The document discusses securing classified networks and sensitive data through the use of a Secure Network Access Platform (SNAP). SNAP allows users to securely access multiple isolated security domains from a single thin client desktop while preserving network isolation. It implements role-based access control, mandatory access controls, and label-based security to control access between security domains. SNAP leverages the security capabilities of the Solaris 10 operating system with Trusted Extensions to provide a certified, multi-level secure computing environment for government users.
z/OS Authorized Code Scanner (zACS) is a tool that provides the ability to test PCs and SVCs and client’s authorized code to provide diagnostic information for subsequent investigation as needed.
VMworld 2013
Jerry Breaud, VMware
Allen Shortnacy, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
1) Fortinet's software-defined security framework provides security that integrates with underlying cloud and SDN platforms through virtual appliances, platform orchestration, and centralized management.
2) The framework allows for scale-out of virtual firewalls across hypervisors and auto-provisioning of firewall rules for workloads in public clouds.
3) Fortinet partners with VMware, Cisco, and OpenStack to provide security solutions that support virtualization, SDN controllers, and public cloud platforms.
This document provides a checklist for hardening the security of Windows Server systems. It outlines best practices for organizational security, preparing, installing, and configuring Windows Server, as well as user account, network, registry, and general security settings. It also addresses audit policy, software security, and finalization steps like imaging servers. Implementing the guidelines can help reduce security vulnerabilities and the risk of attacks compromising critical systems and data.
This document provides an overview of a training course on system and network security for Windows 2003/XP/2000. It discusses what the course will cover, including the native security features of these Windows operating systems, how to lock down and secure Windows systems, and vulnerabilities and countermeasures. It also summarizes new and modified security features in Windows Server 2003 such as the Common Language Runtime, Internet Connection Firewall, account behavior changes, and enhancements to Encrypted File System, IPSec, authorization manager, and IIS 6.0.
Information Security Lesson 4 - Baselines - Eric VanderburgEric Vanderburg
The document discusses security baselines and hardening systems and networks. It covers topics like disabling unused services, using security templates to configure Windows settings, implementing group policy for domain configurations, and applying patches and filters to harden applications, operating systems, databases, and network devices. The document also defines several common acronyms related to information security.
The document provides an overview of Check Point's Gaia operating system. Some key points:
- Gaia is Check Point's next generation operating system that combines the best of their SecurePlatform and IPSO operating systems.
- It supports all Check Point security appliances and products, including Software Blades, Gateways, and Security Management.
- Features include support for IPv4/IPv6, high connection capacity, load sharing, high availability, dynamic routing, easy CLI, and role-based administration.
- Gaia allows for simple upgrades from IPSO and SecurePlatform and includes automated software updates for Check Point products.
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustDan Griffin
The US National Security Agency has been public about the inevitability of mobile computing and the need to support cloud-based service use for secret projects. General Alexander, head of the NSA, recently spoke of using smartphones as ID cards on classified networks.
And yet, mobile devices have a poor security track record, both as data repositories and as sources of trustworthy identity information. Cloud services are no better: current security features are oriented toward compliance and not toward real protection.
What if we could provide a strong link between mobile device identity, integrity, and the lifecycle of data retrieved from the cloud using only the hardware shipped with modern smartphones and tablets?
The good news is that we can do that with the trusted execution environment (TEE) features of the common system on a chip (SOC) mobile processor architectures using 'measurement-bound' encryption. This presentation describes how data can be encrypted to a specific device, how decryption is no longer possible when the device is compromised, and where the weaknesses are. I demonstrate measurement-bound encryption in action. I also announce the release of an open-source tool that implements it as well as a paper that describes the techniques for time-bound keys.
This is likely the very same way that NSA will be protecting the smartphones that will be used for classified information retrieval. Learn how your government plans to keep its own secrets and how you can protect yours.
z/OS Authorized Code Scanner (zACS) is a tool that provides the ability to test PCs and SVCs and client’s authorized code to provide diagnostic information for subsequent investigation as needed.
VMworld 2013
Jerry Breaud, VMware
Allen Shortnacy, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
1) Fortinet's software-defined security framework provides security that integrates with underlying cloud and SDN platforms through virtual appliances, platform orchestration, and centralized management.
2) The framework allows for scale-out of virtual firewalls across hypervisors and auto-provisioning of firewall rules for workloads in public clouds.
3) Fortinet partners with VMware, Cisco, and OpenStack to provide security solutions that support virtualization, SDN controllers, and public cloud platforms.
This document provides a checklist for hardening the security of Windows Server systems. It outlines best practices for organizational security, preparing, installing, and configuring Windows Server, as well as user account, network, registry, and general security settings. It also addresses audit policy, software security, and finalization steps like imaging servers. Implementing the guidelines can help reduce security vulnerabilities and the risk of attacks compromising critical systems and data.
This document provides an overview of a training course on system and network security for Windows 2003/XP/2000. It discusses what the course will cover, including the native security features of these Windows operating systems, how to lock down and secure Windows systems, and vulnerabilities and countermeasures. It also summarizes new and modified security features in Windows Server 2003 such as the Common Language Runtime, Internet Connection Firewall, account behavior changes, and enhancements to Encrypted File System, IPSec, authorization manager, and IIS 6.0.
Information Security Lesson 4 - Baselines - Eric VanderburgEric Vanderburg
The document discusses security baselines and hardening systems and networks. It covers topics like disabling unused services, using security templates to configure Windows settings, implementing group policy for domain configurations, and applying patches and filters to harden applications, operating systems, databases, and network devices. The document also defines several common acronyms related to information security.
The document provides an overview of Check Point's Gaia operating system. Some key points:
- Gaia is Check Point's next generation operating system that combines the best of their SecurePlatform and IPSO operating systems.
- It supports all Check Point security appliances and products, including Software Blades, Gateways, and Security Management.
- Features include support for IPv4/IPv6, high connection capacity, load sharing, high availability, dynamic routing, easy CLI, and role-based administration.
- Gaia allows for simple upgrades from IPSO and SecurePlatform and includes automated software updates for Check Point products.
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustDan Griffin
The US National Security Agency has been public about the inevitability of mobile computing and the need to support cloud-based service use for secret projects. General Alexander, head of the NSA, recently spoke of using smartphones as ID cards on classified networks.
And yet, mobile devices have a poor security track record, both as data repositories and as sources of trustworthy identity information. Cloud services are no better: current security features are oriented toward compliance and not toward real protection.
What if we could provide a strong link between mobile device identity, integrity, and the lifecycle of data retrieved from the cloud using only the hardware shipped with modern smartphones and tablets?
The good news is that we can do that with the trusted execution environment (TEE) features of the common system on a chip (SOC) mobile processor architectures using 'measurement-bound' encryption. This presentation describes how data can be encrypted to a specific device, how decryption is no longer possible when the device is compromised, and where the weaknesses are. I demonstrate measurement-bound encryption in action. I also announce the release of an open-source tool that implements it as well as a paper that describes the techniques for time-bound keys.
This is likely the very same way that NSA will be protecting the smartphones that will be used for classified information retrieval. Learn how your government plans to keep its own secrets and how you can protect yours.
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Iftikhar Ali Iqbal
Provides a brief comparison between endpoint protection solutions provided by Symantec and Sophos based on threat intelligence network, third-party reports, key differentiators and removal information.
Bryan Owen of OSIsoft at S4x15 OTDay.
Bryan shows how to harden a Windows Services generically and then specifically to a service used by OSIsoft's PI Server
HyTrust-FISMA Compliance in the Virtual Data CenterHyTrust
HyTrust software can help organizations meet NIST and FISMA compliance requirements for security in virtualized environments. It provides granular access controls, continuously monitors configurations, and logs all activity in virtual infrastructure in a standardized format. This helps address gaps in basic security controls for virtualization platforms and fulfills requirements around access management, audit generation, configuration management, and other control families. HyTrust captures additional event details like individual user IDs and IP addresses to facilitate audit review and correlation with physical infrastructure logs.
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...Vincent Giersch
University of Kent 2013 - CO899 System security
Presentation of the article:
Salah K, et al, Computers & Security (2012), http://dx.doi.org/10.1016/j.cose.2012.12.001
Symantec Endpoint Encryption - Proof Of Concept DocumentIftikhar Ali Iqbal
The document is to be used as a POC template for the Drive Encryption part in Symantec Endpoint Encryption Powered by PGP. Please make sure that the latest information and platform support is used.
Trusted computing introduction and technical overviewSajid Marwat
Trusted computing aims to increase confidence in computing platforms by enabling platforms to prove their integrity and identity. The Trusted Computing Group is developing an open standard for a trusted platform module (TPM) that can reliably measure a platform's software state, attest to its identity and properties, and protect confidential data. The TPM acts as a root of trust and provides mechanisms for platform authentication, integrity reporting, and protected storage that enable trust in remote platforms and their expected behavior.
This session explains how the combination of IEEE 802.1AE (data link encryption) with the power of Session Group Tags achieves trusted security in a network. It covers the protocols details as well as use case and more importantly how CTS can be deployed in a network. This session is targeted mainly to enterprise customers.
OCS LIA. The intergration of the Enterasys NAC Solution and Siemens Enterprise Networking - Totally Intergrated Security Architecture
The first technical intergration that provides a truely unique proposition when combining an Enterasys NAC solution with a SEC UC solution
Unified malware protection for business desktops, laptops and server operating systems that provides unified protection, simplified administration and visibility and control. Key features include real-time virus protection, advanced malware protection, one policy to manage client agent protection across systems, customized alerts and security assessments. The document discusses security features for Server 2008 such as BitLocker drive encryption, user account control, read-only domain controllers, network access protection and cryptography next generation.
The lecture by Sartakov A. Vasily for Summer Systems School'12.
Brief introduction to Trusted Computing.
SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security.
1. http://ksyslabs.org/
Multi domain security-management_technical_presentationdavebrosnan
Check Point's Multi-Domain Management Software allows organizations to segment their security management into multiple virtual domains for better security, consistent global policies, and simple, affordable deployment. The software provides security domains, global policy blades, and granular role-based administration capabilities to maximize security and control across an organization's network.
The Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor developed by the Trusted Computing Group to provide hardware-based security related features. It measures the boot process and software running on a device to ensure integrity and allows for remote attestation of the device's state. The TPM provides roots of trust for measurement, reporting, and storage and utilizes platform configuration registers, sealed storage, and keys to securely store and report information based on the device's configuration.
This document provides an overview of oneM2M, a global standards initiative for machine-to-machine communications and the Internet of Things. It discusses oneM2M's history, establishment in 2012 with over 200 members, and release of standards including Release 1.0 in 2014 and Release 2.0 ongoing. The document outlines oneM2M's main functions such as data storage and sharing, as well as optional functions. It also summarizes several organizations' implementations of oneM2M standards through open-source platforms such as KETI's Mobius, the Eclipse Foundation's OM2M, and ETRI's COMUS platform.
Trusted Extensions is an extension of the Solaris 10 security foundation that provides access control policies based on the sensitivity/label of objects. It adds additional software packages and label-aware services to implement multilevel security on a standard Solaris 10 system according to government security standards. Trusted Extensions allows selective access to objects like files, processes, and network services based on sensitivity labels.
The document summarizes Symantec Endpoint Suite, which includes several security products that provide layered protection for endpoints, email, and mobile devices. It discusses Symantec Endpoint Protection for antivirus and antimalware on endpoints, Symantec Endpoint Encryption for data encryption, Symantec Mobile Threat Protection and Management for mobile security, and Symantec Messaging Gateway for email security. The suite aims to simplify security management and reduce costs through an integrated platform that protects against threats, data loss, and reduces complexity.
OneM2M is an IoT platform standard that defines common service functions for connecting various IoT devices and enabling new services. The document discusses OneM2M's security architecture which includes security function, environment abstraction and secure environment layers. The security function layer provides identification, authentication, authorization, security association and other functions to protect sensitive data and functions.
This document provides information on the PowerTech Interact product, which allows monitoring of security events on IBM System i and AS/400 servers. It captures over 500 event types from audit journals, critical operating system messages, and network exit programs. Events are sent to the LogRhythm security information and event management console. Interact provides simplified explanations of events and allows filtering of data to save disk space and bandwidth. It offers comprehensive monitoring of privileged users, commands, jobs, passwords, system values and more to enhance security and compliance on IBM iSeries systems.
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive functioning. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Iftikhar Ali Iqbal
Provides a brief comparison between endpoint protection solutions provided by Symantec and Sophos based on threat intelligence network, third-party reports, key differentiators and removal information.
Bryan Owen of OSIsoft at S4x15 OTDay.
Bryan shows how to harden a Windows Services generically and then specifically to a service used by OSIsoft's PI Server
HyTrust-FISMA Compliance in the Virtual Data CenterHyTrust
HyTrust software can help organizations meet NIST and FISMA compliance requirements for security in virtualized environments. It provides granular access controls, continuously monitors configurations, and logs all activity in virtual infrastructure in a standardized format. This helps address gaps in basic security controls for virtualization platforms and fulfills requirements around access management, audit generation, configuration management, and other control families. HyTrust captures additional event details like individual user IDs and IP addresses to facilitate audit review and correlation with physical infrastructure logs.
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...Vincent Giersch
University of Kent 2013 - CO899 System security
Presentation of the article:
Salah K, et al, Computers & Security (2012), http://dx.doi.org/10.1016/j.cose.2012.12.001
Symantec Endpoint Encryption - Proof Of Concept DocumentIftikhar Ali Iqbal
The document is to be used as a POC template for the Drive Encryption part in Symantec Endpoint Encryption Powered by PGP. Please make sure that the latest information and platform support is used.
Trusted computing introduction and technical overviewSajid Marwat
Trusted computing aims to increase confidence in computing platforms by enabling platforms to prove their integrity and identity. The Trusted Computing Group is developing an open standard for a trusted platform module (TPM) that can reliably measure a platform's software state, attest to its identity and properties, and protect confidential data. The TPM acts as a root of trust and provides mechanisms for platform authentication, integrity reporting, and protected storage that enable trust in remote platforms and their expected behavior.
This session explains how the combination of IEEE 802.1AE (data link encryption) with the power of Session Group Tags achieves trusted security in a network. It covers the protocols details as well as use case and more importantly how CTS can be deployed in a network. This session is targeted mainly to enterprise customers.
OCS LIA. The intergration of the Enterasys NAC Solution and Siemens Enterprise Networking - Totally Intergrated Security Architecture
The first technical intergration that provides a truely unique proposition when combining an Enterasys NAC solution with a SEC UC solution
Unified malware protection for business desktops, laptops and server operating systems that provides unified protection, simplified administration and visibility and control. Key features include real-time virus protection, advanced malware protection, one policy to manage client agent protection across systems, customized alerts and security assessments. The document discusses security features for Server 2008 such as BitLocker drive encryption, user account control, read-only domain controllers, network access protection and cryptography next generation.
The lecture by Sartakov A. Vasily for Summer Systems School'12.
Brief introduction to Trusted Computing.
SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security.
1. http://ksyslabs.org/
Multi domain security-management_technical_presentationdavebrosnan
Check Point's Multi-Domain Management Software allows organizations to segment their security management into multiple virtual domains for better security, consistent global policies, and simple, affordable deployment. The software provides security domains, global policy blades, and granular role-based administration capabilities to maximize security and control across an organization's network.
The Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor developed by the Trusted Computing Group to provide hardware-based security related features. It measures the boot process and software running on a device to ensure integrity and allows for remote attestation of the device's state. The TPM provides roots of trust for measurement, reporting, and storage and utilizes platform configuration registers, sealed storage, and keys to securely store and report information based on the device's configuration.
This document provides an overview of oneM2M, a global standards initiative for machine-to-machine communications and the Internet of Things. It discusses oneM2M's history, establishment in 2012 with over 200 members, and release of standards including Release 1.0 in 2014 and Release 2.0 ongoing. The document outlines oneM2M's main functions such as data storage and sharing, as well as optional functions. It also summarizes several organizations' implementations of oneM2M standards through open-source platforms such as KETI's Mobius, the Eclipse Foundation's OM2M, and ETRI's COMUS platform.
Trusted Extensions is an extension of the Solaris 10 security foundation that provides access control policies based on the sensitivity/label of objects. It adds additional software packages and label-aware services to implement multilevel security on a standard Solaris 10 system according to government security standards. Trusted Extensions allows selective access to objects like files, processes, and network services based on sensitivity labels.
The document summarizes Symantec Endpoint Suite, which includes several security products that provide layered protection for endpoints, email, and mobile devices. It discusses Symantec Endpoint Protection for antivirus and antimalware on endpoints, Symantec Endpoint Encryption for data encryption, Symantec Mobile Threat Protection and Management for mobile security, and Symantec Messaging Gateway for email security. The suite aims to simplify security management and reduce costs through an integrated platform that protects against threats, data loss, and reduces complexity.
OneM2M is an IoT platform standard that defines common service functions for connecting various IoT devices and enabling new services. The document discusses OneM2M's security architecture which includes security function, environment abstraction and secure environment layers. The security function layer provides identification, authentication, authorization, security association and other functions to protect sensitive data and functions.
This document provides information on the PowerTech Interact product, which allows monitoring of security events on IBM System i and AS/400 servers. It captures over 500 event types from audit journals, critical operating system messages, and network exit programs. Events are sent to the LogRhythm security information and event management console. Interact provides simplified explanations of events and allows filtering of data to save disk space and bandwidth. It offers comprehensive monitoring of privileged users, commands, jobs, passwords, system values and more to enhance security and compliance on IBM iSeries systems.
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive functioning. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
This document summarizes gSNAP, a secure network access platform reference architecture developed by Sun Microsystems for government customers. The key points are:
1) gSNAP provides a "70% solution" for secure collaboration at the desktop level across government agencies and trusted partners.
2) It addresses the needs of government users to access information from anywhere, anytime within a highly secure environment.
3) The solution consists of stateless Sun Ray thin clients connecting to a load balanced backend of Trusted Solaris servers, providing single sign-on access to multiple secure network domains through a single desktop terminal with strict auditing of inter-domain data transfer.
Este documento presenta una lección sobre procesos de expansión y contracción de ideas. Explica procesos como considerar otros puntos de vista, considerar prioridades y planificación. Incluye ejemplos de cómo aplicar estos procesos a diferentes situaciones como un accidente de tránsito y la organización de actividades para un carnaval. El objetivo es desarrollar habilidades de pensamiento como analizar una situación desde diferentes perspectivas y establecer un plan de acción.
This document provides an overview of gSNAP, Sun Microsystems' Secure Network Access Platform reference architecture for secure collaboration in government customers. It describes gSNAP as a "70% solution" that leverages Sun's trusted computing environment, ultra-thin client technology, and partner products for secure access across multiple network security domains from a single desktop. Use cases are presented for gSNAP deployments in defense, public safety, and health agencies to enable secure collaboration within and between organizations. Requirements for trusted computing, secure inter-domain data transfer, and remote access are outlined. The document positions gSNAP against market drivers in government for increased cross-agency collaboration and mobility requirements.
The document discusses several key aspects of massage therapy:
- Massage therapy is built upon honesty, awareness, and compassion between the therapist and client. The therapist must be fully present both physically and mentally.
- Several specific massage modalities are described including seated massage, trigger point therapy, hot rock massage, shiatsu, and cranial sacral therapy.
- Massage therapists increasingly work with other healthcare professionals like nurses and doctors due to massage therapy's integration into mainstream healthcare. Strong anatomy knowledge is important for this collaboration.
Полезные модули DEFA для автоматизации работы интернет-магазинаDEFA
Доклад в рамках семинара "1С-Битрикс" TOP 5 решений «Маркетплейс» о трех модулях, разработанных компанией DEFA:
Defa Tools. Модуль для упрощения работы в административной части: копирование инфоблоков, демо-контент, дополнительные типы свойств и многое другое
Defa SocialMediaPoster. Решение, позволяющее автоматизировать процесс публикации информационных разделов сайта в Ваши аккаунты в социальных сетях.
Defa SeoPinger. Модуль, позволяющий автоматизировать процесс оповещения поисковых роботов о новом контенте на вашем сайте.
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
This document introduces Assure Security, a comprehensive security solution from Syncsort that addresses IBM i security. It provides an overview of the topics that will be covered in the webinar, including Assure's access control, data privacy, compliance monitoring, security risk assessment, and integration capabilities. The document discusses how Assure Security combines security capabilities from Cilasoft and Townsend Security to provide a complete security and compliance solution for IBM i. It highlights some of Assure Security's key capabilities such as access control, data privacy, compliance monitoring, and security risk assessment. Customer stories are also provided as examples of how Assure Security has helped organizations address security and compliance challenges.
Social Distance Your IBM i from Cybersecurity RiskPrecisely
The continuous news of personal information stolen from major retailers and financial institutions have driven consumers and regulatory bodies to demand that more action be taken to ensure data protection and privacy. Regulations such as PCI DSS, HIPAA, GDPR, and FISMA require that personal data be protected against unauthorized access using technologies like encryption, tokenization, masking, secure file transfer and more. With all the options available for securing IBM i data at rest and in motion, how do you know where to begin?
Register to get up to speed on the key concepts you need to know about assuring data privacy for your customers, business partners and employees.
Topics will include:
- Protecting data with encryption and the need for strong key management
- Use Cases that are best for tokenization
- Options for permanently deidentifying data
- Securing data in motion across networks
- Complete security solution for IBM I (AS/400)
This document provides information about Microsoft's security practices for its cloud services. It discusses Microsoft's certifications and compliance with standards like ISO 27001, SOC 1, SOC 2, FedRAMP, PCI DSS Level 1, and others. It also summarizes Microsoft's approach to security development, operations, data protection, identity and access management, patching, malware protection, and more. The document is intended to help customers understand how Microsoft secures its cloud platform and builds security into every layer from the physical infrastructure to the software development process.
The document summarizes security enhancements in Visual Studio 2005 and SQL Server 2005, including managed code security improvements like running under less privileged accounts, code access security, and debugging/IntelliSense in restricted permission zones. It also describes SQL Server 2005 features like secure defaults, strengthened authentication, granular permissions, encryption and execution context.
This presentation walks through the Security and Compliance functionality to customers leveraging Azure as a compute environment. It includes deep-dive references to detailed information on each topic presented.
This document discusses recommendations for securing an Active Directory environment. It recommends a single forest single domain architecture by default, but acknowledges exceptions may exist. It introduces a tier model for access control and recommends restricting privilege escalation through measures like privileged access workstations and assessing AD security. It also recommends restricting lateral movement, implementing attack detection solutions, and preparing the organization through strategic planning and technical education.
Design and Deploy Secure Clouds for Financial Services Use CasesPLUMgrid
This document discusses using Red Hat OpenStack Platform and micro-segmentation to securely deploy financial services clouds. It covers common OpenStack security challenges, how Red Hat OpenStack Platform addresses these challenges through automation and templates, and how micro-segmentation provides isolation and strict access controls. The presentation then demonstrates micro-segmentation using virtual domains to separate workloads and apply fine-grained security policies in a demo.
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
This document provides an overview of Alert Logic's Security-as-a-Service offering. It describes Alert Logic's integrated multi-layer security solution that protects enterprise applications and cloud workloads from web application attacks, server and network activity, and vulnerabilities. It also discusses how Alert Logic assesses risks, blocks threats, detects anomalies, and ensures compliance. Alert Logic provides both security software and services to help secure hybrid and multi-cloud environments.
Enterprise Node - Securing Your EnvironmentKurtis Kemple
This document discusses securing an enterprise Node.js environment. It recommends using Node LTS versions for stability, containerizing applications for isolation, and securing dependencies by whitelisting modules. It also covers authenticating users with JWT, authorizing access with scopes and roles, validating input data, encrypting sensitive data, and ensuring HTTPS is used everywhere. Securing the runtime is important to protect the company from threats, improve confidence, and meet regulations.
This document discusses Alert Logic's Security-as-a-Service offering which provides an integrated multi-layer security solution to protect enterprise applications and cloud workloads across hosted data centers and hybrid environments. It protects against web application attacks, server and network activity, and vulnerabilities across software stacks. Alert Logic also provides security experts and services including assessment, blocking, detection, and compliance. The document then discusses best practices for securing an AWS environment including logical network segmentation, access management, configuration management, and understanding the shared responsibility model between cloud providers and customers.
Cloud computing transforms the way we can store, process and share our data. New applications and workloads are growing rapidly, which brings every day more sensitive data into the conversation about risk and what constitutes natural targets for bad actors. This presentation reflects on current best practices to address the most significant security concerns for sensitive data in the cloud, and offers participants a list of steps to achieve enterprise-grade safety with MongoDB deployments among the expanding service provider options.
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
Iain Leiter from A.T. Still University discussed their organization's migration from a hardware-based firewall to NSX to improve performance and compliance. Some key advantages of NSX include distributed firewalling for high performance and scalability, pay-as-you-grow flexibility, and advanced security features like microsegmentation. Their deployment process involved installing NSX, defining security groups, building security policies using syslog data from "recon rules", and applying a common services policy. Discoveries included many backdoors, application architecture issues, and the security benefits of microsegmentation.
Enterprise Architecture, Deployment and Positioning Cisco Russia
The document discusses enterprise network deployment models and Cisco products for each model. It provides an overview of unified access, traditional access, converged access, and instant access deployment models. For each model, it describes the key characteristics and considerations, as well as which Cisco products are best suited as the lead platform. The document also covers topics like Cisco TrustSec for security, application visibility and control, and resiliency features of Cisco Catalyst infrastructure products.
OPC UA Connectivity with InduSoft and the OPC FoundationAVEVA
The document discusses the role and mission of the OPC Foundation. It states that the Foundation is the world's leading community for interoperability solutions based on OPC specifications that deliver universal connectivity. The mission of the community is to advance the development, adoption and certification of OPC-based products through global collaborations. The Foundation is also the official source for the OPC Certification Program, which ensures that OPC products plug-and-play in real-world applications.
This document contains slides from a Cisco presentation on firewall certification. It discusses the CCNP Security Firewall v2.0 exam, including exam details, recommended reading, and high-level topics covered. It also provides an overview of Cisco firewall technology including the Adaptive Security Appliance and its features. Configuration topics like licensing, interfaces, NAT, routing, inspection policies and transparent mode are briefly outlined.
Defending Applications In the Cloud: Architecting Layered Security Solutions ...EC-Council
The many benefits of running enterprise applications in cloud computing environments make the migration from traditional data center hosting to cloud service providers compelling. Differences in the way cloud computing services are delivered raise questions about how best to ensure that cloud-hosted applications implement security measures associated with conventional defense-in-depth strategies. Although the virtualized, distributed infrastructure characteristic of cloud computing environments does not directly support the separate zones long used to deploy multi-tier applications, there are architectural features and services available from many cloud service providers that can be used to design functionally equivalent security models. This session will present practical design considerations and architectural patterns for securing cloud-based applications. It will highlight key functions and security measures available from major cloud providers such as Amazon Web Service and Microsoft Azure. Despite the quite valid security concerns many organizations have about deploying applications to cloud computing environments, the infrastructure and platform services many CSPs offer may actually result in stronger security controls than would be feasible in in-house or traditional IT outsourcing environments.
GlobalPlatform provides standards for trusted execution environments (TEEs) that are deployed across billions of devices. The standards define hardware and software specifications for TEEs to securely deliver digital services. GlobalPlatform is working with RISC-V to define TEE configurations for lightweight IoT devices and leverage RISC-V's secure hardware enclave capabilities. The organization's protection profiles and security certification help service providers assess risks when using TEE technologies.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
3. Delivering Defence Solutions
Globally
Challenges for Secure Collaboration
Networks
•
•
•
•
•
•
Role-based Access to Multiple Security Domains
Secure Data Transfer between Domains
Scalability and Availability
Ability to meet Regulations and Certify/Accredit Deployed
Platforms
Maximize Workflow Efficiency
Minimize Cost of Acquisition and Life-Time Ownership
4. Delivering Defence Solutions
Globally
Target Communities
•
Government Communities of Interest have special IT
needs based on classified information handling
>
>
•
Requirements for appropriate handling of classified
information mandate rigid approach to network configuration
Conceptual “compartments” are manifested in physically
isolated networks
SNAP enables secure, multi-compartment access from a
single, thin-client desktop system—while preserving
network isolation
5. Delivering Defence Solutions
Globally
Government System Requirements
• Thin Client desktop – secure computing environment
• Single Virtual Switch to Multiple Networks
> Single desktop with connections to multiple security domains
implemented as physically separated networks (without
enabling intra-domain routing)
> End-users have controlled access to domains based on
security level, compartmentalization
• Secure Inter-Domain Data Transfer
> Automated and manual auditing based on pre-defined policies
and procedures
• Windows Interoperability
> Secure Global Network, Citrix, RDP, X Windows or
Browser.
8. Delivering Defence Solutions
Globally
Mobility with Security:
Ultra-Thin Client Front-End
Before:
After:
To ensure a high level of security physically isolated clients were deployed often single state
Full Session Mobility enabled by a resulting in
9. Delivering Defence Solutions
Globally
The Sun Solution:
Secure Network Access Platform
DOD
Community
Intell
Community
Switch Switch
Switch
NATO
Community
Switch
Other
Community
Switch
ARCHITECTURAL
INDEPENDENCE
Multi-network
Application Consolidation
●
Ultra Secure Authentication
layer
●
V240
V240
V240
Switch
Switch
Context free access layer
●
User Identity/Role based
access
●
Switch
>
●
D1000
Auditability
>
220R
Session Mobility
N
10. Delivering Defence Solutions
Globally
Different Security Domains
• System Requirements and Security Policy dictate
which networks/security domain will be a part of the
implementation
• Each security domain is assigned a label
> All labels defined in Labels and Encoding File
> All security domains within implementation must be
defined in Labels and Encoding File
• Sol 10 TX using Mandatory Access Control and
Trusted Networking enforces security policy by
allowing/denying access to/from a specific security
domain
• Security Domains can be dynamically added/deleted
from architecture as long as they are defined in policy
11. Delivering Defence Solutions
Globally
User Access, Rights and Roles
• User Access dependent upon Roles and Security
Clearance
• User Roles defined by job function and permission
to applications and data
• All users are assigned a Role and are granted
privileges based on security clearance
• Audit Logs record user activity
12. Delivering Defence Solutions
Globally
Trusted Solaris(TM) Is Certified as one of Indus
Trusted Extensions
Layered on Solaris
EAL4+ (B1) 10*
(CAPP, RBACPP, LSPP)
Solaris 10
EAL4+ (C2) (CAPP & RBACPP)
OS CERTIFIED WITH EAL4 AND
3 PROTECTION PROFILES IN EAL4:
CAPP—Controlled Access Protection Profile
(Ensures proper login)
RBPP—Role-based Protection Profile
(Role-based access control allows the
system administrator to define roles
EAL4 or EAL4+ (C2) (CAPP)
Linux
based on job functions within an organization.
The administrator assigns privileges to those roles)
EAL3 or EAL3+
LSPP—Labeled Security Protection Profile (
All data and application components are
REDHAT
SGI Irix
SuSE
IBM AIX
HP-UX
WINDOWS 2000
SOLARIS 8
SOLARIS 9
TRUSTED SOLAR
Based on data from http://www.commoncriteriaportal.org/
formally labeled addressed, and tracked
through role based access control
13. Delivering Defence Solutions
Globally
Common Criteria Evaluation Levels
• CC Evaluation Assurance Levels (EAL)
>
>
>
>
>
>
>
EAL1
EAL2
EAL3
EAL4
EAL5
EAL6
EAL7
Functionally Tested
Structurally Tested
Methodically Tested and Verified
Methodically Designed, Tested and Verified
Semi-formally Designed and Tested
Semi-formally Verified Design and Tested
Formally Verified Design and Tested
• These are used to measure how well a protection profile has
been tested...
14. Delivering Defence Solutions
Globally
Certification vs. Accreditation
• Hardware and Software Components are evaluated
against Protection Profiles and receive Certifications
at Evaluation Assurance Levels (EAL)
• Systems are Accredited based on the Security Policy
established for the specific program
15. Delivering Defence Solutions
Globally
US Accreditation Examples
• Certification Test & Evaluation (CT&E)
> SR 1-8 Performed by DISA Slidell for NSA
> SR 9 (Penetration Testing) Performed by NSA
• SABI Accredited
> Completed Questionnaire
> Valid Requirement from Operational Unit
> DSAWG Process
> Cross Domain Technical Advisory Board - CDTAB
> Cross Domain Systems Approval Process - CDSAP
• Documents
>
>
>
>
>
System Security Authorization Agreement - SSAA
Interim Authority to Operate - IATO
Cross Domain Appendix - CDA
Enclave MOA’s
Secret Network Connection Approval Process
• Awaiting US Department of Commerce export approval (expected this week)
17. Delivering Defence Solutions
Globally
What Is Trusted Operating System?
A security-enhanced version of Solaris with
additional access control policies
Implements label-based security with
hierarchical and compartmented modes
Implements Role-Based Access Control and
the Principle of Least Privilege
SolarisTM 10 Trusted
Extensions
Provides a trusted multilevel desktop for
workstations and ultra-thin clients
Has the most complete set of trusted
functionality of any certified OS
18. Delivering Defence Solutions
Globally
Trusted Extensions
Trusted Solaris
BSM
Trusted Networking
Trusted Desktop
RBAC
Solaris
Solaris 2.3
Solaris 8/9
Solaris 10
w/ TX
Layered on
Solaris
Process Attributes
Device Allocation
Virtualization
Privilege Policy
Solaris 10
19. Delivering Defence Solutions
Globally
Trusted Solaris History
• 1990, SunOS MLS 1.0
> Conformed to TCSEC (1985 Orange Book)
• 1992, SunOS CMW 1.0
> Compartmented-mode workstation requirements
> Release 1.2 ITSEC certified for FB1 E3, 1995
• 1996, Trusted Solaris 2.5
> ITSEC certified for FB1 E3, 1998
• 1999, Trusted Solaris 7
• 2000, Trusted Solaris 8
> Common Criteria: CAPP, RBACPP, LSPP at EAL4+
> Updates to Trusted Solaris 8 also re-certified
• 2006, Solaris 10 w/ Solaris Trusted Extensions
21. Delivering Defence Solutions
Globally
Trusted Computing Key Features
and Benefits
●
Trusted Extensions extends the security capabilities
of Solaris by providing:
−
−
−
−
−
−
−
−
−
Trusted Path
Least Privilege
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Sensitivity Labels
Role-based Access Control (RBAC)
Trusted Networking
Trusted Windowing
Trusted Printing
22. Delivering Defence Solutions
Globally
Trusted Path
●
What is Trusted Path?
A mechanism that provides confidence that
the user is communicating directly with the
Trusted Computing Base (TCB)
➢ It ensure that attackers can't intercept or modify
whatever information is being communicated
➢
●
How is Trusted Path achieved?
Trusted Windowing (Trusted CDE)
➢ Solaris Management Console (SMC)
➢
23. Delivering Defence Solutions
Globally
Least Privilege
●
There is no concept of “superuser”
➢
➢
●
In its place, fine-grained privileges...
➢
That delegate specific capabilities as needed
Example: How to start a web server?
➢
➢
●
Root is not exempt from policy enforcement
Root is not required for administration
In Solaris, must be started as root or using a RBAC role that
sets UID to 0 before starting
In Trusted Solaris, only the privilege “net_privaddr” need be
assigned
24. Delivering Defence Solutions
Globally
Discretionary Access Control
●
Discretionary Access Control (DAC)
A software mechanism for controlling users' access to files
and directories.
➢ Leaves setting protections for files or
directories to the owner's discretion
➢
There are two forms of DAC in both Solaris and
Trusted Solaris:
●
Unix Permissions
➢ Access Control Lists (ACLs)
➢
25. Delivering Defence Solutions
Globally
Mandatory Access Control
●
Mandatory Access Control (MAC)
A system-enforced access control mechanism that uses
clearances and labels to enforce security policy
➢ MAC is enforced according to your site's security policy and
cannot be overridden without special authorization or
privileges
➢
●
MAC is key in SNAP for preserving network
isolation
26. Delivering Defence Solutions
Globally
Role-Based Access Control
●
●
●
●
A role is a special account that provides
access to specific programs using predefined
privileges and authorizations
Can only be assumed if Trusted Path exists
Can grant fine-grained privileges to programs
Can execute programs with different labels
27. Delivering Defence Solutions
Globally
Sensitivity Labels
●
Sensitivity Labels are defined by:
➢
A Classification indicating the (hierarchical) level or
degree of security
●
➢
➢
A Compartment representing some grouping
●
●
●
e.g, TOP SECRET, SECRET, CONFIDENTIAL, …
e.g., PUBLIC, INTERNAL, NEED TO KNOW, …
e.g., ALPHA1, BRAVO1, BRAVO2
e.g., PAYROLL, HR, FINANCE, ENGINEERING
Relationships can be hierarchical or
compartmentalized
28. Delivering Defence Solutions
Globally
Sensitivity Labels (2)
●
Dominance Relationships
➢
●
In a hierarchical relationship, a label that dominates
another is able to read data from the lower label
(“read down”)
Clearances
➢
Highest level of access assigned to the user
●
●
A user cannot read or write above clearance
Privileges can be given to exceed clearance
29. Delivering Defence Solutions
Globally
Label Aware Services
• Services which are trusted to protect multi-level
information according to predefined policy
• Trusted Extensions Label-aware service include:
>
>
>
>
>
>
>
Labeled Desktops
Labeled Printing
Labeled Networking
Labeled Filesystem
Label Configuration and Translation
System Management Tools
Device Allocation
30. Delivering Defence Solutions
Globally
Device Allocation
• Devices must be allocated before they can be used
• Only authorized users/roles are allowed to
allocate/deallocate devices at a label they are
cleared for.
• USB devices can be allocated
• Sun This Client Devices
> Audio filtered based on desktop unit
> Hot pluggable device support
• Devicec can be contolled by role or by user
32. Delivering Defence Solutions
Globally
Zones for Trusted Extensions
• Each zone has a label
> Labels are implied by process zone IDs
> Processes are isolated by label (and zone ID)
> Files in a zone assume that zone's label
• Global zone is unique
> Parent of all other zones
> Exempt from all labeling policies
> No user processes—just TCB
> Trusted path attribute is applied implicitly
> Provides services to other zones
• Common naming service to all zones
• Device allocation on a per-zone / per-label basis
33. Delivering Defence Solutions
Globally
Trusted Extensions - Option 1: Per-Zone
Need-toknow
Internal
Use
Public
Multilevel Desktop Services
(Global Zone)
Solaris Kernel
1.2.3.10
1.2.4.10
1.2.5.10
1.2.6.10
• Each zone has a
unique IP address
• Network Interface
may be virtualized to
share a single
hardware NIC or use
multiple NICs
34. Delivering Defence Solutions
Globally
Trusted Extensions - Option 2: All-Zon
Need-toknow
Internal
Use
Public
Multilevel Desktop Services
(Global Zone)
Solaris Kernel
1.2.3.4
1.2.3.4
1.2.3.4
1.2.3.4
1.2.6.10
• All zones share a
single address
• Shared network
Interface may be
physical or logical
• Both per-zone and
all-zone assignment
strategies can be
used concurrently
38. Delivering Defence Solutions
Globally
Benefits of Trusted Extensions
• Leveraging Solaris functionality:
> Process & User Rights Management, auditing, zones
> Make use of existing Solaris kernel enhancements
• Elimination of patch redundancy:
> All Solaris patches apply, hence available sooner
> No lag in hardware platform availability
• Extend Solaris Application Guarantee
• Full hardware and software support
> File systems (UFS, VxFS, ZFS, SAM-FS, QFS, etc.)
> Processors (SPARC, x86, AMD64
> Infrastructure (Cluster, Grid, Directory, etc.)
39. Delivering Defence Solutions
Globally
Trusted Extensions in a Nutshell
• Every object has a label associated with it
> Files, windows, printers, devices, network packets,
network interfaces, processes, etc...
• Accessing or sharing data is controlled by the
objects label relationship to each other
> 'Secret' objects do not see 'Top Secret' objects
• Administrators utilize Roles for duty separation
> Security admin, user admin, installation, etc...
• Programs/processes are granted privileges rather
than full superuser access
• Strong independent certification of security
42. Delivering Defence Solutions
Globally
Client Pain Points
FAT OS
Multiple Crash Sites
●
Virus Entry Points
●
Client Side Support
●
Unapproved Apps
●
Local Apps
●
Large Power Consumption
●
Resource Underutilization
Big CPU,
DRAM
Local Hard
Drive
44. Delivering Defence Solutions
Globally
Sun Ray Ultra-thin Clients
Session Mobility/ Hot-Desking
Multiple OS & Application Choices: Solaris, Linux or
Windows
Small footprint
Built-in Java Card Readers supporting
multifactor authentication
Sun Ray 2G
Sun Ray 270
1920 x 1200
Supports 24” Display
17" LCD Integrated
Broadband deployment capable
• No DATA at the desktop
OEM's
• No APPS at the desktop
• No OS at the desktop
OEM options
• No END-USER
MANAGEMENT at the
desktop
45. Delivering Defence Solutions
Globally
Mobility with Security today at Sun
●
30, 000+ Sun Rays deployed at Sun
●
1 SA per 3000 clients
●
$ 4.8M Power Savings
●
Zero Move/Add/Changes
●
Patching and OS upgrade speed
●
Zero annual desktop
refresh costs
●
$71 M Savings in Real Estate
●
Software License Savings
●
Secure: token authentication, no viruses
●
Silent: no fans or moving part
●
No User time for boot up and OS management
46. Delivering Defence Solutions
Globally
Sun Ray Deployment Options
Sun Ray
Server
Corporate
WAN Router/
Firewal
l
Interne
t
Intrane
t
Office
Broadband Remote
ISP
Hom
e
47. Delivering Defence Solutions
Globally
JavaBadge
One, Multi-App Badge With a Future
vs.
Multiple Cards With No Future
Corporate Card/
Physical Access Card
Sun RayTM Server Session Mobility Card
=
PKI Authentication Token Card/ x509
Replaces Safeword Challenge/Response Card
50. Delivering Defence Solutions
Globally
Identity Synchronization for Windows
(ISW) System Components
• ISW Connectors; synchronize modification and user
creation events over the Message Queue
> Sun Java System Directory Server
> W2000/2003 Active Directory & NT SAM
• Connector Subcomponents; DS Plugin, NT
Password Filter
• DLL, NT Change Detector
55. Delivering Defence Solutions
Globally
Multi-Media Capable Sun Ray
• Delivered by 3rd party partner (GD C4 Systems)
> Prototype developed
> Anticipated availability, December 06
• Local Video and Audio Devices
> “Limited 3-D graphics rendering”
> codec and application dependent
> high-resolution display capabilities
> Low latency audio
> Streaming Audio and Video
• Desktop and Laptop / Portable footprint
• Sun Ray Engineering
> Sun Ray DDX into X Server
> Local Codec Execution on SR-2 Hardware
56. Delivering Defence Solutions
Globally
Why Should Your Customers Care
About or Consider the Secure Network
Access Platform?
Because it protects data, centralizes
control of your data & helps avoid
embarrassing and damaging media
moments like these...
59. Delivering Defence Solutions
Globally
Secure Network Access Platform for Gov
3rd Party Security Extensions
Integration to Legacy Systems
Java Ultra-Thin Client Environment
Government Accredited Trusted Operating Env
RAS Compute Platform
Consulting, Training,
and Support Services
TNE, Maxim, AC Tech,
Cryptek, Tenix, RSA, TCS, etc.
Secure Global Desktop, Citrix, RDP, Thinsoft
SunRay 2FS, 270; Sun Ray Session Server,
Trusted CDE, Java Cards
Solaris 10 TX Certified EAL4+ (B1): CAPP,
LSPP, RBPP
Sun Solaris
Enterprise StorEdge™ 9
Sun Servers
Sun Open Work Practice, Workshop, POC,
Architecture and Implementation + Training
and Support