X-Road is a platform independent data exchange layer between different databases and information systems.
|
|
- Raymond Martin
- 7 years ago
- Views:
Transcription
1 What is? is a platform independent data exchange layer between different databases and information systems. Platform independence is achieved by using standardised SOAP protocol.
2
3 Services services are Web Services. Each service provider has a WSDL schema which describes all of it's services. * The term Web Service describes a standardized way of integrating Web-based applications using the XML, SOAP, WSDL and UDDI open standards over an Internet protocol backbone.
4 Service consumer Service consumer is an institution or organization that uses services provided by service providers. Consumer certificate does not allow providing services.
5 Service provider Service provider is a database that is providing predefined web services through x-road infrastructure. Service provider certificate does not allow to use services of other service providers.
6 Central (PKI directory service) Central provides information about x-road public keys and ip addresses. Central has following services: DNS-SEC resolving providers ip addresses and publishing x-road consumers/producers public keys. NTP-SERVER keeping security s time up to date. HashRepository service storing all log hashes sent by security s.
7 Certification authority CA CA is an offline computer. It's issuing certificates to x-road consumers and producers. Information about producers IP addresses is also combined by CA. Public keys and IP aadresses are exported to central using offline media (USB flash drive).
8 is dedicated proxy for exchanging data between service consumers and providers. 's assignment is to: forward querys to a right producer check if consumer's/producer's certificate is valid encrypt/decrypt data check if consumer has permission to access services log all query's
9 Monitoring station Monitoring stations provide x-road s (security and central s) status information to system administrators. Monitoring Station is also collecting service usage information. Usage information contains only META-DATA (query time, user ID, user organization ID, database name and service name).
10 Adapter (process) Adapter is a webservice provider which modifies x-road queries to a database platform specific format.
11 X-road requirements 1 CPU - 64bit architecture is prefered (MISP is running only on 64bit) 512MB ram you can use less, but you will regret it Ubuntu Server LTS One static IP address or more
12 Firewall configuration Ports for incoming services: TCP 5555 SSL data exchange between security s Ports for outgoing services: TCP 5555 SSL data exchange between security s TCP 25 SMTP, ing (including error messages) TCP 37 UNIX time protocol for the diagnostics subsystem; TCP and UDP 53 Name services; TCP 80 HTTP, loading central keys; UDP 123 NTP, security clock synchronization; TCP 5555 SSL data exchange between security s TCP 5556 query hash logging protocol; UDP 6666 data exchange with monitoring stations.
13 20 Data consumers Information system Organization A : overview There are various databases and information systems in different platforms with need to co-operate Extra interface from every database to every information system would be expensive Databases Databa se Motor vehicle register Databa se Public services portal is a platform-independent secure standard interface between databases and information systems Business register Public Internet
14 21 Data consumers Information system Organization A : overview Database is adapted to by setting up Adapter Server, which contains: / SOAP Information systems implement: / SOAP client rules Databases Adapt er Motor vehicle register Adapt er Databa se Databa se Public services portal Business register Public Internet
15 22 : overview Databases Data consumers Information system Organization A Public services portal To secure the system, each party accesses via it s Server Server is a standard software solution that encrypts/decrypts outgoing/ingoing messages, filters ingoing messages as a firewall, and logs messages it receives Adapt er Motor vehicle register Adapt er Business register Databa se Databa se Public Internet
16 23 : overview Databases Data consumers Information system Organization A Traffic between Servers is encrypted with PKI. Servers have to be certified by Certification Authority Certificates are available for verification from Central Servers. Central Servers are duplicated Adapt er Motor vehicle register Adapt er Business register Databa se Databa se Public services portal Public Internet Central s
17
18 25 infrastructure Information System / Portal Adapter Databa se Organization service consumer organization service provider organization Public service (citizens, private companies, ) Central s Public portals Monitoring Central organization CA ( certification authority)
19 26 message flow (1) of IS Service consumer IS Service Service consumer organization DB Adapter of DB Service producer (DB) organization Central Servers
20 4. As user chooses to call a method (usage of which is authorized by the Information System), a message with method call goes towards the Server DB message flow (2) 5. In addition to the message body with data for method call, the message contains also a message header with user s Personal Code, the name of Information System, unique ID of the message etc. Adapter of DB Service producer (DB) organization 2. Whether user is identified by ID-card, password, face or something else is up to the Information System, provided that the way of identification is reliable Central Servers of IS 3. Information System 27 gives user access to methods user is authorized to use This is first level of authorization Service consumer IS Service consumer organization Service 1. User authenticates himself/herself. Information System must be able to get to know the proper Personal Code of user
21 Server of message flow (3) IS verifies over DNSSEC the certificate received from the Server of DB of IS 6. The Server signs the message with it s private key Service consumer IS Service 10. If certificate was valid, the Server of DB sends its certificate back to finish creation of secure connection 7. The Server of IS asks over DNSSEC the Central Server for IP address of the Server(s) of DB Service consumer organization DB Adapter of DB Service producer (DB) organization 9. Server of DB verifies over DNSSEC the certificate received from the Central Servers Server of IS 8. Server of IS opens TCP connection to the Server of DB and sends its certificate to start TLS security protocol
22 29 DB 15. Server message flow (4) 14. Server of DB checks whether the Information System is authorized for this method. This is the second level of authorization 16. Adapter Server commits the method call in the database Adapter of DB sends the decrypted message to the Adapter Server of IS Service consumer IS Service consumer organization Service 12. As secure channel has been created and other party verified, Server of IS sends signed message to Server of DB of DB Service producer (DB) organization 13. Server of DB verifies signature Central of the Servers message and logs the message
23 18. Server of producer sends signed response message to the Server of IS 19. Server of IS checks the signature of message flow (5) response message and logs the response message 21. Finally, user receives response he/she requested! of IS Service consumer IS Service consumer organization 30 Service DB Adapter 17. Server of producer signs the response message Service producer (DB) organization Server of DB Central Servers 20. Server of IS sends decrypted response message to the Information System
24 31 authorization levels If Database adapter does not trust Information System to grant individual permissions, it has possibility to hold additional permission matrix on the granularity of individual But this would be DB awful in case adapter of hundreds of Information Systems with thousands of! Server of DB Service producer (DB) organization Permission matrix on the granularity of Information Systems is held by the Server of the Database Central Servers Server of IS Consumer IS Service consumer organization Permission matrix on the Service granularity of individual is held by the Information System Information System is capable to grant permissions to its only on those methods that Information System itself is authorized to use by permission matrix held by the Server of DB
25 32 : Trusted logs (1) Server of DB logs messages coming from the Information Systems DB Adapter of DB Service producer (DB) organization Central Servers Consumer IS Service consumer organization Service Server of IS logs response messages coming from the Databases Both Servers hash their logs and send their hash chain periodically to the Central Servers
26 33 : Trusted logs (2) If an evil administrator of any Server would try to change the local log file, the hash in Server does not match the hash in Central Servers any more! Therefore, the logs cannot be broken With message given, it is always possible to check later the authenticity of the message whether such a message really existed or not. As trusted logs cannot be broken, the result of the check is trustworthy
27 34 WSDL: metaservices (1) listmethods Implemented by adapter Used by security Mandatory metaservice for every service provider Operation must return all provider s service (wsdl:operation) names in format: producername.servicename.versionnr example: population.listpersons.v1
28 35 WSDL: metaservices (2) testsystem Implemented by adapter Used by security Used for monitoring if adapter and database (and possibly all other needed s/services) are up and running.
29 36 WSDL: metaservices (3) listproducers: Implemented by consumer security Used by Information systems / portals Response contains the list of all available producers. Having list of all producers it is possible to receive the list of available methods with metaservice allowedmethods.
30 37 WSDL: metaservices (4) allowedmethods: Method dbname.allowedmethods is implemented by security of DB. Used by Information systems / portals. Service response contains the list of all allowed methods for caller organisation.
ReadyNAS Remote White Paper. NETGEAR May 2010
ReadyNAS Remote White Paper NETGEAR May 2010 Table of Contents Overview... 3 Architecture... 3 Security... 4 Remote Firewall... 5 Performance... 5 Overview ReadyNAS Remote is a software application that
More informationIntroduction to the EIS Guide
Introduction to the EIS Guide The AirWatch Enterprise Integration Service (EIS) provides organizations the ability to securely integrate with back-end enterprise systems from either the AirWatch SaaS environment
More informationChapter 8 Monitoring and Logging
Chapter 8 Monitoring and Logging This chapter describes the SSL VPN Concentrator status information, logging, alerting and reporting features. It describes: SSL VPN Concentrator Status Active Users Event
More informationCAC/PIV PKI Solution Installation Survey & Checklist
CAC/PIV PKI Solution Installation Survey & Checklist Konica Minolta CAC/PIV Solution Revision: 1.3 Date: 10/19/09 1 Document Overview This document must be completed and used as a checklist or questionnaire
More informationRevShield Software Suite Network Security Review
Summary This document is aimed at professional network administrators. The information in this document is of a rather technical nature and very detailed. Based on this information, IT professionals can
More informationDevice Log Export ENGLISH
Figure 14: Topic Selection Page Device Log Export This option allows you to export device logs in three ways: by E-Mail, FTP, or HTTP. Each method is described in the following sections. NOTE: If the E-Mail,
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationSSL VPN Technology White Paper
SSL VPN Technology White Paper Keywords: SSL VPN, HTTPS, Web access, TCP access, IP access Abstract: SSL VPN is an emerging VPN technology based on HTTPS. This document describes its implementation and
More informationTable of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2
Table of Contents 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2 2 Features and Benefits 2-1 Key Features 2-1 Support for the Browser/Server Resource Access Model 2-1 Support for Client/Server
More informationSetup Guide Access Manager Appliance 3.2 SP3
Setup Guide Access Manager Appliance 3.2 SP3 August 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS
More informationInteroperability Support systems Nationwide components (Estonia)
Interoperability Support systems Nationwide components (Estonia) July 6, 2007 Forum Standaardisatie, Netherland Uuno Vallner, PhD. Ministry of Economic Affairs and Communications ICT legislation (1) Personal
More informationTest Case 3 Active Directory Integration
April 12, 2010 Author: Audience: Joe Lowry and SWAT Team Evaluator Test Case 3 Active Directory Integration The following steps will guide you through the process of directory integration. The goal of
More informationReverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006
Reverse Shells Enable Attackers To Operate From Your Network Richard Hammer August 2006 Reverse Shells? Why should you care about reverse shells? How do reverse shells work? How do reverse shells get installed
More informationChapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security
Chapter 12 Network Security Security Policy Life Cycle A method for the development of a comprehensive network security policy is known as the security policy development life cycle (SPDLC). Network Security
More informationHow to Make the Client IP Address Available to the Back-end Server
How to Make the Client IP Address Available to the Back-end Server For Layer 4 - UDP and Layer 4 - TCP services, the actual client IP address is passed to the server in the TCP header. No further configuration
More informationCisco Expressway Basic Configuration
Cisco Expressway Basic Configuration Deployment Guide Cisco Expressway X8.1 D15060.03 August 2014 Contents Introduction 4 Example network deployment 5 Network elements 6 Internal network elements 6 DMZ
More informationNETASQ ACTIVE DIRECTORY INTEGRATION
NETASQ ACTIVE DIRECTORY INTEGRATION NETASQ ACTIVE DIRECTORY INTEGRATION RUNNING THE DIRECTORY CONFIGURATION WIZARD 2 VALIDATING LDAP CONNECTION 5 AUTHENTICATION SETTINGS 6 User authentication 6 Kerberos
More informationA Signing Proxy for Web Services Security. Dr. Ingo Melzer RIC/ED
A Signing Proxy for Web Services Security Dr. Ingo Melzer RIC/ED What is a Web Service? Infrastructure Web Service I. Melzer -- A Signing Proxy for Web Services Security 2 What is a Web Service? basic
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationTHE BCS PROFESSIONAL EXAMINATIONS BCS Level 6 Professional Graduate Diploma in IT. April 2009 EXAMINERS' REPORT. Network Information Systems
THE BCS PROFESSIONAL EXAMINATIONS BCS Level 6 Professional Graduate Diploma in IT April 2009 EXAMINERS' REPORT Network Information Systems General Comments Last year examiners report a good pass rate with
More informationCross-channel protection GSelector s exclusive cross-station protection prevents the same song from playing at the same time across your stations.
Music scheduling reinvented GSelector is the world s first goal music scheduler; perfect for the diverse ways radio programmers deliver their stations to the audience. Build a better log GSelector virtually
More information[SMO-SFO-ICO-PE-046-GU-
Presentation This module contains all the SSL definitions. See also the SSL Security Guidance Introduction The package SSL is a static library which implements an API to use the dynamic SSL library. It
More informationComputer Networks. Secure Systems
Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationNETASQ MIGRATING FROM V8 TO V9
UTM Firewall version 9 NETASQ MIGRATING FROM V8 TO V9 Document version: 1.1 Reference: naentno_migration-v8-to-v9 INTRODUCTION 3 Upgrading on a production site... 3 Compatibility... 3 Requirements... 4
More informationACE Management Server Deployment Guide VMware ACE 2.0
Technical Note ACE Management Server Deployment Guide VMware ACE 2.0 This technical note provides guidelines for the deployment of VMware ACE Management Servers, including capacity planning and best practices.
More informationAuthentication and Single Sign On
Contents 1. Introduction 2. Fronter Authentication 2.1 Passwords in Fronter 2.2 Secure Sockets Layer 2.3 Fronter remote authentication 3. External authentication through remote LDAP 3.1 Regular LDAP authentication
More informationINUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER
INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER ARCHITECTURE OVERVIEW AND SYSTEM REQUIREMENTS Mathieu SCHIRES Version: 1.0.0 Published March 5, 2015 http://www.inuvika.com Contents 1 Introduction 3 2 Architecture
More informationSecuring Web Services From Encryption to a Web Service Security Infrastructure
Securing Web Services From Encryption to a Web Service Security Infrastructure Kerberos WS-Security X.509 TLS Gateway OWSM WS-Policy Peter Lorenzen WS-Addressing Agent SAML Policy Manager Technology Manager
More informationSecurity Policy Revision Date: 23 April 2009
Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure
More informationWINGS WEB SERVICE MODULE
WINGS WEB SERVICE MODULE GENERAL The Wings Web Service Module is a SOAP (Simple Object Access Protocol) interface that sits as an extra layer on top of the Wings Accounting Interface file import (WAIimp)
More information21.4 Network Address Translation (NAT) 21.4.1 NAT concept
21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially
More informationMeasurement of the Usage of Several Secure Internet Protocols from Internet Traces
Measurement of the Usage of Several Secure Internet Protocols from Internet Traces Yunfeng Fei, John Jones, Kyriakos Lakkas, Yuhong Zheng Abstract: In recent years many common applications have been modified
More informationSetup Guide Access Manager 3.2 SP3
Setup Guide Access Manager 3.2 SP3 August 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE
More informationOPC UA vs OPC Classic
OPC UA vs OPC Classic By Paul Hunkar Security and Communication comparison In the world of automation security has become a major source of discussion and an important part of most systems. The OPC Foundation
More informationSpirent Abacus. SIP over TLS Test 编 号 版 本 修 改 时 间 说 明
Spirent Abacus SIP over TLS Test 编 号 版 本 修 改 时 间 说 明 1 1. TLS Interview (Transport Layer Security Protocol) (1) TLS Feature Introduction: 1. TLS is a successor of Secure Sockets Layer (SSL), a cryptographic
More informationBlackBerry Enterprise Service 10. Version: 10.2. Configuration Guide
BlackBerry Enterprise Service 10 Version: 10.2 Configuration Guide Published: 2015-02-27 SWD-20150227164548686 Contents 1 Introduction...7 About this guide...8 What is BlackBerry Enterprise Service 10?...9
More informationData Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment
White Paper Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment Cisco Connected Analytics for Network Deployment (CAND) is Cisco hosted, subscription-based
More informationU06 IT Infrastructure Policy
Dartmoor National Park Authority U06 IT Infrastructure Policy June 2010 This document is copyright to Dartmoor National Park Authority and should not be used or adapted for any purpose without the agreement
More informationSet up Outlook for your new student e mail with IMAP/POP3 settings
Set up Outlook for your new student e mail with IMAP/POP3 settings 1. Open Outlook. The Account Settings dialog box will open the first time you open Outlook. If the Account Settings dialog box doesn't
More informationArchitecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference
Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise
More informationwww.novell.com/documentation Jobs Guide Identity Manager 4.0.1 February 10, 2012
www.novell.com/documentation Jobs Guide Identity Manager 4.0.1 February 10, 2012 Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation,
More information000-284. Easy CramBible Lab DEMO ONLY VERSION 000-284. Test284,IBM WbS.DataPower SOA Appliances, Firmware V3.6.0
Easy CramBible Lab 000-284 Test284,IBM WbS.DataPower SOA Appliances, Firmware V3.6.0 ** Single-user License ** This copy can be only used by yourself for educational purposes Web: http://www.crambible.com/
More informationX-Road. egovernment interoperability framework
X-Road egovernment interoperability framework Serving e-nation over 10 years Backbone of the Estonian egovernment 12 years of active duty, no downtime Over 2000 connected e-services More than 900 connected
More informationScan Report Executive Summary. Part 2. Component Compliance Summary IP Address : 69.43.165.11
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: rsync.net ASV Company: Comodo CA Limited 06-02-2015 Scan expiration date: 08-31-2015 Part 2. Component
More informationGS1 Trade Sync Connectivity guide
GS1 Trade Sync Connectivity guide Date: 2015-12-01 Version: v1.8 Page: 2/17 Revision history Version Date Description Author 1.0 2013-11-14 Initial version Fernando Pereira 1.1 2014-01-16 Added FTP and
More informationNETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
More informationREQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER
NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.1.0.XXX Requirements and Implementation Guide (Rev 4-10209) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis Training Series
More informationTraveling Email Setup Microsoft Office
Traveling Email Setup Microsoft Office Table Of Contents 1 : Traveling Email Questions (and answers) 2 : Email server settings 2 : Configuring your email client (Microsoft Office) 3 : Reporting Problems
More informationA Reliable and Fast Data Transfer for Grid Systems Using a Dynamic Firewall Configuration
A Reliable and Fast Data Transfer for Grid Systems Using a Dynamic Firewall Configuration Thomas Oistrez Research Centre Juelich Juelich Supercomputing Centre August 21, 2008 1 / 16 Overview 1 UNICORE
More informationElectronic Service Agent TM. Network and Transmission Security And Information Privacy
Electronic Service Agent TM and Transmission Security And Information Privacy Electronic Services January 2006 Introduction IBM Electronic Service Agent TM is a software application responsible for collecting
More informationDEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP System v10 with Microsoft IIS 7.0 and 7.5
DEPLOYMENT GUIDE Version 1.2 Deploying the BIG-IP System v10 with Microsoft IIS 7.0 and 7.5 Table of Contents Table of Contents Deploying the BIG-IP system v10 with Microsoft IIS Prerequisites and configuration
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationBridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability
Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability Overview... 3 Installing Bridgit Software... 4 Installing Bridgit Software Services... 4 Creating a Server Cluster... 4 Using
More informationBit Chat: A Peer-to-Peer Instant Messenger
Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one
More informationSemantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0
Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual Document Version 1.0 Table of Contents 1 SWAF... 4 1.1 SWAF Features... 4 2 Operations and User Manual... 7 2.1 SWAF Administrator
More informationVIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS
VIEWABILL Cloud Security and Operational Architecture featuring RUBY ON RAILS VAB_CloudSecurity V1 : May 2014 Overview The Viewabill.com cloud is a highly-secure, scalable and redundant solution that enables
More information70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network
70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network Course Number: 70 299 Length: 1 Day(s) Course Overview This course is part of the MCSA training.. Prerequisites
More informationConfiguring Security Features of Session Recording
Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording
More informationCareGiver Remote Support Information Technology FAQ
CareGiver Remote Support Information Technology FAQ CareGiver remote support Information Technology FAQ Purpose The purpose of this document is to answer Frequently Asked Questions (FAQs) regarding CareGiver
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationTraveling Email Setup Outlook Express
Traveling Email Setup Outlook Express Table Of Contents 1 : Traveling Email Questions (and answers) 2 : Email server settings 2 : Configuring your email client 3 : Reporting Problems Version 1.0 : 12/10/2010
More informationDeploying F5 to Replace Microsoft TMG or ISA Server
Deploying F5 to Replace Microsoft TMG or ISA Server Welcome to the F5 deployment guide for configuring the BIG-IP system as a forward and reverse proxy, enabling you to remove or relocate gateway security
More informationilinc Web Conferencing
system architecture overview introduction ilinc is a suite of Web conferencing products designed to allow participants to interact and collaborate online in a number of different types of sessions, including
More informationChapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding
Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationSynthetic Application Monitoring
Synthetic Application Monitoring... Andrew Martin Senior Technical Consultant Contents End User Experience Monitoring - Synthetic Transactions 3 Argent and Synthetic Transactions 3 Web Based Application
More informationAuthentication in WLAN
Authentication in WLAN Flaws in WEP (Wired Equivalent Privacy) Wi-Fi Protected Access (WPA) Based on draft 3 of the IEEE 802.11i. Provides stronger data encryption and user authentication (largely missing
More informationCiphermail Gateway Separate Front-end and Back-end Configuration Guide
CIPHERMAIL EMAIL ENCRYPTION Ciphermail Gateway Separate Front-end and Back-end Configuration Guide June 19, 2014, Rev: 8975 Copyright 2010-2014, ciphermail.com. CONTENTS CONTENTS Contents 1 Introduction
More informationIFS CLOUD UPLINK INSTALLATION GUIDE
IFS CLOUD UPLINK INSTALLATION GUIDE ABSTRACT This guide describes how to install IFS Cloud Uplink. UPLINK VERSION 4.13 PREPARE THE WEB SERVER THAT SERVES IFS EXTENDED SERVER Since the user credentials
More informationSmart Card Authentication. Administrator's Guide
Smart Card Authentication Administrator's Guide October 2012 www.lexmark.com Contents 2 Contents Overview...4 Configuring the applications...5 Configuring printer settings for use with the applications...5
More informationActive Management Services
Active Management Services White Paper 2.0 for Ricoh Customers Prepared by Professional Services department of Ricoh International B.V. Monday, 14 January 2013 TABLE OF CONTENT 1. Introduction... 4 2.
More informationBorderWare Firewall Server 7.1. Release Notes
BorderWare Firewall Server 7.1 Release Notes BorderWare Technologies is pleased to announce the release of version 7.1 of the BorderWare Firewall Server. This release includes following new features and
More informationNetwork Defense Tools
Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds ravikantvanjara@gmail.com What is Firewall? A firewall
More informationExchange 2010. Outlook Profile/POP/IMAP/SMTP Setup Guide
Exchange 2010 Outlook Profile/POP/IMAP/SMTP Setup Guide Document Revision Date: Nov. 13, 2013 Exchange 2010 Outlook Profile/POP/IMAP/SMTP Setup Guide i Contents Introduction... 1 Exchange 2010 Outlook
More informationhttp://docs.trendmicro.com/en-us/enterprise/safesync-for-enterprise.aspx
Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release
More informationChapter 6 Virtual Private Networking Using SSL Connections
Chapter 6 Virtual Private Networking Using SSL Connections The FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides a hardwarebased SSL VPN solution designed specifically to provide
More informationNEFSIS DEDICATED SERVER
NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.2.0.XXX (DRAFT Document) Requirements and Implementation Guide (Rev5-113009) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis
More informationIowa Immunization Registry Information System (IRIS) Web Services Data Exchange Setup. Version 1.1 Last Updated: April 14, 2014
Iowa Immunization Registry Information System (IRIS) Web Services Data Exchange Setup Version 1.1 Last Updated: April 14, 2014 Table of Contents SSL Certificate Creation... 3 Option 1: Complete the Provider
More informationSecure Web Access Solution
Secure Web Access Solution I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. E-CODE SECURE WEB ACCESS SOLUTION... 3 OVERVIEW... 3 PKI SECURE WEB ACCESS... 4 Description...
More informationInstalling and configuring Microsoft Reporting Services
Installing and configuring Microsoft Reporting Services Every company, big or small has to use various tools to retrieve data from their Databases. IT departments receive many different requests for data
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationDeployment Guide Microsoft IIS 7.0
Deployment Guide Microsoft IIS 7.0 DG_IIS_022012.1 TABLE OF CONTENTS 1 Introduction... 4 2 Deployment Guide Overview... 4 3 Deployment Guide Prerequisites... 4 4 Accessing the AX Series Load Balancer...
More informationWharf T&T Cloud Backup Service User & Installation Guide
Wharf T&T Cloud Backup Service User & Installation Guide Version 1.6 Feb 2013 Table of contents BEFORE YOU INSTALL 3 Page Section 1. Installation of Client Software 5 Section 2. Account Activation 8 Section
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationFig. 4.2.1: Packet Filtering
4.2 Types of Firewalls /DKo98/ FIREWALL CHARACTERISTICS 1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the
More informationManaging the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N 300-011-843 REV A01 January 14, 2011
Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N 300-011-843 REV A01 January 14, 2011 This document contains information on these topics: Introduction... 2 Terminology...
More informationMonitoring Traffic manager
Monitoring Traffic manager eg Enterprise v6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this document may be reproduced
More informationNokia E90 Communicator Using WLAN
Using WLAN Nokia E90 Communicator Using WLAN Nokia E90 Communicator Using WLAN Legal Notice Nokia, Nokia Connecting People, Eseries and E90 Communicator are trademarks or registered trademarks of Nokia
More informationCorporate Access File Transfer Service Description Version 1.0 01/05/2015
Corporate Access File Transfer Service Description Version 1.0 01/05/2015 This document describes the characteristics and usage of the Corporate Access File Transfer service, which is for transferring
More informationConsiderations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.
Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet
More informationABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES
CONTENTS About Tools4ever... 3 About Deloitte Risk Services... 3 HelloID... 4 Microsoft Azure... 5 HelloID Security Architecture... 6 Scenarios... 8 SAML Identity Provider (IDP)... 8 Service Provider SAML
More informationVMware Identity Manager Connector Installation and Configuration
VMware Identity Manager Connector Installation and Configuration VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until the document
More informationADFS Integration Guidelines
ADFS Integration Guidelines Version 1.6 updated March 13 th 2014 Table of contents About This Guide 3 Requirements 3 Part 1 Configure Marcombox in the ADFS Environment 4 Part 2 Add Relying Party in ADFS
More informationHow to Implement Two-Way SSL Authentication in a Web Service
How to Implement Two-Way SSL Authentication in a Web Service 2011 Informatica Abstract You can configure two-way SSL authentication between a web service client and a web service provider. This article
More informationDeploying F5 with Microsoft Active Directory Federation Services
F5 Deployment Guide Deploying F5 with Microsoft Active Directory Federation Services This F5 deployment guide provides detailed information on how to deploy Microsoft Active Directory Federation Services
More informationDecryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationPUBLIC Connecting a Customer System to SAP HCI
SAP HANA Cloud Integration for process integration 2015-05-10 PUBLIC Connecting a Customer System to SAP HCI Content 1 Introduction....4 2 Overview of Connection Setup, Tasks, and Roles.... 5 3 Operating
More informationContent Filtering Client Policy & Reporting Administrator s Guide
Content Filtering Client Policy & Reporting Administrator s Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION
More informationBy default, pilight uses a random port for its socket server. Use the port setting If you want to set this to a fixed port.
Settings Settings...1 Introduction...2 Core...2 port...2 standalone...2 pid-file...2 log-file...2 log-level...2 whitelist...3 stats-enable...3 watchdog-enable...3 Module Paths...4 action-root...4 function-root...4
More information