Demo: Securing IoT with Trusted Computing
|
|
- Charlotte Snow
- 7 years ago
- Views:
Transcription
1 Demo: Securing IoT with Trusted Computing Demo built by Cisco, Infineon and Intel, With the Assistance of HSR University of Applied Sciences, Rapperswil 2015 Trusted Computing Group 1
2 Agenda Introduction, problem statement and use case Description of the Demo Demo 2015 Trusted Computing Group 2
3 Introduction, problem statement and use case 2015 Trusted Computing Group 3
4 Introduction This demo is a proof of concept As a proof of concept, please let us know what you think of what you see Problem Statement Can we implement strong authentication between all equipment in a network, not just of one endpoint to another? By definition, single factor authentication is weak, two or more factors of authentication is strong 2015 Trusted Computing Group 4
5 Demo Use Case General Use Case: A deployment of IoT devices (sensors and actuators) Central management for the IoT deployment is remote to the IoT devices, over an Internet Can we show that all equipment in the use case is owned by the customer and that the software on that equipment has not been changed? Specific example: Smart buildings A smart building in Manhattan may have thousands of devices like cameras, thermostats, HVAC actuators, etc. Central management for the building might be in a datacenter in Dallas. What can be done to enhance the security and trustworthiness of all of the devices, including network gear, in this example? 2015 Trusted Computing Group 5
6 Description of the Demo 2015 Trusted Computing Group 6
7 The Demo Equipment & Layout Raspberry Pi Cisco CGR 1120 Our IoT deployment Our network gear Cisco UCS 240 Server Our management server
8 Authentication Flow Between rpi and CGR Raspberry Pi Cisco CGR Start Session? 2. Who are you? Can I trust you? 3. Here are my identity and TPM-signed integrity information 4. Verify identity and integrity (done locally) 6. Open SSL session to Server through CGR 5. Session authorized 2015 Trusted Computing Group 8
9 Authentication Flow Between Server and CGR Cisco UCS 240 Server Cisco CGR Start Session? 2. Who are you? Can I trust you? Here are my credentials 3. Verify identity and integrity (done locally) 3. Verify identity and integrity (done locally) 4. Session authorized 4. Session authorized 5. Open SSL session to rpi through CGR 2015 Trusted Computing Group 9
10 Authentication Architecture for TNC Raspberry Pi Cisco CGR 1120 Integrity Measurement Collector TNC IF-M (RFC 5792) (Application layer) Integrity Measurement Verifier TNC Client TNC IF-TNCCS (RFC 5793) (Message Flow layer) TNC Server Network Access Requestor TNC IF-M (RFC 5792) (Packet flow layer) Network Access Authority 2015 Trusted Computing Group 10
11 IoT Devices Raspi 1 Demo Network Topology Cisco CGR1120 UCS 7 http TNC Client HW TPM IMA PT-TLS Policy DB PT-TLS TNC Client SW TPM TBOOT TNC 1-Way Attestation TNC Server TNC Mutual Attestation Raspi 6 UCS 9 TNC Client Fake endpoint IMA PT-TLS TNC Client SW TPM TBOOT PT-TLS http TNC Client HW TPM TBOOT
12 OK, Fine. Enough slides. SHOW IT! 2015 Trusted Computing Group 12
13 Sample Log Entries Showing System Start 2015 Trusted Computing Group 13
14 Linux IMA to measure the OS Prior to OS Load, the CRTM measures BIOS & boot loader into PCRs on the TPM Early in OS Load, Linux Integrity Management Architecture measures (hashes) a policy-based list of files and directories. Each new hash is then extended into PCR 10 The final aggregate hash in PCR 10 is the record of the state of the measured files/directories at time of boot The quote of PCRs 0-7 and PCR 10 is the basis for TNC PDP to decide if the supplicant OS is trusted Snip of syslog showing IMA measuring file and extending measurements into PCR 10: (easiest to follow the numbers, read right to left) PCR used (10) New value stored in PCR 10 Hash of file Hashed File 2015 Trusted Computing Group 14
15 TNC Client Authentication Certificate Exchange Snippet of normal TLS certificate processing at session start, raspberry Pi requesting session with a CGR. Integrity validation follows certificate validation Trusted Computing Group 15
16 Authentication continues with validation of integrity report Snippet from syslog showing completion of integrity validation done by a CGR against a raspberry Pi TNC-based authentication of the rpi is now complete. A normal TLS session can now be set up Trusted Computing Group 16
17 Done with syslog, now the GUI view. This screen shows the policy-defined list of directories and files that IMA will measaure into PCR 10 on the rpi. When the rpi authenticates to the CGR, it provides a signed report of the values in its PCRs, including PCR 10. This list is also kept in the validation server on the CGR, along with expected values for each file and each PCR. The CGR only validates PCR measurements, not individual file measurements 2015 Trusted Computing Group 17
18 Drill down on /bin directory, showing the files in /bin that are measured into PCR 10. The CGR will match the reported PCR 10 against the expected PCR to decide if the CGR trusts the OS running on rpi Trusted Computing Group 18
19 Final drill down the SHA1 and SHA256 hash values that the CGR uses as golden values (customer selects which algorithm to use). Remember that on the rpi, all these files are individually hashed (measured), then the hash extended into PCR 10 with all other hashes. The CGR has a golden measurement for each file. It also has a golden measurement that represents the consolidated measurements of all the files consolidated in PCR 10. At authentication, the CGR validates either each file measurement or only the consolidated set reported in PCR 10 by the rpi Trusted Computing Group 19
20 Next we look at the device report for devices currently connected to the CGR This is a drill down on Raspi 2. Under Device Info, note the ID. The ID is the SHA256 hash of Raspi 2 s AIK Public Key. The AIK private key is protected within Raspi 2 s TPM. This Proof of Concept uses the hash of the AIK public key as a unique, hardware protected identity for Raspi 2. Hash of Raspi 2 s AIK public key Device report, next 20
21 General report for Raspi 2 Click here to see details of the last session 2015 Trusted Computing Group 21
22 Connection attempt by Raspi 2 was allowed TPM IMA on the rpi reporting 299 measurements Based on policy in the CGR, The CGR is validating every file. It expects 288 and finds them to be correct It finds 299 measurements and ignores the 11 unknown 0 Failed means that Raspi 2 is allowed to connect in this case The 11 unknown means there is a mismatch between what the Raspi 2 is reporting and what the CGR is expecting. If CGR is matching only on PCR 10, this would have been a 1 failed condition and the session would not be allowed. 22
23 What a server connection looks like on the CGR Measurements of Linux follows TBOOT, assuming that the TPM quote is obtained through TXT running on the server Server measurements are in PCRs 17 and 18 for Linux, therefore 2 evidence measurements are evaluated 2015 Trusted Computing Group 23
24 Done & Summary This demo addresses a broad current of convergence occurring between the IoT & Cloud markets. We ve seen All devices in the demo employ multi-factor authentication to decide whether a device can join the network or not. That dedicated HW protects authentication credentials from end to end. Two implementations of this authentication One-way, the rpi to the CGR, the rpi implicitly trusts the CGR Two-way, the CGR & the server no implicit trust is required. A policy based mechanism for the customer to specify what software on the devices must maintain integrity and what happens when integrity is lost. The result is that devices in this network organize themselves into a closed communication path based on validation of HW protected identity and integrity information 2015 Trusted Computing Group 24
TNC: Open Standards for Network Security Automation. Copyright 2010 Trusted Computing Group
TNC: Open Standards for Network Security Automation Copyright 2010 Trusted Computing Group Agenda Introduce TNC and TCG Explanation of TNC What problems does TNC solve? How does TNC solve those problems?
More informationTNC Endpoint Compliance and Network Access Control Profiles
TNC Endpoint Compliance and Network Access Control Profiles TCG Members Meeting June 2014 Barcelona Prof. Andreas Steffen Institute for Internet Technologies andapplications HSR University of Applied Sciences
More informationNetwork Access Control (NAC) and Network Security Standards
Network Control (NAC) and Network Security Standards Copyright 2011 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #1 Agenda Goals of NAC Standards What
More informationAndroid BYOD Security using Trusted Network Connect Protocol Suite
Android BYOD Security using Trusted Network Connect Protocol Suite Prof. Andreas Steffen HSR University of Applied Sciences Rapperswil andreas.steffen@hsr.ch Where the heck is Rapperswil? 2 HSR Hochschule
More informationLinux Web Based VPN Connectivity Details and Instructions
Linux Web Based VPN Connectivity Details and Instructions UMDNJ s Web-based VPN utilizes an SSL Based Cisco Application that provides VPN functionality without having to install a full client for end users
More informationEmbedded Trusted Computing on ARM-based systems
1 / 26 Embedded Trusted Computing on ARM-based systems Martin Schramm, M.Eng. 10.04.2014 Agenda 2 of 26 martin.schramm@th-deg.de Embedded computing platforms have become omnipresent intend to alleviate
More informationMAC Web Based VPN Connectivity Details and Instructions
MAC Web Based VPN Connectivity Details and Instructions UMDNJ s Web-based VPN utilizes an SSL Based Cisco Application that provides VPN functionality without having to install a full client for end users
More informationTrustworthy Computing
Stefan Thom Senior Software Development Engineer and Security Architect for IEB, Microsoft Rob Spiger, Senior Security Strategist Trustworthy Computing Agenda Windows 8 TPM Scenarios Hardware Choices with
More informationSetup Cisco Call Manager on VMware
created by: Rainer Bemsel Version 1.0 Dated: July/09/2011 The purpose of this document is to provide the necessary steps to setup a Cisco Call Manager to run on VMware. I ve been researching for a while
More informationOVAL+TPM. A Case Study in Enterprise Trusted Computing. Ariel Segall. June 21, 2011
OVAL+TPM A Case Study in Enterprise Trusted Computing Ariel Segall June 21, 2011 Approved for Public Release: 11-0144. Distribution Unlimited. c 2011. All Rights Reserved. (1/15) Motivation Goal: Demonstrate
More informationTNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is
1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the
More informationBuilding Blocks Towards a Trustworthy NFV Infrastructure
Building Blocks Towards a Trustworthy NFV Infrastructure IRTF NFVRG Adrian L. Shaw Hewlett-Packard Laboratories / July 22 nd, 2015 1 Why security and trust? Big requirement for critical
More informationIndex. BIOS rootkit, 119 Broad network access, 107
Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models,
More informationAdRadionet to IBM Bluemix Connectivity Quickstart User Guide
AdRadionet to IBM Bluemix Connectivity Quickstart User Guide Platform: EV-ADRN-WSN-1Z Evaluation Kit, AdRadionet-to-IBM-Bluemix-Connectivity January 20, 2015 Table of Contents Introduction... 3 Things
More informationSOFTWARE ASSET MANAGEMENT Continuous Monitoring. September 16, 2013
SOFTWARE ASSET MANAGEMENT Continuous Monitoring September 16, 2013 Tim McBride National Cybersecurity Center of Excellence timothy.mcbride@nist.gov David Waltermire Information Technology Laboratory david.waltermire@nist.gov
More informationNetwork Authentication - 802.1X Secure the Edge of the Network - Technical White Paper
Bosch Security Systems Video Systems Network Authentication - 802.1X Secure the Edge of the Network - Technical White Paper 4 July 2016 Secure the edge of the network Security devices are mostly located
More informationWindows Web Based VPN Connectivity Details & Instructions
VPN Client Overview UMDNJ s Web based VPN utilizes an SSL (Secure Socket Layer) Based Cisco Application that provides VPN functionality without having to install a full client for end users running Microsoft
More informationstrongswan TNC Activities Update
strongswan TNC Activities Update TCG Members Meeting June 2013 Dublin Prof. Andreas Steffen Institute for Internet Technologies and Applications HSR University of Applied Sciences Rapperswil andreas.steffen@hsr.ch
More informationTrusted Virtual Machine Management for Virtualization in Critical Environments
Trusted Virtual Machine Management for Virtualization in Critical Environments Khan Ferdous Wahid Fraunhofer SIT Rheinstraße 75 64295 Darmstadt Germany www.sit.fraunhofer.de khan.wahid@sit.fraunhofer.de
More informationIF-MAP Use Cases: Real-Time CMDB, and More
IF-MAP Use Cases: Real-Time CMDB, and More Richard Kagan EVP / General Manager Orchestration Systems Business Unit IF-MAP: A Powerful New Standard IF-MAP = Interface to Metadata Access Points An open protocol
More informationSession ID: Session Classification:
Session ID: Session Classification: Protecting Data with Encryption Access Control Protect Sensitive Data Protect and Manage Threats Groundbreaking Malware Resistance Protects the client, data, and corporate
More informationTrust: When Physical and Logical Security Worlds Collide
Trust: When Physical and Logical Security Worlds Collide Bob Beliles VP. Enterprise Business Development Hirsch Electronics Copyright 2009 Trusted Computing Group Copyright 2009 Trusted Computing Group
More informationOne-Stop Intel TXT Activation Guide
One-Stop Intel TXT Activation Guide DELL* PowerEdge 12G Server Systems Intel Trusted Execution Technology (Intel TXT) for Intel Xeon processor-based servers is commonly used to enhance platform security
More informationIoT Solutions from Things to the Cloud
IoT Solutions from Things to the Cloud Intel Quark SoC X1000 Applications Marketing Seminar Anaheim, California Oct. 29, 2014 Intel, the Intel logo, the Intel Inside logo, Intel Atom, Intel Core, Quark
More informationApache Milagro (incubating) An Introduction ApacheCon North America
Apache Milagro (incubating) An Introduction ApacheCon North America Apache Milagro will establish a new independent security framework for the Internet A Distributed Cryptosystem Secure the Future of the
More informationEnhancing Web Application Security
Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor
More informationUnified Security TNC EVERYWHERE. Wireless security. Road Warrior. IT Security. IT Security. Conference Room. Surveillance.
Corporate Governance Employee Cube Road Warrior Surveillance Surveillance IT Security Data Center IT Security Conference Room Wireless security Manufacturing and Control TNC EVERYWHERE Unified Security
More informationAccelerate OpenStack* Together. * OpenStack is a registered trademark of the OpenStack Foundation
Accelerate OpenStack* Together * OpenStack is a registered trademark of the OpenStack Foundation Where are your workloads running Ensuring Boundary Control in OpenStack Cloud. Raghu Yeluri Principal Engineer,
More informationUPnP Internet of Things
UPnP Internet of Things July 2014 Keith Miller Intel Wouter van der Beek Cisco Systems, Inc. UPnP Internet of Things Task Force 2014 UPnP Forum Overview Scope Architecture Local components description
More informationTrusted Geolocation in the Cloud. Based on NIST Interagency Report 7904 - Trusted Geolocation in the Cloud: Proof of Concept Implementation
Trusted Geolocation in the Cloud Based on NIST Interagency Report 7904 - Trusted Geolocation in the Cloud: Proof of Concept Implementation 2 Agenda Definition of cloud computing Trusted Geolocation in
More informationOne-Stop Intel TXT Activation Guide
One-Stop Intel TXT Activation Guide HP Gen8 Family Based Server Systems Intel Trusted Execution Technology (Intel TXT) for Intel Xeon processor-based servers is commonly used to enhance platform security
More informationLecture Embedded System Security Dynamic Root of Trust and Trusted Execution
1 Lecture Embedded System Security Dynamic Root of Trust and Execution Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2014 Dynamic Root
More informationLecture 7: Privacy and Security in Mobile Computing. Cristian Borcea Department of Computer Science NJIT
Lecture 7: Privacy and Security in Mobile Computing Cristian Borcea Department of Computer Science NJIT Location Privacy Location Authentication Trusted Ad Hoc Networks 2 Privacy Violated Request: Retrieve
More informationModern Multi-factor and Remote Access Technologies
Modern Multi-factor and Remote Access Technologies ANDREW BRICKEY Senior IT Engineer Identity and Access Management / Core Computing Services NLIT Summit 2016 May 11, 2016 1 Agenda Problem and solution
More informationUsing the TPM to Solve Today s Most Urgent Cybersecurity Problems
Using the to Solve Today s Most Urgent Cybersecurity Problems May 20, 2014 10:00AM PDT 2 Stacy Cannady, Technical Marketing Trustworthy Computing, Cisco Stacy Cannady, CISSP, is technical marketing - Trustworthy
More informationINTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505
INTEGRATION GUIDE DIGIPASS Authentication for Cisco ASA 5505 Disclaimer DIGIPASS Authentication for Cisco ASA5505 Disclaimer of Warranties and Limitation of Liabilities All information contained in this
More informationKURA M2M/IoT Gateway. reducing the distance between embedded and enterprise technologies. Tiziano Modotti, October 28 th, 2014
KURA M2M/IoT Gateway reducing the distance between embedded and enterprise technologies Tiziano Modotti, October 28 th, 2014 IoT Architecture @ M2M/IoT Integration Platform on Cloud Business Applications
More informationIBM EXAM - C2150-196. IBM Security QRadar SIEM V7.1 Implementation. http://www.examskey.com/c2150-196.html
IBM EXAM - C2150-196 IBM Security QRadar SIEM V7.1 Implementation TYPE: DEMO http://www.examskey.com/c2150-196.html Examskey IBM C2150-196 exam demo product is here for you to test the quality of the product.
More informationProperty Based TPM Virtualization
Property Based Virtualization Marcel Winandy Joint work with: Ahmad Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security Chair for System Security Ruhr University Bochum, Germany Sirrix
More informationScenario: IPsec Remote-Access VPN Configuration
CHAPTER 3 Scenario: IPsec Remote-Access VPN Configuration This chapter describes how to use the security appliance to accept remote-access IPsec VPN connections. A remote-access VPN enables you to create
More informationBitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation
BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker
More informationHW (Fat001) TPM. Figure 1. Computing Node
1. Overview Two major components exist in our current prototype systems: the management node, including the Cloud Controller, Cluster Controller, Walrus and EBS, and the computing node, i.e. the Node Controller
More informationBuilding scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF
Building scalable IPSec infrastructure with MikroTik IPSec, L2TP/IPSec, OSPF Presenter information Tomas Kirnak Network design Security, wireless Servers Virtualization MikroTik Certified Trainer Atris,
More informationCopyright Giritech A/S. Secure Mobile Access
Secure Mobile Access From everywhere... From any device... From user......to applications Page 3...without compromising on security and usability... and to my PC in the office: Secure Virtual Access Contrary
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationSecurity Coordination with IF-MAP
Security Coordination with IF-MAP Matt Webster, Lumeta 28 Sept 2010 Copyright 2010 Trusted Computing Group Agenda Threat Landscape and Federal Networks Recap of TNC Explanation of IF-MAP What is IF-MAP?
More informationThinLinX TLXOS RPi Installation Guide Creating the Installer (Step 1)
ThinLinX TLXOS RPi Installation Guide ThinLinX has created an optimized version of ThinLinX OS (TLXOS) for the Rasperry Pi by leveraging the NEON instruction set; we also use the H.264 hardware decoder
More informationAccess Your Cisco Smart Storage Remotely Via WebDAV
Application Note Access Your Cisco Smart Storage Remotely Via WebDAV WebDAV (Web-based Distributed Authoring and Versioning), is a set of extensions to the HTTP(S) protocol that allows a web server to
More informationUsing RD Gateway with Azure Multifactor Authentication
Using RD Gateway with Azure Multifactor Authentication We have a client that uses RD Gateway to allow users to access their RDS deployment from outside their corporate network. They have about 1000+ users.
More informationCisco Identity Services Engine
Cisco Identity Services Engine Secure Access Stefan Dürnberger CCIE Security Sourcefire Certified Expert Most organizations, large and small, have already been compromised and don t even know it: 100 percent
More informationTCG. TCG Trusted Network Connect TNC Architecture for Interoperability. TCG PUBLISHED Copyright TCG 2004-2006
TCG Trusted Network Connect TNC Architecture for Interoperability Revision 2 1 May 2006 Published Contact: admin@trustedcomputinggroup.org Copyright TCG 2004-2006 TCG Copyright 2005-2006 Trusted Computing
More informationCisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com. 2006 Cisco Systems, Inc. All rights reserved.
Cisco Secure ACS Overview By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com 2006 Cisco Systems, Inc. All rights reserved. 1 Cisco Secure Access Control System Policy Control and
More informationCREDENTIAL MANAGER IN WINDOWS 7
CREDENTIAL MANAGER IN WINDOWS 7 What is Credential Manager Whenever we try to access some resource, whether it is local or remote resource, Windows always validates our credentials to make sure we have
More informationBypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken
Bypassing Local Windows Authentication to Defeat Full Disk Encryption Ian Haken Who Am I? Currently a security researcher at Synopsys, working on application security tools and Coverity s static analysis
More informationAttestation: Proving Trustability
Chapter 4 Attestation: Proving Trustability In the last few chapters we have looked at the first stages in a process toward establishing trust between systems. First, the establishment of roots of trust
More informationProtecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013
Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust Dan Griffin DefCon 2013 Time-Bound Keys Announcements New tool: TimedKey.exe New whitepaper: Trusted Tamperproof Time on Mobile
More informationTrustworthy Identity Management for Web Authentication
Trustworthy Identity Management for Web Authentication Ramasivakarthik Mallavarapu Aalto University, School of Science and Technology kmallava@tkk.fi Abstract Identity theft today is one of the major security
More informationvsphere Security ESXi 5.5 vcenter Server 5.5 EN-001164-04
ESXi 5.5 vcenter Server 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions
More informationAcronis Backup & Recovery 11
Acronis Backup & Recovery 11 Quick Start Guide Applies to the following editions: Advanced Server Virtual Edition Advanced Server SBS Edition Advanced Workstation Server for Linux Server for Windows Workstation
More informationAttestation and Authentication Protocols Using the TPM
Attestation and Authentication Protocols Using the TPM Ariel Segall June 21, 2011 Approved for Public Release: 11-2876. Distribution Unlimited. c 2011. All Rights Reserved. (1/28) Motivation Almost all
More informationA Perspective on the Evolution of Mobile Platform Security Architectures
A Perspective on the Evolution of Mobile Platform Security Architectures Kari Kostiainen Nokia Research Center, Helsinki TIW, June 2011 Joint work with N. Asokan, Jan-Erik Ekberg and Elena Reshetova 1
More informationIntroduction to Security and PIX Firewall
Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network
More informationHybrid for SharePoint Server 2013. Search Reference Architecture
Hybrid for SharePoint Server 2013 Search Reference Architecture 2014 Microsoft Corporation. All rights reserved. This document is provided as-is. Information and views expressed in this document, including
More informationUPnP Internet of Things Dec 2014
UPnP Internet of Things Dec 2014 Keith Miller Intel Wouter van der Beek Cisco UPnP Internet of Things Task Force 2014 UPnP Forum Overview Scope Architecture Local components description Sensor Management
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationCisco IPS Tuning Overview
Cisco IPS Tuning Overview Overview Increasingly sophisticated attacks on business networks can impede business productivity, obstruct access to applications and resources, and significantly disrupt communications.
More informationImplementing Hardware Roots of Trust: The Trusted Platform Module Comes of Age Sponsored by the Trusted Computing Group (TCG)
Implementing Hardware Roots of Trust: The Trusted Platform Module Comes of Age Sponsored by the Trusted Computing Group (TCG) Speakers: Gal Shpantzer, John Pescatore (SANS Institute) Chris Hallum (Microsoft)
More informationReducing Configuration Complexity with Next Gen IoT Networks
Reducing Configuration Complexity with Next Gen IoT Networks Orama Inc. November, 2015 1 Network Lighting Controls Low Penetration - Why? Commissioning is very time-consuming & expensive Network configuration
More informationUsage of Evaluate Client Certificate with SSL support in Mediator and CentraSite
Usage of Evaluate Client Certificate with SSL support in Mediator and CentraSite Introduction Pre-requisite Configuration Configure keystore and truststore Asset Creation and Deployment Troubleshooting
More informationNIST Interagency Report 7904 (Draft) Trusted Geolocation in the Cloud: Proof of Concept Implementation (Draft)
NIST Interagency Report 7904 (Draft) Trusted Geolocation in the Cloud: Proof of Concept Implementation (Draft) Erin K. Banks Michael Bartock Kevin Fiftal David Lemon Karen Scarfone Uttam Shetty Murugiah
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationNetwork Access Security It's Broke, Now What? June 15, 2010
Network Access Security It's Broke, Now What? June 15, 2010 Jeffrey L Carrell Network Security Consultant Network Conversions SHARKFEST 10 Stanford University June 14-17, 2010 Network Access Security It's
More informationTrusted Virtual Datacenter Radically simplified security management
IBM T. J. Watson Research Center Trusted Virtual Datacenter Radically simplified security management Stefan Berger, Ramón Cáceres, Dimitrios Pendarakis, Reiner Sailer, Ray Valdez Secure Systems Department,
More informationERserver. iseries. Secure Sockets Layer (SSL)
ERserver iseries Secure Sockets Layer (SSL) ERserver iseries Secure Sockets Layer (SSL) Copyright International Business Machines Corporation 2000, 2002. All rights reserved. US Government Users Restricted
More informationUsing the Raspberry Pi to Prototype the Industrial Internet of Things
Using the Raspberry Pi to Prototype the Industrial Internet of Things Rich Blomseth, Glen Riley, and Bob Dolin Oct 31, 2013 Presented at ARM TechCon, 2013 1 Agenda IoT CommunicaCon Models Requirements
More informationMEDIAROOM. Products Hosting Infrastructure Documentation. Introduction. Hosting Facility Overview
MEDIAROOM Products Hosting Infrastructure Documentation Introduction The purpose of this document is to provide an overview of the hosting infrastructure used for our line of hosted Web products and provide
More informationManagement, Logging and Troubleshooting
CHAPTER 15 This chapter describes the following: SNMP Configuration System Logging SNMP Configuration Cisco NAC Guest Server supports management applications monitoring the system over SNMP (Simple Network
More informationDESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014
DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014 Contents Overview... 2 System requirements:... 2 Before installing... 3 Download and installation... 3 Configure DESLock+ Enterprise Server...
More informationReadyNAS Remote White Paper. NETGEAR May 2010
ReadyNAS Remote White Paper NETGEAR May 2010 Table of Contents Overview... 3 Architecture... 3 Security... 4 Remote Firewall... 5 Performance... 5 Overview ReadyNAS Remote is a software application that
More informationWhite Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0
White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative
More information1 Data Center Infrastructure Remote Monitoring
Page 1 of 7 Service Description: Cisco Managed Services for Data Center Infrastructure Technology Addendum to Cisco Managed Services for Enterprise Common Service Description This document referred to
More informationVBLOCK SOLUTION FOR SAP APPLICATION SERVER ELASTICITY
Vblock Solution for SAP Application Server Elasticity Table of Contents www.vce.com VBLOCK SOLUTION FOR SAP APPLICATION SERVER ELASTICITY Version 2.0 February 2013 1 Copyright 2013 VCE Company, LLC. All
More informationConfiguring Security Features of Session Recording
Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording
More informationI. What is VPN? II. Types of VPN connection. There are two types of VPN connection:
Table of Content I. What is VPN?... 2 II. Types of VPN connection... 2 III. Types of VPN Protocol... 3 IV. Remote Access VPN configuration... 4 a. PPTP protocol configuration... 4 Network Topology... 4
More informationTrusted Network Connect (TNC)
Trusted Network Connect (TNC) Open Standards for Integrity-based Network Access Control and Coordinated Network Security April 2011 Trusted Computing Group 3855 SW 153rd Drive, Beaverton, OR 97006 Tel
More informationSSL... 2 2.1. 3 2.2. 2.2.1. 2.2.2. SSL VPN
1. Introduction... 2 2. Remote Access via SSL... 2 2.1. Configuration of the Astaro Security Gateway... 3 2.2. Configuration of the Remote Client...10 2.2.1. Astaro User Portal: Getting Software and Certificates...10
More informationIERC IoT Research and Innovation. 29-30 September 2014, Brussels, Belgium
www.internet-of-things-research.eu IERC IERC IoT Research and Innovation Stakeholders Consultation Workshop Network Technologies Work Programme 2016-2017 29-30 September 2014, Brussels, Belgium Dr. Ovidiu
More informationUser Guide FOR TOSHIBA STORAGE PLACE
User Guide FOR TOSHIBA STORAGE PLACE (This page left blank for 2-sided "book" printing.) Table of Contents Overview... 5 System Requirements... 5 Storage Place Interfaces... 5 Getting Started... 6 Using
More informationIF-MAP Overview. Jan Ursi Technical Director EMEA. 2009 Infoblox Inc. All Rights Reserved.
IF-MAP Overview Jan Ursi Technical Director EMEA IF-MAP: A Powerful New Standard IF-MAP = Interface to Metadata Access Points An open protocol standard published (free) by the Trusted Computing Group Available
More information70-685: Enterprise Desktop Support Technician
70-685: Enterprise Desktop Support Technician Course Introduction Course Introduction Chapter 01 - Identifying Cause and Resolving Desktop Application Issues Identifying Cause and Resolving Desktop Application
More informationIntroduction to Endpoint Security
Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user
More informationSecure Messaging Server Console... 2
Secure Messaging Server Console... 2 Upgrading your PEN Server Console:... 2 Server Console Installation Guide... 2 Prerequisites:... 2 General preparation:... 2 Installing the Server Console... 2 Activating
More informationSet Up a VM-Series Firewall on the Citrix SDX Server
Set Up a VM-Series Firewall on the Citrix SDX Server Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa
More informationOrchestrated Security Network. Automated, Event Driven Network Security. Ralph Wanders Consulting Systems Engineer
Orchestrated Security Network Automated, Event Driven Network Security Ralph Wanders Consulting Systems Engineer Orchestrated Security Network! " TCG/ TNC Architecture! " IF-MAP! " Use cases of IF-MAP!
More informationVidder PrecisionAccess
Vidder PrecisionAccess Security Architecture February 2016 910 E HAMILTON AVENUE. SUITE 410 CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview... 3 II. Components...
More informationBuilding the Internet of Things Jim Green - CTO, Data & Analytics Business Group, Cisco Systems
Building the Internet of Things Jim Green - CTO, Data & Analytics Business Group, Cisco Systems Brian McCarson Sr. Principal Engineer & Sr. System Architect, Internet of Things Group, Intel Corp Mac Devine
More informationGigaSpaces XAP 10.0 Administration Training ADMINISTRATION, MONITORING AND TROUBLESHOOTING GIGASPACES XAP DISTRIBUTED SYSTEMS
GigaSpaces XAP 10.0 Administration Training ADMINISTRATION, MONITORING AND TROUBLESHOOTING GIGASPACES XAP DISTRIBUTED SYSTEMS Learn about GigaSpaces XAP internal protocols, its configuration, monitoring
More informationSecurity Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation
Security Overview for Windows Vista Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Agenda User and group changes Encryption changes Audit changes User rights New and modified
More informationUtility Modernization Cyber Security City of Glendale, California
Utility Modernization Cyber Security City of Glendale, California Cyber Security Achievements Cyber Security Achievements (cont) 1. Deploying IT Security Awareness training program Q4 2012 2. Purchased
More informationOpen Network Install Environment (ONIE) LinuxCon North America 2015
Open Network Install Environment (ONIE) LinuxCon North America 2015 Curt Brune, Member of Technical Staff August 2015 Agenda What is It? ONIE Solves a Real Problem ONIE Design Approach ONIE Adoption ONIE
More information