This document summarizes how to set up an OpenVPN connection between a headquarters Mikrotik router and a branch office Mikrotik router to allow secure connectivity between their networks. It describes generating certificates on the HQ router, setting up the HQ router as an OpenVPN server, configuring the branch router as an OpenVPN client, and verifying the routing and connection between the two sites.
Securing Network Access with Open Source solutionsNick Owen
My presentation from Atlanta Linux Fest on how to allow users secure access to your network using open source technologies. Examples include how to add two-factor authentication to Apache, OpenVPN, Astaro, NX etc.
Securing Network Access with Open Source solutionsNick Owen
My presentation from Atlanta Linux Fest on how to allow users secure access to your network using open source technologies. Examples include how to add two-factor authentication to Apache, OpenVPN, Astaro, NX etc.
if your are always confused about ip tunneling L2/L3 tunneling ipsec acces vpn u have to come to right place This presentation in pdf will get you started on right path towards tunnling concept & implementaion
A VPN (Virtual Private Network) extends a private network across a public network, such as the
Internet.
A VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide
remote offices or individual users with secure access to their organization's network. A VPN ensures
privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol
(L2TP). Data is encrypted at the sending end and decrypted at the receiving end.
This presentation by Westermo’s Cyber Security Product Manager Niklas Mörth and Network Applications Expert Dr. Jon-Olov Vatn is an integral part of the Westermo cybersecurity webinar: https://www.westermo.com/news-and-events/webinars/cybersecurity-fundamentals-vpn-best-practices
The document explains the technology underlying the Virtual Private Networks. It is intended for newbies to the field, It is explained in a layman's language.
More and more IoT vulnerabilities are found and showcased at security events. From connected thermostats to power plants!
Insecurity became the favorite subject for creating catchy IoT headlines: "Connected killer toaster", "Fridges changed into spamming machines","Privacy concerns around connected home".
We will explore the five challenges one has to face when building a secure IoT solution:
- hardware security: how to avoid rogue firmwares and keep your security keys safe?
- upgrade strategy: you can't secure what you can't update!
- secure transport: no security without secure transports.
- security credentials distribution: how to distribute security keys to a fleet with millions of devices?
- cloud vulnerability mitigation, how to keep your fleet of devices safe from the next Heartbleed?
Current enterprise infrastructure provides solutions for handling application security but are they really matching the IoT challenge? Could running a PKI client on a low power wireless sensor node be an option?
Despite those difficulties, we will show how a modern IoT device management standard like Lightweight M2M with DTLS is the way for building a secur-first IoT solutions. It provides a solution for upgrading your device, distributing your security keys and comes with a full range of cryptography cipher suites, from PSK algorithm for very constrained devices to high level of security using X.509 certificates.
Furthermore for adding security to your solution we will present you ready to use opensource libraries for implementing secure IoT servers and devices. The way for quickly releasing your next catchy connected product.!
Ultimately we will showcase Wakaama and Leshan, the Eclipse IoT Lightweight M2M implementation maybe your next best friend in the troubled water of Internet-Of-Things security!
This slides show a more complex rollout real world scenario in combination of usb-based crypto keys used in parallel under linux and windows and cross-browser on windows too! Good thing is - no passwords must be stored on any of the authentication systems - no passwords can be stolen! ;-)
Slides just give an overview over the overall architecture but was really working - see pictures on last slides - where the same certificate from the usb key is shown under linux and windows - still neat.
Somehow not much seems to have changed since 2004 if one looks around - could still be applied in todays environments - the basics and it's still not wide spread nowadays.
Note: Slides are historical versions from 2004, so not all shown hardware, protocols and/or drivers/software may be available or recommended for usage anymore.
Today I would prefere OpenXPKI which forked of OpenCA and is an fully independent version by now close to 1.0 release this or next year! Check it out!
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld
VMworld 2013
Ninad Desai, VMware
Greg Herzog, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
NIDM (National Institute Of Digital Marketing) Bangalore Is One Of The Leading & best Digital Marketing Institute In Bangalore, India And We Have Brand Value For The Quality Of Education Which We Provide.
www.nidmindia.com
if your are always confused about ip tunneling L2/L3 tunneling ipsec acces vpn u have to come to right place This presentation in pdf will get you started on right path towards tunnling concept & implementaion
A VPN (Virtual Private Network) extends a private network across a public network, such as the
Internet.
A VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide
remote offices or individual users with secure access to their organization's network. A VPN ensures
privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol
(L2TP). Data is encrypted at the sending end and decrypted at the receiving end.
This presentation by Westermo’s Cyber Security Product Manager Niklas Mörth and Network Applications Expert Dr. Jon-Olov Vatn is an integral part of the Westermo cybersecurity webinar: https://www.westermo.com/news-and-events/webinars/cybersecurity-fundamentals-vpn-best-practices
The document explains the technology underlying the Virtual Private Networks. It is intended for newbies to the field, It is explained in a layman's language.
More and more IoT vulnerabilities are found and showcased at security events. From connected thermostats to power plants!
Insecurity became the favorite subject for creating catchy IoT headlines: "Connected killer toaster", "Fridges changed into spamming machines","Privacy concerns around connected home".
We will explore the five challenges one has to face when building a secure IoT solution:
- hardware security: how to avoid rogue firmwares and keep your security keys safe?
- upgrade strategy: you can't secure what you can't update!
- secure transport: no security without secure transports.
- security credentials distribution: how to distribute security keys to a fleet with millions of devices?
- cloud vulnerability mitigation, how to keep your fleet of devices safe from the next Heartbleed?
Current enterprise infrastructure provides solutions for handling application security but are they really matching the IoT challenge? Could running a PKI client on a low power wireless sensor node be an option?
Despite those difficulties, we will show how a modern IoT device management standard like Lightweight M2M with DTLS is the way for building a secur-first IoT solutions. It provides a solution for upgrading your device, distributing your security keys and comes with a full range of cryptography cipher suites, from PSK algorithm for very constrained devices to high level of security using X.509 certificates.
Furthermore for adding security to your solution we will present you ready to use opensource libraries for implementing secure IoT servers and devices. The way for quickly releasing your next catchy connected product.!
Ultimately we will showcase Wakaama and Leshan, the Eclipse IoT Lightweight M2M implementation maybe your next best friend in the troubled water of Internet-Of-Things security!
This slides show a more complex rollout real world scenario in combination of usb-based crypto keys used in parallel under linux and windows and cross-browser on windows too! Good thing is - no passwords must be stored on any of the authentication systems - no passwords can be stolen! ;-)
Slides just give an overview over the overall architecture but was really working - see pictures on last slides - where the same certificate from the usb key is shown under linux and windows - still neat.
Somehow not much seems to have changed since 2004 if one looks around - could still be applied in todays environments - the basics and it's still not wide spread nowadays.
Note: Slides are historical versions from 2004, so not all shown hardware, protocols and/or drivers/software may be available or recommended for usage anymore.
Today I would prefere OpenXPKI which forked of OpenCA and is an fully independent version by now close to 1.0 release this or next year! Check it out!
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld
VMworld 2013
Ninad Desai, VMware
Greg Herzog, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
NIDM (National Institute Of Digital Marketing) Bangalore Is One Of The Leading & best Digital Marketing Institute In Bangalore, India And We Have Brand Value For The Quality Of Education Which We Provide.
www.nidmindia.com
Exploring Career Paths in Cybersecurity for Technical CommunicatorsBen Woelk, CISSP, CPTC
Brief overview of career options in cybersecurity for technical communicators. Includes discussion of my career path, certification options, NICE and NIST resources.
Want to move your career forward? Looking to build your leadership skills while helping others learn, grow, and improve their skills? Seeking someone who can guide you in achieving these goals?
You can accomplish this through a mentoring partnership. Learn more about the PMISSC Mentoring Program, where you’ll discover the incredible benefits of becoming a mentor or mentee. This program is designed to foster professional growth, enhance skills, and build a strong network within the project management community. Whether you're looking to share your expertise or seeking guidance to advance your career, the PMI Mentoring Program offers valuable opportunities for personal and professional development.
Watch this to learn:
* Overview of the PMISSC Mentoring Program: Mission, vision, and objectives.
* Benefits for Volunteer Mentors: Professional development, networking, personal satisfaction, and recognition.
* Advantages for Mentees: Career advancement, skill development, networking, and confidence building.
* Program Structure and Expectations: Mentor-mentee matching process, program phases, and time commitment.
* Success Stories and Testimonials: Inspiring examples from past participants.
* How to Get Involved: Steps to participate and resources available for support throughout the program.
Learn how you can make a difference in the project management community and take the next step in your professional journey.
About Hector Del Castillo
Hector is VP of Professional Development at the PMI Silver Spring Chapter, and CEO of Bold PM. He's a mid-market growth product executive and changemaker. He works with mid-market product-driven software executives to solve their biggest growth problems. He scales product growth, optimizes ops and builds loyal customers. He has reduced customer churn 33%, and boosted sales 47% for clients. He makes a significant impact by building and launching world-changing AI-powered products. If you're looking for an engaging and inspiring speaker to spark creativity and innovation within your organization, set up an appointment to discuss your specific needs and identify a suitable topic to inspire your audience at your next corporate conference, symposium, executive summit, or planning retreat.
About PMI Silver Spring Chapter
We are a branch of the Project Management Institute. We offer a platform for project management professionals in Silver Spring, MD, and the DC/Baltimore metro area. Monthly meetings facilitate networking, knowledge sharing, and professional development. For event details, visit pmissc.org.
Resumes, Cover Letters, and Applying OnlineBruce Bennett
This webinar showcases resume styles and the elements that go into building your resume. Every job application requires unique skills, and this session will show you how to improve your resume to match the jobs to which you are applying. Additionally, we will discuss cover letters and learn about ideas to include. Every job application requires unique skills so learn ways to give you the best chance of success when applying for a new position. Learn how to take advantage of all the features when uploading a job application to a company’s applicant tracking system.
3. Our Company
Company Name: AD.TEK Joint Stock Company
Brand name: Advanced Networks Technology
Head quarter: No.9 Building 10, Lane 95 Chua Boc st., Dong Da dist., Hanoi
Founded: November 2010
Resources: 30+ employees with 10+ Technical engineers
Business: Datacenter and Enterprise Network solutions and products distribution
Contact: sales@adtek.vn www.adtek.vn
Hanoi Ho Chi Minh City Nha Trang City
45/140 Khuat Duy Tien st.
Thanh Xuan, Hanoi
Hotline: +84 98 672 8080
26F/11 Le Quoc Hung st.
Ward 12, Dist. 4, HCMC.
Hotline: +84 98 652 8080
25 Nguyen Van Bay st.
Phuoc Long, Nha Trang
Hotline: +84 97 235 8080
8. Challenges
Corporate with Head Quarter and multiple branch/offices need to sharing
data between sites
Corporate with mobile users working out of office and connect to
Private/Local Applications system
Central managed for IT networking equipments/devices from HQ.
Over budget for leasedline/MPLS VPN from ISP.
10. What is OpenVPN?
Open Source software application implements VPN (virtual private network)
for creating secure point-to-point or site-to-site connection.
Written by Jame Yonan and published under GNU General Public License (GPL)
Support routed or bridged mode and remote access topology
Used custom security protocol utilized SSL/TSL for key exchange
Allow peers to authenticate each other using pre-shared secret key,
certificates or username/password.
Uses the OpenSSL encryption library, as well as the SSLv3/TLSv1 protocol, and
contains many security and control features.
Has been ported and embedded to several systems like DD-WRT (GNU/Linux-
based firmware for wireless routers and access points), Mikrotik RouterOS,
SoftEther VPN,…
11. Architecture
Encryption
OpenVPN uses the OpenSSL library to
provide encryption of both the data and
control channels. It lets OpenSSL do all
the encryption and authentication work,
allowing OpenVPN to use all the ciphers
available in the OpenSSL package
Can support the HMAC (Hash-based
message authentication code) packet
authentication feature to add an
additional layer of security to the
connection
Also support hardware acceleration to
get better encryption performance
Authentication
Support pre-shared keys, certificate-
based, and username/password-based
authentication
Security
256 bits encryption through OpenSSL
library
Custom protocol based on SSL and TSL
support IKE, IPSec, L2TP or PPTP.
Networking
Support over both UDP or TCP
Support IPv6 (version 2.3.x)
Support working through proxy servers
(including HTTP proxy server)
Support working through NAT
Support TUN (layer 2) or TAP (layer 3)
interface
IANA official port: 1194
12. Mikrotik RouterOS and OpenVPN
Support
TCP
Bridging (TAP interface)
Routing (TUN interface)
Certificates
P2P mode
Naming Linux/Windows vs.
RouterOS
TUN - RouterOS: IP
TAP - RouterOS: ethernet
Unsupport
UDP
LZO Compression
15. How to?
1. Certificate Generation
2. Server site VPN gateway setup
3. Branch site VPN Client setup
4. Routing & Check connection
16. Certificates generation
ssh/telnet to HQ Mikrotik gateway, create your own certificate authority (CA)
named myCA and.
192.168.1.1 is LAN interface
export the CA certificate
Create a private and public key pair for the VPN Server and another key pair
for the VPN Client.
17. Certificates generation (cont.)
Sign both public keys with new CA
#/certificate sign OVPNserver ca=myCA name=server
#/certificate sign OVPNbranch ca=myCA name=branch
Export the VPN branch's private key and public key+certificate files.
Check your certifcates:
Check your files:
19. Server site VPN gateway setup
VPN parameters:
HQ LAN networks: 192.168.0.0/24; Branch LAN network: 192.168.10.0/24
VPN Network: 192.168.8.0/24, VPN Gateway: 192.168.8.1
IP Range for VPN Clients/Branch: 192.168.8.10-192.168.8.20
Server Certificate = yes
Auth = SHA1
Cipher = AES256
VPN TCP port = 1194
Client Certificate = Yes
Mode = IP (Layer 3 routing)
20. Server site VPN gateway setup (cont.)
Create the PPP profile and IP address pool
Check your configuration
21. Server site VPN gateway setup (cont.)
Add “branch” user with second factor secret and check your configure
Replace yourpassword by your own password. This password must match both HQ
and Branch configure.
22. Server site VPN gateway setup (cont.)
Create OVPN interface in the HQ-MikrotikGW using certificate, authentication
SHA1, cipher AES256, port 1194, mode IP.
23. Branch site VPN Client setup
Import certificate downloaded before to Branch Mikrotik Router using
sftp/webfig/winbox
24. Branch site VPN Client setup (cont.)
Import certificates. Using your own password created before for passphrase
Check your imported certificates:
25. Branch site VPN Client setup (cont.)
Add VPN client interface.
Note:
Change HQWAN-IP to your HQ Public IP address of HQ-MikrotikGW. If you are using
dynamic IP address, please enable cloud and using domain name.
Change yourpassword to your own password