Chip manufacturer relies on the competency of the laboratory approved by the German Federal Office for Information Security In the last issue of secuview, we introduced our test laboratory for electronic passports. We test electronic passports and their components for compliance with worldwide standards according to the technical directives of the German Federal Office for Information Security BSI. Our laboratory was the first test centre in Germany to be approved by the BSI for tests according to layers 6 and 7. In the meantime, numerous passport manufacturers from all over the world have made use of our offer and had their components for electronic passports tested by our specialists. Just like NXP, a leading manufacturer of chip solutions for electronic passports. In order to test their compliance with national and international requirements for electronic travel documents, NXP commissioned our certification office for IT compliance. Testing was conducted according to the Technical Guideline of the German Federal Office for Information Security BSI TR Part 3. These tests ensure that the data stored on the electronic passport chip are interoperably readable world-wide and that the mechanisms for protection of the data on the chip are correctly implemented. Matthias Niesing Phone: The advantage of the secunet network connector: The SINA technology which serves as its basis has successfully been used for years by public authorities. SINA has been approved by the German Federal Office for Information Security for the transfer of classified documents up the level Top Secret, i. e. its reliability and security has been certified by a public authority. In addition, our solution is interoperable. It can communicate with VPN solutions (concentrators) of various manufacturers. First tests in different regions of Germany have been successful. Further tests are to follow until the health card project is implemented in all of Germany. 11

12 Government Cryptography meets biometrics Research project for acquisition of keys from fingerprints Marco Breitenstein Phone: Biometric features such as fingerprints, iris patterns or electronic pictures of faces are increasingly used as secure identification technologies in a variety of application areas. When biometric methods are used, it is essential to ensure the protection of the personal features. How can this be effectively protected from unauthorised access and misuse? To find convincing answers to this question, the German Fed - eral Office for Information Security BSI initiated the BioKeyS re - search project. This project is part of the research programme of the BSI which was started within the framework of the Innovation Initiative of the German Federal Government and which allows the public and the private sector to implement jointly funded technology projects. Together with the BSI, our experts are now examining whether it is possible to combine the benefits of biometrics and proven cryptographic processes. The objective is to use biometric data as cryptographic keys without saving these keys themselves. This means: An algorithm generates a key from, for example, a person's fingerprints which is used to encode data, s, etc. This way, only the owner of the fingerprints can access the since decoding again requires a key generated from the fingerprints. To ensure reliable protection, strong keys must be used which cannot be broken. Since a single fingerprint does not provide a sufficient amount of for such strong keys, secunet and the project partners rely on multi-biometrics. This means that, for instance, all fingerprints of a hand are taken. These provide sufficient individual to generate strong cryptographic keys. The advantage of this new development: Solutions which require neither the biometric data nor the cryptographic key to be stored are breaking new ground for applications in the public and private sector which are compliant with data protection legislation. With the BioKeyS research pro - ject, secunet and the BSI are investing in tomorrow's techno l - ogy. The combination of multibiometrics and cryptography serves as the innovative basis for future applications made by secunet. 12

13 Government Electronically stamped secunet multisign TSP responder helps Deutsche Rentenversicherung DRV (German Pension Fund) in electronic long-term archiving If you were to place all the documents from the archives of the German Pension Fund end to end, how often would you cover the distance from Earth to Mars? Quite often, probably. Instead of finding the actual answer, we would rather contribute to minimising the flood of paper-based documents in the archives of the DRV and other social insurance carriers. A time stamping service based on the secunet multisign TSP responder is a part of the Trust Centre which the DRV has operated since the end of 2005 and in whose implementation secunet played a major role. This service has now been migrated to up-todate crypto-algorithms together with the other components. The time stamps are required for conclusive long-term archiving of electronic documents according to the ArchiSig concept. This way, paper files, incoming letters and other paper documents can be scanned and stored in electronic archives. The time stamp confirms the integrity of each document at a given time and ensures that it is conclusive. The secunet multisign TSP responder is compliant with the Signature Act; archiving of the original, paper-based document is therefore no longer required. This not only saves space in the archives, but also processing time. Since our time stamping service already uses the RSA-2048 and SHA-256 algorithms, conclusiveness of the electronic files according to the specifications of the German Federal Office for Information Security and the Federal Network Agency is ensured until at least The Trust Centre of the DRV grants all social insurance car - riers and other public institutions in Germany access to the central time stamping service. The offer is in great demand: Users currently include DRV Bund, DRV Rhineland, DRV Berlin-Brandenburg, the Association of Indus - trial Workers in the Metal Industry and the Association of Agricultural Pension Funds. Other authorities are waiting in the wings, ready to get rid of the flood of paper-based documents in their offices. Frank Rustemeyer Phone:

14 High Security Two masters do not get in each other's way ZIVIT uses next-generation SINA Boxes Dirk Mangelmann Phone: Continuance of page 1 These boxes feature a new Hot Stand-By System (HSB) which dramatically reduces downtimes by decreasing the switch-over times. How is this achieved? In the old master-slave system (active passive), the master operates while the slave is inactive. The latter does not become active until operation is requested; it takes a while until the slave reaches full performance. In large infrastructures, these wake-up times (so-called switch-over times) may add up. The new HSB system has further minimised the wake-up times by using two masters (active active) with each of them having the current session data available. In cases of emergency, no. 2 can take over the job of the failed box no. 1 within seconds. And no. 2 works as the master (active) from now on while no. 1 operates in stand-by mode, i. e. there is no jump back from slave to master as before. The new system completely does away with this down time caused by the jump back. With the application at ZIVIT, our new SINA Box has successfully passed its first field test outside of our test laboratory; it will officially ship approx. from the middle of the year on. What is the SINA Box 1000? The SINA Box 1000 is our racer. It encrypts from 0 to 1,200 MBits in just a second. What this means for you: Greater engine power and a considerably smaller and lighter chassis, but the same security for the data occupants. The silver metallic paint makes it the must-have of the season. Arrange your test ride today. 14

15 High Security Do you speak SINA? SINA User Day 2008 in Bonn You work with our SINA highsecurity solution every day? Then you have surely heard of our SINA User Day. This year we would like to invite you to a new location, the Beethoven Hall in Bonn, on 3 and 4 June where you will have the opportunity to exchange ideas with other users. Of course, our experts will again be presenting more exciting new subjects and case studies. The programme is identical both days so that you can choose the time that suits you best. Is there anything that you as a user are particularly interested in? Please let us know. We would be pleased to introduce your topic within the scope of a podium discussion. As a SINA user, you can register now for this event. Simply send an with your details and the time you prefer to Would you like to become a member of the SINA community? It's easy get in touch and we will send you further infor - mation. Dirk Mangelmann Phone: Your data are secure on the road The SINA Access Client extends the mobile SINA line Good news for mobile Windows users: The SINA Access Client is the ideal extension of existing mobile SINA clients (SINA Virtual Desktop and SINA Virtual Workstation). It makes the SINA technology and a universal Windows VPN client compatible. This enables mobile users to access their familiar work environments in a secure way via insecure Internet connections. The data connection is secured on the basis of the IPsec standard. Data is transferred via landline, public radio networks, LANs, Internet or wireless LANs at the company site or at hotspots, independent of the media type. The SINA Access Client is easy to install on a Windows operating system (Win 32/64). It sets up a secure connection to a SINA Box from the Windows environment which, in the case of successful authentication, permits access to the data networks. The participants communicate exclusively via the secure connection so that the workplace is protected from unwanted attacks from the Internet. Stefan Albers Phone:

16 March 4-9 Hall 6, stand J 36 CeBIT 2008 You may know our consultants only from phone calls. Would you like to meet with them in person? Or you may need to talk with them but cannot seem to find a suitable time? Then please take note of 4 to 9 March 2008, where you will find us in Hanover at the CeBIT. biomiddle Not only the German Federal Foreign Office uses our biometric middleware. secunet biomiddle is also in demand internationally. We will again be presenting our latest trends in IT security in hall 6, stand J36. This year we are concentrating on the following: Now there is also an industry version of our high-security solution. Top security for confidential data such as research results. Our solution suite is growing steadily. You can keep your confidential data with you at all times with the SINA Mobile Disk, an encrypted hard disk. safe surfer Managed Security Services We make surfing from the workstation convenient. The German Federal Chancellery is already successfully using our solution. Would you rather entrust the security of your network systems to professionals? No problem for us. We have two partners at our stand this year: Visonys AG Visonys AG is a globally leading Swiss manufacturer of standard IT security products. Their solutions protect web applications against attacks, increase their availability and reduce operating costs. Today, leading companies world-wide from all industries as well as nine in ten Swiss banks protect their web applications with Visonys. The company won the Swiss Technology Award for its web application firewall visonysairlock in on Visonys, visit ewitness s. a. ewitness s.a. offers a globally unique notarial certification service: Notaries public can now precisely log companies' electronic transactions, e.g. and FTP transfers, and authenticate the transactions with qualified digital signatures and time stamps. This rules out any subsequent manipulation of the transmitted data and allows electronic transactions to be proven compliant at notarial level. The ewitness system is suitable for companies in a variety of fields including credit services, assets management and the provision of power and water. But other companies, especially mid-sized ones, stand to benefit considerably from the degree of document security at notarial level achieved with ewitness. The technology has been in successful use in Europe since IMPRINT Editor: secunet Security Networks AG Kronprinzenstraße Essen - Germany Telephone: Responsible for the content: Marketing/Communications Chief Editor: Design: Chromedia West GmbH Copyright: secunet Security Networks AG. All rights reserved. All contents and structures are copyright protected. All and any use not expressly permitted by copyright law requires prior written permission. 16

Intelligent Solutions for the Highest IT Security Demands

Intelligent Solutions for the Highest IT Security Demands Intelligent Solutions for the Highest IT Security Demands 3 Information security from the architects of modern cryptographic systems SINA (Secure Inter-Network Architecture) enables the protected processing,

More information

Intelligent Solutions for the Highest IT Security Requirements

Intelligent Solutions for the Highest IT Security Requirements Intelligent Solutions for the Highest IT Security Requirements 3 Information security from the architects of modern cryptographic systems SINA (Secure Inter-Network Architecture) enables the protected

More information

successstory Security for Diplomacy High Security for Embassy Networks

successstory Security for Diplomacy High Security for Embassy Networks successstory Security for Diplomacy High Security for Embassy Networks Today the consistent deployment of strong cryptography, along with key management that regulates access to data, are the only ways

More information

Technology for data security on the move

Technology for data security on the move hcbvkskfb,jjdvj69g95jgfmfvnmdyc j654wgshdshcbdvdhh3321bvdjdvkr556ur8f8vxlfvsjfb4kfköfkbjöjrööxdvöodjösejavhvhjzjzju6dthtjfzkvlkre.dkn.678i87kje5öäpaüpeqü3äüaoefjfj0ldk,jxclaehfleahfi47zgeugkuvykdfalwidaihrflwaihl993urkwffkaf

More information

Brainloop Cloud Security

Brainloop Cloud Security Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating

More information

Passing PCI Compliance How to Address the Application Security Mandates

Passing PCI Compliance How to Address the Application Security Mandates Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These

More information

secure authentication and trusted identity delivering assurance and efficiency to every sector with CardOS Smart Card Solutions

secure authentication and trusted identity delivering assurance and efficiency to every sector with CardOS Smart Card Solutions secure authentication and trusted identity delivering assurance and efficiency to every sector with CardOS Smart Card Solutions Your business technologists. Powering progress Delivering certainty through

More information

Best Solutions for Biometrics and eid

Best Solutions for Biometrics and eid Best Solutions for Biometrics and eid In times of virtual communication even a person s identity is converted into an electronic form with the help of biometrics and then organised through intricate technical

More information

What is Web Security? Motivation

What is Web Security? Motivation brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web

More information

This Time. Safety & Security in ICT Systems INFO 2. Threats to ICT systems. Hacking

This Time. Safety & Security in ICT Systems INFO 2. Threats to ICT systems. Hacking This Time Safety & Security in ICT Systems INFO 2 Oliver Boorman-Humphrey www.oliverboorman.biz This time we look at the need to protect data in ICT systems and the subsequent threats if these measures

More information

White Paper Secure Reverse Proxy Server and Web Application Firewall

White Paper Secure Reverse Proxy Server and Web Application Firewall White Paper Secure Reverse Proxy Server and Web Application Firewall 2 Contents 3 3 4 4 8 Losing control Online accessibility means vulnerability Regain control with a central access point Strategic security

More information

LADIES AND GENTLEMEN,

LADIES AND GENTLEMEN, SIMPLY GOOD NEWS LADIES AND GENTLEMEN, Phishing Virus Clean Mail DoS Attack Trojan Horse Malware 02 Thank you for considering antispameurope. And we got good news for you. Because if you choose one of

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

Automatic Hotspot Logon

Automatic Hotspot Logon WHITE PAPER: for VPN Setup Features of the integrated, dynamic NCP Personal Firewall Solution Table of Contents 1. Insecure mobile computing via Wi-Fi networks (hotspots)...1 1.1 Basic hotspot functionality...

More information

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced

More information

L2 Box. Layer 2 Network encryption Verifiably secure, simple, fast.

L2 Box. Layer 2 Network encryption Verifiably secure, simple, fast. L2 Box Layer 2 Network encryption Verifiably secure, simple, fast. reliable line encryption. Nowadays internal and confidential data is exchanged between locations or computer centres of public authorities

More information

FAQs Electronic residence permit

FAQs Electronic residence permit FAQs Electronic residence permit General 1) When was the electronic residence permit introduced? Since 1 September 2011, foreigners in Germany have been issued with the new electronic residence permit

More information

Smart cyber security for smart cities

Smart cyber security for smart cities Competence Series Smart cyber security for smart cities 1 IT Security made in Europe Cities are becoming smarter Population growth, urbanisation trends and climate change are driving a process of continuous

More information

Seminar on Ethical Hacking and Cyber Crime Get comprehensive Know-how in just one week! Introduced by your trusted security partner.

Seminar on Ethical Hacking and Cyber Crime Get comprehensive Know-how in just one week! Introduced by your trusted security partner. Seminar on Ethical Hacking and Cyber Crime Get comprehensive Know-how in just one week! Introduced by your trusted security partner. Education in information security made in Switzerland. Education Services

More information

Firewall and UTM Solutions Guide

Firewall and UTM Solutions Guide Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: info@lsasystems.com Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

WEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project

WEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project WEB SECURITY Oriana Kondakciu 0054118 Software Engineering 4C03 Project The Internet is a collection of networks, in which the web servers construct autonomous systems. The data routing infrastructure

More information

Vulnerabilities of the usage of digital signature

Vulnerabilities of the usage of digital signature Vulnerabilities of the usage of digital signature The efforts made concerning the use of the digital signature represent a significant step in the information technology. These efforts do not or just to

More information

How to complete the Secure Internet Site Declaration (SISD) form

How to complete the Secure Internet Site Declaration (SISD) form 1 How to complete the Secure Internet Site Declaration (SISD) form The following instructions are designed to assist you in completing the SISD form that forms part of your Merchant application. Once completed,

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

3 Email Marketing Security Risks. How to combat the threats to the security of your Email Marketing Database

3 Email Marketing Security Risks. How to combat the threats to the security of your Email Marketing Database 3 Email Marketing Security Risks How to combat the threats to the security of your Email Marketing Database Email Marketing Guide June 2013 Security Threats PROTECTING YOUR EMAIL DATABASE FROM HACKERS

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

eform Suite for TeleForm Create and Process Intelligent eforms in PDF and HTML

eform Suite for TeleForm Create and Process Intelligent eforms in PDF and HTML eform Suite for TeleForm Create and Process Intelligent eforms in PDF and HTML Double the Value of your TeleForm Solution The product eform Suite extends your TeleForm solution with the ability to create

More information

NetBank security guide

NetBank security guide NetBank security guide Commonwealth Bank Personal 1 Contents Page 4 5 5 5 7 7 9 9 9 11 12 12 13 13 13 14 14 14 16 16 16 17 18 18 19 19 20 21 Section Peace of mind with NetBank What are the common online

More information

Chapter 10. Privacy and Security. McGraw-Hill/Irwin. Copyright 2008 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 10. Privacy and Security. McGraw-Hill/Irwin. Copyright 2008 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 10 Privacy and Security McGraw-Hill/Irwin Copyright 2008 by The McGraw-Hill Companies, Inc. All rights reserved. Competencies (Page 1 of 2) Page 282 Discuss the privacy issues related to the presence

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

TURNING SECURITY COSTS INTO PROFITS MANAGED SECURITY SERVICES FOR PROVIDERS. www.antispameurope.com

TURNING SECURITY COSTS INTO PROFITS MANAGED SECURITY SERVICES FOR PROVIDERS. www.antispameurope.com TURNING SECURITY COSTS INTO PROFITS MANAGED SECURITY SERVICES FOR PROVIDERS www.antispameurope.com FALLING PRICES There s little difference between the various market offerings so no wonder price has become

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer

More information

The Electronic Arms Race of Cyber Security 4.2 Lecture 7

The Electronic Arms Race of Cyber Security 4.2 Lecture 7 The Electronic Arms Race of Cyber Security 4.2 Lecture 7 ISIMA Clermont-Ferrand / 04-February 2011 Copyright 2011 Dr. Juergen Hirte List of Content Why Process Automation Security? Security Awareness Issues

More information

School of Computer Science and Engineering policy with regard to self-administered computers

School of Computer Science and Engineering policy with regard to self-administered computers School of Computer Science and Engineering policy with regard to self-administered computers CSE Computer Security Committee October, 2002 Abstract The School s Computing Support Group (CSG) provides a

More information

Information Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore E-mail:bhu261@gmail.com Outline of Information Security Introduction Impact of information Need

More information

Securing your Online Data Transfer with SSL

Securing your Online Data Transfer with SSL Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does

More information

TIME SYSTEM SECURITY AWARENESS HANDOUT

TIME SYSTEM SECURITY AWARENESS HANDOUT WISCONSIN TIME SYSTEM Training Materials TIME SYSTEM SECURITY AWARENESS HANDOUT Revised 11/21/13 2014 Security Awareness Handout All System Security The TIME/NCIC Systems are criminal justice computer

More information

VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong

VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY AUTHOR: Raúl Siles Founder and Security Analyst at Taddong Hello and welcome to Intypedia. Today we will talk about the exciting world of security

More information

All you need to know about the electronic residence permit (eat)

All you need to know about the electronic residence permit (eat) All you need to know about the electronic residence permit (eat) www.bamf.de/eaufenthaltstitel Contents Contents 1 The electronic residence permit 5 2 Photo and fingerprints 7 3 Additional provisions

More information

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions Permeo Technologies WHITE PAPER HIPAA Compliancy and Secure Remote Access: Challenges and Solutions 1 Introduction The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996 has had an

More information

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS? What is InsightCloud? InsightCloud is a web portal enabling Insight customers to purchase and provision a wide range of Cloud services in a straightforward and convenient manner. What is SaaS? Software

More information

Section 12 MUST BE COMPLETED BY: 4/22

Section 12 MUST BE COMPLETED BY: 4/22 Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege

More information

Why Web Applications are making a hackers life easy. Presented by Jon Grew BT SBS

Why Web Applications are making a hackers life easy. Presented by Jon Grew BT SBS Why Web Applications are making a hackers life easy. Presented by Jon Grew BT SBS Acknowledgements Ed Barlow Technical Director EMEA Ed sends his apologies. The following presentation is based on the talk

More information

WORKFLOW MANAGEMENT FOR THE CLINICAL RADIOLOGY

WORKFLOW MANAGEMENT FOR THE CLINICAL RADIOLOGY RADIOLOGY WORKFLOW SOLUTIONS WORKFLOW MANAGEMENT FOR THE CLINICAL RADIOLOGY RADIOLOGY WORKFLOW MANAGEMENT OPTIMISED WORKFLOW MAXIMUM EFFICIENCY medavis. Your trusted partner for workflow management in

More information

4. Identify the security measures provided by Microsoft Office Access. 5. Identify the methods for securing a DBMS on the Web.

4. Identify the security measures provided by Microsoft Office Access. 5. Identify the methods for securing a DBMS on the Web. Topic 8 Database Security LEARNING OUTCOMES When you have completed this Topic you should be able to: 1. Discuss the important of database security to an organisation. 2. Identify the types of threat that

More information

Infocomm Sec rity is incomplete without U Be aware,

Infocomm Sec rity is incomplete without U Be aware, Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN

More information

ELO e-mail management. The right decision for today and tomorrow

ELO e-mail management. The right decision for today and tomorrow >> E-mail lifecycle management as a basis for efficient business processes The right decision for today and tomorrow The Enterprise Content Management (ECM) solutions from ELO Digital Office GmbH provide

More information

SECURITY ORGANISATION Security Awareness and the Five Aspects of Security

SECURITY ORGANISATION Security Awareness and the Five Aspects of Security SECURITY ORGANISATION Security Awareness and the Five Aspects of Security Shift Security simply used to protect information vs. Enabling business initiatives with security Bolt-on/add-on structure to business

More information

McAfee.com Personal Firewall

McAfee.com Personal Firewall McAfee.com Personal Firewall 1 Table of Contents Table of Contents...2 Installing Personal Firewall...3 Configuring Personal Firewall and Completing the Installation...3 Configuring Personal Firewall...

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer

More information

System Security Policy Management: Advanced Audit Tasks

System Security Policy Management: Advanced Audit Tasks System Security Policy Management: Advanced Audit Tasks White Paper October 6, 2005 2005 Altiris Inc. All rights reserved. ABOUT ALTIRIS Altiris, Inc. is a pioneer of IT lifecycle management software that

More information

SB 1386 / AB 1298 California State Senate Bill 1386 / Assembly Bill 1298

SB 1386 / AB 1298 California State Senate Bill 1386 / Assembly Bill 1298 California State Senate Bill 1386 / Assembly Bill 1298 InterSect Alliance International Pty Ltd Page 1 of 8 Intersect Alliance International Pty Ltd. All rights reserved worldwide. Intersect Alliance Pty

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

Contents. McAfee Internet Security 3

Contents. McAfee Internet Security 3 User Guide i Contents McAfee Internet Security 3 McAfee SecurityCenter... 5 SecurityCenter features... 6 Using SecurityCenter... 7 Fixing or ignoring protection problems... 16 Working with alerts... 21

More information

Installation and usage of SSL certificates: Your guide to getting it right

Installation and usage of SSL certificates: Your guide to getting it right Installation and usage of SSL certificates: Your guide to getting it right So, you ve bought your SSL Certificate(s). Buying your certificate is only the first of many steps involved in securing your website.

More information

Preventing fraud in epassports and eids

Preventing fraud in epassports and eids Preventing fraud in epassports and eids Security protocols for today and tomorrow by Markus Mösenbacher, NXP Machine-readable passports have been a reality since the 1980s, but it wasn't until after 2001,

More information

Recommended Practice Case Study: Cross-Site Scripting. February 2007

Recommended Practice Case Study: Cross-Site Scripting. February 2007 Recommended Practice Case Study: Cross-Site Scripting February 2007 iii ACKNOWLEDGEMENT This document was developed for the U.S. Department of Homeland Security to provide guidance for control system cyber

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

IT Solutions for Communication and Data Security. A Service Provided by Your Tax Advisor

IT Solutions for Communication and Data Security. A Service Provided by Your Tax Advisor IT Solutions for Communication and Data Security A Service Provided by Your Tax Advisor IT as the Reliable Foundation of Your Company Regardless of the industry your company is active in, effective and

More information

Internet security: Shutting the doors to keep hackers off your network

Internet security: Shutting the doors to keep hackers off your network Internet security: Shutting the doors to keep hackers off your network A Paralogic Networks Guide www.scholarisintl.com Introduction Like all revolutionary steps in technological development the Internet

More information

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both.

More information

Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application INDEX 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4.

More information

Topics in Network Security

Topics in Network Security Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure

More information

Standard Information Communications Technology. Multifunction Device. January 2013 Version 2.2. Department of Corporate and Information Services

Standard Information Communications Technology. Multifunction Device. January 2013 Version 2.2. Department of Corporate and Information Services Standard Information Communications Technology January 2013 Version 2.2 Corporate and Information Services Document details Document Title Contact details File name Version 2.2 Date issued January 2013

More information

Complete Business Communication

Complete Business Communication Complete Business Communication Welcome to Frama UK Your partner for all aspects of physical and digital B2B communication Frama is an international company with its headquarters in Switzerland. Since

More information

CONTENTS. PCI DSS Compliance Guide

CONTENTS. PCI DSS Compliance Guide CONTENTS PCI DSS COMPLIANCE FOR YOUR WEBSITE BUILD AND MAINTAIN A SECURE NETWORK AND SYSTEMS Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not

More information

Mapping Your Path to the Cloud. A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software.

Mapping Your Path to the Cloud. A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software. Mapping Your Path to the Cloud A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software. Table of Contents Why the Cloud? Mapping Your Path to the Cloud...4

More information

Securing the future of mobile services. SIMalliance Open Mobile API. An Introduction v2.0. Security, Identity, Mobility

Securing the future of mobile services. SIMalliance Open Mobile API. An Introduction v2.0. Security, Identity, Mobility 1 An Introduction v2.0 September 2015 Document History 2 Version Date Editor Remarks 1.0 06/04/2011 OMAPI Working Group Public release 2.0 27/09/2015 OMAPI Working Group Public release Copyright 2015 SIMalliance

More information

Strategic Information Security. Attacking and Defending Web Services

Strategic Information Security. Attacking and Defending Web Services Security PS Strategic Information Security. Attacking and Defending Web Services Presented By: David W. Green, CISSP dgreen@securityps.com Introduction About Security PS Application Security Assessments

More information

Getting a Secure Intranet

Getting a Secure Intranet 61-04-69 Getting a Secure Intranet Stewart S. Miller The Internet and World Wide Web are storehouses of information for many new and legitimate purposes. Unfortunately, they also appeal to people who like

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

Visa U.S.A Cardholder Information Security Program (CISP) Payment Application Best Practices

Visa U.S.A Cardholder Information Security Program (CISP) Payment Application Best Practices This document is to be used to verify that a payment application has been validated against Visa U.S.A. Payment Application Best Practices and to create the Report on Validation. Please note that payment

More information

White Paper. McAfee Web Security Service Technical White Paper

White Paper. McAfee Web Security Service Technical White Paper McAfee Web Security Service Technical White Paper Effective Management of Anti-Virus and Security Solutions for Smaller Businesses Continaul Security Auditing Vulnerability Knowledge Base Vulnerability

More information

STRONGER ONLINE SECURITY

STRONGER ONLINE SECURITY STRONGER ONLINE SECURITY Enhanced online banking without compromise Manage your business banking efficiently and securely Internet banking has given business leaders and treasurers greater control of financial

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

Using Contactless Smart Cards for Secure Applications

Using Contactless Smart Cards for Secure Applications Using Contactless Smart Cards for Secure Applications Classification: Public (Info Level 1) Document No.: LA-11-005d-en Edition: 2010 www.legic.com LEGIC Identsystems Ltd Binzackerstrasse 41, CH-8620 Wetzikon,

More information

CompTIA Security+ (Exam SY0-410)

CompTIA Security+ (Exam SY0-410) CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate

More information

74% 96 Action Items. Compliance

74% 96 Action Items. Compliance Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated

More information

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s

More information

Seamless ICT Infrastructure Security.

Seamless ICT Infrastructure Security. Seamless ICT Infrastructure Security. Integrated solutions from a single source. Effective protection requires comprehensive measures. Global networking has practically removed all borders in the exchange

More information

Thick Client Application Security

Thick Client Application Security Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two

More information

More effective protection for your access control system with end-to-end security

More effective protection for your access control system with end-to-end security More effective protection for your access control system with end-to-end security By Jeroen Harmsen The first article on end-to-end security appeared as long ago as 1981. The principle originated in ICT

More information

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards January 2007 Developed by: Smart Card Alliance Identity Council RF-Enabled Applications and Technology:

More information

meetings, presentations, training sessions and teamwork

meetings, presentations, training sessions and teamwork More than 100 million users The friendly all-in-one solution for meetings, presentations, training sessions and teamwork Simple and convenient via the Internet Online meetings and presentations Using time

More information

Security Goals Services

Security Goals Services 1 2 Lecture #8 2008 Freedom from danger, risk, etc.; safety. Something that secures or makes safe; protection; defense. Precautions taken to guard against crime, attack, sabotage, espionage, etc. An assurance;

More information

Secure service for comfortable cross-enterprise collaboration & data exchange

Secure service for comfortable cross-enterprise collaboration & data exchange Secure service for comfortable cross-enterprise collaboration & data exchange Dr. Ralf Rieken CEO, Uniscon GmbH selected by für die all4cloud Lösung Uniscon at a Glance Founded 2009 (Munich Technology

More information

The All-in-One Support Solution. Easy & Secure. Secure Advisor

The All-in-One Support Solution. Easy & Secure. Secure Advisor The All-in-One Support Solution. Easy & Secure. Secure Advisor Secure Advisor - A Perfect Solution for Online Support Fast and easy remote support from anywhere Problems that often sound complicated on

More information

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES MOBILITY & INTERCONNECTIVITY Features SECURITY OF INFORMATION TECHNOLOGIES Frequent changes to the structure of enterprise workforces mean that many are moving away from the traditional model of a single

More information

Role Based Identity and Access Management Basic Infrastructure for New Citizen Services and Lean Internal Administration

Role Based Identity and Access Management Basic Infrastructure for New Citizen Services and Lean Internal Administration Role Based Identity and Access Management Basic Infrastructure for New Citizen Services and Lean Internal Administration Horst Bliedung Director International Sales CEE Siemens IT Solutions and Services

More information

Don t Fall Victim to Cybercrime:

Don t Fall Victim to Cybercrime: Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security

More information

Enabling the secure use of RFID

Enabling the secure use of RFID Enabling the secure use of RFID BLACK ME/FOTOLIA.com Enhancing security of radio frequency identification to connect safely to the Internet of Things UHF radio frequency identification (RFID) promises

More information

WEB ATTACKS AND COUNTERMEASURES

WEB ATTACKS AND COUNTERMEASURES WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in

More information

Why do we need to protect our information? What happens if we don t?

Why do we need to protect our information? What happens if we don t? Warwickshire County Council Why do we need to protect our information? What happens if we don t? Who should read this? What does it cover? Linked articles All WCC employees especially mobile and home workers

More information

SiteRemote 4 Cloud. Remote Monitoring. SaaS - Kiosk Remote Monitoring & Management Software

SiteRemote 4 Cloud. Remote Monitoring. SaaS - Kiosk Remote Monitoring & Management Software SiteRemote 4 Cloud Remote Monitoring SaaS - Kiosk Remote Monitoring & Management Software SiteRemote is a software solution used for remotely monitoring and maintaining client terminals running a Provisio

More information