SECURITY IMPLEMENTATION IN HADOOP. By Narsimha Chary( ) Siddalinga K M( ) Rahman( )
|
|
- Jewel Todd
- 8 years ago
- Views:
Transcription
1 SECURITY IMPLEMENTATION IN HADOOP By Narsimha Chary( ) Siddalinga K M( ) Rahman( )
2 AGENDA What is security? Security in Distributed File Systems? Current level of security in Hadoop! Security features to be incorporated in HDFS to make it robust.
3 What is Security? Protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users Processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively.
4 Security in Distributed File System Private Clouds are more or less secure as they are deployed within the locales of the organization and is also secured by firewall Public Clouds are prone to all sorts of danger as you know where your data is residing at any instance
5 Current level of security in Hadoop Current version of Hadoop has very basic rudimentary implementation of security which is advisory access control mechanism. Hadoop doesn t strongly authenticate the client, it simply asks the underlying Unix system by executing `whoami` command Anyone can communicate directly with a Datanode (without the need for communicating with the Namenode)and ask for blocks if you have the block location details (This was experimented at the recent Cloudera's Hadoop Hackathon)
6 With current provisions. Hadoop cluster may be prone to following attacks Unauthorized clients can impersonate authorized users and access the cluster. One can get the blocks directly from the Datanodes by bypassing the Namenode. Eavesdropping/sniffing of data packets being sent by Datanodes to client. (Can this be resolved by using secure socket over a regular socket? YES, YES! But
7 Proposed Solutions Authentication of users/clients accessing the Hadoop cluster using Kerberos Protocol Authorization for accessing data residing over the HDFS (by granting and revoking capabilities)
8 A little about Kerberos Protocol Network authentication protocol Developed at MIT in the mid 1980s Available as open source or in supported commercial software
9 How does Kerberos work? Instead of client sending password to application server: Request Ticket from authentication server Ticket and encrypted request sent to application server How to request tickets without repeatedly sending credentials? Ticket granting ticket (TGT)
10 How does Kerberos work?: Ticket Granting Tickets
11 Kerberos contd
12 Some of the notations used A -> B : M #denotes a message M from node A to node B K U A and K R A :The public and private keys of Node A K AB : Key shared between A and B {M} K AB : A message M encrypted with K AB <M> K R A : A message signed with K R A C, N, D: Client, Namenode, Datanode
13 1. Authentication The Namenode checks the details of the request and if the client is a valid user, accordingly issues/doesn't issue the Ticket T C -> N: request_ticket, T S, hash<request_ticket,t S,K CN > N-> C : T
14 Authentication contd Message exchange between client C and Datanode D to establish shared key amongst them. C -> D: {(K CD, T S, nonce)k R C}K U D, T D -> C: nonce', hash(nonce',k CD ) The client sends the ticket T along with a shared key K CD that it wants to establish with the Datanode D, the client also sends a nonce so that the Datanode can verify the freshness of the message.
15 Authentication contd To complete the ticket establishment step, the Datanode has to respond to a nonce challenge. T = <ID U,K U C,IV,T S,T E >K R M K CD = hash<iv,k U D,random_data>
16 Authentication contd T contains the user Id, public key, initialization vector and the ticket s lifetime. Shared key is computed by hashing the IV with the Datanode s public key and some arbitrarily random data.
17 2. Capabilities To read data from the HDFS the client has to obtain block locations and capabilities from Namenode before it goes to Datanodes. C->N : read (path),t S, hash<read(path),t S,K U CN> N->C : block_locations, hash<block_locations> The capabilities are embedded into block location information and signed by the Namenode. The Datanode verifies the capabilities and accordingly allows to read or doesn t.
18 Capabilities cont Description of capability information embedded into the block location information. The sign (With Namenode's private key) of the capability and block id is also embedded C = ID,permissions,path Sign = <c,block_id>k R N
19 Revocation of capabilities Capabilities can potentially be re-used by clients to read the data from HDFS at any time after when they were issued. However the file permissions change over period of time. Revocation of capabilities needs to be done, in order to prevent replay attacks. Capabilities issued by Namenode will have an expiry period ( say 1hr) and this can be configured in hadoop-site.xml
20 Revocation of Capabilities contd The client has to get a renewal ticket issued by the Namenode and has to present it to the Datanode for every request after expiry of the capabilities. If the renewal ticket is not presented, the Datanode will deny the request. Revocation of capabilities is done actively by Namenode. This is done by sending the message to thedatanodes to deny the particular capabilities.
21 Difficulties faced Integrating Kerberos protocol with the HDFS Frame work is quite a task! Need a more efficient design on Granting and Revoking capabilities
22 Conclusion The overhead with the introduction of capabilities is low but secures the data access for only clients which have been issued the capabilities by Namenode. However, if the filesize is lessthan 64MB, the overhead still remains the same as a single block, for smaller files the overhead would be substantial. Although the performance overhead at the Datanode isn t significant for 64MB or larger block size, it can be reduced further by caching the capabilities for each block.
23 Thank You for your time!
Authentication Applications
Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures will consider Kerberos a private-key authentication service
More informationMapReduce Job Processing
April 17, 2012 Background: Hadoop Distributed File System (HDFS) Hadoop requires a Distributed File System (DFS), we utilize the Hadoop Distributed File System (HDFS). Background: Hadoop Distributed File
More informationKerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su
Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o Presented by: Smitha Sundareswaran Chi Tsong Su Introduction Kerberos: An authentication protocol based on
More informationChapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1
Chapter 4 Authentication Applications COSC 490 Network Security Annie Lu 1 OUTLINE Kerberos X.509 Authentication Service COSC 490 Network Security Annie Lu 2 Authentication Applications authentication
More informationAuthentication Applications
Authentication Applications CSCI 454/554 Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures Kerberos a symmetric-key
More informationInsights to Hadoop Security Threats
Insights to Hadoop Security Threats Presenter: Anwesha Das Peipei Wang Outline Attacks DOS attack - Rate Limiting Impersonation Implementation Sandbox HDP version 2.1 Cluster Set-up Kerberos Security Setup
More informationKey Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.
CSC 490 Special Topics Computer and Network Security Key Management Dr. Xiao Qin Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.edu Slide 09-1 Overview Key exchange Session vs. interchange
More informationHow To Use Kerberos
KERBEROS 1 Kerberos Authentication Service Developed at MIT under Project Athena in mid 1980s Versions 1-3 were for internal use; versions 4 and 5 are being used externally Version 4 has a larger installed
More informationSecure PostgreSQL Deployments
Secure PostgreSQL Deployments pgcon.br 2009 Campinas, Brazil Magnus Hagander Redpill Linpro AB There's much to security Identify the threats Apply the correct measures Don't do things just because you
More informationAuthentication. Agenda. IT Security course Lecture April 14 th 2003. Niels Christian Juul 2. April 14th, 2003
Authentication IT Security course Lecture April 14 th 2003 Niels Christian Juul Computer Science, building 42.1 Roskilde University Universitetsvej 1 P.O. Box 260 DK-4000 Roskilde Denmark Phone: +45 4674
More informationAuthentication Application
Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationTOPIC HIERARCHY. Distributed Environment. Security. Kerberos
KERBEROS TOPIC HIERARCHY Distributed Environment Security Privacy Authentication Authorization Non Repudiation Kerberos ORIGIN MIT developed Kerberos to protect network services. Developed under the Project
More information"When you have crossed the river and have advanced a little further, some aged women weaving at the loom will beg you to lend a hand for a short
KERBEROS: the fierce watchdog of Haides, depicted as a three headed dog with a serpent's tail, a mane of snakes, and a lion's claws. "And before them a dreaded hound, on watch, who has no pity, but a vile
More informationKerberos. Guilin Wang. School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk
Kerberos Guilin Wang School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk 1 Entity Authentication and Key Exchange In the last talk, we discussed key exchange and reviewed some concrete
More informationHadoop Security Design
Hadoop Security Design Owen O Malley, Kan Zhang, Sanjay Radia, Ram Marti, and Christopher Harrell Yahoo! {owen,kan,sradia,rmari,cnh}@yahoo-inc.com October 2009 Contents 1 Overview 2 1.1 Security risks.............................
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationA token-based authentication security scheme for Hadoop distributed file system using elliptic curve cryptography
J Comput Virol Hack Tech (2015) 11:137 142 DOI 10.1007/s11416-014-0236-5 ORIGINAL PAPER A token-based authentication security scheme for Hadoop distributed file system using elliptic curve cryptography
More informationBig Data Operations Guide for Cloudera Manager v5.x Hadoop
Big Data Operations Guide for Cloudera Manager v5.x Hadoop Logging into the Enterprise Cloudera Manager 1. On the server where you have installed 'Cloudera Manager', make sure that the server is running,
More informationKerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?).
Kerberos Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?). 1 Kerberos Kerberos is an authentication protocol and a software suite implementing this
More informationAuthentication Types. Password-based Authentication. Off-Line Password Guessing
Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:
More informationIntegrating Kerberos into Apache Hadoop
Integrating Kerberos into Apache Hadoop Kerberos Conference 2010 Owen O Malley owen@yahoo-inc.com Yahoo s Hadoop Team Who am I An architect working on Hadoop full time Mainly focused on MapReduce Tech-lead
More informationEvaluation of Security in Hadoop
Evaluation of Security in Hadoop MAHSA TABATABAEI Master s Degree Project Stockholm, Sweden December 22, 2014 XR-EE-LCN 2014:013 A B S T R A C T There are different ways to store and process large amount
More informationSector vs. Hadoop. A Brief Comparison Between the Two Systems
Sector vs. Hadoop A Brief Comparison Between the Two Systems Background Sector is a relatively new system that is broadly comparable to Hadoop, and people want to know what are the differences. Is Sector
More information2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries
Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application
More informationKerberos authentication made easy on OpenVMS
Kerberos authentication made easy on OpenVMS Author: Srinivasa Rao Yarlagadda yarlagadda-srinivasa.rao@hp.com Co-Author: Rupesh Shantamurty rupeshs@hp.com OpenVMS Technical Journal V18 Table of contents
More informationHow did Wiki Leaks happen?
How did Wiki Leaks happen? A disgruntled employee with an agenda goes to work with USB flash drives and copies restricted files off of the server. There is no adequate secure network access and identity
More informationCSE331: Introduction to Networks and Security. Lecture 29 Fall 2006
CSE331: Introduction to Networks and Security Lecture 29 Fall 2006 Announcements Project 3 is due Today Can submit electronically (mail savi@seas) By midnight Project 4 will be on the web this afternoon
More informationPotential Targets - Field Devices
Potential Targets - Field Devices Motorola Field Devices: Remote Terminal Units ACE 3600 Front End Devices ACE IP Gateway ACE Field Interface Unit (ACE FIU) 2 Credential Cracking Repeated attempts to
More informationSYSTEM MODEL KERBEROS OBJECTIVES PHYSICAL SECURITY TRUST: CONSOLIDATED KERBEROS MODEL TRUST: BILATERAL RHOSTS MODEL
INFS 766 Internet Security Protocols Lecture 9 WORK- STATIONS SYSTEM MODEL NETWORK SERVERS NFS GOPHER Prof. Ravi Sandhu LIBRARY KERBEROS 2 PHYSICAL SECURITY KERBEROS OBJECTIVES CLIENT WORKSTATIONS None,
More informationThe Hadoop Distributed File System
The Hadoop Distributed File System The Hadoop Distributed File System, Konstantin Shvachko, Hairong Kuang, Sanjay Radia, Robert Chansler, Yahoo, 2010 Agenda Topic 1: Introduction Topic 2: Architecture
More informationStealing credentials for impersonation
Stealing credentials for impersonation Emmanuel Bouillon manu@veryopenid.net October 29, 2010 Disclaimer Introduction This expresses my own views and does not involve my previous, current and future employers.
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of
More informationChapter 16: Authentication in Distributed System
Chapter 16: Authentication in Distributed System Ajay Kshemkalyani and Mukesh Singhal Distributed Computing: Principles, Algorithms, and Systems Cambridge University Press A. Kshemkalyani and M. Singhal
More informationCS 4803 Computer and Network Security
Many-to-Many Authentication CS 4803 Computer and Network Security s? Servers Alexandra (Sasha) Boldyreva Kerberos How do users prove their identities when requesting services from machines on the network?
More informationHadoop Architecture. Part 1
Hadoop Architecture Part 1 Node, Rack and Cluster: A node is simply a computer, typically non-enterprise, commodity hardware for nodes that contain data. Consider we have Node 1.Then we can add more nodes,
More informationDynamic Bigdata and Security with Kerberos
Dynamic Bigdata and Security with Kerberos Sachin Choudhary 1, Sandesh Manohar 2, Sunil Salunkhe 3 1 Department of Computer Engineering, MGMCET, Navi Mumbai 2 Master of Computer Applications, IMCOST, Thane
More informationWebsense Content Gateway HTTPS Configuration
Websense Content Gateway HTTPS Configuration web security data security email security Support Webinars 2010 Websense, Inc. All rights reserved. Webinar Presenter Title: Sr. Tech Support Specialist Cisco
More informationKerberos-Based Authentication for OpenStack Cloud Infrastructure as a Service
Kerberos-Based Authentication for OpenStack Cloud Infrastructure as a Service Sazzad Masud and Ram Krishnan University of Texas at San Antonio Sazzad.Masud@gmail.com, Ram.Krishnan@utsa.edu Abstract Cloud
More informationAll vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices
Wireless Security All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Portability Tamper-proof devices? Intrusion and interception of poorly
More informationDocument Type: Best Practice
Global Architecture and Technology Enablement Practice Hadoop with Kerberos Deployment Considerations Document Type: Best Practice Note: The content of this paper refers exclusively to the second maintenance
More informationInternational Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING &
INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) ISSN 0976 6367(Print) ISSN 0976 6375(Online) Volume 4, Issue 6, November - December (2013), pp. 62-69 IAEME: www.iaeme.com/ijcet.asp Journal
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationIntroduction to HDFS. Prasanth Kothuri, CERN
Prasanth Kothuri, CERN 2 What s HDFS HDFS is a distributed file system that is fault tolerant, scalable and extremely easy to expand. HDFS is the primary distributed storage for Hadoop applications. HDFS
More informationDIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES
DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES Saiprasad Dhumal * Prof. K.K. Joshi Prof Sowmiya Raksha VJTI, Mumbai. VJTI, Mumbai VJTI, Mumbai. Abstract piracy of digital content is a one of the
More informationKey Management and Distribution
and Distribution CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 23 January 2011 CSS322Y10S2L12, Steve/Courses/CSS322/Lectures/key.tex,
More informationB U S I N E S S G U I D E
VeriSign Microsoft Office/Visual Basic for Applications (VBA) Code Signing Digital Certificates Realizing the Possibilities of Internet Software Distribution CONTENTS + What Is Developer Code Signing?
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationCS5490/6490: Network Security- Lecture Notes - November 9 th 2015
CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 Wireless LAN security (Reference - Security & Cooperation in Wireless Networks by Buttyan & Hubaux, Cambridge Univ. Press, 2007, Chapter
More informationDetection of Distributed Denial of Service Attack with Hadoop on Live Network
Detection of Distributed Denial of Service Attack with Hadoop on Live Network Suchita Korad 1, Shubhada Kadam 2, Prajakta Deore 3, Madhuri Jadhav 4, Prof.Rahul Patil 5 Students, Dept. of Computer, PCCOE,
More informationCloud-based Distribute Processing of User-Customized Mobile Interface in U-Sensor Network Environment
, pp.18-22 http://dx.doi.org/10.14257/astl.2013.42.05 Cloud-based Distribute Processing of User-Customized Mobile Interface in U-Sensor Network Environment Changhee Cho 1, Sanghyun Park 2, Jadhav Yogiraj
More informationBuilding & Optimizing Enterprise-class Hadoop with Open Architectures Prem Jain NetApp
Building & Optimizing Enterprise-class Hadoop with Open Architectures Prem Jain NetApp Introduction to Hadoop Comes from Internet companies Emerging big data storage and analytics platform HDFS and MapReduce
More information: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT
Subject Code Department Semester : Network Security : XCS593 : MSc SE : Nineth Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Part A (2 marks) 1. What are the various layers of an OSI reference
More informationHDFS Users Guide. Table of contents
Table of contents 1 Purpose...2 2 Overview...2 3 Prerequisites...3 4 Web Interface...3 5 Shell Commands... 3 5.1 DFSAdmin Command...4 6 Secondary NameNode...4 7 Checkpoint Node...5 8 Backup Node...6 9
More informationHow To Make A Trustless Certificate Authority Secure
Network Security: Public Key Infrastructure Guevara Noubir Northeastern University noubir@ccs.neu.edu Network Security Slides adapted from Radia Perlman s slides Key Distribution - Secret Keys What if
More informationRSA Authentication Manager 7.1 Security Best Practices Guide. Version 2
RSA Authentication Manager 7.1 Security Best Practices Guide Version 2 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks
More informationTrue False questions (25 points + 5 points extra credit)
Student Name: ISA 656: Network Security Midterm Examination GENERAL INSTRUCTIONS The midterm is worth 110 points (including 10 extra credit points): 25 points of True/False and 75 points of short answer.
More informationChapter 15 User Authentication
Chapter 15 User Authentication 2015. 04. 06 Jae Woong Joo SeoulTech (woong07@seoultech.ac.kr) Table of Contents 15.1 Remote User-Authentication Principles 15.2 Remote User-Authentication Using Symmetric
More informationKEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1
KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting Alice M D sk[a] (C) Bob pk[a] C C $ E pk[a] (M) σ $ S sk[a] (M) M, σ Vpk[A] (M, σ) Bob can: send encrypted data
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication
More informationBIG DATA: CRYPTOGRAPHICALLY ENFORCED ACCESS CONTROL AND SECURE COMMUNICATION
BIG DATA: CRYPTOGRAPHICALLY ENFORCED ACCESS CONTROL AND SECURE COMMUNICATION 1 AKASH GUPTA, 2 ALOK SHUKLA, 3 S. VENKATESAN 1,2,3 Indian Institute of Information Technology, Allahabad Abstract The evolution
More informationArchitecture of Enterprise Applications III Single Sign-On
Architecture of Enterprise Applications III Single Sign-On Haopeng Chen REliable, INtelligent and Scalable Systems Group (REINS) Shanghai Jiao Tong University Shanghai, China e-mail: chen-hp@sjtu.edu.cn
More informationAuthentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques
Computer Security process of reliably verifying identity verification techniques what you know (eg., passwords, crypto key) what you have (eg., keycards, embedded crypto) what you are (eg., biometric information)
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationHADOOP MOCK TEST HADOOP MOCK TEST I
http://www.tutorialspoint.com HADOOP MOCK TEST Copyright tutorialspoint.com This section presents you various set of Mock Tests related to Hadoop Framework. You can download these sample mock tests at
More informationCentrify Server Suite 2015.1 For MapR 4.1 Hadoop With Multiple Clusters in Active Directory
Centrify Server Suite 2015.1 For MapR 4.1 Hadoop With Multiple Clusters in Active Directory v1.1 2015 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. 1 Contents General Information 3 Centrify Server Suite for
More informationSecurity Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1
JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us
More informationENHANCED SECURITY MEASURES FOR HADOOP IN CLOUD COMPUTING
ENHANCED SECURITY MEASURES FOR HADOOP IN CLOUD COMPUTING Suparna Gaur Computer Science and Engineering, UIET, Kurukshetra University, (India) ABSTRACT As the cloud computing technology is prospering day
More information10.2 World Wide Web Security S-HTTP (secure hypertext transfer protocol) SEA (security extension architecture)
Contents 1 / 55 10.1 Kerberos Kerberos V4 Kerberos V5 10.2 World Wide Web Security S-HTTP (secure hypertext transfer protocol) SEA (security extension architecture) Kerberos V4 / Contents 2 / 55 Kerberos
More informationCloudera Backup and Disaster Recovery
Cloudera Backup and Disaster Recovery Important Note: Cloudera Manager 4 and CDH 4 have reached End of Maintenance (EOM) on August 9, 2015. Cloudera will not support or provide patches for any of the Cloudera
More informationOPENID AUTHENTICATION SECURITY
OPENID AUTHENTICATION SECURITY Erik Lagercrantz and Patrik Sternudd Uppsala, May 17 2009 1 ABSTRACT This documents gives an introduction to OpenID, which is a system for centralised online authentication.
More informationN Stage Authentication with Biometric Devices. Presented by: Nate Rotschafer Sophomore Peter Kiewit Institute
N Stage Authentication with Biometric Devices Presented by: Nate Rotschafer Sophomore Peter Kiewit Institute Revised: July 8, 2002 N Stage Authentication Outline Background on Authentication General Network
More informationIntroduction to Network Security Key Management and Distribution
Introduction to Network Security Key Management and Distribution Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2015
More informationbbc Overview Adobe Flash Media Rights Management Server September 2008 Version 1.5
bbc Overview Adobe Flash Media Rights Management Server September 2008 Version 1.5 2008 Adobe Systems Incorporated. All rights reserved. Adobe Flash Media Rights Management Server 1.5 Overview for Microsoft
More informationIs your data safe out there? -A white Paper on Online Security
Is your data safe out there? -A white Paper on Online Security Introduction: People should be concerned of sending critical data over the internet, because the internet is a whole new world that connects
More informationDeployment Topologies - DPAdmin An isoagroup Product
Deployment Topologies - DPAdmin An isoagroup Product Author: Sinu Sekhar Revision History Date Version Description Author 10/24/2010 1.0 Initial version Sinu Sekhar 1. DPAdmin and DataPower Deployment
More informationSoftware Defined Perimeter Working Group. SDP Hackathon Whitepaper
Software Defined Perimeter Working Group SDP Hackathon Whitepaper April 2014 2014 Cloud Security Alliance All Rights Reserved. All rights reserved. You may download, store, display on your computer, view,
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationGlobalSign Enterprise Solutions
GlobalSign Enterprise Solutions Two Factor Authentication for SharePoint User Guide GlobalSign Enterprise PKI for Strong Two Factor Client Authentication using Windows SharePoint INTRODUCTION Microsoft
More informationIntroduction to HDFS. Prasanth Kothuri, CERN
Prasanth Kothuri, CERN 2 What s HDFS HDFS is a distributed file system that is fault tolerant, scalable and extremely easy to expand. HDFS is the primary distributed storage for Hadoop applications. Hadoop
More informationAnat Bremler-Barr Ronit Halachmi-Bekel Jussi Kangasharju Interdisciplinary center Herzliya Darmstadt University of Technology
Unregister Attack in SIP Anat Bremler-Barr Ronit Halachmi-Bekel Jussi Kangasharju Interdisciplinary center Herzliya Darmstadt University of Technology Unregister Attack We present a new VoIP Denial Of
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationIntroduction to Big data. Why Big data? Case Studies. Introduction to Hadoop. Understanding Features of Hadoop. Hadoop Architecture.
Big Data Hadoop Administration and Developer Course This course is designed to understand and implement the concepts of Big data and Hadoop. This will cover right from setting up Hadoop environment in
More informationA Multilevel Secure MapReduce Framework for Cross-Domain Information Sharing in the Cloud
A Multilevel Secure MapReduce Framework for Cross-Domain Information Sharing in the Cloud Thuy D. Nguyen, Cynthia E. Irvine, Jean Khosalim Department of Computer Science Ground System Architectures Workshop
More informationThe Hadoop Distributed File System
The Hadoop Distributed File System Konstantin Shvachko, Hairong Kuang, Sanjay Radia, Robert Chansler Yahoo! Sunnyvale, California USA {Shv, Hairong, SRadia, Chansler}@Yahoo-Inc.com Presenter: Alex Hu HDFS
More informationSujee Maniyam, ElephantScale
Hadoop PRESENTATION 2 : New TITLE and GOES Noteworthy HERE Sujee Maniyam, ElephantScale SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member
More informationOracle Database Security and Audit
Copyright 2014, Oracle Database Security and Audit Beyond Checklists Learning objectives Understand Oracle architecture Database Listener Oracle connection handshake Client/server architecture Authentication
More informationRSA SecurID Ready Implementation Guide
RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 18, 2006 Product Information Partner Name Microsoft Web Site http://www.microsoft.com/isaserver Product Name Internet
More informationTELE 301 Network Management. Lecture 18: Network Security
TELE 301 Network Management Lecture 18: Network Security Haibo Zhang Computer Science, University of Otago TELE301 Lecture 18: Network Security 1 Security of Networks Security is something that is not
More informationKey Management (Distribution and Certification) (1)
Key Management (Distribution and Certification) (1) Remaining problem of the public key approach: How to ensure that the public key received is really the one of the sender? Illustration of the problem
More informationSecure Socket Layer (SSL) Machines included: Contents 1: Basic Overview
Secure Socket Layer (SSL) Machines included: HL-4040CN HL-4050CDN HL-4070CDW DCP-9040CN DCP-9045CDN MFC-9440CN MFC-9840CDW Contents 1) Basic overview 2) Brief history 3) Benefit of using SSL 4) How to
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationCloudera Manager Training: Hands-On Exercises
201408 Cloudera Manager Training: Hands-On Exercises General Notes... 2 In- Class Preparation: Accessing Your Cluster... 3 Self- Study Preparation: Creating Your Cluster... 4 Hands- On Exercise: Working
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationKey Management and Distribution
Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationImplementing a Kerberos Single Sign-on Infrastructure
Implementing a Kerberos Single Sign-on Infrastructure Gary Tagg IT Security Consultant, Tagg Consulting Ltd gary.tagg@itsecure.demon.co.uk Abstract Kerberos provides secure authentication, single sign-on
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationSecure Your Hadoop Cluster With Apache Sentry (Incubating) Xuefu Zhang Software Engineer, Cloudera April 07, 2014
1 Secure Your Hadoop Cluster With Apache Sentry (Incubating) Xuefu Zhang Software Engineer, Cloudera April 07, 2014 2 Outline Introduction Hadoop security primer Authentication Authorization Data Protection
More information