NES Patagonia Security
|
|
- Benedict Myles McCoy
- 8 years ago
- Views:
Transcription
1 NES Patagonia Security Networked Energy Services Corporation (NES) November
2 Executive Summary With NES Patagonia, our newly announced next generation platform, the security model is being reworked from the ground up, effectively setting the bar again for the industry. To build a secure grid system, we started with a clean slate and took a holistic approach grounded in the real world. We re planning across all components and interfaces of the system, and looking towards integrating smoothly with IT security systems. With the media taking a strong interest in security, it is easy to fall for security theatre, being taken in by impressive looking long keys and accredited algorithms and therefore overlooking the intricacies of a secure implementation. By taking an open and completely transparent approach we aim to work with the utility industry to build the most secure and reliable system possible. With that said, we freely acknowledge that there is no perfect system so we also prepared for intrusion response with detection and recovery mechanisms. As part of this consideration, we analyzed threat models to ensure that we considered attacks to a single device, as well as large-scale national security threats. NES Patagonia security architecture is taking advantage of the latest tools available, including algorithms recommended by the European Union Agency for Network and Information Security (ENISA), the National Institute of Standards and Technology (NIST), Data Protection Impact Assessment Template (DPIA) for Smart Grid and Smart Metering systems, and other renowned security-related initiatives. These algorithms were paired with a complete PKI (Public Key Infrastructure) system. The PKI model is designed in from the beginning and focuses on efficient implementations that aim to work for the most constrained parts of the grid. The architecture is designed with the complete life cycle of the system in mind, from the manufacturing of devices, installation, and operation to maintenance. At every level, NES is looking to prevent intrusion while supporting detection and incident response methods. The next steps are working with industry alliances, most prominently the OSGP Alliance, to incorporate such best practice security adaptations into the standards we use and support. While we take every effort to ensure the system is the best we can make it today, we are also designing in the ability to flexibly add innovative security upgrades at every layer of the system so as to keep up with the ever-evolving nature of grid and IT security.
3 NES Patagonia Security November Introduction Security in the electrical distribution grid is still in an early stage. Just a few years ago, the main threats to the distribution network were physical in nature. With the initial deployments of AMI systems, and then smart meters, a communication network has been overlaid, introducing a brand new security threat in a domain area unfamiliar to many who were responsible for distribution grid operations. Initially, the technical challenge focused on communication reliability, but with its background in control networks, NES immediately understood security was also an essential component, so it made security a key part of its system architecture. In this process, NES decided it was important, given where they believed future challenges would manifest, to consider the end to end implications of security and to have a keen understanding of the realities in the distribution grid - which are fundamentally different than other industries. As Smart Metering, and grid modernization in general, have become more common place at the utility, security has become a main topic for the utilities and regulators, but also a safety and privacy concern for the public. Technologies concerning security algorithms, computing power, and memory availability in Smart Meters and grid sensors have evolved quickly. Security has evolved from a concern to a top priority and now to the primary priority. The overall industry (utilities, regulators, technology suppliers) charter is to renew the myriad solutions offered with the latest security technology while the industry simultaneously develops and agrees on an in-depth understanding of the entire system and corresponding set of security requirements. Inherent in this process is a potential danger. While there are many proven security technologies and approaches, as an industry, we cannot be too fast to decide on a solution before we appreciate the unique requirements and threats of our unique industry. The distribution grid security challenge does have similarities to what communications, IT, and other networks have faced, but there are also fundamental differences. We believe the first step for the industry is to agree on the security requirements and then choose standards and solutions which are purpose-built to meet the distribution grid security challenge. From an NES perspective, it is important to focus on real comprehensive security and not find artificial comfort in large security keys and highly accredited algorithms. If the application and implementation of these state-of-the-art primitives are not carefully taken into consideration, then it will not matter if the biggest security key possible is used with the most secure primitive, the result is extremely likely to be insecure. The NES solution architecture has been purpose-built from the start with end to end security in mind. We are looking to set the bar again with our next generation platform, code named Patagonia. One key objective with Patagonia is to address a fundamental shift in security requirements; we believe the rate of change to address ongoing security requirements will be significant, so the system is designed to have the head room required and mechanisms in place to easily take advantage of new or updated algorithms as they evolve. What also is new is a company edict to share all the details of the platform during the development phase to collect input from the users, partners, and security communities in order to ensure the best long term result for the industry. 1
4 The remainder of this paper is structured as follows: y Section 2 describes the reality of real-world grid security y Section 3 defines the threat model for the Patagonia security architecture, i.e., the types of smart grid threats we address y Section 4 introduces the Patagonia security architecture y Section 5 highlights some of the central design goals of the Patagonia security architecture y Section 6 includes an outline of our security update proposal of OSGP y Section 7 concludes the paper with a summary of the key points of this paper followed by notes on future work 2
5 NES Patagonia Security November Real-World Grid Security It is important to take a strong stance on what real-world smart grid security is. Failure to do so can lead to false assumptions and insecure systems. In this section, we therefore cover four central topics that are critical to address in the grid industry: y Grid constraints y Transparency y Security theatre y Disaster and recovery 2.1. Grid Constraints From an IT perspective, the smart grid is a large segmented distributed system. Each segment of the grid has its own unique performance constraints. These constraints are dictated by the underlying network architecture, capabilities, and the available performance resources of the connected devices. For example, the IP network (WAN) that connects the back-end system to the control nodes tends to be broadband whereas the low voltage PLC network tends to be narrowband. The smart meters are also significantly limited in terms of hardware resources (memory and computational power) compared to other types of nodes in the network. Therefore, achieving high-grade security in even the most performance-constrained parts of the grid is where the real challenge is. Existing security architectures from other industries are not directly applicable to the smart grid. They often times have entirely different assumptions about the resources available and the security requirements needed. As a result, to successfully secure the grid, we need a comprehensive security approach that is designed specifically for the entire grid and integrated into the overall IT architecture from the very beginning. This is what NES has done in the past, and what we are doing again with our new Patagonia security architecture. The Patagonia security architecture is designed to take advantage of the recent hardware improvements in smart meters. These improvements enable us to further strengthen the overall security of the system Transparency A security system should be secure even if everything about the system, except the keys, is public knowledge. Auguste Kerckhoffs, 1883 The quote above captures a critical security principle that we strongly believe in. Security systems must be transparent and promote security analysis, never relying on security through obscurity. There are three main reasons why we take a strong stance on transparent security systems: 1. History has shown, that there is always a way of reverse engineering, and thereby exposing, the inner workings of a system. As a result, relying on the secrecy of proprietary technology is bound to catastrophically fail at some point. 3
6 2. By using open standards and recommendations, we draw on years of research and real-world experience. We also benefit from continuous analysis that widely-used open technology receives. 3. Systems based on open standards and widely accepted security recommendations are much easier to adopt and integrate into existing infrastructure. They also promote vendor interoperability, which is important in the grid industry. The main argument against transparent systems is that they are also more accessible to a potential attacker trying to find and exploit security vulnerabilities. This is true, but the attacker is competing with researchers trying to do the same but with the intention of improving the state-of-the-art. With the emergence of bug bounty programs and other similar initiatives, there is an increasing incentive for constructive security research. This directly benefits transparent systems Security Theatre As just mentioned, we strongly believe in the importance of building open security systems based on stateof-the-art security recommendations. However, choosing the right tools for the job is only the very beginning of developing a secure system. The industry needs to realize it is not enough to only rely on recommended security algorithms and key sizes. In fact, history has shown that the real security challenge, and where most security systems fail catastrophically, is implementing and using these tools securely in the context of how the specific system operates. For example, simply because an encryption mechanism uses AES with a 256-bit key (aka AES-256) does not make it secure by design. The combination of using AES with the biggest key possible may create a feeling of being secure. However, in reality, the security of this encryption mechanism critically relies on how AES is used and how the mechanism as a whole is implemented, integrated, and used in practice. The same is equally true for essentially all other security related mechanisms and protocols and we have not even begun to cover key management, the most difficult aspect of any type of cryptographic system. We believe in real and comprehensive security for the grid, and we do not get misled by security theatre that creates a false sense of security. This is arguably the worst sense of security there is when trying to secure critical infrastructure Incident Response: Disaster and Recovery We do everything we possibly can to prevent threats from occurring. However, we also recognize that there is no such thing as a perfect threat-prevention system in practice. It is therefore crucial to invest effort in developing security-related technologies and procedures that make it possible to recover from system compromises in the most simple and efficient way possible. Being able to securely recover from system compromises post-mortem is a necessity and an important aspect of how we perceive security in general. 4
7 NES Patagonia Security November Threat Model We are concerned with threats that violate the confidentiality and integrity of the grid. In addition, we are concerned with threats that limit the availability of the grid, i.e., threats that limit accessibility and efficiency. It is important to understand that these types of threats can occur not only from malicious behavior (internal and external) but also from natural disasters, human mistakes, and system flaws. A successful threat model for the grid must address all types of threats. We must realize we are up against a brand new set of security challenges and we must respect those, just as other industries have in developing security solutions based on in depth end to end requirements; we simply cannot borrow from other places and count on these approaches to work. As mentioned, we recognize that there is no such thing as a perfect prevention system in practice. Thus, by addressing a threat we therefore imply that we aim to prevent, detect, and respond to the threat as securely and efficiently as possible. To better understand threats originating from malicious behavior, we need to make explicit assumptions about a potential adversary s capabilities. Since the power grid is a critical part of modern infrastructure, we need to assume the most advanced adversary possible, i.e., large organizations such as foreign governments and intelligence agencies. As a result, the threat model spans less severe threats such as single node compromises all the way to large scale targeted attacks threatening national security. In terms of communication, every network is assumed to be hostile. Specifically, we assume that our adversary is able to eavesdrop on communication, actively engage in communication, and mount man-inthe-middle attacks. We also address the threat of having compromised and potentially malicious meters and data concentrators on the grid. To the extent possible, we address the threat of insider attacks. History has shown, that these threats are extremely difficult to mitigate in practice. However, simply ignoring this threat is not acceptable. We have learned from other industries such as the financial sector and we support grid administrators in addressing insider threats by providing them with advanced auditing capabilities and integrated safe-guard mechanisms that can be used to prevent and detect insider threats in practice. 5
8 4. The NES Patagonia Security Architecture The new security architecture aims to further strengthen the ability to prevent, detect, and respond to misuse of grid assets and malicious behavior. Specifically, it focuses on improving the ability to: 1) protect confidential information, 2) verify data integrity and authenticity, 3) maintain an efficient and available grid, 4) provide advanced logging and auditing mechanisms for detecting and responding to incidents, 5) limit the security impact of node compromises as much as possible, and 6) to the extent possible, protect the grid from Denial of Service (DoS) attacks. To meet these challenges, we have done a clean-slate design and are building the new security architecture from the ground up based on open standards and security recommendations from established and renowned organizations, cryptographers, and security experts. At the core of the new architecture, and the primary focus of this paper, is the fundamental change in key management, how keys used for authentication and communication are established, and how these keys are used for security purposes. It is going to be an integral part of the next generation smart grid platform, not simply an add-on. The key management system uses a Public Key Infrastructure (PKI) that binds node identities to public keys in the form of certificates. Once a node is part of the grid PKI, and thereby has one or more valid certificates, it can use one of its private keys to prove to the other node that it is who it claims to be. In order for the other node to verify this claim, it would obtain the node s certificate, verify it, and use the certificate s public key to verify the proof. Thus, in order to authenticate with each other, two nodes can simply exchange certificates. During this mutual node authentication, the nodes also establish short-term keys that they can use for communicating with each other in a secure and efficient manner. The most difficult aspect of the new security architecture, and any other type of cryptographic system, is key management. It defines how cryptographic keys and certificates are generated, distributed, renewed, revoked, and stored. It is the backbone of the new security architecture and it critically influences most of the security-related mechanisms across the grid. We believe a PKI approach to key management is the way forward. Using this approach has a number of advantages: y Certificate-based authentication: once two nodes on the grid are part of the PKI, they can authenticate each other and engage in secure communication without relying on pre-shared secret keys or the availability of key and authentication servers to be online. It is a significant improvement to the overall availability of the grid: even if two nodes lose the connection to the back end system, they are still able to engage in secure and authenticated communication with each other. This makes it a strong tool for securely automating grid processes and it takes advantage of the decentralized nature of the grid as a distributed system. y Node-unique certificates: each node in the PKI has its own set of private/public key pairs with a corresponding certificate it can use to authenticate itself to others. The key pairs are decidedly nodeunique and the private part of the key pair is retained inside the node itself. This eliminates the need for having to securely maintain and secure a large database of thousands, or even millions, of pre-shared node keys. It also limits the impact of node compromises since compromised node keys can only be used to spoof the identity of that particular node. Other nodes in the grid are not affected. 6
9 NES Patagonia Security November 2014 y Authenticated key negotiation: with the use of public-key cryptography, secret (symmetric) encryption keys are not transmitted over the network. Instead, two nodes will securely establish these types of keys when needed. In order to make sure that the two nodes do not establish a key with an untrusted node, they use the aforementioned certificates-based authentication approach. Preventing secret keys from being transmitted on the network, by design, is a strong security property of the new architecture. y Key life cycles: with a PKI in place, the security architecture now defines and enforces a standard and recommended key life cycle. This is important for making sure that policies are in place for each phase in a key s life. The new security architecture defines a set of default policies that are suitable for most cases. We understand that not all grids are the same, so these defaults are configurable. y Key renewal: all keys in the system have a specified validity period based on a start and an end date. The validity period can also depend on the number of times a key has been used. This means that every key in the PKI, and all the communication keys, are securely renewed at some point in time. The exact key update validity period is also configurable, but the security architecture provides a set of secure defaults to this as well. Both planned and unplanned key renewals are supported and performed securely. y Key revocation: all certificates, and thereby public keys, in the PKI are revocable, i.e., it is possible to tell the nodes never to trust a given certificate even if it is still within its validity period. Revocation is different from key renewal since it is an unplanned use case. It is often an after-thought in PKIs. For example, the PKI that most of us rely on for secure Internet connections on the web does not have an acceptable way of revoking certificates. To address this concern in the NES Patagonia security architecture, revocation has been a central design goal from the very beginning. y Automated key management processes: except for certain use-cases such as revocation, the key management processes are largely automated and do not require interaction from the grid administrator. However, if needed, the administrator can configure most of these processes to suit her/his needs. As is the case with any key management approach, there are also challenges that need to be solved. The following is a list of the primary challenges in using a PKI-based approach to key management in the grid. Each challenge is followed by a brief description on how we address it. y Performance requirements: a PKI requires node support for asymmetric (public-key) cryptography. These types of algorithms require significantly more computing power compared to symmetric-key cryptographic algorithms used in the current generation. The current and previous hardware platform did not have the needed resources to support these algorithms in practice. This is partly why this move towards a PKI-based solution was not done in the past. However, because of significant hardware, software, and high-speed cryptographic improvements, the next generation hardware platform is able to meet these performance requirements and potentially improve the performance of the grid. In addition, we also address performance concerns by only using asymmetric algorithms for node authentication and key negotiation. The actual node communication is secured using high-speed symmetric cryptography. This gives us the best of both worlds: asymmetric cryptography for authentication and high-speed symmetric cryptography for encryption and data authenticity. Keep in mind, that the majority of the time 7
10 is spent communicating, not performing certificate-based authentication. y CA security: a certificate authority (CA) is responsible for issuing certificates. Every node in the PKI trusts this authority to only issue certificates to legitimate nodes. The CA issues certificates by digitally signing a node s certificate with its private signing key. Thus, a PKI requires a high-security facility for protecting CA signing keys. Having high-security facilities for storing cryptographic keys is not a new requirement for grid administrators. Nevertheless, the new security architecture provides the grid administrators with a set of best practices and mechanisms for managing and securely storing CA signing keys. y The PKI reality: in practice, PKIs can be complex to set up and operate. This is true from a technical point of view but also from an organizational point of view. The new security architecture addresses the technical side by securely automating many of the PKI-related management processes. The architecture accommodates the organizational challenges by developing the PKI based on widely used and secure standards. This way, grid administrators can reuse existing standard tools and infrastructure to ease the management of the PKI in practice. To summarize, because of recent advancements in hardware and software technology, now is the time to improve the current state of security for the grid. With the new security architecture comes a number of significant enhancements to the overall security of the next generation smart grid. In the next section, we go into a bit more detail on what the important design goals are and what we do to meet them. 8
11 NES Patagonia Security November Design Goals This section will highlight some of the design goals for the Patagonia security architecture. This is not an exhaustive list, but to get a sense of the direction of our security architecture Based on Standards and Recommendations The architecture is based on open standards and security recommendations from organizations such as the European Union Agency for Network and Information Security (ENISA), the National Institute of Standards and Technology (NIST), Data Protection Impact Assessment Template (DPIA) for Smart Grid and Smart Metering systems, and other renowned security-related initiatives. It is also based on our past experience with security assessments of the smart grid and recommendations from cryptographers and security experts. As mentioned, we see these standards and recommendations as a way of selecting the best security tools for the job at hand. Applying and implementing them securely is the real challenge and something we take very seriously. That being said, we will make use of state-of-the-art algorithms and aim for high-grade security throughout the system. With respect to cryptographic primitives for secure communication, we make use of authenticated encryption ciphers (such as AES-GCM and AES-CCM) with support for 128, 192, and 256 bit key sizes. For authentication, we make use of ECC-based digital signature schemes (such as ECDSA) and use ECC-based authenticated key negotiation schemes (such as ECDHE) to establish session keys. We use cryptographically strong pseudo-random number generators (CSPRNG) for our cryptographic purposes such as key and randomnonce generation. All devices in the next generation hardware platform have a dedicated hardware-based random number generator which we take full advantage of in the Patagonia security architecture. In addition, we have designed the Patagonia security architecture in a way that makes it possible to replace any of these primitives if they are considered insecure in the future Backwards Compatible We recognize the importance of backwards compatibility, and have designed the new security architecture to be backwards compatible with the current security generation. While we will support a mixed population, we will not allow the security mechanism of a node to be downgraded. This is to ensure that in a mixed environment the strongest security model supported for each communication mode is chosen. We will also allow the grid administrator to disable the ability to support communication with nodes that do not have the latest security implemented Forward Secrecy Forward secrecy is an important security property and an important design goal of the Patagonia security architecture. We achieve forward secrecy by using long-term keys for authentication, and short-term randomly generated session keys for pair-wise device communication using an authenticated and recommended Diffie- 9
12 Hellman key agreement protocol. The result is that if an adversary is able to compromise a session key, then she or he can only use that key for compromising that particular session. The attacker is not able to go back in time and compromise previously recorded sessions. The same is true for future sessions; such an attacker would need to compromise the long-term authentication key in order to compromise future sessions by mounting a man-in-the-middle attack on the authenticated key agreement. However, compromising the long-term authentication key would still not allow the attacker to decrypt past sessions Node-Unique Secrets In order to limit the impact of cryptographic key compromises, we make sure to use node-unique keys. As a result, an attacker that obtains unauthorized access to a node s keys cannot, by design, use these keys to compromise other nodes keys. The compromise is therefore limited to the affected node only. This is equally true for session keys: compromising one session key only gives you access to that one session, as mentioned above Support for Certificate-Based Access Control With the use of a PKI also comes the ability for the Patagonia security architecture to support certificatebased access control schemes. That is, each certificate can also contain a set of access control permissions. These permissions are chosen by the grid administrator in order to meet a specific access control policy. Since these permissions are part of the trusted certificate issued by the CA, nodes are able to verify that they have not been changed (the certificate s signature would not check out if this was the case.) As a result, nodes can trust these permissions and therefore use them for authorizing specific device actions. 10
13 NES Patagonia Security November OSGP Continued involvement with OSGP is obviously a constant priority and is a key consideration for the Patagonia security architecture. Since OSGP does not currently support a PKI-based security architecture, a securityrelated update to OSGP will be necessary if the Alliance is to utilize the new recommended security architecture. We propose the following security-related updates to OSGP: y Instead of using symmetric, pre-shared keys for mutual authentication, we propose the use of a stateof-the-art asymmetric authentication mechanism based on elliptic curve cryptography. y Instead of relying on long-term, domain-wide symmetric keys for secure communication, we propose the use of short-term, randomly generated, pair-wise session keys. y Instead of using RC4 and the OMA Digest Algorithm for providing encryption and integrity protection, we propose the use of authenticated cipher constructions such as AES-GCM and AES-CCM. y Instead of using 96-bit authentication keys, we propose supporting 128, 192, and 256 bit keys. We are working closely with the OSGP alliance and security experts on the design and implementation details for this proposal. 11
14 7. Conclusion In this paper, we have identified the importance of basing transparent grid security systems on open standards, state-of-the-art security recommendations and industry-realistic requirements specific to the distribution grid. We simply cannot borrow solutions from other industries and hope these will be adequate we must respect the unique challenges of our industry. This paves the way for a realistic, truly comprehensive security architecture for the grid. We have also emphasized the importance of focusing on prevention mechanisms and detection mechanisms without neglecting efficient and secure incident response. Based on these principles, we have designed a new security architecture for our next generation NES Patagonia platform. The Patagonia security architecture is designed from the ground up to take full advantage of the hardware and software improvements that come with the new components of the platform. It is designed to achieve high-grade security in even the most performance-constrained real-world conditions while still maintaining an efficient and available grid. The core enhancements of the Patagonia security architecture include a new PKI-based key management system which is designed based on open standards and modern security recommendations by NIST, ENISA, and other renowned organizations and security experts. As part of the new key management system, secure and efficient pair-wise communication sessions between two nodes in the grid become possible. OSGP must also be considered in an architecture shift towards the Patagonia security design. We have therefore made an OSGP revision proposal that brings OSGP up to the same high-grade security level as that of the Patagonia security architecture. We will work with the OSGP Alliance and security experts to make this proposal as secure as possible, both in terms of design but also in terms of implementation. Smart grid security is our number one priority. After all, a true smart grid can only make smart decisions if it is based on trustworthy information. The public can only trust a smart grid if they have full confidence in its security, safety and reliability. At NES, the Patagonia platform represents another key commitment to real and long term solutions to enable a truly smart grid. We look forward to working with our industry colleagues to implement a robust and dependable security solution for the Smart Grid. 12
CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT
26579500 CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT Version 2.0 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 About this document This document describes the features, testing and deployment
More informationSP 800-130 A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter
SP 800-130 A Framework for Designing Cryptographic Key Management Systems 5/25/2012 Lunch and Learn Scott Shorter Topics Follows the Sections of SP 800-130 draft 2: Introduction Framework Basics Goals
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationRecommended 802.11 Wireless Local Area Network Architecture
NATIONAL SECURITY AGENCY Ft. George G. Meade, MD I332-008R-2005 Dated: 23 September 2005 Network Hardware Analysis and Evaluation Division Systems and Network Attack Center Recommended 802.11 Wireless
More informationSECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014
SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014 Table of Contents Introduction AMI Communication Architecture Security Threats Security
More informationSecuring your Online Data Transfer with SSL
Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationSecuring your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application INDEX 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4.
More informationCloud security architecture
ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide
More informationSecuring Distribution Automation
Securing Distribution Automation Jacques Benoit, Cooper Power Systems Serge Gagnon, Hydro-Québec Luc Tétreault, Hydro-Québec Western Power Delivery Automation Conference Spokane, Washington April 2010
More informationCPA SECURITY CHARACTERISTIC TLS VPN FOR REMOTE WORKING SOFTWARE CLIENT
29175671 CPA SECURITY CHARACTERISTIC TLS VPN FOR REMOTE WORKING SOFTWARE CLIENT Version 1.0 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 About this document This document describes the
More informationPublic Key Infrastructure (PKI)
Public Key Infrastructure (PKI) In this video you will learn the quite a bit about Public Key Infrastructure and how it is used to authenticate clients and servers. The purpose of Public Key Infrastructure
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationVICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui
VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko PO Box 600 Wellington New Zealand Tel: +64 4 463
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationPart I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
More informationPlain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75
Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.
More informationUnderstanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions
Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions February 2005 All rights reserved. Page i Entrust is a registered trademark of Entrust,
More information90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationThe DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions
The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a
More informationAttestation and Authentication Protocols Using the TPM
Attestation and Authentication Protocols Using the TPM Ariel Segall June 21, 2011 Approved for Public Release: 11-2876. Distribution Unlimited. c 2011. All Rights Reserved. (1/28) Motivation Almost all
More informationCMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis
CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems
More informationSECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS
SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS Abstract: The Single sign-on (SSO) is a new authentication mechanism that enables a legal user with a single credential
More informationSSL Server Rating Guide
SSL Server Rating Guide version 2009j (20 May 2015) Copyright 2009-2015 Qualys SSL Labs (www.ssllabs.com) Abstract The Secure Sockets Layer (SSL) protocol is a standard for encrypted network communication.
More informationDIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES
DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES Saiprasad Dhumal * Prof. K.K. Joshi Prof Sowmiya Raksha VJTI, Mumbai. VJTI, Mumbai VJTI, Mumbai. Abstract piracy of digital content is a one of the
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationKey Management Interoperability Protocol (KMIP)
(KMIP) Addressing the Need for Standardization in Enterprise Key Management Version 1.0, May 20, 2009 Copyright 2009 by the Organization for the Advancement of Structured Information Standards (OASIS).
More informationChap. 1: Introduction
Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed
More informationModule 7 Security CS655! 7-1!
Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication
More informationGuidance Regarding Skype and Other P2P VoIP Solutions
Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,
More informationUnderstanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions
A Fundamental Requirement for Internet Transactions May 2007 Copyright 2007 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
More informationChapter 10. Cloud Security Mechanisms
Chapter 10. Cloud Security Mechanisms 10.1 Encryption 10.2 Hashing 10.3 Digital Signature 10.4 Public Key Infrastructure (PKI) 10.5 Identity and Access Management (IAM) 10.6 Single Sign-On (SSO) 10.7 Cloud-Based
More informationSENSE Security overview 2014
SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2
More informationIs Your SSL Website and Mobile App Really Secure?
Is Your SSL Website and Mobile App Really Secure? Agenda What is SSL / TLS SSL Vulnerabilities PC/Server Mobile Advice to the Public Hong Kong Computer Emergency Response Team Coordination Centre 香 港 電
More informationKey Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards
White Paper Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards By Dr. Wen-Ping Ying, Director of Software Development, February 2002 Introduction Wireless LAN networking allows the
More informationCloud Computing Security Considerations
Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More informationITL BULLETIN FOR JANUARY 2011
ITL BULLETIN FOR JANUARY 2011 INTERNET PROTOCOL VERSION 6 (IPv6): NIST GUIDELINES HELP ORGANIZATIONS MANAGE THE SECURE DEPLOYMENT OF THE NEW NETWORK PROTOCOL Shirley Radack, Editor Computer Security Division
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationITL BULLETIN FOR AUGUST 2012
ITL BULLETIN FOR AUGUST 2012 SECURITY OF BLUETOOTH SYSTEMS AND DEVICES: UPDATED GUIDE ISSUED BY THE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST) Shirley Radack, Editor Computer Security Division
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationComparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software
WHITE PAPER: COMPARING TCO: SYMANTEC MANAGED PKI SERVICE........ VS..... ON-PREMISE........... SOFTWARE................. Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software
More informationWhat is Really Needed to Secure the Internet of Things?
What is Really Needed to Secure the Internet of Things? By Alan Grau, Icon Labs alan.grau@iconlabs.com The Internet of Things (IoT) has become a ubiquitous term to describe the tens of billions of devices
More informationIoT Security Concerns and Renesas Synergy Solutions
IoT Security Concerns and Renesas Synergy Solutions Simon Moore CTO - Secure Thingz Ltd Agenda Introduction to Secure.Thingz. The Relentless Attack on the Internet of Things Building protection with Renesas
More informationSecureAge SecureDs Data Breach Prevention Solution
SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal
More informationSecuring your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10.
Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate A STEP-BY-STEP GUIDE to test, install and use a thawte Digital Certificate on your MS IIS Web
More informationLecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.
Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. 1 Opening quote. 2 The topics of cryptographic key management
More informationSecure cloud access system using JAR ABSTRACT:
Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that
More information1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies
1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?
More informationNetwork Security 101 Multiple Tactics for Multi-layered Security
Security and Resilience for Utility Network Communications White Paper Communications networks represent a partial paradox. The very openness and ubiquity that make them powerful can also present a weakness.
More informationSSL A discussion of the Secure Socket Layer
www.harmonysecurity.com info@harmonysecurity.com SSL A discussion of the Secure Socket Layer By Stephen Fewer Contents 1 Introduction 2 2 Encryption Techniques 3 3 Protocol Overview 3 3.1 The SSL Record
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationSecurity by Design WHITE PAPER
Security by Design WHITE PAPER Trilliant helps leading utilities and energy retailers achieve their smart grid visions through the Trilliant Communications Platform, the only communications platform purpose-built
More informationDNS security: poisoning, attacks and mitigation
DNS security: poisoning, attacks and mitigation The Domain Name Service underpins our use of the Internet, but it has been proven to be flawed and open to attack. Richard Agar and Kenneth Paterson explain
More informationCentral Agency for Information Technology
Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage
More informationfuture data and infrastructure
White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal
More informationWhy you need secure email
Why you need secure email WHITE PAPER CONTENTS 1. Executive summary 2. How email works 3. Security threats to your email communications 4. Symmetric and asymmetric encryption 5. Securing your email with
More informationChapter 6: Fundamental Cloud Security
Chapter 6: Fundamental Cloud Security Nora Almezeini MIS Department, CBA, KSU From Cloud Computing by Thomas Erl, Zaigham Mahmood, and Ricardo Puttini(ISBN: 0133387526) Copyright 2013 Arcitura Education,
More informationSecuring the Cloud Infrastructure
EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,
More informationWhite Paper. Enhancing Website Security with Algorithm Agility
ENHANCING WEBSITE SECURITY WITH ALGORITHM AGILITY White Paper Enhancing Website Security with Algorithm Agility Enhancing Website Security with Algorithm Agility Contents Introduction 3 Encryption Today
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationChapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More informationProtect Identities for people, workstations, mobiles, networks
ot Corporate ID Protect Identities for people, workstations, mobiles, networks Address your security needs with the leader in the corporate identity market Corporate security challenges The security of
More informationSecurity Guide. BES12 Cloud
Security Guide BES12 Cloud Published: 2015-08-20 SWD-20150812133927242 Contents Security features of BES12 Cloud...4 How BES12 Cloud protects data stored in BlackBerry data centers...4 How BES12 Cloud
More informationBootstrapping Secure Channels of Communication Over Public Networks
Bootstrapping Secure Channels of Communication Over Public Networks Human Interaction Security Protocols (HISPs) offer an entirely new way of authenticating teams to create robust security where none exists.
More informationSectra Communications ensuring security with flexibility
Panthon Sectra Communications ensuring security with flexibility Sectra has more than 30 years of experience in developing secure communications. We know what is required to meet the toughest demands.
More informationCryptography and Key Management Basics
Cryptography and Key Management Basics Erik Zenner Technical University Denmark (DTU) Institute for Mathematics e.zenner@mat.dtu.dk DTU, Oct. 23, 2007 Erik Zenner (DTU-MAT) Cryptography and Key Management
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationnwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
More informationTufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts.
Tufts University Department of Computer Science COMP 116 Introduction to Computer Security Fall 2014 Final Project Investigating Security Issues in Cloud Computing Guocui Gao Guocui.gao@tufts.edu Mentor:
More informationIMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT
INTERNATIONAL JOURNAL OF RESEARCH IN COMPUTER APPLICATIONS AND ROBOTICS ISSN 2320-7345 IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT Merlin Shirly T 1, Margret Johnson 2 1 PG
More informationDiscussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples The
More informationPKI: THE SECURITY SOLUTION FOR THE INTERNET OF THINGS
PKI: THE SECURITY SOLUTION FOR THE INTERNET OF THINGS TABLE OF CONTENTS 2 EXECUTIVE SUMMARY 3 THE EMERGENCE OF THE INTERNET OF THINGS 4 SECURITY RISKS IN NETWORKED DEVICES 6 PKI S FOUNDATION OF STRONG
More informationCOSC 472 Network Security
COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html
More informationIBM Connections Cloud Security
IBM Connections White Paper September 2014 IBM Connections Cloud Security 2 IBM Connections Cloud Security Contents 3 Introduction 4 Security-rich Infrastructure 6 Policy Enforcement Points Provide Application
More information7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.
Content 1.Introduction to Data and Network Security. 2. Why secure your Network 3. How Much security do you need, 4. Communication of network systems, 5. Topology security, 6. Cryptosystems and Symmetric
More informationAuthentication Application
Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be
More informationNetwork Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶
Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course
More informationEnterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions.
Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH White Paper February 2010 www.alvandsolutions.com Overview Today s increasing security threats and regulatory
More informationCounter Expertise Review on the TNO Security Analysis of the Dutch OV-Chipkaart. OV-Chipkaart Security Issues Tutorial for Non-Expert Readers
Counter Expertise Review on the TNO Security Analysis of the Dutch OV-Chipkaart OV-Chipkaart Security Issues Tutorial for Non-Expert Readers The current debate concerning the OV-Chipkaart security was
More informationSingle Sign-On Secure Authentication Password Mechanism
Single Sign-On Secure Authentication Password Mechanism Deepali M. Devkate, N.D.Kale ME Student, Department of CE, PVPIT, Bavdhan, SavitribaiPhule University Pune, Maharashtra,India. Assistant Professor,
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More information---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model---
---Information Technology (IT) Specialist (GS-2210) IT Security Model--- TECHNICAL COMPETENCIES Computer Forensics Knowledge of tools and techniques pertaining to legal evidence used in the analysis of
More information7 Key Management and PKIs
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 7 Key Management and PKIs 7.1 Key Management Key Management For any use of cryptography, keys must be handled correctly. Symmetric keys must be kept secret.
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC
More informationA Draft Framework for Designing Cryptographic Key Management Systems
A Draft Framework for Designing Cryptographic Key Management Systems Elaine Barker Dennis Branstad Santosh Chokhani Miles Smid IEEE Key Management Summit May 4, 2010 Purpose of Presentation To define what
More informationSecurity Goals Services
1 2 Lecture #8 2008 Freedom from danger, risk, etc.; safety. Something that secures or makes safe; protection; defense. Precautions taken to guard against crime, attack, sabotage, espionage, etc. An assurance;
More informationIntroduction to Security
2 Introduction to Security : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October 2013 its335y13s2l01, Steve/Courses/2013/s2/its335/lectures/intro.tex,
More informationGuide to Data Field Encryption
Guide to Data Field Encryption Contents Introduction 2 Common Concepts and Glossary 3 Encryption 3 Data Field Encryption 3 Cryptography 3 Keys and Key Management 5 Secure Cryptographic Device 7 Considerations
More informationSSL BEST PRACTICES OVERVIEW
SSL BEST PRACTICES OVERVIEW THESE PROBLEMS ARE PERVASIVE 77.9% 5.2% 19.2% 42.3% 77.9% of sites are HTTP 5.2% have an incomplete chain 19.2% support weak/insecure cipher suites 42.3% support SSL 3.0 83.1%
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More information