Integrating Network Access And End Point Assessment With Trusted Network Connect (TNC) By Avesh Agarwal Red Hat Inc.
|
|
- Emery Pierce
- 7 years ago
- Views:
Transcription
1 Integrating Network Access And End Point Assessment With Trusted Network Connect (TNC) By Avesh Agarwal Red Hat Inc.
2 Agenda Network Access Control (NAC) End Point Assessment Trusted Network Connect (TNC) Demo
3 Network Access Control (NAC) Who are you? 802.1X, IPsec, TLS
4 End Point Assessment What do you have? Is it good enough to allow you access? Health Check, Posture Assessment, or /Measurements Verification
5 End Point Assessment: Why? Incorrect software version? Is a software operational?? Yes Possibility of vulnerable network Incorrect configuration? blacklisted software?
6 Missing? TNC How to transmit end point information over a network securely? How to tie it with network access control?
7 Trusted Network Connect (TNC) Delivery Verification Enforcement Remediation
8 Trusted Network Connect (TNC) Reference Measurements, Policy Database PDP Internet/Intranet PEP Allow Protected Network Isolate Remediation Network NAR: Network Access Requester PEP: Policy Enforcement Point PDP: Policy Decision Point
9 Trusted Network Connect: Features TCG/IETF Specifications Open Interoperable Extensible Modular Plug-in Architecture NAC Agnostic TCG: Trusted Computing Group IETF: Internet Engineering Task Fork
10 TNC Architecture Collection Access Requester (AR) Measurement Collectors IMCs IMC 3 IMC t 2 IMC 1 Collector Collector Policy Enforcement Point (PEP) IF-M Policy Decision Point (PDP) IMV 2 IMV 1 t Measurement Verifiers IMVs Evaluation TNC Client (TNCC) IF-IMC IF-TNCCS IF-IMV TNC Server (TNCS) Network Access Network Access Requester Supplicant/ VPN client, etc. IF-T Policy Enforcement Point (PEP) Switch/Firewall/ VPN gateway/tls server, etc. Network Access Authority AAA server/ TLS server Source:
11 Threat Model TNC Threat Model/ Countermeasures Any entity, part of TNC, exchange could be compromised Any communication, part of TNC exchange, could be compromised Countermeasures Relies on protection by existing network access protocols 802.1X, IKEv2, TLS Relies on hardware assisted protection: TPM (Trusted Platform Module)
12 TNC Architecture: Terminology TCG terminology Trusted Network Connect (TNC) Measurement Collector (IMC) Measurement Verifier (IMV) IF-M (Protocol between IMC and IMV) IF-IMC (local APIs between TNC client and IMC) IF-IMV (local APIs between TNC server and IMV) TNC client TNC Server IF-TNCCS (Protocol between TNC client and Server) IETF Terminology Network End Point Assessment (NEA) IETF RFC 5209 Posture Collector Posture Validator PA-TNC (Protocol between Posture Collector and Posture Validator) IETF RFC 5792 No IETF specification No IETF specification Posture Broker Client Posture Broker Server PB-TNC (Protocol between Posture Broker Client and Server) IETF RFC 5793 IF-T (EAP) PT-EAP IETF RFC 7171 NO TCG specification PT-TLS IETF RFC 6876
13 TNC Architecture: End Point Assessment Component Value 0 Testing Component Name 1 Operating System 2 Anti-virus 3 Anti-spyware 4 Anti-malware 5 Firewall 6 Intrusion Detection /Prevention System 7 VPN 8 NEA Client Attribute Value Attribute Name 0 Testing 1 Attribute Request 2 Product Information 3 Numeric Version 4 String Version 5 Operational Status 6 Port Filter 7 Installed Packages 8 PA-TNC Error 9 Assessment Result 10 Remediation Instructions 11 Forwarding Enabled 12 Factory Default Password Enabled
14 TNC Architecture: IMC Implementation IMC TNC_IMC_Initialize() TNC_IMC_BeginHandshake() TNC_IMC_ProvideBindFunction() IF-IMC TNC Client TNC_TNCC_ReportMessageTypes() TNC_TNCC_RequestHandshakeRetry() TNC_TNCC_SendMessage() TNC_TNCC_BindFunction() /etc/tnc_config: IMC NAME-OF-IMC /path-to-imc.so
15 TNC Architecture: IMV Implementation IMV TNC_IMV_Initialize() TNC_IMV_SolicitRecommendation() TNC_IMV_ProvideBindFunction() IF-IMV TNC Server TNC_TNCS_ReportMessageTypes() TNC_TNCS_SendMessage() TNC_TNCS_BindFunction() /etc/tnc_config: IMV NAME-OF-IMV /path-to-imv.so
16 TPM Assisted Remote Attestation Extending TCG's TNC architecture Not specified by IETF Collection Access Requester (AR) Measurement Collectors IMCs IMC 3 IMC t 2 IMC 1 Collector Collector Policy Enforcement Point (PEP) IF-M Policy Decision Point (PDP) IMV 2 IMV 1 t Measurement Verifiers IMVs Evaluation TNC Client (TNCC) IF-IMC IF-TNCCS IF-IMV TNC Server (TNCS) IF-PTS Network Access Platform Trust Service (PTS) TSS TPM Network Access Requester Supplicant/ VPN client, etc. IF-T Policy Enforcement Point (PEP) Switch/Firewall/ VPN gateway/tls server, etc. Network Access Authority AAA server/ TLS server Source:
17 Current Status: RHEL and Fedora Packages: strongswan (strongimcv in RHEL), tncfhh, tpm-tools, tpm-quote-tools freeradius, wpa_supplicant, libtnc Functionality RHEL Fedora TNC client-server (IF-TNCCS) IMC-IMV (IF-M) PT-EAP PT-TLS OS IMC/IMV SWID IMC/IMV PTS IMC/IMV TNC over TLS TNC over 802.1x TNC over IPsec/IKEv2
18 Existing TNC IMC/IMV Modules OS IMC/IMV SWID IMC/IMV PTS IMC/IMV IETF RFC 5792 TCG's SWID IF-M specification TCG's PTS IF-M specification OS components and Attributes Software Identifiers (SWIDs) TPM based measurements
19 Resources Articles TNC specifications rusted_network_connect/specifications IETF RFCs 5209, 5792, 5793, 6876, 7171 Strongswan upstream
20 TNC Architecture: End Point Assessment Component Value 0 Testing Component Name 1 Operating System 2 Anti-virus 3 Anti-spyware 4 Anti-malware 5 Firewall 6 Intrusion Detection /Prevention System 7 VPN 8 NEA Client Attribute Value Attribute Name 0 Testing 1 Attribute Request 2 Product Information 3 Numeric Version 4 String Version 5 Operational Status 6 Port Filter 7 Installed Packages 8 PA-TNC Error 9 Assessment Result 10 Remediation Instructions 11 Forwarding Enabled 12 Factory Default Password Enabled
21 Thank You Questions? Feedback:
22 TNC Architecture Collection Access Requester (AR) Measurement Collectors IMCs IMC 3 IMC t 2 IMC 1 Collector Collector Policy Enforcement Point (PEP) IF-M Policy Decision Point (PDP) IMV 2 IMV 1 t Measurement Verifiers IMVs Evaluation TNC Client (TNCC) IF-IMC IF-TNCCS IF-IMV TNC Server (TNCS) Network Access Network Access Requester Supplicant/ VPN client, etc. IF-T Policy Enforcement Point (PEP) Switch/Firewall/ VPN gateway/tls server, etc. Network Access Authority AAA server/ TLS server Source:
23 TNC Architecture: IF-T (PT-EAP) IMC TNC client EAP-TNC Method Tunnel EAP Method EAP Peer IF-M IF-TNCCS IF-T PT-EAP (IETF RFC 7171) Tunnel EAP (EAP-TTLS) EAP IMV TNC server EAP-TNC Method Tunnel EAP Method EAP Authenticator Use case: pre admission assessment or reassessment with 802.1X or IKEV2 Source:
24 TNC Architecture: IF-T (PT-TLS) IMC TNC client TNC client TLS client IF-M IF-TNCCS IF-T PT-TLS (IETF RFC 6876) TLS IMV TNC server TNC server TLS server Use case: pre admission assessment or reassessment with TLS
25 TNC Architecture Collection Access Requester (AR) Measurement Collectors IMCs IMC 3 IMC t 2 IMC 1 Collector Collector Policy Enforcement Point (PEP) IF-M Policy Decision Point (PDP) IMV 2 IMV 1 t Measurement Verifiers IMVs Evaluation TNC Client (TNCC) IF-IMC IF-TNCCS IF-IMV TNC Server (TNCS) Network Access Network Access Requester Supplicant/ VPN client, etc. IF-T Policy Enforcement Point (PEP) Switch/Firewall/ VPN gateway/tls server, etc. Network Access Authority AAA server/ TLS server Source:
26 TNC Architecture: IF-TNCCS Evaluation Layer Encapsulates/Decapsulates messages between IMCs and IMVs Computes overall assessment results Provides recommendation to policy enforcement point (PEP) Allowed, Denied, Quarantined Provides remediation instructions to TNC clients Vendor IDs in messages for vendor specific extension 0 for IETF standard messages 0x for TCG standard messages
27 TNC Architecture Collection Access Requester (AR) Measurement Collectors IMCs IMC 3 IMC t 2 IMC 1 Collector Collector Policy Enforcement Point (PEP) IF-M Policy Decision Point (PDP) IMV 2 IMV 1 t Measurement Verifiers IMVs Evaluation TNC Client (TNCC) IF-IMC IF-TNCCS IF-IMV TNC Server (TNCS) Network Access Network Access Requester Supplicant/ VPN client, etc. IF-T Policy Enforcement Point (PEP) Switch/Firewall/ VPN gateway/tls server, etc. Network Access Authority AAA server/ TLS server Source:
28 TNC Architecture: IF-M Collection Layer Publish/Subscribe model of message exchange Zero or more IMCs/IMVs subscribed to a particular message One-to-One communication between IMC and IMV also possible Dynamic IDs for IMCs/IMVs IMCs collect measurements provide to TNC client IMVs verify the measurements provide results to TNC servers
TNC: Open Standards for Network Security Automation. Copyright 2010 Trusted Computing Group
TNC: Open Standards for Network Security Automation Copyright 2010 Trusted Computing Group Agenda Introduce TNC and TCG Explanation of TNC What problems does TNC solve? How does TNC solve those problems?
More informationNetwork Access Control (NAC) and Network Security Standards
Network Control (NAC) and Network Security Standards Copyright 2011 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #1 Agenda Goals of NAC Standards What
More informationTNC Endpoint Compliance and Network Access Control Profiles
TNC Endpoint Compliance and Network Access Control Profiles TCG Members Meeting June 2014 Barcelona Prof. Andreas Steffen Institute for Internet Technologies andapplications HSR University of Applied Sciences
More informationAndroid BYOD Security using Trusted Network Connect Protocol Suite
Android BYOD Security using Trusted Network Connect Protocol Suite Prof. Andreas Steffen HSR University of Applied Sciences Rapperswil andreas.steffen@hsr.ch Where the heck is Rapperswil? 2 HSR Hochschule
More informationTrusted Network Connect (TNC) 4th European Trusted Infrastructure Summer School August / September 2009
Trusted Network Connect (TNC) 4th European Trusted Infrastructure Summer School August / September 2009 Josef von Helden University of Applied Sciences and Arts, Hanover josef.vonhelden@fh-hannover.de
More informationUnified Security TNC EVERYWHERE. Wireless security. Road Warrior. IT Security. IT Security. Conference Room. Surveillance.
Corporate Governance Employee Cube Road Warrior Surveillance Surveillance IT Security Data Center IT Security Conference Room Wireless security Manufacturing and Control TNC EVERYWHERE Unified Security
More informationTrusted Network Connect (TNC)
Trusted Network Connect (TNC) Open Standards for Integrity-based Network Access Control and Coordinated Network Security April 2011 Trusted Computing Group 3855 SW 153rd Drive, Beaverton, OR 97006 Tel
More informationTCG. TCG Trusted Network Connect TNC Architecture for Interoperability. TCG PUBLISHED Copyright TCG 2004-2006
TCG Trusted Network Connect TNC Architecture for Interoperability Revision 2 1 May 2006 Published Contact: admin@trustedcomputinggroup.org Copyright TCG 2004-2006 TCG Copyright 2005-2006 Trusted Computing
More informationTrusted Network Connect (TNC)
Trusted Network Connect (TNC) Josef von Helden josef.vonhelden@inform.fh-hannover.de Martin Schmiedel Daniel Wuttke First European Summer School on Trusted Infrastructure Technologies September 2006 1
More informationThe Importance of Standards to Network Access Control
White Paper The Importance of Standards to Network Access Control Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net Part Number:
More informationThe strongswan IPsec Solution
The strongswan IPsec Solution with TNC Support TCG Members Meeting June 2011 Munich Prof. Dr. Andreas Steffen Institute for Internet Technologies andapplications HSR University of Applied Sciences Rapperswil
More informationNETWORK ACCESS CONTROL
RIVIER ACADEMIC JOURNAL, VOLUME 3, NUMBER 2, FALL 2007 NETWORK ACCESS CONTROL Arti Sood * Graduate Student, M.S. in Computer Science Program, Rivier College Abstract Computers connected to the Internet
More informationMulti-platform TNC with Radiator, XSupplicant and libtnc
May 1, 2007 Radiator Multi-platform TNC with Radiator, XSupplicant and libtnc Copyright (C) 2007 Open System Consultants Pty. Ltd. This white paper discusses the theory and application of Trusted Network
More informationSOFTWARE ASSET MANAGEMENT Continuous Monitoring. September 16, 2013
SOFTWARE ASSET MANAGEMENT Continuous Monitoring September 16, 2013 Tim McBride National Cybersecurity Center of Excellence timothy.mcbride@nist.gov David Waltermire Information Technology Laboratory david.waltermire@nist.gov
More informationNetwork Access Security It's Broke, Now What? June 15, 2010
Network Access Security It's Broke, Now What? June 15, 2010 Jeffrey L Carrell Network Security Consultant Network Conversions SHARKFEST 10 Stanford University June 14-17, 2010 Network Access Security It's
More informationSecurity Orchestration with IF-MAP
Security Orchestration with IF-MAP Gary Holland, Lumeta/IMRI 2 November 2011 Copyright 2010 Trusted Computing Group Agenda Threat Landscape and Federal Networks Trusted Network Connect Explanation of IF-MAP
More informationThe Linux Integrity Measurement Architecture and TPM-Based Network Endpoint Assessment
The Linux Integrity Measurement Architecture and TPM-Based Network Endpoint Assessment Andreas Steffen ITA Institute for Internet Technologies and Applications HSR University of Applied Sciences Rapperswil
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationSecurity Coordination with IF-MAP
Security Coordination with IF-MAP Matt Webster, Lumeta 28 Sept 2010 Copyright 2010 Trusted Computing Group Agenda Threat Landscape and Federal Networks Recap of TNC Explanation of IF-MAP What is IF-MAP?
More informationActive Network Defense: Real time Network Situational Awareness and a Single Source of Integrated, Comprehensive Network Knowledge
Active Network Defense: Real time Network Situational Awareness and a Single Source of Integrated, Comprehensive Network Knowledge This paper will present a case study of Lumeta s participation in an open
More informationLeveraging Trusted Network Connect for Secure Connection of Mobile Devices to Corporate Networks
Leveraging Trusted Network Connect for Secure Connection of Mobile Devices to Corporate Networks Prof. Dr. Kai-Oliver Detken 1, Hervais Simo Fhom 2, Prof. Dr. Richard Sethmann 3, Günther Diederich 3 1
More informationARCHITECT S GUIDE: Mobile Security Using TNC Technology
ARCHITECT S GUIDE: Mobile Security Using TNC Technology December 0 Trusted Computing Group 855 SW 5rd Drive Beaverton, OR 97006 Tel (50) 69-056 Fax (50) 644-6708 admin@trustedcomputinggroup.org www.trustedcomputinggroup.org
More informationThis chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview
This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview Deployment models C H A P T E R 6 Implementing Network
More informationSOFTWARE ASSET MANAGEMENT
BUILDING BLOCK WHITE PAPER SOFTWARE ASSET MANAGEMENT Continuous Monitoring V.2 This revision incorporates comments from the public. David Waltermire Information Technology Laboratory david.waltermire@nist.gov
More informationNetwork Access Control and Cloud Security
Network Access Control and Cloud Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationTNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is
1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the
More informationstrongswan TNC Activities Update
strongswan TNC Activities Update TCG Members Meeting June 2013 Dublin Prof. Andreas Steffen Institute for Internet Technologies and Applications HSR University of Applied Sciences Rapperswil andreas.steffen@hsr.ch
More informationMOBILE GAMING SYSTEM POLICIES
MOBILE GAMING SYSTEM POLICIES This document is intended to provide further clarification on applicable mobile gaming Technical Standards and additionally to define policies associated with the manufacturing
More informationOrchestrated Security Network. Automated, Event Driven Network Security. Ralph Wanders Consulting Systems Engineer
Orchestrated Security Network Automated, Event Driven Network Security Ralph Wanders Consulting Systems Engineer Orchestrated Security Network! " TCG/ TNC Architecture! " IF-MAP! " Use cases of IF-MAP!
More informationSSL VPN A look at UCD through the tunnel
SSL VPN A look at UCD through the tunnel Background Why? Who is it for? Stakeholders IET Library Schools and Colleges Key Requirements Integrate with existing authentication Flexible security groups within
More informationNetwork Access Control and Cloud Security
Network Access Control and Cloud Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationCisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com. 2006 Cisco Systems, Inc. All rights reserved.
Cisco Secure ACS Overview By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com 2006 Cisco Systems, Inc. All rights reserved. 1 Cisco Secure Access Control System Policy Control and
More information70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network
70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network Course Number: 70 299 Length: 1 Day(s) Course Overview This course is part of the MCSA training.. Prerequisites
More informationImplementing Cisco IOS Network Security
Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles
More informationAccess Requestor and Policy Decision Point in TNC@FHH
Overview Access Requestor and Policy Decision Point in TNC@FHH by Martin Schmiedel September 2006 Fachhochschule Hannover Fachbereich Informatik Author: Martin Schmiedel (M.Sc., Diplom-Informatiker (FH))
More informationNetwork Access Control for Mobile Networks
Network Access Control for Mobile Networks Table of Contents Introduction 3 Network access initiatives the candidates 4 Posture-based access control 4 Cisco network access control 5 Microsoft NAP 7 Juniper
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationNETWORK ACCESS CONTROL TECHNOLOGIES
NETWORK ACCESS CONTROL TECHNOLOGIES Benny Czarny OPSWAT Inc., 640 2nd, 2nd Floor San Francisco, CA 94107, USA Tel +1 415 543 1534 # 301 Email benny@opswat.com ABSTRACT Cisco, Microsoft and the Trusted
More informationEAP-WAI Authentication Protocol
EAP-WAI Authentication Protocol draft-richard-emu-wai-00 Richard 2009-07-26 Stockholm, IETF 75th Preface WAPI is a WLAN security protocol and brought forward By a Standard Group in China. It was invited
More information» WHITE PAPER. 802.1X and NAC: Best Practices for Effective Network Access Control. www.bradfordnetworks.com
» WHITE PAPER 802.1X and NAC: Best Practices for Effective Network Access Control White Paper» 802.1X and NAC: Best Practices for Effective Network Access Control 1 IEEE 802.1X is an IEEE (Institute of
More informationSecure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?
More informationConsumerization of Trusted Computing. Dr. Michael Willett Samsung
Consumerization of Trusted Computing Dr. Michael Willett Samsung ABSTRACT: Consumerization of Trusted Computing State, Federal, and international legislation mandate the use of strong security measures
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationREDCENTRIC MANAGED FIREWALL SERVICE DEFINITION
REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION SD007 V4.1 Issue Date 04 July 2014 1) SERVICE OVERVIEW 1.1) SERVICE OVERVIEW Redcentric s managed firewall service (MFS) is based on a hardware firewall appliance
More informationLatest IT Exam Questions & Answers
DumpKiller Latest IT Exam Questions & Answers http://www.dumpkiller.com No help, Full refund! Exam : 210-260 Title : Implementing Cisco Network Security Vendor : Cisco Version : DEMO 1 NO.1 Which address
More informationSecuring Networks with Cisco Routers and Switches (642-637)
Securing Networks with Cisco Routers and Switches (642-637) Exam Description: The 642-637 Securing Networks with Cisco Routers and Switches exam is the exam associated with the CCSP, CCNP Security, and
More informationWLAN Security: Identifying Client and AP Security
WLAN Security: Identifying Client and AP Security 2010 Cisco Systems, Inc. All rights reserved. CUWN v7.0 4-1 Lesson Overview & Objectives Overview This lesson provides detailed discussions on the Cisco
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationMobile Network Access Control
Mobile Network Access Control Extending Corporate Security Policies to Mobile Devices WHITE PAPER Executive Summary Network Access Control (NAC) systems protect corporate assets from threats posed by devices
More informationIPv6 Security: How is the Client Secured?
IPv6 Security: How is the Client Secured? Jeffrey L Carrell Network Conversions Network Security Consultant 1 IPv6 Security: How is the Client Secured? IPv6/IPsec IPsec Challenges IPsec Monitoring/Management
More informationInternational Telecommunication Union. IETF Security Work. Magnus Nyström. Technical Director, RSA Security Presentation made on behalf of the IETF
International Telecommunication Union IETF Security Work Magnus Nyström Technical Director, RSA Security Presentation made on behalf of the IETF Background Internet Engineering Task Force o International
More informationHow To Configure L2TP VPN Connection for MAC OS X client
How To Configure L2TP VPN Connection for MAC OS X client How To Configure L2TP VPN Connection for MAC OS X client Applicable Version: 10.00 onwards Overview Layer 2 Tunnelling Protocol (L2TP) can be used
More informationCourse: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems
Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding
More informationPlugin for Cisco NAC (Network Admission Control) Installation Guide
Plugin for Cisco NAC (Network Admission Control) Installation Guide Contents 1. Cisco Network Admission Control (NAC)...3 1.1 Advantages of NAC... 3 1.2 How does NAC work?... 3 2. ESET NAC plugin requirements...4
More informationSecure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco
Secure Access into Industrial Automation and Systems Industry Best Practice and Trends Serhii Konovalov Venkat Pothamsetty Cisco Vendor offers a remote firmware update and PLC programming. Contractor asks
More informationRSA SecurID Ready Implementation Guide
RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 18, 2006 Product Information Partner Name Microsoft Web Site http://www.microsoft.com/isaserver Product Name Internet
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationModule 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration
Module 1: Overview This module provides an overview of the AlienVault Unified Security Management (USM) solution. Upon completing this module, you will meet these objectives: Describe the goal of network
More informationNetwork Access Control ProCurve and Microsoft NAP Integration
HP ProCurve Networking Network Access Control ProCurve and Microsoft NAP Integration Abstract...2 Foundation...3 Network Access Control basics...4 ProCurve Identity Driven Manager overview...5 Microsoft
More informationSection 12 MUST BE COMPLETED BY: 4/22
Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege
More informationSecurity Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2
BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution
More informationChapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security
Chapter 12 Network Security Security Policy Life Cycle A method for the development of a comprehensive network security policy is known as the security policy development life cycle (SPDLC). Network Security
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationHow To Configure Apple ipad for Cyberoam L2TP
How To Configure Apple ipad for Cyberoam L2TP VPN Connection Applicable to Version: 10.00 (All builds) Layer 2 Tunneling Protocol (L2TP) can be used to create VPN tunnel over public networks such as the
More informationDesign and Implementation Guide. Apple iphone Compatibility
Design and Implementation Guide Apple iphone Compatibility Introduction Security in wireless LANs has long been a concern for network administrators. While securing laptop devices is well understood, new
More informationFactory-Installed, Standards-Based Hardware Security. Steven K. Sprague President & CEO, Wave Systems Corp.
Factory-Installed, Standards-Based Hardware Security Steven K. Sprague President & CEO, Wave Systems Corp. The challenge We are having a little problem with identity and data theft. It is time to reduce
More informationIINS Implementing Cisco Network Security 3.0 (IINS)
IINS Implementing Cisco Network Security 3.0 (IINS) COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationData Sheet. NCP Secure Enterprise Management. Next Generation Network Access Technology
Centrally Managed VPN Fully Automatic Operation of a Remote Access VPN via a Single Console Enables easy rollout and operation of secure remote access infrastructures Central creation of client configuration
More informationMobile Secure Network Connectivity for Industrial Control Systems
Mobile Secure Network Connectivity for Industrial Control Systems Peaceful Coexistence in Mixed Control System / IT Environments Steven C. Venema Associate Technical Fellow Architecture & Networked Systems
More informationCisco Certified Security Professional (CCSP)
529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Security Professional (CCSP) Program Summary This instructor- led program with a combination
More informationCisco Network Admission Control and Microsoft Network Access Protection Interoperability Architecture
Cisco Network Admission Control and Microsoft Network Access Protection Interoperability Architecture Cisco Systems and Microsoft Corporation Published: September 2006 Abstract Cisco Systems, Inc. and
More informationARCHITECT S GUIDE: Comply to Connect Using TNC Technology
ARCHITECT S GUIDE: Comply to Connect Using TNC Technology August 2012 Trusted Computing Group 3855 SW 153rd Drive Beaverton, OR 97006 Tel (503) 619-0562 Fax (503) 644-6708 admin@trustedcomputinggroup.org
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationCompany Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationBypassing Network Access Control Systems
1 Bypassing Network Access Control Systems Ofir Arkin, CTO Blackhat USA 2006 ofir.arkin@insightix.com http://www.insightix.com 2 What this talk is about? Introduction to NAC The components of a NAC solution
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationCONTINUOUS MONITORING IN FEDERAL AGENCY NETWORKS
White Paper CONTINUOUS MONITORING IN FEDERAL AGENCY NETWORKS Juniper offers a wide range of sense-and-respond capabilities to support continuous monitoring government initiatives Copyright 2014, Juniper
More informationPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance Payment Application Connected to Internet, No Electronic Cardholder Data Storage Version
More informationPolicy Management: The Avenda Approach To An Essential Network Service
End-to-End Trust and Identity Platform White Paper Policy Management: The Avenda Approach To An Essential Network Service http://www.avendasys.com email: info@avendasys.com email: sales@avendasys.com Avenda
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationCisco Security Agent (CSA) Network Admission Control (NAC)
Cisco Security Agent (CSA) Network Admission Control (NAC) Pascal Delprat Security Consultant Cisco France Vincent Bieri Marketing Manager, Security EMEA Technology Marketing Organisation 1 Agenda CSA
More informationSecure Networks for Process Control
Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than
More informationSACM Vulnerability Assessment Scenario IETF 94 11/05/2015
SACM Vulnerability Assessment Scenario IETF 94 11/05/2015 What is it? Walks through an automated enterprise vulnerability assessment scenario Begins with an enterprise ingesting a vulnerability report
More informationPART D NETWORK SERVICES
CONTENTS 1 ABOUT THIS PART... 2 2 PUBLIC NETWORK... 2 Internet... 2 3 PRIVATE NETWORK... 3 Global WAN services... 3 4 SECURITY SERVICES... 3 Firewall... 4 Intrusion Prevention (Network)... 5 SSL/IPSEC
More informationImplementing Core Cisco ASA Security (SASAC)
1800 ULEARN (853 276) www.ddls.com.au Implementing Core Cisco ASA Security (SASAC) Length 5 days Price $6215.00 (inc GST) Overview Cisco ASA Core covers the Cisco ASA 9.0 / 9.1 core firewall and VPN features.
More informationBest Practices for Outdoor Wireless Security
Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged
More informationImplementing Cisco IOS Network Security v2.0 (IINS)
Implementing Cisco IOS Network Security v2.0 (IINS) Course Overview: Implementing Cisco IOS Network Security (IINS) v2.0 is a five-day instructor-led course that is presented by Cisco Learning Partners
More informationNCP Secure Enterprise Management Next Generation Network Access Technology
Data Sheet NCP Secure Enterprise Management Next Generation Network Access Technology Centrally Managed VPN fully Automatic Operation of a Remote Access VPN via a Single Console Enables easy rollout and
More informationConfiguring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA
Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline
More informationCISCO IOS NETWORK SECURITY (IINS)
CISCO IOS NETWORK SECURITY (IINS) SEVENMENTOR TRAINING PVT.LTD [Type text] Exam Description The 640-553 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification.
More informationSonicwall Reporting Server
Sonicwall Reporting Server How to access the reporting server: Navigate to https://swreports.hitechsupport.com.au, and enter your username and password provided. After you have logged in, click on the
More informationEmbedded Trusted Computing on ARM-based systems
1 / 26 Embedded Trusted Computing on ARM-based systems Martin Schramm, M.Eng. 10.04.2014 Agenda 2 of 26 martin.schramm@th-deg.de Embedded computing platforms have become omnipresent intend to alleviate
More informationACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0
ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Introduction to Network Security
More informationRecommended 802.11 Wireless Local Area Network Architecture
NATIONAL SECURITY AGENCY Ft. George G. Meade, MD I332-008R-2005 Dated: 23 September 2005 Network Hardware Analysis and Evaluation Division Systems and Network Attack Center Recommended 802.11 Wireless
More informationRemote Access Security
Glen Doss Towson University Center for Applied Information Technology Remote Access Security I. Introduction Providing remote access to a network over the Internet has added an entirely new dimension to
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationSymantec Mobile Management Suite
Symantec Mobile Management Suite One Solution For All Enterprise Mobility Needs Data Sheet: Mobile Security and Management Introduction Most enterprises have multiple mobile initiatives spread across the
More informationHow To Create A Virtual Network With A Router And Network Operating System (Ip) For A Network (Ipv) (Ip V2) (Netv) And A Virtualization) (Network) (Wired) (Virtual) (Wire)
Post-IP technologies virtualization and security Guy Pujolle 1 Virtualization for a post-ip network 2 Geni Intel would like to propose a generic router Intel proposes to have a generic hardware with virtual
More informationHow to Prevent a Data Breach and Protect Your Business
Enforcing Security Policies Key Differentiator NetVanta Microsoft Desktop Auditing Providing Insight Into Your Network With an increasingly mobile workforce, technology portability, and the increase in
More information