Security and Encryption

Slides:



Advertisements
Similar presentations
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Advertisements

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Larry Wagner Sr. Director of Engineering
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Payment Card Industry (PCI) Data Security Standard
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
Real Security InterSwyft Technical information's.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
1 Kyung Hee University Prof. Choong Seon HONG Network Control.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 
Mobile and Wireless Communication Security By Jason Gratto.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Remote access typically involves allowing telnet, SSH connections to the router Remote requires.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Secure Your Documents. Protect Your Data. Lexmark Security for Solutions-Capable Printers and MFPs.
Georgia Electronic Voting System Testing and Security Voting Systems Testing Summit November 29, 2005.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.
Database Security and Data Protection Suseel Pachalla, CISSP.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Potential vulnerabilities of IPsec-based VPN
Security fundamentals Topic 1 Addressing security threats and vulnerabilities.
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Module 10: Windows Firewall and Caching Fundamentals.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
CPT 123 Internet Skills Class Notes Internet Security Session B.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee.
Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 1 Ensure data security in a hyper-connected world.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training What’s New in Fireware v
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
Web Applications Security Cryptography 1
PCI-DSS Security Awareness
Working at a Small-to-Medium Business or ISP – Chapter 8
Critical Security Controls
100% Exam Passing Guarantee & Money Back Assurance
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It works.
SECURING NETWORK TRAFFIC WITH IPSEC
Radius, LDAP, Radius used in Authenticating Users
Security of a Local Area Network
Security & Architecture
On and Off Premise Secure Access
Nessus Vulnerability Scanning
IS3440 Linux Security Unit 9 Linux System Logging and Monitoring
NAAS 2.0 Features and Enhancements
Goals Introduce the Windows Server 2003 family of operating systems
Lesson 16-Windows NT Security Issues
– Chapter 3 – Device Security (B)
Operating System Security
Designed for powerful live monitoring of larger installations
Intel Active Management Technology
Security in SDR & cognitive radio
6. Application Software Security
Presentation transcript:

Security and Encryption Dmitry Moiseev

Agenda – How to build up layered security Physical Security Detect physical tampering Prevent unauthorized software Encrypt sensitive configuration data Defend against network attacks Management Security Prevent unauthorized access. Audit trail of who changed what and when Prepare for disaster Data Security Encryption of over-the-air data Prevent decoding of network transmissions Process Security Build security into the product upfront Gain validation from 3rd parties Copyright 2017 Cambium Networks, Inc. All Rights Reserved.

Copyright 2017 Cambium Networks, Inc. All Rights Reserved. Physical Security Detect physical tampering Tamper-evident serial numbered seals placed on unit seams prior to leaving factory Opaque enclosure prevents seeing inside box without breaking tamper-evident seal. Prevent unauthorized software Software images digitally signed and won’t load if modified Encrypt sensitive parameters Secure storage and erasure of critical security parameters (passwords, encryption keys, etc.) No hardcoded passwords in the unit. No default security certificates No user payload data stored on unit Defense against Network Attacks Denial of Service logic protecting management interface Un-used ports and protocols locked down Copyright 2017 Cambium Networks, Inc. All Rights Reserved.

Copyright 2017 Cambium Networks, Inc. All Rights Reserved. Management Security Secure Access to Management Interface Secure protocols (HTTPS and SNMPv3) No default passwords or security certificates Password rules and aging No manufacturer “back-doors” Supports user-installable X.509 certificates for authentication Out of Band Management Options (OOBM) Security banners Detect and Audit System Activity Identity based user accounts (3 roles/10 users) Multiple access levels Centralized storage of event logs (syslog) Centralized user authentication (RADIUS) Authenticated ntp (time server) Disaster Preparedness / Recovery ‘save and restore’ allows units to be quickly restored to approved settings Copyright 2017 Cambium Networks, Inc. All Rights Reserved.

Copyright 2017 Cambium Networks, Inc. All Rights Reserved. Wireless encryption Stream-based wireless encryption 128-bit and 256-bit AES encryption (validated to FIPS-197) Protects users data Prevents traffic analysis Efficient hardware-based crypto Optional over the air rekeying (OTAR) AES license Secure device authentication ODU will not connect to any unauthorized remote unit Factory-installed or user-supplied device certificates PSK, Whitelist, Blacklist authorization Encryption standards Wireless encryption based on standard approved algorithms and protocols: AES, SHA-256, SHA-384, RSA, TLS Copyright 2017 Cambium Networks, Inc. All Rights Reserved.

Copyright 2017 Cambium Networks, Inc. All Rights Reserved. Process Security ISO 9000 Software Development Process Structured code reviews Build integrity / Version control Vulnerability Scanning Each software release tested against set of latest known attacks with industry-standard tools Industry Validation Optional FIPS 140-2 Level 2 validated by NIST on PTP 700 AES encryption algorithms validated against FIPS197 Copyright 2017 Cambium Networks, Inc. All Rights Reserved.