Security Challenges in R&D Environments #WLPC_EU Lisbon Portugal 2017

Similar documents
Microsoft System Center Data

VMware Inc., NSX Edge SSL VPN-Plus

AGW SYSTEMS. Blue Clock W38X

BUYER S GUIDE AQUAlogger 530WTD

APP NOTES Onsight Connect Cisco Integration. July 2016

High usability and simple configuration or extensive additional functions the choice between Airlock Login or Airlock IAM is yours!

XXIII OLYMPIC WINTER GAMES NBCUNIVERSAL NEWS ACCESS GUIDELINES

Singtel TV GO Frequently Asked Questions

PTP 800 SPLIT-MOUNT SOLUTION

FAQs. General. There are many ways to get information about us:

OMS Group Dr. Werner Domschke. The Open Metering System guarantee interoperability, producer and medium independency

REMOTE WATER LEVEL MONITORING

PRODUCT CONFORMITY CERTIFICATE

DOWNLOAD OR READ : XFINITY DVR QUESTIONS PDF EBOOK EPUB MOBI

Connect with Confidence NO POWER NO PROBLEM

UTAH HUNTING AND FISHING

Cisco Visual Networking Index (VNI) and VNI Service Adoption Global Forecast Update, SuHyun Wang CTO of GSP Korea, Cisco June 2017

Syllabus for CS 111 Operating System Principles Summer 2015

RELEASE NOTES Onsight Connect for ios Software Version 8.1

No vertical limit - Conceptual LBS design for climbers

ITF SCORER ONLINE TRAINING SETUP

Smart Card based application for IITK Swimming Pool management

HAWK-EYE INNOVATIONS LTD THE HAWK-EYE TENNIS COACHING SYSTEM

Toronto 2015 uses innovative technology to share the spirit of the games.

NECCDC. Northeast Collegiate Cyber-Defense Competition Team Packet. In Orono, at the University of Maine

Le Sueur County, MN Tuesday, February 17, 2015 Board Meeting

Technology. Using Bluetooth

Code Basic module and level control complete with optionals code

IE073: Intrinsic Safety, Galvanic Isolation and Zener Barriers Technology & Applications

Software for electronic scorekeeping of volleyball matches, developed and distributed by:

FUNCTEST IN DEPTH. Jose Lausuch (Ericsson) OPNFV Summit

SteelHead SD Installation Guide

TEAM MEDICAL PERSONNEL - ACCREDITATION PROCEDURES

New Chapter Guide. Contents. 2 Organizing a Chapter. 3 General Guidelines. 4 ICF Chapter Requirements. 5 ICF Charter Chapter Requirements

XC2 Client/Server Installation & Configuration

The NXT Generation. A complete learning solution

TEAM MEDICAL PERSONNEL

ا آ راه و ده ای ای ر ا ت و ف ا و د دارد. م ا در و ات آی ز ن م رآ ی د ر ن آی ز ن از م ا ار و م ا ار ی رد ا ده در ز ن

Cisco Visual Networking Index (VNI) and VNI Service Adoption Forecast Update,

Officiating Broadcast Enhancement Live Production Experiential Digital Coaching

The National CyberWatch. Mid-Atlantic Collegiate Cyber Defense Competition OFFICIAL RULES

Dante B. Fascell Port of Miami-Dade

MEMBERSHIP MARKETING GUIDE. FOR SWIM TEAMS & LOCAL SWIMMING COMMITTEES (LSCs)

DIGITAL PRODUCT SUITE

Windar Photonics Wind Sensor. Great at Control

BSAC Strategic Plan. January 2016 December National Governing Body for scuba diving and snorkelling

Basketball data science

LT GasAnalyzer. LT GasAnalyzer Page 1 of 6

CRL Processing Rules. Santosh Chokhani March

training bulletin update For PADI Europe Members Edition 2/2007

SeaSmart. Jonathan Evans

GAS FILLING MACHINES PROCESS MONITORING PRESSURE BALANCE

Sensor Platform Project Marine Trials Bidders Conference. Fundy Ocean Research Center for Energy fundyforce.ca

Open Metering System

Product Overview. Product Description CHAPTER

SteelHead SaaS User s Guide

Toronto Public Library

CHRVA Referee Certification Process

API Reference for Cisco Enterprise Network Function Virtualization Infrastructure Software

LT GasAnalyzer beyond standards

Video Analysis for Cyclist Safety: Case Studies in Montreal, Canada

Safari Club International Introduction

Open Badges a New Way of Recognizing Informal Learning in. Lahti University of Applied Sciences

ESTIMATING TRAFFIC CONGESTION & LOS ON URBAN ROADS USING GPS DATA

Cycling Volume Estimation Methods for Safety Analysis

Now every device for small & medium businesses, at zero upfront

USA Swimming Background Check Program Frequently Asked Questions

Example: Revocation Reasons in X.509. Certificate revocation. How to authenticate public keys. Chapter 7 A with certificates.

Advanced SOC. Key Technologies for Security Operations. RSA Security Summit 2014 Advanced SOC. RSA Security Summit, 24 april 2014 Marcel Knippen

Rajiv Gandhi University of Knowledge Technologies, Nuzvid

A Student s Guide to Sheridan s Co-Curricular Record Program

Tennis Ireland National Player Database

PADI ReActivate FAQs

WELCOME TO THE FUTURE OF TELEVISION. User Manual

Introduction This section includes suggestions on how to use this guide, an overview of course philosophy and goals.

Australian Ice Hockey League Limited Privacy Policy

VET Tuition Fee Schedule For census days between 01 July 2018 to 31 December 2018

Training Fees 3,400 US$ per participant for Public Training includes Materials/Handouts, tea/coffee breaks, refreshments & Buffet Lunch.

Construction, Fitting and Testing of Closed Fuel Overflow Systems

Top Tips to Mitigate. Food Fraud COPYRIGHT ALL RIGHTS RESERVED.

Sontek RiverSurveyor Test Plan Prepared by David S. Mueller, OSW February 20, 2004

Amateur Radio Club QSO Party Rules

*

TSC developed the practical use of magnetostrictive method for strain measurement and it is embodied in the StressProbe instrument.

National Robotics Competition 2018 NRC WRO Challenge Manual

ABB MEASUREMENT & ANALYTICS. Continuous gas analyzers EL3060 The specialists for hazardous areas

Fantasy Golf Made Easy

The MQ Console and REST API

CHRVA Scorer Certification Process Adult Provisional Scorer Certification Requirements

Action Plan for Prevention of Industrial Accidents

User manual. PCA EXCEL one4all with corridorfunction PCA T5 ECO lp with corridorfunction TE one4all with corridorfunction

Why walk? Introducing Heart Foundation Walking! What is Heart Foundation Walking? Your role. Host Organisation

IMCA Competence Assessment Portfolio June 2013

My Website SHLEIGHCAMPSALL E P. (705) Portfolio Resume Website

ORIENTATION NATIONAL INCIDENT MANAGEMENT SYSTEM (NIMS) RESOURCE TYPING

SHORT TERM SCIENTIFIC MISSION (STSM) SCIENTIFIC REPORT

IMCA Competence Assessment Portfolio June 2013

Creating a Walking Skeleton

Report -2 of the working group on SPORT IN MUSEUMS

A Performance Comparison Between 3D Detection Systems

Transcription:

Security Challenges in R&D Environments #WLPC_EU Lisbon Portugal 2017 Jaromir Likavec Senior Network Engineer CWNE #127 CCIE Wireless #45051 Fraunhofer Institute for Computer Graphics Research IGD Tel +49 6151 155 314 jaromir.likavec@igd.fraunhofer.de www.igd.fraunhofer.de 1

Agenda Fraunhofer IGD Characteristics of R&D Environments Unification Of Network Access USE Case Security Requirements Certificate Deployment WLAN and Remote Access at Fraunhofer IGD Device Profiling Posture Assessment Network Monitoring/Network Troubleshooting Summary 2 #WLPC_EU Lisbon Portugal 2017 - Jaromir Likavec

Fraunhofer IGD Darmstadt Spatial Information Management 3D Printing Technology Information Visualization and Visual Analytics Virtual and Augmented Reality Smart Living & Biometric Technologies Visual Healthcare Technologies Visual Computing System Technologies Cultural Heritage Digitization Interactive Engineering Technologies Data Visualization HoloLens video 3 #WLPC_EU Lisbon Portugal 2017 - Jaromir Likavec

R&D environments are characterized by: High-security requirements Heterogeneous mobile equipment A mixture of private and corporate equipment Need for BYOD Need for remote access A constant need for deployment of new use cases Need for network monitoring A structured approach to troubleshooting Cutting edge technology 4 #WLPC_EU Lisbon Portugal 2017 - Jaromir Likavec

Unification of Network Access Motivation: Different access mechanisms for LAN, WLAN and VPN Consolidate WLAN and VPN access Separate network access with private / corporate devices Private evil Corporate good Develop a unified access concept for end device Deploy Device/User-based authentication und authorization 5 #WLPC_EU Lisbon Portugal 2017 - Jaromir Likavec

USE Case Security Requirements Two-Factor Authentication (certificate + username/password) Prevent sharing of certificate by multiple users Check user exists in AD before allowing VPN Use AD group membership as criteria for allowing SSLVPN Check if the PC is joined to the AD domain Verify Device certificate is on correct device Mobile Devices Users Trusted user Trusted Device Full Access Trusted User Untrusted Device Limited Access Untrusted User Trusted Device Limited Access Untrusted User Untrusted Device No Access Permissions 6 #WLPC_EU Lisbon Portugal 2017 - Jaromir Likavec

Generate Computer Certificate 7 #WLPC_EU Lisbon Portugal 2017 - Jaromir Likavec

Use Of Certificates Domain Computer automatic distribution und automatic renewal Mobile Devices manual generation and Web download Apple Mac and Linux computer manual generation and Web download HQ CC-LAN use of Mail Certificates Cisco IP phones MIC Certificates What is checked Certificate Validity Certificate Revocation List (CRL) Device Entry at MS AD User/Password at MS AD MAC -Address on dns/dhcp (for HQ) 8 #WLPC_EU Lisbon Portugal 2017 - Jaromir Likavec

New Network Access at Fraunhofer IGD Wireless Remote Access LAN #WLPC_EU Lisbon Portugal 2017 - Jaromir Likavec

WLAN and Remote Access at Fraunhofer IGD Cisco Anyconnect Mobility 10 #WLPC_EU Lisbon Portugal 2017 - Jaromir Likavec

Remote Access 11 #WLPC_EU Lisbon Portugal 2017 - Jaromir Likavec

Device Profiling Dynamic classification of every device that connects to network using the infrastructure Use Probes for collecting device attributes : Radius, DHCP, HTTP, NetFlow, NMAP, SNMP, LLDP/CDP Device Identity Groups Printer Vlan Apply Policies Voice Vlan Dyn. Vlan Video Vlan 12 #WLPC_EU Lisbon Portugal 2017 - Jaromir Likavec

Posture Assessment Compliance Check OS Analysis of Antivirus, Antispyware, Personal FW Quarantine and Remediation Services 13 #WLPC_EU Lisbon Portugal 2017 - Jaromir Likavec

Monitoring Troubleshooting Cisco ISE XT Spectrum WLC Air check G2 Cisco PRIME Omnipeek/Wireshark ZABBIX SPLUNK Ekahau Site Survey 14 #WLPC_EU Lisbon Portugal 2017 - Jaromir Likavec

Summary 802.1X is ready for productive use Device certificates are used to determine whether the device is a corporate device or a private device that is connected to the LAN, WLAN, or VPN User credentials follow as a second step This solution for network access increases security and reduce operating costs It s not the Network It s (still) not the Network 15 #WLPC_EU Lisbon Portugal 2017 - Jaromir Likavec

Thank You Questions: 16 #WLPC_EU Lisbon Portugal 2017 - Jaromir Likavec

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback