This document summarizes the Netscape Certificate Management System 4.0. Some key points:
- It provides flexible and scalable certificate management for secure e-commerce applications. It can scale to millions of users and certificates.
- Version 4.0 offers improved integration with directories, support for client/server certificates, hardware signing acceleration, and a simplified user experience.
- It has a modular Java-based architecture and exposes APIs to enable customization and integration with other systems.
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!EC-Council
Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
If organizations are truly working to limit Internet abuse and protect end users, we need to take a more thoughtful approach to botnet takedowns – or once again bots will veer their ugly heads.
There are three main causes of ineffective takedowns:
The organizations performing botnet takedowns do so in a haphazard manner.
The organizations do not account for secondary communication methods, such as peer-to-peer or domain generation algorithms (DGA) that may be used by the malware.
The takedowns do not result in the arrest of the malware actor.
So what does a successful botnet take down actually look like? In his presentation on Botnet SmackDowns, Brian Foster, CTO of Damballa will share with attendees how to effectively takedown botnets for good. The only way botnet takedowns will have a lasting impact on end user safety is if security researchers use a comprehensive and systematic process that renders the botnet inoperable.
Nana Owusu provides a resume summarizing her qualifications and experience in information technology and networking. She has over 10 years of experience in internetworking, help desk support, and systems administration. Her background includes expertise in Linux, Windows, networking protocols, firewalls, routers, switches and information security certifications. She is currently employed as an Information Assurance Analyst ensuring systems are regularly scanned and audited in compliance with DOD policy.
Tools Of The Hardware Hacking Trade FinalPriyanka Aash
This document provides an overview of various tools that can be used for hardware hacking and analysis. It discusses tools for tasks like information gathering, device teardown, interface monitoring and analysis, and firmware extraction. Specific tools covered include oscilloscopes, logic analyzers, protocol analyzers, the Bus Pirate, USB-to-serial adapters, software defined radios, soldering equipment, device programmers, debug tools, and imaging equipment like x-rays and electron microscopes. Examples are given of how several of these tools have been used in past hardware analyses and attacks. The document concludes by encouraging the reader to set up a hardware hacking lab and collaborate with others to stay up-to-date on new tools and techniques.
RT and RTIR are open source ticketing systems designed by Jesse Vincent and Best Practical to help system administrators, helpdesk staff, and CERT teams be more effective. RTIR is based on RT but customized for incident response with features like incident reports, investigations, and network blocks. It provides a workflow and tools to help teams track incidents from initial reports through investigation and resolution. Both systems are free to use and have an active international user and developer community providing support.
Advanced red teaming all your badges are belong to usPriyanka Aash
The document is a presentation by Eric Smith and Josh Perrymon of LARES on red teaming and advanced RFID attacks. It begins with an introduction to red teaming and how it is used to test security measures. It then provides overviews of RFID technologies, traditional and advanced attacks against access control systems using RFID badges, and recommendations for risk mitigation and remediation. The presenters have extensive experience in security and red teaming and demonstrate attacks such as RFID cloning, privilege escalation, and blended attacks.
The document discusses Tumbleweed Communications Corp., a leader in secure internet messaging. It provides examples of Tumbleweed's federal customers and the company's validation authority and secure server architectures which enable real-time validation of digital certificates across networks. Case studies of Tumbleweed's implementation for the Navy & Marine Corps Intranet and Navy SPAWAR are also presented.
1. A microservices delivery platform consists of a microservices platform combined with CI/CD pipelines. It allows delivering microservices through continuous integration and continuous delivery.
2. Example platforms rely on open source technologies from Netflix and use dozens of ECS clusters and hundreds of microservices across Java, .NET, and Node.js. CI/CD pipelines are shared through templates.
3. Lessons learned include making CI and CD pipelines distinguishable, updating templates is difficult, and generators save effort but require ownership and version management. Naming, cost tracking, documentation, and dedicated testing are also important.
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!EC-Council
Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
If organizations are truly working to limit Internet abuse and protect end users, we need to take a more thoughtful approach to botnet takedowns – or once again bots will veer their ugly heads.
There are three main causes of ineffective takedowns:
The organizations performing botnet takedowns do so in a haphazard manner.
The organizations do not account for secondary communication methods, such as peer-to-peer or domain generation algorithms (DGA) that may be used by the malware.
The takedowns do not result in the arrest of the malware actor.
So what does a successful botnet take down actually look like? In his presentation on Botnet SmackDowns, Brian Foster, CTO of Damballa will share with attendees how to effectively takedown botnets for good. The only way botnet takedowns will have a lasting impact on end user safety is if security researchers use a comprehensive and systematic process that renders the botnet inoperable.
Nana Owusu provides a resume summarizing her qualifications and experience in information technology and networking. She has over 10 years of experience in internetworking, help desk support, and systems administration. Her background includes expertise in Linux, Windows, networking protocols, firewalls, routers, switches and information security certifications. She is currently employed as an Information Assurance Analyst ensuring systems are regularly scanned and audited in compliance with DOD policy.
Tools Of The Hardware Hacking Trade FinalPriyanka Aash
This document provides an overview of various tools that can be used for hardware hacking and analysis. It discusses tools for tasks like information gathering, device teardown, interface monitoring and analysis, and firmware extraction. Specific tools covered include oscilloscopes, logic analyzers, protocol analyzers, the Bus Pirate, USB-to-serial adapters, software defined radios, soldering equipment, device programmers, debug tools, and imaging equipment like x-rays and electron microscopes. Examples are given of how several of these tools have been used in past hardware analyses and attacks. The document concludes by encouraging the reader to set up a hardware hacking lab and collaborate with others to stay up-to-date on new tools and techniques.
RT and RTIR are open source ticketing systems designed by Jesse Vincent and Best Practical to help system administrators, helpdesk staff, and CERT teams be more effective. RTIR is based on RT but customized for incident response with features like incident reports, investigations, and network blocks. It provides a workflow and tools to help teams track incidents from initial reports through investigation and resolution. Both systems are free to use and have an active international user and developer community providing support.
Advanced red teaming all your badges are belong to usPriyanka Aash
The document is a presentation by Eric Smith and Josh Perrymon of LARES on red teaming and advanced RFID attacks. It begins with an introduction to red teaming and how it is used to test security measures. It then provides overviews of RFID technologies, traditional and advanced attacks against access control systems using RFID badges, and recommendations for risk mitigation and remediation. The presenters have extensive experience in security and red teaming and demonstrate attacks such as RFID cloning, privilege escalation, and blended attacks.
The document discusses Tumbleweed Communications Corp., a leader in secure internet messaging. It provides examples of Tumbleweed's federal customers and the company's validation authority and secure server architectures which enable real-time validation of digital certificates across networks. Case studies of Tumbleweed's implementation for the Navy & Marine Corps Intranet and Navy SPAWAR are also presented.
1. A microservices delivery platform consists of a microservices platform combined with CI/CD pipelines. It allows delivering microservices through continuous integration and continuous delivery.
2. Example platforms rely on open source technologies from Netflix and use dozens of ECS clusters and hundreds of microservices across Java, .NET, and Node.js. CI/CD pipelines are shared through templates.
3. Lessons learned include making CI and CD pipelines distinguishable, updating templates is difficult, and generators save effort but require ownership and version management. Naming, cost tracking, documentation, and dedicated testing are also important.
SAI Avondconferentie - 26/09/2019 - https://sai.be/event/12453
(Description in dutch)
Serverless computing verandert de manier waarop wij onze cloud omgevingen ontwerpen. Het laat ons toe om de voordelen van de cloud optimaal te benutten zonder de operationele overhead ervan. Door middel van Serverless Integration Architectures kunnen belangrijke stappen gezet worden in het aanbieden van meer stabiele, meer schaalbare en meer kosten-efficiënte IT-services.
Met FaaS (Function-As-A-Service), cloud native messaging en serverless API management zijn de belangrijke bouwstenen reeds aanwezig voor een nieuwe generatie van integratie-architecturen. Dit maakt van integratie use cases ideale kandidaten als 'early adopters' voor deze serverless technologie.
In deze avondconferentie onderzoeken wij hoe serverless het integratie-landschap verandert. We bespreken de 'serverless integration architectures'. We bestuderen het ecosysteem van beschikbare tools en frameworks en becommentariëren best practices. En wij beantwoorden vragen zoals: is het standaardwerk 'Enterprise Integration Patterns' wel nog relevant ? Zal FaaS mijn ESB vervangen ? Faciliteert het microservices architectures ? En hoe kiezen tussen iPaaS (integration Platform-As-A-Service) en FaaS ?
De uiteenzetting is technologie onafhankelijk, maar wij onderbouwen de bevindingen met voorbeelden uit het kennisdomein: serverless integratie en API management op Amazon Web Services (AWS).
By the end of this webinar you should be able to understand
Top five skills needed to break into a career in information security analysis
Tips and tricks to study for the CS0-001
IDS, Firewalls, etc CompTIA Cybersecurity Analyst (CSA+) is an international, vendor-neutral cybersecurity certification that applies behavioral analytics to improve the overall state of IT security. CSA+ validates critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.
emCA is a robust, standards compliant, fully scalable policy driven digital certificate issuance and management solution with the support for commercial strength of popular keypair algorithms. Certificates generated by emCA comply with the X.509 v3 standards. emCA has the capability to support custom developed algorithms.
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesNRB
We are expecting more and more from our IBM z Systems. Our critical data and applications are nested in our IBM z Systems infrastructure, and more than ever it positions itself as the security hub. It now exports services to secure distributed environment thanks to its security as a services capabilities. During this lecture, Mr Darées talks about z Systems Roles for security in most of today’s hot topics (compliance, Database encryption, Tokenization, Digital Certificates, ...).
The document discusses SSL/TLS trends, practices, and futures. It covers global SSL encryption trends and drivers like increased spending on security and regulatory pressure. It discusses SSL best practices like enabling TLS 1.2, disabling weak protocols, using strong cipher strings, and enabling HTTP Strict Transport Security. The document also looks at solutions from F5 like hardware security modules, advanced key and certificate management, and market leading encryption support. It explores emerging standards like TLS 1.3 and topics like elliptic curve cryptography. Finally, it discusses what's next such as OCSP stapling and F5's SSL everywhere architecture.
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
To guarantee data integrity and confidentiality in Alfresco, we need to implement authentication and encryption at-rest and in-transit. With micro services proliferation, orchestrating platforms, complex topologies of services and multiple programming languages, there is a demand of new ways to manage service-to-service communication, and in some cases, without the application needing to be aware. In addition to that, compliance requirements around encryption and authentication come to the picture requiring new ways to handle them. This talk will review encryption at-rest solutions for ADBP, and will be also discuss about solutions for encryption and authentication between services. This will be an introduction to service mesh and TLS/mTLS. We will see a demo of ACS running with Istio over EKS along with tools like WaveScope, Kiali, Jaeger, Grafana, Service Graph and Prometheus.
Cisco Connect Ottawa 2018 secure on premCisco Canada
The document summarizes secure collaboration for on-premise voice and video deployments. It discusses the importance of collaboration security and outlines Cisco's strategy for securing collaboration deployments. The presentation covers key security topics like PKI, certificates, TLS, cipher suites, and certificate distribution in Cisco Unified Communications Manager.
RubiOne: Apache Spark as the Backbone of a Retail Analytics Development Envir...Databricks
The retail industry has a long history of fierce competition leading to innovations in marketing and operational efficiencies; however, this rapid advancement has not always kept pace with the latest advances in technology. This is evident by the abundance of business analysts at large enterprise retailers who are often constrained more by their own IT departments than by a lack of expertise or problems to solve.
RubiOne was designed as a vertically-integrated big data analytics development environment for retail business analysts and data scientists, with Apache Spark as the cornerstone of the product. It allows retailers to make data-driven decisions going beyond traditional analytics tools such as SQL and Excel. Using Apache Spark as one of the primary tools to query data and perform analytics, issues such as package installation, computational resources, and scalability are seamlessly handled by RubiOne.
In this session, you will learn how Apache Spark can serve as a shared backbone for an entire suite of enterprise services such as credential management, continuous integration, ad-hoc interactive data exploration, and task automation, while still maintaining hard enterprise requirements around security, availability, and cost. Learn from our war stories and best practices around transparently scaling Apache Spark clusters with Kubernetes, managing service and user isolation, and monitoring accurate enough for both debugging and billing. Beyond the technical aspects, we’ll also share our experiences of working with a global enterprise retailer to drive adoption of a modern big data technology stack centered around Apache Spark.
Service mesh in Microservice World to Manage end to end service communicationsSatya Syam
This document discusses service mesh as a way to manage communication between microservices. It defines service mesh and explains that it handles cross-cutting concerns like routing, security, and observability that are common to microservices. The document also discusses specific service mesh implementations like Istio, describing its data plane and control plane architecture and features such as security, resilience, and observability. It concludes with a decision tree for determining whether to use a service mesh.
Mohamed Omar Elhamshary is seeking an IT specialist position and has over 15 years of experience in networking. He has worked in various roles including network engineer, team leader, and network manager. He has extensive technical skills in networking, routing, switching, firewalls, and voice solutions. He also has management experience including project management, team leadership, and client management. He has multiple professional certifications including CCNP, CCIE, MCSE, RHCSA, and PMP.
TTL Alfresco Product Security and Best Practices 2017Toni de la Fuente
Slide deck used during Tech Talk Live #110 in October 2017. Phil Meadows and myself discussed about Alfresco products security and I went through Alfresco CS security best practices.
This document provides a summary of Rizwan Jamal's qualifications and experience. He has over 18 years of experience in network engineering, design, testing, security, implementation, monitoring and troubleshooting. He is seeking a role that allows him to provide technical leadership and harness his expertise. He has extensive experience working with various networking protocols, platforms, and technologies. He has held senior engineering roles at Microsoft and Cisco, and has a proven track record of managing projects, teams, and customer implementations.
Organizations continuously look to drive more value with less resources for their security operations. The deluge of data and lack of skilled security professionals highlight the critical need for automation to help manage today’s sophisticated attacks, but is it feasible to automate everything? HPE Security will discuss the potential for security automation and where a human can’t be replaced.
(Source: RSA Conference USA 2017)
The document provides details about the AWS Summit Milano 2018 event including:
- 3,000 attendees were expected to attend across 30 breakout sessions and keynotes
- The agenda included breakout sessions on architecture, DevOps, migration, data protection, machine learning and more
- Global sponsors included AWS as the platinum sponsor along with gold and silver sponsors
- Event activities included the AWS booth, innovation lounge, and startup central
FIWARE Global Summit - Keyrock: Protecting MicroservicesFIWARE
This document discusses the FIWARE ecosystem, which is a framework of open source platform components that can be assembled together to accelerate the development of smart solutions. It focuses on the identity and access control management components, including Keyrock for identity management, Wilma as a PEP proxy, and AuthZForce as an authorization PDP. It describes their main features and how they work together to provide identity and access control functionality within the FIWARE ecosystem.
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
IRM, OME, S/MIME, and more: Managing Encryption in Exchange Online
In this webinar we’ll cover all the different types of encryption available in Exchange Online. We’ll talk about everything from how to set each encryption technology up, to when is the best time to use each technology. If your organization is using Office 365, but is not taking advantage of the built-in encryption technology available, you won’t want to miss this session.
The document summarizes a webinar on network architecture for containers presented by JR Rivers of Cumulus Networks and Sasha Ratkovic of Apstra. It discusses how compute requirements continue growing, forcing enterprises to adopt techniques from web-scale companies like multi-tenancy, network virtualization, and automation. It then highlights how Cumulus Linux and Apstra work together to enable high-scale container deployments through IP fabrics, automation, and continuous monitoring. The webinar demonstrates defining network intent, automatic configuration of Cumulus Linux without deep knowledge, validating infrastructure deployments, and answering questions about the solution.
Implementing Digital Signatures in an FDA-Regulated EnvironmentPerficient, Inc.
Perficient’s life sciences practice once had a manual, time-consuming and expensive process for signing and collecting validation documents. From handwritten signatures to scanning and shipping documents all over the globe, it was only a matter of time before we made the move to 21 CFR Part 11-compliant digital signatures.
Michelle Engler, an expert in the development of clinical applications, discussed our experience implementing a digital signature solution and how your organization can benefit from one too.
During the presentation, we will covered:
-Cost-benefit analysis
-Solution selection and implementation
-21 CFR Part 11 system validation
-Lessons learned
SAI Avondconferentie - 26/09/2019 - https://sai.be/event/12453
(Description in dutch)
Serverless computing verandert de manier waarop wij onze cloud omgevingen ontwerpen. Het laat ons toe om de voordelen van de cloud optimaal te benutten zonder de operationele overhead ervan. Door middel van Serverless Integration Architectures kunnen belangrijke stappen gezet worden in het aanbieden van meer stabiele, meer schaalbare en meer kosten-efficiënte IT-services.
Met FaaS (Function-As-A-Service), cloud native messaging en serverless API management zijn de belangrijke bouwstenen reeds aanwezig voor een nieuwe generatie van integratie-architecturen. Dit maakt van integratie use cases ideale kandidaten als 'early adopters' voor deze serverless technologie.
In deze avondconferentie onderzoeken wij hoe serverless het integratie-landschap verandert. We bespreken de 'serverless integration architectures'. We bestuderen het ecosysteem van beschikbare tools en frameworks en becommentariëren best practices. En wij beantwoorden vragen zoals: is het standaardwerk 'Enterprise Integration Patterns' wel nog relevant ? Zal FaaS mijn ESB vervangen ? Faciliteert het microservices architectures ? En hoe kiezen tussen iPaaS (integration Platform-As-A-Service) en FaaS ?
De uiteenzetting is technologie onafhankelijk, maar wij onderbouwen de bevindingen met voorbeelden uit het kennisdomein: serverless integratie en API management op Amazon Web Services (AWS).
By the end of this webinar you should be able to understand
Top five skills needed to break into a career in information security analysis
Tips and tricks to study for the CS0-001
IDS, Firewalls, etc CompTIA Cybersecurity Analyst (CSA+) is an international, vendor-neutral cybersecurity certification that applies behavioral analytics to improve the overall state of IT security. CSA+ validates critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.
emCA is a robust, standards compliant, fully scalable policy driven digital certificate issuance and management solution with the support for commercial strength of popular keypair algorithms. Certificates generated by emCA comply with the X.509 v3 standards. emCA has the capability to support custom developed algorithms.
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesNRB
We are expecting more and more from our IBM z Systems. Our critical data and applications are nested in our IBM z Systems infrastructure, and more than ever it positions itself as the security hub. It now exports services to secure distributed environment thanks to its security as a services capabilities. During this lecture, Mr Darées talks about z Systems Roles for security in most of today’s hot topics (compliance, Database encryption, Tokenization, Digital Certificates, ...).
The document discusses SSL/TLS trends, practices, and futures. It covers global SSL encryption trends and drivers like increased spending on security and regulatory pressure. It discusses SSL best practices like enabling TLS 1.2, disabling weak protocols, using strong cipher strings, and enabling HTTP Strict Transport Security. The document also looks at solutions from F5 like hardware security modules, advanced key and certificate management, and market leading encryption support. It explores emerging standards like TLS 1.3 and topics like elliptic curve cryptography. Finally, it discusses what's next such as OCSP stapling and F5's SSL everywhere architecture.
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
To guarantee data integrity and confidentiality in Alfresco, we need to implement authentication and encryption at-rest and in-transit. With micro services proliferation, orchestrating platforms, complex topologies of services and multiple programming languages, there is a demand of new ways to manage service-to-service communication, and in some cases, without the application needing to be aware. In addition to that, compliance requirements around encryption and authentication come to the picture requiring new ways to handle them. This talk will review encryption at-rest solutions for ADBP, and will be also discuss about solutions for encryption and authentication between services. This will be an introduction to service mesh and TLS/mTLS. We will see a demo of ACS running with Istio over EKS along with tools like WaveScope, Kiali, Jaeger, Grafana, Service Graph and Prometheus.
Cisco Connect Ottawa 2018 secure on premCisco Canada
The document summarizes secure collaboration for on-premise voice and video deployments. It discusses the importance of collaboration security and outlines Cisco's strategy for securing collaboration deployments. The presentation covers key security topics like PKI, certificates, TLS, cipher suites, and certificate distribution in Cisco Unified Communications Manager.
RubiOne: Apache Spark as the Backbone of a Retail Analytics Development Envir...Databricks
The retail industry has a long history of fierce competition leading to innovations in marketing and operational efficiencies; however, this rapid advancement has not always kept pace with the latest advances in technology. This is evident by the abundance of business analysts at large enterprise retailers who are often constrained more by their own IT departments than by a lack of expertise or problems to solve.
RubiOne was designed as a vertically-integrated big data analytics development environment for retail business analysts and data scientists, with Apache Spark as the cornerstone of the product. It allows retailers to make data-driven decisions going beyond traditional analytics tools such as SQL and Excel. Using Apache Spark as one of the primary tools to query data and perform analytics, issues such as package installation, computational resources, and scalability are seamlessly handled by RubiOne.
In this session, you will learn how Apache Spark can serve as a shared backbone for an entire suite of enterprise services such as credential management, continuous integration, ad-hoc interactive data exploration, and task automation, while still maintaining hard enterprise requirements around security, availability, and cost. Learn from our war stories and best practices around transparently scaling Apache Spark clusters with Kubernetes, managing service and user isolation, and monitoring accurate enough for both debugging and billing. Beyond the technical aspects, we’ll also share our experiences of working with a global enterprise retailer to drive adoption of a modern big data technology stack centered around Apache Spark.
Service mesh in Microservice World to Manage end to end service communicationsSatya Syam
This document discusses service mesh as a way to manage communication between microservices. It defines service mesh and explains that it handles cross-cutting concerns like routing, security, and observability that are common to microservices. The document also discusses specific service mesh implementations like Istio, describing its data plane and control plane architecture and features such as security, resilience, and observability. It concludes with a decision tree for determining whether to use a service mesh.
Mohamed Omar Elhamshary is seeking an IT specialist position and has over 15 years of experience in networking. He has worked in various roles including network engineer, team leader, and network manager. He has extensive technical skills in networking, routing, switching, firewalls, and voice solutions. He also has management experience including project management, team leadership, and client management. He has multiple professional certifications including CCNP, CCIE, MCSE, RHCSA, and PMP.
TTL Alfresco Product Security and Best Practices 2017Toni de la Fuente
Slide deck used during Tech Talk Live #110 in October 2017. Phil Meadows and myself discussed about Alfresco products security and I went through Alfresco CS security best practices.
This document provides a summary of Rizwan Jamal's qualifications and experience. He has over 18 years of experience in network engineering, design, testing, security, implementation, monitoring and troubleshooting. He is seeking a role that allows him to provide technical leadership and harness his expertise. He has extensive experience working with various networking protocols, platforms, and technologies. He has held senior engineering roles at Microsoft and Cisco, and has a proven track record of managing projects, teams, and customer implementations.
Organizations continuously look to drive more value with less resources for their security operations. The deluge of data and lack of skilled security professionals highlight the critical need for automation to help manage today’s sophisticated attacks, but is it feasible to automate everything? HPE Security will discuss the potential for security automation and where a human can’t be replaced.
(Source: RSA Conference USA 2017)
The document provides details about the AWS Summit Milano 2018 event including:
- 3,000 attendees were expected to attend across 30 breakout sessions and keynotes
- The agenda included breakout sessions on architecture, DevOps, migration, data protection, machine learning and more
- Global sponsors included AWS as the platinum sponsor along with gold and silver sponsors
- Event activities included the AWS booth, innovation lounge, and startup central
FIWARE Global Summit - Keyrock: Protecting MicroservicesFIWARE
This document discusses the FIWARE ecosystem, which is a framework of open source platform components that can be assembled together to accelerate the development of smart solutions. It focuses on the identity and access control management components, including Keyrock for identity management, Wilma as a PEP proxy, and AuthZForce as an authorization PDP. It describes their main features and how they work together to provide identity and access control functionality within the FIWARE ecosystem.
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
IRM, OME, S/MIME, and more: Managing Encryption in Exchange Online
In this webinar we’ll cover all the different types of encryption available in Exchange Online. We’ll talk about everything from how to set each encryption technology up, to when is the best time to use each technology. If your organization is using Office 365, but is not taking advantage of the built-in encryption technology available, you won’t want to miss this session.
The document summarizes a webinar on network architecture for containers presented by JR Rivers of Cumulus Networks and Sasha Ratkovic of Apstra. It discusses how compute requirements continue growing, forcing enterprises to adopt techniques from web-scale companies like multi-tenancy, network virtualization, and automation. It then highlights how Cumulus Linux and Apstra work together to enable high-scale container deployments through IP fabrics, automation, and continuous monitoring. The webinar demonstrates defining network intent, automatic configuration of Cumulus Linux without deep knowledge, validating infrastructure deployments, and answering questions about the solution.
Implementing Digital Signatures in an FDA-Regulated EnvironmentPerficient, Inc.
Perficient’s life sciences practice once had a manual, time-consuming and expensive process for signing and collecting validation documents. From handwritten signatures to scanning and shipping documents all over the globe, it was only a matter of time before we made the move to 21 CFR Part 11-compliant digital signatures.
Michelle Engler, an expert in the development of clinical applications, discussed our experience implementing a digital signature solution and how your organization can benefit from one too.
During the presentation, we will covered:
-Cost-benefit analysis
-Solution selection and implementation
-21 CFR Part 11 system validation
-Lessons learned
3. 1998 was the year of Internet
e-commerce early adopters...
• Scales to millions
• Available 24 x 7 x 365
• Integrated across
applications
• Extranet security
• Scales to millions
• Available 24 x 7 x 365
• Integrated across
applications
• Extranet security
• Scales to 10’s of thousands
• Incompatible infrastructure
across applications
• Scales to 10’s of thousands
• Incompatible infrastructure
across applications
Internal Focus
External Focus
5. • Internet infrastructure for reliable, scalable,
secure E-commerce applications
• Secure management and authentication of
millions of users & hundreds of applications
E-Commerce Ready Infrastructure
Broad Foundation for Internet Commerce
Quality of Service
Application
Services
Content
Delivery
Services
Integration
Services
Directory
&
Security
Services
Professional
Services
6. Netscape Directory for Secure
E-Commerce 4.0
• Broad foundation for Internet commerce
• Complete solution for the mainstream that
provides a flexible range of security options
– Username and password authentication
– Certificate (PKI) based authentication
– SSL for secure communication
• Significantly simplifies administration and
deployment of secure e-commerce
applications
– Enables customer
self service
– Deployable PKI
Netscape Directory for
Secure E-Commerce 4.0
• Certificate Management System 4.0
• Directory Server 4.0
• Delegated Administrator 4.0
7. Certificate Management System 4.0
New Features and Functionality
• Deployment flexibility and scalability
– RA, CA & KRA easily distributed across systems
– Scales to millions of users
– Enhanced directory integration
• Broad support for client, server, CA, and
VPN certificates
• Hardware signing and acceleration
through PKCS#11 CSPs
• Simplified end user experience
• Corporate key recovery
Data Recovery
Manager
Certificate
Manager
Registratio
n Manager
8. Certificate Management System 4.0
Additional Cryptographic Features
• Dual key & expanded algorithm support
• FIPS 140-1
– Level 1 & 2 CSPs
– Interoperability with FIPS 140-1 Level 3
validated hardware CSPs
• Secret splitting for signing and key recovery
keys
• Integration with Litronic Profile Manager
for bulk issuance of smart cards
• Supports CRS and can issue IPSEC
certificates for Cisco Routers
9. Architecture Overview
R e g is t r a t i o n M a n a g e r
D a t a R e c o v e r y M a n a g e r
C e r t i f i c a t e M a n a g e r
H T T P S
H T T P S
C R S E E
in t e r n a l
L D A P
in t e r n a l
L D A P
in t e r n a l
L D A P
E x t e r n a l
P u b lic
D r e c t o r y
C o m m u n i c a t o r
5 . 0
C R S /R S A
o n ly
L D A P
c e r t / p u b l i s h in g
L D A P
c e r t /C R L
p u b l i s h in g
C R M F /C M M F
d u a l k e y
R S A /D S A /m ix e d
K E Y G E N
E E
P K C S # 1 0
E E
R S A /D S A
K E Y G E N
P K C S # 1 0
R S A o r D S A
H T T P
H T T P S
E E s
H T T P
H T T P S
H T T P
H T T P S
E x t e r n a l
P u b lic
D r e c t o r y
E E s
CMMF/HTTPS
10. Internal Architecture
M id d l e w a r e
C A R A K R A
J a v a S e c u r i t y S e r v ic e s
( J S S ) ( J a v a - J N I la y e r )
N e t s c a p e S e c u r it y
S e r v i c e s ( N S S )
P K C S # 1 1 la y e r
S S L
L D A P
J D K 1 .1 . 6 a n d 1 . 2
I n t e r n a l
C S P
( L e v e l 1 )
F I P S
L e v e l 2
C S P
T h i r d
p a r t y
v e n d o r s
IN C L U D E D C S P s S O F T W A R E o r H A R D W A R E C S P s
E x p o s e d D e v e l o p e r A P Is
C u s t o m A u t h e n t ic a t i o n / P o li c y m o d u l e s
T h i r d
p a r t y
v e n d o r s
FIPS 140-1
Validated layer
Pure Java layer
11. Certificate Management System 4.0
Flexibility and Extensibility
• Java Plug-in interfaces -- write once, run
everywhere
– Out of the box authentication modules
– Ability to add groups of extensions
– Customizable policy constraints for different
types of keys/certificates
• Published APIs and tools enable integration
– Kerberos and SecurID authentication modules
– RDBMSs and ERP systems
• Flexible LDAP publishing
• Internationalized end user and admin GUIs
14. Certificate Management System 4.0
Standards Compliance
• IETF PKIX Certificate Management Standards
– CRMF: Certificate Request Message Format
– CMMF: Certificate Management Message Format
• CRS: Certificate Request Syntax [Cisco IPSec]
• FIPS 140-1: NIST Security Requirements for
Cryptographic Modules
• PKCS #11 2.01
• X.509 v3: formats for digital certificates (v1, v3)
• LDAP v2, v3: Lightweight Directory Access
Protocol
• SSL 2.0, 3.0: Secure Socket Layer
15. Extending Security Solutions Through
Partnerships & Services
• Cross-company trust
• Hardware tokens & cryptographic
accelerators
• Secure networking & VPNs
• Systems integration & consulting
• Training
16. Netscape Delivers Robust Security
Solutions Today
• Certificate Server 1.0 deployed today
• Robust infrastructure grows as fast and as
large as required
• Directory Server provides foundation for
Internet security
• Certificate Management System delivers
strong authentication for extranet and
e-commerce services
• Netscape extends solutions through
partners, tools, and services
Editor's Notes
Good Afternoon. Thanks for joining us here today. We’ve got a lot of new information to share with you and because of this we have an updated copy of the presentation. If you didn’t get one on the way in, we have them available for you. One change in the presentation is that we have removed the demos in favor of more time for Q&A since we’ve been demonstrating the products for the last three days in the Exhibit Hall. If you didn’t see the demos and are interested, please talk with us after the session.
Key points:
Focus of applications that do go on the Net is very different from what it used to be (these are the standard points made in the slide that we have been making for the past year about scalability, reliability , availability, and integration across applications)
E-Commerce, although a rapidly growing marketplace, is still very young and is dominated by early adopters. The mainstream of corporate America still has not made it onto the web.
The reason they have not made it onto the Net is that in 1998, it was not an easy thing to do. You had to be willing to absorb some pain, that is what early adopters do, they pave the way for others. (next slide)
However, Netscape has spent the last year working with these early adopters, helping them get their E-commerce solutions deployed
Unlike many vendors who put up a list like this, every one of these vendors is deployed with the Netscape Directory. Most people can just talk about customers who haven’t deployed their Ecommerce application yet, we have worked with the pioneers to get their solutions out the door and onto the Internet.
Ford is using the Netscape Directory as part of their supplier network with over 110 applications and 250,000 users as part of the Ford Supplier Network. They have an Ecommerce system that let them lower their vehicle deliver time from 50 to 15 days.
BC Tel is using the Netscape Directory and Security Servers to offer their customers a choice of security levels for online bill presentment. Customers can either present a username/password or they can present a digital certificate as the authentication mechanism to access their online bill
MCI WorldCom is using the Netscape Directory as a meta directory to synchronize their NOS, email and PeopleSoft directories.
AIG wanted to create an extranet application that enabled Brokers and Agents to make insurance sales through the internet. This new application, called Access AIG, serves as a centralized repository for their twenty thousand insurance brokers and agents in the US and Canada. These insurance agents and brokers are able to access real time, up-to-date information by authenticating to the Netscape Directory Server through User ID and Password protection. The agents and brokers can access product info, client services, pre-submissions and other information instantly. Before it took several phone calls, time consuming navigation through different web sites, and extensive paper forms. The benefit of the new Access AIG application for the agents and brokers is customization and time savings. They will be evaluating CMS 4.0 to add digital certificates as an additional layer of security to their application.
Netscape has worked with these early adopters to understand the difficult issues in deploying real Ecommerce applications to make our products more deployable for the mainstream.
Quality of Service: Ability to incrementally scale & guarantee performance and availability
Application Services: An environment to build & host transactional applications
Content Delivery Services: Services for content publishing & management
Integration Services: Capabilities to integrate with existing enterprise systems & applications
Portal Services: Support for custom portals & wiring to mass market portals
One point our customers have made to us is that they don’t just want point solutions. They want a complete infrastructure for developing and deploying Ecommerce applications.
Talk about the requirements for an E-Commerce application. The slide is self explanatory here.
For integration Services, note that these applications can’t exist in a vacuum. they have to be able to tie into the existing infrastructure. for this reason, all aspects of an E-Commerce Ready Infrastructure need to be able to integrate with legacy systems. For this announcement, we will be talking about our Directory and Security integration with existing directory and security infrastructure.
We will also be announcing enhancements to our Directory and Security
Directory provides user management (incl. personalization) and foundation for security
Delegated Administrator provides restricted access for customer self-service.
Broad end entity (EE) support for browser and VPN clients (IE 3.X,4.X, Navigator 3.X,4.X,5.X, RedCreek, etc.), servers (Netscape SuiteSpot 2.X, 3.X, 4.X, Apache, Lotus Domino, Oracle, IIS, etc.), CA’s (Entrust, Microsoft, etc.)
Highly scaleable architecture
Can distribute certification authority (CA), registration authority (RA) and Key Recovery Authority (KRA) across systems
Support for multiple RA’s, CA’s and KRA’s
Directory Server 4.0 for local data storage.
Java Plug-in interfaces for certificate processing policies, authentication modules, servlet and PKCS#11 modules -- write once, run everywhere.
Out of the box Java authentication modules for LDAP based authentication, one time password authentication with pin generator, and certificate processing policies for most PKIX extensions in compiled and source form
Netscape continues to expand their security solution by partnering with key security vendors.
Public CA’s are referenced from our web site at: https://certs.netscape.com
Security Dynamics has signed a bundling agreement with Netscape to embed our Directory.
Litronic and Datakey provide smart card solutions.
Chrysalis-ITS, Ncipher and Rainbow provide hardware acceleration cards to increase the speed of cryptographic operations.
Cisco and other VPNs will interoperate with Certificate Management System 4.0
Shared, centralized directory & security infrastructure supports multiple applications
Professional Services programs and tools enable legacy integration in 2-4 weeks
Strong security provided out-of-the-box
Directory
Scales to 20+ million entries/server
24x7 availability
Blazingly high performance (hundreds to thousands of queries/second)
Directory as foundation of security
Web-based single sign-on, access control, delegated administration
Scalability and security for millions of extranet users
VeriSign service integration makes Netscape the most deployable CA for Extranets
Certificate Management System will increase user transparency, flexibility, and scalability