Implementing a secure high visited web site by using of Open Source softwares. S.Dawood Sajjadi Maryam Tanha. University Putra Malaysia (UPM)
|
|
- Arline Singleton
- 8 years ago
- Views:
Transcription
1 Implementing of an open source high visited web site 1 Implementing a secure high visited web site by using of Open Source softwares S.Dawood Sajjadi Maryam Tanha University Putra Malaysia (UPM) March 2011 Author Note S.Dawood Sajjadi, Computer and Communication System Engineering Department, UPM. Correspondence concerning this paper should be addressed to S.Dawood Sajjadi, Department of Computer and Communication System Eng., University Putra Malaysia (UPM), UPM Serdang, Selangor, Malaysia. s.d.sajjadi@gmail.com
2 Implementing of an open source high visited web site 2 Abstract In this paper, a scenario that has been done for design and implementation of one of the most visited web sites in an Iranian governmental organization will be shown. We experienced more than 70,000 concurrent web users on open source web application servers. Implemented system could handle all user requests reliably and smoothly. All applied softwares and security solutions in this project were based on open source ( The open source, n.d.) tools that results in saving a tangible cost by prevention of purchasing commercial available options. We will describe project big map and all main components of it in the following sections.
3 Implementing of an open source high visited web site 3 Implementing a secure high visited web site by using of Open Source softwares Today, most organizations and vendors are trying to present their services, with the best quality and reliability in the web by using multifarious softwares and platforms to gain their visitors satisfaction. Also, companies should consider all security requirements of their web sites and provide proper security solutions for them to prevent penetrations and data manipulation in their web sites. Using of commercial softwares and purchasing required licenses for them, are not cost-effective for many companies. Furthermore, commercial security solutions have extra costs for their devices and updates. These costs set up serious barricades against companies to develop a reliable platform for their web customers and visitors. Open source world can provide great and efficient solutions for these companies and anyone who wishes to make a reliable high visited web site with no software and license cost! Yes, it is possible. As we mentioned in the abstract, this project has been defined by a governmental organization and its final goal was gathering of economical information of Iranian families. So the design and implementation of a reliable infrastructure for this web site to handle the information of more than 17,000,000 families ( Latest national statistics, 2007) was a significant issue. Furthermore, preparation of all required security and service monitoring considerations for different components of project was another part of the project. We had various commercial total solution options to perform the project completely by them, but due to heavy license costs, security aspects and existence of some prohibitions to provide these choices, we decided to use open source softwares for the design and implementation of different parts of it. Two tiers application architecture (Multitier architecture, 2011) was used in the project and the application code was developed for web/application and database tiers. Because of huge volume of web requests to visit the web site, web/application tier was the critical part of design. Users requests must be balanced among different servers of this layer and in this case, user's session state should be kept until termination time for each user. The same load balancing considerations should be implemented in database tier, too. Because of project sensitivity in service availability aspect, also we considered redundancy in all project sections. In the next section, we will talk about project big map and its main elements. Security Provisioning for different project parts To have a better review about security architecture of the project, we divided this section into two separated parts: Network Security and Host Security. Figure.1 shows main components of the project and their interconnections.to provide network security at the edge layer, we need to use a network Firewall/IDP (Astaro, 2011) in this section. First, it should be a stateful firewall ( Stateful firewall, 2011) and second, it must act as an intrusion detection/prevention system with rule update capability in this layer. We applied two Linux machines with iptables ( The netfilter.org, 1999) and snort software ( About Snort, 2010) to prepare these requirements. Two machines were used to provide more reliability in this layer and they worked together in Active/Standby method. By failing the main firewall, the second one would be operational in the network. Also, we defined three network zones that you can see them in three different colors in the figure 1. Traffic zones have been differentiated by means of defined VLANs in network switches. We used two network switches to provide more availability in this layer. So, each server at least had two separate network adapters that had connected server to both switches. As you see in the figure 1, also we had same structure between firewalls and switches to make more network reliability. Any time each server from one zone tried to connect to another server of the other zone, requested and returned traffics had been passed and processed through firewall. So any prohibited and malicious traffic would be denied by iptables and snort software that had been installed on edge firewalls. In fact, in the proposed architecture, Linux firewalls had provided required network security in edge & access layers and also routing among various zones had been done by means of them. As I will mention in the next section, we used CentOS Linux (CentOS, 2011) operating system for all project servers. To make proper security in host layer (Operation system), we used another familiar open source software as Host based Intrusion Detection System (HIDS). OSSEC ( About OSSEC, 2008) was used on all operating systems to perform file integrity check and abnormal system activities report. In any suspicious case, OSSEC agent would send report with proper details to security administrator. Finally, due to importance of project security aspects, application code was verified with some expert developers to ensure about its security level in front of different web attacks types such as XSS, SQL injection and Buffer overflow ( OWASP, 2007). Also, operating system hardening process was done by system administrators to disable unneeded system services and users and any relevant process in each server. As you see, we achieved to all security requirements in different levels of project with proper configuration of mentioned open source tools. We acquired spectacular results in technical and economical views in this filed that we will discuss about them.
4 Implementing of an open source high visited web site 4 Figure 1. Main Components of The System Implementation of Web Applications and Database Tiers After resolving of various security considerations, it is time to review the main part of project that was processing of web users requests. Due to the large numbers of web requests, the using of more than one server in web/application tier was an inevitable fact. Then, after calculation of maximum expected requests in the worst condition, by using of available resources, we determined four HP DL380G5 ( HP ProLiant DL380, 2011) servers for this layer. To achieve the maximum throughput by using of this hardware, we used 64-bit version of CentOS Linux on all web/application servers. So, for all required softwares, we installed 64-bit version of them. Next important point in this part was sharing of web requests load among mentioned servers. Usually this task was being performed by means of network or service load balancer ( Network Load Balancing, 2011). To balance logical load among different web servers, we used HAproxy (Willy Tarreau, 2008) beside of apache web server ( Apache HTTP, 2011). It can share web requests based on various indicators among web/application servers. To install and implement of a load balancer we needed a new Linux server as a gateway for other web/application servers. Since we were using a Linux machine as a network Firewall/IDP and it acted as a network gateway for other servers, we preferred to use this machine as a load balancer too. So, two Linux machines in the edge layer have being used as Firewall/IDP/LB (Load Balancer) as you can see in the figure 1. Selected web server for the project was the most well known web server in the world, Apache. We utilized the latest 64-bit version of apache software and securely configured it to process substantial number of clients requests. Figure 3 shows the applied configuration for it that worked like a charm! Project web site had been developed in J2EE (Java, n.d.) environment and there were many relevant web application servers such as Web Logic ( Oracle 11g WebLogic, n.d.) and Web Sphere to ( WebSphere software, n.d.) choose for it as web application server, but based on the open source policy of the project and great compatibility of Tomcat ( Apache Tomcat, 1999) with Apache software, we decided to use Apache/Tomcat as the web application server for all four servers of first tier. Java memory usage restrictions in 32-bit version had been eliminated by using of 64-bit version. Also to increase processing power of web requests in each server, we used ajp_proxy ( Apache Module, 2011) apache module as a proxy for tomcat server. Six different tomcat processes on different ports configured to listen for incoming web requests and apache process in each server balanced these requests among mentioned tomcat listening ports By using this method, each server can handle independently more than thousands of web requests. Figure 2 shows the configuration of ajp_proxy module of apache service. Also, to provide more security for user connections, we redirected all the web traffic to the port 443 (https) to create secure sessions between the users and the servers. We configured apache web server to perform this job by means of SSL module. The only non open source tier of project was database tier that implemented by Oracle 10g database ( Oracle Database 10g, n.d.). We used RAC mechanism (Real Application Clustering) and oracle data guard to process more than 17,000,000 records on database. Two servers considered for this tier that was working as nodes of oracle cluster and were accessible via a single IP address and just from web/application servers. Oracle handled all incoming requests from web/applications servers greatly and responded to them in a short amount of time. One of our main motivations to use Oracle as selected database in this project, was its great performance to work with Linux operating system and its perfect reliability in cluster environments. So we chose it and as you will see, we achieved outstanding results.
5 Implementing of an open source high visited web site 5 Figure 2. The Configuration of ajp_proxy Figure 3. Apache Configuration Service and Security Monitoring of Project elements As we mentioned before, because of the project sensitivity and its data importance, we needed to use monitoring and backup solutions in the project running period. We had to monitor all network equipments, system health and service conditions in a comprehensive way to log and report all happening events. Nagios ( Nagios overview, 2009) and Cacti (Cacti, 2004) were two perfect open source options that were chosen to perform these jobs. Also to implement a daily backup procedure for all server information (Specially database servers) we used the leader of open source backup solutions, Zamanda ( Main page, Amanda, 2011). We used a graphical web interface to monitor OSSEC agents that also had been installed on different servers. All mentioned tools were web based softwares and they could notice system administrators by means of alerts. Great functionalities of these softwares were considerably comparable with the other commercial softwares. Results We experienced unexpected awesome results after launching the project. Below graph shows input traffic bandwidth of Linux firewall machine as network gateway in project running time. In rush hours, we had 30 Mbps incoming web requests and web/application and database servers could handle all of them without any problem. Figure 4. Monitored Traffic by Cacti Software Figure 4 had taken at the end of project from Cacti monitoring software. We should consider that this incoming traffic in Iran is a high incoming traffic and also web site pages had been designed as light as possible to decrease network and server traffic load. The two following graphs (Figure 5 and Figure 6) had taken at the end of second week (middle) of project and they shows total database inserted records and total number of created sessions at this time. As you see, in the half of project running time, more than 24,000,000 http sessions had been created on all web/application servers and by means of these sessions, more than 10,800,000 records had been inserted in the database.
6 Implementing of an open source high visited web site 6 Figure 5. Database Inserts Figure 6. Created Sessions These numbers and graphs can present a valuable picture of the perfect functionalities of the applied open source softwares in the project. Calculated design and implementation of right configuration on all components were another tangible prosperity factor in the project. Conclusion We described all main elements of the project that were effective for its success. As you see, almost all of them were well known open source softwares that can be applied instead of too many proprietary and commercial tools. No software cost, free available updates, source code availability, comprehensive documents and so many other features can be totally persuasive for entering open source world and using of its great softwares. We hope that presentation of this paper could prepare a good view for anyone who still is doubtful about migration to open source world. It will be more interesting than you expect. Just believe it! References About OSSEC. (2008). Retrieved 02/18, 2011, from About Snort. (2010). Retrieved 03/23, 2011, from Astaro Internet Security, Intrusion Prevention. (2011). Retrieved 02/18, 2011, from Apache HTTP Server Project. (2011). Retrieved 03/23, 2011, from Apache Module mod_proxy_ajp. (2011). Retrieved 03/23, 2011, from Apache Tomcat. (1999). Retrieved 02/18, 2011, from Cacti, the complete rrdtool-based graphing solution. (2004). Retrieved 02/18, 2011, from CentOS, Community Enterprise Operating System. ( ). Retrieved 03/23, 2011, from HP ProLiant DL380 G5 Server series - Overview and Features. (2011). Retrieved 03/23, 2011, from Java EE at a Glance. (n.d.). Retrieved 02/18, 2011, from Latest national statistics of Iran population. ( ). Retrieved 02/18, 2011, from Main page, Amanda. ( ). Retrieved 03/23, 2011, from Multitier architecture. ( ). Retrieved 03/23, 2011, from Nagios overview. (2009). Retrieved 02/18, 2011, from Network Load Balancing Services. ( ). Retrieved 03/23, 2011, from Oracle 11g WebLogic Server. (n.d.). Retrieved 02/18, 2011, from Oracle Database 10g Express Edition, Free to develop, deploy and distribute. (n.d.). Retrieved 02/18, 2011, from OWASP Top 10 Most Critical Web Application Security Vulnerabilities. (2007). Retrieved 03/23, 2011, from Stateful firewall. ( ). Retrieved 03/23, 2011, from The netfilter.org project. (1999). Retrieved 02/18, 2011, from The Open Source Definition (Annotated) Version 1.9. (n.d.). Retrieved 02/18, 2011, from WebSphere software. (n.d.). Retrieved 02/18, 2011, from Willy Tarreau, ( ). HAProxy Architecture Guide, version Retrieved 03/23, 2011, from
New Secure and Low-Cost Design for Defense in Depth Implementation Using Open Source Software
2011 IEEE Student Conference on Research and Development New Secure and Low-Cost Design for Defense in Depth Implementation Using Open Source Software Seyed Dawood Sajjadi Torshizi Computer & Communication
More informationRequirement Priority Name Requirement Text Response Comment
N-Tiered Architecture Accessibility Application architecture shall consist of a minimum of four tiers: proxy, presentation, application, and data [base]. Each of the fours tiers shall be separated with
More informationZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy
ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy OVERVIEW The global communication and the continuous growth of services provided through the Internet or local infrastructure require to
More informationZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy
ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy OVERVIEW The global communication and the continuous growth of services provided through the Internet or local infrastructure require to
More informationCentrata IT Management Suite 3.0
Centrata IT Management Suite 3.0 Technical Operating Environment April 9, 2004 Centrata Incorporated Copyright 2004 by Centrata Incorporated All rights reserved. April 9, 2004 Centrata IT Management Suite
More informationScotGrid. Bolting the door. Network Based Security Mechanisms. David Crooks, Mark Mitchell on behalf of ScotGrid Glasgow
Bolting the door Network Based Security Mechanisms David Crooks, Mark Mitchell on behalf of ScotGrid Glasgow Infrastructure overlooked? Network infrastructure attacks less common than host based However,
More informationIgnify ecommerce. Item Requirements Notes
wwwignifycom Tel (888) IGNIFY5 sales@ignifycom Fax (408) 516-9006 Ignify ecommerce Server Configuration 1 Hardware Requirement (Minimum configuration) Item Requirements Notes Operating System Processor
More informationActive-Active and High Availability
Active-Active and High Availability Advanced Design and Setup Guide Perceptive Content Version: 7.0.x Written by: Product Knowledge, R&D Date: July 2015 2015 Perceptive Software. All rights reserved. Lexmark
More informationHigh Level Design Distributed Network Traffic Controller
High Level Design Distributed Network Traffic Controller Revision Number: 1.0 Last date of revision: 2/2/05 22c:198 Johnson, Chadwick Hugh Change Record Revision Date Author Changes 1 Contents 1. Introduction
More informationSecure networks are crucial for IT systems and their
ISSA The Global Voice of Information Security Network Security Architecture By Mariusz Stawowski ISSA member, Poland Chapter Secure networks are crucial for IT systems and their proper operation. Essential
More informationChapter 2 TOPOLOGY SELECTION. SYS-ED/ Computer Education Techniques, Inc.
Chapter 2 TOPOLOGY SELECTION SYS-ED/ Computer Education Techniques, Inc. Objectives You will learn: Topology selection criteria. Perform a comparison of topology selection criteria. WebSphere component
More informationCisco Application Networking for IBM WebSphere
Cisco Application Networking for IBM WebSphere Faster Downloads and Site Navigation, Less Bandwidth and Server Processing, and Greater Availability for Global Deployments What You Will Learn To address
More informationForward proxy server vs reverse proxy server
Using a reverse proxy server for TAD4D/LMT Intended audience The intended recipient of this document is a TAD4D/LMT administrator and the staff responsible for the configuration of TAD4D/LMT agents. Purpose
More informationCisco Application Networking for BEA WebLogic
Cisco Application Networking for BEA WebLogic Faster Downloads and Site Navigation, Less Bandwidth and Server Processing, and Greater Availability for Global Deployments What You Will Learn To address
More informationAn Oracle White Paper July 2011. Oracle Primavera Contract Management, Business Intelligence Publisher Edition-Sizing Guide
Oracle Primavera Contract Management, Business Intelligence Publisher Edition-Sizing Guide An Oracle White Paper July 2011 1 Disclaimer The following is intended to outline our general product direction.
More informationChapter 1 - Web Server Management and Cluster Topology
Objectives At the end of this chapter, participants will be able to understand: Web server management options provided by Network Deployment Clustered Application Servers Cluster creation and management
More informationBuilding a Systems Infrastructure to Support e- Business
Building a Systems Infrastructure to Support e- Business NO WARRANTIES OF ANY NATURE ARE EXTENDED BY THE DOCUMENT. Any product and related material disclosed herein are only furnished pursuant and subject
More informationRadware s Smart IDS Management. FireProof and Intrusion Detection Systems. Deployment and ROI. North America. International. www.radware.
Radware s Smart IDS Management FireProof and Intrusion Detection Systems Deployment and ROI North America Radware Inc. 575 Corporate Dr. Suite 205 Mahwah, NJ 07430 Tel 888 234 5763 International Radware
More informationService Manager and the Heartbleed Vulnerability (CVE-2014-0160)
Service Manager and the Heartbleed Vulnerability (CVE-2014-0160) Revision 1.0 As of: April 15, 2014 Table of Contents Situation Overview 2 Clarification on the vulnerability applicability 2 Recommended
More informationIntegrigy Corporate Overview
mission critical applications mission critical security Application and Database Security Auditing, Vulnerability Assessment, and Compliance Integrigy Corporate Overview Integrigy Overview Integrigy Corporation
More informationDEPLOYMENT ROADMAP March 2015
DEPLOYMENT ROADMAP March 2015 Copyright and Disclaimer This document, as well as the software described in it, is furnished under license of the Instant Technologies Software Evaluation Agreement and may
More informationMigration and Disaster Recovery Underground in the NEC / Iron Mountain National Data Center with the RackWare Management Module
Migration and Disaster Recovery Underground in the NEC / Iron Mountain National Data Center with the RackWare Management Module WHITE PAPER May 2015 Contents Advantages of NEC / Iron Mountain National
More informationAGENDA: INTRODUCTION: 1. How is our cloud monitoring setup? 2. Which are the tools used? 3. How do we access monitoring dashboard?
Nagios Introduction AGENDA: INTRODUCTION: 1. How is our cloud monitoring setup? 2. Which are the tools used? 3. How do we access monitoring dashboard? 4. What are the user id / password? 5. How to check
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationOut of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet
Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet March 8, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development
More informationMaintaining Non-Stop Services with Multi Layer Monitoring
Maintaining Non-Stop Services with Multi Layer Monitoring Lahav Savir System Architect and CEO of Emind Systems lahavs@emindsys.com www.emindsys.com The approach Non-stop applications can t leave on their
More informationMigration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module
Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module June, 2015 WHITE PAPER Contents Advantages of IBM SoftLayer and RackWare Together... 4 Relationship between
More informationMigration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module
Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module June, 2015 WHITE PAPER Contents Advantages of IBM SoftLayer and RackWare Together... 4 Relationship between
More informationCompany Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
More informationHP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide
HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide Product overview... 3 Vulnerability scanning components... 3 Vulnerability fix and patch components... 3 Checklist... 4 Pre-installation
More informationINUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER
INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER ARCHITECTURE OVERVIEW AND SYSTEM REQUIREMENTS Mathieu SCHIRES Version: 1.0.0 Published March 5, 2015 http://www.inuvika.com Contents 1 Introduction 3 2 Architecture
More informationManaging and Maintaining Windows Server 2008 Servers
Managing and Maintaining Windows Server 2008 Servers Course Number: 6430A Length: 5 Day(s) Certification Exam There are no exams associated with this course. Course Overview This five day instructor led
More informationEdge Configuration Series Reporting Overview
Reporting Edge Configuration Series Reporting Overview The Reporting portion of the Edge appliance provides a number of enhanced network monitoring and reporting capabilities. WAN Reporting Provides detailed
More informationBasic TCP/IP networking knowledge of client/server concepts Basic Linux commands and desktop navigation (if don't know we will cover it )
About Oracle WebLogic Server Oracle WebLogic Server is the industry's best application server for building and deploying enterprise Java EE applications with support for new features for lowering cost
More informationCloud Security:Threats & Mitgations
Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer
More informationSAP WEB DISPATCHER Helps you to make decisions on Web Dispatcher implementation
A BasisOnDemand.com White Paper SAP WEB DISPATCHER Helps you to make decisions on Web Dispatcher implementation by Prakash Palani Table of Contents 1. Purpose... 3 2. What is Web Dispatcher?... 3 3. Can
More informationCHAPTER 2 BACKGROUND AND OBJECTIVE OF PRESENT WORK
CHAPTER 2 BACKGROUND AND OBJECTIVE OF PRESENT WORK 2.1 Background Today middleware technology is not implemented only in banking and payment system even this is the most important point in the field of
More informationContents Introduction... 5 Deployment Considerations... 9 Deployment Architectures... 11
Oracle Primavera Contract Management 14.1 Sizing Guide July 2014 Contents Introduction... 5 Contract Management Database Server... 5 Requirements of the Contract Management Web and Application Servers...
More information642 523 Securing Networks with PIX and ASA
642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall
More informationBlackboard Learn TM, Release 9 Technology Architecture. John Fontaine
Blackboard Learn TM, Release 9 Technology Architecture John Fontaine Overview Background Blackboard Learn Deployment Model and Architecture Setup and Installation Common Administrative Tasks Tuning Integrating
More informationHow Comcast Built An Open Source Content Delivery Network National Engineering & Technical Operations
How Comcast Built An Open Source Content Delivery Network National Engineering & Technical Operations Jan van Doorn Distinguished Engineer VSS CDN Engineering 1 What is a CDN? 2 Content Router get customer
More informationNetwork Access Control ProCurve and Microsoft NAP Integration
HP ProCurve Networking Network Access Control ProCurve and Microsoft NAP Integration Abstract...2 Foundation...3 Network Access Control basics...4 ProCurve Identity Driven Manager overview...5 Microsoft
More informationOMNITURE MONITORING. Ensuring the Security and Availability of Customer Data. June 16, 2008 Version 2.0
Ensuring the Security and Availability of Customer Data June 16, 2008 Version 2.0 CHAPTER 1 1 Omniture Monitoring The Omniture Network Operations (NetOps) team has built a highly customized monitoring
More informationProduct Announcement BreezeACCESS-TM
Product Announcement BreezeACCESS-TM Document publication date: December 2, 2002. Page 1 of 8 Introduction Service provider s profitability hinges on the ability to increase revenue from existing resources
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationHosting Solutions Made Simple. Managed Services - Overview and Pricing
Hosting Solutions Made Simple Managed Services - Overview and Pricing NETRACKservers Internet Security Package: NETRACKservers's Internet Security Package is an ideal security service for business that
More informationLOAD BALANCING TECHNIQUES FOR RELEASE 11i AND RELEASE 12 E-BUSINESS ENVIRONMENTS
LOAD BALANCING TECHNIQUES FOR RELEASE 11i AND RELEASE 12 E-BUSINESS ENVIRONMENTS Venkat Perumal IT Convergence Introduction Any application server based on a certain CPU, memory and other configurations
More informationManaging your Red Hat Enterprise Linux guests with RHN Satellite
Managing your Red Hat Enterprise Linux guests with RHN Satellite Matthew Davis, Level 1 Production Support Manager, Red Hat Brad Hinson, Sr. Support Engineer Lead System z, Red Hat Mark Spencer, Sr. Solutions
More informationOracle Collaboration Suite
Oracle Collaboration Suite Firewall and Load Balancer Architecture Release 2 (9.0.4) Part No. B15609-01 November 2004 This document discusses the use of firewall and load balancer components with Oracle
More informationBrocade Virtual Traffic Manager and Oracle EBS 12.1 Deployment Guide
September 2015 Brocade Virtual Traffic Manager and Oracle EBS 12.1 Deployment Guide 2015 Brocade Communications Systems, Inc. All Rights Reserved. ADX, Brocade, Brocade Assurance, the B-wing symbol, DCX,
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationNetworking and High Availability
TECHNICAL BRIEF Networking and High Availability Deployment Note Imperva appliances support a broad array of deployment options, enabling seamless integration into any data center environment. can be configured
More informationPurpose-Built Load Balancing The Advantages of Coyote Point Equalizer over Software-based Solutions
Purpose-Built Load Balancing The Advantages of Coyote Point Equalizer over Software-based Solutions Abstract Coyote Point Equalizer appliances deliver traffic management solutions that provide high availability,
More informationQuestion Name C 1.1 Do all users and administrators have a unique ID and password? Yes
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities Learning Objectives Name the common categories of vulnerabilities Discuss common system
More informationhttp://support.oracle.com/
Oracle Primavera Contract Management 14.0 Sizing Guide October 2012 Legal Notices Oracle Primavera Oracle Primavera Contract Management 14.0 Sizing Guide Copyright 1997, 2012, Oracle and/or its affiliates.
More informationNational Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2. Exit Conference...
NEA OIG Report No. R-13-03 Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning to detect vulnerabilities... 2 Area
More information1.0 Hardware Requirements:
01 - ServiceDesk Plus - Best Practices We appreciate you choosing ServiceDesk Plus for your organization to deliver world-class IT services. Before installing the product, take a few minutes to go through
More informationSTOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect
STOPPING LAYER 7 ATTACKS with F5 ASM Sven Müller Security Solution Architect Agenda Who is targeted How do Layer 7 attacks look like How to protect against Layer 7 attacks Building a security policy Layer
More informationDeploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10
Deploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10 Document version 1.0 10.6.2.378-13/03/2015 Important Notice Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it
More informationMingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway
Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway All transparent deployment Full HTTPS site defense Prevention of OWASP top 10 Website Acceleration
More informationSemantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0
Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual Document Version 1.0 Table of Contents 1 SWAF... 4 1.1 SWAF Features... 4 2 Operations and User Manual... 7 2.1 SWAF Administrator
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationEcomm Enterprise High Availability Solution. Ecomm Enterprise High Availability Solution (EEHAS) www.ecommtech.co.za Page 1 of 7
Ecomm Enterprise High Availability Solution Ecomm Enterprise High Availability Solution (EEHAS) www.ecommtech.co.za Page 1 of 7 Ecomm Enterprise High Availability Solution Table of Contents 1. INTRODUCTION...
More informationAccess control policy: Role-based access
Access control policy: Role-based access As subjects (a person or automated agent) often change roles within an organization, it is best to define an access control policy based on the roles they play.
More informationMobility Task Force. Deliverable F. Inventory of web-based solution for inter-nren roaming
Mobility Task Force Deliverable F Inventory of web-based solution for inter-nren roaming Version 1.1 Authors: Sami Keski-Kasari , Harri Huhtanen Contributions: James
More informationIntroduction to Endpoint Security
Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user
More informationNSFOCUS Web Vulnerability Scanning System
NSFOCUS Web Vulnerability Scanning System Overview Most Web application systems are tailor-made and delivered in source codes by Customer Benefits Accurate Analysis on Website Vulnerabilities Fast scan
More informationActiveVOS Clustering with JBoss
Clustering with JBoss Technical Note Version 1.2 29 December 2011 2011 Active Endpoints Inc. is a trademark of Active Endpoints, Inc. All other company and product names are the property of their respective
More informationNetworking and High Availability
yeah SecureSphere Deployment Note Networking and High Availability Imperva SecureSphere appliances support a broad array of deployment options, enabling seamless integration into any data center environment.
More informationHOSTING. Managed Security Solutions. Managed Security. ECSC Solutions
Managed Security Managed Security MANAGED SECURITY SOLUTIONS I would highly recommend for your company s network review... were by far the best company IT Manager, Credit Management Agency Presenting IT
More informationOwner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de
Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Microsoft Forefront TMG How to use SQL Server 2008 Express Reporting Services Abstract In this
More informationHow To Protect A Network From Attack From A Hacker (Hbss)
Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures DAVID COLE, DIRECTOR IS AUDITS, U.S. HOUSE OF REPRESENTATIVES Assessment Planning Assessment Execution Assessment
More informationOracle WebLogic Server 11g: Administration Essentials
Oracle University Contact Us: 1.800.529.0165 Oracle WebLogic Server 11g: Administration Essentials Duration: 5 Days What you will learn This Oracle WebLogic Server 11g: Administration Essentials training
More informationAuto-Scaling WebApplication. Securityinthe Cloud. Stephen Coty. Chief Security Evangelist
Auto-Scaling WebApplication Securityinthe Cloud Stephen Coty Chief Security Evangelist Cloud Environments 101 Spring 2013 Report Key Findings Higher attack frequency in enterprise data centersthan in cloud
More informationHow To Use The Dcml Framework
DCML Framework Use Cases Introduction Use Case 1: Monitoring Newly Provisioned Servers Use Case 2: Ensuring Accurate Asset Inventory Across Multiple Management Systems Use Case 3: Providing Standard Application
More informationTG Web. Technical FAQ
TG Web Technical FAQ About this FAQ We encourage you to contact us if. You can't find the information you're looking for. You would like to discuss your specific testing requirements in more detail. You
More informationAvaya TM G700 Media Gateway Security. White Paper
Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional
More informationAvaya G700 Media Gateway Security - Issue 1.0
Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More informationGuidelines for Web applications protection with dedicated Web Application Firewall
Guidelines for Web applications protection with dedicated Web Application Firewall Prepared by: dr inŝ. Mariusz Stawowski, CISSP Bartosz Kryński, Imperva Certified Security Engineer INTRODUCTION Security
More informationSuperOffice Pocket CRM
SuperOffice Pocket CRM Version 7.5 Installation Guide Page 1 Table of Contents Introduction... 3 Prerequisites... 3 Scenarios... 3 Recommended small scenario... 3 About this version... 4 Deployment planning...
More informationCompTIA Cloud+ 9318; 5 Days, Instructor-led
CompTIA Cloud+ 9318; 5 Days, Instructor-led Course Description The CompTIA Cloud+ certification validates the knowledge and best practices required of IT practitioners working in cloud computing environments,
More informationHUAWEI OceanStor 9000. Load Balancing Technical White Paper. Issue 01. Date 2014-06-20 HUAWEI TECHNOLOGIES CO., LTD.
HUAWEI OceanStor 9000 Load Balancing Technical Issue 01 Date 2014-06-20 HUAWEI TECHNOLOGIES CO., LTD. Copyright Huawei Technologies Co., Ltd. 2014. All rights reserved. No part of this document may be
More informationIBM. Vulnerability scanning and best practices
IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration
More informationby New Media Solutions 37 Walnut Street Wellesley, MA 02481 p 781-235-0128 f 781-235-9408 www.avitage.com Avitage IT Infrastructure Security Document
Avitage IT Infrastructure Security Document The purpose of this document is to detail the IT infrastructure security policies that are in place for the software and services that are hosted by Avitage.
More informationSecuring the Service Desk in the Cloud
TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,
More informationCompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:
CompTIA Cloud+ Length: 5 Days Who Should Attend: Project manager, cloud computing services Cloud engineer Manager, data center SAN Business analyst, cloud computing Summary: The CompTIA Cloud+ certification
More information5 Days Course on Oracle WebLogic Server 11g: Administration Essentials
PROFESSIONAL TRAINING COURSE 5 Days Course on Oracle WebLogic Server 11g: Administration Essentials Two Sigma Technologies 19-2, Jalan PGN 1A/1, Pinggiran Batu Caves, 68100 Batu Caves, Selangor Tel: 03-61880601/Fax:
More informationWhite paper: Unlocking the potential of load testing to maximise ROI and reduce risk.
White paper: Unlocking the potential of load testing to maximise ROI and reduce risk. Executive Summary Load testing can be used in a range of business scenarios to deliver numerous benefits. At its core,
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationApplication Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1
Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1 This document supports the version of each product listed and supports all subsequent versions until the document
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationSonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity
SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria
More informationOracle Net Services for Oracle10g. An Oracle White Paper May 2005
Oracle Net Services for Oracle10g An Oracle White Paper May 2005 Oracle Net Services INTRODUCTION Oracle Database 10g is the first database designed for enterprise grid computing, the most flexible and
More informationSetup Guide Access Manager 3.2 SP3
Setup Guide Access Manager 3.2 SP3 August 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE
More informationNetwork Agent Quick Start
Network Agent Quick Start Topic 50500 Network Agent Quick Start Updated 17-Sep-2013 Applies To: Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere, v7.7 and 7.8 Websense
More informationTk20 Network Infrastructure
Tk20 Network Infrastructure Tk20 Network Infrastructure Table of Contents Overview... 4 Physical Layout... 4 Air Conditioning:... 4 Backup Power:... 4 Personnel Security:... 4 Fire Prevention and Suppression:...
More informationΕΠΛ 674: Εργαστήριο 5 Firewalls
ΕΠΛ 674: Εργαστήριο 5 Firewalls Παύλος Αντωνίου Εαρινό Εξάμηνο 2011 Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
More informationImplementing Managed Services in the Data Center and Cloud Space
Implementing Managed Services in the Data Center and Cloud Space 1 Managed Hosting Offerings 2 Managed Network Services Diverse 10Gbps backbone between data centers meshed with Windstream s nationwide
More information