Policy Considerations Phill Hallam Baker. We have a choice.

Slides:

Advertisements

Similar presentations

AI3 Contact Server Takeshi Usui

Advertisements

Naming, Addressing, & Discovery

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Authentication Approaches Phillip Hallam-Baker VeriSign Inc.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

OFFENSE BY KALYAN MANDAGAUTAM BHASWAR.  4 years of study, covers only 6 Botnets reponsible for 79% of spam messages arriving at the University of Washington.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Insertion into a B+ Tree Null Tree Ptr Data Pointer * Tree Node Ptr After Adding 8 and then 5… 85 Insert 1 : causes overflow – add a new level * 5 * 158.

CS682- Session 10 Prof. Katz. Well-Known Attacks By far the most common security vulnerabilities Attacks that Script-Kiddies are capable of performing.

Credit Card Fraud, Jan Prochazka, Credit Card Fraud on the Web Jan Prochazka.

1 Secure DNS Solutions Rooster. 2 Introduction What does security mean for DNS? What security problems exist for DNS, what is being done about them, and.

PRISM-PROOF Phillip Hallam-Baker Comodo Group Inc.

SIMPLE MAIL TRANSFER PROTOCOL SECURITY Guided By Prof : Richard Sinn Bhavesh Jadav Mayur Mulani.

By Swapnesh Chaubal Rohit Bhat. BEAST : Browser Exploit Against SSL/TLS Julianno Rizzo and Thai Duong demonstrated this attack.

 background and intro  client deployment  system Architecture and server deployment  behind the scenes  data protection and security  multi-server.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

Cisco Discovery Working at a Small-to-Medium Business or ISP CHAPTER 7 ISP Services Jr.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

By Ram Narula Trivial Internet weaknesses with solutions proposal (“A global initiative” Part 1: Focusing on ) Ram Narula

Wireless and Security CSCI 5857: Encoding and Encryption.

Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.

Internet Security for Small & Medium Business Week 6

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

INSERT GRAPHIC SQUARE HERE World Wide Web EPC Network DNS Authoritative system that routes requests for Web sites and ONS Authoritative record of.

The Windows NT ® 5.0 Public Key Infrastructure Charlie Chase Program Manager Windows NT Security Microsoft Corporation.

An XMPP (Extensible Message and Presence Protocol) based implementation for NHIN Direct 1.

Publication and Protection of Site Sensitive Information in Grids Shreyas Cholia NERSC Division, Lawrence Berkeley Lab Open Source Grid.

© 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager.

Protecting the Player– Information Security Concerns Gus March 21, 2014.

Session 7 LBSC 690 Information Technology Security.

Chapter 18: Doing Business on the Internet Business Data Communications, 4e.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

 background and intro  client deployment  system Architecture and server deployment  behind the scenes  data protection and security  multi-server.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

MENU Implications of Securing Router Infrastructure NANOG 31 May 24, 2004 Ryan McDowell

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

STRATEGY SESSION SEPTEMBER 15, YEAR SECURITY DISCUSSION 1 NETWORK PLANNING TASK FORCE.

REALLY HACKING SQL SERVER 2000 Less Theory – More Action Jasper Smith.

Spam and the Ongoing Battle for the Inbox Joshua Goodman, Gordon Cormack, and David Heckerman Louis Szgalsky Andrew Burns.

Smart Objects and the Internet Architecture Fred Baker.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Security in many layers  Application Layer –  Transport Layer - Secure Socket Layer  Network Layer – IPsec (VPN)  Link Layer – Wireless Communication.

Private DNS Phillip Hallam-Baker. Objectives Privacy Confidentiality Traffic Analysis Authenticity Eliminate response spoofing Guarantee user’s choice.

Network and Internet Security Prepared by Dr. Lamiaa Elshenawy

Web Security. Introduction Webserver hacking refers to attackers taking advantage of vulnerabilities inherent to the web server software itself These.

Address Spoofing, DoS, and VoIP Groups 5 and 6. Spoofing, DoS, and VoIP MAC Address Spoofing MAC Address Spoofing IP Spoofing IP Spoofing DNS Spoofing.

1 Host versus Network Security Steven M. Bellovin

DKIM Policy Proposals. 3 Proposals ‘A La Carte’ Discovery Mechanism RISC Policy Description –Its (almost) all in the Key Records RISC Policy Description.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

S/MIME IBE Submissions Terence Spies Voltage Security.

1 Figure 1-6: Attacks and Defenses (Study Figure) Access Control  Access control is the body of strategies and practices that a company uses to prevent.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

Presented by Phani Krishna P

Proxy Re-encryption Phill Hallam-Baker.

CS 465 Secure Last Updated: Nov 30, 2017.

CompTIA Security+ Study Guide (SY0-401)

CompTIA Security+ Study Guide (SY0-501)

Unit 8 Network Security.

Slides Credit: Sogand Sadrhaghighi

Presentation transcript:

Policy Considerations Phill Hallam Baker

We have a choice

Choice 1

If it works don’t break it

Choice 2

Do the job right

An Architecture

A master plan

If we have to change Layered Architecture Reusable Policy Statements Reusable discovery strategy

You can’t have security without security policy

SSL Should I use security?

S/MIME, PGP No policy layer Authentication has limited use

STARTTLS The best encryption we have Should be used 100% Vulnerable to a downgrade attack

We can fix discovery Without changing the DNS infrastructure Or waiting for it to change

Three step discovery 1) policy = lookup (TXT, "_dkim.alice.example.com") IF policy <> NULL THEN RETURN policy 2) pointer = lookup (PTR, “alice.example.com") IF pointer == NULL THEN RETURN NULL 3) policy = lookup (TXT, "_dkim." + pointer) return policy To specify a wildcard use: *.example.com PTR _default.example.com

Choice 1 is best

Don’t boil the ocean

Unless we have to

Don’t end up with