Demonstration of the use of strong authentication between embedded systems and traditional endpoints on a network using Trusted Computing Group standards and technology. Presented by Stacy Cannady at Security of Things Forum, Sept. 10 2015.
Cisco CSIRT Case Study: Forensic Investigations with NetFlowLancope, Inc.
Cisco CSIRT uses NetFlow to collect 16 billion flows from Cisco’s 175TB of traffic observed daily. The data is used to monitor, investigate, and contain incidents using 3 key playbook “plays” each day.
Two leaders from Cisco's Computer Security Incident Response Team (CSIRT) will review a real cyber incident and the resulting investigation leveraging NetFlow collected via the StealthWatch System.
Participants will learn how to use NetFlow and the StealthWatch System to:
Investigate top use cases: C&C discovery, data loss and DOS attacks
Gain contextual awareness of network activity
Accelerate incident response
Minimize costly outages and downtime from threats
Protect the evolving network infrastructure
Provide forensic evidence to prosecute adversaries
SSL/TLS Eavesdropping with Fullpath ControlMike Thompson
The presentation is actually part of a lab series. The slide deck has had specific information removed and thus the slides are missing. This covers the topic of SSL/TLS Eavesdropping for Defensive and Offensive purposes if you have Full Path Control. It is important to note that this presentation is property of A10 Networks and any work derived from this must be contributed to A10 Networks.
NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08NetFlowAuditor
Flow Based technology provides network visibility that reduces time and costs for understanding, alerting, and reporting on network issues. It gives real-time and historical insight into network traffic through non-intrusive collection of flow data from routers and switches. This flow-based network intelligence is useful for various teams and helps with tasks like capacity planning, security, and troubleshooting.
A talk given by Joseph Lorenzo Hall at the UCB TRUST Privacy workshop on 10/05/2006 that describes the tensions between institutional requirements and technical abilities of the TOR network, which severly limits TOR research on the UCB campus.
StealthWatch 6.5 is a significant release of the StealthWatch network monitoring software that features new security and flow analysis capabilities. It introduces an operational network and security intelligence dashboard for faster threat investigation. The release also includes user-defined threat criteria for more collaborative threat defense, an enhanced quick view of flow data, and integration with Palo Alto Networks firewalls for added context. StealthWatch Labs security updates provide detection of suspect and target data hoarding.
On her majesty's secret service - GRX and a Spy AgencyStephen Kho
The document discusses GRX (GPRS Roaming Exchange) and how it could be of interest to spy agencies. It provides an overview of GRX architecture, protocols, and components. It also describes how one could potentially gain unauthorized access to GRX infrastructure by enumerating hosts, scanning for GTP ports, sending GTP requests to identify GGSNs, and targeting DNS servers which are used to resolve APNs and set up GTP tunnels. The goal would be to intercept mobile network traffic for surveillance purposes by exploiting any vulnerabilities in the GRX architecture, protocols, or components.
The New Landscape of Airborne CyberattacksPriyanka Aash
This document discusses airborne cyberattacks and the new threat landscape they enable. It describes the BlueBorne attack, which can spread from device to device via Bluetooth without user interaction. BlueBorne impacts over 5.5 billion devices and was the most serious Bluetooth vulnerability to date. It demonstrates how an attacker could use BlueBorne to take over an Amazon Echo and then access a corporate network. The implications are that devices can now be attacked over the air, moving device-to-device. IoT devices need to be viewed as endpoints, and network infrastructure as unmanaged devices. It recommends that device and network discovery and visibility are critical next steps.
This document provides exam answers for CCNA 1 Chapter 11 v5.0 2014. It includes answers to multiple choice questions about wireless networking concepts like SSIDs, denial of service attacks, and commands used to back up and view router configurations. It also provides explanations for questions related to analyzing network performance issues, CDP troubleshooting, and securing wireless and email servers.
Cisco CSIRT Case Study: Forensic Investigations with NetFlowLancope, Inc.
Cisco CSIRT uses NetFlow to collect 16 billion flows from Cisco’s 175TB of traffic observed daily. The data is used to monitor, investigate, and contain incidents using 3 key playbook “plays” each day.
Two leaders from Cisco's Computer Security Incident Response Team (CSIRT) will review a real cyber incident and the resulting investigation leveraging NetFlow collected via the StealthWatch System.
Participants will learn how to use NetFlow and the StealthWatch System to:
Investigate top use cases: C&C discovery, data loss and DOS attacks
Gain contextual awareness of network activity
Accelerate incident response
Minimize costly outages and downtime from threats
Protect the evolving network infrastructure
Provide forensic evidence to prosecute adversaries
SSL/TLS Eavesdropping with Fullpath ControlMike Thompson
The presentation is actually part of a lab series. The slide deck has had specific information removed and thus the slides are missing. This covers the topic of SSL/TLS Eavesdropping for Defensive and Offensive purposes if you have Full Path Control. It is important to note that this presentation is property of A10 Networks and any work derived from this must be contributed to A10 Networks.
NetFlow Auditor Anomaly Detection Plus Forensics February 2010 08NetFlowAuditor
Flow Based technology provides network visibility that reduces time and costs for understanding, alerting, and reporting on network issues. It gives real-time and historical insight into network traffic through non-intrusive collection of flow data from routers and switches. This flow-based network intelligence is useful for various teams and helps with tasks like capacity planning, security, and troubleshooting.
A talk given by Joseph Lorenzo Hall at the UCB TRUST Privacy workshop on 10/05/2006 that describes the tensions between institutional requirements and technical abilities of the TOR network, which severly limits TOR research on the UCB campus.
StealthWatch 6.5 is a significant release of the StealthWatch network monitoring software that features new security and flow analysis capabilities. It introduces an operational network and security intelligence dashboard for faster threat investigation. The release also includes user-defined threat criteria for more collaborative threat defense, an enhanced quick view of flow data, and integration with Palo Alto Networks firewalls for added context. StealthWatch Labs security updates provide detection of suspect and target data hoarding.
On her majesty's secret service - GRX and a Spy AgencyStephen Kho
The document discusses GRX (GPRS Roaming Exchange) and how it could be of interest to spy agencies. It provides an overview of GRX architecture, protocols, and components. It also describes how one could potentially gain unauthorized access to GRX infrastructure by enumerating hosts, scanning for GTP ports, sending GTP requests to identify GGSNs, and targeting DNS servers which are used to resolve APNs and set up GTP tunnels. The goal would be to intercept mobile network traffic for surveillance purposes by exploiting any vulnerabilities in the GRX architecture, protocols, or components.
The New Landscape of Airborne CyberattacksPriyanka Aash
This document discusses airborne cyberattacks and the new threat landscape they enable. It describes the BlueBorne attack, which can spread from device to device via Bluetooth without user interaction. BlueBorne impacts over 5.5 billion devices and was the most serious Bluetooth vulnerability to date. It demonstrates how an attacker could use BlueBorne to take over an Amazon Echo and then access a corporate network. The implications are that devices can now be attacked over the air, moving device-to-device. IoT devices need to be viewed as endpoints, and network infrastructure as unmanaged devices. It recommends that device and network discovery and visibility are critical next steps.
This document provides exam answers for CCNA 1 Chapter 11 v5.0 2014. It includes answers to multiple choice questions about wireless networking concepts like SSIDs, denial of service attacks, and commands used to back up and view router configurations. It also provides explanations for questions related to analyzing network performance issues, CDP troubleshooting, and securing wireless and email servers.
This document discusses firewall technologies and how they work to secure networks. It begins by defining what a firewall is and its purpose of controlling access between trusted and untrusted networks. It then explains different types of firewalls including packet filtering, stateful inspection, proxies, and how each works. The document also covers topics like filtering, spoofing, fragmentation attacks, and how firewalls can help prevent these threats while noting limitations.
Cisco Connect Toronto 2017 - Model-driven TelemetryCisco Canada
This document provides an overview of Cisco's model-driven telemetry solution. It discusses key concepts like data models, encodings, transports and the telemetry pipeline. YANG is presented as the modeling language and telemetry is described as having three key enablers: push-based collection, analytics-ready data formats, and being data model-driven. Cisco routers support model-driven telemetry via gRPC, TCP, UDP and provide interfaces, system and other data in YANG, OpenConfig and IETF models.
Cisco, Sourcefire and Lancope - Better TogetherLancope, Inc.
Technology overview for Sourcefire FireSIGHT and Lancope StealthWatch including:
• Core features and functionality
• Market positioning and differentiators
• Technology integration for effective incident response
The document discusses authentication of identities in VoIP calls and proposes using IETF RFC 4474 as an alternative to current authentication methods. RFC 4474 utilizes PKI techniques like signed SIP messages to authenticate identities, simplifying peering relationships while providing more security. However, challenges include getting widespread adoption as real-world issues around message alterations in networks need to be addressed.
The detail architecture of the most relevant consumer drones will be introduced, continuing with the communications protocol between the pilot (app in the smartphone or remote controller) and the drone. Manual reverse engineering on the binary protocol used for this communication will lead to identifying and understanding all the commands from each of the drones, and later inject commands back.
Learning Objectives:
1: Understand whenever a protocol between drone and pilot is secure.
2: Learn about a new reverse engineering methodology for these protocols.
3: Review a set of good practices to secure the environment surrounding a drone.
(Source: RSA Conference USA 2018)
RPKI (Resource Public Key Infrastructure)Fakrul Alam
Resource Public Key Infrastructure (RPKI), also known as Resource Certification, is a specialized public key infrastructure (PKI) framework designed to secure the Internet's routing infrastructure. RPKI provides a way to connect Internet number resource information (such as Autonomous System numbers and IP Addresses) to a trust anchor. (wikipedia)
Site-to-site IPSec VPN tunnels securely transmit data between two network sites using encryption. ISAKMP and IPSec are used to establish and encrypt the VPN tunnel. ISAKMP phase 1 creates an initial secure tunnel, then phase 2 creates the data transmission tunnel using encryption algorithms. Configuring IPSec requires defining ISAKMP and transform sets, access lists, crypto maps, and applying crypto maps to interfaces.
Solving the Visibility Gap for Effective SecurityLancope, Inc.
Network visibility is a vital component of an effective security strategy, but many organizations lack the ability to identify threat activity in their environment. At Cisco, we have assessed the networks of thousands of organizations, and in nearly every instance, we discovered undocumented hosts, risky user behavior, or malicious activity.
Whether it is rogue servers, unauthorized connections, or ongoing data breaches, we’ve harnessed the power of network visibility to identify a variety of suspicious and malicious activity. Now let us share our knowledge with you.
Join Jeff Moncrief, Systems Engineering Manager at Cisco, to learn:
- The reality of how vulnerable enterprise networks are from endpoint to edge
- The security benefits of end-to-end network visibility
- Common problems solved with network visibility
- Stories of real-life threats hidden on networks we’ve assessed
- How to turn your network into a security sensor to gain critical visibility and threat detection capabilities
The document discusses Remote Direct Memory Access (RDMA) networking and related security concerns. It describes the architecture of RDMA, including components like RNIC and privileged/non-privileged ULPs. It then analyzes various attacks that can be addressed through end-to-end security in RDMA, such as man-in-the-middle attacks, impersonation, and spoofing. It also examines attacks from local and remote peers and how security measures like random Stag values and buffer checks can help prevent elevation of privilege and other attacks. In conclusion, while RDMA enables high throughput and low latency, security remains an ongoing concern.
SDN and Security: A Marriage Made in Heaven. Or Not.Priyanka Aash
Software-defined networking has come onto the scene and changed the way we think about moving packets throughout a network. But it has also morphed into multiple definitions and approaches, driven by both vendors and enterprise customers. But how does security fit into this picture? This talk will discuss the convergence of SDN and security and will try to make sense of them both.
Learning Objectives:
1: Understand all types of SDN.
2: Understand SDN and security.
3: Understand how a secure SDN makes a network safer.
(Source: RSA Conference USA 2018)
This document provides an overview and analysis of nation-state malware targeting telecommunications networks, specifically focusing on the Regin malware. It discusses the technical capabilities and architecture of Regin, analyzing how it infiltrates networks and implants modules. The document also explores other attack vectors such as SS7 and potential vulnerabilities in GPRS/IPX networks that malware could exploit. Dynamic demonstrations are provided of instrumenting Regin and simulating its attacks on networks and systems.
Vision ONE enables security tools to gain reliable and efficient access to relevant data with minimal effort, ensuring that security solutions don't contain hidden blind spots.
F5 EMEA Webinar Oct'15: http2 how to ease the transitionDmitry Tikhovich
HTTP/2 is here. It improves the way browsers and servers communicate, allowing for faster transfer of information. Today’s websites use many different components besides standard HTML, including design elements, client-side scripting, images, video, and flash animations. To transfer that information, a browser has to create several connections, putting a huge load on both the server delivering the content and the browser, which can lead to a slowdown as more and more elements are added to a site.
The document provides an overview of implementing the Cisco Adaptive Security Appliance (ASA), including comparing ASA solutions to other routing firewall technologies, explaining ASA operation and models for various use cases. It outlines objectives for configuring basic ASA firewall services like access lists, network address translation, and authentication. The document also covers advanced ASA policies using the modular policy framework.
Transforming Security: Containers, Virtualization and SoftwarizationPriyanka Aash
This session will explore how we can leverage containers, network/endpoint virtualization technologies and virtualized security instrumentation, concurrently, to transformationally improve security visibility, security analytics, system resilience and actionable context, greatly increasing our ability to attest that systems will be secure and compliant in any state into which they may be driven.
(Source: RSA USA 2016-San Francisco)
The document provides examples and explanations of network address translation (NAT) configurations on Palo Alto Networks next-generation firewalls. It shows how NAT policies work with security policies to translate source and destination IP addresses and apply firewall rules. The first example demonstrates static destination NAT to map any internal address to a single public address. The second example uses source NAT to map a DMZ subnet to an internal address. Flow charts illustrate how the firewall evaluates zones, NAT rules, security rules and applies address translations at each step.
This document discusses participant access control in IP multicasting. It begins with an overview of existing IP multicast protocols like IGMP and PIM-SM. It then discusses the need for access control to prevent attacks from unauthorized senders and receivers. The remainder of the document proposes an access control architecture that uses AAA protocols to authenticate participants and control their access through extensions to IGMP and the use of protocols like PANA and IKEv2.
This document discusses network security technologies and Cisco solutions. It covers topics like 802.1X authentication, identity management with Cisco ACS, port security, DHCP snooping, and securing the network infrastructure with Network Foundation Protection. The document appears to be slides from a training course on Cisco's SECURE certification that provides an overview of various network security concepts and Cisco products.
The document discusses trust anchors and public key infrastructure (PKI) in the context of the Resource Public Key Infrastructure (RPKI). It presents several models for establishing trust anchors for the RPKI, including:
1) A single IANA-issued trust anchor with subordinate certificates issued by each Regional Internet Registry (RIR) matching their number resource allocations. This would not support transferred resources.
2) An interim APNIC trust anchor structure containing self-signed certificates from each RIR to allow migration to a single IANA trust anchor.
3) Individual per-RIR self-signed trust anchors, a simpler interim model but requiring more work to transition to a single IANA trust anchor.
Learn how PTC Cloud Services can provide you peace of mind for your ever-evolving security needs. To learn more or to speak to a Cloud Security expert, go to
The document provides an overview of the Trusted Computing Platform Alliance (TCPA) and its technical specifications for trusted computing platforms. The TCPA aims to increase confidence in computing platforms through mechanisms like platform authentication, integrity reporting, and protected storage. This is achieved using a Trusted Platform Module (TPM) that acts as the root of trust and can reliably report the platform's software state. The TPM specifications define how platforms can prove their identity and properties to other entities while protecting users' privacy.
This document discusses firewall technologies and how they work to secure networks. It begins by defining what a firewall is and its purpose of controlling access between trusted and untrusted networks. It then explains different types of firewalls including packet filtering, stateful inspection, proxies, and how each works. The document also covers topics like filtering, spoofing, fragmentation attacks, and how firewalls can help prevent these threats while noting limitations.
Cisco Connect Toronto 2017 - Model-driven TelemetryCisco Canada
This document provides an overview of Cisco's model-driven telemetry solution. It discusses key concepts like data models, encodings, transports and the telemetry pipeline. YANG is presented as the modeling language and telemetry is described as having three key enablers: push-based collection, analytics-ready data formats, and being data model-driven. Cisco routers support model-driven telemetry via gRPC, TCP, UDP and provide interfaces, system and other data in YANG, OpenConfig and IETF models.
Cisco, Sourcefire and Lancope - Better TogetherLancope, Inc.
Technology overview for Sourcefire FireSIGHT and Lancope StealthWatch including:
• Core features and functionality
• Market positioning and differentiators
• Technology integration for effective incident response
The document discusses authentication of identities in VoIP calls and proposes using IETF RFC 4474 as an alternative to current authentication methods. RFC 4474 utilizes PKI techniques like signed SIP messages to authenticate identities, simplifying peering relationships while providing more security. However, challenges include getting widespread adoption as real-world issues around message alterations in networks need to be addressed.
The detail architecture of the most relevant consumer drones will be introduced, continuing with the communications protocol between the pilot (app in the smartphone or remote controller) and the drone. Manual reverse engineering on the binary protocol used for this communication will lead to identifying and understanding all the commands from each of the drones, and later inject commands back.
Learning Objectives:
1: Understand whenever a protocol between drone and pilot is secure.
2: Learn about a new reverse engineering methodology for these protocols.
3: Review a set of good practices to secure the environment surrounding a drone.
(Source: RSA Conference USA 2018)
RPKI (Resource Public Key Infrastructure)Fakrul Alam
Resource Public Key Infrastructure (RPKI), also known as Resource Certification, is a specialized public key infrastructure (PKI) framework designed to secure the Internet's routing infrastructure. RPKI provides a way to connect Internet number resource information (such as Autonomous System numbers and IP Addresses) to a trust anchor. (wikipedia)
Site-to-site IPSec VPN tunnels securely transmit data between two network sites using encryption. ISAKMP and IPSec are used to establish and encrypt the VPN tunnel. ISAKMP phase 1 creates an initial secure tunnel, then phase 2 creates the data transmission tunnel using encryption algorithms. Configuring IPSec requires defining ISAKMP and transform sets, access lists, crypto maps, and applying crypto maps to interfaces.
Solving the Visibility Gap for Effective SecurityLancope, Inc.
Network visibility is a vital component of an effective security strategy, but many organizations lack the ability to identify threat activity in their environment. At Cisco, we have assessed the networks of thousands of organizations, and in nearly every instance, we discovered undocumented hosts, risky user behavior, or malicious activity.
Whether it is rogue servers, unauthorized connections, or ongoing data breaches, we’ve harnessed the power of network visibility to identify a variety of suspicious and malicious activity. Now let us share our knowledge with you.
Join Jeff Moncrief, Systems Engineering Manager at Cisco, to learn:
- The reality of how vulnerable enterprise networks are from endpoint to edge
- The security benefits of end-to-end network visibility
- Common problems solved with network visibility
- Stories of real-life threats hidden on networks we’ve assessed
- How to turn your network into a security sensor to gain critical visibility and threat detection capabilities
The document discusses Remote Direct Memory Access (RDMA) networking and related security concerns. It describes the architecture of RDMA, including components like RNIC and privileged/non-privileged ULPs. It then analyzes various attacks that can be addressed through end-to-end security in RDMA, such as man-in-the-middle attacks, impersonation, and spoofing. It also examines attacks from local and remote peers and how security measures like random Stag values and buffer checks can help prevent elevation of privilege and other attacks. In conclusion, while RDMA enables high throughput and low latency, security remains an ongoing concern.
SDN and Security: A Marriage Made in Heaven. Or Not.Priyanka Aash
Software-defined networking has come onto the scene and changed the way we think about moving packets throughout a network. But it has also morphed into multiple definitions and approaches, driven by both vendors and enterprise customers. But how does security fit into this picture? This talk will discuss the convergence of SDN and security and will try to make sense of them both.
Learning Objectives:
1: Understand all types of SDN.
2: Understand SDN and security.
3: Understand how a secure SDN makes a network safer.
(Source: RSA Conference USA 2018)
This document provides an overview and analysis of nation-state malware targeting telecommunications networks, specifically focusing on the Regin malware. It discusses the technical capabilities and architecture of Regin, analyzing how it infiltrates networks and implants modules. The document also explores other attack vectors such as SS7 and potential vulnerabilities in GPRS/IPX networks that malware could exploit. Dynamic demonstrations are provided of instrumenting Regin and simulating its attacks on networks and systems.
Vision ONE enables security tools to gain reliable and efficient access to relevant data with minimal effort, ensuring that security solutions don't contain hidden blind spots.
F5 EMEA Webinar Oct'15: http2 how to ease the transitionDmitry Tikhovich
HTTP/2 is here. It improves the way browsers and servers communicate, allowing for faster transfer of information. Today’s websites use many different components besides standard HTML, including design elements, client-side scripting, images, video, and flash animations. To transfer that information, a browser has to create several connections, putting a huge load on both the server delivering the content and the browser, which can lead to a slowdown as more and more elements are added to a site.
The document provides an overview of implementing the Cisco Adaptive Security Appliance (ASA), including comparing ASA solutions to other routing firewall technologies, explaining ASA operation and models for various use cases. It outlines objectives for configuring basic ASA firewall services like access lists, network address translation, and authentication. The document also covers advanced ASA policies using the modular policy framework.
Transforming Security: Containers, Virtualization and SoftwarizationPriyanka Aash
This session will explore how we can leverage containers, network/endpoint virtualization technologies and virtualized security instrumentation, concurrently, to transformationally improve security visibility, security analytics, system resilience and actionable context, greatly increasing our ability to attest that systems will be secure and compliant in any state into which they may be driven.
(Source: RSA USA 2016-San Francisco)
The document provides examples and explanations of network address translation (NAT) configurations on Palo Alto Networks next-generation firewalls. It shows how NAT policies work with security policies to translate source and destination IP addresses and apply firewall rules. The first example demonstrates static destination NAT to map any internal address to a single public address. The second example uses source NAT to map a DMZ subnet to an internal address. Flow charts illustrate how the firewall evaluates zones, NAT rules, security rules and applies address translations at each step.
This document discusses participant access control in IP multicasting. It begins with an overview of existing IP multicast protocols like IGMP and PIM-SM. It then discusses the need for access control to prevent attacks from unauthorized senders and receivers. The remainder of the document proposes an access control architecture that uses AAA protocols to authenticate participants and control their access through extensions to IGMP and the use of protocols like PANA and IKEv2.
This document discusses network security technologies and Cisco solutions. It covers topics like 802.1X authentication, identity management with Cisco ACS, port security, DHCP snooping, and securing the network infrastructure with Network Foundation Protection. The document appears to be slides from a training course on Cisco's SECURE certification that provides an overview of various network security concepts and Cisco products.
The document discusses trust anchors and public key infrastructure (PKI) in the context of the Resource Public Key Infrastructure (RPKI). It presents several models for establishing trust anchors for the RPKI, including:
1) A single IANA-issued trust anchor with subordinate certificates issued by each Regional Internet Registry (RIR) matching their number resource allocations. This would not support transferred resources.
2) An interim APNIC trust anchor structure containing self-signed certificates from each RIR to allow migration to a single IANA trust anchor.
3) Individual per-RIR self-signed trust anchors, a simpler interim model but requiring more work to transition to a single IANA trust anchor.
Learn how PTC Cloud Services can provide you peace of mind for your ever-evolving security needs. To learn more or to speak to a Cloud Security expert, go to
The document provides an overview of the Trusted Computing Platform Alliance (TCPA) and its technical specifications for trusted computing platforms. The TCPA aims to increase confidence in computing platforms through mechanisms like platform authentication, integrity reporting, and protected storage. This is achieved using a Trusted Platform Module (TPM) that acts as the root of trust and can reliably report the platform's software state. The TPM specifications define how platforms can prove their identity and properties to other entities while protecting users' privacy.
During this webinar, we will cover AppRF - a suite of application visibility and control features that are part of Aruba's Policy Enforcement Firewall. AppRF is a PEF feature that is designed to give network administrators insight into the applications that are running on their network, and who is using them. Check out the webinar recording where this presentation was used:
https://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Aruba-AppRF-AOS-6-x-amp-8-x/td-p/490800
Trusted computing introduction and technical overviewSajid Marwat
Trusted computing aims to increase confidence in computing platforms by enabling platforms to prove their integrity and identity. The Trusted Computing Group is developing an open standard for a trusted platform module (TPM) that can reliably measure a platform's software state, attest to its identity and properties, and protect confidential data. The TPM acts as a root of trust and provides mechanisms for platform authentication, integrity reporting, and protected storage that enable trust in remote platforms and their expected behavior.
Security Plus Training Event for ITProcamp Jacksonville 2016. Helping those new to the IT Security get prepared. Understand how to complete your DOD 8570.m requirements.. Discussion about Exam Objectives
Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from and replaces the much less capable RADIUS protocol that preceded it. in this presentation I will try to familiarize you with the new AAA protocol and deep dive into the diameter protocol details, Credit Control Application (Gx,Gy and GZ) and sample use case for peering Sandvine PTS (Working as PCEF) with freePCRF.server and finally introduce you with seagull, a popular test tool to test different diameter-based scenarios. Hope you like it
basim.alyy@gmail.com
basimaly.wordpress.com
https://eg.linkedin.com/pub/basim-aly/38/774/228
Trust and Cloud Computing, removing the need to trust your cloud providerDavid Wallom
Presentation at CloudSecurityExpo 2106 publicly describing the Porridge distributed remote attestation using multiple trusted Third Parties as a way of building a cryptographically secure cloud service. Allowing users to know the cloud they are using is in exactly the format they expect. This will be commercially available through the Antyran product. This work is supported by InnovateUK KTP in partnership between University of Oxford e-Research centre and 100PercentIT. Other partners not in the KTP in include OctaInnovations.
This document discusses analyzing RDP traffic using the Bro network analysis framework. It provides background on using Bro at CrowdStrike for incident response and threat detection. It describes how the author developed a Bro script to detect RDP connections, log relevant details like usernames to a file, and identify anomalous RDP activity. Examples are given of the script identifying Nessus scans, password cracking tools, and anomalous RDP connections on non-standard ports. Future work areas discussed include passing more data to SSL and certificate analyzers and testing on higher bandwidth networks.
The document discusses SSL/TLS trends, practices, and futures. It covers global SSL encryption trends and drivers like increased spending on security and regulatory pressure. It discusses SSL best practices like enabling TLS 1.2, disabling weak protocols, using strong cipher strings, and enabling HTTP Strict Transport Security. The document also looks at solutions from F5 like hardware security modules, advanced key and certificate management, and market leading encryption support. It explores emerging standards like TLS 1.3 and topics like elliptic curve cryptography. Finally, it discusses what's next such as OCSP stapling and F5's SSL everywhere architecture.
Bringing Learnings from Googley Microservices with gRPC - Varun Talwar, GoogleAmbassador Labs
Varun Talwar, product manager on Google's gRPC project discusses the fundamentals and specs of gRPC inside of a Google-scale microservices architecture.
LAS16-306: Exploring the Open Trusted ProtocolLinaro
LAS16-306: Exploring the Open Trusted Protocol
Speakers: Marc Canel
Date: September 28, 2016
★ Session Description ★
Interconnected systems require trust between devices and service providers. To deal with this problem, several companies (ARM, Solacia, Symantec, Intercede) collaborated on the Open Trust Protocol (OTrP), which combines a secure architecture with trusted code management, using technologies proven in large scale banking and sensitive data applications on mass-market devices such as smartphones and tablets.
★ Resources ★
Etherpad: pad.linaro.org/p/las16-306
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-306/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
The document provides instructions for a Packet Tracer activity to configure AAA authentication on Cisco routers. It includes the topology diagram and addressing tables. The objectives are to configure local authentication on R1 for the console and VTY lines, and configure server-based authentication using TACACS+ on R2 and RADIUS on R3. The tasks include verifying the configurations by logging in from PCs locally on R1 and remotely on R2 and R3 using the respective protocols.
The document discusses trusted computing and provides details on its architecture and uses. The trusted computing architecture uses a trusted platform module (TPM) to measure the boot process and software running on a device. It establishes a chain of trust from the hardware to the operating system and applications. While trusted computing aims to increase security and privacy, issues around its impact on privacy have prevented widespread adoption.
Secure GitOps pipelines for Kubernetes with Snyk & WeaveworksWeaveworks
1. The webinar discussed securing developer workflows through implementing GitOps principles and securing repositories.
2. GitOps is described as an operations model that defines the entire system declaratively with the canonical desired system state versioned in Git.
3. Approved changes to the desired state are automatically applied to the system by software agents that ensure correctness and alert on any divergence from the declared state.
4. The presentation provided recommendations for securing repositories by enforcing strong identity, preventing history rewrites and removal of security features, and avoiding deprecated software.
This document chapter covers device discovery, management, and maintenance. It discusses using protocols like CDP and LLDP to map network topologies through device discovery. It also covers configuring NTP and syslog for device management, including setting the system clock, NTP client/server operation, and syslog message formatting and destinations. The chapter concludes discussing maintaining device configurations through backups and restores, IOS image management, and licensing.
More and more IoT vulnerabilities are found and showcased at security events. From connected thermostats to power plants!
Insecurity became the favorite subject for creating catchy IoT headlines: "Connected killer toaster", "Fridges changed into spamming machines","Privacy concerns around connected home".
We will explore the five challenges one has to face when building a secure IoT solution:
- hardware security: how to avoid rogue firmwares and keep your security keys safe?
- upgrade strategy: you can't secure what you can't update!
- secure transport: no security without secure transports.
- security credentials distribution: how to distribute security keys to a fleet with millions of devices?
- cloud vulnerability mitigation, how to keep your fleet of devices safe from the next Heartbleed?
Current enterprise infrastructure provides solutions for handling application security but are they really matching the IoT challenge? Could running a PKI client on a low power wireless sensor node be an option?
Despite those difficulties, we will show how a modern IoT device management standard like Lightweight M2M with DTLS is the way for building a secur-first IoT solutions. It provides a solution for upgrading your device, distributing your security keys and comes with a full range of cryptography cipher suites, from PSK algorithm for very constrained devices to high level of security using X.509 certificates.
Furthermore for adding security to your solution we will present you ready to use opensource libraries for implementing secure IoT servers and devices. The way for quickly releasing your next catchy connected product.!
Ultimately we will showcase Wakaama and Leshan, the Eclipse IoT Lightweight M2M implementation maybe your next best friend in the troubled water of Internet-Of-Things security!
HP proposes two options to provide network support services for Whirlpool. Option 1 involves implementing new HP servers with Checkpoint firewall and Cisco intrusion systems. Option 2 adds Cisco ASA firewall appliances. Both options include level 1 support, security administration, and a lessons learned database. The estimated one-time costs are $52,884 for Option 1 and $38,578 for Option 2, plus monthly software and support fees. The proposal provides diagrams, requirements, implementation plans, responsibilities, and cost breakdowns for the two solutions.
DumpsCafe is a Premium Supplier of Real Exam Questions and Certification Exam Dumps. DumpsCafe.com is the ultimate choice for IT students to pass their final exams in a quick time.
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
Smart connected devices such as mobile phones, tablets and Digital TVs are required to handle data with strong security and confidentiality requirements. A “Trusted Execution Environment” (TEE) provides an environment for processing data securely, protected from normal platform applications. This talk is intended as an introduction to Trusted Execution, and the open-source Trusted Execution Environment OP-TEE in particular. It introduces the GlobalPlatform TEE Specifications, explains how Trusted Execution is implemented by ARM TrustZone and OP-TEE, and outlines how trusted boot software manages the secure boot of an ARM platform. Finally, it gives some pointers on how to get started with OP-TEE.
The document compares the security features of SSL and IPsec. It discusses how each protocol provides authentication, confidentiality, integrity and other security services. It also outlines some of the benefits and limitations of each, such as SSL being best for web applications while IPsec provides broader security. Sample use cases are presented to illustrate when each protocol may be best to use.
Similar to Securing Internet of Things with Trustworthy Computing (20)
Presentation on Medical device security and emerging standards for the Internet of Things. Presented by Anura Fernando of UL at The Security of Things Forum, Sept. 10, 2015.
A presentation by Tracy Rausch, CEO of DocBox and Chip Block of Evolver Inc. on medical device security & patient monitoring. Presented at The Security of Things Forum on Sept. 10, 2015.
This document summarizes a talk about the security risks posed by commonly exposed data from Internet of Things (IoT) devices. The speaker discusses how status, identification, location, automation, and action data are often exposed from devices like webcams, routers, light bulbs, and fitness trackers. The speaker demonstrates how an Amazon Dash device could be used to trigger actions on a Belkin WeMo light bulb based on network activity data. The talk cautions that the large scale of data ingress and egress from IoT devices enables risks like privacy violations and device compromise if security issues are not addressed.
A Hacker's Perspective on Embedded Device Security, presented by Paul Dant of Independent Security Evaluators at the Security of Things Forum, Sept. 10, 2015
The document discusses security issues with medical devices and lessons for IoT security. It describes past security incidents with medical devices like the Therac-25 radiation therapy machine and hacked defibrillators. These issues increased as devices became more software-dependent and networked. The document warns against common insecure practices like failing to patch systems, using default passwords, and assuming obscurity provides security. It advocates designing devices to be securely updatable even after deployment. The document also describes an experimental technique for monitoring power usage to detect malware or anomalous device behavior without direct access.
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
21. 21
Next we look at the device report for devices currently connected to the CGR
This is a drill down on Raspi 2. Under Device Info, note the ID.
The ID is the SHA256 hash of Raspi 2’s AIK Public Key. The AIK private key is protected
within Raspi 2’s TPM.
This Proof of Concept uses the hash of the AIK public key as a unique, hardware protected
identity for Raspi 2.
Hash of Raspi 2’s AIK public key
Device report, next
23. 23
TPM IMA on the rPi reporting 299 measurements
Based on policy in the CGR,
The CGR is validating every file. It expects 288 and finds them to be correct
It finds 299 measurements and ignores the 11 unknown
“0 Failed” means that Raspi 2 is allowed to connect in this case
The “11 unknown” means there is a mismatch between what the Raspi 2 is reporting
and what the CGR is expecting. If CGR is matching only on PCR 10, this would have
been a “1 failed” condition and the session would not be allowed.
Connection attempt by Raspi
2 was allowed
24. Whoops! What happened here?
Here we are. One IMA
generated hash was found to be
different. Under the policy for
this device, that is not
acceptable.