Use Your IDS Appliance, presented by Kate Brew, Product Marketing Manager at ...Ixia NVS Group
Kate Brew, Product Marketing Manager at Ixia NVS - a leader in network visibility solutions, presented "How to Use Your IDS Appliance to Monitor Virtualized Environments".
Gigamon U - Missing Link TAP TechnologyGrant Swanson
One of the most difficult challenges facing Security, VoIP, and Network Management Solutions is how to implement network tools onto enterprise networks. Enterprise networks are becoming more complex when looking at how to monitor and capture data. It can be difficult or impossible to gain access to network SPAN Ports or inserting In-line Devices like Intrusion Prevention Systems into enterprise networks. Contention for network access is a major problem. Learn how to design a network access solution that meets the requirements for security, network monitoring, and overall network access solutions. We help solve the questions, How do I get secure access to the network for capturing data or monitoring data traffic? Why TAP your network?
Network Physics helps you defend your network against that too-familiar claim: "the network is slow!" Learn how the NP-2000 can solve your problems, without the hassle of SNMP, RMON2, agents, or synthetic transactions. The NetSensory solution operates across the most complex networks, WAN, VPN, MPLS, LAN, that delivers detailed real-time and historical information about performance, utilization, route quality, ISP performance, and end-user experience using Insight interface, a step-by-step Best Practice action guide. The result is radically simplified network troubleshooting, easier deployment of new applications and services, and reduced operating expenses.
Gigamon U - You Will See, Content Monitoring, Alerting, and Forensic AnalysisGrant Swanson
Reconnex is the leader in information monitoring and protection appliances designed for any organization, including enterprises, government agencies or education institutions that want to protect their brands, maintain compliance, or protect sensitive information. A privately-held company based in Silicon Valley, Calif., Reconnex protects information for companies such as Cadence, WebEx Communications, The George Washington University, SIRVA and Maimonides Medical Center.
Use Your IDS Appliance, presented by Kate Brew, Product Marketing Manager at ...Ixia NVS Group
Kate Brew, Product Marketing Manager at Ixia NVS - a leader in network visibility solutions, presented "How to Use Your IDS Appliance to Monitor Virtualized Environments".
Gigamon U - Missing Link TAP TechnologyGrant Swanson
One of the most difficult challenges facing Security, VoIP, and Network Management Solutions is how to implement network tools onto enterprise networks. Enterprise networks are becoming more complex when looking at how to monitor and capture data. It can be difficult or impossible to gain access to network SPAN Ports or inserting In-line Devices like Intrusion Prevention Systems into enterprise networks. Contention for network access is a major problem. Learn how to design a network access solution that meets the requirements for security, network monitoring, and overall network access solutions. We help solve the questions, How do I get secure access to the network for capturing data or monitoring data traffic? Why TAP your network?
Network Physics helps you defend your network against that too-familiar claim: "the network is slow!" Learn how the NP-2000 can solve your problems, without the hassle of SNMP, RMON2, agents, or synthetic transactions. The NetSensory solution operates across the most complex networks, WAN, VPN, MPLS, LAN, that delivers detailed real-time and historical information about performance, utilization, route quality, ISP performance, and end-user experience using Insight interface, a step-by-step Best Practice action guide. The result is radically simplified network troubleshooting, easier deployment of new applications and services, and reduced operating expenses.
Gigamon U - You Will See, Content Monitoring, Alerting, and Forensic AnalysisGrant Swanson
Reconnex is the leader in information monitoring and protection appliances designed for any organization, including enterprises, government agencies or education institutions that want to protect their brands, maintain compliance, or protect sensitive information. A privately-held company based in Silicon Valley, Calif., Reconnex protects information for companies such as Cadence, WebEx Communications, The George Washington University, SIRVA and Maimonides Medical Center.
Introduction to Small Business Server 2003 Part 2Robert Crane
This is the second of a three part series that covers the basics of installing, configuring and maintaining Microsoft Small Business Server 2003.
This part focuses on configuring Small Business Server to work with users and workstations as well features like remote access.
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...Nuage Networks
While much has been said about network virtualization, current solutions are limited to simplistic Layer-2 use cases, restricting services within boundaries of single data centers and resulting in proprietary islands. We describe a novel, open standards approach that fulfills the full promise of massively scalable network virtualization, enabling seamless interconnection of cloud services with existing enterprise environments.
Introduction to Small Business Server 2003 Part 2Robert Crane
This is the second of a three part series that covers the basics of installing, configuring and maintaining Microsoft Small Business Server 2003.
This part focuses on configuring Small Business Server to work with users and workstations as well features like remote access.
Nuage Networks: Gluecon 2013 Keynote: The True Potential of Network Virtualiz...Nuage Networks
While much has been said about network virtualization, current solutions are limited to simplistic Layer-2 use cases, restricting services within boundaries of single data centers and resulting in proprietary islands. We describe a novel, open standards approach that fulfills the full promise of massively scalable network virtualization, enabling seamless interconnection of cloud services with existing enterprise environments.
Nuage Networks: Delivering Datacenter Networks As Consumable as Computee_scot...Nuage Networks
While much has been said about network virtualization, current solutions remain limited to simplistic use cases, restricting services within boundaries of single data centers or virtualized islands. We describe a novel approach that fulfills the promise of massively scalable network virtualization and enables the seamless interconnection of cloud services with existing enterprise environments. Speaker: Scott Sneddon, Principle Solutions Architect, Nuage Networks
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Dan Mihai Dumitriu
OpenStack deployments for public or private clouds require overlay networking. Due to the scale and rate of change of virtual resources, it isn't practical to rely on traditional network constructs and isolation mechanims. Today's deployments require performance, resilience, and high availability to be considered truly production-ready. In this session, we deep dive into the MidoNet architecture, and process of sending a data packet across an OpenStack environment through a network overlay. A distributed architecture implements logical constructs that are used to build networks without a single point of failure, all while adding network functionality in a highly-scalable manner. Network functions are applied in a single virtual hop. By applying network services right at the ingress host, the network is free from unnecessary clogging and bottlenecks by avoiding additional hops. Packets reach their destination more efficiently with the single virtual hop. After this session, the audience will understand how distributed architectures allow efficient networking with routing decisions and network services applied at the edge. Also, the audience will understand how it is easier to scale clouds when the network intelligence is distributed.
Jorg-Peter Elbers delivers presentation at IP Expo 2012 in London about how expanding OpenFlow SDN protocol beyond the data centre will lead to more efficient cloud networking environments and business innovation.
Networking is NOT Free: Lessons in Network DesignRandy Bias
An in-depth critique of the existing OpenStack networking approach, with a focus on how the Nova network controller is more of a hindrance than a help. Discusses the gap in Quantum's functionality required to close the gap, and alternative solutions. How can we make networking in OpenStack robust, high performance, and fault tolerant? What do typical large scale networks look like and what lessons can we learn from them? Is there an approach to networking we can take that is the same with a handful of servers as it is with hundreds of racks?
Similar to [SOS 2009] D-Link: Red Segura L2 L3 (20)
La labor de gestionar la seguridad de una empresa suele ser como bailar sobre el alambre. Hay que permitir que el negocio siga funcionando, estar a la última, proteger lo ya implantado e innovar en cosas nuevas. Eso sí, de forma más eficiente cada año y con menos presupuesto. Todo ello, con el objetivo de no que no pase nada. La conclusión de esto es que al final siempre queda Long Hanging Fruit para que cualquiera se aproveche.
Configurar y utilizar Latch en MagentoChema Alonso
Tutorial realizado por Joc sobre cómo instalar y configurar Latch en el framework Magento. El plugin puede descargarse desde https://github.com/jochhop/magento-latch y tienes un vídeo descriptivo de su uso en http://www.elladodelmal.com/2015/10/configurar-y-utilizar-latch-en-magento.html
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
Diapositivas de la presentación impartida por Chema Alonso durante el congreso CELAES 2015 el 15 de Octubre en Panamá. En ella se habla de cómo en Eleven Paths y Telefónica se utilizan las tecnologías Tacyt, Sinfonier y Faast para luchar contra el e-crime.
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...Chema Alonso
Technicall report created by Gartner analyst in which they explore Telefonica & Eleven Paths technologies to provide Authentication & Authorization as a Service. In it they analyse Mobile Connect, Latch, SealSign and SmartID
CritoReto 4: Buscando una aguja en un pajarChema Alonso
Los últimos meses la contrainteligencia británica ha avanzado a pasos agigantados en la localización de agentes rusos activos en suelo inglés. Los avances en criptoanálisis, del ahora ascendido Capitán Torregrosa, han permitido localizar el punto central de trabajo de los agentes rusos. Después de días vigilando “Royal China Club”, no se observa ningún movimiento, da la sensación que no es un lugar de encuentro habitual, aunque según las informaciones recopiladas los datos más sensibles de los operativos rusos se encuentran en esa localización. Por este motivo, se decide entrar en el club y copiar toda la información para analizarla. Entre las cosas más curiosas encontradas, se observa un póster en la pared con una imagen algo rara y una especie de crucigrama, así como un texto impreso en una mesa. Ningún aparato electrónico excepcional ni nada aparentemente cifrado. ¿Podrá la inteligencia británica dar por fin con los agentes rusos? El tiempo corre en su contra…
Talk delivered by Chema Alonso at RootedCON Satellite (Saturday 12th of September 2015) about how to do hacking & pentesting using dorks over Tacyt, a Big Data of Android Apps
Pentesting con PowerShell: Libro de 0xWordChema Alonso
Índice del libro "Pentesting con PowerShell" de 0xWord.com. Tienes más información y puedes adquirirlo en la siguiente URL: http://0xword.com/es/libros/69-pentesting-con-powershell.html
Recuperar dispositivos de sonido en Windows Vista y Windows 7Chema Alonso
Artículo de Windows Técnico que muestra cómo recuperar dispositivos de sonido en Windows Vista y Windows 7 cuando estos desaparecen. Más información en http://www.elladodelmal.com
Charla impartida por Chema Alonso en el congreso Internet 3.0 el 24 de Abril de 2015 en Alicante sobre cómo la gente que cree en las soluciones mágicas y gratuitas acaba siendo estafada o víctima de fraude. Todas las partes de la presentación llevan sus enlaces a los artículos correspondientes para ampliar información.
Conferencia impartida por Chema Alonso en el Primer Congreso Europeo de Ingenieros Informático realizado en Madrid el 20 de Abril de 2015 dentro de las actividades de la Semana de la Informática 2015. El vídeo de la conferencia está en la siguiente URL: https://www.youtube.com/watch?v=m6WPZmx7WoI
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...Chema Alonso
Cuarta Edición del Curso Online de Especialización en Seguridad
Informática para la Ciberdefensa
Del 4 de mayo al 4 de junio de 2015
Orientado a:
- Responsables de seguridad.
- Cuerpos y fuerzas de seguridad del Estado.
- Agencias militares.
- Ingenieros de sistemas o similar.
- Estudiantes de tecnologías de la información
Auditoría de TrueCrypt: Informe final fase IIChema Alonso
Informe con los resultados de la fase II del proceso de auditoría del software de cifrado de TrueCrypt que buscaba bugs y posibles puertas traseras en el código.
La mayoría de la gente tiene una buena concepción del hardware de Apple. En este artículo, José Antonio Rodriguez García intenta desmontar algunos mitos.
Latch en Linux (Ubuntu): El cerrojo digitalChema Alonso
Artículo de cómo fortifica Linux (Ubuntu) con Latch: El cerrojo digital. El paper ha sido escrito por Bilal Jebari http://www.bilaljebari.tk/index.php/es/blog/5-latch-en-ubuntu
Índice de contenidos del libro "Hacking con Python" escrito por Daniel Echevarri y publicado por 0xWord. Más información en: http://0xword.com/es/libros/67-hacking-con-python.html
Talk delivered by Chema Alonso in CyberCamp ES 2014 about Shuabang Botnet discoverd by Eleven Paths. http://www.slideshare.net/elevenpaths/shuabang-with-new-techniques-in-google-play
Tu iPhone es tan (in)seguro como tu WindowsChema Alonso
Charla dada por Chema Alonso en Five Talks sobre cómo funciona la seguridad de iPhone. Más información y detalles en el libro Hacking iOS {iPhone & iPad} http://0xword.com/es/libros/39-libro-hacking-dispositivos-ios-iphone-ipad.html
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
UiPath Test Automation using UiPath Test Suite series, part 5
[SOS 2009] D-Link: Red Segura L2 L3
1. Technet S.O.S
Red Segura con Switches D-Link
D-
Xavier Campos
Product Manager SP & PT
xavier.campos@dlink.es
Barcelona, 14 de Julio de 2009
D-Link
2. Challenges of Today’s Networks
Firewall
Service unstable
Server Core Switch
Farm
Loop
Switch Connection
Switch
Security breach Switch
Performance downgrade IP
Low manageability Conflict
Worm
s
ARP
Spoofing
Unauthorized
Access
Worm infection within Intranet
3. Endpoint Security Solutions of xStack Switches
• Authentication
• Authorization
• Node/Address Control
• Attack Mitigation
• Microsoft NAP Server
4. Problem: Unauthorized Access
• Traditionally security censorship takes place at perimeter
• Intranet users can connect to network without authorization
Financial Information
ERP
Server Leakage System
Employee
Everyone can connect
Malicious to your network without
authorization!
User
Guest R&D
Hackin
g Server
Incident
• Lack of proper control on the RJ45 socket outlet
• Lack of proper control for the wireless users
• Client can easily go anywhere without authorization
5. Solution for Unauthorized Access
• D-Link’s Solution 1:
802.1x Authentication
Web-based Access Control (WAC) [Captive Portal]
• When to use ?
Perform user authentication to realize the user identity control
The clients must be authenticated based on user login information, regardless
of the user’s location or device.
• Benefit :
Mobility : User can get their designated privilege no matter where they are, or
the devices they use
Clientless: Easy to deploy, easy to use (WAC)
Better Security Management: Pushing the security control to the edge, all the
clients must be authenticated before entering the network
6. Solution for Unauthorized Access
• D-Link’s Solution 2:
MAC-based Access Control (MAC)
• When to use ?
For VoIP phone, printer, router, IP camera, AP devices which doesn’t have
web browser, or 802.1x supplicant can’t be installed.
Stricter control for end user devices. Specially suitable for campus network,
public sector, or enterprises that need device control.
• All the clients are authenticated automatically and granted a specific role to
the network
• Benefit :
Clientless: Easy to deploy. Totally transparent to clients
Device Management: Only allow legitimate devices to connect to the network
7. Endpoint Security Solutions of xStack Switches
• Authentication
• Authorization
• Node/Address Control
• Attack Mitigation
• Microsoft NAP Server
8. Requirement: Authorization by user’s identity
The network is under granular control by segregating the traffic!
Financial ERP
server system
RD
Accounting
Sales R&D
server
• RD dep. is granted to access R&D server and internet only
Guest
• Accounting dep. is granted to access Financial server and ERP system only
• Sales dep. is granted to access ERP system and internet only
• Guest users can only connect to Internet
9. Solution for Authorization by user’s identity
• D-Link’s Solution:
Dynamic VLAN Assignment
Guest VLAN (Restricted network access)
Client Attribute Designation
• Bandwidth control per port / per flow
• 802.1p priority (default value per port)
• ACL that delivers user identity control as set of services *
Radius Server
Bandwidth parameter
802.1p priority parameter
ACL
Client attributes can be designated by the
Radius server after successful authentication
• The identity-based security policies provide appropriate access right for
different users
* Under development
10. Endpoint Security Solutions of xStack Switches
• Authentication
• Authorization
• Node/Address Control
• Attack mitigation
• Microsoft NAP Server
11. Problem: Loop Connection
• Users connect their own switches and cause loop unintentionally or purposely
• The loop can cause packet storm and overwhelm the whole system
Packet
Storm
Loop
12. Solution for Loop Connection
• D-Link’s Solution: Loopback Detection ( LBD v4.0 )
STP (Spanning Tree Protocol) Independent
• Unmanaged switches usually do not have Spanning Tree Protocol
function
• D-Link’s design can detect loop connections even when STP is absent
Flexible Settings for Loop Prevention
• Port-based or
• VLAN-based
V1 V2
V1 V2
PC1
Loop
Loop
PC2
1. Port-based LBD 2. VLAN-based LBD
- Port shut down, no traffic is allowed - Block the traffic from the loop happening VLAN
without shutting down the trunking port.
14. Problem: IP Management
• Auditing Problem
Current auditing mechanisms, for example, syslog, application log, firewall
log, etc, are mainly based on IP information. The log information is
meaningless if the IP can be changed by the users without control.
• IP Conflict Problem
IP conflict is the most popular problem in today’s networks, cause sometimes
users change the IP address manually and conflict with other resources,
such as others’ PCs, core switches, routers or servers.
Auditing IP Conflict
Problem 192.168.1.1
00E0-0211-1111
192.168.1.2
00E0-0211-2222
192.168.1.1 IP Conflict
00E0-0211-3333
15. Solution for IP Management
• D-Link’s solution 1:
IMP (IP-MAC-Port) Binding v3 (DHCP Snooping)
IMP Binding v3 will automatically learn the IP and MAC address pairs and save
them into the local Database.
Only the traffic with right address match in the White List can pass through the
port
IMP Binding v3 Enabled A 192.168.1.1
00E0-0211-1111
Assigned by DHCP
B 192.168.1.2
00E0-0211-2222
192.168.1.1
C
00E0-0211-3333
Address Learning
( IP is Manually configured by user )
White List
192.168.1.1 00E0-0211-1111 Port1
192.168.1.2 00E0-0211-2222 Port2
16. Problem & Solution – Rogue DHCP Server
• Problem: Users set up their own DHCP server
• Impact:
Incorrect IP assignment
Disturb network connectivity
• D-Link’s solution: DHCP Server Screening
Screen rogue DHCP server packets from user ports to prevent
unauthorized IP assignment
DHCP Server
Normal DHCP assignment
Sorry, you’re illegal
DHCP Server Packet
I’m DHCP Server
PC1 Rogue DHCP Server
PC2
17. Endpoint Security Solutions of xStack Switches
• Authentication
• Authorization
• Node/Address Control
• Attack Mitigation
• Microsoft NAP Server
18. Problem: ARP Spoofing Attack
• What is ARP Spoofing?
Hackers use faked ARP carrying the wrong
MAC/IP information to cheat network Router PC MAC = “attacker MAC” address
devices
• How ARP Spoofing attacks the networks?
ARP spoofing as DoS:
Popular in Internet Café
Hacker supplants a server or a router, or
cheats the clients to go to a non-existing
router
The inter subnet connection and internet
access of whole network will be impacted. Server
Man in the middle:
Popular in business environment Hacker
Hacker cheats the victim PC that it is a Broadcast spoofed
router PC MAC adress
Router MAC = “attacker MAC” address
Hacker cheats the router that it is the victim
All the traffic will be sniffed by the hacker
and users will never know
19. Solution for ARP Spoofing Attack
• D-Link’s Solution: IP-MAC-Port Binding
Establish the database of the relationship between the IP, MAC and port
Switch blocks the illegal access immediately once the mismatched ARP
packet is found.
Router IP MAC Port
IP: R R r 26
A a 2
MAC: r
B b 12
C c 16 You’re not Router
You’re not PC-A
…
…
Faked ARP
R
IP: A I’m Router
I’m PC-A
MAC: c
PC-A PC-B PC-C
IP: A IP: B IP: C
MAC: a MAC: b MAC: c
20. Solution for ARP Spoofing Attack
• D-Link’s Solution: ARP Spoofing Prevention
An effective way to protect your router & servers
Simpler setup than IMPB and consumes fewer ACL rules
Users can input the IP and MAC of the Router or important Servers
Switch will compare all inbound ARP Packets against configured MAC and IP
Used to block the invalid ARP packets which contain fake gateway’s MAC and
IP
Router IP MAC
R r
IP: R S s
MAC: r You’re not Router
Server
IP: S
MAC: s
Faked ARP
IP: R I’m Router
MAC: c
PC-A PC-B PC-C
IP: A IP: B IP: C
MAC: a MAC: b MAC: c
21. MITM Attack Scenario
INTERNET ARP Scan
Public FTP Server
192.168.0.1/24
ARP Poison
Routing (APR)
192.168.0.2/24
FTP Server
Cuenta Usuario: technet
client
Password: SOS
hacker
23. Endpoint Security Solutions of xStack Switches
• Authentication
• Authorization
• Node/Address Control
• Attack Mitigation
• Microsoft NAP Server
24. Microsoft NAP Support
• Advantage of Network Access Protection
Authorized users may access systems from authorized endpoints
Network Access Protection
• Evaluating security compliance before connection permitted
• Quarantine and remediation for non-compliance user
• Identity-based network admission control
Automatic endpoint remediation
• Enforce policy before access is granted
• Execute updates, programs, software services, etc.
25. NAP Illustration
Corporate Network System Health
Servers
Restricted Network Remediation Server
Ongoing policy updates
to NPS Policy Server
Can I have updates?
Here you go
May I have access.
Requesting access? Should this client be restricted
Here’s my new
current based on its health?
health status
According to policy, the client
You are given xStack Series is not to date
up up to date. Quarantine Microsoft Network
restricted access Switches client and request it to Policy Server
until fix-up. Grant access!!!
update.
Client
Client is granted access to full intranet
26. NAP 802.1X Flow Chart
Enable port-based 802.1X
with Guest VLAN
on xStack Switch
802.1X Fai Client stays in
Ye Authentication l Guest VLAN
s
Remediation If client compliance status or
process completed company policy is changed
Success
Client is assigned to
Not Compliant Policy Compliance Compliant Compliance VLAN
Client is assigned to
Non-compliance VLAN Check
for remediation
27. Necessary Policies in 802.1X NAP Scenario
• There are 3 type of polices should be configured under Network Policy
Server, which is a component within Microsoft Windows Server 2008.
– Connection Request Policy
• This policy determines which connection request is acceptable.
• In 802.1X NAP scenario, only connection requesting from xStack Switch is
acceptable.
– Health Policy
• System Health Validator (SHV) determines which element is needed when
validating health status, such like: firewall status, anti-virus status, anti-spyware
status and so on.
• Health Policy adopts SHVs to determine which criteria is healthy, passing all the
SHV checks is considered healthy.
– Network Policy
• Network Policy determines which action is going to take based on the health
status.
28. How to implement NAP
• Microsoft Active Directory
– Install Active Directory Certificate Services
• Microsoft Windows Server 2008
– Install Network Policy Server (new version RADIUS server)
– Configure RADIUS setting, correlated with xStack
– Configure polices, rules and actions
• Connection Request Policy
• Health Policy ( System Health Validator )
• Network Policy
• Microsoft Windows Vista or XP SP3 with NAP client
– Enable NAP client enforcement feature
• D-Link xStack DES-3500, DES-3800, DGS-3200, DGS-3400 or DGS-3600
Series
– Configure RADIUS setting, correlated with Windows 2008
– Enable Port-based 802.1X with Guest VLAN
29. NAP Server Scenario
INTERNET
192.168.0.1/24
192.168.0.2/24 Administrator
192.168.0.3/24
client Authentication Server
192.168.0.14/24
(Windows Server 2008)
30. NAP 802.1X Scenario
SW IP : 192.168.0.2/24
Guest VLAN
VLAN 2
Client: 192.168.0.14/24 VLAN 3
AD/ NPS/Radius Server
192.168.0.3/24
The client is put in Guest VLAN originally. If it comply all requirement, the port connecting by the client will be
transfer to Compliance VLAN (VLAN 2 in the example). Otherwise, the port is put in VLAN 3 and wait for
remediation. After remediation, the port will be authenticated again and transfer to VLAN 2.
Before remediation
Client in NoCumple VLAN
VID3
After remediation
Client in Cumple VLAN
VID2
31. DGS-3200-10 Configuration
# 8021X Command
enable 802.1x
config 802.1x auth_mode port_based
config 802.1x capability ports 1-4 authenticator
config 802.1x capability ports 5-10 none
# Setup Radius
config radius add 1 192.168.0.3 key secreto default
# Create two VLANs. One for Cumple (VLAN 2), another for NoCumple (VLAN 3)
config vlan default delete 7-8
create vlan Cumple tag 2
con vlan Cumple add untag 7
create vlan Nocumple tag 3
con vlan NoCumple add untag 8
# Config System IP address
config ipif System ipaddress 192.168.0.2/24 vlan default state enable
# Guest VLAN configuration
create 802.1x guest_vlan default
config 802.1x guest_vlan ports 1-4 state enable
32. Network Access Protection - Resources
• Network Access Protection Web site
– http://technet.microsoft.com/zh-tw/network/bb545879(en-us).aspx
• Introduction to Network Access Protection
– http://www.microsoft.com/technet/network/nap/napoverview.mspx
• Network Access Protection Platform Architecture
– http://www.microsoft.com/technet/network/nap/naparch.mspx
• Step By Step Guide: Demonstrate 802.1X NAP Enforcement in a Test
Lab
– http://www.microsoft.com/downloads/details.aspx?FamilyID=8a0925ee-ee06-4dfb-
bba2-07605eff0608&displaylang=en
• Network Access Protection: Frequently Asked Questions
– http://www.microsoft.com/technet/network/nap/napfaq.mspx
• Network Access Protection - TechNet Forums
– http://social.technet.microsoft.com/forums/en-US/winserverNAP/threads/