How DHS is Doing Cybersecurity with Content Filtering
|
|
- Augustine Cole
- 8 years ago
- Views:
Transcription
1 SESSION ID: TECH-W01 How DHS is Doing Cybersecurity with Content Filtering Tom Ruoff Department of Homeland Security National Protection and Programs Directorate Office of Cybersecurity and Communication/Chief Technology Office
2 DHS & Content Filtering Bottom Line Up Front Q1. Why is DHS is working on this? A1. Because current signature and detonation approaches are not sufficient to allow control of cyber attacks. Q2. What is better? A2. Content Filtering. Test results indicate emist is capable of blocking zero day malware at about a 99.5% rate. Q2. What does DHS want to accomplish? A3. Strategically improve cybersecurity. Tactically - stimulate both sides of the supply-demand equation to significantly enable and enhance cybersecurity posture for Federal Executive Branch Departments and Agencies as well as critical infrastructure owners and operators Information Technology systems through use of commercially available technology acquired at market driven cost. DHS wants to facilitate cybersecurity culture change to move time scale from months to milliseconds 2
3 DHS & Content Filtering What You Get Out of This Talk Agenda 1. Technical understanding of what content filtering is 2. How well it work in neutering malware test results 3. What DHS is doing with this cool stuff to protect itself 4. What are our next steps 5. What can you do with this knowledge 6. Motivation to use this approach to secure your enterprise 3
4 DHS & Content Filtering WHAT IS CONTENT FILTERING? Defining the terms 4
5 What is Content Filtering? A filtering technology based on a robust understanding of the syntactic structure and semantic meaning of the file type or protocol being filtered to pass known/validated good content Uses a bit/byte level understanding of the file compare to RFC Decomposed objects into base elements of file type/object protocol specification and then reassembles a clean version that excludes non-essential components Requires access to the file type/protocol specification (RFC) and/or extensive reverse engineering Specs frequently don t match reality so sometimes the decomposition process fails since the object does not de-compose per the specification; a Word doc is sometimes not a Word document per the Word RFC.or a Word document masquerades as a PowerPoint Not signature based Resulting file usually very close to original with minimal damage/changes 5
6 World of Malware Where Content Filter Fits In Two types of Malware attacks (1 of 2) 1. Syntactic The attacker sends incorrect, malformed, or unexpected data to the system in order to execute an exploit. Within syntactic based attacks there are two main variants: a. Non-compliance with Specification In this attack, the data does not comply with the file format/protocol specification and the software processing that data does not properly handle it leading to a program crash and possible exploit. b. Compliance with Specification In this attack, the data complies with the specification, but an incorrect assumption or decision by the developer on how to implement the specification leads to potential program crash and exploit. For example, suppose a program processes a length delimited file and the specification says that a data field is 128 characters but developer knew that by convention (e.g. common use) that only 16 characters were used so he hardcoded an array to be 16 characters long. If an attacker sent a specification compliant data field with 128 characters of data instead of 16 characters it could lead to a buffer overflow and possible exploit. 6
7 World of Malware Where Content Filter Fits in Two types of Malware attacks (2 of 2) 2. Semantic The attacker sends structurally correct but logically incorrect data to the system to cause the device to operate outside of its design parameters (e.g. tell a generator to operate 20K RPM above its design tolerance of 5K RPM). 7
8 So Why Does Content Filtering Work? Most malware very fragile, format conversion changes to the file can break it (render operationally useless) Malware likes to misrepresent itself E.g. a JPEG claiming to be TIFF Malware exploits defects in parsing, usually by providing a structurally wrong or logically incorrect file Malware developers like to hide in the portions of files used for metadata storage, at the end of the file, between segments/markers in a file, and via steganographic techniques in the payload of files (e.g. image data) 8
9 Content Filtering: Deep Content Inspection & Sanitization ASSUMPTIONS 1. Detecting malware is really hard so don t try 2. Malware is fragile so extracting content and re-assembling objects neuters almost all attacks 3. Exploding the malware is a good start to observe malicious behavior but not entirely effective 4. Active content within object protocol (Excel formulas) are benign the rest is assumed malicious 5. There is a user impact (like rendering URLs inactive) and need to be part of policy settings 6. If the object is not definable (Syntactic attack - kind of a Word 2007 ) then policy can either drop file or pass 9
10 Content Filtering Methods Deep Content Inspection and Sanitization Verifies file complies with specification, then writes out known good content Format Conversion Converts a file to another related format before converting back to the original file format (e.g. PDF to PS to PDF) File Flattening Converts file to another similar but usually less complex format that doesn t have the data attack risks of the original (e.g. PPT to series of JPG files) Canonicalization Convert contents from specialized form into normalized/raw form (e.g. audio files into PCM) 10
11 Typical Content Filtering Process Typical Office Document Text Dirty Word Search Based on a Dirty and Clean word list <Image> </Image> Images are inspected for format and sanitized for embedded information or malware <Excel> </Excel> Embedded objects are inspected up to a configurable level deep, usually 1 Macro removal filter <Macro> </Macro> Virus Cleaning 11
12 How Does it Work: MS Office (1 of 2) Microsoft Office Filters ( ), Word (.doc/.docx), Excel (.xls/.xlsx), PowerPoint (.ppt/.pptx) - Processing Steps 1. Validate file type compiles with official specification from Microsoft (2003 and below) or from Microsoft and the ISO for (2007+) 2. Recursively process MS Office into constituent parts 3. Perform text extraction for dirty word analysis 12
13 How Does it Work: MS Office (2 of 2) Microsoft Office Filters ( ), Word (.doc/.docx), Excel (.xls/.xlsx), PowerPoint (.ppt/.pptx) - Processing Steps continued 4. Send all non-ms Office components that are supported to other filters. If file type not supported then either fail the MS Office file or remove that object from the MS Office* 5. Non-MS Office components are filtered by their respective filters and if possible reinserted back into the parent MS office document 13
14 How Does it Work: Imagery JPEG (.jpg,.jpeg), Windows Bitmap (.bmp/.dib), Windows Metafile (.wmf), Windows Enhanced Metafile (.emf), Graphics Interchange Format (.gif), Portable Network Graphics (.png), Tagged Image File Format (.tiff) Processing Steps: 1. Validate file type compiles with official specification 2. Validate and/or remove metadata 3. Send metadata for dirty word analysis 4. Zeroize the least significant bits of the image data* 5. Rebuild and recompress image * Does not apply to WMF/EMF files 14
15 How Does it Work: Compressed Files PKzip (.zip), UNIX tar (.tar), GNU zip (.gz), BZip2 (.bz2) Steps: 1. Validate file type compiles with official specification 2. Check excessive levels of embedding (zip/tar) 3. Extract directory structure data 4. Extract all the files and throw away the container 5. Filter files 6. Rebuild container by reinserting filtered files. Failed files are replaced with zero byte files 15
16 How Does it Work: Text Text files (.txt/.csv/.log) Support 7 bit/8 bit ASCII and Unicode UTF-8 - Steps 1. Validate the file is non-executable textual data 2. Apply Regular Expressions to data (usually to neuter URLs) 3. Apply Dirty Word Filter to textual by rotating through a series of commonly used Code Pages (e.g. character encodings) 16
17 How Does it Work: PDF Adobe Portable Document Format (PDF) - Processing Steps 1. Validate file type compiles with official specification 2. Perform text extraction for Dirty Word Analysis 3. Convert PDF to Postscript (PS) then back to PDF 4. Validate that encrypted and JavaScript content were removed 17
18 Content Filtering Lab Test Results Methodology for determining emist s effectiveness at neutralizing malware and determining false positive rates: 1. Collect presumed good and malicious test data. 2. Verify the malicious data using established test bed. 3. Configure emist v3.0.3 with the appropriate policies, network configuration, etc. 4. Process files through emist v Record output results (e.g., passed, modified, rejected) for each file, per file type. 6. Evaluate malicious test set output files for malicious content using established test bed. 7. Analyze results and calculate 95% confidence-level ranges. 18
19 How Well Does Content Filtering Work Lab Results File Type Block/Cleansing Rate (479 Policy) Block/Cleansing Rate (Basic Policy) Doc 95.28% ± 2.02% 98.63% ± 1.56% Ppt 80.48% ± 24.76% //99% 71.92% ± 33.67% /99% Pdf 99.80% ± 0.16% 99.87% ± 0.18% Xls 96.62% ± 1.33%//98% 98.06% ± 1.43%//98% Gif 98.22% ± 2.50% //100% 96.56% ± 4.78% //100% Jpg 2.91% ± 1.33% 2.88% ± 1.86% Rtf N/A//99.8% N/A//99.8% At 95% Confidence Factor 19
20 How Well Does Content Filtering Work Lab Testing False Positive Rate File Type False Positive Rate (479 Policy) False Positive Rate (Basic Policy) doc 4.28% ± 0.79% 4.27% ± 1.12 ppt 5.36% ± 1.53% 5.68% ± 2.21% xls 8.26% ± 2.94% 8.73% ± 4.23% docx 5.03% ± 0.50% 44.55% ± 1.62% pptx 15.39% ± 1.10% 25.81% ± 1.89% xlsx 16.73% ± 2.37% 19.16% ± 3.52% pdf 1.49% ± 0.20% 3.39% ± 0.43% gif 1.73% ± 0.58% 1.82% ± 0.84% tiff 1.32% ± 0.32% 1.36% ± 0.46% jpg 1.45% ± 0.31% 1.36% ± 0.42% png 1.66% ± 0.29% 1.83% ± 0.42% bmp 1.88% ± 0.53% 2.03% ± 0.78% wmf 1.25% ± 0.56% 1.31% ± 0.81% emf 1.35% ± 0.42% 1.28% ± 0.57% 95% Confidence Factor 20
21 Review of Lab Testing Results from testing indicate emist appears to be capable of blocking zero day malware at about a 99.5% rate Pass rate is 98.5%, can be improved by tailoring dirty word list OR If object is not defined then send to secondary inspection process since this means the object may be malicious take a systems approach 21
22 DHS Operational Testing of emist We will put emist in our operational network (LAN A) to assess operational malicious content kill rate Test results forthcoming: we ran into operational issues so test results need to be verified before public release 22
23 emist Mail Content Filtering Combined with Behaviorbased Tools DHS SOC OneNet DC2 LAN-A Internet OneNet Hub Transport Server MS Outlook Client Main Inbox path 23
24 emist Mail Content Filtering Combined with Behaviorbased Tools DHS SOC OneNet DC2 LAN-A Internet OneNet Hub Transport Server emist Server emist Pilot adds Endpoint Protection ()- equipped laptops, an server, and the emist Mail Content Filtering tool CS&C Participants equipped Laptops 24
25 emist Mail Content Filtering Combined with Behaviorbased Tools DHS SOC OneNet DC2 LAN-A Internet OneNet Hub Transport Server traffic entering dhs.gov is replicated and goes to both primary Outlook server and emist emist emist Server CS&C Participants equipped Laptops 25
26 emist Mail Content Filtering Combined with Behaviorbased Tools emist extracts embedded attachments in s and cleans them emist s are reconstructed with their now-cleansed attachments re-inserted 26
27 emist Mail Content Filtering Combined with Behaviorbased Tools Pilot participants with laptops have Outlook Clients connect to 2 inboxes OneNet Allows tools to detect Hub malicious Transport behavior from files originating from Server either inbox Internet DHS SOC OneNet DC2 Server MS Outlook Client Main Inbox emist emist Server Test Inbox CS&C Participants -equipped Laptops 27
28 emist Mail Content Filtering Combined with Behaviorbased Tools on laptop monitors for and alerts on suspicious behaviors, including reference to files that are source of suspect behaviors Internet DHS SOC OneNet DC2 LAN-A OneNet Hub Transport Server MS Outlook Client Main Inbox emist emist Server Test Inbox CS&C Participants -equipped Laptops 28
29 emist Mail Content Filtering Combined with Behaviorbased Tools Data aggregated by server now supports multiple cybersecurity activities -detected behaviors from laptops 29
30 emist Mail Content Filtering Combined with Behaviorbased Tools -detected behaviors from laptops Malicious items successfully blocked by emist/ missed by current mechanisms 30
31 emist Mail Content Filtering Combined with Behaviorbased Tools -detected behaviors.gov s -detected behaviors emist test s Malicious items not blocked by emist candidates for tuning, signature development, or heuristics 31
32 DHS Use of Content Filtering What DHS is doing with content filtering to promote its use? We put emist and follow-on commercial in our operational network (LAN A) to assess operational malicious content kill rate slide show Will use evidence to justify and encourage procurement of commercial content filtering products Partnering with vendors to advance state of art for and web content filtering 32
33 DHS Use of Content Filtering What is DHS Doing next with content filtering? Programming next set of commercial product tests and operational demonstrations of kill rate and web Planning next set of operational tests using a TBD commercial product to perform content filtering on DHS LAN A Focus will be on sanitization rate, usability and availability Using evidence to justify and encourage procurement of commercial content filtering products Partnering with vendors to advance state of art for and web content filtering 33
34 What Can YOU Do with this Knowledge? 1. Research content filtering technology become smarter on pass known good approach 2. Become familiar with current commercial state of art 3. Go get some and protect your networks!!! 4. Demand vendors improve offerings the demand side of supply/demand 5. Developers: Go make better commercial offerings to advance state of art and lower cost through competition 34
35 Parting Words - Motivation 1. This approach works 98% zero day kill rate 2. It is not monetarily costly, sort of depends 3. This approach impacts user experience (based upon policy to block/pass undefinable objects) this is a good thing as it resets expectations for cost of security 4. Really drives bad guys cost up makes their job harder so maybe we are being strategically impactful 5. Soooo, go get some..market research! 35
Cybersecurity the Old Fashioned Way: Pass Known Good
Cybersecurity the Old Fashioned Way: Pass Known Good SESSION ID: : HT-W03 Moderator: Panelists: Dr. Peter Fonash CTO DHS/NPPD/CS&C Peter.Fonash@DHS.gov Dr. Brian Done Cyber Architect DHS/NPPD/CS&C Tom
More informationPoints to Note. Chinese and English characters shall be coded in ISO/IEC 10646:2011, and the set of Chinese
General Format, Manner and Procedure for the Submission of Electronic Information under Law by virtue of the Electronic Transactions Ordinance (Chapter 553) Points to Note (This Note aims to set out the
More informationSmithsonian Institution Archives Guidance Update SIA. ELECTRONIC RECORDS Recommendations for Preservation Formats. November 2004 SIA_EREC_04_03
SIA Smithsonian Institution Archives Guidance Update November 2004 ELECTRONIC RECORDS Recommendations for s SIA_EREC_04_03 Highlights Highlights of SIA_EREC_04_03, an update on electronic record preservation
More informationMy Account User Guide. Popfax.com login page. Easy, inexpensive Effective!
Popfax.com login page You can access your Popfax account by going to https://www.popfax.com/index.php?pop=compte. You might want to bookmark this link. You will be asked to enter your Login (the email
More informationClearswift SECURE File Gateway
Security solutions for a changing world You wouldn t leave your front door unlocked if you were going out for the day, so why do the same with your business? In today s rapidly evolving business environment,
More informationWhite Paper. 3-Heights Document Converter Basics and Applications
White Paper 3-Heights Document Converter Basics and Applications Contents Introduction...3 What does a central conversion service do?...3 How is the service used?...4 What are the benefits of a central
More informationIntrusion Defense Firewall
Intrusion Defense Firewall Available as a Plug-In for OfficeScan 8 Network-Level HIPS at the Endpoint A Trend Micro White Paper October 2008 I. EXECUTIVE SUMMARY Mobile computers that connect directly
More informationTEST METHODOLOGY. Endpoint Protection Evasion and Exploit. v4.0
TEST METHODOLOGY Endpoint Protection Evasion and Exploit v4.0 Table of Contents 1 Introduction... 3 1.1 Inclusion Criteria... 3 2 Product Guidance... 5 2.1 Recommended... 5 2.2 Neutral... 5 2.3 Caution...
More informationWildFire Overview. WildFire Administrator s Guide 1. Copyright 2007-2015 Palo Alto Networks
WildFire Overview WildFire provides detection and prevention of zero-day malware using a combination of malware sandboxing and signature-based detection and blocking of malware. WildFire extends the capabilities
More informationPreservation Handbook
Preservation Handbook [Binary Text / Word Processor Documents] Author Rowan Wilson and Martin Wynne Version Draft V3 Date 22 / 08 / 05 Change History Revised by MW 22.8.05; 2.12.05; 7.3.06 Page 1 of 7
More informationImage Based Spam: White Paper
The Rise of Image-Based Spam No matter how you slice it - the spam problem is getting worse. In 2004, it was sufficient to use simple scoring mechanisms to determine whether email was spam or not because
More informationMOBILE PRINTING: Secure Printing From Your Handheld Devices
DOCUTREND WEBINAR SERIES: MOBILE PRINTING: Secure Printing From Your Handheld Devices ---------------------------------------------------------------------------------------------------- For Telephone
More informationQuick Start Guide. Managing the Service. Converting Files and Folders
PEERNET has been successfully installed as a Windows service on your computer. The mini-tutorials below are designed to get you converting files as soon as possible. Converting Files and Folders Convert
More informationHelp. myprint introduction myprint website. Create account. Forgot your password? Home. Printing using upload (WebPrint)
myprint Help myprint introduction myprint website Create account Forgot your password? Home Printing using upload (WebPrint) Printing using email (EmailPrint) Printing using Right Mouse Click (Sent To
More informationPrint File Formats: A Comparative Analysis of EMF, OpenXPS and PDF for Enterprise Printing
White paper Print File Formats: A Comparative Analysis of EMF, OpenXPS and PDF for Enterprise Printing A technical comparison, analysis and evaluation of the three most widely adopted print file formats
More informationAlteva Fax USER GUIDE
Alteva Fax USER GUIDE 2015 Alteva, Inc. AFUG07092015 USER GUIDE 400 Market Street Suite 1100 PHONE 1.877.258.3722 SUPPORT 1.877.258.3828 Philadelphia, PA 19106 WEB www.alteva.com EMAIL info@alteva.com
More informationPublic FAQ Version: 25 Stand: 29.02.2016
Public FAQ Version: 25 Stand: 29.02.2016 Here you can find FAQs related to SecurePIM, SecurePIM Enterprise and SecurePIM Government. General /Allgemeines 29.02.2016 2/18 General On which devices and operating
More informationCARA v3.5 Sept 2013 Major new features. Set your users free
CARA v3.5 Sept 2013 Major new features Set your users free What is CARA CARA is an ergonomically designed, fast, web user interface and business rules engine, currently released for the following platforms:
More informationAdministration Guide. WatchDox Server. Version 4.8.0
Administration Guide WatchDox Server Version 4.8.0 Published: 2015-11-01 SWD-20151101091846278 Contents Introduction... 7 Getting started... 11 Signing in to WatchDox... 11 Signing in with username and
More informationArchiving digital documents and E-Mails in PDF/A
PDF/A Archiving digital documents and E-Mails in PDF/A *** Webinar Wednesday, May 27, 2009 *** PDF Tools AG 28.05.2009 Copyright 2008 PDF/A 1 Introductory remarks The presentation will last around 45 minutes
More informationHow Xena performs file format identification
How Xena performs file format identification Version 1.0 RKS: 2009/4024 Document Change Record Version Changed By Description of Changes Change Date 0.1 Allan Cunliffe Created March 2011 0.2 Allan Cunliffe
More informationDocument Management Release Notes
Document Management Release Notes Release 9.8 08/17/2011 2011 Sage Software, Inc. All rights reserved. Sage, the Sage logos and the Sage product and service names mentioned herein are registered trademarks
More informationHow to create an Email
How to create an Email Don't share mail You can set the mailbox not to be shared individually. The first thing to do after launching the Send mail screen is to select whether to share or not to share the
More informationCALL 888.MY.SPHERE (697.7437) FOR MORE SUPPORT CALL
FaxMail User Guide FaxMail User Guide» USING Vonage FAXMAIL... 3-5» SENDING FAXES... 3» RECEIVING FAXES... 4» NOTIFICATIONS... 5» APPENDICIES... 6-7» SUPPORTED FILE ATTACHMENTS... 6» E-MAIL SIGNATURES...
More information11.5 E-THESIS SUBMISSION PROCEDURE (RESEARCH DEGREES)
11.5 E-THESIS SUBMISSION PROCEDURE (RESEARCH DEGREES) 1 E-THESIS SUBMISSION PROCEDURE File format: E-Thesis - the following file formats will be accepted for deposit: Format Minimum version PDF 6.0 Microsoft
More informationServer-Based PDF Creation: Basics
White Paper Server-Based PDF Creation: Basics Copyright 2002-2009 soft Xpansion GmbH & Co. KG White Paper Server-Based PDF Creation: Basics 1 Table of Contents PDF Format... 2 Description... 2 Advantages
More informationEdit, sign and fax documents
Edit, sign and fax documents 13.11.2014 Popfax.com, Popfax, professional professional fax services, fax services, worldwide worldwide Background When it comes to business processes, signing documents is
More informationApplication Note. Version 2.0. AudioCodes Fax Server. Fax2Mail / Mail2Fax Applications. Fax Server for Microsoft Lync
AudioCodes Fax Server Fax2Mail / Mail2Fax Applications Survivable Branch Appliance (SBA) Application Note Fax Server for Microsoft Lync Version 2.0 September 2014 Document #: LTRT-28851 Application Note
More informationZipMail Client XML PDF PICT V11. New. New. New. For Microsoft Outlook
ZipMail Client For Microsoft Outlook Automatic and transparent on-the-fly Zip compression and decompression for Microsoft Outlook attached files Standard and AES-256 Zip password-based encryption and decryption
More informationStandards Development. PROS 14/00x Specification 3: Long term preservation formats
Standards Development PROS 14/00x Specification 3: Long term preservation formats 1 2 Copyright Statement State of Victoria 2014 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 This work is licensed
More informationZero Day Malware Threat Prevention
Zero Day Malware Threat Prevention Ensuring Document Safety with Outside In Clean Content ORACLE BRIEF JULY 2015 This brief describes how Oracle Outside In Clean Content can be used to remove and neutralize
More informationCatalyst CR Document Indexing Policy
Catalyst CR Document Indexing Policy While Catalyst CR can accept a wide variety of files for viewing, many formats are not appropriate for full-text indexing. This document sets forth our policy and procedures
More informationHow To Customize An Orgsync App On Anorus Mobile Security Suite On A Microsoft Ipad Oracle 2.5 (Ios) On A Pc Orca 2.2 (Iphone) On An Android Orca2 (Ip
Oracle Fusion Middleware Customization and Branding Guide for Oracle Mobile Security Suite Release 3.0 E51967-01 February 2014 Oracle Mobile Security Suite enhances employee productivity by allowing secure
More informationSymantec Protection Suite Add-On for Hosted Email and Web Security
Symantec Protection Suite Add-On for Hosted Email and Web Security Overview Your employees are exchanging information over email and the Web nearly every minute of every business day. These essential communication
More informationIntegrating Fax Sending Services
Integrating Fax Sending Services Developer Guide Enabled by Popfax Integrating Fax Sending Services Using SMTP API (mail to fax) DEVELOPER GUIDE Enabled by Popfax We recommend developers to register as
More informationBarracuda Intrusion Detection and Prevention System
Providing complete and comprehensive real-time network protection Today s networks are constantly under attack by an ever growing number of emerging exploits and attackers using advanced evasion techniques
More informationMalicious Email Mitigation Strategy Guide
CYBER SECURITY OPERATIONS CENTRE Malicious Email Mitigation Strategy Guide Introduction (UPDATED) SEPTEMBER 2012 1. Socially engineered emails containing malicious attachments and embedded links are commonly
More informationSIPAC. Signals and Data Identification, Processing, Analysis, and Classification
SIPAC Signals and Data Identification, Processing, Analysis, and Classification Framework for Mass Data Processing with Modules for Data Storage, Production and Configuration SIPAC key features SIPAC is
More informationQuick Reference Guide
Quick Reference Guide What s New in NSi AutoStore TM 6.0 Notable Solutions, Inc. System requirements Hardware Microsoft Windows operating system (OS) running on computer with at least a 2 GHz Processor
More informationOwner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de
Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Configuring the Forefront TMG HTTP Filter Abstract In this article I will show you how to configure
More informationVirtual Fax User Guide
Virtual Fax User Guide Contents Virtual Fax User Guide Chapter 1 - Getting Started... 1 Setting up an account... 1 Virtual Fax requirements... 1 Email requirements... 1 Web browser requirements...1 Chapter
More informationZipMail Client XML PDF PICT V11. New. New. New. Automatic and transparent on-the-fly Zip compression and decompression for Lotus. Notes attached files
ZipMail Client For IBM Lotus Notes Automatic and transparent on-the-fly Zip compression and decompression for Lotus Notes attached files Standard and AES-256 Zip password-based encryption and decryption
More informationEight Essential Elements for Effective Threat Intelligence Management May 2015
INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent
More informationPDF Primer PDF. White Paper
White Paper PDF Primer PDF What is PDF and what is it good for? How does PDF manage content? How is a PDF file structured? What are its capabilities? What are its limitations? Version: 1.0 Date: October
More informationAbout this release. McAfee Application Control and Change Control 6.1.1. Addendum. Content change tracking. Configure content change tracking rule
Addendum McAfee Application Control and Change Control 6.1.1 About this release For use with epolicy Orchestrator 4.6 5.0 Software This document is an addendum to the McAfee Change Control and Application
More informationThexyz Premium Webmail
Webmail Access all the benefits of a desktop program without being tied to the desktop. Log into Thexyz Email from your desktop, laptop, or mobile phone, and get instant access to email, calendars, contacts,
More informationSophos Mobile Encryption Help. Product version: 1.0 Document date: April 2012
Sophos Mobile Encryption Help Product version: 1.0 Document date: April 2012 Contents 1 About Sophos Mobile Encryption...3 2 Home view...5 3 itunes...6 4 Dropbox...7 5 Favorites...9 6 Document view...11
More informationAspose.Cells Product Family
time and effort by using our efficient and robust components instead of developing your own. lets you open, create, save and convert files from within your application without Microsoft Excel, confident
More informationFrequently Asked Questions
Clearswift SECURE ICAP Gateway v4.2 Version 01 30/07/2015 Clearswift Public Copyright Version 1.0, July, 2015 Published by Clearswift Ltd. 1995 2015 Clearswift Ltd. All rights reserved. The materials contained
More informationRIA SECURITY TECHNOLOGY
RIA SECURITY TECHNOLOGY Ulysses Wang Security Researcher, Websense Hermes Li Security Researcher, Websense 2009 Websense, Inc. All rights reserved. Agenda RIA Introduction Flash Security Attack Vectors
More informationParaben s P2C 4.1. Release Notes
Paraben s P2C 4.1 Release Notes Welcome to Paraben s P2C 4.1! Paraben's P2C is a comprehensive digital forensic analysis tool designed to handle more data, more efficiently while keeping to Paraben's P2
More informationThreatSpike Dome: A New Approach To Security Monitoring
ThreatSpike Dome: A New Approach To Security Monitoring 2015 ThreatSpike Labs Limited The problem with SIEM Hacking, insider and advanced persistent threats can be difficult to detect with existing product
More informationSophos for Microsoft SharePoint Help
Sophos for Microsoft SharePoint Help Product version: 2.0 Document date: March 2011 Contents 1 About Sophos for Microsoft SharePoint...3 2 Dashboard...4 3 Configuration...5 4 Reports...27 5 Search...28
More informationImageNow User. Getting Started Guide. ImageNow Version: 6.7. x
ImageNow User Getting Started Guide ImageNow Version: 6.7. x Written by: Product Documentation, R&D Date: June 2012 2012 Perceptive Software. All rights reserved CaptureNow, ImageNow, Interact, and WebNow
More informationSCI Gateway. 10.5 Newsletter er for Admin Users
Scottish Care Information SCI Gateway 10.5 Newsletter er for Admin Users The purpose of this newsletter is to highlight the changes to the admin function of SCI Gateway that occur in version 10.5. Changes
More informationVersion 3.0 May 2015 702P03414. Xerox Mobile Print Cloud User How To and Troubleshooting Guide
Version 3.0 May 2015 702P03414 2015 Xerox Corporation. All Rights Reserved. Xerox, Xerox and Design, ConnectKey, and Xerox Secure Access Unified ID System are trademarks of Xerox Corporation in the United
More informationUser Guide - Table of Contents
User Guide - Table of Contents Receiving Faxes Fax-to-Email Web Access to Faxes File Format Options Receiving Faxes on Wireless Devices Receiving Faxes Securely Integration and API Methods Archive Service
More informationDLA Internet Bid Board System (DIBBS):
DLA Internet Bid Board System (DIBBS): Post-Award Requests (PARs) in DIBBS Effective Post-Award Requests (PARs) in DIBBS Transaction or Activity Overview Purpose: To provide Vendors with step-by-step instructions
More informationDocument Exporter for Outlook
V6 Document Exporter for Outlook Export emails to PDF/XPS/DOC/MHT/HTM Bahrur Rahman AssistMyTeam SMB Solutions Welcome to Document Exporter for Outlook- A fast, light-weight add-in for Microsoft Outlook
More information(12) United States Patent
US008590045B2 (12) United States Patent Niemela et al. (io) Patent No.: US 8,590,045 B2 (45) Date of Patent: Nov. 19, 2013 (54) MALWARE DETECTION BY APPLICATION MONITORING (75) Inventors: Jarno Niemela,
More informationQbox User Manual. Version 7.0
Qbox User Manual Version 7.0 Index Page 3 Page 6 Page 8 Page 9 Page 10 Page 12 Page 14 Page 16 Introduction Setup instructions: users creating their own account Setup instructions: invited users and team
More informationNetwork Intrusion Detection Signatures, Part One by Karen Kent Frederick last updated December 19, 2001
Karen Kent Frederick (kkent@bigfoot.com) is a senior security engineer for the Rapid Response Team at NFR Security. She is a graduate of the University of Wisconsin- Parkside and is currently completing
More informationADP Workforce Now Portal Administrator Guide. Version 2.0 2.0-1
ADP Workforce Now Portal Administrator Guide Version 2.0 2.0-1 ADP Trademarks The ADP logo, ADP, and ADP Workforce Now are registered trademarks of ADP, Inc. Third-Party Trademarks Microsoft, Windows,
More informationImplementing Deep-Secure guards in NATO Information Exchange Gateways
Briefing Paper Implementing Deep-Secure guards in NATO Information Exchange Gateways March 2014 NATO Information Exchange Gateways An Information Exchange Gateway (IEG) is a system designed to enable the
More informationencoding compression encryption
encoding compression encryption ASCII utf-8 utf-16 zip mpeg jpeg AES RSA diffie-hellman Expressing characters... ASCII and Unicode, conventions of how characters are expressed in bits. ASCII (7 bits) -
More informationTRUSTED DOWNLOAD. Background
TRUSTED DOWNLOAD Background Scope NISPOM Requirements Definitions File Type/Formatting Issues Legacy Operating Systems Slack Space Issues DSS Authorized File Type/Formats DSS File Transfer Procedures DSS
More informationGlobalScan NX. Server 32/Server 750. Intelligent scanning for smarter workflow
SOLUTION Intelligent scanning for smarter workflow GlobalScan NX Server 32/Server 750 Designed to simplify daily document tasks, these easy-to-use software solutions provide a fast, streamlined approach
More informationFax Service QUICK START GUIDE
Receiving Faxes To receive faxes in your e-mail, give out your Broadview Fax service fax number to all of your contacts. When people send a fax to your Broadview fax number, your faxes will arrive in your
More informationElectronic Records Management Guidelines - File Formats
Electronic Records Management Guidelines - File Formats Rapid changes in technology mean that file formats can become obsolete quickly and cause problems for your records management strategy. A long-term
More informationArchitecture. The DMZ is a portion of a network that separates a purely internal network from an external network.
Architecture The policy discussed suggests that the network be partitioned into several parts with guards between the various parts to prevent information from leaking from one part to another. One part
More informationProgressBook ParentAccess Web Site Administration Guide
ProgressBook ParentAccess Web Site Administration Guide ProgressBook ParentAccess Web Site Administration Guide (This document is current for ProgressBook v12.3 or later.) 2012 Software Answers, Inc. All
More informationPEERNET File Conversion Center 6.0
Thank you for choosing PEERNET File Conversion Center. The PEERNET File Conversion Center integrates seamlessly with your desktop and Windows Explorer to allow you to quickly and easily convert office
More informationComputer Forensic Capabilities
Computer Forensic Capabilities Agenda What is computer forensics? Where to find computer evidence Forensic imaging Forensic analysis What is Computer Forensics? The preservation, identification, extraction,
More informationRicoh HotSpot Printer/MFP Whitepaper Version 4_r4
Ricoh HotSpot Printer/MFP Whitepaper Version 4_r4 Table of Contents Introduction... 3 What is a HotSpot Printer?... 3 Understanding the HotSpot System Architecture... 4 Reliability of HotSpot Service...
More informationScan Sequence and Action in Microsoft Forefront Protection 2010 for Exchange Server
Scan Sequence and Action in Microsoft Forefront Protection 2010 for Exchange Server Published: October, 2009 Software version: Forefront Protection 2010 for Exchange Server Carolyn Liu Introduction...
More informationImporting and Exporting With SPSS for Windows 17 TUT 117
Information Systems Services Importing and Exporting With TUT 117 Version 2.0 (Nov 2009) Contents 1. Introduction... 3 1.1 Aim of this Document... 3 2. Importing Data from Other Sources... 3 2.1 Reading
More informationLog Analysis: Overall Issues p. 1 Introduction p. 2 IT Budgets and Results: Leveraging OSS Solutions at Little Cost p. 2 Reporting Security
Foreword p. xvii Log Analysis: Overall Issues p. 1 Introduction p. 2 IT Budgets and Results: Leveraging OSS Solutions at Little Cost p. 2 Reporting Security Information to Management p. 5 Example of an
More informationRemoSync Business Email Features - Android
Supported Accounts using Microsoft Exchange ActiveSync (EAS) protocols Sync 1. Microsoft Exchange 2003 / 2007 / 2010 Email, Calendar & Tasks, Contacts. 2. Lotus Notes 8.5.1 and later versions - Email,
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationHow to apply. Online application process step by step External Candidates
How to apply. Online application process step by step External Candidates t 2 Online application process step by step External Candidates Status:01/2013 Dear Applicant, With the following instructions
More informationModule 1 Getting Started
Module 1 Getting Started Introduction Talent Connect Job Seeker User Guide The goal of the Pure Michigan Talent Connect website is to provide a centralized location for Employers and Job Seekers to connect.
More informationSophos for Microsoft SharePoint Help. Product version: 2.0
Sophos for Microsoft SharePoint Help Product version: 2.0 Document date: September 2015 Contents 1 About Sophos for Microsoft SharePoint...3 2 Dashboard...4 3 Configuration...5 3.1 On-access scan...5 3.2
More information2017 Australia Awards Scholarships. Electronic Application Form / 00
2017 Australia Awards Scholarships Electronic Application Form Instructions / 00 Contents Electronic Application Form Instructions... 2 To complete the electronic application form:... 2 To submit your
More informationSiteCelerate white paper
SiteCelerate white paper Arahe Solutions SITECELERATE OVERVIEW As enterprises increases their investment in Web applications, Portal and websites and as usage of these applications increase, performance
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationFile Management in OpenOffice.org
File Management in OpenOffice.org Title: File Management in OpenOffice.org Version: 1.0 First edition: December 2004 First English edition: December 2004 Contents Overview... iii Copyright and trademark
More informationHow to Send Video Images Through Internet
Transmitting Video Images in XML Web Service Francisco Prieto, Antonio J. Sierra, María Carrión García Departamento de Ingeniería de Sistemas y Automática Área de Ingeniería Telemática Escuela Superior
More informationFile Formats. Summary
Summary Rapid changes in technology mean that file formats can become obsolete quickly and cause problems for your records management strategy. A long-term view and careful planning can overcome this risk
More informationINTEGRATED COMPETENCY, COMPLIANCE, ASSURANCE AND TRAINING SOLUTIONS
INTEGRATED COMPETENCY, COMPLIANCE, ASSURANCE AND TRAINING SOLUTIONS A BLUEPRINT FOR COMPETENCY/COMPLIANCE ASSURANCE i 2 CAT is an integrated software solution for planning, developing and monitoring enterprise
More informationImageNow User Getting Started Guide
ImageNow User Getting Started Guide Version: 6.6.x Written by: Product Documentation, R&D Date: February 2011 ImageNow and CaptureNow are registered trademarks of Perceptive Software, Inc. All other products
More informationChange Color for Export from Light Green to Orange when it Completes with Errors (31297)
ediscovery 5.3.1 Service Pack 8 Release Notes Document Date: July 6, 2015 2015 AccessData Group, Inc. All Rights Reserved Introduction This document lists the issues addressed by this release. All known
More informationImageServer Technical Note
ImageServer Technical Note Operating Environment: Windows 2000/2003 Server Software Version: 6.1 October 2005 Contents 1 Introducing ImageServer 5 1.1 Overview.......................................................
More informationSecure File Exchange
Secure File Exchange Overview of the Secure File Exchange... 2 File exchange process... 2 Sending files to clients/portal users... 2 Receiving files from clients/portal users... 2 Setup... 3 How to request
More informationSimplify essential workflows with dynamic scanning capabilities. GlobalScan NX Server 32/Server 750 Capture & Distribution Solution
GlobalScan NX Server 32/Server 750 Capture & Distribution Solution SCAN > SHARE > MANAGE > DELIVER > ACCELERATE > Simplify essential workflows with dynamic scanning capabilities. > Manage scanned documents
More informationFirewall Testing Methodology W H I T E P A P E R
Firewall ing W H I T E P A P E R Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness
More informationIDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
More informationYour Desktop Fax Solution
The Power of Fax in Your Email Your Desktop Fax Solution As a leader and pioneer in multimedia messaging solutions, we combine the best features of fax technology and the convenience of email into one
More informationMMGD0203 Multimedia Design MMGD0203 MULTIMEDIA DESIGN. Chapter 3 Graphics and Animations
MMGD0203 MULTIMEDIA DESIGN Chapter 3 Graphics and Animations 1 Topics: Definition of Graphics Why use Graphics? Graphics Categories Graphics Qualities File Formats Types of Graphics Graphic File Size Introduction
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More information1 Recommended Readings. 2 Resources Required. 3 Compiling and Running on Linux
CSC 482/582 Assignment #2 Securing SimpleWebServer Due: September 29, 2015 The goal of this assignment is to learn how to validate input securely. To this purpose, students will add a feature to upload
More information