6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...Jürgen Ambrosi
La piattaforma di virtualizzazione NSX sta già aiutando centinaia di clienti a sfruttare tutte le potenzialità di un Software-Defined Data Center. NSX sposta la rete nel software, creando livelli di flessibilità mai raggiunti prima d'ora. In altre parole, trasforma il modello operativo della rete deldata center così come la virtualizzazione del server ha fatto 10 anni fa. NSX inoltre integra la sicurezza con policy granulari e automatizzate legate alle macchine virtuali, funzionalità chiamata micro-segmentazione, che consente di ridurre in modo significativo la diffusione delle minacce. Rendendo la micro-segmentazione della rete possibile dal punto di vista operativo, NSX introduce un modello di sicurezza di livello superiore, impossibile da realizzare con tecniche tradizionali. Questa sessione da l’opportunità di approfondire il tema della virtualizzazione della rete possibile con VMware NSX, evidenziandone i benefici: riduzione dei tempi di provisioning, semplificazione del delivery dei servizi di rete, incremento della sicurezza con la micro-segmentazione.
Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...Rambus
In this presentation, we will be talking about protecting data in motion, examining what is the most appropriate protocol and what can Rambus do to protect your data when transferred from device to device.
Read also our primer: https://www.rambus.com/blogs/macsec/
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...Jürgen Ambrosi
La piattaforma di virtualizzazione NSX sta già aiutando centinaia di clienti a sfruttare tutte le potenzialità di un Software-Defined Data Center. NSX sposta la rete nel software, creando livelli di flessibilità mai raggiunti prima d'ora. In altre parole, trasforma il modello operativo della rete deldata center così come la virtualizzazione del server ha fatto 10 anni fa. NSX inoltre integra la sicurezza con policy granulari e automatizzate legate alle macchine virtuali, funzionalità chiamata micro-segmentazione, che consente di ridurre in modo significativo la diffusione delle minacce. Rendendo la micro-segmentazione della rete possibile dal punto di vista operativo, NSX introduce un modello di sicurezza di livello superiore, impossibile da realizzare con tecniche tradizionali. Questa sessione da l’opportunità di approfondire il tema della virtualizzazione della rete possibile con VMware NSX, evidenziandone i benefici: riduzione dei tempi di provisioning, semplificazione del delivery dei servizi di rete, incremento della sicurezza con la micro-segmentazione.
Protecting Data In Motion with MACsec - Gijs Willemse - Rambus Design Summit ...Rambus
In this presentation, we will be talking about protecting data in motion, examining what is the most appropriate protocol and what can Rambus do to protect your data when transferred from device to device.
Read also our primer: https://www.rambus.com/blogs/macsec/
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
Data centers move exabytes of data through their networks. This explosive growth in network traffic has put demands on data centers to adapt and add new technologies and standards to keep pace and make information easily accessible. Our personal information, company IP assets and sensitive data run across these networks that are constantly under persistent and malicious cyber attacks to look for vulnerabilities in their networks. IT security teams have to protect complex networks that are growing in size and complexity. They call for a new approach to gaining full – rather than partial – visibility into network behavior to stop downtime losses and data leaks.
By providing 1 to 1 NetFlow generation then collecting the data and analyzing the flow records is essential in time-to-resolution (TTR). To help you take full advantage of valuable NetFlow data for use in network security management, Emulex and Lancope have created a best-in-class network and security solution that allows you to quickly and continuously monitor the makeup of the traffic traversing your network.
In this webinar, we’ll explore why network security management is crucial in managing functionality and visibility of an organization’s network infrastructure and how Emulex helps address these deployment requirements. We'll also explore what matters most when network security is breached, and share some best practice insights gleaned from working with customers that run some of the largest and most critical data networks on the planet.
Network Virtualization is the natural evolution of network service delivery and packaging. Network Security provides an excellent example of this trend. With network virtualization, the application’s virtual Network is provisioned in lock step with virtual Computer.
Midokura Enterprise MidoNet is a commercial product combining the most stable, production-hardened version of MidoNet for Network Virtualization with MidoNet Manager, longer term support and enterprise class 24X7 service level agreement.
MidoNet is an open source, software-only, highly scalable and resilient, network virtualization system. With its distributed architecture it allows enterprises and service providers to build, run, and manage virtual networks at scale with increased control, security and flexibility.
Hwee Ming Ng, Red Hat, Abhilash Vijayakumary, Red Hat
Telco over Cloud is rapidly changing the telecommunications industry landscape by introducing cloud computing, virtualization paradigms and software approaches already in use and mature in traditional IT environments. While designing the cloud solutions for telco infrastructure understanding its information security risks and mitigation strategies are critical. Legacy approaches are inadequate, this session intends to help the operators to build and approach a telco cloud solution with the right cloud security knowledge.
In this session we intend to explain the principle technologies of telco cloud based systems and strategies for safeguarding/classifying data, ensuring privacy and ensuring compliance with regulatory agencies for telco operators. We will also describe the role of encryption in protecting data and specific strategies for key management as well as how to select an appropriate solution to specific business requirements which are in well alignment with cloud based business continuity / disaster recovery strategies. We will also compare baseline and industry standard best practices by doing risk assessments of existing and proposed cloud-based environments.
Additionally, presentation will focus on specific technologies like virtual firewalls, security zones, virtual tenant networks and their mapping to various use cases/challenges which an operator faces while designing the telco cloud.
Software Defined Networking - Huawei, June 2017Novosco
An overview of Huawei Cloud Campus Networks and Software Defined Networking. Presented at Novosco's Network and Infrastructure event, Dublin, June 2017.
An introductory slides for explaining the SDN and NFV technologies. what's the difference between them and when each one is used. Also it talk about some of Cisco products in each area either SDN or NFV or the Automation with some of real use cases deployed in today's service provider network.
Hope you like it
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
Data centers move exabytes of data through their networks. This explosive growth in network traffic has put demands on data centers to adapt and add new technologies and standards to keep pace and make information easily accessible. Our personal information, company IP assets and sensitive data run across these networks that are constantly under persistent and malicious cyber attacks to look for vulnerabilities in their networks. IT security teams have to protect complex networks that are growing in size and complexity. They call for a new approach to gaining full – rather than partial – visibility into network behavior to stop downtime losses and data leaks.
By providing 1 to 1 NetFlow generation then collecting the data and analyzing the flow records is essential in time-to-resolution (TTR). To help you take full advantage of valuable NetFlow data for use in network security management, Emulex and Lancope have created a best-in-class network and security solution that allows you to quickly and continuously monitor the makeup of the traffic traversing your network.
In this webinar, we’ll explore why network security management is crucial in managing functionality and visibility of an organization’s network infrastructure and how Emulex helps address these deployment requirements. We'll also explore what matters most when network security is breached, and share some best practice insights gleaned from working with customers that run some of the largest and most critical data networks on the planet.
Network Virtualization is the natural evolution of network service delivery and packaging. Network Security provides an excellent example of this trend. With network virtualization, the application’s virtual Network is provisioned in lock step with virtual Computer.
Midokura Enterprise MidoNet is a commercial product combining the most stable, production-hardened version of MidoNet for Network Virtualization with MidoNet Manager, longer term support and enterprise class 24X7 service level agreement.
MidoNet is an open source, software-only, highly scalable and resilient, network virtualization system. With its distributed architecture it allows enterprises and service providers to build, run, and manage virtual networks at scale with increased control, security and flexibility.
Hwee Ming Ng, Red Hat, Abhilash Vijayakumary, Red Hat
Telco over Cloud is rapidly changing the telecommunications industry landscape by introducing cloud computing, virtualization paradigms and software approaches already in use and mature in traditional IT environments. While designing the cloud solutions for telco infrastructure understanding its information security risks and mitigation strategies are critical. Legacy approaches are inadequate, this session intends to help the operators to build and approach a telco cloud solution with the right cloud security knowledge.
In this session we intend to explain the principle technologies of telco cloud based systems and strategies for safeguarding/classifying data, ensuring privacy and ensuring compliance with regulatory agencies for telco operators. We will also describe the role of encryption in protecting data and specific strategies for key management as well as how to select an appropriate solution to specific business requirements which are in well alignment with cloud based business continuity / disaster recovery strategies. We will also compare baseline and industry standard best practices by doing risk assessments of existing and proposed cloud-based environments.
Additionally, presentation will focus on specific technologies like virtual firewalls, security zones, virtual tenant networks and their mapping to various use cases/challenges which an operator faces while designing the telco cloud.
Software Defined Networking - Huawei, June 2017Novosco
An overview of Huawei Cloud Campus Networks and Software Defined Networking. Presented at Novosco's Network and Infrastructure event, Dublin, June 2017.
An introductory slides for explaining the SDN and NFV technologies. what's the difference between them and when each one is used. Also it talk about some of Cisco products in each area either SDN or NFV or the Automation with some of real use cases deployed in today's service provider network.
Hope you like it
La invitación - Pablo, un súper héroe, invita a sus amigas a salir, pero ellas no pueden.
Verbos - querer, poder, tener, tener que
Estudiantes aprenden a hacer invitaciones y a dar excusas.
(Students learn to invite people to go out, to accept and decline and to give excuses)
What's going on at Bethel in Rochester?
Kingdom Advance - this Friday
Prophetic Boot Camp 2 - May 15&16
Boots on the Ground Women's Conference - May 29&30
Register for Summer Day Camps
All CAREGivers are expected to complete Manual Handling Refresher Training annually. To facilitate this required training, Caregivers are asked to view this powerpoint and complete the refresher quiz.
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SAMeh Zaghloul
Sameh Zaghloul
Technology Manager @ IBM
+2 0100 6066012
zaghloul@eg.ibm.com
SDN: Technology that enables data center team to use software to efficiently control network resources
SDN Overview
SDN Standards
NFV – Network Function Virtualization
SDN Scenarios and Use Cases
SDN Sample Research Projects
SDN Technology Survey
SDN Case Study
SDN Online Courses
SDN Lab SW Tools
- OpenStack Framework
- OpenDayLighyt – SDN Controller
- FloodLight – SDN Controller
- Open vSwitch – Virtual Switch
- MiniNet – Virtual Network: OpenFlow Switches, SDN Controllers, and Servers/Hosts
- OMNet++ Network Simulator
- Avior – Sample FloodLight Java Application
- netem - Network Emulation
- NOX/POX - C++/ Python OpenFlow API for building network control applications
- Pyretic = Python + Frenetic - Enables network programmers and operators to write modular network applications by providing powerful abstractions
- Resonance - Event-Driven Control for Software-Defined Networks (written in Pyretic)
SDN Project
This presentation goes through several topics areas that are of specific interest in developing IoT Gateway solutions. IoT is a popular area of development that presents unique challenges like hardware and operating system selection, product life-cycle support and maintainability, software architectural solutions, connectivity, security, secure updates, and API availability. We discuss technologies and concepts like Hardware acceleration support, Linux kernel maintenance, Edge networking, LXC/Docker/KVM, Zigbee, 6loPAN, BLE, IoTivity, Allseen Alliance, SELinux and Trusted boot.
The aim of the presentation is to give an overview of the challenges in building an IoT Gateway and the Solutions available using Embedded Linux.
This presentation was delivered at LinuxCon Japan 2016 by Jim Gallagher
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storageMayaData Inc
Webinar Session - https://youtu.be/_5MfGMf8PG4
In this webinar, we share how the Container Attached Storage pattern makes performance tuning more tractable, by giving each workload its own storage system, thereby decreasing the variables needed to understand and tune performance.
We then introduce MayaStor, a breakthrough in the use of containers and Kubernetes as a data plane. MayaStor is the first containerized data engine available that delivers near the theoretical maximum performance of underlying systems. MayaStor performance scales with the underlying hardware and has been shown, for example, to deliver in excess of 10 million IOPS in a particular environment.
Edge Computing: A Unified Infrastructure for all the Different PiecesCloudify Community
Edge Computing along with 5G promises to revolutionize customer experience with immersive applications that we can only imagine at this point. The edge will include PNFs, VNFs, and mobile-edge applications; requiring containers, virtual machines and bare-metal compute. But while edge computing promises numerous new revenue streams, managing and orchestrating these edge infrastructure environments is not going to be a seamless, instant process. In this webinar, experts in NFV orchestration discuss the concerns you must address in the transition to the edge, and show how you can use available open source tools to create a single management environment for PNFs, VNFs, and mobile-edge applications.
Automated Deployment and Management of Edge CloudsJay Bryant
This presentation discusses the challenges of cloud computing at the edge. From the exploding number of nodes, the need for integrated monitoring and zero touch discovery. We introduce Lenovo Open Cloud Automation, an automated framework built in collaboration with Red Hat to help address these challenges.
Learn what makes SCADAguardian (the Nozomi Networks flagship technology) so unique and powerful. From enterprise IT, to OT, we enable scalable security strategies for ICS.
Build the network of the future on your terms todayDell World
Is your enterprise network capable of handling the demand of today's mobile enterprise? The network you put in place yesterday may be struggling to support applications like unified communications and video while maintaining high standards for security compliance. Learn how Dell is designing the campus network of the future and how you can take advantage of this next generation architecture with improved management and performance. We will discuss how you can make the transition to the network of the future—on your terms and at the pace you choose—with minimal disruption.
1. Deployment of a Secure Distributed SCADA (DSCADA) System
Using Data-diodes in a Self-contained Fiber-optic Network
Burlington Electric Department
Dorian Hernandez
Schneider Electric (Telvent)
Mark Atchley
Waterfall Security
Andrew Ginter
Made with LibreOffice and Ubuntu Linux
2. Overview
● How to share data from a high security net-
work (SCADA) to a lower security network
(business LAN).
● How to implement the best deployment
strategy to achieve the above.
● Problems encountered during deployment.
● Benefits and drawbacks.
Made with LibreOffice and Ubuntu Linux
3. Long-term goals
● To make implementation as permanent as pos-
sible.
● Improve bandwidth and redundancy depending
on traffic.
● Apply same methodology to other critical sys-
tems like PLCs, etc.
● Complete isolation while maintaining required
communications.
Made with LibreOffice and Ubuntu Linux
4. About BED
● Established in 1905 in
Burlington, Vermont.
● Approx. 20,000 customers.
● Largest municipally-owned
electric utility in Vermont.
● Power coming from sources
that include biomass, wind
and hydro.
● Smart Grid deployment.
● Smart Meter deployment.
Made with LibreOffice and Ubuntu Linux
5. Present Situation
● Current SCADA system uses firewalls for network
“segmentation”.
● Firewalls have their vulnerabilities.
● New SCADA system has to have best approach to
mitigate potential threats.
● Opportunity to build it from the ground up and be
integral part of the process.
● We want the best possible solution while not
breaking the bank.
Made with LibreOffice and Ubuntu Linux
7. Present Situation (cont.)
● Constant monitoring of intrusion logs.
● Correct setup of rules and other settings.
● CPU may not scale to traffic demands.
● Costs incurred due to licensing.
● Multiple units to achieve redundancy.
● Life cycle, end-of-life.
Using firewalls
Made with LibreOffice and Ubuntu Linux
8. Present Situation (cont.)
● “TCP Split Handshake”
● “ACL Bypass”
● “ASDM Administrative Command Injection”
● “Cross-Site Scripting (XSS)”
● If payload is delivered via sneaker-net, outbound traffic
may be incorrectly treated as valid.
Potential Firewall Vulnerabilities
Made with LibreOffice and Ubuntu Linux
9. 1) Phishing / drive-by-download – victim pulls your attack through firewall
2) Social engineering – steal a password / keystroke logger / shoulder surf
3) Compromise domain controller – create ICS host or firewall account / passwd
4) Attack exposed servers – SQL injection / DOS / b-overflow / default password
5) Attack exposed clients – compromise web servers / file servers / b-overflows
6) Session hijacking – man-in-the-middle / steal HTTP cookies / cmd-injection
7) Piggy-back on VPN – split tunneling / malware propagation
8) Firewall vulnerabilities – bugs / zero-days / default passwords / design vulns
9) Errors and omissions – bad firewall rules/configs / IT reaches through fwalls
10) Forge an IP address – most rules are IP-based / ARPSpoof to block real IP
11) Bypass network perimeter – rogue wireless / dial-up / complex topologies
12) Physical access to firewall – reset to factory defaults / local admin / wiring
13) Sneakernet – removable media / plug untrusted laptops into trusted network
13 Ways Through a Firewall
Present Situation (cont.)
Made with LibreOffice and Ubuntu Linux
10. Development up to present
● Starting from scratch with the latest Telvent Oasys
DNA SCADA solution.
● Applying the “Onion” model for security.
● Applying the “Pretender” model for data sharing.
● Deploying Telvent's Oasys DNA DSS
SCADA model solution.
● Deploying Waterfall For ICCP Uni-Directional Gateway.
Made with LibreOffice and Ubuntu Linux
11. Development up to present
● The “Onion” model approach.
● What's your high-
est priority in your
SCADA network?
● Don't be afraid to
be paranoid.
● Don't be afraid to
be a “control
freak”.
● T.N.O: “Trust No
One”.
Made with LibreOffice and Ubuntu Linux
12. Development to present (cont.)
Possible Solution Model
● Obfuscation of SCADA NETWORK by means of segmenting
networks via Uni-Directional Gateway AND “Pretender” systems.
Made with LibreOffice and Ubuntu Linux
13. Development to present (cont.)
● “Real” SCADA system is not exposed to external
networks.
● “Pretender” system handles all request from systems
needing data from it.
● “Pretender” system can be part of Honey-Pot system,
along with IDS/IPS systems to monitor for intrusion
attempts that get past BIZ-facing firewalls.
● DSS system should be easier to rebuild than “Real”
SCADA system.
Made with LibreOffice and Ubuntu Linux
15. Pros and Cons
● Secure network cannot be penetrated by less secure network.
● Data to be shared is passed to DSS system where it is an exact
replica of “Real” SCADA system.
● Isolation of possible intrusion to DSS zone.
● Controls cannot be modified at “Real' SCADA system.
● DSS can help in scanning for possible intrusion attempts.
● DSS easier to rebuild than “Real” SCADA system.
● Burden taken off “Real” SCADA system DB for queries, etc.
● Discrete architecture to compartmentalize connections.
● Almost “set-it-and-forget-it” design – peace of mind.
Pros:
Made with LibreOffice and Ubuntu Linux
16. Pros and Cons
● User needs to understand ICCP point assignment and al-
ways adhere to the rules.
● No “auto-magic” way to set up data sets: some manual la-
bor is required but this forces admin to really understand
setup.
● Double-the-work, double-the-fun. Need to set up ICCP on
both SECURE and DSS networks – not big deal.
● More devices to setup, maintain, and assure their up-time.
● Longer deployment time, but this could also result in better
understanding of system.
Cons:
Made with LibreOffice and Ubuntu Linux
17. Improvements
● Create a two-site configuration of the
Telvent Oasys DSS system for better re-
dundancy.
● Upgrade to Waterfall for ICCP High Avail-
ability solution for better redundancy.
● Upgrade BIZ-facing and DSS-facing fire-
walls to High-Availability systems.
Made with LibreOffice and Ubuntu Linux
18. Improvements
● Create a two-site configuration
of the Telvent Oasys DSS sys-
tem for better redundancy.
Made with LibreOffice and Ubuntu Linux
19. Improvements
● Upgrade to Waterfall for ICCP High Availability so-
lution for better redundancy.Upgrade to Waterfall
for ICCP High Availability solution for better redun-
dancy.
Made with LibreOffice and Ubuntu Linux
21. Conclusion
● Because of the stringent cyber-security
requirements by the DOE, NERC, and other
entities, the Uni-Directional Gateway Data
Diode was the best solution to mitigate potential
threats and comply with existing and future
regulations (NERC CIP V5, etc.) and protect
SCADA systems against obsolescence and its
side effects.
Made with LibreOffice and Ubuntu Linux
