Security Advice for Instances in the HP Cloud

Size: px
Start display at page:

Download "Security Advice for Instances in the HP Cloud"

Transcription

1 Security Advice for Instances in the HP Cloud Introduction: HPCS protects the infrastructure and management services offered to customers including instance provisioning. An instance refers to a virtual machine within the HPCS environment. HPCS instances are provisioned in their default configuration which has in-built security mechanisms. Once an instance is provisioned, the security of the cloud infrastructure behind that instance, including the hypervisor level, will be protected by HPCS. Configuration management, access management, the application of software updates and all other on-going security and maintenance tasks required to maintain a secure instance are the responsibility of the customer. The best practices contained in this document provide guidance for increasing and maintaining the security of HPCS instances. The following security principles helped influence these best practices. Although best practices security principles cannot guarantee security, they do help to prevent common security flaws during use of HPCS services. 1. Defense in depth - Build a security infrastructure with multiple layers of defense such that if an outer layer is compromised, the underlying layers are unaffected and continue to offer protection 2. Fail securely - In the case of failure, systems should fail into a closed secure state 3. Principle of least privilege - Only the minimum level of access for users and services shall be granted 4. Compartmentalize - Systems will be segregated in a way that if one of is compromised, the others security will remain intact 5. Defense through simplicity - The required effort to understand and secure grows with a systems complexity 6. Promote privacy - The amount of information that can be gathered about a system and its users should be minimized 7. Default deny - By default, all access is explicitly denied 8. Logging capability - Appropriate logging shall be implemented to monitor for unauthorized use, incident response and forensics

2 Password Management Even on a single user system, password security is very important. There are many tools freely available to attack weak passwords on remote systems using dictionary, brute force, or hybrid methods. Applying the following points can significantly improve the password security of an instance. No Guest Accounts Wherever possible disable all guest account functionality. Use Cryptographically Strong Passwords - Use a password generator, preferably one installed locally on your system to generate strong, random passwords. It is recommended to be no less than 10 characters, but the longer the better. It is recommended to use upper and lowercase letters, numbers, and special characters, excluding dictionary-based words. Use Unique Passwords Avoiding the repetition of credentials helps protect you against the compromise of a password being able to affect all of your other accounts or services. Store Passwords Securely Consider using a password wallet type application. Do Not Share Passwords, unless this is for specific service related accounts. Use Security Groups Consider what purpose the instance was created for and create a security group that allows access to only these services. Security groups can be edited via the API or through the manage.hpcloud.com interface (via Manage Servers then Manage Security Groups ). The example below demonstrates a simple configuration for a web-server. Ports 80 and 443 are enabled for http and https access. Port 22 is enabled to allow management of the instance using SSH. Port 3389 needs to be opened for windows instances.

3 Isolate Networks Consider grouping your servers by purpose - Use multiple security groups to partition and secure your instances in logical groups. Think about the impact different layers of your infrastructure may have on one-another and plan accordingly. Use host based firewall rules on highly sensitive servers to further protect services from unwanted access. LINUX Least Privilege Users and services should operate with the least privileges required to function. In the event of a compromise the attacker must take further steps to gain a privileged account. Never use a root account if a normal account will do. Use sudo for occasional commands that require root privilege. Whenever possible do not run network facing applications as root. Don t run processes with privileges that they don t require. o Consider setting up service accounts for processes that require some elevation of privileges and setting your sudoers with only the commands needed to run the processes. Consider chrooting applications that require significant access to disk resources. Create a password protected SSH key By default most instance images offered by HP Cloud Services are configured to allow direct access to your instance as root, using an SSH Key for access that is not password protected. This achieves a balance between out-of-the-box usability and security. Users seeking to increase security should use a password protected key. The advantage of a password protected key is that if the key is lost or compromised (due to a compromised pc, USB stick, etc) it cannot be used without the password. 1. Generate a new keyfile through the management interface:

4 2. Save the contents into a.pem file locally, if possible save it in a safe area or encrypted drive. 3. To create an encrypted SSH Private Key from your stored file AnotherKey.pem run the following command in Linux: openssl rsa in AnotherKey.pem des3 out AnotherKey_Secure.pem Now safely remove AnotherKey.pem and you ll be left with a secure, triple-des encrypted keyfile that can t be used by an adversary without knowledge of your password. If you re accessing the Cloud from Windows then the process is even easier. Assuming that you re using PuTTY as your key-import tool; simply add a key passphrase when importing the key.

5 Reduce Instance attack surface HP Cloud Services instance images are standard server-edition images from various Linux distributions (Ubuntu, CentOS, etc). These images typically come in a reasonably secure configuration but also have a number of software services installed that may not be needed. Access to these services from the internet has already been curtailed by configuring the correct security groups for your instances, but installed services can still be accessed locally and via the loopback interface, opening the door for local privilege escalation attacks. Run nestat to see what processes are waiting for network connections and run ps to identify what processes are currently running: sudo netstat -punta To get more information on a process identified using netstat, run ps and specify the process ID (PID): sudo ps up <pid> Then use your package manager to remove any services or processes, such as daemons and printer services that you don t require.

6 yum remove <package name> apt-get remove <package name> Use Secure Protocols Always use secure channels (TLS/SSH) when authentication credentials are in flight Always use secure channels for transmission of sensitive data o SCP not FTP o RSYNC over SSH o SSH not Telnet Additional Security High risk servers require additional security, especially when handling customer traffic or containing sensitive information. Consider installing AIDE or Tripwire for file integrity checking. Consider ClamAV or similar anti-virus protection. Consider Swatch to watch log files. Consider Snort to watch inbound network traffic. Consider setting up Denyhost to protect remote access. OS Updates Maintain current OS versions via updates. If possible use the following commands to apply updates on a regular basis to keep the system up-to-date. It is recommended that if possible apply the patches first in a Test/Development environment first. For Debian based (Ubuntu): sudo apt-get update For RedHat based (CentOS/Fedora): sudo yum update It is suggested that as new versions of the OS you are running is released to setup and migrate your applications and data. This provides a clean slate and allows for the latest security patches and fixes that come with the new release to be applied.

7 WINDOWS Protecting Remote Desktop HP Cloud Services windows instances are configured with Remote Desktop enabled. However only the administrator user is present and allowed access. It is recommended to immediately change the administrator password to a strong password that you will remember. Next item would be to determine if you are running all newer clients that will be connecting to this host. If they are newer then it is recommended to change the setting from Allow connections from computers running any version of Remote Desktop (less secure) to Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure). It is also recommended to ensure that your security groups limit which hosts can actually connect to the RDP port. Without the use of client certificates to authenticate in conjunction with a password, it is a good idea to limit the number of attempts before the account is locked out to protect from brute force attacks against the password. It is also advised to rename the administrator account to something nonstandard so that if someone does try to brute-force that account they won t be successful.

8 Automatic Updates It is recommended to enable automatic updating of your instance to apply the Microsoft patches as they come out. To edit the settings: 1. Click Start click Run then type in gpedit.msc and hit enter. 2. Expand Computer Configuration 3. Expand Administrative Templates 4. Expand Windows Components 5. Click on Windows Updates 6. Double click on Configure Automatic updates. Option 3 auto downloads and then notifies for install. Best used for downloading the updates and then manually running the install. Best used for high uptime requirements. Option 4 Auto download and schedule install. Will download and then has an automatic install on a scheduled time. Set and will run and reboot. It is recommended to manually verify every so often that it has completed.

9 Reduce Instance attack surface HP Cloud Services instance images are standard server-edition images. These images typically come in a reasonably secure configuration but also have a number of software services installed that may not be needed. Access to these services from the internet has already been curtailed by configuring the correct security groups for your instances, but installed services can still be accessed locally and via the loopback interface, opening the door for local privilege escalation attacks. netstat abo This will give you a list of all listening ports, the executable that is running to create the port and the associated pid. Given this information, it is possible to see what may need uninstalled or what services may need stopped. From here load the add/remove programs to uninstall any software that is not needed. You can also click add/remove windows features to remove any features such as IIS or directory services from the computer. Least Privilege Users and services should operate with the least privileges required to function. In the event of a compromise the attacker must take further steps to gain a privileged account. Never use an administrator account if a normal account will do. Use runas for occasional commands that require administrator privilege. Whenever possible do not run network facing applications as administrator or network/system level. Don t run processes with privileges that they don t require. o Consider setting up service accounts for processes that require some elevation of privileges. Ensure proper file level permissions and ACL s are in place. Additional Security Consider using some form of virus/malware protection. Consider setting up event tasks to specific event log messages. Consider at minimum using the built-in host based firewall and look at getting a good Host Intrusion Prevention System(HIPS)

10 The information contained herein is subject to change without notice. The only warranties for HP and services are set forth in the express warranty statements accompanying such services. Nothing herein should be construed as constituting an additional warranty.

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011) Host Hardening (March 21, 2011) Abdou Illia Spring 2011 CERT Report on systems vulnerabilities Source: CERT Report @ http://www.kb.cert.org/vuls/bymetric 2 OS Vulnerability test Source: http://www.omninerd.com/articles/2006_operating_system_vulnerabilit

More information

Locking down a Hitachi ID Suite server

Locking down a Hitachi ID Suite server Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime

More information

Nixu SNS Security White Paper May 2007 Version 1.2

Nixu SNS Security White Paper May 2007 Version 1.2 1 Nixu SNS Security White Paper May 2007 Version 1.2 Nixu Software Limited Nixu Group 2 Contents 1 Security Design Principles... 3 1.1 Defense in Depth... 4 1.2 Principle of Least Privilege... 4 1.3 Principle

More information

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses 2004 Microsoft Corporation. All rights reserved. This document is for informational purposes only.

More information

Windows Remote Access

Windows Remote Access Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by

More information

How To Secure An Rsa Authentication Agent

How To Secure An Rsa Authentication Agent RSA Authentication Agents Security Best Practices Guide Version 3 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA,

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Building A Secure Microsoft Exchange Continuity Appliance

Building A Secure Microsoft Exchange Continuity Appliance Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building

More information

HP ProLiant Essentials Vulnerability and Patch Management Pack Server Security Recommendations

HP ProLiant Essentials Vulnerability and Patch Management Pack Server Security Recommendations HP ProLiant Essentials Vulnerability and Patch Management Pack Server Security Recommendations Security Considerations for VPM and HP SIM Servers Introduction... 3 External patch acquisition... 4 Comparing

More information

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2 Contents Introduction--1 Content and Purpose of This Guide...........................1 User Management.........................................2 Types of user accounts2 Security--3 Security Features.........................................3

More information

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems IT 4823 Information Security Administration Securing Operating Systems June 18 Security Maintenance Practices Basic proactive security can prevent many problems Maintenance involves creating a strategy

More information

Getting Started With Halo for Windows For CloudPassage Halo

Getting Started With Halo for Windows For CloudPassage Halo Getting Started With Halo for Windows For CloudPassage Halo Protecting your Windows servers in a public or private cloud has become much easier and more secure, now that CloudPassage Halo is available

More information

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2 RSA Authentication Manager 7.1 Security Best Practices Guide Version 2 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks

More information

SSL Tunnels. Introduction

SSL Tunnels. Introduction SSL Tunnels Introduction As you probably know, SSL protects data communications by encrypting all data exchanged between a client and a server using cryptographic algorithms. This makes it very difficult,

More information

RemotelyAnywhere. Security Considerations

RemotelyAnywhere. Security Considerations RemotelyAnywhere Security Considerations Table of Contents Introduction... 3 Microsoft Windows... 3 Default Configuration... 3 Unused Services... 3 Incoming Connections... 4 Default Port Numbers... 4 IP

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization

More information

Research Information Security Guideline

Research Information Security Guideline Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different

More information

Configuring Security Features of Session Recording

Configuring Security Features of Session Recording Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording

More information

HP IMC Firewall Manager

HP IMC Firewall Manager HP IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW102-20120420 Legal and notice information Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this

More information

NetPoint Configuration Guide. for thin clients

NetPoint Configuration Guide. for thin clients NetPoint Configuration Guide for thin clients Contents Layout of this Manual... 2 1.1 Components... 2 You can find the following items in the color box of the device:... 2 1.2 Recommended Server Configuration...

More information

Server Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4

Server Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4 Contents Is Rumpus Secure? 2 Use Care When Creating User Accounts 2 Managing Passwords 3 Watch Out For Aliases 4 Deploy A Firewall 5 Minimize Running Applications And Processes 5 Manage Physical Access

More information

HP Education Services

HP Education Services HP Education Services HP-UX Security (H3541S) Concerned about system security? HP s updated and enhanced HP-UX Security course can help you secure your systems and mitigate risks. Designed for experienced

More information

WDM Security Guidelines

WDM Security Guidelines WYSE TECHNOLOGY INC. WDM Security Guidelines Whitepaper v1.0 This document provides details on configuring Wyse Device Manager (WDM) to securely manage your Wyse cloud clients and zero clients. It provides

More information

Install and configure SSH server

Install and configure SSH server Copyright IBM Corporation 2009 All rights reserved Install and configure SSH server What this exercise is about... 1 What you should be able to do... 1 Introduction... 1 Part 1: Install and configure freesshd

More information

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

Biznet GIO Cloud Connecting VM via Windows Remote Desktop Biznet GIO Cloud Connecting VM via Windows Remote Desktop Introduction Connecting to your newly created Windows Virtual Machine (VM) via the Windows Remote Desktop client is easy but you will need to make

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

SERVER HARDENING. Presented by: Daniel Waymel and Corrin Thompson at TexSAW 2014 at the University of Texas at Dallas

SERVER HARDENING. Presented by: Daniel Waymel and Corrin Thompson at TexSAW 2014 at the University of Texas at Dallas SERVER HARDENING Presented by: Daniel Waymel and Corrin Thompson at TexSAW 2014 at the University of Texas at Dallas OUTLINE Intro Securing Your Access Restricting Unwanted Access Monitoring and Alerts

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

Global Knowledge MEA Remote Labs. Remote Lab Access Procedure

Global Knowledge MEA Remote Labs. Remote Lab Access Procedure Global Knowledge MEA Remote Labs Remote Lab Access Procedure Contents 1. Overview... 3 2. Student Workstation Requirements... 3 2.1. Windows Platforms... 3 2.2. Apple Platforms... 3 2.3. Linux Platforms...

More information

On-Site Computer Solutions values these technologies as part of an overall security plan:

On-Site Computer Solutions values these technologies as part of an overall security plan: Network Security Best Practices On-Site Computer Solutions Brian McMurtry Version 1.2 Revised June 23, 2008 In a business world where data privacy, integrity, and security are paramount, the small and

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

Security Configuration Guide P/N 300-010-493 Rev A05

Security Configuration Guide P/N 300-010-493 Rev A05 EMC VPLEX Security Configuration Guide P/N 300-010-493 Rev A05 June 7, 2011 This guide provides an overview of VPLEX security configuration settings, including secure deployment and usage settings needed

More information

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A

More information

Network Access Control ProCurve and Microsoft NAP Integration

Network Access Control ProCurve and Microsoft NAP Integration HP ProCurve Networking Network Access Control ProCurve and Microsoft NAP Integration Abstract...2 Foundation...3 Network Access Control basics...4 ProCurve Identity Driven Manager overview...5 Microsoft

More information

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at www.ccsoftware.ca!

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at www.ccsoftware.ca! Quick Start Guide Cerberus FTP is distributed in Canada through C&C Software. Visit us today at www.ccsoftware.ca! How to Setup a File Server with Cerberus FTP Server FTP and SSH SFTP are application protocols

More information

VoipSwitch Security Audit

VoipSwitch Security Audit VoipSwitch Security Audit Security audit was made at 1 st January 2013 (3.00 PM 10.00 PM UTC +1) by John Doe who is Security Advisor at VoipSwitch Company. Server's IP address : 11.11.11.11 Server has

More information

HP Device Manager 4.6

HP Device Manager 4.6 Technical white paper HP Device Manager 4.6 FTP Server Configuration Table of contents Overview... 2 IIS FTP server configuration... 2 Installing FTP v7.5 for IIS... 2 Creating an FTP site with basic authentication...

More information

Desktop : Ubuntu 10.04 Desktop, Ubuntu 12.04 Desktop Server : RedHat EL 5, RedHat EL 6, Ubuntu 10.04 Server, Ubuntu 12.04 Server, CentOS 5, CentOS 6

Desktop : Ubuntu 10.04 Desktop, Ubuntu 12.04 Desktop Server : RedHat EL 5, RedHat EL 6, Ubuntu 10.04 Server, Ubuntu 12.04 Server, CentOS 5, CentOS 6 201 Datavoice House, PO Box 267, Stellenbosch, 7599 16 Elektron Avenue, Technopark, Tel: +27 218886500 Stellenbosch, 7600 Fax: +27 218886502 Adept Internet (Pty) Ltd. Reg. no: 1984/01310/07 VAT No: 4620143786

More information

How To Set Up A Backupassist For An Raspberry Netbook With A Data Host On A Nsync Server On A Usb 2 (Qnap) On A Netbook (Qnet) On An Usb 2 On A Cdnap (

How To Set Up A Backupassist For An Raspberry Netbook With A Data Host On A Nsync Server On A Usb 2 (Qnap) On A Netbook (Qnet) On An Usb 2 On A Cdnap ( WHITEPAPER BackupAssist Version 5.1 www.backupassist.com Cortex I.T. Labs 2001-2008 2 Contents Introduction... 3 Hardware Setup Instructions... 3 QNAP TS-409... 3 Netgear ReadyNas NV+... 5 Drobo rev1...

More information

How it works. b) IP addresses are allocated dynamically and may change any time.

How it works. b) IP addresses are allocated dynamically and may change any time. NeoRouter is a cross-platform zero-configuration VPN solution that securely connects Windows, Mac and Linux computers at any locations into a virtual LAN and provides a networking platform for various

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility

More information

Nessus Agents. October 2015

Nessus Agents. October 2015 Nessus Agents October 2015 Table of Contents Introduction... 3 What Are Nessus Agents?... 3 Scanning... 4 Results... 6 Conclusion... 6 About Tenable Network Security... 6 2 Introduction Today s changing

More information

USB Secure Management for ProCurve Switches

USB Secure Management for ProCurve Switches ProCurve Networking USB Secure Management for ProCurve Switches Introduction... 2 A simple solution with multiple uses... 2 Staged deployment... 2 Remote deployment or upgrade... 3 Troubleshooting... 3

More information

HP Device Manager 4.6

HP Device Manager 4.6 Technical white paper HP Device Manager 4.6 Installation and Update Guide Table of contents Overview... 3 HPDM Server preparation... 3 FTP server configuration... 3 Windows Firewall settings... 3 Firewall

More information

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0. Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0 Page 1 of 9 Table of Contents Table of Contents... 2 Executive Summary...

More information

FortiOS Handbook - Hardening your FortiGate VERSION 5.2.3

FortiOS Handbook - Hardening your FortiGate VERSION 5.2.3 FortiOS Handbook - Hardening your FortiGate VERSION 5.2.3 FORTINET DOCUMENT LIBRARY http://docs.fortinet.com FORTINET VIDEO GUIDE http://video.fortinet.com FORTINET BLOG https://blog.fortinet.com CUSTOMER

More information

Getting Started With Halo for Windows

Getting Started With Halo for Windows Getting Started With Halo for Windows For CloudPassage Halo Protecting your Windows servers in a public or private cloud is much easier and more secure with CloudPassage Halo for Windows. Halo for Windows

More information

Cloud Security:Threats & Mitgations

Cloud Security:Threats & Mitgations Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer

More information

Monitoring Clearswift Gateways with SCOM

Monitoring Clearswift Gateways with SCOM Technical Guide Version 01 28/11/2014 Documentation Information File Name Document Author Document Filename Monitoring the gateways with _v1.docx Iván Blesa Monitoring the gateways with _v1.docx Issue

More information

SSH and FTP on Ubuntu 9.04. WNYLUG Neal Chapman 09/09/2009

SSH and FTP on Ubuntu 9.04. WNYLUG Neal Chapman 09/09/2009 SSH and FTP on Ubuntu 9.04 WNYLUG Neal Chapman 09/09/2009 SSH (Secure Shell) Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices.

More information

October 2013 702P00860. Xerox App Studio. Information Assurance Disclosure. Version 2.0

October 2013 702P00860. Xerox App Studio. Information Assurance Disclosure. Version 2.0 October 2013 702P00860 Xerox App Studio Information Assurance Disclosure Version 2.0 2013 Xerox Corporation. All rights reserved. Xerox and Xerox and Design and ConnectKey are trademarks of Xerox Corporation

More information

Alert (TA14-212A) Backoff Point-of-Sale Malware

Alert (TA14-212A) Backoff Point-of-Sale Malware Alert (TA14-212A) Backoff Point-of-Sale Malware Original release date: July 31, 2014 Systems Affected Point-of-Sale Systems Overview This advisory was prepared in collaboration with the National Cybersecurity

More information

Installing and Configuring vcenter Multi-Hypervisor Manager

Installing and Configuring vcenter Multi-Hypervisor Manager Installing and Configuring vcenter Multi-Hypervisor Manager vcenter Server 5.1 vcenter Multi-Hypervisor Manager 1.1 This document supports the version of each product listed and supports all subsequent

More information

FTP Server Configuration

FTP Server Configuration FTP Server Configuration For HP customers who need to configure an IIS or FileZilla FTP server before using HP Device Manager Technical white paper 2 Copyright 2012 Hewlett-Packard Development Company,

More information

AT&T CLOUD SERVICES. AT&T Synaptic Compute as a Service SM : How to Get Started. Version 2.0 January 2012

AT&T CLOUD SERVICES. AT&T Synaptic Compute as a Service SM : How to Get Started. Version 2.0 January 2012 Version 2.0 January 2012 AT&T CLOUD SERVICES AT&T Synaptic Compute as a Service SM : How to Get Started 2012 AT&T Intellectual Property. All rights reserved. Notice Copyright AT&T Intellectual Property.

More information

Deploy Remote Desktop Gateway on the AWS Cloud

Deploy Remote Desktop Gateway on the AWS Cloud Deploy Remote Desktop Gateway on the AWS Cloud Mike Pfeiffer April 2014 Last updated: May 2015 (revisions) Table of Contents Abstract... 3 Before You Get Started... 3 Three Ways to Use this Guide... 4

More information

Syncplicity On-Premise Storage Connector

Syncplicity On-Premise Storage Connector Syncplicity On-Premise Storage Connector Implementation Guide Abstract This document explains how to install and configure the Syncplicity On-Premise Storage Connector. In addition, it also describes how

More information

HP A-IMC Firewall Manager

HP A-IMC Firewall Manager HP A-IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW101-20110805 Legal and notice information Copyright 2011 Hewlett-Packard Development Company, L.P. No part of this

More information

Chapter 11 Cloud Application Development

Chapter 11 Cloud Application Development Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How

More information

Linux Security Ideas and Tips

Linux Security Ideas and Tips Linux Security Ideas and Tips Hugh Brown Sr. Systems Administrator ITS Enterprise Infrastructure University of Iowa October 8, 2014 Hugh Brown (University of Iowa) Linux Security Ideas and Tips October

More information

Web Plus Security Features and Recommendations

Web Plus Security Features and Recommendations Web Plus Security Features and Recommendations (Based on Web Plus Version 3.x) Centers for Disease Control and Prevention National Center for Chronic Disease Prevention and Health Promotion Division of

More information

Grandstream Networks, Inc. UCM6100 Security Manual

Grandstream Networks, Inc. UCM6100 Security Manual Grandstream Networks, Inc. UCM6100 Security Manual Index Table of Contents OVERVIEW... 3 WEB UI ACCESS... 4 UCM6100 HTTP SERVER ACCESS... 4 PROTOCOL TYPE... 4 USER LOGIN... 4 LOGIN TIMEOUT... 5 TWO-LEVEL

More information

Table of Contents. Page 1 of 6 (Last updated 30 July 2015)

Table of Contents. Page 1 of 6 (Last updated 30 July 2015) Table of Contents What is Connect?... 2 Physical Access Controls... 2 User Access Controls... 3 Systems Architecture... 4 Application Development... 5 Business Continuity Management... 5 Other Operational

More information

Thinspace deskcloud. Quick Start Guide

Thinspace deskcloud. Quick Start Guide Thinspace deskcloud Quick Start Guide Version 1.2 Published: SEP-2014 Updated: 16-SEP-2014 2014 Thinspace Technology Ltd. All rights reserved. The information contained in this document represents the

More information

Laboration 3 - Administration

Laboration 3 - Administration Laboration 3 - Administration During this laboration we will learn how to install, configure and test servers that will allow you to have access remote machines, copy files between computers and file sharing.

More information

Securing Windows Remote Desktop with CopSSH

Securing Windows Remote Desktop with CopSSH Securing Windows Remote Desktop with CopSSH Presented by DrNathan@teamhackaday.com If you enjoyed this article, please consider joining our Folding@Home team I like having the ability to remotely access

More information

PowerChute TM Network Shutdown Security Features & Deployment

PowerChute TM Network Shutdown Security Features & Deployment PowerChute TM Network Shutdown Security Features & Deployment By David Grehan, Sarah Jane Hannon ABSTRACT PowerChute TM Network Shutdown (PowerChute) software works in conjunction with the UPS Network

More information

CCM 4350 Week 11. Security Architecture and Engineering. Guest Lecturer: Mr Louis Slabbert School of Science and Technology.

CCM 4350 Week 11. Security Architecture and Engineering. Guest Lecturer: Mr Louis Slabbert School of Science and Technology. CCM 4350 Week 11 Security Architecture and Engineering Guest Lecturer: Mr Louis Slabbert School of Science and Technology CCM4350_CNSec 1 Web Server Security The Web is the most visible part of the net

More information

Compliance and Security Information Management for PCI DSS Requirement 10 and Beyond

Compliance and Security Information Management for PCI DSS Requirement 10 and Beyond RSA Solution Brief Compliance and Security Information Management for PCI DSS Requirement 10 and Beyond Through Requirement 10, PCI DSS specifically requires that merchants, banks and payment processors

More information

Five Steps to Improve Internal Network Security. Chattanooga ISSA

Five Steps to Improve Internal Network Security. Chattanooga ISSA Five Steps to Improve Internal Network Security Chattanooga ISSA 1 Find Me AverageSecurityGuy.info @averagesecguy stephen@averagesecurityguy.info github.com/averagesecurityguy ChattSec.org 2 Why? The methodical

More information

How Reflection Software Facilitates PCI DSS Compliance

How Reflection Software Facilitates PCI DSS Compliance Reflection How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance In 2004, the major credit

More information

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway Unifying Information Security Implementing TLS on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 3 2 Understanding TLS... 4 3 Clearswift s Application of TLS... 5 3.1 Opportunistic TLS...

More information

Security. TestOut Modules 12.6 12.10

Security. TestOut Modules 12.6 12.10 Security TestOut Modules 12.6 12.10 Authentication Authentication is the process of submitting and checking credentials to validate or prove user identity. 1. Username 2. Credentials Password Smart card

More information

Getting Started With Your Virtual Dedicated Server. Getting Started Guide

Getting Started With Your Virtual Dedicated Server. Getting Started Guide Getting Started Guide Getting Started With Your Virtual Dedicated Server Setting up and hosting a domain on your Linux Virtual Dedicated Server using Plesk 8.0. Getting Started with Your Virtual Dedicated

More information

Linux Operating System Security

Linux Operating System Security Linux Operating System Security Kenneth Ingham and Anil Somayaji September 29, 2009 1 Course overview This class is for students who want to learn how to configure systems to be secure, test the security

More information

2X SecureRemoteDesktop. Version 1.1

2X SecureRemoteDesktop. Version 1.1 2X SecureRemoteDesktop Version 1.1 Website: www.2x.com Email: info@2x.com Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious

More information

A Guide to New Features in Propalms OneGate 4.0

A Guide to New Features in Propalms OneGate 4.0 A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously

More information

Docufide Client Installation Guide for Windows

Docufide Client Installation Guide for Windows Docufide Client Installation Guide for Windows This document describes the installation and operation of the Docufide Client application at the sending school installation site. The intended audience is

More information

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014 Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014 Introduction: Cyber attack is an unauthorized access to a computer

More information

Network Defense Tools

Network Defense Tools Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds ravikantvanjara@gmail.com What is Firewall? A firewall

More information

Workflow Templates Library

Workflow Templates Library Workflow s Library Table of Contents Intro... 2 Active Directory... 3 Application... 5 Cisco... 7 Database... 8 Excel Automation... 9 Files and Folders... 10 FTP Tasks... 13 Incident Management... 14 Security

More information

How To Achieve Pca Compliance With Redhat Enterprise Linux

How To Achieve Pca Compliance With Redhat Enterprise Linux Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving

More information

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X) WHITE PAPER SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X) INTRODUCTION This document covers the recommended best practices for hardening a Cisco Personal Assistant 1.4(x) server. The term

More information

visionapp Remote Desktop 2010 (vrd 2010)

visionapp Remote Desktop 2010 (vrd 2010) visionapp Remote Desktop 2010 (vrd 2010) Convenient System Management P roduct Information www.vrd2010.com Inhalt 1 Introduction... 1 2 Overview of Administration Tools... 1 2.1 RDP Administration Tools...

More information

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by

More information

Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!

Black Box Penetration Testing For GPEN.KM V1.0 Month dd #$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;! Sample Penetration Testing Report Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$%&'#)*)&'+,-./0.-121.030045.5675895.467:;83-/;0383; th, yyyy A&0#0+4*M:+:#&*#0%+C:,#0+4N:

More information

BM482E Introduction to Computer Security

BM482E Introduction to Computer Security BM482E Introduction to Computer Security Lecture 7 Database and Operating System Security Mehmet Demirci 1 Summary of Lecture 6 User Authentication Passwords Password storage Password selection Token-based

More information

Virtualization Security Checklist

Virtualization Security Checklist Virtualization Security Checklist This virtualization security checklist is intended for use with enterprise full virtualization environments (as opposed to paravirtualization, application or operating

More information

SUNDE TM. User s Manual for H4 and earlier models

SUNDE TM. User s Manual for H4 and earlier models SUNDE TM User s Manual for H4 and earlier models 2012 Huiyuan Co., Ltd. All rights reserved. THANK YOU FOR PURCHASING SUNDE NETWORK TERMINAL. PLEASE READ THIS MANUAL CAREFULLY BEFORE USE. NOTE: All the

More information

Building Energy Security Framework

Building Energy Security Framework Building Energy Security Framework Philosophy, Design, and Implementation Building Energy manages multiple subsets of customer data. Customers have strict requirements for regulatory compliance, privacy

More information

Linux Boot Camp. Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett

Linux Boot Camp. Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett Linux Boot Camp Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett Schedule for the Week Schedule for the Week Mon Welcome from Enrollment Management

More information

White Paper. BD Assurity Linc Software Security. Overview

White Paper. BD Assurity Linc Software Security. Overview Contents 1 Overview 2 System Architecture 3 Network Settings 4 Security Configurations 5 Data Privacy and Security Measures 6 Security Recommendations Overview This white paper provides information about

More information

December 2015 702P00860. Xerox App Studio 3.0 Information Assurance Disclosure

December 2015 702P00860. Xerox App Studio 3.0 Information Assurance Disclosure December 2015 702P00860 Xerox App Studio 3.0 Information Assurance Disclosure 2014 Xerox Corporation. All rights reserved. Xerox and Xerox and Design and ConnectKey are trademarks of Xerox Corporation

More information

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

Sharp Remote Device Manager (SRDM) Server Software Setup Guide Sharp Remote Device Manager (SRDM) Server Software Setup Guide This Guide explains how to install the software which is required in order to use Sharp Remote Device Manager (SRDM). SRDM is a web-based

More information

How to Use? SKALICLOUD DEMO

How to Use? SKALICLOUD DEMO How to Use? SKALICLOUD DEMO Account Login Page SkaliCloud Control Panel Overview Step 1: Click Add and Select Server Button to create your Server, add your Drive, Private Vlan or Static IP You are now

More information

SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements

SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements SolarWinds Security Information Management in the Payment Card

More information