More effective protection for your access control system with end-to-end security
|
|
- Brice Chandler
- 8 years ago
- Views:
Transcription
1 More effective protection for your access control system with end-to-end security By Jeroen Harmsen
2 The first article on end-to-end security appeared as long ago as The principle originated in ICT and is actually a design principle for computer networks. Because ICT and physical access control are becoming increasingly integrated, ICT principles are also being used more and more often in the world of physical access control as well. The security world is changing rapidly and articles about successful hacks are appearing every day. In addition, organizations are now being required to be increasingly open and accessible. What is more, systems also need to be connected to each other for management reasons and must be available from outside via internet connections. These combinations call for the continual adaptation of your security in line with the new reality, which includes your access control system. Below you will find a number of questions you could ask yourself. Are you aware of possible threats and risks? How long is it since you had a risk analysis carried out or are you aware of the consequences if social engineering is successfully applied? What are your 3 biggest risks and do you know how the security of your access control system is arranged? One thing is certain, your access control system will be safer and more resistant to threats if end-to-end security is used. In this document, we would like to tell you more about end-to-end security. What exactly does it entail? And what do you need to be aware of in the case of end-to-end security? In doing so, we will consider the various aspects, commonly-used terminology and various protection methods that form part of end-to-end security. The purpose of end-to-end security is to protect the interrelationship that exists between the individual components of an access control system against potential threats. As a result of this, you can rely on the fact that your access control system is secure and that the individual requesting access really is the person you want to grant access to. End-to-end security also ensures that the access information is not altered en-route. In order to achieve this, all of the components that make up the system must be properly protected. This document therefore discusses the individual components, the threats they are subject to and what action you can take in order to protect them. As a result, you will learn how to improve the effectiveness of your access control system, while limiting the risks but maintaining the ease of access. I CT and physical access control are becoming more and more interwoven. One of the reasons for this is that the server for the access control system is often located in the ICT department. Buildings are becoming more accessible to the public and as a result there is a greater need for sound Identity and Access Management. In addition to this, access control in the form of identification and authentication is becoming increasingly important for the use of applications. And confidential information, such as files, personal data or sales information, must be properly safeguarded. If you employ a suitable type of architecture for physical access control, you can also use it for ICT access control (otherwise known as logical access control). You can use the proven principles derived from IT in your access control system. These security principles are defined as the package of desired system characteristics, behaviour, design and implementation methods that endeavour to reduce the likelihood of threats and their associated impact, if a threat materializes. Security principles provide assistance in formulating requirements, in making decisions in relation to access control architecture and implementation and in detecting possible weaknesses in the system. By applying these nine principles you can easily use digital certificates (PKI), multi-factor authentication or encryption with the same card that you use for physical access control. You can read more about this in our paper: The importance of well-defined security principles. In addition, your security advisor can give you more information about this and can advise you and help you make the right choices. 3
3 What is end-to-end security? End-to-end security gives you absolutely certainty that your access control system is effectively protected from start to finish and will only grant entry to those to whom you wish to grant access. This can only happen if the information is not altered en-route. It is therefore a case of evaluating the authenticity and integrity of all components within your system: Authenticity Integral security check By implementing an additional check (requesting To achieve effective end-to-end security, it is necessary to check the protection of the entire chain. This a PIN code for example) in addition to the claim (such as the presentation of a card), you can be certain that a therefore extends further than simply checking the person claiming to be someone or something really is encryption technology of an access card. An effective what he/she is claiming to be. method is to examine the chain from the attacker s point of view. What are the weaknesses of the various Integrity components? What opportunities do these provide for Using encryption makes it impossible to alter the hacking? message that passes from component to component within your access control while it is en-route. Other encryption standard The constant changing of encryption technology has major consequences for access control systems. In many cases this is still not being recognized sufficiently. Faster computers will be able to crack passwords or encryption more quickly. Nowadays everyone realizes that a password has to be more complicated than six letters. But what they often do not realise is that today s encryption standard will probably be outdated in five years time. A welldesigned system is capable of adapting itself to this, now and in the future. The basic principle behind keys Access control systems use encryption. The Kerckhoff principle, which forms the basis of cryptography, therefore also applies to access control systems: the security of an encryption system must only depend on the confidentiality of the cryptographic keys used by the system. What isn t end-to-end security? The term end-to-end is being used more and more frequently. This has led to many misconceptions about the content and application of this term, such as: A good end-to-end access control system is, by definition, secure Unfortunately, this is not always the case. In addition to effective end-to-end security, additional measures, such as good employee training in matters relating to security, are also needed, in order to make your access control totally secure. End-to-end involves social hacking In the case of social hacking, the enemy builds up trust and then makes use of that trust in order to manipulate the behaviour of your access control system. For example, by pretending to be the help desk, as a result of which your receptionist hands over the access details. A countermeasure is to raise the awareness amongst colleagues, using methods such as role-playing, for example. This will only deliver more effective security for an individual component of the chain on which end-to-end security is focusing its attention, however. End-to-end security only concerns card technology Card technology is also only one of the security links in your access control system. As a result of popular hacks -involving the Public Transport chip card for example- this is often the first component that comes to people s minds when they think of end-to-end security. End-to-end security equates to procedures governing password management and administrator accounts Once again, ensuring the effective security of passwords and administrator accounts actually forms only a single component of end-to-end security, but it is extremely important. Because a technically perfect, secure access control system that still has the default password while it is connected to the ICT infrastructure, can result in leaks such as the one experienced by Google Australia with their building control system. Researchers hack building control system at Google Australia Leaks in access control systems attract less attention than security leaks in industrial systems. But when a hack involves a major name, such as Google, everyone - rightly - pays attention. Google Australia uses a building control system built on the Tridium Niagara AX platform. The main server is in the ICT department, while responsibility for the building control system resides with the security managers. As a result of poor communications between them, a patch released by Tridium was not installed on Google s system. As a result, hackers were able to retrieve the default password ( anyonesguess ) and penetrate the system. This hack could most probably have been prevented if attention had been paid to three issues in the field of security: The online availability of the system significantly increases its accessibility to potential enemies. No checks governing the procedures used to change the default passwords and log-in details are in place, or they have not been applied correctly. Patches and updates must always be installed in good time to minimize possible security breaches. 4 5
4 Find the weakest link In end-to-end security, it s important to consider that the chain is only as strong as its weakest link. That is why it is essential that an access control system is always evaluated in its entirety, so as to discover where that weakest link can be found. The components and their communications The following components and their mutual communications are of importance when evaluating the end-to-end security of your access control system: Cards / biometrics Cards form an important part of access control systems and many different types of cards are available. The type of data encryption employed can also differ greatly between those different types. In the text box entitled Card technologies we have included an explanation of a number of different types of cards. Card-Reader transmission The transmission of information between the card and the reader provides an opportunity for hacking. This could take the form of eavesdropping or skimming, or could involve pretending to be someone else (spoofing). Encryption is an effective security technique that can be used to counter this. The most secure method is to only have this encryption card decoded by the controllers, because they are usually located on the secure side of the building. Card technologies The most commonly used card technology is Mifare from NXP semiconductors. Different versions have different forms of encryption: Classic This card makes use of NXP s own encryption. This can be hacked within ten seconds, however, using a laptop. What is more, this card can also be cloned. Plus Readers / antennas The reader reads the card details and converts it into a wired signal. The reader therefore does not really have to do anything with the information that is on the card. This means that there is no need for decoding to take place in the reader. After all, allowing decoding to take place in the reader would only create a security risk, because the keys for decoding are also held on the reader. This is a risk that must not be underestimated, although many of the solutions in use provide only limited options. Reader-Controller transmission The same risks of hacking by eavesdropping, skimming or spoofing that apply in relation to card-reader transmission also apply here. It is therefore important to take care that you are not using a generic protocol such as the popular Wiegand protocol as this is very susceptible to hacking. Mifare Plus supports 128-bit AES encryption, but so does Mifare Classic. This is ideal for upgrading, but this card is not protected against brute force and crypto-analysis attacks. DESFire This card incorporates 3DES and AES encryption. AES is the successor to 3DES, which itself was the successor to DES encryption. DESFire is still widely used, although nowadays it is primarily DESFire EV1 that is used. DESFire EV1 Controllers Controllers are vulnerable in the chain, because a lot of information is stored there. Fortunately, controllers are usually installed on the secure side of the building, which provides them with a certain degree of protection. Have you stored the decoding keys in the controllers? If so, it is important to ensure that no controllers can be stolen (including those for any outbuildings). The keys should be stored within the controller, in a secure vault that cannot be hacked, such as in a SAM module. This is the successor to DESFire, it provides 128-bit AES encryption. DESFire EV2 This card is the successor of DESFire EV1 and is capable of storing different keys for different applications. Controller-Server transmission The connection between the controller and the server is usually established by means of a TCP/IP connection on the secure, internal (separate) company network (VPN). Encryption is important here too. Server The server determines all access rights and transmits these to the controllers. It is therefore important to ensure that an effective firewall is in place and that the server is housed in a physically secure room. Make sure that security managers do not forget to update the server - as happened in the case involving Google - because the server is physically located in the ICT room.
5 Key management Of all the components discussed above, key management is probably the most troublesome component of end-to-end security, because it influences all kinds of other aspects: systems, user training and the communications between organizations and departments. Key management means the creation, exchange, storage, use and changing of cryptographic keys in a security system. Cryptographic protocols, key servers and certificate servers and standard procedures are required to do this properly. Configuration card and secure transport Central key management The card producer is usually responsible for key Whenever your organization changes a key, you management but it can also be organized internally. don t, of course, want to have to visit every door and Special software is needed for this in both cases. If you location to let the system know that a new key is being take new keys into use, it is important that everyone used. That is simply not necessary in the case of key involved is aware of this. Good communication management. If situations such as this are arranged between the organization and the card producer is correctly, central key management ensures safe therefore essential. The keys are transferred using distribution with fewer risks when updating to a new a so-called configuration card - a card on which the key, is easy to manage and is less costly. (mother) key has been saved - which is delivered by secure transport. Same cards, different key Cards are able to store multiple keys. As a result, cards can be used longer and your organization can change the key without having to have new cards within the period concerned. The more keys that can be stored on a single card, the longer the organization can keep using the cards that have been supplied. The key can be changed as a preventative measure or as a necessity if a key has been hacked. Continuous adjustment to developments As a result of risks, an access control system may have a number of weak points. Taking account of this in advance when choosing an access control system can therefore avoid a whole host of problems. Risks with securing access control systems Updating card readers remotely From the point of view of end-to-end security, it has The risks above increase the likelihood that new been established that the security of an access control card technologies will be required during the service system is always susceptible to a number of risks: life of the total system. That is why it is increasingly important to have the facility to update card readers Security methods are being hacked continuously. to new technologies remotely. For example, when an This is borne out by the fact that, since the card update from Mifare Classic to Mifare DESFire EV1 or technology of Mifare Classic has been hacked, the EV2 is required, or if an NFC (Near Field Communication) phone has to be used as an access card. newer technology of Mifare DESFire 3DES has now also been hacked. The chance of this happening with new cards too is ever present. Effective key management In view of the current risks, effective key management is increasingly important. That is the reason Nowadays, hacked default protocols can be shared more easily via the Internet. why in symmetrical cryptography (usual nowadays), the key to decoding and to encoding is the same. So Secret keys can become public for a number of if you know the key, you can read cards and create reasons (a stolen controller for example). them as well. This situation is therefore not without an element of risk. It is therefore important that keys are difficult to access in the SAM module. They must also be easy to change if hacked. But effective key management also means that keys are not stored in the memory on the controllers, but in proper vaults - SAM modules on the controllers. 8 9
6 Conclusion In order to guarantee the security of the people and objects located inside the building, access control systems must ensure that unauthorized individuals do not have access to a building. It is therefore extremely important to use end-to-end security to ensure that the access control system itself is secure and cannot be hacked. A number of measures are indispensable in that regard: Ensure effective key management Simple changing via software Always store keys on the secure side of Because an access control system is always used for buildings and never in the card readers the longer term, it is almost certain that new security themselves. technologies will be introduced during the service life of the system. Ensure that the card readers, Store keys in an electronic vault controllers and server can easily be updated to new (SAM module). software, in order to provide your system with the latest security technology. This will prevent you being Ensure that new keys can be forced to invest in new hardware prematurely. taken into use centrally. Nedap Security Management Nedap Security Management develops technological solutions to make your customers everyday activities easier. To do this, we develop solutions that are tailored to the customer s requirements instead of providing standard systems. This customer-oriented approach enabled us to develop AEOS - the first software-based platform for security management. And that is a process that is never complete; we simply keep on innovating, improving and developing our solutions further. There s simply no other way. The market is changing and the customer demands are changing along with it. That s why AEOS changes along with them. Always work with multiple keys on a card so that it is easy to change keys. Ensure that communications between all components are secure. Change all default passwords to individual passwords. Train employees to prevent social hacking. Always install updates and patches as soon as they are available. Some specific situations require specific security measures. In that case, you are better-off making an appointment with an expert. He will be able to work with you to draw up a risk profile and safety analysis. Based on this, he can give you advice about the security of access control systems for specific zones or for the entire system. Nedap houses experts on the subject of end-toend security. We d be happy to set up a meeting to help you find the best solution to secure your security system. Jeroen Harmsen Business Development T. +31 (0) E. jeroen.harmsen@nedap.com 10
7
Wireless Network Security
Wireless Network Security Bhavik Doshi Privacy and Security Winter 2008-09 Instructor: Prof. Warren R. Carithers Due on: February 5, 2009 Table of Contents Sr. No. Topic Page No. 1. Introduction 3 2. An
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationMulti-Factor Authentication
Making the Most of Multi-Factor Authentication Introduction The news stories are commonplace: Hackers steal or break passwords and gain access to a company s data, often causing huge financial losses to
More informationSecurity in Near Field Communication (NFC)
Security in Near Field Communication (NFC) Strengths and Weaknesses Ernst Haselsteiner and Klemens Breitfuß Philips Semiconductors Mikronweg 1, 8101 Gratkorn, Austria ernst.haselsteiner@philips.com klemens.breitfuss@philips.com
More informationRemote Access Securing Your Employees Out of the Office
Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction
More informationCounter Expertise Review on the TNO Security Analysis of the Dutch OV-Chipkaart. OV-Chipkaart Security Issues Tutorial for Non-Expert Readers
Counter Expertise Review on the TNO Security Analysis of the Dutch OV-Chipkaart OV-Chipkaart Security Issues Tutorial for Non-Expert Readers The current debate concerning the OV-Chipkaart security was
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationSecuring the Service Desk in the Cloud
TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,
More information86-10-15 The Self-Hack Audit Stephen James Payoff
86-10-15 The Self-Hack Audit Stephen James Payoff As organizations continue to link their internal networks to the Internet, system managers and administrators are becoming increasingly aware of the need
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationWorld Summit on Information Society (WSIS) Forum 2013. 16 May 2013
World Summit on Information Society (WSIS) Forum 2013 Toolkit for creating ICT-based services using mobile communications for e- government services 16 May 2013 Hani Eskandar ICT Applications coordinator
More informationDesigning a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology
Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology FREDRIK ANDERSSON Department of Computer Science and Engineering CHALMERS UNIVERSITY
More informationRecommended 802.11 Wireless Local Area Network Architecture
NATIONAL SECURITY AGENCY Ft. George G. Meade, MD I332-008R-2005 Dated: 23 September 2005 Network Hardware Analysis and Evaluation Division Systems and Network Attack Center Recommended 802.11 Wireless
More informationHow To Protect Your Data From Being Stolen
DATA SECURITY & PCI DSS COMPLIANCE PROTECTING CUSTOMER DATA WHAT IS PCI DSS? PAYMENT CARD INDUSTRY DATA SECURITY STANDARD A SET OF REQUIREMENTS FOR ANY ORGANIZATION OR MERCHANT THAT ACCEPTS, TRANSMITS
More informationRemote Access Security
Glen Doss Towson University Center for Applied Information Technology Remote Access Security I. Introduction Providing remote access to a network over the Internet has added an entirely new dimension to
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationPCI PA - DSS. Point ipos Implementation Guide. Version 1.01. VeriFone Vx820 using the Point ipos Payment Core
PCI PA - DSS Point ipos Implementation Guide VeriFone Vx820 using the Point ipos Payment Core Version 1.01 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page
More informationPUF Physical Unclonable Functions
Physical Unclonable Functions Protecting next-generation Smart Card ICs with SRAM-based s The use of Smart Card ICs has become more widespread, having expanded from historical banking and telecommunication
More informationHow TraitWare TM Can Secure and Simplify the Healthcare Industry
How TraitWare TM Can Secure and Simplify the Healthcare Industry January 2015 Secure and Simplify Your Digital Life. Overview of HIPPA Authentication Standards When Title II of the Health Insurance Portability
More informationEconomic and Social Council
UNITED NATIONS E Economic and Social Council Distr. GENERAL ECE/TRANS/WP.30/AC.2/2008/2 21 November 2007 Original: ENGLISH ECONOMIC COMMISSION FOR EUROPE Administrative Committee for the TIR Convention,
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationUsing Contactless Smart Cards for Secure Applications
Using Contactless Smart Cards for Secure Applications Classification: Public (Info Level 1) Document No.: LA-11-005d-en Edition: 2010 www.legic.com LEGIC Identsystems Ltd Binzackerstrasse 41, CH-8620 Wetzikon,
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationVIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong
VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY AUTHOR: Raúl Siles Founder and Security Analyst at Taddong Hello and welcome to Intypedia. Today we will talk about the exciting world of security
More informationSecure Data Exchange Solution
Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates
More informationTHE IMPORTANCE OF CRYPTOGRAPHY STANDARD IN WIRELESS LOCAL AREA NETWORKING
International Journal of Electronics and Communication Engineering & Technology (IJECET) Volume 6, Issue 9, Sep 2015, pp. 65-74, Article ID: IJECET_06_09_008 Available online at http://www.iaeme.com/ijecetissues.asp?jtype=ijecet&vtype=6&itype=9
More informationPCI PA - DSS. Point BKX Implementation Guide. Version 2.01. Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core
PCI PA - DSS Point BKX Implementation Guide Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core Version 2.01 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationChapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More informationGold Lock Desktop White Paper
Gold Lock Desktop White Paper TM EMAIL AND FILE ENCRYPTION SOFTWARE Effective Data Security in the 21st Century Evaluating the needs of appropriate data security and identifying the risks in the modern
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationSecuring Host Operations with a Dedicated Cryptographic IC - CryptoCompanion
Securing Host Operations with a Dedicated Cryptographic IC - CryptoCompanion By Kerry Maletsky, Business Unit Director Crypto Products Summary There is a growing need for strong hardware security devices
More informationThe following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.
The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. By completing this module and the quiz, you will receive credit for CW 170, which is required
More informationICANWK406A Install, configure and test network security
ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with
More informationSENSE Security overview 2014
SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2
More informationChapter 6: Fundamental Cloud Security
Chapter 6: Fundamental Cloud Security Nora Almezeini MIS Department, CBA, KSU From Cloud Computing by Thomas Erl, Zaigham Mahmood, and Ricardo Puttini(ISBN: 0133387526) Copyright 2013 Arcitura Education,
More informationTop Five Ways to Protect Your Network. A MainNerve Whitepaper
A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State
More informationIT Compliance Volume II
The Essentials Series IT Compliance Volume II sponsored by by Rebecca Herold Addressing Web-Based Access and Authentication Challenges by Rebecca Herold, CISSP, CISM, CISA, FLMI February 2007 Incidents
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationMitigating Server Breaches with Secure Computation. Yehuda Lindell Bar-Ilan University and Dyadic Security
Mitigating Server Breaches with Secure Computation Yehuda Lindell Bar-Ilan University and Dyadic Security The Problem Network and server breaches have become ubiquitous Financially-motivated and state-sponsored
More informationHow To Set Up A Net Integration Firewall
Net Integration Technologies, Inc. http://www.net itech.com Net Integrator Firewall Technical Overview Version 1.00 TABLE OF CONTENTS 1 Introduction...1 2 Firewall Architecture...2 2.1 The Life of a Packet...2
More information3M Cogent, Inc. White Paper. Beyond. Wiegand: Access Control. in the 21st Century. a 3M Company
3M Cogent, Inc. White Paper Beyond Wiegand: Access Control in the 21st Century a 3M Company Unprecedented security features & capabilities Why Wiegand? The Problem with Wiegand In 1970, John Wiegand invented
More informationPCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00
PCI PA - DSS Point XSA Implementation Guide Atos Worldline Banksys XENTA SA Version 1.00 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page number 2 (16)
More informationLongmai Mobile PKI Solution
Longmai Mobile PKI Solution A quick Solution to External and Internal fraud in Insurance Industry Putting the client at the center of modernization Contents 1. INTRODUCTION... 3 1.1 Challenges... 3 1.2
More informationChap. 1: Introduction
Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed
More informationTank Gauges and Security on the Internet
Tank Gauges and Security on the Internet by Jack Chadowitz CEO, Boston Base, Inc. This article discusses the security and risk aspects of using the Internet for communicating with a tank gauge. As the
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More informationA brief on Two-Factor Authentication
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
More informationInstallation and usage of SSL certificates: Your guide to getting it right
Installation and usage of SSL certificates: Your guide to getting it right So, you ve bought your SSL Certificate(s). Buying your certificate is only the first of many steps involved in securing your website.
More informationSecurity Architecture Whitepaper
Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer
More informationHow Reflection Software Facilitates PCI DSS Compliance
Reflection How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance In 2004, the major credit
More informationIT Security. Securing Your Business Investments
Securing Your Business Investments IT Security NCS GROUP OFFICES Australia Bahrain China Hong Kong SAR India Korea Malaysia Philippines Singapore Sri Lanka Securing Your Business Investments! Information
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationFirewalls for small business
By James Thomas DTEC 6823 Summer 2004 What is a firewall? Firewalls for small business A firewall is either hardware, software or a combination of both that is used to prevent, block or should I say try
More informationWireless Encryption Protection
Wireless Encryption Protection We re going to jump around a little here and go to something that I really find interesting, how do you secure yourself when you connect to a router. Now first and foremost
More informationSecuring your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10.
Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate A STEP-BY-STEP GUIDE to test, install and use a thawte Digital Certificate on your MS IIS Web
More informationHigh Security Online Backup. A Cyphertite White Paper February, 2013. Cloud-Based Backup Storage Threat Models
A Cyphertite White Paper February, 2013 Cloud-Based Backup Storage Threat Models PG. 1 Definition of Terms Secrets Passphrase: The secrets passphrase is the passphrase used to decrypt the 2 encrypted 256-bit
More informationGetting a Secure Intranet
61-04-69 Getting a Secure Intranet Stewart S. Miller The Internet and World Wide Web are storehouses of information for many new and legitimate purposes. Unfortunately, they also appeal to people who like
More informationEvaluate the Usability of Security Audits in Electronic Commerce
Evaluate the Usability of Security Audits in Electronic Commerce K.A.D.C.P Kahandawaarachchi, M.C Adipola, D.Y.S Mahagederawatte and P Hewamallikage 3 rd Year Information Systems Undergraduates Sri Lanka
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationSCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005
SCADA System Security ECE 478 Network Security Oregon State University March 7, 2005 David Goeke Hai Nguyen Abstract Modern public infrastructure systems
More information"ASM s INTERNATIONAL E-Journal on Ongoing Research in Management and IT"
To Study the Overall Cloud Computing Security Using Virtual Private Network. Aparna Gaurav Jaisingpure/Gulhane Email id: aparnagulhane@gmail.com Dr.D.Y.Patil Vidya Pratishthan s Dr. D.Y Patil College of
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationSecuring Data on Microsoft SQL Server 2012
Securing Data on Microsoft SQL Server 2012 Course 55096 The goal of this two-day instructor-led course is to provide students with the database and SQL server security knowledge and skills necessary to
More informationSecuring Remote Desktop for Windows XP
Securing Remote Desktop for Windows XP http://www.mobydisk.com/./techres/securing_remote_desktop.html Remote Desktop, Unsafely Many people use the Windows XP Professional remote desktop feature to gain
More informationSecuring Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper
Securing Patient Data in Today s Mobilized Healthcare Industry Securing Patient Data in Today s Mobilized Healthcare Industry 866-7-BE-GOOD good.com 2 Contents Executive Summary The Role of Smartphones
More informationPDF security - a brief history of development
PDF security - a brief history of development Background Adobe was the first organization that set out to try and provide security controls for PDF based documents, and had their own particular views as
More informationOCR LEVEL 3 CAMBRIDGE TECHNICAL
Cambridge TECHNICALS OCR LEVEL 3 CAMBRIDGE TECHNICAL CERTIFICATE/DIPLOMA IN IT NETWORKED SYSTEMS SECURITY J/601/7332 LEVEL 3 UNIT 28 GUIDED LEARNING HOURS: 60 UNIT CREDIT VALUE: 10 NETWORKED SYSTEMS SECURITY
More informationTop 10 Security Checklist for SOHO Wireless LANs
Expert Reference Series of White Papers Top 10 Security Checklist for SOHO Wireless LANs 1-800-COURSES www.globalknowledge.com Top 10 Security Checklist for SOHO Wireless LANs David Coleman, AirSpy Networks
More informationCyber Exploits: Improving Defenses Against Penetration Attempts
Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How
More informationSection 12 MUST BE COMPLETED BY: 4/22
Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege
More informationSY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
More informationVOIP THE ULTIMATE GUIDE VERSION 1.0. 9/23/2014 onevoiceinc.com
VOIP THE ULTIMATE GUIDE VERSION 1.0 9/23/2014 onevoiceinc.com WHAT S IN THIS GUIDE? WHAT IS VOIP REQUIREMENTS OF A VOIP SYSTEM IMPLEMENTING A VOIP SYSTEM METHODS OF VOIP BENEFITS OF VOIP PROBLEMS OF VOIP
More informationNetworking: EC Council Network Security Administrator NSA
coursemonster.com/uk Networking: EC Council Network Security Administrator NSA View training dates» Overview The EC-Council's NSA certification looks at network security from a defensive view. The NSA
More informationE- Encryption in Unix
UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department CS 537 A. Arpaci-Dusseau Intro to Operating Systems Spring 2000 Security Solutions and Encryption Questions answered in these notes: How does
More informationTNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is
1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the
More informationTHE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE
THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationIIABSC 2015 - Spring Conference
IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber
More informationFoundstone ERS remediation System
Expediting Incident Response with Foundstone ERS Foundstone Inc. August, 2003 Enterprise Risk Solutions Platform Supports Successful Response and Remediation Introduction The Foundstone Enterprise Risk
More informationHow To Encrypt Data With Encryption
USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationIntroduction to Cyber Security / Information Security
Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be
More informationThe next generation of knowledge and expertise Wireless Security Basics
The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com
More informationNCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.
NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities
More informationDefense in Cyber Space Beating Cyber Threats that Target Mesh Networks
Beating Cyber Threats that Target Mesh Networks Trent Nelson, Cyber Security Assessment Lead, Idaho National Laboratory Jeff Becker, Global Wireless Business Director, Honeywell Process Solutions Table
More informationNetwork and Host-based Vulnerability Assessment
Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More informationSNMP SECURITY A CLOSER LOOK JEFFERY E. HAMMONDS EAST CAROLINA UNIVERSITY ICTN 6865
SNMP SECURITY A CLOSER LOOK JEFFERY E. HAMMONDS EAST CAROLINA UNIVERSITY ICTN 6865 NOVEMBER 25, 2013 SNMP SECURITY 2 ABSTRACT As a Network Monitoring System Administrator I have gained a substantial amount
More information128-Bit Versus 256-Bit AES Encryption
Technology Paper 128-Bit Versus 256-Bit AES Encryption Authentication Module Encryption Engine Background There is some confusion around the market for full disk encryption (FDE) products. Seagate Technology
More informationInnovative Secure Boot System (SBS) with a smartcard.
Managed Security Services Desktop Security Services Secure Notebook Desktop Security Services. Secure Notebook. Today s business environment demands mobility, and the notebook computer has become an indispensable
More informationWhitepaper on AuthShield Two Factor Authentication with ERP Applications
Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password
More informationThe 4 forces that generate authentication revenue for the channel
The 4 forces that generate authentication revenue for the channel Web access and the increasing availability of high speed broadband has expanded the potential market and reach for many organisations and
More informationHow To Secure My Data
How To Secure My Data What to Protect??? DATA Data At Rest Data at Rest Examples Lost Infected Easily Used as Backup Lent to others Data Corruptions more common Stolen Left at airports, on trains etc Hard
More informationSecurity Implications Associated with Mass Notification Systems
Security Implications Associated with Mass Notification Systems Overview Cyber infrastructure: Includes electronic information and communications systems and services and the information contained in these
More information