SlideShare ist ein Scribd-Unternehmen logo

Secure nets-and-data

K
Kevin Mayo

The document discusses securing classified networks and sensitive data through the use of a Secure Network Access Platform (SNAP). SNAP allows users to securely access multiple isolated security domains from a single thin client desktop while preserving network isolation. It implements role-based access control, mandatory access controls, and label-based security to control access between security domains. SNAP leverages the security capabilities of the Solaris 10 operating system with Trusted Extensions to provide a certified, multi-level secure computing environment for government users.

Technologie
1 von 60
Downloaden Sie, um offline zu lesen
SECURING CLASSIFIED NETWORKS AND SENSITIVE DATA Kevin Mayo CTO Global Government Sun Microsystems, Inc.
Delivering Defence Solutions Globally Agenda WHAT IS THE SECURE NETWORK ACCESS PLATFORM? Why it Works Windows Interoperability, VOIP and Multi-Media
Delivering Defence Solutions Globally Challenges for Secure Collaboration Networks • • • • • • Role-based Access to Multiple Security Domains Secure Data Transfer between Domains Scalability and Availability Ability to meet Regulations and Certify/Accredit Deployed Platforms Maximize Workflow Efficiency Minimize Cost of Acquisition and Life-Time Ownership
Delivering Defence Solutions Globally Target Communities • Government Communities of Interest have special IT needs based on classified information handling > > • Requirements for appropriate handling of classified information mandate rigid approach to network configuration Conceptual “compartments” are manifested in physically isolated networks SNAP enables secure, multi-compartment access from a single, thin-client desktop system—while preserving network isolation
Delivering Defence Solutions Globally Government System Requirements • Thin Client desktop – secure computing environment • Single Virtual Switch to Multiple Networks > Single desktop with connections to multiple security domains implemented as physically separated networks (without enabling intra-domain routing) > End-users have controlled access to domains based on security level, compartmentalization • Secure Inter-Domain Data Transfer > Automated and manual auditing based on pre-defined policies and procedures • Windows Interoperability > Secure Global Network, Citrix, RDP, X Windows or Browser.
Delivering Defence Solutions Globally Status Quo Example— Stove Piped Networks for Secure Communications
Delivering Defence Solutions Globally Changed the Game— Single Multi-Tiered Secure Communications
Delivering Defence Solutions Globally Mobility with Security: Ultra-Thin Client Front-End Before: After: To ensure a high level of security physically isolated clients were deployed often single state Full Session Mobility enabled by a resulting in
Delivering Defence Solutions Globally The Sun Solution: Secure Network Access Platform DOD Community Intell Community Switch Switch Switch NATO Community Switch Other Community Switch ARCHITECTURAL INDEPENDENCE Multi-network Application Consolidation ● Ultra Secure Authentication layer ● V240 V240 V240 Switch Switch Context free access layer ● User Identity/Role based access ● Switch > ● D1000 Auditability > 220R Session Mobility N
Delivering Defence Solutions Globally Different Security Domains • System Requirements and Security Policy dictate which networks/security domain will be a part of the implementation • Each security domain is assigned a label > All labels defined in Labels and Encoding File > All security domains within implementation must be defined in Labels and Encoding File • Sol 10 TX using Mandatory Access Control and Trusted Networking enforces security policy by allowing/denying access to/from a specific security domain • Security Domains can be dynamically added/deleted from architecture as long as they are defined in policy
Delivering Defence Solutions Globally User Access, Rights and Roles • User Access dependent upon Roles and Security Clearance • User Roles defined by job function and permission to applications and data • All users are assigned a Role and are granted privileges based on security clearance • Audit Logs record user activity
Delivering Defence Solutions Globally Trusted Solaris(TM) Is Certified as one of Indus Trusted Extensions Layered on Solaris EAL4+ (B1) 10* (CAPP, RBACPP, LSPP) Solaris 10 EAL4+ (C2) (CAPP & RBACPP) OS CERTIFIED WITH EAL4 AND 3 PROTECTION PROFILES IN EAL4: CAPP—Controlled Access Protection Profile (Ensures proper login) RBPP—Role-based Protection Profile (Role-based access control allows the system administrator to define roles EAL4 or EAL4+ (C2) (CAPP) Linux based on job functions within an organization. The administrator assigns privileges to those roles) EAL3 or EAL3+ LSPP—Labeled Security Protection Profile ( All data and application components are REDHAT SGI Irix SuSE IBM AIX HP-UX WINDOWS 2000 SOLARIS 8 SOLARIS 9 TRUSTED SOLAR Based on data from http://www.commoncriteriaportal.org/ formally labeled addressed, and tracked through role based access control
Delivering Defence Solutions Globally Common Criteria Evaluation Levels • CC Evaluation Assurance Levels (EAL) > > > > > > > EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7 Functionally Tested Structurally Tested Methodically Tested and Verified Methodically Designed, Tested and Verified Semi-formally Designed and Tested Semi-formally Verified Design and Tested Formally Verified Design and Tested • These are used to measure how well a protection profile has been tested...
Delivering Defence Solutions Globally Certification vs. Accreditation • Hardware and Software Components are evaluated against Protection Profiles and receive Certifications at Evaluation Assurance Levels (EAL) • Systems are Accredited based on the Security Policy established for the specific program
Delivering Defence Solutions Globally US Accreditation Examples • Certification Test & Evaluation (CT&E) > SR 1-8 Performed by DISA Slidell for NSA > SR 9 (Penetration Testing) Performed by NSA • SABI Accredited > Completed Questionnaire > Valid Requirement from Operational Unit > DSAWG Process > Cross Domain Technical Advisory Board - CDTAB > Cross Domain Systems Approval Process - CDSAP • Documents > > > > > System Security Authorization Agreement - SSAA Interim Authority to Operate - IATO Cross Domain Appendix - CDA Enclave MOA’s Secret Network Connection Approval Process • Awaiting US Department of Commerce export approval (expected this week)
Delivering Defence Solutions Globally Agenda What is the Secure Network Access Platform? WHY IT WORKS Windows Interoperability, VOIP and Multi-Media
Delivering Defence Solutions Globally What Is Trusted Operating System? A security-enhanced version of Solaris with additional access control policies Implements label-based security with hierarchical and compartmented modes Implements Role-Based Access Control and the Principle of Least Privilege SolarisTM 10 Trusted Extensions Provides a trusted multilevel desktop for workstations and ultra-thin clients Has the most complete set of trusted functionality of any certified OS
Delivering Defence Solutions Globally Trusted Extensions Trusted Solaris BSM Trusted Networking Trusted Desktop RBAC Solaris Solaris 2.3 Solaris 8/9 Solaris 10 w/ TX Layered on Solaris Process Attributes Device Allocation Virtualization Privilege Policy Solaris 10
Delivering Defence Solutions Globally Trusted Solaris History • 1990, SunOS MLS 1.0 > Conformed to TCSEC (1985 Orange Book) • 1992, SunOS CMW 1.0 > Compartmented-mode workstation requirements > Release 1.2 ITSEC certified for FB1 E3, 1995 • 1996, Trusted Solaris 2.5 > ITSEC certified for FB1 E3, 1998 • 1999, Trusted Solaris 7 • 2000, Trusted Solaris 8 > Common Criteria: CAPP, RBACPP, LSPP at EAL4+ > Updates to Trusted Solaris 8 also re-certified • 2006, Solaris 10 w/ Solaris Trusted Extensions
Delivering Defence Solutions Globally The Network Delivers the Desktop
Delivering Defence Solutions Globally Trusted Computing Key Features and Benefits ● Trusted Extensions extends the security capabilities of Solaris by providing: − − − − − − − − − Trusted Path Least Privilege Discretionary Access Control (DAC) Mandatory Access Control (MAC) Sensitivity Labels Role-based Access Control (RBAC) Trusted Networking Trusted Windowing Trusted Printing
Delivering Defence Solutions Globally Trusted Path ● What is Trusted Path? A mechanism that provides confidence that the user is communicating directly with the Trusted Computing Base (TCB) ➢ It ensure that attackers can't intercept or modify whatever information is being communicated ➢ ● How is Trusted Path achieved? Trusted Windowing (Trusted CDE) ➢ Solaris Management Console (SMC) ➢
Delivering Defence Solutions Globally Least Privilege ● There is no concept of “superuser” ➢ ➢ ● In its place, fine-grained privileges... ➢ That delegate specific capabilities as needed Example: How to start a web server? ➢ ➢ ● Root is not exempt from policy enforcement Root is not required for administration In Solaris, must be started as root or using a RBAC role that sets UID to 0 before starting In Trusted Solaris, only the privilege “net_privaddr” need be assigned
Delivering Defence Solutions Globally Discretionary Access Control ● Discretionary Access Control (DAC) A software mechanism for controlling users' access to files and directories. ➢ Leaves setting protections for files or directories to the owner's discretion ➢ There are two forms of DAC in both Solaris and Trusted Solaris: ● Unix Permissions ➢ Access Control Lists (ACLs) ➢
Delivering Defence Solutions Globally Mandatory Access Control ● Mandatory Access Control (MAC) A system-enforced access control mechanism that uses clearances and labels to enforce security policy ➢ MAC is enforced according to your site's security policy and cannot be overridden without special authorization or privileges ➢ ● MAC is key in SNAP for preserving network isolation
Delivering Defence Solutions Globally Role-Based Access Control ● ● ● ● A role is a special account that provides access to specific programs using predefined privileges and authorizations Can only be assumed if Trusted Path exists Can grant fine-grained privileges to programs Can execute programs with different labels
Delivering Defence Solutions Globally Sensitivity Labels ● Sensitivity Labels are defined by: ➢ A Classification indicating the (hierarchical) level or degree of security ● ➢ ➢ A Compartment representing some grouping ● ● ● e.g, TOP SECRET, SECRET, CONFIDENTIAL, … e.g., PUBLIC, INTERNAL, NEED TO KNOW, … e.g., ALPHA1, BRAVO1, BRAVO2 e.g., PAYROLL, HR, FINANCE, ENGINEERING Relationships can be hierarchical or compartmentalized
Delivering Defence Solutions Globally Sensitivity Labels (2) ● Dominance Relationships ➢ ● In a hierarchical relationship, a label that dominates another is able to read data from the lower label (“read down”) Clearances ➢ Highest level of access assigned to the user ● ● A user cannot read or write above clearance Privileges can be given to exceed clearance
Delivering Defence Solutions Globally Label Aware Services • Services which are trusted to protect multi-level information according to predefined policy • Trusted Extensions Label-aware service include: > > > > > > > Labeled Desktops Labeled Printing Labeled Networking Labeled Filesystem Label Configuration and Translation System Management Tools Device Allocation
Delivering Defence Solutions Globally Device Allocation • Devices must be allocated before they can be used • Only authorized users/roles are allowed to allocate/deallocate devices at a label they are cleared for. • USB devices can be allocated • Sun This Client Devices > Audio filtered based on desktop unit > Hot pluggable device support • Devicec can be contolled by role or by user
Delivering Defence Solutions Globally
Delivering Defence Solutions Globally Zones for Trusted Extensions • Each zone has a label > Labels are implied by process zone IDs > Processes are isolated by label (and zone ID) > Files in a zone assume that zone's label • Global zone is unique > Parent of all other zones > Exempt from all labeling policies > No user processes—just TCB > Trusted path attribute is applied implicitly > Provides services to other zones • Common naming service to all zones • Device allocation on a per-zone / per-label basis
Delivering Defence Solutions Globally Trusted Extensions - Option 1: Per-Zone Need-toknow Internal Use Public Multilevel Desktop Services (Global Zone) Solaris Kernel 1.2.3.10 1.2.4.10 1.2.5.10 1.2.6.10 • Each zone has a unique IP address • Network Interface may be virtualized to share a single hardware NIC or use multiple NICs
Delivering Defence Solutions Globally Trusted Extensions - Option 2: All-Zon Need-toknow Internal Use Public Multilevel Desktop Services (Global Zone) Solaris Kernel 1.2.3.4 1.2.3.4 1.2.3.4 1.2.3.4 1.2.6.10 • All zones share a single address • Shared network Interface may be physical or logical • Both per-zone and all-zone assignment strategies can be used concurrently
Delivering Defence Solutions Globally Multi-Level Desktop Look and Feel
Delivering Defence Solutions Globally Trusted Java Desktop System
Delivering Defence Solutions Globally Trusted Networking Secure Network Access Platform for Governm Secret Domain A Secret Domain B Secret Domain C Top Secret Domain
Delivering Defence Solutions Globally Benefits of Trusted Extensions • Leveraging Solaris functionality: > Process & User Rights Management, auditing, zones > Make use of existing Solaris kernel enhancements • Elimination of patch redundancy: > All Solaris patches apply, hence available sooner > No lag in hardware platform availability • Extend Solaris Application Guarantee • Full hardware and software support > File systems (UFS, VxFS, ZFS, SAM-FS, QFS, etc.) > Processors (SPARC, x86, AMD64 > Infrastructure (Cluster, Grid, Directory, etc.)
Delivering Defence Solutions Globally Trusted Extensions in a Nutshell • Every object has a label associated with it > Files, windows, printers, devices, network packets, network interfaces, processes, etc... • Accessing or sharing data is controlled by the objects label relationship to each other > 'Secret' objects do not see 'Top Secret' objects • Administrators utilize Roles for duty separation > Security admin, user admin, installation, etc... • Programs/processes are granted privileges rather than full superuser access • Strong independent certification of security
Delivering Defence Solutions Globally Ease of Administration
Delivering Defence Solutions Globally Sun Ray – Ultra Thin Client
Delivering Defence Solutions Globally Client Pain Points FAT OS Multiple Crash Sites ● Virus Entry Points ● Client Side Support ● Unapproved Apps ● Local Apps ● Large Power Consumption ● Resource Underutilization Big CPU, DRAM Local Hard Drive
Delivering Defence Solutions Globally Thin Client Approach Secure— Virus Free Virtual Office HA Client Server-Side Upgrades
Delivering Defence Solutions Globally Sun Ray Ultra-thin Clients Session Mobility/ Hot-Desking Multiple OS & Application Choices: Solaris, Linux or Windows Small footprint Built-in Java Card Readers supporting multifactor authentication Sun Ray 2G Sun Ray 270 1920 x 1200 Supports 24” Display 17" LCD Integrated Broadband deployment capable • No DATA at the desktop OEM's • No APPS at the desktop • No OS at the desktop OEM options • No END-USER MANAGEMENT at the desktop
Delivering Defence Solutions Globally Mobility with Security today at Sun ● 30, 000+ Sun Rays deployed at Sun ● 1 SA per 3000 clients ● $ 4.8M Power Savings ● Zero Move/Add/Changes ● Patching and OS upgrade speed ● Zero annual desktop refresh costs ● $71 M Savings in Real Estate ● Software License Savings ● Secure: token authentication, no viruses ● Silent: no fans or moving part ● No User time for boot up and OS management
Delivering Defence Solutions Globally Sun Ray Deployment Options Sun Ray Server Corporate WAN Router/ Firewal l Interne t Intrane t Office Broadband Remote ISP Hom e
Delivering Defence Solutions Globally JavaBadge One, Multi-App Badge With a Future vs. Multiple Cards With No Future Corporate Card/ Physical Access Card Sun RayTM Server Session Mobility Card = PKI Authentication Token Card/ x509 Replaces Safeword Challenge/Response Card
Delivering Defence Solutions Globally Agenda What is the Secure Network Access Platform? Why It Works WINDOWS INTEROPERABILITY, VOIP, MULTIMEDIA
Delivering Defence Solutions Globally Windows Interoperability
Delivering Defence Solutions Globally Identity Synchronization for Windows (ISW) System Components • ISW Connectors; synchronize modification and user creation events over the Message Queue > Sun Java System Directory Server > W2000/2003 Active Directory & NT SAM • Connector Subcomponents; DS Plugin, NT Password Filter • DLL, NT Change Detector
Delivering Defence Solutions Globally Existing Network Resources and ISW
Delivering Defence Solutions Globally VOIP
Delivering Defence Solutions Globally What's in a Softphone? • • • • • • • • User interface IP interface Signaling CODEC execution RTP media streaming Audio/QoS functions Proxy logic SDK/APIs
Delivering Defence Solutions Globally Current SunRay Softphone SIP Communicator Lucent SIP softphone
Delivering Defence Solutions Globally Multi-Media Capable Sun Ray • Delivered by 3rd party partner (GD C4 Systems) > Prototype developed > Anticipated availability, December 06 • Local Video and Audio Devices > “Limited 3-D graphics rendering” > codec and application dependent > high-resolution display capabilities > Low latency audio > Streaming Audio and Video • Desktop and Laptop / Portable footprint • Sun Ray Engineering > Sun Ray DDX into X Server > Local Codec Execution on SR-2 Hardware
Delivering Defence Solutions Globally Why Should Your Customers Care About or Consider the Secure Network Access Platform? Because it protects data, centralizes control of your data & helps avoid embarrassing and damaging media moments like these...
Delivering Defence Solutions Globally
Delivering Defence Solutions Globally
Delivering Defence Solutions Globally Secure Network Access Platform for Gov 3rd Party Security Extensions Integration to Legacy Systems Java Ultra-Thin Client Environment Government Accredited Trusted Operating Env RAS Compute Platform Consulting, Training, and Support Services TNE, Maxim, AC Tech, Cryptek, Tenix, RSA, TCS, etc. Secure Global Desktop, Citrix, RDP, Thinsoft SunRay 2FS, 270; Sun Ray Session Server, Trusted CDE, Java Cards Solaris 10 TX Certified EAL4+ (B1): CAPP, LSPP, RBPP Sun Solaris Enterprise StorEdge™ 9 Sun Servers Sun Open Work Practice, Workshop, POC, Architecture and Implementation + Training and Support
THANK YOU

Empfohlen

z/OS Authorized Code Scanner
z/OS Authorized Code Scannerz/OS Authorized Code Scanner
z/OS Authorized Code ScannerLuigi Perrone
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_finalLan & Wan Solutions
 
Windows server hardening 1
Windows server hardening 1Windows server hardening 1
Windows server hardening 1Frank Avila Zapata
 
W982 05092004
W982 05092004W982 05092004
W982 05092004Sumit Tambe
 
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgInformation Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgEric Vanderburg
 
Mastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationMastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationnetworkershome
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustDan Griffin
 

Empfohlen

z/OS Authorized Code Scanner
z/OS Authorized Code Scannerz/OS Authorized Code Scanner
z/OS Authorized Code ScannerLuigi Perrone
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_finalLan & Wan Solutions
 
Windows server hardening 1
Windows server hardening 1Windows server hardening 1
Windows server hardening 1Frank Avila Zapata
 
W982 05092004
W982 05092004W982 05092004
W982 05092004Sumit Tambe
 
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgInformation Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric VanderburgEric Vanderburg
 
Mastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationMastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationnetworkershome
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustDan Griffin
 
vBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical Designs
vBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical DesignsvBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical Designs
vBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical DesignsLarus Hjartarson
 
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Iftikhar Ali Iqbal
 
Windows Service Hardening
Windows Service HardeningWindows Service Hardening
Windows Service HardeningDigital Bond
 
HyTrust-FISMA Compliance in the Virtual Data Center
HyTrust-FISMA Compliance in the Virtual Data CenterHyTrust-FISMA Compliance in the Virtual Data Center
HyTrust-FISMA Compliance in the Virtual Data CenterHyTrust
 
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...Vincent Giersch
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentIftikhar Ali Iqbal
 
Trusted computing introduction and technical overview
Trusted computing introduction and technical overviewTrusted computing introduction and technical overview
Trusted computing introduction and technical overviewSajid Marwat
 
Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Canada
 
OCS LIA
OCS LIAOCS LIA
OCS LIAsimoninsa
 
Server 2008 Project
Server 2008 ProjectServer 2008 Project
Server 2008 Projectwsolomoniv
 
Trusted Computing Base
Trusted Computing BaseTrusted Computing Base
Trusted Computing BaseVasily Sartakov
 
Multi domain security-management_technical_presentation
Multi domain security-management_technical_presentationMulti domain security-management_technical_presentation
Multi domain security-management_technical_presentationdavebrosnan
 
Trusted Platform Module (TPM)
Trusted Platform Module (TPM)Trusted Platform Module (TPM)
Trusted Platform Module (TPM)k33a
 
oneM2M overview
oneM2M overviewoneM2M overview
oneM2M overviewYoung Sung Son
 
Trusted extensions-gdansk-v1 0
Trusted extensions-gdansk-v1 0Trusted extensions-gdansk-v1 0
Trusted extensions-gdansk-v1 0Kevin Mayo
 
Intoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture PresentationIntoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture Presentationsaddepalli
 
Symantec Endpoint Suite
Symantec Endpoint SuiteSymantec Endpoint Suite
Symantec Endpoint SuiteMarketingArrowECS_CZ
 
oneM2M security summary
oneM2M security summaryoneM2M security summary
oneM2M security summaryJongseok Choi
 
LogRhythm PowerTech Interact Data Sheet
LogRhythm PowerTech Interact Data SheetLogRhythm PowerTech Interact Data Sheet
LogRhythm PowerTech Interact Data Sheetjordagro
 
Брифование и проектирование. Важность предварительных этапов
Брифование и проектирование. Важность предварительных этаповБрифование и проектирование. Важность предварительных этапов
Брифование и проектирование. Важность предварительных этаповDEFA
 
17 принципов создания идеальной дизайн-концепции
17 принципов создания идеальной дизайн-концепции17 принципов создания идеальной дизайн-концепции
17 принципов создания идеальной дизайн-концепцииDEFA
 
WorldFree Direct Sales
WorldFree Direct SalesWorldFree Direct Sales
WorldFree Direct SalesWorldFreeds
 

Weitere ähnliche Inhalte

Was ist angesagt?

vBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical Designs
vBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical DesignsvBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical Designs
vBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical DesignsLarus Hjartarson
 
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Iftikhar Ali Iqbal
 
Windows Service Hardening
Windows Service HardeningWindows Service Hardening
Windows Service HardeningDigital Bond
 
HyTrust-FISMA Compliance in the Virtual Data Center
HyTrust-FISMA Compliance in the Virtual Data CenterHyTrust-FISMA Compliance in the Virtual Data Center
HyTrust-FISMA Compliance in the Virtual Data CenterHyTrust
 
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...Vincent Giersch
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentIftikhar Ali Iqbal
 
Trusted computing introduction and technical overview
Trusted computing introduction and technical overviewTrusted computing introduction and technical overview
Trusted computing introduction and technical overviewSajid Marwat
 
Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Canada
 
Server 2008 Project
Server 2008 ProjectServer 2008 Project
Server 2008 Projectwsolomoniv
 
Multi domain security-management_technical_presentation
Multi domain security-management_technical_presentationMulti domain security-management_technical_presentation
Multi domain security-management_technical_presentationdavebrosnan
 
Trusted Platform Module (TPM)
Trusted Platform Module (TPM)Trusted Platform Module (TPM)
Trusted Platform Module (TPM)k33a
 
Trusted extensions-gdansk-v1 0
Trusted extensions-gdansk-v1 0Trusted extensions-gdansk-v1 0
Trusted extensions-gdansk-v1 0Kevin Mayo
 
Intoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture PresentationIntoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture Presentationsaddepalli
 
oneM2M security summary
oneM2M security summaryoneM2M security summary
oneM2M security summaryJongseok Choi
 
LogRhythm PowerTech Interact Data Sheet
LogRhythm PowerTech Interact Data SheetLogRhythm PowerTech Interact Data Sheet
LogRhythm PowerTech Interact Data Sheetjordagro
 

Was ist angesagt? (19)

vBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical Designs
vBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical DesignsvBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical Designs
vBrownbag EMEA VCAP6-DCV Design Objcetive 2.7 on Security in Logical Designs
 
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
 
Windows Service Hardening
Windows Service HardeningWindows Service Hardening
Windows Service Hardening
 
HyTrust-FISMA Compliance in the Virtual Data Center
HyTrust-FISMA Compliance in the Virtual Data CenterHyTrust-FISMA Compliance in the Virtual Data Center
HyTrust-FISMA Compliance in the Virtual Data Center
 
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept Document
 
Trusted computing introduction and technical overview
Trusted computing introduction and technical overviewTrusted computing introduction and technical overview
Trusted computing introduction and technical overview
 
Cisco Study: State of Web Security
Cisco Study: State of Web Security Cisco Study: State of Web Security
Cisco Study: State of Web Security
 
OCS LIA
OCS LIAOCS LIA
OCS LIA
 
Server 2008 Project
Server 2008 ProjectServer 2008 Project
Server 2008 Project
 
Trusted Computing Base
Trusted Computing BaseTrusted Computing Base
Trusted Computing Base
 
Multi domain security-management_technical_presentation
Multi domain security-management_technical_presentationMulti domain security-management_technical_presentation
Multi domain security-management_technical_presentation
 
Trusted Platform Module (TPM)
Trusted Platform Module (TPM)Trusted Platform Module (TPM)
Trusted Platform Module (TPM)
 
oneM2M overview
oneM2M overviewoneM2M overview
oneM2M overview
 
Trusted extensions-gdansk-v1 0
Trusted extensions-gdansk-v1 0Trusted extensions-gdansk-v1 0
Trusted extensions-gdansk-v1 0
 
Intoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture PresentationIntoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture Presentation
 
Symantec Endpoint Suite
Symantec Endpoint SuiteSymantec Endpoint Suite
Symantec Endpoint Suite
 
oneM2M security summary
oneM2M security summaryoneM2M security summary
oneM2M security summary
 
LogRhythm PowerTech Interact Data Sheet
LogRhythm PowerTech Interact Data SheetLogRhythm PowerTech Interact Data Sheet
LogRhythm PowerTech Interact Data Sheet
 

Andere mochten auch

Брифование и проектирование. Важность предварительных этапов
Брифование и проектирование. Важность предварительных этаповБрифование и проектирование. Важность предварительных этапов
Брифование и проектирование. Важность предварительных этаповDEFA
 
17 принципов создания идеальной дизайн-концепции
17 принципов создания идеальной дизайн-концепции17 принципов создания идеальной дизайн-концепции
17 принципов создания идеальной дизайн-концепцииDEFA
 
WorldFree Direct Sales
WorldFree Direct SalesWorldFree Direct Sales
WorldFree Direct SalesWorldFreeds
 
G snap security-solution
G snap security-solutionG snap security-solution
G snap security-solutionKevin Mayo
 
3 leccion
3 leccion3 leccion
3 leccion07leo
 
Digital branding: Теория и практика малых дел
Digital branding: Теория и практика малых делDigital branding: Теория и практика малых дел
Digital branding: Теория и практика малых делDEFA
 
Как создать государственный интернет-ресурс
Как создать государственный интернет-ресурсКак создать государственный интернет-ресурс
Как создать государственный интернет-ресурсDEFA
 
G snap security-solution
G snap security-solutionG snap security-solution
G snap security-solutionKevin Mayo
 
Старикам тут не место.
Старикам тут не место.Старикам тут не место.
Старикам тут не место.DEFA
 
Имиджевый аспект государственных сайтов
Имиджевый аспект государственных сайтовИмиджевый аспект государственных сайтов
Имиджевый аспект государственных сайтовDEFA
 
Сайт как инструмент оперативного реагирования
Сайт как инструмент оперативного реагированияСайт как инструмент оперативного реагирования
Сайт как инструмент оперативного реагированияDEFA
 
Полезные модули DEFA для автоматизации работы интернет-магазина
Полезные модули DEFA для автоматизации работы интернет-магазинаПолезные модули DEFA для автоматизации работы интернет-магазина
Полезные модули DEFA для автоматизации работы интернет-магазинаDEFA
 
Современный музейный сайт
Современный музейный сайтСовременный музейный сайт
Современный музейный сайтDEFA
 
Siadima anastasia 1508 syrigou eythymia 1359
Siadima anastasia 1508 syrigou eythymia 1359Siadima anastasia 1508 syrigou eythymia 1359
Siadima anastasia 1508 syrigou eythymia 1359effiesyr
 

Andere mochten auch (17)

Брифование и проектирование. Важность предварительных этапов
Брифование и проектирование. Важность предварительных этаповБрифование и проектирование. Важность предварительных этапов
Брифование и проектирование. Важность предварительных этапов
 
17 принципов создания идеальной дизайн-концепции
17 принципов создания идеальной дизайн-концепции17 принципов создания идеальной дизайн-концепции
17 принципов создания идеальной дизайн-концепции
 
WorldFree Direct Sales
WorldFree Direct SalesWorldFree Direct Sales
WorldFree Direct Sales
 
G snap security-solution
G snap security-solutionG snap security-solution
G snap security-solution
 
3 leccion
3 leccion3 leccion
3 leccion
 
Digital branding: Теория и практика малых дел
Digital branding: Теория и практика малых делDigital branding: Теория и практика малых дел
Digital branding: Теория и практика малых дел
 
Как создать государственный интернет-ресурс
Как создать государственный интернет-ресурсКак создать государственный интернет-ресурс
Как создать государственный интернет-ресурс
 
G snap security-solution
G snap security-solutionG snap security-solution
G snap security-solution
 
Gebeurtenis
GebeurtenisGebeurtenis
Gebeurtenis
 
Skazka pro tochku
Skazka pro tochkuSkazka pro tochku
Skazka pro tochku
 
Старикам тут не место.
Старикам тут не место.Старикам тут не место.
Старикам тут не место.
 
Имиджевый аспект государственных сайтов
Имиджевый аспект государственных сайтовИмиджевый аспект государственных сайтов
Имиджевый аспект государственных сайтов
 
Сайт как инструмент оперативного реагирования
Сайт как инструмент оперативного реагированияСайт как инструмент оперативного реагирования
Сайт как инструмент оперативного реагирования
 
Massage Therapy
Massage TherapyMassage Therapy
Massage Therapy
 
Полезные модули DEFA для автоматизации работы интернет-магазина
Полезные модули DEFA для автоматизации работы интернет-магазинаПолезные модули DEFA для автоматизации работы интернет-магазина
Полезные модули DEFA для автоматизации работы интернет-магазина
 
Современный музейный сайт
Современный музейный сайтСовременный музейный сайт
Современный музейный сайт
 
Siadima anastasia 1508 syrigou eythymia 1359
Siadima anastasia 1508 syrigou eythymia 1359Siadima anastasia 1508 syrigou eythymia 1359
Siadima anastasia 1508 syrigou eythymia 1359
 

Ähnlich wie Secure nets-and-data

The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskPrecisely
 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHansFarroCastillo1
 
azure-security-overview-slideshare-180419183626.pdf
azure-security-overview-slideshare-180419183626.pdfazure-security-overview-slideshare-180419183626.pdf
azure-security-overview-slideshare-180419183626.pdfBenAissaTaher1
 
Creating Secure Applications
Creating Secure Applications Creating Secure Applications
Creating Secure Applications guest879f38
 
Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Sophos Benelux
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewAllen Brokken
 
Active Directory 2019 v2.pptx
Active Directory 2019 v2.pptxActive Directory 2019 v2.pptx
Active Directory 2019 v2.pptxPradeep Kapkoti
 
Design and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use CasesDesign and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use CasesPLUMgrid
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentKurtis Kemple
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud SecurityMongoDB
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
 
Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning Cisco Russia
 
OPC UA Connectivity with InduSoft and the OPC Foundation
OPC UA Connectivity with InduSoft and the OPC FoundationOPC UA Connectivity with InduSoft and the OPC Foundation
OPC UA Connectivity with InduSoft and the OPC FoundationAVEVA
 
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...EC-Council
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VRISC-V International
 

Ähnlich wie Secure nets-and-data (20)

The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and Security
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptx
 
azure-security-overview-slideshare-180419183626.pdf
azure-security-overview-slideshare-180419183626.pdfazure-security-overview-slideshare-180419183626.pdf
azure-security-overview-slideshare-180419183626.pdf
 
Creating Secure Applications
Creating Secure Applications Creating Secure Applications
Creating Secure Applications
 
Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Active Directory 2019 v2.pptx
Active Directory 2019 v2.pptxActive Directory 2019 v2.pptx
Active Directory 2019 v2.pptx
 
Design and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use CasesDesign and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use Cases
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your Environment
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud Security
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
 
Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning
 
OPC UA Connectivity with InduSoft and the OPC Foundation
OPC UA Connectivity with InduSoft and the OPC FoundationOPC UA Connectivity with InduSoft and the OPC Foundation
OPC UA Connectivity with InduSoft and the OPC Foundation
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
 
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
 

Kürzlich hochgeladen

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Kürzlich hochgeladen (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Secure nets-and-data

  • 1. SECURING CLASSIFIED NETWORKS AND SENSITIVE DATA Kevin Mayo CTO Global Government Sun Microsystems, Inc.
  • 2. Delivering Defence Solutions Globally Agenda WHAT IS THE SECURE NETWORK ACCESS PLATFORM? Why it Works Windows Interoperability, VOIP and Multi-Media
  • 3. Delivering Defence Solutions Globally Challenges for Secure Collaboration Networks • • • • • • Role-based Access to Multiple Security Domains Secure Data Transfer between Domains Scalability and Availability Ability to meet Regulations and Certify/Accredit Deployed Platforms Maximize Workflow Efficiency Minimize Cost of Acquisition and Life-Time Ownership
  • 4. Delivering Defence Solutions Globally Target Communities • Government Communities of Interest have special IT needs based on classified information handling > > • Requirements for appropriate handling of classified information mandate rigid approach to network configuration Conceptual “compartments” are manifested in physically isolated networks SNAP enables secure, multi-compartment access from a single, thin-client desktop system—while preserving network isolation
  • 5. Delivering Defence Solutions Globally Government System Requirements • Thin Client desktop – secure computing environment • Single Virtual Switch to Multiple Networks > Single desktop with connections to multiple security domains implemented as physically separated networks (without enabling intra-domain routing) > End-users have controlled access to domains based on security level, compartmentalization • Secure Inter-Domain Data Transfer > Automated and manual auditing based on pre-defined policies and procedures • Windows Interoperability > Secure Global Network, Citrix, RDP, X Windows or Browser.
  • 6. Delivering Defence Solutions Globally Status Quo Example— Stove Piped Networks for Secure Communications
  • 7. Delivering Defence Solutions Globally Changed the Game— Single Multi-Tiered Secure Communications
  • 8. Delivering Defence Solutions Globally Mobility with Security: Ultra-Thin Client Front-End Before: After: To ensure a high level of security physically isolated clients were deployed often single state Full Session Mobility enabled by a resulting in
  • 9. Delivering Defence Solutions Globally The Sun Solution: Secure Network Access Platform DOD Community Intell Community Switch Switch Switch NATO Community Switch Other Community Switch ARCHITECTURAL INDEPENDENCE Multi-network Application Consolidation ● Ultra Secure Authentication layer ● V240 V240 V240 Switch Switch Context free access layer ● User Identity/Role based access ● Switch > ● D1000 Auditability > 220R Session Mobility N
  • 10. Delivering Defence Solutions Globally Different Security Domains • System Requirements and Security Policy dictate which networks/security domain will be a part of the implementation • Each security domain is assigned a label > All labels defined in Labels and Encoding File > All security domains within implementation must be defined in Labels and Encoding File • Sol 10 TX using Mandatory Access Control and Trusted Networking enforces security policy by allowing/denying access to/from a specific security domain • Security Domains can be dynamically added/deleted from architecture as long as they are defined in policy
  • 11. Delivering Defence Solutions Globally User Access, Rights and Roles • User Access dependent upon Roles and Security Clearance • User Roles defined by job function and permission to applications and data • All users are assigned a Role and are granted privileges based on security clearance • Audit Logs record user activity
  • 12. Delivering Defence Solutions Globally Trusted Solaris(TM) Is Certified as one of Indus Trusted Extensions Layered on Solaris EAL4+ (B1) 10* (CAPP, RBACPP, LSPP) Solaris 10 EAL4+ (C2) (CAPP & RBACPP) OS CERTIFIED WITH EAL4 AND 3 PROTECTION PROFILES IN EAL4: CAPP—Controlled Access Protection Profile (Ensures proper login) RBPP—Role-based Protection Profile (Role-based access control allows the system administrator to define roles EAL4 or EAL4+ (C2) (CAPP) Linux based on job functions within an organization. The administrator assigns privileges to those roles) EAL3 or EAL3+ LSPP—Labeled Security Protection Profile ( All data and application components are REDHAT SGI Irix SuSE IBM AIX HP-UX WINDOWS 2000 SOLARIS 8 SOLARIS 9 TRUSTED SOLAR Based on data from http://www.commoncriteriaportal.org/ formally labeled addressed, and tracked through role based access control
  • 13. Delivering Defence Solutions Globally Common Criteria Evaluation Levels • CC Evaluation Assurance Levels (EAL) > > > > > > > EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7 Functionally Tested Structurally Tested Methodically Tested and Verified Methodically Designed, Tested and Verified Semi-formally Designed and Tested Semi-formally Verified Design and Tested Formally Verified Design and Tested • These are used to measure how well a protection profile has been tested...
  • 14. Delivering Defence Solutions Globally Certification vs. Accreditation • Hardware and Software Components are evaluated against Protection Profiles and receive Certifications at Evaluation Assurance Levels (EAL) • Systems are Accredited based on the Security Policy established for the specific program
  • 15. Delivering Defence Solutions Globally US Accreditation Examples • Certification Test & Evaluation (CT&E) > SR 1-8 Performed by DISA Slidell for NSA > SR 9 (Penetration Testing) Performed by NSA • SABI Accredited > Completed Questionnaire > Valid Requirement from Operational Unit > DSAWG Process > Cross Domain Technical Advisory Board - CDTAB > Cross Domain Systems Approval Process - CDSAP • Documents > > > > > System Security Authorization Agreement - SSAA Interim Authority to Operate - IATO Cross Domain Appendix - CDA Enclave MOA’s Secret Network Connection Approval Process • Awaiting US Department of Commerce export approval (expected this week)
  • 16. Delivering Defence Solutions Globally Agenda What is the Secure Network Access Platform? WHY IT WORKS Windows Interoperability, VOIP and Multi-Media
  • 17. Delivering Defence Solutions Globally What Is Trusted Operating System? A security-enhanced version of Solaris with additional access control policies Implements label-based security with hierarchical and compartmented modes Implements Role-Based Access Control and the Principle of Least Privilege SolarisTM 10 Trusted Extensions Provides a trusted multilevel desktop for workstations and ultra-thin clients Has the most complete set of trusted functionality of any certified OS
  • 18. Delivering Defence Solutions Globally Trusted Extensions Trusted Solaris BSM Trusted Networking Trusted Desktop RBAC Solaris Solaris 2.3 Solaris 8/9 Solaris 10 w/ TX Layered on Solaris Process Attributes Device Allocation Virtualization Privilege Policy Solaris 10
  • 19. Delivering Defence Solutions Globally Trusted Solaris History • 1990, SunOS MLS 1.0 > Conformed to TCSEC (1985 Orange Book) • 1992, SunOS CMW 1.0 > Compartmented-mode workstation requirements > Release 1.2 ITSEC certified for FB1 E3, 1995 • 1996, Trusted Solaris 2.5 > ITSEC certified for FB1 E3, 1998 • 1999, Trusted Solaris 7 • 2000, Trusted Solaris 8 > Common Criteria: CAPP, RBACPP, LSPP at EAL4+ > Updates to Trusted Solaris 8 also re-certified • 2006, Solaris 10 w/ Solaris Trusted Extensions
  • 20. Delivering Defence Solutions Globally The Network Delivers the Desktop
  • 21. Delivering Defence Solutions Globally Trusted Computing Key Features and Benefits ● Trusted Extensions extends the security capabilities of Solaris by providing: − − − − − − − − − Trusted Path Least Privilege Discretionary Access Control (DAC) Mandatory Access Control (MAC) Sensitivity Labels Role-based Access Control (RBAC) Trusted Networking Trusted Windowing Trusted Printing
  • 22. Delivering Defence Solutions Globally Trusted Path ● What is Trusted Path? A mechanism that provides confidence that the user is communicating directly with the Trusted Computing Base (TCB) ➢ It ensure that attackers can't intercept or modify whatever information is being communicated ➢ ● How is Trusted Path achieved? Trusted Windowing (Trusted CDE) ➢ Solaris Management Console (SMC) ➢
  • 23. Delivering Defence Solutions Globally Least Privilege ● There is no concept of “superuser” ➢ ➢ ● In its place, fine-grained privileges... ➢ That delegate specific capabilities as needed Example: How to start a web server? ➢ ➢ ● Root is not exempt from policy enforcement Root is not required for administration In Solaris, must be started as root or using a RBAC role that sets UID to 0 before starting In Trusted Solaris, only the privilege “net_privaddr” need be assigned
  • 24. Delivering Defence Solutions Globally Discretionary Access Control ● Discretionary Access Control (DAC) A software mechanism for controlling users' access to files and directories. ➢ Leaves setting protections for files or directories to the owner's discretion ➢ There are two forms of DAC in both Solaris and Trusted Solaris: ● Unix Permissions ➢ Access Control Lists (ACLs) ➢
  • 25. Delivering Defence Solutions Globally Mandatory Access Control ● Mandatory Access Control (MAC) A system-enforced access control mechanism that uses clearances and labels to enforce security policy ➢ MAC is enforced according to your site's security policy and cannot be overridden without special authorization or privileges ➢ ● MAC is key in SNAP for preserving network isolation
  • 26. Delivering Defence Solutions Globally Role-Based Access Control ● ● ● ● A role is a special account that provides access to specific programs using predefined privileges and authorizations Can only be assumed if Trusted Path exists Can grant fine-grained privileges to programs Can execute programs with different labels
  • 27. Delivering Defence Solutions Globally Sensitivity Labels ● Sensitivity Labels are defined by: ➢ A Classification indicating the (hierarchical) level or degree of security ● ➢ ➢ A Compartment representing some grouping ● ● ● e.g, TOP SECRET, SECRET, CONFIDENTIAL, … e.g., PUBLIC, INTERNAL, NEED TO KNOW, … e.g., ALPHA1, BRAVO1, BRAVO2 e.g., PAYROLL, HR, FINANCE, ENGINEERING Relationships can be hierarchical or compartmentalized
  • 28. Delivering Defence Solutions Globally Sensitivity Labels (2) ● Dominance Relationships ➢ ● In a hierarchical relationship, a label that dominates another is able to read data from the lower label (“read down”) Clearances ➢ Highest level of access assigned to the user ● ● A user cannot read or write above clearance Privileges can be given to exceed clearance
  • 29. Delivering Defence Solutions Globally Label Aware Services • Services which are trusted to protect multi-level information according to predefined policy • Trusted Extensions Label-aware service include: > > > > > > > Labeled Desktops Labeled Printing Labeled Networking Labeled Filesystem Label Configuration and Translation System Management Tools Device Allocation
  • 30. Delivering Defence Solutions Globally Device Allocation • Devices must be allocated before they can be used • Only authorized users/roles are allowed to allocate/deallocate devices at a label they are cleared for. • USB devices can be allocated • Sun This Client Devices > Audio filtered based on desktop unit > Hot pluggable device support • Devicec can be contolled by role or by user
  • 32. Delivering Defence Solutions Globally Zones for Trusted Extensions • Each zone has a label > Labels are implied by process zone IDs > Processes are isolated by label (and zone ID) > Files in a zone assume that zone's label • Global zone is unique > Parent of all other zones > Exempt from all labeling policies > No user processes—just TCB > Trusted path attribute is applied implicitly > Provides services to other zones • Common naming service to all zones • Device allocation on a per-zone / per-label basis
  • 33. Delivering Defence Solutions Globally Trusted Extensions - Option 1: Per-Zone Need-toknow Internal Use Public Multilevel Desktop Services (Global Zone) Solaris Kernel 1.2.3.10 1.2.4.10 1.2.5.10 1.2.6.10 • Each zone has a unique IP address • Network Interface may be virtualized to share a single hardware NIC or use multiple NICs
  • 34. Delivering Defence Solutions Globally Trusted Extensions - Option 2: All-Zon Need-toknow Internal Use Public Multilevel Desktop Services (Global Zone) Solaris Kernel 1.2.3.4 1.2.3.4 1.2.3.4 1.2.3.4 1.2.6.10 • All zones share a single address • Shared network Interface may be physical or logical • Both per-zone and all-zone assignment strategies can be used concurrently
  • 37. Delivering Defence Solutions Globally Trusted Networking Secure Network Access Platform for Governm Secret Domain A Secret Domain B Secret Domain C Top Secret Domain
  • 38. Delivering Defence Solutions Globally Benefits of Trusted Extensions • Leveraging Solaris functionality: > Process & User Rights Management, auditing, zones > Make use of existing Solaris kernel enhancements • Elimination of patch redundancy: > All Solaris patches apply, hence available sooner > No lag in hardware platform availability • Extend Solaris Application Guarantee • Full hardware and software support > File systems (UFS, VxFS, ZFS, SAM-FS, QFS, etc.) > Processors (SPARC, x86, AMD64 > Infrastructure (Cluster, Grid, Directory, etc.)
  • 39. Delivering Defence Solutions Globally Trusted Extensions in a Nutshell • Every object has a label associated with it > Files, windows, printers, devices, network packets, network interfaces, processes, etc... • Accessing or sharing data is controlled by the objects label relationship to each other > 'Secret' objects do not see 'Top Secret' objects • Administrators utilize Roles for duty separation > Security admin, user admin, installation, etc... • Programs/processes are granted privileges rather than full superuser access • Strong independent certification of security
  • 41. Delivering Defence Solutions Globally Sun Ray – Ultra Thin Client
  • 42. Delivering Defence Solutions Globally Client Pain Points FAT OS Multiple Crash Sites ● Virus Entry Points ● Client Side Support ● Unapproved Apps ● Local Apps ● Large Power Consumption ● Resource Underutilization Big CPU, DRAM Local Hard Drive
  • 43. Delivering Defence Solutions Globally Thin Client Approach Secure— Virus Free Virtual Office HA Client Server-Side Upgrades
  • 44. Delivering Defence Solutions Globally Sun Ray Ultra-thin Clients Session Mobility/ Hot-Desking Multiple OS & Application Choices: Solaris, Linux or Windows Small footprint Built-in Java Card Readers supporting multifactor authentication Sun Ray 2G Sun Ray 270 1920 x 1200 Supports 24” Display 17" LCD Integrated Broadband deployment capable • No DATA at the desktop OEM's • No APPS at the desktop • No OS at the desktop OEM options • No END-USER MANAGEMENT at the desktop
  • 45. Delivering Defence Solutions Globally Mobility with Security today at Sun ● 30, 000+ Sun Rays deployed at Sun ● 1 SA per 3000 clients ● $ 4.8M Power Savings ● Zero Move/Add/Changes ● Patching and OS upgrade speed ● Zero annual desktop refresh costs ● $71 M Savings in Real Estate ● Software License Savings ● Secure: token authentication, no viruses ● Silent: no fans or moving part ● No User time for boot up and OS management
  • 46. Delivering Defence Solutions Globally Sun Ray Deployment Options Sun Ray Server Corporate WAN Router/ Firewal l Interne t Intrane t Office Broadband Remote ISP Hom e
  • 47. Delivering Defence Solutions Globally JavaBadge One, Multi-App Badge With a Future vs. Multiple Cards With No Future Corporate Card/ Physical Access Card Sun RayTM Server Session Mobility Card = PKI Authentication Token Card/ x509 Replaces Safeword Challenge/Response Card
  • 48. Delivering Defence Solutions Globally Agenda What is the Secure Network Access Platform? Why It Works WINDOWS INTEROPERABILITY, VOIP, MULTIMEDIA
  • 50. Delivering Defence Solutions Globally Identity Synchronization for Windows (ISW) System Components • ISW Connectors; synchronize modification and user creation events over the Message Queue > Sun Java System Directory Server > W2000/2003 Active Directory & NT SAM • Connector Subcomponents; DS Plugin, NT Password Filter • DLL, NT Change Detector
  • 53. Delivering Defence Solutions Globally What's in a Softphone? • • • • • • • • User interface IP interface Signaling CODEC execution RTP media streaming Audio/QoS functions Proxy logic SDK/APIs
  • 54. Delivering Defence Solutions Globally Current SunRay Softphone SIP Communicator Lucent SIP softphone
  • 55. Delivering Defence Solutions Globally Multi-Media Capable Sun Ray • Delivered by 3rd party partner (GD C4 Systems) > Prototype developed > Anticipated availability, December 06 • Local Video and Audio Devices > “Limited 3-D graphics rendering” > codec and application dependent > high-resolution display capabilities > Low latency audio > Streaming Audio and Video • Desktop and Laptop / Portable footprint • Sun Ray Engineering > Sun Ray DDX into X Server > Local Codec Execution on SR-2 Hardware
  • 56. Delivering Defence Solutions Globally Why Should Your Customers Care About or Consider the Secure Network Access Platform? Because it protects data, centralizes control of your data & helps avoid embarrassing and damaging media moments like these...
  • 59. Delivering Defence Solutions Globally Secure Network Access Platform for Gov 3rd Party Security Extensions Integration to Legacy Systems Java Ultra-Thin Client Environment Government Accredited Trusted Operating Env RAS Compute Platform Consulting, Training, and Support Services TNE, Maxim, AC Tech, Cryptek, Tenix, RSA, TCS, etc. Secure Global Desktop, Citrix, RDP, Thinsoft SunRay 2FS, 270; Sun Ray Session Server, Trusted CDE, Java Cards Solaris 10 TX Certified EAL4+ (B1): CAPP, LSPP, RBPP Sun Solaris Enterprise StorEdge™ 9 Sun Servers Sun Open Work Practice, Workshop, POC, Architecture and Implementation + Training and Support