SlideShare a Scribd company logo

Exhibitor sessions: Khipu and Aruba, HPE

Download as PPTX, PDF
Jisc
Jisc

Chair: Ewan Quibell, management systems and service leader, Jisc. 09:15-09:55 - Experiences with vulnerability management as part of a overall security architecture Speaker: Dirk Schrader, CISSP/CISM at Greenbone Networks, Khipu. Integrating vulnerability management into your security architecture, into your workflows. What are some of the best practices for this? What are the advantages, what are possible caveats? 09:55-10:35 - On the airwaves – trends in Wi-Fi and wireless Speaker: Peter Thornycroft, Aruba, HPE. This talk will give a brief overview of forthcoming developments in Wi-Fi networking, including the next Wi-Fi PHY: 802.11ax, some applications of machine learning and the implications for WLAN architectures.

1 of 58
Exhibitor session 2b Chair: Ewan Quibell
Please switch your mobile phones to silent 19:30 No fire alarms scheduled. In the event of an alarm, please follow directions of NCC staff Dinner (now full) Entrance via Goldsmith Street 16:30 - 17:30 Birds of a feather sessions 15:20 - 16:00 Lightning talks
Khipu
Vulnerability Management in your Security Architecture Dirk Schrader
Content & About » Experiences with vulnerability management as part of an overall security architecture » Integrating vulnerability management into your security architecture, into your workflows. » What are some of the best practices for this?What are the advantages, what are possible caveats? » Dirk Schrader CISSP, CISM » Khipu and Greenbone provide the technology behind the JiscVulnerability assessment and information service www.jisc.ac.uk/vulnerability-assessment-and-information-service www.khipu-networks.com www.greenbone.net
Vulnerability Management is required » the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services » a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing ISO 27001 control A.12.6.1 asks for the timely identification of vulnerabilities, the assessment of organization’s exposure to a vulnerability. ISO 27002 lists actions like » Make an asset inventory » Deal with vulnerabilities through defined procedures
Vulnerability Management Process prepare identify classify prioritize assign mitigate & remediate store & repeat improve
Vulnerability Management Process prepare identify classify prioritize assign mitigate & remediate store & repeat improve
VM in a Security Architecture prepare identify classify prioritize assign mitigate & remediate store & repeat improve
‚prepare‘ <-> Policies prepare identify classify prioritize assign mitigate & remediate store & repeat improve » Install policies, standards that enforceVulnerability Management » Make sure that responsibilities & actions are defined › asset owner › service owner › system owner, › ownership ≠ responsibility….? » Define secure configurations, whitelist systems and applications » Map to security controls, relate controls to responsibilities » Start simple, enhance stepwise
‚identify, classify, prioritize‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve » Import and/or discover assets » Scan assets, scan them authenticated » use CVSS, CVE, CPE » enhance with add. SecInfo » tag with Asset Criticality info » use Score, Quality of Detection, and available SolutionType » use Asset Information » Attack status confirms
‚identify, classify, prioritize‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve NAC (simplified)
‚identify, classify, prioritize‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve CMDB
‚identify, classify, prioritize‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve Threat Intel / SIEM
‚assign, mitigate & remediate‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve » use Reports, Alerts » based on Knowlegde, Experience, and Role » track and trace assignment » patch and/or upgrade » block and/or isolate » work around » override is also a temporary option
‚assign, mitigate & remediate‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve Ticket System
‚assign, mitigate & remediate‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve Update / Patch Management
‚store & repeat‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve » predict and trend assets » handle changes in infrastructure » time-stamped data supports Forensics » average of 40 high severity flaws published per week › 2017: 1,007 high severity flaws so far in 15 weeks
‚store & repeat‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve Forensics
‚store & repeat‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve half-life of facts
‚improve‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve » Eases implementation of Updates and Changes to Policies, Guidelines, Compliance » Meaningful KPIs for the IT Security documented
‚improve‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve
12/04/2017 Thank you! Any questions?
jisc.ac.uk contact Dirk Schrader Greenbone Networks GmbH Dirk.Schrader@greenbone.net
Thank you
Aruba, HPE
ON THE AIRWAVES – TRENDS IN WI-FI AND WIRELESS Peter Thornycroft April 2017
28 Agenda • 802.11ax high efficiency WLANs • Machine Learning applied to WLANs • Evolving architecture for the enterprise WLAN
802.11AX HIGH EFFICIENCY WLANS
30 802.11ax: Issues Facing Wi-Fi Networks • Many short data frames, many users • Overlapping BSS’s in dense deployments block each other from transmitting • Improving performance in outdoor hotspots 1 2 4 3 4 2 1 2 1 3 4 1 3 4 1 2 1 1 3 >80% of frames under 256B
31 802.11ax: Goals • Enhance operation in 2.4 & 5 GHz bands (11ac was only 5 GHz) • Increase average throughput per station by at least 4x in dense deployments • Improvements both indoor and outdoor • Scenarios include wireless corporate office, outdoor hotspot, dense residential apartments and stadiums • Maintain or improve power efficiency of the stations
32 802.11ax: Timeline (guess products late 2018 / early 2019) 0 mo IEEE 802.11ax TG kick off May ‘14 D0.1 Jan ‘16 D1.0 Dec ‘16 D2.0 May ‘17 Predicted Final Approval Dec ‘18 Predicted WFA AX MTG kick off Apr ‘16 Cert Launch Dec ‘18 Predicted IEEE 802.11ac Sponsor Ballot Mar ‘18 Predicted TG kick off Nov ‘08 D1.0 Jun ‘11 12 mo 24 mo 36 mo D0.1 Jan ‘11 D2.0 Feb ‘12 48 mo D3.0 Jun ‘12 Sponsor Ballot May ‘13 60 mo Final Approval Oct ‘13 Publish Dec ‘13 0 mo 12 mo 24 mo WFA AC MTG kick off Jun ‘10 TTG kick off Aug ‘11 36 mo Plugfest #1 Aug ‘12 PF #5 Jan ‘13 Launch Jun ‘13 2016 2017 20182015 2016 2017 2018 SIG kick off Aug ‘09 2014 SIG kick off Feb ‘14 2019 2019
33 802.11ax: features Outdoor / Longer rangePower Saving High DensitySpectral Efficiency & Area Throughput 8x8 AP 1024 QAM 25% increase in data rate OFDMA Enhanced delay spread protection- long guard interval Scheduled sleep and wake times 20 MHz-only clients Spatial Reuse DL/UL MU-MIMO w/ 8 clients L-STF L-LTF L-SIG RL-SIG HE-SIG-A HE-STF HE-LTF HE-LTF Data... 8µs 8µs 4µs 4µs 16µs 4µs VariabledurationsperHE-LTFsymbol PE 0.8us 11ac 1.6us 11ax Extended range packet structure 3.2us 11ax B e a c o n T F Next TWT B e a c o n T F T F T F TWT element: Implicit TWT, Next TWT, TWT Wake Interval TWT Wake Interval DL/UL MU DL/UL MU DL/UL MU DL/UL MU 80 MHz Capable 20 MHz-only 2x increase in throughput ac ax Up to 20% increase in data rate Long OFDM Symbol
34 802.11ax: OFDMA
35 802.11ax: MU-MIMO, UL MU transmissions • New Trigger control frame • UL MU transmission may be OFDMA or MU- MIMO • Trigger frame can be used as a Beamforming Report Poll, MU-BAR, MU- RTS, Buffer Status Report Poll, Bandwidth Query Report Poll… Trigger frame UL MU PPDU AP STA1 Acknowledge frame UL MU PPDUSTA2 UL MU PPDUSTA3 UL MU PPDUSTA4 Frequency/ Spatialdomain
36 802.11ax: BSS colouring • To increase capacity in dense environment, we need to increase frequency reuse between BSS’s • BSS Colouring was a mechanism introduced in 802.11ah to assign a different “colour” per BSS, which will be extended to 11ax • New channel access behavior will be assigned based on the colour detected Increased Frequency Reuse (w/ 80 MHz channels) - All same-channel BSS blocking 1 2 4 3 4 2 1 2 1 3 4 1 3 4 1 2 1 1 3 Low Frequency Reuse (w/ 20 MHz channels) 18 19 17 6 7 5 1 2 10 3 11 12 15 4 14 13 16 8 9 Same-channel BSS only blocked on Colour Match 1 2 4 3 2 1 2 1 3 4 3 4 1 2 1 1 2 3 2 3 4 3 4 4 1 3 2 4 4 1 2 3 4 1 3 2 4 1 2 3
37 802.11ax: outdoor and longer-range features • One of the goals of 802.11ax is improved performance outdoors - Longer delay spreads than the 11a/n/ac guard interval of 0.8 usec. 802.11ax modifies the guard intervals options to 0.8, 1.6, and 3.2 usec - Possible multipath bounces off high speed vehicles. A Doppler bit indicates Doppler mode of transmission • To expand the coverage and robustness of an outdoor hotspot - New extended range packet format with more robust preamble - Dual Carrier Modulation (DCM) – replicate the same information on different subcarriers for diversity gain and narrow band interference protection, ~3.5 dB gain - Narrower transmission bandwidth for Data field – 106 tones (~8 MHz) can be used to reduce noise bandwidth L-STF L-LTF L-SIG RL-SIG HE-SIG-A HE-STF HE-LTF HE-LTF Data... 8µs 8µs 4µs 4µs 16µs 4µs Variable durations per HE-LTF symbol PE HE extended range SU PPDU format
38 802.11ax: new PHY data rates 11ax 11ac Data rate (Mbps) Mode gain Data rate (Mbps) Mode Min 0.375 1SS, MCS0, DCM, 26- tone 6.5 1SS, MCS0, 20 MHz Max, 20 MHz 143.4*NSS 1024‐QAM, r=5/6, 13.6 usec symbol 65% 86.7*NSS 256-QAM, r=3/4 (256-QAM, r=5/6 only valid for NSS=3,6), 3.6 usec symbol Max, 40 MHz 286.8*NSS 1024‐QAM, r=5/6, 13.6 usec symbol 43% 200*NSS 256-QAM, r=5/6, 3.6 usec symbol Max, 80 MHz 600.4*NSS 1024‐QAM, r=5/6, 13.6 usec symbol 39% 433.3*NSS 256-QAM, r=5/6, 3.6 usec symbol Max, 160 MHz 600.4*2*NSS 1024‐QAM, r=5/6, 13.6 usec symbol 39% 433.3*2*NSS 256-QAM, r=5/6, 3.6 usec symbol NSS = 1…8 for both 11ac and 11ax
39 802.11ax: Target Wake Time for power save • Target Wake Time (TWT) is a power saving mechanism in 802.11ah which allows the STA to sleep for periods of time, and wake up at pre- scheduled times to exchange information with its AP doc.: IEEE 802.11-12/0823r0 Submission Power Consumption Profiles July 2012 Matthew Fischer, et al. • Baseline PS-POLL Slide 14 Beacon Wake LMSM RM LM/RM TM RM UL BA LM/RM BADL TMRM SM SleepAccess delay Lookup + Access delay Beacon LMSM RM ?M TM RM UL BA BADL TMRM SM Slot delay Wake Sleep LMSM TM RM UL BA BADL TMRM SM Wake Sleep • Beacon-based access • TWT-based access SM: Sleep Mode LM: Listen Mode RM: Receive Mode TM: Transmit Mode
40 802.11ax: 20 MHz-only clients • Provide support for low power, low complexity devices (IOT): wearable devices, sensors and automation, medical equipment, etc.
ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING IN ENTERPRISE NETWORKS
42 Artificial Intelligence and Machine Learning • Drawing inferences from large amounts of data − First obtain a large amount of training data (labelled for supervised learning) − Then train the ML model to get the ‘right’ result from the training data − Now let the model loose on new data • Can be applied to different problems − Network Management − Misbehaving devices or users − Device discovery & classification (e.g. IoT) • Can close the loop with suggested changes or automated actions
43 Architecture for Machine Learning On-premise data collector Network data sources • Span ports • Firewalls • WLAN • Network Management • Authentication • DHCP • … send to cloud Identify anomalies Cluster anomalies Root cause & fixes alerts actions
44 Network management: Benefits Better network operations Real-time insights with root cause analysis and remedy recommendation – “A large fraction of Lync calls fail in building A, because of non-WiFi interference” – “On July 7th, 38 users in building B suffered slow Wi-Fi speed due to suboptimal channel allocation” – “45 users failed to connect to Wi-Fi, because of Radius server overload” Better network planning Macro insights with long-term recommendations – “Compared to similar buildings, users in building A achieve 20% lower data rate” – “In building B, peak hour traffic grows by 2.3% month-to-month. This will become a network bottleneck in 14 months”
45 Network Management: Environment type detection User density Connection life time Cluster 1 • low user density • high connection life time • Example: Office space Cluster 2 • high user density • high connection life time • Example: Lecture hall Cluster 3 • high user density • low connection life time • Example: Cafeteria area Automatic granularity: subdivide buildings based on Wi-Fi characteristics − Example: library entrance area vs. library archive stacks
46 Network management: Data-driven anomaly detection • Detect anomalous values of network metrics, while accounting for the circumstances − AP experiences high air utilization (uplink + downlink + ambient), given time of day and band − Client station has uplink/downlink rate imbalance, given its device type and band − Client station is using low downlink rate, given its RSSI, band and device type − No manual thresholds are needed, separate models for each environment type mantain low false alarm rate
47 Network management: Clustering of issues d1 d2 Cluster 1 • device type: iPhones • ssid: UW • issues: roam-802.11-assoc Cluster 3 • device type: iPad • sta_mac: a888088f4b0c • ssid: CSE-Local • location: CSE basement • bssid: 04bd88337850 • ch: 40 • controller: 113 • issues: roam-802.11-assoc dn Cluster 2 • device type: iPhone & Android • ssid: UW • controller: 8901 • location: KNE.5
48 Security: Automated detection of insider-threats Compromised Users & Hosts Negligent Employees Malicious Insiders ATTACKS AND RISKY BEHAVIORS on the inside
49 Security: behavioural analytics approach Behavioral Analytics UNSUPERVISED + SEMI- SUPERVISED HISTORICAL + PEER GROUP MACHINE LEARNING BASELINES Internal Resource Access Finance servers Authentication AD logins Remote Access VPN logins External Activity C&C, personal email SaaS Activity Office 365, Box Cloud IaaS AWS, Azure Physical Access badge logs Exfiltration DLP, Email
50 Security: finding the malicious in the anomalous Behavioral Analytics SUPERVISED MACHINE LEARNING DLP Sandbox Firewalls STIX Rules Etc. THIRD PARTY ALERTS
51 IoT: Security Starts with Identifying Devices Seeing totals and mix of devices helps understand risk. CCTV cameras from XiongMai Technologies can be an issue. Visibility needed to make accurate planning decisions - bandwidth usage, firewall rules, etc. 1 2 3 Having Information useful during internal and external audits.
52 IoT: Comprehensive Profiler Methods • DHCP Fingerprinting (support for IP-Helper and use of SPAN/RSPAN mirroring) • SNMP/Network Discovery (MIB reads to identify static IP addressed devices) • WMI (useful for Windows) • SSH (useful for Linux) • CDP, LLDP (useful in Cisco networks) • HTTP User-Agent (useful for Apple) • MAC OUI (useful for Android) • ARP Reads, Subnet Scans • Active Sync Plugin • Nmap Port scans • TCP
EVOLUTION OF THE EDGE – ENTERPRISE NETWORK ARCHITECTURE
54 Network architecture • Only at the edge can the network sense • Device radio characteristics • Device authentication status • Unassociated devices • All intrusion attempts Radio information - Signal level - SNR radio 802.11 mgmt 802.11 management - Associated - Data rate - Frame error rate - MAC - Sleeping Auth - Status - Identity - Role - Blacklist L2 - ARP - VLAN - mDNS IP - DHCP - IP address Multicast - IGMP - MC Neighbors L4-7 - Sessions & protocols - Destinations, ports - Rates - QoS Mobility awareness - Origin & location - Roaming history - AP load - Neighbor APs L2 traffic & services L3 traffic & services 802.11 connected device
55 Network architecture Traffic forwarding Policy layer • Abstract the network model to a policy layer • Policy layer interfaces to external APIs • External APIs export sensing information, accept reconfiguration Apps services
56 Network architecture • The network hollows out • The edge is used for sensing and reporting • Policy definitions allow the network to dynamically reconfigure in response to traffic & external events • APIs allow the network to dynamically reconfigure in response to external requirements • Big Data is accumulated locally or in the cloud • Machine Learning is applied to many networking problems
THANK YOU
Thank you

Recommended

Exhibitor session: Efficient IP
Exhibitor session: Efficient IPExhibitor session: Efficient IP
Exhibitor session: Efficient IP
Jisc
 
Parallel session: IPv6
Parallel session: IPv6Parallel session: IPv6
Parallel session: IPv6
Jisc
 
Strengthen DNS Through Infrastructure Design
Strengthen DNS Through Infrastructure DesignStrengthen DNS Through Infrastructure Design
Strengthen DNS Through Infrastructure Design
APNIC
 
DNSSEC Measurement APTLD 71
DNSSEC Measurement APTLD 71DNSSEC Measurement APTLD 71
DNSSEC Measurement APTLD 71
Siena Perry
 
Prevention first platform for cyber defence the alternative strategy khipu ...
Prevention first platform for cyber defence the alternative strategy khipu ...Prevention first platform for cyber defence the alternative strategy khipu ...
Prevention first platform for cyber defence the alternative strategy khipu ...
Jisc
 
Tech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentationTech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentation
Jisc
 
IPv6 menti results - Tech 2 Tech
IPv6 menti results - Tech 2 Tech IPv6 menti results - Tech 2 Tech
IPv6 menti results - Tech 2 Tech
Jisc
 
IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44
Jisc
 

Recommended

Exhibitor session: Efficient IP
Exhibitor session: Efficient IPExhibitor session: Efficient IP
Exhibitor session: Efficient IP
Jisc
 
Parallel session: IPv6
Parallel session: IPv6Parallel session: IPv6
Parallel session: IPv6
Jisc
 
Strengthen DNS Through Infrastructure Design
Strengthen DNS Through Infrastructure DesignStrengthen DNS Through Infrastructure Design
Strengthen DNS Through Infrastructure Design
APNIC
 
DNSSEC Measurement APTLD 71
DNSSEC Measurement APTLD 71DNSSEC Measurement APTLD 71
DNSSEC Measurement APTLD 71
Siena Perry
 
Prevention first platform for cyber defence the alternative strategy khipu ...
Prevention first platform for cyber defence the alternative strategy khipu ...Prevention first platform for cyber defence the alternative strategy khipu ...
Prevention first platform for cyber defence the alternative strategy khipu ...
Jisc
 
Tech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentationTech 2 Tech IPv6 presentation
Tech 2 Tech IPv6 presentation
Jisc
 
IPv6 menti results - Tech 2 Tech
IPv6 menti results - Tech 2 Tech IPv6 menti results - Tech 2 Tech
IPv6 menti results - Tech 2 Tech
Jisc
 
IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44IPv6 experience from a large enterprise - Networkshop44
IPv6 experience from a large enterprise - Networkshop44
Jisc
 
Edupert best practices in supporting end users - Networkshop44
Edupert best practices in supporting end users - Networkshop44Edupert best practices in supporting end users - Networkshop44
Edupert best practices in supporting end users - Networkshop44
Jisc
 
Performance Assurance for Cloud Applications
Performance Assurance for Cloud ApplicationsPerformance Assurance for Cloud Applications
Performance Assurance for Cloud Applications
Daniel Sproats
 
Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24
APNIC
 
Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73
APNIC
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
APNIC
 
DDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network OperatorsDDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network Operators
APNIC
 
WINS: Peering and IXPs
WINS: Peering and IXPsWINS: Peering and IXPs
WINS: Peering and IXPs
APNIC
 
ONF & iSDX Webinar
ONF & iSDX WebinarONF & iSDX Webinar
ONF & iSDX Webinar
Katie Hyman
 
110G networking within JASMIN
110G networking within JASMIN110G networking within JASMIN
110G networking within JASMIN
Jisc
 
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
SWITCHPOINT NV/SA
 
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaIdentifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
MyNOG
 
How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks
ADVA
 
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE AtlasRIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
APNIC
 
Customer distributed denial of service (DDoS) experiences - Networkshop44
Customer distributed denial of service (DDoS) experiences - Networkshop44Customer distributed denial of service (DDoS) experiences - Networkshop44
Customer distributed denial of service (DDoS) experiences - Networkshop44
Jisc
 
Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...
APNIC
 
Apnic Update - SANOG 30
Apnic Update - SANOG 30Apnic Update - SANOG 30
Apnic Update - SANOG 30
APNIC
 
APNIC Member Services
APNIC Member ServicesAPNIC Member Services
APNIC Member Services
APNIC
 
npNOG 2: APNIC activity report
npNOG 2: APNIC activity reportnpNOG 2: APNIC activity report
npNOG 2: APNIC activity report
APNIC
 
DDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service ProvidersDDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service Providers
Corero Network Security
 
Ciena - the journey to the adaptive network
Ciena - the journey to the adaptive networkCiena - the journey to the adaptive network
Ciena - the journey to the adaptive network
Jisc
 
Identi fi 3865-series-outdoor-access-point-ds
Identi fi 3865-series-outdoor-access-point-dsIdenti fi 3865-series-outdoor-access-point-ds
Identi fi 3865-series-outdoor-access-point-ds
N-TEK Distribution
 
Cisco Unified Wireless Network and Converged access – Design session
Cisco Unified Wireless Network and Converged access – Design sessionCisco Unified Wireless Network and Converged access – Design session
Cisco Unified Wireless Network and Converged access – Design session
Cisco Russia
 

More Related Content

What's hot

Edupert best practices in supporting end users - Networkshop44
Edupert best practices in supporting end users - Networkshop44Edupert best practices in supporting end users - Networkshop44
Edupert best practices in supporting end users - Networkshop44
Jisc
 
Performance Assurance for Cloud Applications
Performance Assurance for Cloud ApplicationsPerformance Assurance for Cloud Applications
Performance Assurance for Cloud Applications
Daniel Sproats
 
Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24
APNIC
 
Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73
APNIC
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
APNIC
 
DDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network OperatorsDDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network Operators
APNIC
 
WINS: Peering and IXPs
WINS: Peering and IXPsWINS: Peering and IXPs
WINS: Peering and IXPs
APNIC
 
ONF & iSDX Webinar
ONF & iSDX WebinarONF & iSDX Webinar
ONF & iSDX Webinar
Katie Hyman
 
110G networking within JASMIN
110G networking within JASMIN110G networking within JASMIN
110G networking within JASMIN
Jisc
 
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
SWITCHPOINT NV/SA
 
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaIdentifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
MyNOG
 
How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks
ADVA
 
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE AtlasRIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
APNIC
 
Customer distributed denial of service (DDoS) experiences - Networkshop44
Customer distributed denial of service (DDoS) experiences - Networkshop44Customer distributed denial of service (DDoS) experiences - Networkshop44
Customer distributed denial of service (DDoS) experiences - Networkshop44
Jisc
 
Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...
APNIC
 
Apnic Update - SANOG 30
Apnic Update - SANOG 30Apnic Update - SANOG 30
Apnic Update - SANOG 30
APNIC
 
APNIC Member Services
APNIC Member ServicesAPNIC Member Services
APNIC Member Services
APNIC
 
npNOG 2: APNIC activity report
npNOG 2: APNIC activity reportnpNOG 2: APNIC activity report
npNOG 2: APNIC activity report
APNIC
 
DDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service ProvidersDDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service Providers
Corero Network Security
 
Ciena - the journey to the adaptive network
Ciena - the journey to the adaptive networkCiena - the journey to the adaptive network
Ciena - the journey to the adaptive network
Jisc
 

What's hot (20)

Edupert best practices in supporting end users - Networkshop44
Edupert best practices in supporting end users - Networkshop44Edupert best practices in supporting end users - Networkshop44
Edupert best practices in supporting end users - Networkshop44
 
Performance Assurance for Cloud Applications
Performance Assurance for Cloud ApplicationsPerformance Assurance for Cloud Applications
Performance Assurance for Cloud Applications
 
Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24Internet Resource Management Tutorial at SANOG 24
Internet Resource Management Tutorial at SANOG 24
 
Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73Measuring IPv6 Performance, RIPE73
Measuring IPv6 Performance, RIPE73
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
 
DDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network OperatorsDDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network Operators
 
WINS: Peering and IXPs
WINS: Peering and IXPsWINS: Peering and IXPs
WINS: Peering and IXPs
 
ONF & iSDX Webinar
ONF & iSDX WebinarONF & iSDX Webinar
ONF & iSDX Webinar
 
110G networking within JASMIN
110G networking within JASMIN110G networking within JASMIN
110G networking within JASMIN
 
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
 
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika WijayatungaIdentifier Systems Security, Stability and Resiliency by Champika Wijayatunga
Identifier Systems Security, Stability and Resiliency by Champika Wijayatunga
 
How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks
 
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE AtlasRIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
RIPE NCC Measurements Tools Workshop: RIPEstat and RIPE Atlas
 
Customer distributed denial of service (DDoS) experiences - Networkshop44
Customer distributed denial of service (DDoS) experiences - Networkshop44Customer distributed denial of service (DDoS) experiences - Networkshop44
Customer distributed denial of service (DDoS) experiences - Networkshop44
 
Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...Abitcool - A vast array of small-scale service providers with gigabit access,...
Abitcool - A vast array of small-scale service providers with gigabit access,...
 
Apnic Update - SANOG 30
Apnic Update - SANOG 30Apnic Update - SANOG 30
Apnic Update - SANOG 30
 
APNIC Member Services
APNIC Member ServicesAPNIC Member Services
APNIC Member Services
 
npNOG 2: APNIC activity report
npNOG 2: APNIC activity reportnpNOG 2: APNIC activity report
npNOG 2: APNIC activity report
 
DDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service ProvidersDDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service Providers
 
Ciena - the journey to the adaptive network
Ciena - the journey to the adaptive networkCiena - the journey to the adaptive network
Ciena - the journey to the adaptive network
 

Similar to Exhibitor sessions: Khipu and Aruba, HPE

Identi fi 3865-series-outdoor-access-point-ds
Identi fi 3865-series-outdoor-access-point-dsIdenti fi 3865-series-outdoor-access-point-ds
Identi fi 3865-series-outdoor-access-point-ds
N-TEK Distribution
 
Cisco Unified Wireless Network and Converged access – Design session
Cisco Unified Wireless Network and Converged access – Design sessionCisco Unified Wireless Network and Converged access – Design session
Cisco Unified Wireless Network and Converged access – Design session
Cisco Russia
 
Ap3705i ds
Ap3705i dsAp3705i ds
Ap3705i ds
N-TEK Distribution
 
TULIPP overview
TULIPP overviewTULIPP overview
TULIPP overview
Tulipp. Eu
 
A Transcat.com Webinar Presented by Aglient Technolgoes: Scope Technology Imp...
A Transcat.com Webinar Presented by Aglient Technolgoes: Scope Technology Imp...A Transcat.com Webinar Presented by Aglient Technolgoes: Scope Technology Imp...
A Transcat.com Webinar Presented by Aglient Technolgoes: Scope Technology Imp...
Transcat
 
Webinar: BlueNRG-LP - Bluetooth 5.2 de longo alcance para aplicações industriais
Webinar: BlueNRG-LP - Bluetooth 5.2 de longo alcance para aplicações industriaisWebinar: BlueNRG-LP - Bluetooth 5.2 de longo alcance para aplicações industriais
Webinar: BlueNRG-LP - Bluetooth 5.2 de longo alcance para aplicações industriais
Embarcados
 
Alexei_Plescan - updated
Alexei_Plescan - updatedAlexei_Plescan - updated
Alexei_Plescan - updated
Alexei Plescan
 
Places in the network (featuring policy)
Places in the network (featuring policy)Places in the network (featuring policy)
Places in the network (featuring policy)
Jeff Green
 
Create New Value for You - Huawei Agile Network
Create New Value for You - Huawei Agile NetworkCreate New Value for You - Huawei Agile Network
Create New Value for You - Huawei Agile Network
Huawei Enterprise Hong Kong
 
Sdn future of networks
Sdn future of networksSdn future of networks
Sdn future of networks
Ahmed El-Sayed
 
Cloud networking workshop
Cloud networking workshopCloud networking workshop
Cloud networking workshop
Cisco Canada
 
Master Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageMaster Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS Village
Chris Sistrunk
 
Cisco 3600 access point datasheet
Cisco 3600 access point datasheetCisco 3600 access point datasheet
Cisco 3600 access point datasheet
Amy Huang
 
Swaminathan_Resume_May2015
Swaminathan_Resume_May2015Swaminathan_Resume_May2015
Swaminathan_Resume_May2015
Swaminathan Balasubramanian
 
Unified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching PlatformUnified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching Platform
Cisco Canada
 
Abdul Muneer k_RESUME
Abdul Muneer k_RESUMEAbdul Muneer k_RESUME
Abdul Muneer k_RESUME
Abdul muneer
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
Splunk
 
Havoc industrial electronice and techonology rfid and two-way radios - 2015
Havoc industrial electronice and techonology rfid and two-way radios - 2015Havoc industrial electronice and techonology rfid and two-way radios - 2015
Havoc industrial electronice and techonology rfid and two-way radios - 2015
Robin Wright
 
Dynamic Service Chaining
Dynamic Service Chaining Dynamic Service Chaining
Dynamic Service Chaining
Tail-f Systems
 
Innovate in new and exciting optical sensing applications in industrial marke...
Innovate in new and exciting optical sensing applications in industrial marke...Innovate in new and exciting optical sensing applications in industrial marke...
Innovate in new and exciting optical sensing applications in industrial marke...
Design World
 

Similar to Exhibitor sessions: Khipu and Aruba, HPE (20)

Identi fi 3865-series-outdoor-access-point-ds
Identi fi 3865-series-outdoor-access-point-dsIdenti fi 3865-series-outdoor-access-point-ds
Identi fi 3865-series-outdoor-access-point-ds
 
Cisco Unified Wireless Network and Converged access – Design session
Cisco Unified Wireless Network and Converged access – Design sessionCisco Unified Wireless Network and Converged access – Design session
Cisco Unified Wireless Network and Converged access – Design session
 
Ap3705i ds
Ap3705i dsAp3705i ds
Ap3705i ds
 
TULIPP overview
TULIPP overviewTULIPP overview
TULIPP overview
 
A Transcat.com Webinar Presented by Aglient Technolgoes: Scope Technology Imp...
A Transcat.com Webinar Presented by Aglient Technolgoes: Scope Technology Imp...A Transcat.com Webinar Presented by Aglient Technolgoes: Scope Technology Imp...
A Transcat.com Webinar Presented by Aglient Technolgoes: Scope Technology Imp...
 
Webinar: BlueNRG-LP - Bluetooth 5.2 de longo alcance para aplicações industriais
Webinar: BlueNRG-LP - Bluetooth 5.2 de longo alcance para aplicações industriaisWebinar: BlueNRG-LP - Bluetooth 5.2 de longo alcance para aplicações industriais
Webinar: BlueNRG-LP - Bluetooth 5.2 de longo alcance para aplicações industriais
 
Alexei_Plescan - updated
Alexei_Plescan - updatedAlexei_Plescan - updated
Alexei_Plescan - updated
 
Places in the network (featuring policy)
Places in the network (featuring policy)Places in the network (featuring policy)
Places in the network (featuring policy)
 
Create New Value for You - Huawei Agile Network
Create New Value for You - Huawei Agile NetworkCreate New Value for You - Huawei Agile Network
Create New Value for You - Huawei Agile Network
 
Sdn future of networks
Sdn future of networksSdn future of networks
Sdn future of networks
 
Cloud networking workshop
Cloud networking workshopCloud networking workshop
Cloud networking workshop
 
Master Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageMaster Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS Village
 
Cisco 3600 access point datasheet
Cisco 3600 access point datasheetCisco 3600 access point datasheet
Cisco 3600 access point datasheet
 
Swaminathan_Resume_May2015
Swaminathan_Resume_May2015Swaminathan_Resume_May2015
Swaminathan_Resume_May2015
 
Unified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching PlatformUnified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching Platform
 
Abdul Muneer k_RESUME
Abdul Muneer k_RESUMEAbdul Muneer k_RESUME
Abdul Muneer k_RESUME
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
 
Havoc industrial electronice and techonology rfid and two-way radios - 2015
Havoc industrial electronice and techonology rfid and two-way radios - 2015Havoc industrial electronice and techonology rfid and two-way radios - 2015
Havoc industrial electronice and techonology rfid and two-way radios - 2015
 
Dynamic Service Chaining
Dynamic Service Chaining Dynamic Service Chaining
Dynamic Service Chaining
 
Innovate in new and exciting optical sensing applications in industrial marke...
Innovate in new and exciting optical sensing applications in industrial marke...Innovate in new and exciting optical sensing applications in industrial marke...
Innovate in new and exciting optical sensing applications in industrial marke...
 

More from Jisc

Adobe Express Engagement Webinar (Delegate).pptx
Adobe Express Engagement Webinar (Delegate).pptxAdobe Express Engagement Webinar (Delegate).pptx
Adobe Express Engagement Webinar (Delegate).pptx
Jisc
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
Jisc's value to HE: the University of Sheffield
Jisc's value to HE: the University of SheffieldJisc's value to HE: the University of Sheffield
Jisc's value to HE: the University of Sheffield
Jisc
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
Jisc
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
Jisc
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
Jisc
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
Jisc
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
Jisc
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
Jisc
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
Jisc
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
Jisc
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
Jisc
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
Jisc
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
Jisc
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
Jisc
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
Jisc
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
Jisc
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
Jisc
 

More from Jisc (20)

Adobe Express Engagement Webinar (Delegate).pptx
Adobe Express Engagement Webinar (Delegate).pptxAdobe Express Engagement Webinar (Delegate).pptx
Adobe Express Engagement Webinar (Delegate).pptx
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
Jisc's value to HE: the University of Sheffield
Jisc's value to HE: the University of SheffieldJisc's value to HE: the University of Sheffield
Jisc's value to HE: the University of Sheffield
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 

Recently uploaded

June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
Dr. Shivangi Singh Parihar
 
Film vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movieFilm vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movie
Nicholas Montgomery
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Scholarhat
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
heathfieldcps1
 
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
NelTorrente
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
eBook.com.bd (প্রয়োজনীয় বাংলা বই)
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Excellence Foundation for South Sudan
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
Priyankaranawat4
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
AyyanKhan40
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
Top five deadliest dog breeds in America
Top five deadliest dog breeds in AmericaTop five deadliest dog breeds in America
Top five deadliest dog breeds in America
Bisnar Chase Personal Injury Attorneys
 
What is the purpose of studying mathematics.pptx
What is the purpose of studying mathematics.pptxWhat is the purpose of studying mathematics.pptx
What is the purpose of studying mathematics.pptx
christianmathematics
 
DRUGS AND ITS classification slide share
DRUGS AND ITS classification slide shareDRUGS AND ITS classification slide share
DRUGS AND ITS classification slide share
taiba qazi
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
thanhdowork
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
Priyankaranawat4
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
adhitya5119
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
Colégio Santa Teresinha
 

Recently uploaded (20)

June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
 
Film vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movieFilm vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movie
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
 
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
Top five deadliest dog breeds in America
Top five deadliest dog breeds in AmericaTop five deadliest dog breeds in America
Top five deadliest dog breeds in America
 
What is the purpose of studying mathematics.pptx
What is the purpose of studying mathematics.pptxWhat is the purpose of studying mathematics.pptx
What is the purpose of studying mathematics.pptx
 
DRUGS AND ITS classification slide share
DRUGS AND ITS classification slide shareDRUGS AND ITS classification slide share
DRUGS AND ITS classification slide share
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
 

Exhibitor sessions: Khipu and Aruba, HPE

  • 2. Please switch your mobile phones to silent 19:30 No fire alarms scheduled. In the event of an alarm, please follow directions of NCC staff Dinner (now full) Entrance via Goldsmith Street 16:30 - 17:30 Birds of a feather sessions 15:20 - 16:00 Lightning talks
  • 4. Vulnerability Management in your Security Architecture Dirk Schrader
  • 5. Content & About » Experiences with vulnerability management as part of an overall security architecture » Integrating vulnerability management into your security architecture, into your workflows. » What are some of the best practices for this?What are the advantages, what are possible caveats? » Dirk Schrader CISSP, CISM » Khipu and Greenbone provide the technology behind the JiscVulnerability assessment and information service www.jisc.ac.uk/vulnerability-assessment-and-information-service www.khipu-networks.com www.greenbone.net
  • 6. Vulnerability Management is required » the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services » a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing ISO 27001 control A.12.6.1 asks for the timely identification of vulnerabilities, the assessment of organization’s exposure to a vulnerability. ISO 27002 lists actions like » Make an asset inventory » Deal with vulnerabilities through defined procedures
  • 7. Vulnerability Management Process prepare identify classify prioritize assign mitigate & remediate store & repeat improve
  • 9. VM in a Security Architecture prepare identify classify prioritize assign mitigate & remediate store & repeat improve
  • 10. ‚prepare‘ <-> Policies prepare identify classify prioritize assign mitigate & remediate store & repeat improve » Install policies, standards that enforceVulnerability Management » Make sure that responsibilities & actions are defined › asset owner › service owner › system owner, › ownership ≠ responsibility….? » Define secure configurations, whitelist systems and applications » Map to security controls, relate controls to responsibilities » Start simple, enhance stepwise
  • 11. ‚identify, classify, prioritize‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve » Import and/or discover assets » Scan assets, scan them authenticated » use CVSS, CVE, CPE » enhance with add. SecInfo » tag with Asset Criticality info » use Score, Quality of Detection, and available SolutionType » use Asset Information » Attack status confirms
  • 12. ‚identify, classify, prioritize‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve NAC (simplified)
  • 13. ‚identify, classify, prioritize‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve CMDB
  • 14. ‚identify, classify, prioritize‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve Threat Intel / SIEM
  • 15. ‚assign, mitigate & remediate‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve » use Reports, Alerts » based on Knowlegde, Experience, and Role » track and trace assignment » patch and/or upgrade » block and/or isolate » work around » override is also a temporary option
  • 16. ‚assign, mitigate & remediate‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve Ticket System
  • 17. ‚assign, mitigate & remediate‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve Update / Patch Management
  • 18. ‚store & repeat‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve » predict and trend assets » handle changes in infrastructure » time-stamped data supports Forensics » average of 40 high severity flaws published per week › 2017: 1,007 high severity flaws so far in 15 weeks
  • 19. ‚store & repeat‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve Forensics
  • 20. ‚store & repeat‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve half-life of facts
  • 21. ‚improve‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve » Eases implementation of Updates and Changes to Policies, Guidelines, Compliance » Meaningful KPIs for the IT Security documented
  • 22. ‚improve‘ <-> Workflows &Tools prepare identify classify prioritize assign mitigate & remediate store & repeat improve
  • 24. jisc.ac.uk contact Dirk Schrader Greenbone Networks GmbH Dirk.Schrader@greenbone.net
  • 27. ON THE AIRWAVES – TRENDS IN WI-FI AND WIRELESS Peter Thornycroft April 2017
  • 28. 28 Agenda • 802.11ax high efficiency WLANs • Machine Learning applied to WLANs • Evolving architecture for the enterprise WLAN
  • 30. 30 802.11ax: Issues Facing Wi-Fi Networks • Many short data frames, many users • Overlapping BSS’s in dense deployments block each other from transmitting • Improving performance in outdoor hotspots 1 2 4 3 4 2 1 2 1 3 4 1 3 4 1 2 1 1 3 >80% of frames under 256B
  • 31. 31 802.11ax: Goals • Enhance operation in 2.4 & 5 GHz bands (11ac was only 5 GHz) • Increase average throughput per station by at least 4x in dense deployments • Improvements both indoor and outdoor • Scenarios include wireless corporate office, outdoor hotspot, dense residential apartments and stadiums • Maintain or improve power efficiency of the stations
  • 32. 32 802.11ax: Timeline (guess products late 2018 / early 2019) 0 mo IEEE 802.11ax TG kick off May ‘14 D0.1 Jan ‘16 D1.0 Dec ‘16 D2.0 May ‘17 Predicted Final Approval Dec ‘18 Predicted WFA AX MTG kick off Apr ‘16 Cert Launch Dec ‘18 Predicted IEEE 802.11ac Sponsor Ballot Mar ‘18 Predicted TG kick off Nov ‘08 D1.0 Jun ‘11 12 mo 24 mo 36 mo D0.1 Jan ‘11 D2.0 Feb ‘12 48 mo D3.0 Jun ‘12 Sponsor Ballot May ‘13 60 mo Final Approval Oct ‘13 Publish Dec ‘13 0 mo 12 mo 24 mo WFA AC MTG kick off Jun ‘10 TTG kick off Aug ‘11 36 mo Plugfest #1 Aug ‘12 PF #5 Jan ‘13 Launch Jun ‘13 2016 2017 20182015 2016 2017 2018 SIG kick off Aug ‘09 2014 SIG kick off Feb ‘14 2019 2019
  • 33. 33 802.11ax: features Outdoor / Longer rangePower Saving High DensitySpectral Efficiency & Area Throughput 8x8 AP 1024 QAM 25% increase in data rate OFDMA Enhanced delay spread protection- long guard interval Scheduled sleep and wake times 20 MHz-only clients Spatial Reuse DL/UL MU-MIMO w/ 8 clients L-STF L-LTF L-SIG RL-SIG HE-SIG-A HE-STF HE-LTF HE-LTF Data... 8µs 8µs 4µs 4µs 16µs 4µs VariabledurationsperHE-LTFsymbol PE 0.8us 11ac 1.6us 11ax Extended range packet structure 3.2us 11ax B e a c o n T F Next TWT B e a c o n T F T F T F TWT element: Implicit TWT, Next TWT, TWT Wake Interval TWT Wake Interval DL/UL MU DL/UL MU DL/UL MU DL/UL MU 80 MHz Capable 20 MHz-only 2x increase in throughput ac ax Up to 20% increase in data rate Long OFDM Symbol
  • 35. 35 802.11ax: MU-MIMO, UL MU transmissions • New Trigger control frame • UL MU transmission may be OFDMA or MU- MIMO • Trigger frame can be used as a Beamforming Report Poll, MU-BAR, MU- RTS, Buffer Status Report Poll, Bandwidth Query Report Poll… Trigger frame UL MU PPDU AP STA1 Acknowledge frame UL MU PPDUSTA2 UL MU PPDUSTA3 UL MU PPDUSTA4 Frequency/ Spatialdomain
  • 36. 36 802.11ax: BSS colouring • To increase capacity in dense environment, we need to increase frequency reuse between BSS’s • BSS Colouring was a mechanism introduced in 802.11ah to assign a different “colour” per BSS, which will be extended to 11ax • New channel access behavior will be assigned based on the colour detected Increased Frequency Reuse (w/ 80 MHz channels) - All same-channel BSS blocking 1 2 4 3 4 2 1 2 1 3 4 1 3 4 1 2 1 1 3 Low Frequency Reuse (w/ 20 MHz channels) 18 19 17 6 7 5 1 2 10 3 11 12 15 4 14 13 16 8 9 Same-channel BSS only blocked on Colour Match 1 2 4 3 2 1 2 1 3 4 3 4 1 2 1 1 2 3 2 3 4 3 4 4 1 3 2 4 4 1 2 3 4 1 3 2 4 1 2 3
  • 37. 37 802.11ax: outdoor and longer-range features • One of the goals of 802.11ax is improved performance outdoors - Longer delay spreads than the 11a/n/ac guard interval of 0.8 usec. 802.11ax modifies the guard intervals options to 0.8, 1.6, and 3.2 usec - Possible multipath bounces off high speed vehicles. A Doppler bit indicates Doppler mode of transmission • To expand the coverage and robustness of an outdoor hotspot - New extended range packet format with more robust preamble - Dual Carrier Modulation (DCM) – replicate the same information on different subcarriers for diversity gain and narrow band interference protection, ~3.5 dB gain - Narrower transmission bandwidth for Data field – 106 tones (~8 MHz) can be used to reduce noise bandwidth L-STF L-LTF L-SIG RL-SIG HE-SIG-A HE-STF HE-LTF HE-LTF Data... 8µs 8µs 4µs 4µs 16µs 4µs Variable durations per HE-LTF symbol PE HE extended range SU PPDU format
  • 38. 38 802.11ax: new PHY data rates 11ax 11ac Data rate (Mbps) Mode gain Data rate (Mbps) Mode Min 0.375 1SS, MCS0, DCM, 26- tone 6.5 1SS, MCS0, 20 MHz Max, 20 MHz 143.4*NSS 1024‐QAM, r=5/6, 13.6 usec symbol 65% 86.7*NSS 256-QAM, r=3/4 (256-QAM, r=5/6 only valid for NSS=3,6), 3.6 usec symbol Max, 40 MHz 286.8*NSS 1024‐QAM, r=5/6, 13.6 usec symbol 43% 200*NSS 256-QAM, r=5/6, 3.6 usec symbol Max, 80 MHz 600.4*NSS 1024‐QAM, r=5/6, 13.6 usec symbol 39% 433.3*NSS 256-QAM, r=5/6, 3.6 usec symbol Max, 160 MHz 600.4*2*NSS 1024‐QAM, r=5/6, 13.6 usec symbol 39% 433.3*2*NSS 256-QAM, r=5/6, 3.6 usec symbol NSS = 1…8 for both 11ac and 11ax
  • 39. 39 802.11ax: Target Wake Time for power save • Target Wake Time (TWT) is a power saving mechanism in 802.11ah which allows the STA to sleep for periods of time, and wake up at pre- scheduled times to exchange information with its AP doc.: IEEE 802.11-12/0823r0 Submission Power Consumption Profiles July 2012 Matthew Fischer, et al. • Baseline PS-POLL Slide 14 Beacon Wake LMSM RM LM/RM TM RM UL BA LM/RM BADL TMRM SM SleepAccess delay Lookup + Access delay Beacon LMSM RM ?M TM RM UL BA BADL TMRM SM Slot delay Wake Sleep LMSM TM RM UL BA BADL TMRM SM Wake Sleep • Beacon-based access • TWT-based access SM: Sleep Mode LM: Listen Mode RM: Receive Mode TM: Transmit Mode
  • 40. 40 802.11ax: 20 MHz-only clients • Provide support for low power, low complexity devices (IOT): wearable devices, sensors and automation, medical equipment, etc.
  • 41. ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING IN ENTERPRISE NETWORKS
  • 42. 42 Artificial Intelligence and Machine Learning • Drawing inferences from large amounts of data − First obtain a large amount of training data (labelled for supervised learning) − Then train the ML model to get the ‘right’ result from the training data − Now let the model loose on new data • Can be applied to different problems − Network Management − Misbehaving devices or users − Device discovery & classification (e.g. IoT) • Can close the loop with suggested changes or automated actions
  • 43. 43 Architecture for Machine Learning On-premise data collector Network data sources • Span ports • Firewalls • WLAN • Network Management • Authentication • DHCP • … send to cloud Identify anomalies Cluster anomalies Root cause & fixes alerts actions
  • 44. 44 Network management: Benefits Better network operations Real-time insights with root cause analysis and remedy recommendation – “A large fraction of Lync calls fail in building A, because of non-WiFi interference” – “On July 7th, 38 users in building B suffered slow Wi-Fi speed due to suboptimal channel allocation” – “45 users failed to connect to Wi-Fi, because of Radius server overload” Better network planning Macro insights with long-term recommendations – “Compared to similar buildings, users in building A achieve 20% lower data rate” – “In building B, peak hour traffic grows by 2.3% month-to-month. This will become a network bottleneck in 14 months”
  • 45. 45 Network Management: Environment type detection User density Connection life time Cluster 1 • low user density • high connection life time • Example: Office space Cluster 2 • high user density • high connection life time • Example: Lecture hall Cluster 3 • high user density • low connection life time • Example: Cafeteria area Automatic granularity: subdivide buildings based on Wi-Fi characteristics − Example: library entrance area vs. library archive stacks
  • 46. 46 Network management: Data-driven anomaly detection • Detect anomalous values of network metrics, while accounting for the circumstances − AP experiences high air utilization (uplink + downlink + ambient), given time of day and band − Client station has uplink/downlink rate imbalance, given its device type and band − Client station is using low downlink rate, given its RSSI, band and device type − No manual thresholds are needed, separate models for each environment type mantain low false alarm rate
  • 47. 47 Network management: Clustering of issues d1 d2 Cluster 1 • device type: iPhones • ssid: UW • issues: roam-802.11-assoc Cluster 3 • device type: iPad • sta_mac: a888088f4b0c • ssid: CSE-Local • location: CSE basement • bssid: 04bd88337850 • ch: 40 • controller: 113 • issues: roam-802.11-assoc dn Cluster 2 • device type: iPhone & Android • ssid: UW • controller: 8901 • location: KNE.5
  • 48. 48 Security: Automated detection of insider-threats Compromised Users & Hosts Negligent Employees Malicious Insiders ATTACKS AND RISKY BEHAVIORS on the inside
  • 49. 49 Security: behavioural analytics approach Behavioral Analytics UNSUPERVISED + SEMI- SUPERVISED HISTORICAL + PEER GROUP MACHINE LEARNING BASELINES Internal Resource Access Finance servers Authentication AD logins Remote Access VPN logins External Activity C&C, personal email SaaS Activity Office 365, Box Cloud IaaS AWS, Azure Physical Access badge logs Exfiltration DLP, Email
  • 50. 50 Security: finding the malicious in the anomalous Behavioral Analytics SUPERVISED MACHINE LEARNING DLP Sandbox Firewalls STIX Rules Etc. THIRD PARTY ALERTS
  • 51. 51 IoT: Security Starts with Identifying Devices Seeing totals and mix of devices helps understand risk. CCTV cameras from XiongMai Technologies can be an issue. Visibility needed to make accurate planning decisions - bandwidth usage, firewall rules, etc. 1 2 3 Having Information useful during internal and external audits.
  • 52. 52 IoT: Comprehensive Profiler Methods • DHCP Fingerprinting (support for IP-Helper and use of SPAN/RSPAN mirroring) • SNMP/Network Discovery (MIB reads to identify static IP addressed devices) • WMI (useful for Windows) • SSH (useful for Linux) • CDP, LLDP (useful in Cisco networks) • HTTP User-Agent (useful for Apple) • MAC OUI (useful for Android) • ARP Reads, Subnet Scans • Active Sync Plugin • Nmap Port scans • TCP
  • 53. EVOLUTION OF THE EDGE – ENTERPRISE NETWORK ARCHITECTURE
  • 54. 54 Network architecture • Only at the edge can the network sense • Device radio characteristics • Device authentication status • Unassociated devices • All intrusion attempts Radio information - Signal level - SNR radio 802.11 mgmt 802.11 management - Associated - Data rate - Frame error rate - MAC - Sleeping Auth - Status - Identity - Role - Blacklist L2 - ARP - VLAN - mDNS IP - DHCP - IP address Multicast - IGMP - MC Neighbors L4-7 - Sessions & protocols - Destinations, ports - Rates - QoS Mobility awareness - Origin & location - Roaming history - AP load - Neighbor APs L2 traffic & services L3 traffic & services 802.11 connected device
  • 55. 55 Network architecture Traffic forwarding Policy layer • Abstract the network model to a policy layer • Policy layer interfaces to external APIs • External APIs export sensing information, accept reconfiguration Apps services
  • 56. 56 Network architecture • The network hollows out • The edge is used for sensing and reporting • Policy definitions allow the network to dynamically reconfigure in response to traffic & external events • APIs allow the network to dynamically reconfigure in response to external requirements • Big Data is accumulated locally or in the cloud • Machine Learning is applied to many networking problems

Editor's Notes

  1. Jetzt ein Blick auf das Release 4
  2. Jetzt ein Blick auf das Release 4
  3. Jetzt ein Blick auf das Release 4
  4. Virtualization makes definition of responsibilities kind of difficult Actions & Consequences
  5. NAC CMDB Threat Intel
  6. NAC CMDB Threat Intel
  7. NAC CMDB Threat Intel
  8. NAC CMDB Threat Intel / SIEM
  9. Ticket System, IT Service Management UpdateServer
  10. Ticket System, IT Service Management UpdateServer
  11. Ticket System, IT Service Management UpdateServer, i.e WSUS, SCCM
  12. OK rather a rare case VM of course provides Data for Analysis, Timeline Review, identifying the ‚window of vulnerability‘ of an affected system for the actual attack.
  13. Ever changing landscape of vulnerabilities (new ones and updates to known ones) A known vulnerability sometimes changes its characteristics Half-time value of facts gathered about your security posture
  14. Improve questions to ask: Where do people try to circumvent security policies and why? One contributing factor to non-compliance by users is an extensive workload caused by security mechanisms. That is: 1) There is no clear reason to comply 2) The cost of compliance is too high 3) There is an inability to comply (encrypted USB drives too small to carry the needed files) Recommended reading ‘The psychology of Information Security’