Presentation is loading. Please wait.

Presentation is loading. Please wait.

Policy Considerations Phill Hallam Baker. We have a choice.

Published bySophia Stewart Modified over 8 years ago

Similar presentations

Presentation on theme: "Policy Considerations Phill Hallam Baker. We have a choice."— Presentation transcript:

1 Policy Considerations Phill Hallam Baker

2 We have a choice

3 Choice 1

4 If it works don’t break it

5 Choice 2

6 Do the job right

7 An Architecture

8 A master plan

9 If we have to change Layered Architecture Reusable Policy Statements Reusable discovery strategy

10 You can’t have security without security policy

11 SSL Should I use security? HTTPS://

12 S/MIME, PGP No policy layer Authentication has limited use

13 STARTTLS The best email encryption we have Should be used 100% Vulnerable to a downgrade attack

14 We can fix discovery Without changing the DNS infrastructure Or waiting for it to change

15 Three step discovery 1) policy = lookup (TXT, "_dkim.alice.example.com") IF policy <> NULL THEN RETURN policy 2) pointer = lookup (PTR, “alice.example.com") IF pointer == NULL THEN RETURN NULL 3) policy = lookup (TXT, "_dkim." + pointer) return policy To specify a wildcard use: *.example.com PTR _default.example.com

16 Choice 1 is best

17 Don’t boil the ocean

18 Unless we have to

19 Don’t end up with

Download ppt "Policy Considerations Phill Hallam Baker. We have a choice."

Similar presentations

AI3 Contact Server Takeshi Usui

AI3 Contact Server Takeshi Usui
Naming, Addressing, & Discovery

Naming, Addressing, & Discovery
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Authentication Approaches Phillip Hallam-Baker VeriSign Inc.

Authentication Approaches Phillip Hallam-Baker VeriSign Inc.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
DNSSEC & Email Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.
OFFENSE BY KALYAN MANDAGAUTAM BHASWAR.  4 years of study, covers only 6 Botnets reponsible for 79% of spam messages arriving at the University of Washington.

OFFENSE BY KALYAN MANDAGAUTAM BHASWAR.  4 years of study, covers only 6 Botnets reponsible for 79% of spam messages arriving at the University of Washington.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Insertion into a B+ Tree Null Tree Ptr Data Pointer * Tree Node Ptr After Adding 8 and then 5… 85 Insert 1 : causes overflow – add a new level * 5 * 158.

Insertion into a B+ Tree Null Tree Ptr Data Pointer * Tree Node Ptr After Adding 8 and then 5… 85 Insert 1 : causes overflow – add a new level * 5 * 158.
CS682- Session 10 Prof. Katz. Well-Known Attacks By far the most common security vulnerabilities Attacks that Script-Kiddies are capable of performing.

CS682- Session 10 Prof. Katz. Well-Known Attacks By far the most common security vulnerabilities Attacks that Script-Kiddies are capable of performing.
Credit Card Fraud, Jan Prochazka, 2005 1 Credit Card Fraud on the Web Jan Prochazka.

Credit Card Fraud, Jan Prochazka, Credit Card Fraud on the Web Jan Prochazka.
1 Secure DNS Solutions Rooster. 2 Introduction What does security mean for DNS? What security problems exist for DNS, what is being done about them, and.

1 Secure DNS Solutions Rooster. 2 Introduction What does security mean for DNS? What security problems exist for DNS, what is being done about them, and.
PRISM-PROOF Phillip Hallam-Baker Comodo Group Inc.

PRISM-PROOF Phillip Hallam-Baker Comodo Group Inc.
SIMPLE MAIL TRANSFER PROTOCOL SECURITY Guided By Prof : Richard Sinn Bhavesh Jadav Mayur Mulani.

SIMPLE MAIL TRANSFER PROTOCOL SECURITY Guided By Prof : Richard Sinn Bhavesh Jadav Mayur Mulani.
By Swapnesh Chaubal Rohit Bhat. BEAST : Browser Exploit Against SSL/TLS Julianno Rizzo and Thai Duong demonstrated this attack.

By Swapnesh Chaubal Rohit Bhat. BEAST : Browser Exploit Against SSL/TLS Julianno Rizzo and Thai Duong demonstrated this attack.
 background and intro  client deployment  system Architecture and server deployment  behind the scenes  data protection and security  multi-server.

 background and intro  client deployment  system Architecture and server deployment  behind the scenes  data protection and security  multi-server.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Similar presentations

Ads by Google