Unified malware protection for business desktops, laptops and server operating systems that provides unified protection, simplified administration and visibility and control. Key features include real-time virus protection, advanced malware protection, one policy to manage client agent protection across systems, customized alerts and security assessments. The document discusses security features for Server 2008 such as BitLocker drive encryption, user account control, read-only domain controllers, network access protection and cryptography next generation.
This document provides an overview of a training course on system and network security for Windows 2003/XP/2000. It discusses what the course will cover, including the native security features of these Windows operating systems, how to lock down and secure Windows systems, and vulnerabilities and countermeasures. It also summarizes new and modified security features in Windows Server 2003 such as the Common Language Runtime, Internet Connection Firewall, account behavior changes, and enhancements to Encrypted File System, IPSec, authorization manager, and IIS 6.0.
This document provides an overview of BitLocker encryption in Windows and discusses:
- Why encryption is needed to protect lost or stolen devices and secure data.
- The basics of how BitLocker works including how the full volume encryption key is protected by the volume master key stored on the TPM chip.
- Different protector options for the master key like passwords, USB keys, and TPM authentication.
- Ways an attacker could try to bypass BitLocker including guessing passwords, DMA attacks to access memory, and cold boot attacks.
- Recommendations for implementing BitLocker securely including using a TPM without additional authentication for most devices and disabling DMA ports.
Tdswe 1810 learn how to create a secure and modern windows devicePer Larsen
Getting your corporate Windows devices enrolled as a standard user with a security baseline that you trust and customized for a better end user experience. Deploying Windows LOB application from different sources for both simple and complex scenarios.
https://tdswe.se/events/manage-your-windows-device-in-a-modern-way/
This document provides an agenda and instructions for a lesson on implementing server hardening. It discusses using tools like IPSec, BitLocker, locating inactive users, NTLM authentication, defining security options, removing storage access, configuring multiple password policies, and Sysinternals tools. It also includes links to videos and documentation on specific tasks like configuring NTLM authentication, defining security options, and removing storage access. It asks how to configure different password policies for groups like Admin and Staff and provides a link to documentation on the Sysinternals troubleshooting suite of tools.
Matt Oh, Microsoft
We are seeing new technique used everyday by malware. But, it is very hard to find any impressive techniques used in the wild. Recently there was huge buzz about Detrahere malware which used internally known issues with certificate signing in Windows 10 kernel driver. Even though the certificate check bypass technique itself is very interesting, also I found that the tactics used by the malware is more impressive. Even though the malware is mainly focused on Ad-hijacking functionality through Netfilter driver installation, but it also has rootkit ability through file system driver hooking. This feels like old days coming back with various new arsenals. The rootkit detects kernel debugging settings and will destroy the system when it finds one. The unpacking process can be very challenging job, too as it uses kernel driver image hollowing technique (something similar to process hollowing) to deobfuscate itself and run unpacked code. Our patchguard doesn't seem like triggering on this action, because all the sections are pre-allocated with execute permission already.
Through this talk, I want to present various techniques used by this malware focusing on the kernel level obfuscation and anti-analysis tactics. This will give us new insights on how new Windows rootkit malware might look like in the future and how detecting them from security systems and detonation systems can be a challenge.
This document provides an agenda and instructions for several Windows Server 2012 security configuration exercises, including:
- Configuring SSL encryption for client-server communications
- Installing and configuring IPSec to protect against replay attacks
- Enabling SMB 3.0 encryption and disabling SMB 1.0
- Configuring hidden sharing to privately share a folder without showing it to users
Step-by-step instructions and guidance are provided for completing setup of each security feature, including navigating Group Policy, editing IP security policies, and verifying configurations through commands and the Event Viewer log. Referenced videos also demonstrate how to properly configure each setting.
ILANTUS gives you the perfect password manager — Password Express, an easy-to-use password management solution for smooth, uninterrupted access to any enterprise and SaaS applications. Our solution leverages our domain expertise to resolve deadlocks encountered by users, Service Desk personnel, and security administrators to ensure smooth functioning of your organization.
In addition to reducing costs and Service Desk call volumes, Password Express also takes care of security with its efficient automated policy administration.
This document provides an overview of a training course on system and network security for Windows 2003/XP/2000. It discusses what the course will cover, including the native security features of these Windows operating systems, how to lock down and secure Windows systems, and vulnerabilities and countermeasures. It also summarizes new and modified security features in Windows Server 2003 such as the Common Language Runtime, Internet Connection Firewall, account behavior changes, and enhancements to Encrypted File System, IPSec, authorization manager, and IIS 6.0.
This document provides an overview of BitLocker encryption in Windows and discusses:
- Why encryption is needed to protect lost or stolen devices and secure data.
- The basics of how BitLocker works including how the full volume encryption key is protected by the volume master key stored on the TPM chip.
- Different protector options for the master key like passwords, USB keys, and TPM authentication.
- Ways an attacker could try to bypass BitLocker including guessing passwords, DMA attacks to access memory, and cold boot attacks.
- Recommendations for implementing BitLocker securely including using a TPM without additional authentication for most devices and disabling DMA ports.
Tdswe 1810 learn how to create a secure and modern windows devicePer Larsen
Getting your corporate Windows devices enrolled as a standard user with a security baseline that you trust and customized for a better end user experience. Deploying Windows LOB application from different sources for both simple and complex scenarios.
https://tdswe.se/events/manage-your-windows-device-in-a-modern-way/
This document provides an agenda and instructions for a lesson on implementing server hardening. It discusses using tools like IPSec, BitLocker, locating inactive users, NTLM authentication, defining security options, removing storage access, configuring multiple password policies, and Sysinternals tools. It also includes links to videos and documentation on specific tasks like configuring NTLM authentication, defining security options, and removing storage access. It asks how to configure different password policies for groups like Admin and Staff and provides a link to documentation on the Sysinternals troubleshooting suite of tools.
Matt Oh, Microsoft
We are seeing new technique used everyday by malware. But, it is very hard to find any impressive techniques used in the wild. Recently there was huge buzz about Detrahere malware which used internally known issues with certificate signing in Windows 10 kernel driver. Even though the certificate check bypass technique itself is very interesting, also I found that the tactics used by the malware is more impressive. Even though the malware is mainly focused on Ad-hijacking functionality through Netfilter driver installation, but it also has rootkit ability through file system driver hooking. This feels like old days coming back with various new arsenals. The rootkit detects kernel debugging settings and will destroy the system when it finds one. The unpacking process can be very challenging job, too as it uses kernel driver image hollowing technique (something similar to process hollowing) to deobfuscate itself and run unpacked code. Our patchguard doesn't seem like triggering on this action, because all the sections are pre-allocated with execute permission already.
Through this talk, I want to present various techniques used by this malware focusing on the kernel level obfuscation and anti-analysis tactics. This will give us new insights on how new Windows rootkit malware might look like in the future and how detecting them from security systems and detonation systems can be a challenge.
This document provides an agenda and instructions for several Windows Server 2012 security configuration exercises, including:
- Configuring SSL encryption for client-server communications
- Installing and configuring IPSec to protect against replay attacks
- Enabling SMB 3.0 encryption and disabling SMB 1.0
- Configuring hidden sharing to privately share a folder without showing it to users
Step-by-step instructions and guidance are provided for completing setup of each security feature, including navigating Group Policy, editing IP security policies, and verifying configurations through commands and the Event Viewer log. Referenced videos also demonstrate how to properly configure each setting.
ILANTUS gives you the perfect password manager — Password Express, an easy-to-use password management solution for smooth, uninterrupted access to any enterprise and SaaS applications. Our solution leverages our domain expertise to resolve deadlocks encountered by users, Service Desk personnel, and security administrators to ensure smooth functioning of your organization.
In addition to reducing costs and Service Desk call volumes, Password Express also takes care of security with its efficient automated policy administration.
Genian NAC provides network surveillance and performs ongoing compliance checks to ensure that all connected devices are automatically identified, classified, authorized, and given policy-based access control. It also provides all the major features that network managers expect, such as IP Address Management (IPAM), Desktop Configuration Management, WLAN access control, automated IT security operation, IT asset management, and much more. Genians NAC provides both on-premise and cloud-based deployment options, providing for ease of deployment and ongoing management.
The document discusses securing classified networks and sensitive data through the use of a Secure Network Access Platform (SNAP). SNAP allows users to securely access multiple isolated security domains from a single thin client desktop while preserving network isolation. It implements role-based access control, mandatory access controls, and label-based security to control access between security domains. SNAP leverages the security capabilities of the Solaris 10 operating system with Trusted Extensions to provide a certified, multi-level secure computing environment for government users.
z/OS Authorized Code Scanner (zACS) is a tool that provides the ability to test PCs and SVCs and client’s authorized code to provide diagnostic information for subsequent investigation as needed.
One of our latest projects. VipCoin is a cryptocurrency for a stable business. It is an interesting Blockchain solution with own unique logic and crypto wallets.
Enterprise Node - Securing Your EnvironmentKurtis Kemple
This document discusses securing an enterprise Node.js environment. It recommends using Node LTS versions for stability, containerizing applications for isolation, and securing dependencies by whitelisting modules. It also covers authenticating users with JWT, authorizing access with scopes and roles, validating input data, encrypting sensitive data, and ensuring HTTPS is used everywhere. Securing the runtime is important to protect the company from threats, improve confidence, and meet regulations.
This document provides a checklist for hardening the security of Windows Server systems. It outlines best practices for organizational security, preparing, installing, and configuring Windows Server, as well as user account, network, registry, and general security settings. It also addresses audit policy, software security, and finalization steps like imaging servers. Implementing the guidelines can help reduce security vulnerabilities and the risk of attacks compromising critical systems and data.
1. Microsoft announced new compute options for SAP HANA and HPC/AI workloads including the largest memory-optimized VM and new Nvidia GPU VMs.
2. Enhancements to VM scale sets include support for low-priority VMs, auto-OS image updates, and cross-zone deployment.
3. New features in public preview include serial console access, confidential computing VMs, immutable blob storage, and blob lifecycle management policies.
The document provides an overview of Check Point's Gaia operating system. Some key points:
- Gaia is Check Point's next generation operating system that combines the best of their SecurePlatform and IPSO operating systems.
- It supports all Check Point security appliances and products, including Software Blades, Gateways, and Security Management.
- Features include support for IPv4/IPv6, high connection capacity, load sharing, high availability, dynamic routing, easy CLI, and role-based administration.
- Gaia allows for simple upgrades from IPSO and SecurePlatform and includes automated software updates for Check Point products.
This document provides an overview and objectives of a training course on VPN-1/FireWall-1 NG Management I. The course aims to teach students how to identify the basic components of VPN-1/FireWall-1 NG, configure and manage it, create and manage management objects, use key features like the security policy and log viewer, apply NAT rules and authenticate users. It outlines the modules to be covered, including the VPN-1/FireWall-1 NG architecture, security policy setup, advanced security policies, log management, and authentication parameters.
Paper Explaination : NoHype : Virtualized Cloud Infrastructure without the Vi...Samarth Godara
Its a presentation explaining the paper -
NoHype: Virtualized Cloud Infrastructure without the Virtualization
By : Eric Keller Jakub Szefer Jennifer Rexford Ruby B. Lee
Princeton University, Princeton, NJ, USA
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
The term Micro-segmentation has been used by all vendors to death. So what does it mean for you? This session walks through step by step building a security architecture from nothing. Where do you start? How do you learn how an application speaks? What approach can you take that is not disruptive? What objects should I use? Security Groups, IPsets, Clusters, VMs? After deciding what is best for the right situation come and see how to apply micro segmentation with VMware NSX to VMware Log Insight. Walk away with a repeatable approach breaking down, learning, and segmenting any application on your virtualised infrastructure. Designing an applications micro segmentation policy just got a whole lot easier.
Virtualization: Security and IT Audit PerspectivesJason Chan
A brief overview of server virtualization for information security and audit professionals. I gave earlier versions of this talk at the SV and SF ISACA conferences in 2010, this version is for the UC Compliance and Audit Symposium.
Windows Server 2012 and Windows 8 introduce several new security features including secure boot, early malware detection, BitLocker enhancements, virtual smart cards, claims-based access control, data classification, DNSSEC, unified remote access, PowerShell remoting, fine-grained password policies, and improved security auditing. These features help harden the security of Windows infrastructures.
Virtualization Forum 2015, Praha, 7.10.2015
sál VMware
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf.
Succeeding with Secure Access Service Edge (SASE)Cloudflare
With the emergence of the Secure Access Service Edge (SASE), network and security professionals are struggling to build a migration plan for this new platform that adapts to the distributed nature of users and data.
SASE promises to reduce complexity and cost, improve performance, increase accessibility and enhance security. The question is: How do you gain these benefits as you work towards implementing a SASE architecture? View to learn:
-Why SASE should be less complicated than many vendors are making it
-What to look for when evaluating a migration to a SASE platform
-A 3 month, 6 month, and 12 month roadmap for implementation
-How Cloudflare One, a purpose-built SASE platform, delivers on these promised benefits
The ultimate guide to software updates on embedded linux devicesMender.io
Slides from my talk at NDC Techtown 2019.
Abstract:
Software updates has for a long time been a mess, consisting of “homegrown” solutions specific to a certain project and there was very little re-usage between projects and very little collaboration in our community to solve these complex problems. Luckily for us that time is over and the community around this topic has grown over last couple years and still is growing as the demand increases with the growth of IoT and OTA firmware updates (which introduces even more complexity).
There are now well established open-source solutions that have been “battle tested” that we can collaborate on to make the complexity of software updates manageable. We are heading for a time where a quality Board Support Package should provide an software update implementation because it really should be solved at this level instead of handing this over to application developers which have limited knowledge of low lever architecture on a embedded device.
In this talk Mirza will present some of the challenges of doing software updates on embedded system. He will also present the available open-source projects that can be used to solving these challenges. Projects such as mender.io, SWupdate, RAUC and more.
Product brief of ProductivityNet's flagship product, ActiveManage. ActiveManage was a system management product, allowing IT administrators to manage any number of servers from a wireless device (which at the time was a Palm VII or WinCE) or the web.
Software defined networking is an approach that allows network administrators to programmatically control and manage network behavior dynamically through open interfaces. It provides an abstraction of lower-level network functionality. While OpenFlow was commonly used, many companies have adopted different techniques. The document also lists several free software tools that can be used to monitor and analyze networks, including GFI LanGuard, Microsoft Network Monitor, Nagios, and OpenNMS.
Kerio Control is a unified threat management solution that provides firewall, content filtering, VPN, IDS/IPS, and other network security features in a single appliance. It uses deep packet inspection and continuously updated rules to detect and block known threats. The solution offers comprehensive network protection and visibility into intrusion attempts. It also includes updated features like an integrated antivirus from Sophos and improved web-based administration interface.
A collaborative project of students of Grade VIII from BSS F 11/3 Girls Branch, Islamabad, Pakistan and Colegio Americano Anahuac, Mexico.
Theme was " From the Window" . Students took pictures of their surroundings/environment. Made a collage and shared with their fellow students from other country. It was a wonderful experience knowing each other’s immediate environment and sharing their own with students from other regions of the world.
This document provides an overview of a virtual network project for students. The objectives are to demonstrate installing and configuring virtual network/server operating systems, virtual workstations, and ensuring security and manageability of the virtual network. Students will perform tasks over two days, such as installing client and server operating systems, configuring security and file sharing on the server, and setting up a basic intranet with user webpages. The project aims to simulate a small office network using virtualization software.
Genian NAC provides network surveillance and performs ongoing compliance checks to ensure that all connected devices are automatically identified, classified, authorized, and given policy-based access control. It also provides all the major features that network managers expect, such as IP Address Management (IPAM), Desktop Configuration Management, WLAN access control, automated IT security operation, IT asset management, and much more. Genians NAC provides both on-premise and cloud-based deployment options, providing for ease of deployment and ongoing management.
The document discusses securing classified networks and sensitive data through the use of a Secure Network Access Platform (SNAP). SNAP allows users to securely access multiple isolated security domains from a single thin client desktop while preserving network isolation. It implements role-based access control, mandatory access controls, and label-based security to control access between security domains. SNAP leverages the security capabilities of the Solaris 10 operating system with Trusted Extensions to provide a certified, multi-level secure computing environment for government users.
z/OS Authorized Code Scanner (zACS) is a tool that provides the ability to test PCs and SVCs and client’s authorized code to provide diagnostic information for subsequent investigation as needed.
One of our latest projects. VipCoin is a cryptocurrency for a stable business. It is an interesting Blockchain solution with own unique logic and crypto wallets.
Enterprise Node - Securing Your EnvironmentKurtis Kemple
This document discusses securing an enterprise Node.js environment. It recommends using Node LTS versions for stability, containerizing applications for isolation, and securing dependencies by whitelisting modules. It also covers authenticating users with JWT, authorizing access with scopes and roles, validating input data, encrypting sensitive data, and ensuring HTTPS is used everywhere. Securing the runtime is important to protect the company from threats, improve confidence, and meet regulations.
This document provides a checklist for hardening the security of Windows Server systems. It outlines best practices for organizational security, preparing, installing, and configuring Windows Server, as well as user account, network, registry, and general security settings. It also addresses audit policy, software security, and finalization steps like imaging servers. Implementing the guidelines can help reduce security vulnerabilities and the risk of attacks compromising critical systems and data.
1. Microsoft announced new compute options for SAP HANA and HPC/AI workloads including the largest memory-optimized VM and new Nvidia GPU VMs.
2. Enhancements to VM scale sets include support for low-priority VMs, auto-OS image updates, and cross-zone deployment.
3. New features in public preview include serial console access, confidential computing VMs, immutable blob storage, and blob lifecycle management policies.
The document provides an overview of Check Point's Gaia operating system. Some key points:
- Gaia is Check Point's next generation operating system that combines the best of their SecurePlatform and IPSO operating systems.
- It supports all Check Point security appliances and products, including Software Blades, Gateways, and Security Management.
- Features include support for IPv4/IPv6, high connection capacity, load sharing, high availability, dynamic routing, easy CLI, and role-based administration.
- Gaia allows for simple upgrades from IPSO and SecurePlatform and includes automated software updates for Check Point products.
This document provides an overview and objectives of a training course on VPN-1/FireWall-1 NG Management I. The course aims to teach students how to identify the basic components of VPN-1/FireWall-1 NG, configure and manage it, create and manage management objects, use key features like the security policy and log viewer, apply NAT rules and authenticate users. It outlines the modules to be covered, including the VPN-1/FireWall-1 NG architecture, security policy setup, advanced security policies, log management, and authentication parameters.
Paper Explaination : NoHype : Virtualized Cloud Infrastructure without the Vi...Samarth Godara
Its a presentation explaining the paper -
NoHype: Virtualized Cloud Infrastructure without the Virtualization
By : Eric Keller Jakub Szefer Jennifer Rexford Ruby B. Lee
Princeton University, Princeton, NJ, USA
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
The term Micro-segmentation has been used by all vendors to death. So what does it mean for you? This session walks through step by step building a security architecture from nothing. Where do you start? How do you learn how an application speaks? What approach can you take that is not disruptive? What objects should I use? Security Groups, IPsets, Clusters, VMs? After deciding what is best for the right situation come and see how to apply micro segmentation with VMware NSX to VMware Log Insight. Walk away with a repeatable approach breaking down, learning, and segmenting any application on your virtualised infrastructure. Designing an applications micro segmentation policy just got a whole lot easier.
Virtualization: Security and IT Audit PerspectivesJason Chan
A brief overview of server virtualization for information security and audit professionals. I gave earlier versions of this talk at the SV and SF ISACA conferences in 2010, this version is for the UC Compliance and Audit Symposium.
Windows Server 2012 and Windows 8 introduce several new security features including secure boot, early malware detection, BitLocker enhancements, virtual smart cards, claims-based access control, data classification, DNSSEC, unified remote access, PowerShell remoting, fine-grained password policies, and improved security auditing. These features help harden the security of Windows infrastructures.
Virtualization Forum 2015, Praha, 7.10.2015
sál VMware
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf.
Succeeding with Secure Access Service Edge (SASE)Cloudflare
With the emergence of the Secure Access Service Edge (SASE), network and security professionals are struggling to build a migration plan for this new platform that adapts to the distributed nature of users and data.
SASE promises to reduce complexity and cost, improve performance, increase accessibility and enhance security. The question is: How do you gain these benefits as you work towards implementing a SASE architecture? View to learn:
-Why SASE should be less complicated than many vendors are making it
-What to look for when evaluating a migration to a SASE platform
-A 3 month, 6 month, and 12 month roadmap for implementation
-How Cloudflare One, a purpose-built SASE platform, delivers on these promised benefits
The ultimate guide to software updates on embedded linux devicesMender.io
Slides from my talk at NDC Techtown 2019.
Abstract:
Software updates has for a long time been a mess, consisting of “homegrown” solutions specific to a certain project and there was very little re-usage between projects and very little collaboration in our community to solve these complex problems. Luckily for us that time is over and the community around this topic has grown over last couple years and still is growing as the demand increases with the growth of IoT and OTA firmware updates (which introduces even more complexity).
There are now well established open-source solutions that have been “battle tested” that we can collaborate on to make the complexity of software updates manageable. We are heading for a time where a quality Board Support Package should provide an software update implementation because it really should be solved at this level instead of handing this over to application developers which have limited knowledge of low lever architecture on a embedded device.
In this talk Mirza will present some of the challenges of doing software updates on embedded system. He will also present the available open-source projects that can be used to solving these challenges. Projects such as mender.io, SWupdate, RAUC and more.
Product brief of ProductivityNet's flagship product, ActiveManage. ActiveManage was a system management product, allowing IT administrators to manage any number of servers from a wireless device (which at the time was a Palm VII or WinCE) or the web.
Software defined networking is an approach that allows network administrators to programmatically control and manage network behavior dynamically through open interfaces. It provides an abstraction of lower-level network functionality. While OpenFlow was commonly used, many companies have adopted different techniques. The document also lists several free software tools that can be used to monitor and analyze networks, including GFI LanGuard, Microsoft Network Monitor, Nagios, and OpenNMS.
Kerio Control is a unified threat management solution that provides firewall, content filtering, VPN, IDS/IPS, and other network security features in a single appliance. It uses deep packet inspection and continuously updated rules to detect and block known threats. The solution offers comprehensive network protection and visibility into intrusion attempts. It also includes updated features like an integrated antivirus from Sophos and improved web-based administration interface.
A collaborative project of students of Grade VIII from BSS F 11/3 Girls Branch, Islamabad, Pakistan and Colegio Americano Anahuac, Mexico.
Theme was " From the Window" . Students took pictures of their surroundings/environment. Made a collage and shared with their fellow students from other country. It was a wonderful experience knowing each other’s immediate environment and sharing their own with students from other regions of the world.
This document provides an overview of a virtual network project for students. The objectives are to demonstrate installing and configuring virtual network/server operating systems, virtual workstations, and ensuring security and manageability of the virtual network. Students will perform tasks over two days, such as installing client and server operating systems, configuring security and file sharing on the server, and setting up a basic intranet with user webpages. The project aims to simulate a small office network using virtualization software.
This is a recent final class team project using VMware and there separate workstations, our team designed and implemented and tested this working network.
Beaconhouse School System Middle, PECHS, Karachidfcpakistan
The document describes a Design for Change project by students at Beaconhouse School System Middle School PECHS to help underprivileged schools. The students conducted surveys, interviews, and a charity drive to collect books, stationary, clothes, and IT resources to establish a library at GF Academy. Over 500 books were donated and a computer was provided to set up the school's first library. Students interviewed administrators and teachers at both schools. The project aimed to help those with less access to education and resources through student-led social action.
Active Directory is a directory service that provides a centralized location to store information about networked devices, services, and users. It implements authentication, authorization, and other services to securely manage access and share information across a network. Active Directory uses a hierarchical structure and replication to distribute directory data and updates between domain controllers, providing scalability and redundancy. It supports LDAP for application access and integrates with DNS for network name resolution.
The document outlines 19 potential project titles for a Cisco summer internship in 2011. The projects cover a wide range of topics including network performance testing, automation, monitoring, management, and security tools.
China auto parts and components manufacturing industry in depth market resear...Qianzhan Intelligence
The document provides an overview and analysis of the auto parts and components manufacturing industry in China. It discusses the industry's definition and categories, statistics standards, and supply chain. It then analyzes the development environment, including policies, economic conditions, social factors, and technology trends. Next, it examines the market development status of the auto industry in China and abroad. It provides details on production, sales, major companies, and forecasts emerging trends in the auto market. Finally, it analyzes the operation and competition within China's auto parts and components manufacturing industry.
The slideshow contains a lot of full-screen images but no subtitles, therefore omitting some of the information which would have been given verbally during the presentation.
Augmenting MySQL with NoSQL options - Data LifecyclesDavid Murphy
The document discusses the different stages in a data lifecycle - transient, short to medium term, analytics, and archival. It outlines example workloads that fall into each stage. The key technologies that can be used at each stage are also presented, including Redis, MongoDB, Cassandra and Hadoop. The document provides guidance on how to fit the different technologies together based on requirements, available talent, and licensing. It emphasizes allowing experts to manage the technologies while focusing on building application features.
http://perdre-sa-cellulite.plus101.com
---Perdre Sa Cellulite. Une Bonne Alimentation Pour Lutter Contre la Cellulite
Certains aliments ont des composants naturels antioxydants et draineurs qui éliminent naturellement la cellulite. Parmi eux se trouvent le céleri branche. Il s'agit d'un légume un peu amère mais qui aide beaucoup à accélérer le métabolisme des graisses afin de débarrasser la cellulite.
Perdre Sa Cellulite
Coupé en bâtonnet, il peut être consommé en apéro ou en plat de crudités. Le poireau figure également dans la liste des meilleurs aliments anticellulite. Légume anti-rétention d'eau, il chasse les toxines tout en luttant contre la cellulite.
Enfin, n'oubliez pas de consommer de l'ananas si vous voulez combattre votre cellulite. Il a pour principal mission de réduire la rétention d'eau.
Perdre Sa Cellulite
Selon des experts en physiologie, les femmes ont 90 muscles dans les membres inférieurs et en les stimulant doucement, ces muscles des fesses, jambes, hanches et cuisses, 76,3% des femmes peuvent inverser la cause de la peau d'orange et des capitons pour avoir une peau tonifiée et lisse.
CLIQUEZ ICI: http://perdre-sa-cellulite.plus101.com
http://www.youtube.com/watch?v=sfpTMwizkZE
Perdre Sa Cellulite
http://www.youtube.com/user/PerdreSaCellulite1
http://www.youtube.com/user/CelluliteLesCuisses
http://www.youtube.com/user/SupprimerCellulite
http://www.youtube.com/user/ReduireLaCellulite
Perdre Sa Cellulite,
perdre la cellulite au bras,
perdre la cellulite apres grossesse,
perdre la cellulite aux genoux,
perdre la cellulite adipeuse,
Arthur Bodolec of Feedly on Designing With Your EarsUserTesting
When building a new product or designing a new feature, you always have a voice in the back of your mind whispering, "What if no one uses it? What if nobody really understands the value of what I am building? What if it becomes a total flop?"
This webinar with Feedly co-founder Arthur Bodolec provided simple and quick techniques to ensure your product gets used. Examine how to pick the right target audience, how to gather user stories to make sure you are designing the right features, and learn best practices for testing your product.
Bank of America is acquiring Countrywide Financial to become the largest mortgage originator and servicer in the US. The acquisition will strengthen Bank of America's position as a premier consumer bank by adding Countrywide's large mortgage capabilities and technology platform. The all-stock deal values Countrywide at $2.9 billion and is expected to close in the third quarter of 2008 pending regulatory and shareholder approvals. The acquisition faces near term challenges from the weak housing market but creates opportunities to improve origination practices and acquire a leading mortgage platform.
BMC Discovery is an agentless discovery and dependency mapping tool that automatically discovers configuration and relationship data across an IT infrastructure. It provides visibility into hardware, software, applications and their dependencies. BMC Discovery works by running scans from a virtual appliance using supplied credentials to retrieve configuration information. It analyzes the data to map relationships and can integrate with a CMDB. Security features include encrypted credential storage and secure communications. Prerequisites for deployment include virtual appliances, a Windows proxy server, and credentials for systems being discovered.
System Center Operations Manager (SCOM) 2007 R2 & Non Microsoft MonitoringAmit Gatenyo
The document discusses how OpsManager and dynamic provisioning can help manage a heterogeneous IT environment for a large global conglomerate. It outlines the objectives of optimizing infrastructure, enhancing security and ensuring business continuity. A demo is shown of OpsManager monitoring the environment and dynamically provisioning new virtual machines when terminal servers fail to maintain high availability. The role of Windows 2008 tools like ServerManagerCMD, PowerShell, WinRM and WinRS in automating management tasks is also discussed. Management packs that extend OpsManager to non-Microsoft applications and network devices are described.
Windows 8 enables flexible workstyles with a fast, fluid touch-enabled experience that supports mouse, keyboard, and pen input while maximizing device capabilities. It features a new Windows desktop and apps experience without compromise through touch-friendly interfaces and personalized start screens. Windows 8 can be licensed through various options including retail, volume, and software assurance and managed securely through features such as sideloading and virtualization.
Windows Server 2016 offers huge improvements for Active Directory scalability and UI, which we'll talk about in detail. Don't miss a demo session on using Active Directory PowerShell History Viewer and the new graphic user interface for Active Directory Recycle Bin and fine-grained password policy features!
UtrechtJUG_Exploring statefulmicroservices in a cloud-native world.pptxGrace Jansen
This document discusses stateful microservices in a cloud native world. It begins by covering some key aspects of cloud native applications including the Twelve-Factor App methodology and its emphasis on stateless processes. It then explores the differences between stateless and stateful computing models. While cloud native is often viewed as requiring stateless microservices, the document explains that real-world applications often need stateful capabilities. It discusses some traditional stateful approaches and their limitations in cloud native environments. The document then covers some techniques for building stateful microservices in cloud native environments, including caching, databases, cookies/tokens, and approaches using cloud native infrastructure like Kubernetes. Programming patterns like SAGA and long-running actions are also discussed. Finally
This document provides a summary of Sudheendra Parameshwara's professional experience and qualifications. It summarizes his extensive experience in Windows server administration, networking, and monitoring tools like SCOM. It also lists his roles and responsibilities in various jobs which involved tasks like Windows server administration, application monitoring, incident management, and technical support. His technical skills, educational qualifications and personal details are also summarized in the document.
This document discusses stateful microservices in a cloud native world. It begins by explaining that while cloud native applications are usually designed to be stateless, many real-world applications require stateful capabilities. It then explores techniques for building stateful microservices, such as using caches, databases, cookies, and tokens to preserve state. Finally, it discusses how tools like Kubernetes statefulsets, persistent volumes, and MicroProfile Long Running Actions can help enable stateful applications in a cloud native environment.
Security is more critical than ever with new computing environments in the cloud and expanding access to the Internet. There are a number of security protection mechanisms available for MongoDB to ensure you have a stable and secure architecture for your deployment. We'll walk through general security threats to databases and specifically how they can be mitigated for MongoDB deployments.
Cloud computing transforms the way we can store, process and share our data. New applications and workloads are growing rapidly, which brings every day more sensitive data into the conversation about risk and what constitutes natural targets for bad actors. This presentation reflects on current best practices to address the most significant security concerns for sensitive data in the cloud, and offers participants a list of steps to achieve enterprise-grade safety with MongoDB deployments among the expanding service provider options.
RES Workspace Manager and Automation Manager 2011 feature new branding and packaging. Key updates include improved security features like dynamic privileges and user installed application control, as well as service orchestration integration and user settings templates. The release also focuses on scalability, integration, and database migration capabilities. Security enhancements for Automation Manager 2011 include permissions for remote console access, jobs, and repository folders.
The document discusses microservice architecture and compares it to monolithic architecture. It describes microservices as small, discrete, isolated services that can be deployed separately. A monolith is a single application combining all business logic and data access. The document outlines characteristics of microservices such as single responsibility, statelessness, independent data management and communication through APIs or message queues. It also covers deployment, testing, monitoring, metrics and the need for automation and a culture open to change when using microservice architecture.
Module 03 installing, upgrading, and migrating to windows 7aesthetics00
This document provides an overview of Module 3 which covers installing, upgrading, and migrating to Windows 7. The module contains 5 lessons:
1. Preparing to install Windows 7 which discusses the key features, editions, hardware requirements and advantages of 64-bit Windows 7.
2. Performing a clean installation of Windows 7 which demonstrates how to configure the computer name and domain settings during a clean install from DVD.
3. Upgrading and migrating to Windows 7 which compares upgrade vs migration, identifies valid upgrade paths, and demonstrates using tools like Windows Upgrade Advisor and USMT to migrate user data.
4. Performing an image-based installation using tools like Windows SIM, Windows PE,
Endpoint Central is a unified endpoint management solution from ManageEngine that allows administrators to manage desktops, laptops, smartphones and tablets from a central location. It offers features such as patch management, software deployment, asset management, remote control, imaging and OS deployment, security management and mobile device management. Endpoint Central supports Windows, Mac, Linux and mobile devices. It offers integrations with help desk software and is available as a free edition, professional edition or enterprise edition. ManageEngine has over 2 million users and some of their clients include Fortune 500 companies.
This document discusses recommendations for securing an Active Directory environment. It recommends a single forest single domain architecture by default, but acknowledges exceptions may exist. It introduces a tier model for access control and recommends restricting privilege escalation through measures like privileged access workstations and assessing AD security. It also recommends restricting lateral movement, implementing attack detection solutions, and preparing the organization through strategic planning and technical education.
NGINX Controller: Configuration, Management, and Troubleshooting at Scale – EMEANGINX, Inc.
Watch this webinar and learn how NGINX Controller reduces complexity and achieves significant time & cost savings. Configure, manage, and troubleshoot multiple NGINX Plus instances at scale across both on-premise and public cloud environments. Get an overview and demo of Controller.
Watch this webinar to learn:
- How to achieve significant time and cost savings by using Controller to manage multiple NGINX instances
- How to boost developer productivity by enabling teams to deploy new applications faster with policy-driven management
- How you can meet and exceed SLAs by finding the root cause of performance issues and troubleshooting them quickly
- The benefits of seamlessly incorporating NGINX Plus into your existing monitoring framework with available integrations
https://www.nginx.com/resources/webinars/nginx-controller-configuration-management-troubleshooting-at-scale-emea/
Research Assignment For Active DirectoryJessica Myers
This document discusses moving enterprise systems from on-premises to cloud services. Moving to the cloud provides value to corporations for several reasons, as professionals need to focus on activities that drive business rather than maintaining infrastructure. The document examines the benefits of cloud services and how they allow companies to focus on their core competencies.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
1. •Unified malware protection for business
desktops, lap tops and server operating systems
that’s easier to control
•Unified Protection
•Simplified Administration
•Visibility and Control
4. Discuss five Security Features for Server 2008
1: BitLocker Driver Encryption
2: User Account Control
3: Read Only Domain Controller
4: Network Access Protection (NAP)
5: Cryptography Next Generation (CNG)
5. WHAT IS A SERVER?
A server is a computer program that provides
services to other computer programs
Microsoft Windows Server 2008 is the most
advanced Windows Server operating system
yet, designed to power the next generation of
networks, applications, and Web services.
7. BitLocker Drive Encryption
BitLocker performs two
functions:
BitLocker encrypts all data
stored on the Windows
operating system volume
BitLocker uses a Trusted
Platform Module (TPM)
9. How does it work?
With Full-Volume encryption,
everything written to a
BitLocker-protected volume is
encrypted
BitLocker uses the TPM to verify
the integrity of early boot
components and boot
configuration data.
User is prompted to store a
"recovery password" that can be
used to unlock a locked BitLocker
volume in case of system failure
of security breach.
BitLocker helps ensure that data
is never stored on disk in a way
that would be useful to an
attacker, thief or new hardware
owner
10. •UAC is a new technology for Microsoft Server 2008 and Windows
Vista
•Additional settings are available by configuring Group policy
settings
•UAC provides authentication protection against malicious
software
Example of
dialog box
for UAC
11. Read Only
Feature
•RODCs only
support
unidirectional
replication of
Active Directory
changes
DNS
Protection
•A DNS server
running on an
RODC doesn’t
support
dynamic
updates.
Administrator
Role
Separation
•A Domain user
can have
Administrator
role
Password
Protection
•RODC can
cache
passwords.
14. ABOUT CNG
Cryptographic Agility
Certification and Compliance
Suite B support
Legacy Support
Kernel Mode Support
Auditing
Replaceable Random Number Generators
Thread Safety
Mode of Operation
Key Storage and Retrieval
15. 1. How does NAP work?
2. What does the acronym NAP stand for?
3. What is a server?
4. How does the US government use the innovations of CNG?
5. Why do we use cryptography?
6. What two products are using UAC?
7. What Does UAC stand for?
8. What does RODC stand for?
9. What is the main purpose of RODC?
10. Does BitLocker come installed on Windows Server 2008?
16. Bibliography
1. “The Windows Vista and Windows Server 2008 Developer Story: Windows Vista Application for User
Account Control (UAC)” April 2007 Retrieved on 2007-10-08 Wikipedia
http://en.wikipedia.org/wiki/User_Account_Control
2. Microsoft Server 2008 (2009 Microsoft Corporation ) TechNet http://technet.microsoft.com/en-
us/windowsserver/2008/default.aspx
3. “Fore Front Client Security excerpt “ Microsoft Partner Program retrieved 02-05-09
https://partner.microsoft.com/global/40029561
4. Microsoft Fore Front Client Security
http://www.microsoft.com/forefront/clientsecurity/en/us/overview.aspx
5. (Network Access Protection) Wikipedia “ Windows Network Access Protection Web page”
http://en.wikipedia.org/wiki/Network_Access_Protection
6. Microsoft TechNet “Networking and Access Technologies “ (NAP ) http://technet.microsoft.com/en-
us/network/bb545879.aspx
7. (Read Only Domain Controller) Microsoft TechNet http://technet.microsoft.com/en-
us/library/cc772234.aspx
8. Microsoft Developer Network “CNG “http://msdn.microsoft.com/en-us/library/aa376210(VS.85).aspx
9. Microsoft TechNet “CNG” http://technet.microsoft.com/en-us/library/cc730763.aspx
10. BitLocker Wikipedia http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption
Editor's Notes
Lets talk about Microsoft forefront client security. Forefront helps guard against many different emerging threats like viruses, root kits, and spyware. Organizations need to protect their PCs and servers from various threats. Yet many protection-software suites are difficult to use and integrate into existing IT infrastructures, making it challenging to identify threats and vulnerabilities. With Fore front your getting more advanced security tools and a more simple way of operating. Think of a house that has locks and bolts and Fore front is added to that as a simple alarm system that reinforces the basic security, let me hit on each bullet point and some features of the software.
With unified protection you have the single engine that enhances performance and detection capabilities by minimizing end-user disruptions. By using “mini-filter” technology with the Windows Filter Manager, Forefront Client Security is able to scan virus and spyware files before they run, providing better security against spyware and blended threats (for example, spyware that infects a PC through backdoor Trojans or other means). Simplified Administration makes things easier like having central management with one console for simplified client security, Microsoft Forefront Client Security saves time and reduces complexity. Integrating with the familiar Microsoft infrastructure saves administrative time and reduces the “learning curve.” The last point is the Visibility and control which when you receive an alert the event is recorded into the fore front summary report which gives a support link on how to deal with that alert. The Security State Assessment (SSA) checks to examine data from the file system and others allowing the administrator to detect common vulnerabilities in the environment. With that many features why turn it down and for the very low low subscription price of $12.72 per user or device, per year. So don’t just sit there purchase now for ease of mind and ultimate protection for your client or home network. And now the moment you have been waiting for thank you for your time/ our feature presentation!!!!!
Good morning class, my name is Stephanie Wilks. We are Team 3. I’d like to introduce the rest of my team. First, we have Kendra Moyer, who will be presenting the second half of this presentation, Rhonda Walker, who contributed research to this presentation, and Willie Solomon, who designed this slideshow and was also our team leader. Today we will talk to you about Windows Server 2008 and a few of the many new security features that it has.
The purpose of this presentation is to explain these five security features for server 2008. BitLocker Driver Encryption, User Account Control, Read Only Domain Controller , Network Access Protection (NAP), Cryptography Next Generation(CNG).
Two things that should be explained just in case anyone was unsure are what a server is and what Windows Server 2008 is. A server is a computer program that provides services to other computer programs (and their users), in the same or other computer. Microsoft Windows Server 2008 is the most advanced Windows Server operating system yet, designed to power the next generation of networks, applications, and Web services. With Windows Server 2008 you can develop, deliver, and manage rich user experiences and applications, provide a highly secure network infrastructure, and increase technological efficiency and value within an organization. In the Windows Server 2008 operating system, Microsoft is introducing many new features and technologies, which were not available in Windows Server 2003 with Service Pack 1 (SP1), that will help to reduce the power consumption of server and client operating systems, increase the security of computers running Windows Server 2008, and increase server efficiency and productivity.
Windows BitLocker Drive Encryption (BitLocker) is a security feature in the Windows Vista and Windows Server 2008 operating systems that can provide protection for the operating system on your computer and data stored on the operating system volume. In Windows Server 2008, BitLocker protection can be extended to volumes used for data storage as well. In windows Server 2008, Bitlocker is an optional component that must be installed before it can be used.
BitLocker performs two functions:
• BitLocker encrypts all data stored on the Windows operating system volume (and configured data volumes). This includes the Windows operating system, hibernation and paging files, applications, and data used by applications.
• BitLocker is configured by default to use a Trusted Platform Module (TPM) to help ensure the integrity of early startup components (components used in the earlier stages of the startup process), and "locks" any BitLocker-protected volumes so that they remain protected even if the computer is tampered with when the operating system is not running.
The major features of BitLocker include full-volume encryption, verification of the integrity of early startup components, a recovery mechanism, and support for a secure decommissioning process. Some things that should be considered before you enable BitLocker are your hardware requirements. You want your existing hardware to be powerful enough to handle the encryption, and if you want to use the system integrity features, your hardware platform must be equipped with a version 1.2 TPM. You should also evaluate your current corporate policies regarding data retention, encryption, and compliance. Always make sure you have a plan for data recovery. And also consider how recovery information will be stored and what decommissioning process will be used when servers will no longer be used.
First, with Full-Volume encryption, everything written to a BitLocker-protected volume is encrypted. This includes the operating system itself, and all applications and data. This helps protect data from unauthorized access. While the physical security of servers remains important, BitLocker can help protect data whenever a computer is stolen, shipped from one location to another, or otherwise out of your physical control. Encrypting the disk helps prevent offline attacks such as the removal of a disk drive from one computer and its installation in another in an attempt to bypass Windows security provisions.
Second, BitLocker uses the TPM to verify the integrity of early boot components and boot configuration data. This helps ensure that BitLocker makes the encrypted volume accessible only if those components have not been tampered with and the encrypted drive is located in the original computer, which helps prevent additional offline attacks, such as attempts to insert anything that could cause harm those components.
In day-to-day use, BitLocker protection is virtually transparent to the user. And in the event that system lockout occurs—for example, due to hardware failure, hardware changes, or an attempted security breach—BitLocker offers a simple, efficient recovery process, which is our third step. When BitLocker is enabled, the user is prompted to store a "recovery password" that can be used to unlock a locked BitLocker volume. The BitLocker setup wizard requires that at least one copy of the recovery password is saved.
At some point, all computers need to be removed from service and many are reassigned to different purposes during their useful life. Enterprises might have plans to recycle equipment, donate or sell it, or return it at the expiration of a lease, but every enterprise must also ensure that no confidential data can be retrieved from the decommissioned or reassigned equipment. Most processes that remove confidential data from disk drives are time consuming, costly, or result in the permanent destruction of the hardware. BitLocker helps ensure that data is never stored on disk in a way that would be useful to an attacker, thief or new hardware owner by making it inaccessible, which is the last step.
User Account Control (UAC) is a new technology and security infrastructure for Microsoft’s Server 2008 and Window’s Vista operating system. If you have Vista or are familiar with it you would recognize it as the annoying box that pops up asking for permission. But what UAC aims to improve is the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase in privilege level.
A read Only Domain Controller (RODC) is a new type of domain controller in Windows Server 2008. Its main purpose is to improve security in branch offices that might have a writable domain controller but not the physical security, network bandwidth, or local expertise to support it. Writeable domain controllers store sensitive data, such as passwords and other credentials and can lead to a security breach if that data ends up in the hands of unauthorized user. An RODC holds all Active Directory objects (Active Directory provides the means to manage the identities and relationships that make up network environments), attributes that a writable domain controller holds but RODCs can help with this problem in four ways: With the Read only feature If an application needs write access to Active Directory objects the RODC will send an Lightweight Directory Access Protocol (LDAP) which is a set of protocols for accessing information. LDAP redirects the application to a writable domain controller. An intruder on the RODC can’t manipulate the Active Directory database because nothing was ever written to the Active Directory. Second, If the RODC server host a Domain Name System server (DNS), the intruder won’t be able to tamper with the DNS data. A DNS is a naming system for computers, services, or any resource participating in the Internet. The third way is you can delegate a local Administrator role to a domain user. If an intruder gains access to the credentials of this local administrator account, they won’t be able to make changes on other domain controllers. And the final way is with Password Protection a malicious user won’t be able to access passwords using a brute-force-attack. This applies only if password caching is disabled on the RODC. If a password isn’t cached, the RODC will forward the authentication request to a writable DC. This ends my portion of the presentation, next my teammate Kendra will present the remainder of the presentation.
NAP is a policy enforcement platform that was built into Windows Server 2008 and some other windows software. It basically helps ensure that your system of lines (network) isn't compromised by unhealthy computers, isolating and/or remediating those computers that don't comply with the security policies you set. There is the Components for NAP and the Server Components which I will mention in this slide and go more in detail in the next slide. The Components are NAP agent, System Health Agent, and the server component is NAP administration server.
In this slide I’m going to tell you about the client components. This slide will go over the five steps of how it works. First the client request access then for step two the computers health state is validated against policies set by the administrator. As part of third step the request is sent to the Network Policy Server (NPS) and what this does is provide a central authentication and authorization service for all access sent by radius client. Don’t worry I know you don’t know what a radius client is so let me explain, a radius client is new software that a Network Access Server (NAS) uses. The NAS is used to connect to a large network and the radius communicates with radius clients verifying that the client complies with the radius protocol. For step four if the request for access is compliant access is granted and welcome to the network! Step five is only if the request isn't compliant the client is restricted and remediation is called. What happens is the remediation server issues updates so the computer requesting access meets the minimum requirements.
CNG has the ability to convert the use of protocols like SSL/TLS, CMS (S/MIME),
IPsec, Kereberos, etc. Prior to CNG, the protocol APIs needed to add algorithm selection and other options that didn’t exist. CNG is targeting Federal Information Processing Standards (FIPS). CNG complies with common criteria requirements by storing and using long lived keys in a secure process. CNG supports Suite B algorithms. This is the new standard required by the NSA to designate information as Top Secret. The standard is now necessary to all software vendors and system integrators. CNG supports the current set of Algorithms in Crypto AGI 1.0. CNG supports cryptography in kernel mode(Kernel mode means a program has complete control over the information and the hardware). The same APIs are used in both kernel and user mode to fully support the cryptography features. Many actions that happen in the CNG layer are audited in the Microsoft software key storage provider (KSP). CNG provides the ability to replace the default random number generator (RNG).
All functions within CNG are designed to support multithreaded or concurrent execution. CNG supports the three modes of operation that can be used with symmetric block ciphers through the encryption APIs. CNG provides a model for private key storage that adapts for current and future demands in cryptographic features. That would conclude the complete security features that we have selected to discuss today and to bring this presentation to a close I will like to test the audiences knowledge of the information given with ten questions.
1)Answer: When a client tries to access a network or communicate on a network it must present its system health requirements to gain unlimited access.
2)Answer: It stands for Network Access Protection
3) A computer program that provides services to other computer programs
4) Suite B is the new encryption standard for the NSA to which Microsoft and other software and hardware providers must now be compliant.
5) Cryptography is a system which allows the transferring of sensitive data online without detection.
6) Windows Vista and Windows Server 2008
7) User account control
8)Read Only Domain Controller
9)To improve security in office branches
10)No