CHAPTER THREE, Network Services Management Framework

Size: px
Start display at page:

Download "CHAPTER THREE, Network Services Management Framework"

Transcription

1 CHAPTER THREE, Acronyms and Terms 3-3 List of Figures Introduction Architecture Entity Identification & Addressing Management Domain Registration and Information Service Resources Access Control Security Model Management Communications Services NSMF Protocol Data Unit Management Messages Management Sessions Services Management Function 3-10

2 Chapter Three, Page 3-2/12 This page was intentionally left blank.

3 Chapter Three, Page 3-3/12 Acronyms & Terms DNS INMF INSMF MDRIS MDRS MIB NSMF PDU SMF SMFPL SNMP 3-11 Internet Domain Name System 3-5 Internet-standard Network Management Framework 3-5 Internet 3-5 Management Domain Registration and Information Service 3-6 Management Domain Registration and Information Server 3-7 Management Information Base Protocol Data Unit 3-6 Services Management Function 3-11 SMF Programming Language 3-7 Simple Network Management Protocol

4 Chapter Three, Page 3-4/12 List of Figures Figure 1: components. 5

5 Chapter Three, Page 3-5/12 1 Introduction Chapter Two presented a detailed analysis of the most important limitations of the Internet-standard Network Management Framework (INMF). As stated before, these fragilities are difficult to overcome just with added mechanisms or extensions to the model. This motivated the creation of a new network management framework based on new architecture paradigms and with no information model or management data model requirements. The major requirements for this new framework were described on Chapter One and this chapter will introduce that framework and the conceptual solutions encountered to integrate all relevant concepts and technologies developed in the last years in the field of network management. The Internet (INSMF) project was the author s first effort to present a framework to overcome the most important limitations of the INMF by defining a complete network services management distributed architecture that provided services management functions with any desired level of functionality. This initial framework evolved to the present version, named Network Services Management Framework (NSMF), which is now a reference management framework conceptualization, adequate for management of almost any computer network services platform. The NSMF primary goal is to become an independent and generalist management architecture, integrating the most relevant (recent and past) concepts on network services management studied, developed, or introduced (with more or less adaptation) on any management framework with some repercussion on the computer networks community. Although being an engineer s project, the development of the NSMF does not have the commercial or fast implementation concerns and constraints of the INMF and other widely deployed management technologies. It has no politic constraints also, nor is dependent on any complete network protocols framework/stack. Entity Access Control Model Hierarchical & Distributed Architecture Security Model Management Domain Registration & Information Service Access Control Model Management Communications Services Management Messages Management Sessions NSMF/EACM Protocol Data Unit Service Management Function SMF Protocol Iteractions SMF Primitives SMF Programming Language SMF Definitions Base Figure 1: components. This chapter introduces the NSMF by presenting its three major components, also depicted on Figure 1: Architecture the NSMF is based on a hierarchical organization of management domains complying to the Entity Access Control Model (EACM), supporting entity and network resources access control, a broad range of security mechanisms (including entity authentication, management data content verification and confidentiality, management data compression, non-repudiation assurance and a complete key management system), entity and domain naming and addressing, and a Management Domain Registration and

6 Chapter Three, Page 3-6/12 Information Service (MDRIS); this service is provided by a special type of management entity, termed Management Domain Registration and Information Server (MDRS). Communications Model this framework defines two types of integrated management communications transport protocols or services that the management entities have to comply to be able to effectively communicate with each other: a connectionless management communications service defined as Management Messages and a connection-oriented management communication service defined as Management Sessions. Both types of communication services use the same NSMF Protocol Data Unit (PDU). Functional Model this component is defined by all functionalities enabled by the Services Management Function (SMF) concept; this is, probably, the most important single concept integrated on the NSMF, which is a procedure implementing a group of well defined services management actions/functions, and may include re-use of other SMFs. So, the NSMF is like a reference framework for definition and implementation of network services management frameworks. Other specific management frameworks could use only the concepts and mechanisms needed to match their pre-defined functional and conceptual requisites, without the need to deploy a management system implementing the complete NSMF definition. 2 Architecture The distributed architecture of the NSMF is defined on the EACM and its main concepts are the Network Services Management Entity (or just management entity) and the Network Services Management Domain (or just management domain). Each management entity is either a provider of a network management service through its Network Services Management Access Point (NSMP), as defined on Chapter Two, or a network management service user (or both). In the first case the entity is named a Management Server (in the INMF it is named an Agent) and in the second case it is named a Management Client (in the INMF it is named a Manager). A management entity can have several management roles but that classification is less relevant and it will be presented later on Chapter Four. The key elements on the EACM architecture are: Entity and Management Domain based Architecture this specifies an hierarchical with multilevel functionality domain organization; each management domain and each management entity must register a management name which will be mapped to one or several transport and/or network addresses by the MDRIS. Management Domain Registration and Information Service this integrated sub-service provides a way for management domains and entity s profiles to be securely registered, distributed and accessed when needed; an entity s profile will include several registration parameters (like the entity s name, network and transport layer addresses, management role, etc), security parameters (like security keys and supported security mechanisms), default access control levels and associated keys and its functional compliance. In the case of a management server, the functional compliance should list the supported SMFDB modules or individual SMFs (which correspond to a complete or incomplete set of management functions of one or more network management services); in the case of a management client it should list, if possible, an indication (prediction) of the SMFDBs or individual SMFs that the entity will expect to use. Each management entity must register its profile on one MDRS of the management domain it wants to be part of. Management Communications with Resources Control this model defines secure management communications between management entities, with the capability of dynamically limit the functionality of management procedures or the consumption of network and local device resources depending on the entities involved and the state of the network and the devices during the time of execution of the management procedure. Functional requisites for the security mechanisms to be used on the model with additional definition of default mechanisms for implementing authentication, confidentiality and data integrity on management communications. One of the aspects of this model is the use of default security mechanisms based only on private symmetric keys. The distribution of entity

7 Chapter Three, Page 3-7/12 profiles, including their security parameters and secret keys, is based on a trusted registration and distribution process defined on the MDRIS. Entity Backup Mechanism the EACM permits the definition of several instances of a management server as the backup servers that should be used when the active entity fails. 2.1 Entity Identification & Addressing The identification of the NSMF entities is based on a double hierarchic domain structure, each one resembling the hierarchic structure used on the internet s domain and host naming. But, unlike the internet generic names, these NSMF names are of mandatory use, that is, the identification of management entity is only possible through the use of its NSMF name, so, each entity will have, at least, one NSMF name a sequence of string labels. The addressing flexibility and the native support for connectionless management communication messages and connection oriented management communication sessions to encapsulate the NSMF protocol units, makes possible to use directly network protocols on lower levels of network frameworks or even link level protocols (although in this last case no communication between entities on different data links on networks that do not provide routing on this level would be possible). Furthermore, the EACM provides support for indirect addressing, or proxying, with no limit on the number of proxying levels. Although the initial INSMF recommended an architecture for the internal conceptualization of a management entity [118], the NSMF does not define or recommends this architecture or any other because the present framework complies with the conceptualization introduced on Chapter One for network management services, in which these are regarded as black boxes where it is only needed to define the interfaces. 2.2 Management Domain Registration and Information Service This service is part of the EACM model and is provided by the MDRSs of a management domain and must support the SMFs defined for this special network services management service that implements management procedures for: Domain & Entity registration (including access control parameters), Definitions of hierarchic domains relationships, Security information registration and maintenance, that is, a key management service, and Accessing information about management domains and management entities. 2.3 Resources Access Control One of the most important aspects of the EACM is the capacity for defining levels of access to the various types of resources available on a network device or on the network. These levels are defined by default on a management domain basis, but can be redefined by each entity acting as a management server, both by adding support to other local resources types or supporting additional access control levels for the same default access control levels. The management clients obtain their default access control levels based on theirs registered profiles, but can negotiate further access levels for each particular management communication with each particular management server. The definition of these access control levels takes into account the type of resources being used by each SMF issued by the management clients on the management servers. Unlike the access control of Management Information Base (MIB) objects on the INMF, for example, that associates a single fixed level of access (from a very limited set of available levels) for each MIB object to a Simple Network Management Protocol (SNMP) manager, the access control on the EACM associates a single dynamic level of access (from a potentially infinite range of levels) to each type of resource (from a potentially infinite range of types of resources) to a EACM management client using a security key for each access level or group of levels.

8 Chapter Three, Page 3-8/ Security Model The security requisites of the EACM were defined taken into consideration the most traditional security threats considered for management frameworks like masquerading, information modification, deletion or disclosure and a less common security threat was studied and classified to be of some importance for modern network services management frameworks: non-repudiation of authority of issued management procedures. Other security threats were considered less relevant to network services management (like traffic analysis or denial of service) or can be reduced to a particular or combined form of the previous threats (like information sequence or timing modification), so these can be assured indirectly or just ignored. In light of the previous remarks, the most important goals of the EACM concerning security can be briefly listed: guarantee of entity/data authentication and management information confidentiality, verification of correct sequencing and integrity of management information and, when required, non-repudiation assurance of management procedures authority. These goals should be attainable using a set of pre-defined mechanisms, identified by an EACM Security Model Identification Tag (SECM-IDT) and applicable to each management communication between two management entities. While an entity can support several security models, only one security model can be applied to each management communication. It becomes obvious that both entities involved must support the security model applied to that particular management communication. The security mechanisms to be applicable on the EACM must not use external protocols and must not rely on external security mechanisms. Further more, the security model of the EACM must define a set of functional goals for each mechanism and the protocol syntax imposed. This way, several present and future alternatives can be used for each of the mechanisms for: Encryption the EACM needs an encryption method to be applied to the appropriate part of the NSMF PDU so confidentiality can be supported. The standard encryption mechanisms defined, at present, to be applicable on the EACM are based on traditional symmetric key encryption methods, being the most important the Advanced Encryption Standard. i There is also default support for Triple Data Encryption Standard and other methods can be applied (Serpent, Twofish, RC6, Mars and Saffer++) but are not defined as EACM standards at this time. Keyed Message Digest this is needed to ensure authentication (by itself or in conjunction with the encryption method) and verification of data integrity of the appropriate NSMF PDU part. It was decided to adopt, as an EACM standard, the Key-Hashing for Message Authentication mechanism with the possibility to use three well known message digest methods: Message Digest 5, RIPEMD and Secure Hash Algorithm 1. Key Management the EACM has a well defined mechanism for renovation (creation and deletion) of the keys/secrets of the management entities registered on management domain. In direct relation to key renovation is the need for a method for key transfer (distribution) between management entities. The EACM provides standard support for two key renovation approaches: o Local Renovation The keys are only created (or renovated) locally on the entity o owning the keys and then sent encrypted to one of the MDRSs of the domain; and Distributed Renovation The keys are created (or renovated) at the same time by the entity owning the keys and by the MDRSs through the use of a pre-defined mathematical process; this mathematical process should be supported on the domain by the Management Domain Registration & Information Service, executed on one MDRS and issued by the entity owning the key; this approach is safer because the keys values are not exposed (even if the previous methodology uses encryption) since they are not on transit on the network during the renovation procedure. Data Compression there can be an optional use of a lossless data compression mechanism that will help to minimize network bandwidth consumption and, if applicable, to reduce the security vulnerability of the original data stream of the appropriate NSMF PDU part/section. At this moment, the EACM defines only one data lossless compression mechanism, based on the Huffman compression algorithm concept. Since several algorithms exist based on this i At this time no references are given on these mechanisms. Later on Chapter Four these mechanisms the EACM security model will be further detailed and adequate references will be included.

9 Chapter Three, Page 3-9/12 traditional approach, the EACM only defines the syntax rules of how to represent the code table to be applied by the entity performing the decompression. This way, an added flexibility is achieved and the entity implementing the decompression does not need to know exactly which algorithm was used to construct the table of codification. It will be up to the entity making the compression to adopt the compression algorithm that better suits its goals (speed of compression, rate of compression, resource consumption, etc) as long as it is a lossless method and the compression codification table dos not yield any ambiguity and follows the syntax rules defined by the EACM. Non-Repudiation Assurance finally, the EACM should provide, although optionally, mechanisms for assurance of non-repudiation. This mechanism should guarantee non-repudiation using any MDRS on the management domain as the third party, trusted by the other entities on the management domain. The most common situation where the use of such mechanism is useful is when a management server wants to ensure that a management client can be identified as the responsible entity for an executed management procedure that resulted on some kind of functional constrain, even if the client had permission to do so. The management server is able to report the authority of the management procedure since the mechanism defined on the EACM guarantees that the reported client is the only entity (non MDRS) able to issuing the damaging management procedure. This allows that a management server reports any SMF issued by a management client, optionally including a resulting configuration status field. 3 Management Communications Services One of the major assets of the NSMF is the ability to provide its own management data transport service, the Management Communications Service. Furthermore, management communications can be connectionless, through Management Messages, or connection oriented, through Management Sessions. The first type is of mandatory implementation, while the later is of optional deployment. On modern network services frameworks, where the classification of traffic for effective quality of service deployment is important, it is an advantage being able to provide independent transport services adapted to specific needs of management services. Comparatively, the Management Messages transport service is more complete and, in the same proportion, exigent on entities resources than the Internet User Datagram Protocol. On the other hand, the Management Session transport service, although less complete and exigent than the Internet Transmission Control Protocol, is much more focused on the needs of a network services management framework and, in particular, on the NSMF functional requisites. While management server s confirmation of reception of SMF execution requests can be obtained through a higher level SMF interaction, the only available method for the management client to confirm reception of SMF management results from the server is by using management sessions. 3.1 NSMF Protocol Data Unit Both types of transport services use the same NSMF Protocol Data Unit (NSMF PDU) to encapsulate the management data. Each PDU used for management messages is named a message part while each PDU used for management sessions is named a session segment. Each message or session identification tag must be assigned by the management client and should be randomly generated, or, at least, the client should guarantee that no two active messages or sessions have the same identification tag. Chapter Five details the NSMP PDU syntax and semantics. 3.2 Management Messages A management message can include one or several SMF execution requests or SMF responses and can occupy one or several NSMF PDUs, in which case, each PDU will be a management message part. When a management message has more than one part, none of its SMFs should be split across different parts. Each management message part can use its own security model and security keys. Each entity s identification field of each management message part must include the entity s address.

10 Chapter Three, Page 3-10/12 There is no management data flow control on management messages, that is, there is no confirmation of messages reception (or message parts) from both entities. i Each management message part is a unique piece of management data and the only dependency on different message parts is the message identification tag and the numbering of all parts must be sequential. The management server must only start the execution of the SMFs included on the management message after the successful reception and processing of the entire message. Management messages must also be used to open management sessions between a management client and a management server (although management sessions can be opened from inside other management sessions between the same entities). Messages can also be used to close active management sessions between the same entities, but this is only recommendable on special situations (management sessions should be closed using primitives transferred on the management session itself). Management messages should be simple to implement and should consume very view resources on the management entities, so, this should be the preferred management communications service when no special reliability requirements must be assured. 3.3 Management Sessions A management session is a simple connection oriented management communication that has three states (otherwise is undefined): Opening Session, Data Exchange and Closing Session. It is always the entity acting in the role of management client to request the establishment of a management session. When the management session enters the data exchange phase or state, the entities can exchange SMF execution requests and SMF responses subjected to management data flow control controlled by two types of windowing parameters: time window and traffic window. The later type has also three sub-types of windowing management that takes into consideration three different management data traffic parameters: number of bytes, number of session segments and number of SMF primitives. This capability is very important because it defines a complete management data flow control at various management data semantic levels and complemented with a time window. Additionally, management sessions implementation must take into consideration the consumption of one of the two resources associated with management sessions and that are negotiated when establishing the session (opening phase): management session lifetime (or management session time to live) and management session traffic quota. There are other session parameters negotiated on the opening phase that will be described in detail on Chapter Five. An added advantage of the management sessions is that each management session always uses the same implied pair of session keys (one for each entity). So, the lifetime of a management session is also constrained by the lifetime of both session keys. Finally, it should be noted that management sessions consume more entity and network resources than management messages. They should be used only on situations where it is needed a greater control and reliability on the management data transfer or when resource consumption and computing power is not a relevant concern. 4 Services Management Function The SMF concept has changed little since its adoption on the initial INSMF. With this new paradigm, management entities deploy management procedures (including management data access, manipulation and processing) by means of functions defined in a definitions base or through code delegation. Each network service should create a Service Management Function Definitions Base (SMFDB) with SMF definitions divided by levels of functionality and type of management (like Monitoring, Configuration, Accounting, Performance and Security), when applicable. For example, the NSMF has already defined a special group of SMFs integrated on the MDRIS. i Although encapsulated SMF execution requests can be confirmed even when using management messages, this is a feature deployed on a higher layer interaction and will be detailed on Chapter Six.

11 Chapter Three, Page 3-11/12 At this point, we shall present a brief list of the functional capabilities natively provided or supported by the NSMF due to the integration of the SMF concept: Events & Alarms this mechanism is easily implemented on the NSMF through the use of a SMF, delegated or not, with conditional execution parameters; or on the SMF code itself. The first approach permits using any SMF as an event/alarm handler, while the second is preferable when creating dedicated event/alarm handlers with more complex trigger conditions. Expression Evaluation this is done in a completely transparent way on the SMF definition or explicitly on a delegated SMF code. Operations Scheduling all types of management procedures conditional execution, including time delayed or scheduled, are available with SMF concept, either by means of direct conditional execution parameters or SMF code definition. Management Delegation this is obtained through the use of delegated SMF code. i In this case, there s only one mandatory SMF Programming Language (SMFPL) to delegate SMF code, but other forms of code can be delegated as long as the target entity supports the chosen language (like Java, Active X or XML). The SMFPL is intentionally simple (all language operators, constructs, conditional statements, mathematical and boolean functions, data manipulation, etc, is represented using the same SMF syntax) but powerful enough for efficient delegation of management code. This pragmatic approach favours the ease of implementation and the creation of various levels of management. It is possible to delegate SMF mobile code that will delegate itself or other code to other management entities. Parameters Inspection it is possible to a management client to inspect SMF parameters while the SMF is still executing on the management server; this is a powerful feature for implementation of effective and advanced network services monitorization (which could be very helpful for deployment of prediction algorithms of active management systems). Policy Management the NSMF does not impose any Information Model or Management Data Model which leaves the door open to any form of management information approach, including policy management. The SMF concept and the infinite range of functionality levels permitted to management procedures are a very attractive recipe for deployment of complex policy management platforms with multi-level management information or data models. Chapter Six will present a detailed description of all aspects of the SMF concept, from its definition to its use for deployment of these advanced network management technologies. As a closing remark on this chapter, this author points out article [118] that gives an implementation example of an Internet Domain Name System (DNS) management service complying with the original INSMF. Nevertheless, it includes the definition of several SMF functions of a prototype DNS SMFDB. i There is no provision of direct delegation of management entities (also known as mobile agents), because this feature can be modelled as a special case of deployment of code delegation using an underlying runtime component.

12 Chapter Three, Page 3-12/12 This page was intentionally left blank.

Simple Network Management Protocol

Simple Network Management Protocol CHAPTER 32 Simple Network Management Protocol Background Simple Network Management Protocol (SNMP) is an application-layer protocol designed to facilitate the exchange of management information between

More information

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012 Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret

More information

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech Advanced Topics in Distributed Systems Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech Security Introduction Based on Ch1, Cryptography and Network Security 4 th Ed Security Dr. Ayman Abdel-Hamid,

More information

SECURITY TRENDS-ATTACKS-SERVICES

SECURITY TRENDS-ATTACKS-SERVICES SECURITY TRENDS-ATTACKS-SERVICES 1.1 INTRODUCTION Computer data often travels from one computer to another, leaving the safety of its protected physical surroundings. Once the data is out of hand, people

More information

Simple Network Management Protocol

Simple Network Management Protocol 56 CHAPTER Chapter Goals Discuss the SNMP Management Information Base. Describe SNMP version 1. Describe SNMP version 2. Background The (SNMP) is an application layer protocol that facilitates the exchange

More information

Chap. 1: Introduction

Chap. 1: Introduction Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Third Edition by William Stallings Lecture slides by Shinu Mathew John http://shinu.info/ Chapter 1 Introduction http://shinu.info/ 2 Background Information Security requirements

More information

Notes on Network Security - Introduction

Notes on Network Security - Introduction Notes on Network Security - Introduction Security comes in all shapes and sizes, ranging from problems with software on a computer, to the integrity of messages and emails being sent on the Internet. Network

More information

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9 NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document

More information

Securing IP Networks with Implementation of IPv6

Securing IP Networks with Implementation of IPv6 Securing IP Networks with Implementation of IPv6 R.M.Agarwal DDG(SA), TEC Security Threats in IP Networks Packet sniffing IP Spoofing Connection Hijacking Denial of Service (DoS) Attacks Man in the Middle

More information

SP 800-130 A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter

SP 800-130 A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter SP 800-130 A Framework for Designing Cryptographic Key Management Systems 5/25/2012 Lunch and Learn Scott Shorter Topics Follows the Sections of SP 800-130 draft 2: Introduction Framework Basics Goals

More information

Lecture II : Communication Security Services

Lecture II : Communication Security Services Lecture II : Communication Security Services Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 What is Communication

More information

IY2760/CS3760: Part 6. IY2760: Part 6

IY2760/CS3760: Part 6. IY2760: Part 6 IY2760/CS3760: Part 6 In this part of the course we give a general introduction to network security. We introduce widely used security-specific concepts and terminology. This discussion is based primarily

More information

Information System Security

Information System Security Information System Security Chapter 1:Introduction Dr. Lo ai Tawalbeh Faculty of Information system and Technology, The Arab Academy for Banking and Financial Sciences. Jordan Chapter 1 Introduction The

More information

Comparison of SNMP. Versions 1, 2 and 3

Comparison of SNMP. Versions 1, 2 and 3 Comparison of SNMP 1 Comparison of SNMP Versions 1, 2 and 3 Eddie Bibbs Brandon Matt ICTN 4600-001 Xin Tang April 17, 2006 Comparison of SNMP 2 During its development history, the communities of researchers,

More information

Snow Agent System Pilot Deployment version

Snow Agent System Pilot Deployment version Pilot Deployment version Security policy Revision: 1.0 Authors: Per Atle Bakkevoll, Johan Gustav Bellika, Lars, Taridzo Chomutare Page 1 of 8 Date of issue 03.07.2009 Revision history: Issue Details Who

More information

Table: Security Services (X.800)

Table: Security Services (X.800) SECURIT SERVICES X.800 defines a security service as a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers. Also the

More information

[MS-SSP]: Intellectual Property Rights Notice for Open Specifications Documentation

[MS-SSP]: Intellectual Property Rights Notice for Open Specifications Documentation [MS-SSP]: Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages,

More information

Protocols and Architecture. Protocol Architecture.

Protocols and Architecture. Protocol Architecture. Protocols and Architecture Protocol Architecture. Layered structure of hardware and software to support exchange of data between systems/distributed applications Set of rules for transmission of data between

More information

Transport Layer Security Protocols

Transport Layer Security Protocols SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known

More information

Cryptography and Network Security Sixth Edition by William Stallings

Cryptography and Network Security Sixth Edition by William Stallings Cryptography and Network Security Sixth Edition by William Stallings Chapter 1 Overview The combination of space, time, and strength that must be considered as the basic elements of this theory of defense

More information

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶 Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course

More information

Simple Network Management Protocol

Simple Network Management Protocol A Seminar Report on Simple Network Management Protocol Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science SUBMITTED TO: SUBMITTED BY: www.studymafia.org www.studymafia.org

More information

Monitoring DoubleTake Availability

Monitoring DoubleTake Availability Monitoring DoubleTake Availability eg Enterprise v6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this document may

More information

A generic framework for game development

A generic framework for game development A generic framework for game development Michael Haller FH Hagenberg (MTD) AUSTRIA haller@hagenberg.at Werner Hartmann FAW, University of Linz AUSTRIA werner.hartmann@faw.unilinz.ac.at Jürgen Zauner FH

More information

ITEC310 Computer Networks II

ITEC310 Computer Networks II ITEC310 Computer Networks II Chapter 28 Network Management: Department of Information Technology Eastern Mediterranean University Objectives 2/60 After completing this chapter you should be able to do

More information

What is a life cycle model?

What is a life cycle model? What is a life cycle model? Framework under which a software product is going to be developed. Defines the phases that the product under development will go through. Identifies activities involved in each

More information

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications Draft ITU-T Recommendation X.805 (Formerly X.css), architecture for systems providing end-to-end communications Summary This Recommendation defines the general security-related architectural elements that

More information

SNMP SECURITY A CLOSER LOOK JEFFERY E. HAMMONDS EAST CAROLINA UNIVERSITY ICTN 6865

SNMP SECURITY A CLOSER LOOK JEFFERY E. HAMMONDS EAST CAROLINA UNIVERSITY ICTN 6865 SNMP SECURITY A CLOSER LOOK JEFFERY E. HAMMONDS EAST CAROLINA UNIVERSITY ICTN 6865 NOVEMBER 25, 2013 SNMP SECURITY 2 ABSTRACT As a Network Monitoring System Administrator I have gained a substantial amount

More information

CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS

CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and

More information

Co-Creation of Models and Metamodels for Enterprise. Architecture Projects.

Co-Creation of Models and Metamodels for Enterprise. Architecture Projects. Co-Creation of Models and Metamodels for Enterprise Architecture Projects Paola Gómez pa.gomez398@uniandes.edu.co Hector Florez ha.florez39@uniandes.edu.co ABSTRACT The linguistic conformance and the ontological

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Transmitting Video Images in XML Web Service

Transmitting Video Images in XML Web Service Transmitting Video Images in XML Web Service Francisco Prieto, Antonio J. Sierra, María Carrión García Departamento de Ingeniería de Sistemas y Automática Área de Ingeniería Telemática Escuela Superior

More information

Chapter 6 Electronic Mail Security

Chapter 6 Electronic Mail Security Cryptography and Network Security Chapter 6 Electronic Mail Security Lectured by Nguyễn Đức Thái Outline Pretty Good Privacy S/MIME 2 Electronic Mail Security In virtually all distributed environments,

More information

Basics of Internet Security

Basics of Internet Security Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational

More information

Cisco Integrated Services Routers Performance Overview

Cisco Integrated Services Routers Performance Overview Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,

More information

Comparing Microsoft SQL Server 2005 Replication and DataXtend Remote Edition for Mobile and Distributed Applications

Comparing Microsoft SQL Server 2005 Replication and DataXtend Remote Edition for Mobile and Distributed Applications Comparing Microsoft SQL Server 2005 Replication and DataXtend Remote Edition for Mobile and Distributed Applications White Paper Table of Contents Overview...3 Replication Types Supported...3 Set-up &

More information

Security Digital Certificate Manager

Security Digital Certificate Manager IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Communication Networks. MAP-TELE 2011/12 José Ruela

Communication Networks. MAP-TELE 2011/12 José Ruela Communication Networks MAP-TELE 2011/12 José Ruela Network basic mechanisms Network Architectures Protocol Layering Network architecture concept A network architecture is an abstract model used to describe

More information

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik Common Criteria Protection Profile Cryptographic Modules, Security Level Enhanced BSI-CC-PP-0045 Endorsed by the Foreword This Protection Profile - Cryptographic Modules, Security Level Enhanced - is issued

More information

Software Architecture Document

Software Architecture Document Software Architecture Document Project Management Cell 1.0 1 of 16 Abstract: This is a software architecture document for Project Management(PM ) cell. It identifies and explains important architectural

More information

Network Security Essentials Chapter 7

Network Security Essentials Chapter 7 Network Security Essentials Chapter 7 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 7 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear,

More information

Authentication Application

Authentication Application Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information

Frequently Asked Questions

Frequently Asked Questions Frequently Asked Questions 1. Q: What is the Network Data Tunnel? A: Network Data Tunnel (NDT) is a software-based solution that accelerates data transfer in point-to-point or point-to-multipoint network

More information

AV@ANZA Formación en Tecnologías Avanzadas

AV@ANZA Formación en Tecnologías Avanzadas DESIGNING CISCO DATA CENTER APPLICATION SERVICES (CI-DCASD) Temario This is an instructor-led, lecture/lab course. You will learn how to deploy and configure intelligent network services using the Cisco

More information

BUSINESS RULES CONCEPTS... 2 BUSINESS RULE ENGINE ARCHITECTURE... 4. By using the RETE Algorithm... 5. Benefits of RETE Algorithm...

BUSINESS RULES CONCEPTS... 2 BUSINESS RULE ENGINE ARCHITECTURE... 4. By using the RETE Algorithm... 5. Benefits of RETE Algorithm... 1 Table of Contents BUSINESS RULES CONCEPTS... 2 BUSINESS RULES... 2 RULE INFERENCE CONCEPT... 2 BASIC BUSINESS RULES CONCEPT... 3 BUSINESS RULE ENGINE ARCHITECTURE... 4 BUSINESS RULE ENGINE ARCHITECTURE...

More information

TLS and SRTP for Skype Connect. Technical Datasheet

TLS and SRTP for Skype Connect. Technical Datasheet TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security

More information

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training McAfee Web Gateway Administration Intel Security Education Services Administration Course Training The McAfee Web Gateway Administration course from Education Services provides an in-depth introduction

More information

Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1 Cryptography and Network Security Chapter 1 Acknowledgments Lecture slides are based on the slides created by Lawrie Brown Chapter 1 Introduction The art of war teaches us to rely not on the likelihood

More information

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY) E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system

More information

SNMP I/O Devices Make Monitoring Environmental Conditions Easy. Austin Lin Product Manager Wayne Chen Technical Service Moxa Inc.

SNMP I/O Devices Make Monitoring Environmental Conditions Easy. Austin Lin Product Manager Wayne Chen Technical Service Moxa Inc. SNMP I/O Devices Make Monitoring Environmental Conditions Easy Austin Lin Product Manager Wayne Chen Technical Service Moxa Inc. Overview According to the US Census Bureau s 2012 Statistical Abstract there

More information

A Comparison of Protocols for Device Management and Software Updates

A Comparison of Protocols for Device Management and Software Updates B L A C K B E R R Y M 2 M S O L U T I O N S A Comparison of Protocols for Device Management and Software Updates In the last two decades, the number of connected computing devices has grown at a staggering

More information

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec CSCI 454/554 Computer and Network Security Topic 8.1 IPsec Outline IPsec Objectives IPsec architecture & concepts IPsec authentication header IPsec encapsulating security payload 2 IPsec Objectives Why

More information

Managing a Fibre Channel Storage Area Network

Managing a Fibre Channel Storage Area Network Managing a Fibre Channel Storage Area Network Storage Network Management Working Group for Fibre Channel (SNMWG-FC) November 20, 1998 Editor: Steven Wilson Abstract This white paper describes the typical

More information

The OSI Model and the TCP/IP Protocol Suite PROTOCOL LAYERS. Hierarchy. Services THE OSI MODEL

The OSI Model and the TCP/IP Protocol Suite PROTOCOL LAYERS. Hierarchy. Services THE OSI MODEL The OSI Model and the TCP/IP Protocol Suite - the OSI model was never fully implemented. - The TCP/IP protocol suite became the dominant commercial architecture because it was used and tested extensively

More information

(Refer Slide Time: 02:17)

(Refer Slide Time: 02:17) Internet Technology Prof. Indranil Sengupta Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture No #06 IP Subnetting and Addressing (Not audible: (00:46)) Now,

More information

Case Study for Layer 3 Authentication and Encryption

Case Study for Layer 3 Authentication and Encryption CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet Basic Networking Concepts 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet 1 1. Introduction -A network can be defined as a group of computers and other devices connected

More information

GlobalSCAPE DMZ Gateway, v1. User Guide

GlobalSCAPE DMZ Gateway, v1. User Guide GlobalSCAPE DMZ Gateway, v1 User Guide GlobalSCAPE, Inc. (GSB) Address: 4500 Lockhill-Selma Road, Suite 150 San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical

More information

Spirent Abacus. SIP over TLS Test 编 号 版 本 修 改 时 间 说 明

Spirent Abacus. SIP over TLS Test 编 号 版 本 修 改 时 间 说 明 Spirent Abacus SIP over TLS Test 编 号 版 本 修 改 时 间 说 明 1 1. TLS Interview (Transport Layer Security Protocol) (1) TLS Feature Introduction: 1. TLS is a successor of Secure Sockets Layer (SSL), a cryptographic

More information

Table of Contents. Introduction. Audience. At Course Completion

Table of Contents. Introduction. Audience. At Course Completion Table of Contents Introduction Audience At Course Completion Prerequisites Microsoft Certified Professional Exams Student Materials Course Outline Introduction This three-day instructor-led course provides

More information

Binonymizer A Two-Way Web-Browsing Anonymizer

Binonymizer A Two-Way Web-Browsing Anonymizer Binonymizer A Two-Way Web-Browsing Anonymizer Tim Wellhausen Gerrit Imsieke (Tim.Wellhausen, Gerrit.Imsieke)@GfM-AG.de 12 August 1999 Abstract This paper presents a method that enables Web users to surf

More information

COMPUTER NETWORKS NETWORK ARCHITECTURE AND PROTOCOLS

COMPUTER NETWORKS NETWORK ARCHITECTURE AND PROTOCOLS COMPUTER NETWORKS NETWORK ARCHITECTURE AND PROTOCOLS The Need for Standards Computers have different architectures, store data in different formats and communicate at different rates Agreeing on a particular

More information

B.Sc. (Computer Science) First Year

B.Sc. (Computer Science) First Year B.Sc. (Computer Science) First Year Paper No. Title of Paper External Internal Assessment Maximum Pass Exam Durations Semester I I Computer Fundamentals & Programming 40 5 45 16 3hrs in C II Logical Organization

More information

Session Service Architecture

Session Service Architecture Session Service Architecture Open Web Single Sign-On Version 1.0 Please send comments to: opensso@sun.com Author Alan Chu (alan.chu@sun.com) Session Service Architecture, Version 1.0 This document is subject

More information

Simple Network Management Protocol (SNMP)

Simple Network Management Protocol (SNMP) CHAPTER 52 Simple Network Management Protocol (SNMP) Background The Simple Network Management Protocol(SNMP)is an application-layer protocol that facilitates the exchange of management information between

More information

CipherShare Features and Benefits

CipherShare Features and Benefits CipherShare s and CipherShare s and Security End-to-end Encryption Need-to-Know: Challenge / Response Authentication Transitive Trust Consistent Security Password and Key Recovery Temporary Application

More information

PROTOTYPE IMPLEMENTATION OF A DEMAND DRIVEN NETWORK MONITORING ARCHITECTURE

PROTOTYPE IMPLEMENTATION OF A DEMAND DRIVEN NETWORK MONITORING ARCHITECTURE PROTOTYPE IMPLEMENTATION OF A DEMAND DRIVEN NETWORK MONITORING ARCHITECTURE Augusto Ciuffoletti, Yari Marchetti INFN-CNAF (Italy) Antonis Papadogiannakis, Michalis Polychronakis FORTH (Greece) Summary

More information

Chapter 9: Transport Layer and Security Protocols for Ad Hoc Wireless Networks

Chapter 9: Transport Layer and Security Protocols for Ad Hoc Wireless Networks Chapter 9: Transport Layer and Security Protocols for Ad Hoc Wireless Networks Introduction Issues Design Goals Classifications TCP Over Ad Hoc Wireless Networks Other Transport Layer Protocols Security

More information

XML Document Management Architecture

XML Document Management Architecture XML Document Management Architecture Candidate Version 2.0 02 Dec 2010 Open Mobile Alliance OMA-AD-XDM-V2_0-20101202-C OMA-AD-XDM-V2_0-20101202-C Page 2 (30) Use of this document is subject to all of the

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

MODEL OF SOFTWARE AGENT FOR NETWORK SECURITY ANALYSIS

MODEL OF SOFTWARE AGENT FOR NETWORK SECURITY ANALYSIS MODEL OF SOFTWARE AGENT FOR NETWORK SECURITY ANALYSIS Hristo Emilov Froloshki Department of telecommunications, Technical University of Sofia, 8 Kliment Ohridski st., 000, phone: +359 2 965 234, e-mail:

More information

Candelis, Inc. DICOM Conformance Statement. ImageGrid Storage Server

Candelis, Inc. DICOM Conformance Statement. ImageGrid Storage Server 18821 Bardeen Ave. Irvine, CA 92612 Phone: 800.800.8600 Fax: 949.752.7317 Candelis, Inc. DICOM Conformance Statement ImageGrid Storage Server 0 INTRODUCTION ImageGrid Storage Server is a complete hardware/software,

More information

ORACLE DATABASE SECURITY. Keywords: data security, password administration, Oracle HTTP Server, OracleAS, access control.

ORACLE DATABASE SECURITY. Keywords: data security, password administration, Oracle HTTP Server, OracleAS, access control. ORACLE DATABASE SECURITY Cristina-Maria Titrade 1 Abstract This paper presents some security issues, namely security database system level, data level security, user-level security, user management, resource

More information

CHAPTER 1 INTRODUCTION

CHAPTER 1 INTRODUCTION 1 CHAPTER 1 INTRODUCTION 1.1 Introduction Cloud computing as a new paradigm of information technology that offers tremendous advantages in economic aspects such as reduced time to market, flexible computing

More information

HTTP connections can use transport-layer security (SSL or its successor, TLS) to provide data integrity

HTTP connections can use transport-layer security (SSL or its successor, TLS) to provide data integrity Improving File Sharing Security: A Standards Based Approach A Xythos Software White Paper January 2, 2003 Abstract Increasing threats to enterprise networks coupled with an ever-growing dependence upon

More information

In this chapter, we will introduce works related to our research. First, we will

In this chapter, we will introduce works related to our research. First, we will Chapter 2 Related Works In this chapter, we will introduce works related to our research. First, we will present the basic concept of directory service and Lightweight Directory Access Protocol (LDAP).

More information

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us

More information

NETASQ MIGRATING FROM V8 TO V9

NETASQ MIGRATING FROM V8 TO V9 UTM Firewall version 9 NETASQ MIGRATING FROM V8 TO V9 Document version: 1.1 Reference: naentno_migration-v8-to-v9 INTRODUCTION 3 Upgrading on a production site... 3 Compatibility... 3 Requirements... 4

More information

544 Computer and Network Security

544 Computer and Network Security 544 Computer and Network Security Section 1: Introduction Dr. E.C. Kulasekere Sri Lanka Institute of Information Technology - 2005 Background Information Security requirements have changed in recent times

More information

Chapter 7 Application Protocol Reference Architecture

Chapter 7 Application Protocol Reference Architecture Application Protocol Reference Architecture Chapter 7 Application Protocol Reference Architecture This chapter proposes an alternative reference architecture for application protocols. The proposed reference

More information

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress Alan Davy and Lei Shi Telecommunication Software&Systems Group, Waterford Institute of Technology, Ireland adavy,lshi@tssg.org

More information

The OSI Model and the TCP/IP Protocol Suite

The OSI Model and the TCP/IP Protocol Suite The OSI Model and the TCP/IP Protocol Suite To discuss the idea of multiple layering in data communication and networking and the interrelationship between layers. To discuss the OSI model and its layer

More information

Cisco Which VPN Solution is Right for You?

Cisco Which VPN Solution is Right for You? Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2

More information

Monitoring Coyote Point Equalizers

Monitoring Coyote Point Equalizers Monitoring Coyote Point Equalizers eg Enterprise v6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this document may

More information

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code

More information

ERNW Newsletter 29 / November 2009

ERNW Newsletter 29 / November 2009 ERNW Newsletter 29 / November 2009 Dear Partners and Colleagues, Welcome to the ERNW Newsletter no. 29 covering the topic: Data Leakage Prevention A Practical Evaluation Version 1.0 from 19th of november

More information

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11 - Secure

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment White Paper Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment Cisco Connected Analytics for Network Deployment (CAND) is Cisco hosted, subscription-based

More information

Monitoring Traffic manager

Monitoring Traffic manager Monitoring Traffic manager eg Enterprise v6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this document may be reproduced

More information

Implementing and Managing Security for Network Communications

Implementing and Managing Security for Network Communications 3 Implementing and Managing Security for Network Communications............................................... Terms you ll need to understand: Internet Protocol Security (IPSec) Authentication Authentication

More information

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia NETWORK SECURITY Farooq Ashraf Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia O u t l i n e o f t h e P r e s e n t a t i o n What is Security

More information

IT Architecture Review. ISACA Conference Fall 2003

IT Architecture Review. ISACA Conference Fall 2003 IT Architecture Review ISACA Conference Fall 2003 Table of Contents Introduction Business Drivers Overview of Tiered Architecture IT Architecture Review Why review IT architecture How to conduct IT architecture

More information