DOCSLIB.ORG

Mitigating Botnet-Based Ddos Attacks Against Web Servers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Mitigating Botnet-Based Ddos Attacks Against Web Servers MITIGATING BOTNET-BASED DDOS ATTACKS AGAINST WEB SERVERS by Peter L. Djalaliev B.Sc., Washington and Lee University, 2005 M.Sc., University of Pittsburgh, 2009 Submitted to the Graduate Faculty of the Dietrich School of Arts and Sciences in partial fulfillment of the requirements for the degree of Doctor of Philosophy University of Pittsburgh 2013 UNIVERSITY OF PITTSBURGH DIETRICH SCHOOL OF ARTS AND SCIENCES, DEPARTMENT OF COMPUTER SCIENCE This dissertation was presented by Peter L. Djalaliev It was defended on July 15, 2013 and approved by Dr. Adam Lee, Assistant Professor, Department of Computer Science Dr. Youtao Zhang, Associate Professor, Department of Computer Science Dr. Daniel Mosse, Professor, Department of Computer Science Dr. Prashant Krishnamurthy, Associate Professor, School of Information Sciences Dissertation Director: Dr. Adam Lee, Assistant Professor, Department of Computer Science ii MITIGATING BOTNET-BASED DDOS ATTACKS AGAINST WEB SERVERS Peter L. Djalaliev, PhD University of Pittsburgh, 2013 Distributed denial-of-service (DDoS) attacks have become wide-spread on the Internet. They continuously target retail merchants, financial companies and government institutions, dis- rupting the availability of their online resources and causing millions of dollars of financial losses. Software vulnerabilities and proliferation of malware have helped create a class of application-level DDoS attacks using networks of compromised hosts (botnets). In a botnet- based DDoS attack, an attacker orders large numbers of bots to send seemingly regular HTTP and HTTPS requests to a web server, so as to deplete the server's CPU, disk, or memory capacity. Researchers have proposed client authentication mechanisms, such as CAPTCHA puz- zles, to distinguish bot traffic from legitimate client activity and discard bot-originated packets. However, CAPTCHA authentication is vulnerable to denial-of-service and artificial intelligence attacks. This dissertation proposes that clients instead use hardware tokens to authenticate in a federated authentication environment. The federated authentication solu- tion must resist both man-in-the-middle and denial-of-service attacks. The proposed system architecture uses the Kerberos protocol to satisfy both requirements. This work proposes novel extensions to Kerberos to make it more suitable for generic web authentication. A server could verify client credentials and blacklist repeated offenders. Traffic from blacklisted clients, however, still traverses the server's network stack and consumes server resources. This work proposes Sentinel, a dedicated front-end network device that intercepts server-bound traffic, verifies authentication credentials and filters blacklisted traffic before it iii reaches the server. Using a front-end device also allows transparently deploying hardware ac- celeration using network co-processors. Network co-processors can discard blacklisted traffic at the hardware level before it wastes front-end host resources. We implement the proposed system architecture by integrating existing software appli- cations and libraries. We validate the system implementation by evaluating its performance under DDoS attacks consisting of floods of HTTP and HTTPS requests. iv TABLE OF CONTENTS PREFACE ......................................... xiv 1.0 INTRODUCTION .................................1 1.1 DISTRIBUTED DENIAL-OF-SERVICE ATTACKS.............2 1.2 THESIS STATEMENT AND CONTRIBUTIONS...............5 1.3 ROADMAP.................................... 11 2.0 SYSTEM MODEL AND BACKGROUND .................. 12 2.1 SYSTEM MODEL................................ 12 2.2 HYPERTEXT TRANSFER PROTOCOL................... 14 2.3 TRANSPORT LAYER SECURITY...................... 14 2.4 FEDERATED AUTHENTICATION...................... 16 2.4.1 OPENID................................. 18 2.4.2 PASSPORT................................ 19 2.4.3 SECURITY ASSERTION MARKUP LANGUAGE.......... 20 2.4.4 IDENTITY METASYSTEM...................... 21 2.4.5 KERBEROS............................... 22 2.5 CONCLUSION.................................. 24 3.0 SENTINEL ..................................... 25 3.1 MODES OF OPERATION........................... 26 3.2 EXTENSIBLE IN-NETWORK CLIENT AUTHENTICATION....... 26 3.3 COMMITTING RESOURCES TO UNAUTHENTICATED CLIENTS... 28 3.4 COUNTING UNAUTHENTICATED REQUESTS AND BLACKLISTING. 30 3.4.1 BLOOM FILTER FALSE POSITIVES................. 31 v 3.4.2 BLACKLISTING............................. 32 3.5 PACKET FILTERING, SCRUBBING, AND DEEP PACKET INSPECTION 33 3.6 IMPLEMENTATION.............................. 34 3.6.1 NETRONOME NFE-I8000....................... 34 3.6.1.1 SOFTWARE APIs....................... 35 3.6.2 CAPTCHA AUTHENTICATION MODULE............. 36 4.0 HARDWARE TOKEN AUTHENTICATION IN A FEDERATED SET- TING ......................................... 37 4.1 HARDWARE TOKEN AUTHENTICATION................. 39 4.2 KERBEROS FEDERATED AUTHENTICATION.............. 40 4.2.1 INTEGRATING HARDWARE TOKEN AUTHENTICATION INTO KERBEROS............................... 42 4.2.2 OFFLOADED KERBEROS AUTHENTICATION REQUESTS... 43 4.2.3 KERBEROS CLIENT CONFIGURATION.............. 44 4.2.4 KERBEROS CLIENT ANONYMITY................. 45 4.3 EXTENDED SENTINEL DESIGN....................... 45 4.3.1 AUTHENTICATION OF HTTP REQUESTS............. 46 4.3.2 AUTHENTICATION OF HTTPS REQUESTS............ 47 4.4 CLIENT INTERFACE: IDENTITY METASYSTEM AND INFORMATION CARDS...................................... 48 4.4.1 IDENTITY METASYSTEM...................... 48 4.4.2 INTEGRATING IDENTITY METASYSTEM WITH KERBEROS. 50 5.0 SYSTEM IMPLEMENTATION ........................ 52 5.1 INTEGRATING KERBEROS AND HARDWARE TOKEN AUTHENTICA- TION....................................... 52 5.2 OFFLOADED KERBEROS AUTHENTICATION REQUESTS....... 54 5.3 VERIFYING KERBEROS CREDENTIALS IN HTTP AND HTTPS TRAF- FIC........................................ 55 5.4 IDENTITY METASYSTEM AND INFORMATION CARD INTEGRATION 57 5.4.1 INFORMATION CARD EXTENSIONS................ 57 vi 5.4.2 SECURITY TOKEN REQUEST AND RESPONSE EXTENSIONS. 58 5.5 USER INTERFACE............................... 59 5.5.1 SENTINEL RESPONSE TO UNAUTHENTICATED HTTP REQUESTS 60 5.5.2 IDENTITY SELECTOR QUERY DIALOG WINDOW........ 61 6.0 PERFORMANCE ANALYSIS ......................... 64 6.1 EXPERIMENTAL SETUP........................... 64 6.1.1 DDOS ATTACK GENERATION WITH BONESI.......... 66 6.1.2 WEB SERVER PAGES......................... 67 6.2 PERFORMANCE EXPERIMENT DESIGN.................. 68 6.3 HTTP FLOOD ATTACKS AGAINST WEB SERVERS........... 72 6.4 HTTP FLOOD ATTACKS AND CAPTCHA AUTHENTICATION WITH DYNAMICALLY GENERATED PUZZLES.................. 74 6.5 HTTP FLOOD ATTACKS AND CAPTCHA AUTHENTICATION WITH PRE-GENERATED PUZZLES......................... 76 6.6 HTTP FLOOD ATTACKS AND HARDWARE TOKEN AUTHENTICATION 78 6.7 HTTP FLOOD ATTACKS AND BLACKLISTING.............. 80 6.8 HTTPS FLOOD ATTACKS AGAINST WEB SERVERS.......... 84 6.9 HTTPS FLOOD AND HARDWARE TOKEN AUTHENTICATION.... 86 7.0 SECURITY ANALYSIS ............................. 88 7.1 NETWORK MODEL.............................. 88 7.1.1 USAGE SCENARIO........................... 90 7.1.2 TRUST DOMAINS AND DEPENDENCIES............. 91 7.2 SYSTEM ASSETS AND ACCESS POINTS.................. 93 7.3 THREAT PROFILE............................... 93 7.3.1 REPLAYING STOLEN KERBEROS PROXY SERVICE TICKETS 93 7.3.2 KERBEROS PASSWORD AND RSA SECURID TOKEN CODE THEFT 95 7.3.3 RSA SECURID TOKEN AND TOKEN SEED THEFT....... 95 7.3.4 AVAILABILITY OF RSA AUTHENTICATION MANAGER.... 96 7.3.5 AVAILABILITY OF KERBEROS KDCS............... 97 7.3.6 DEPLETING SENTINEL'S TCAM MEMORY CAPACITY..... 97 vii 7.4 CONCLUSION.................................. 98 8.0 RELATED WORK AND ALTERNATIVE APPROACHES ....... 99 8.1 CAPTCHAs................................... 99 8.1.1 KILL-BOTS............................... 102 8.2 TRUSTED COMPUTING............................ 103 8.3 SECURE OVERLAYS.............................. 105 8.4 ROAMING HONEYPOTS........................... 107 8.5 CLIENT PUZZLES............................... 107 8.6 COMMERCIAL APPLICATION LEVEL DDOS SOLUTIONS....... 109 8.7 ALTERNATIVE APPROACHES........................ 110 8.8 CONCLUSION.................................. 112 9.0 CONCLUSION ................................... 114 9.1 THESIS STATEMENT AND CONTRIBUTIONS............... 114 9.2 FUTURE WORK................................ 116 9.2.1 LEGITIMATE AUTOMATED PROCESS ACCESS TO WEB SERVERS UNDER DDOS ATTACKS....................... 116 9.2.2 ALTERNATIVE FORMS OF HUMAN USER VERIFICATION... 117 9.2.3 KERBEROS CROSS-REALM ROUTING PROTOCOLS FOR AU- THENTICATION PATH DISCOVERY................ 117 BIBLIOGRAPHY .................................... 118 viii LIST OF TABLES 1 Variable and fixed parameters for performance experiments.......... 71 2 CAPTCHA image format comparison...................... 75 ix LIST OF FIGURES 1 Botnet-based DDoS attacks............................3 2 Overview of system architecture.........................6 3 System Model................................... 13 4 Federated identities and authentication..................... 17 5 OpenID 2.0 message exchange.......................... 18 6 Passport message exchange............................ 19 7 SAML message exchange............................. 20 8 Identity Metasystem message exchange..................... 21 9 Kerberos message exchange............................ 23 10 Overview of Sentinel................................ 25 11 SYN cookies and asynchronous client authentication.............
Load more

Recommended publications
  • Communications of the Acm
    COMMUNICATIONS CACM.ACM.ORG OF THEACM 11/2014 VOL.57 NO.11 Scene Understanding by Labeling Pixels Evolution of the Product Manager The Data on Diversity On Facebook, Most Ties Are Weak Keeping Online Reviews Honest Association for Computing Machinery tvx-full-page.pdf-newest.pdf 1 11/10/2013 12:03 3-5 JUNE, 2015 BRUSSELS, BELGIUM Course and Workshop C proposals by M 15 November 2014 Y CM Paper Submissions by MY 12 January 2015 CY CMY K Work in Progress, Demos, DC, & Industrial Submissions by 2 March 2015 Welcoming Submissions on Content Production Systems & Infrastructures Devices & Interaction Techniques Experience Design & Evaluation Media Studies Data Science & Recommendations Business Models & Marketing Innovative Concepts & Media Art TVX2015.COM [email protected] ACM Books M MORGAN& CLAYPOOL &C PUBLISHERS Publish your next book in the ACM Digital Library ACM Books is a new series of advanced level books for the computer science community, published by ACM in collaboration with Morgan & Claypool Publishers. I’m pleased that ACM Books is directed by a volunteer organization headed by a dynamic, informed, energetic, visionary Editor-in-Chief (Tamer Özsu), working closely with a forward-looking publisher (Morgan and Claypool). —Richard Snodgrass, University of Arizona books.acm.org ACM Books ◆ will include books from across the entire spectrum of computer science subject matter and will appeal to computing practitioners, researchers, educators, and students. ◆ will publish graduate level texts; research monographs/overviews of established and emerging fields; practitioner-level professional books; and books devoted to the history and social impact of computing. ◆ will be quickly and attractively published as ebooks and print volumes at affordable prices, and widely distributed in both print and digital formats through booksellers and to libraries and individual ACM members via the ACM Digital Library platform.
    [Show full text]
  • Benchmarks for IP Forwarding Tables
    Reviewers James Abello Richard Cleve Vassos Hadzilacos Dimitris Achilioptas James Clippinger Jim Hafner Micah Adler Anne Condon Torben Hagerup Oswin Aichholzer Stephen Cook Armin Haken William Aiello Tom Cormen Shai Halevi Donald Aingworth Dan Dooly Eric Hansen Susanne Albers Oliver Duschka Refael Hassin Eric Allender Martin Dyer Johan Hastad Rajeev Alur Ran El-Yaniv Lisa Hellerstein Andris Ambainis David Eppstein Monika Henzinger Amihood Amir Jeff Erickson Tom Henzinger Artur Andrzejak Kousha Etessami Jeremy Horwitz Boris Aronov Will Evans Russell Impagliazzo Sanjeev Arora Guy Even Piotr Indyk Amotz Barnoy Ron Fagin Sandra Irani Yair Bartal Michalis Faloutsos Ken Jackson Julien Basch Martin Farach-Colton David Johnson Saugata Basu Uri Feige John Jozwiak Bob Beals Joan Feigenbaum Bala Kalyandasundaram Paul Beame Stefan Felsner Ming-Yang Kao Steve Bellantoni Faith Fich Haim Kaplan Micahel Ben-Or Andy Fingerhut Bruce Kapron Josh Benaloh Paul Fischer Michael Kaufmann Charles Bennett Lance Fortnow Michael Kearns Marshall Bern Steve Fortune Sanjeev Khanna Nikolaj Bjorner Alan Frieze Samir Khuller Johannes Blomer Anna Gal Joe Kilian Avrim Blum Naveen Garg Valerie King Dan Boneh Bernd Gartner Philip Klein Andrei Broder Rosario Gennaro Spyros Kontogiannis Nader Bshouty Ashish Goel Gilad Koren Adam Buchsbaum Michel Goemans Dexter Kozen Lynn Burroughs Leslie Goldberg Dina Kravets Ran Canetti Paul Goldberg S. Ravi Kumar Pei Cao Oded Goldreich Eyal Kushilevitz Moses Charikar John Gray Stephen Kwek Chandra Chekuri Dan Greene Larry Larmore Yi-Jen Chiang
    [Show full text]
  • Elastic Load Balancing Application Load Balancers Elastic Load Balancing Application Load Balancers
    Elastic Load Balancing Application Load Balancers Elastic Load Balancing Application Load Balancers Elastic Load Balancing: Application Load Balancers Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. Elastic Load Balancing Application Load Balancers Table of Contents What is an Application Load Balancer? .................................................................................................. 1 Application Load Balancer components ......................................................................................... 1 Application Load Balancer overview ............................................................................................. 2 Benefits of migrating from a Classic Load Balancer ........................................................................ 2 Related services ......................................................................................................................... 3 Pricing ...................................................................................................................................... 3 Getting started .................................................................................................................................
    [Show full text]
  • Elastic Load Balancing Application Load Balancers Elastic Load Balancing Application Load Balancers
    Elastic Load Balancing Application Load Balancers Elastic Load Balancing Application Load Balancers Elastic Load Balancing: Application Load Balancers Elastic Load Balancing Application Load Balancers Table of Contents What is an Application Load Balancer? .................................................................................................. 1 Application Load Balancer components ......................................................................................... 1 Application Load Balancer overview ............................................................................................. 2 Benefits of migrating from a Classic Load Balancer ........................................................................ 2 Related services ......................................................................................................................... 3 Pricing ...................................................................................................................................... 3 Getting started .................................................................................................................................. 4 Before you begin ....................................................................................................................... 4 Step 1: Configure your target group ............................................................................................. 4 Step 2: Choose a load balancer type ...........................................................................................
    [Show full text]
  • D1.5 Final Business Models
    ITEA 2 Project 10014 EASI-CLOUDS - Extended Architecture and Service Infrastructure for Cloud-Aware Software Deliverable D1.5 – Final Business Models for EASI-CLOUDS Task 1.3: Business model(s) for the EASI-CLOUDS eco-system Editor: Atos, Gearshift Security public Version 1.0 Melanie Jekal, Alexander Krebs, Markku Authors Nurmela, Juhana Peltonen, Florian Röhr, Jan-Frédéric Plogmeier, Jörn Altmann, (alphabetically) Maurice Gagnaire, Mario Lopez-Ramos Pages 95 Deliverable 1.5 – Final Business Models for EASI-CLOUDS v1.0 Abstract The purpose of the business working group within the EASI-CLOUDS project is to investigate the commercial potential of the EASI-CLOUDS platform, and the brokerage and federation- based business models that it would help to enable. Our described approach is both ‘top down’ and ‘bottom up’; we begin by summarizing existing studies on the cloud market, and review how the EASI-CLOUDS project partners are positioned on the cloud value chain. We review emerging trends, concepts, business models and value drivers in the cloud market, and present results from a survey targeted at top cloud bloggers and cloud professionals. We then review how the EASI-CLOUDS infrastructure components create value both directly and by facilitating brokerage and federation. We then examine how cloud market opportunities can be grasped through different business models. Specifically, we examine value creation and value capture in different generic business models that may benefit from the EASI-CLOUDS infrastructure. We conclude by providing recommendations on how the different EASI-CLOUDS demonstrators may be commercialized through different business models. © EASI-CLOUDS Consortium. 2 Deliverable 1.5 – Final Business Models for EASI-CLOUDS v1.0 Table of contents Table of contents ...........................................................................................................................
    [Show full text]
  • Dimension 4500 Owner's Manual
    Dell™ Dimension™ 4500 www.dell.com | support.dell.com HINT: A HINT indicates important information that helps you make better use of your computer. NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. CAUTION: A CAUTION indicates a potential for property damage, personal injury, or death. For a complete list of abbreviations and acronyms, see the Tell Me How help file. To access help files, see page 26. ____________________ Information in this document is subject to change without notice. © 2002 Dell Computer Corporation. All rights reserved. Reproduction in any manner whatsoever without the written permission of Dell Computer Corporation is strictly forbidden. Trademarks used in this text: Dell, the DELL logo, Dimension, Inspiron, Latitude, OptiPlex, Dell Precision, DellPlus, and DellNet are trademarks of Dell Computer Corporation; EMC is the registered trademark of EMC Corporation; Intel and Pentium are registered trademarks of Intel Corporation; Microsoft and Windows are registered trademarks of Microsoft Corporation. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell Computer Corporation disclaims any proprietary interest in trademarks and trade names other than its own. This product incorporates copyright protection technology that is protected by method claims of certain U.S. patents and other intellectual property rights owned by Macrovision Corporation and other rights owners. Use of this copyright protection technology must be authorized by Macrovision Corporation, and is intended for home and other limited viewing uses only unless otherwise authorized by Macrovision Corporation.
    [Show full text]
  • Dimension 3000 OM-Owner's Manual
    Dell™ Dimension™ 3000 Owner’s Manual service tag CD or DVD drive activity light CD or DVD eject button floppy drive eject button floppy drive light hard-drive activity light power light power button USB 2.0 headphone connector connectors (2) power connector parallel connector voltage selection switch serial connector diagnostic lights (4) integrated video connector mouse connector keyboard connector line-out connector* line-in connector* microphone connector* cover latch** network adapter connector USB 2.0 connectors (4) PCI card slots (3) *On computers with integrated sound. **May not be present on all computers. Model DMC www.dell.com | support.dell.com Notes, Notices, and Cautions NOTE: A NOTE indicates important information that helps you make better use of your computer. NOTICE: A NOTICE indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. CAUTION: A CAUTION indicates a potential for property damage, personal injury, or death. Abbreviations and Acronyms For a complete list of abbreviations and acronyms, see the Dell Dimension Help file. To access the help file, see "Finding Information" on page 7. ® ® If you purchased a Dell™ n Series computer, any references in this document to Microsoft Windows operating systems are not applicable. ____________________ Information in this document is subject to change without notice. © 2005 Dell Inc. All rights reserved. Reproduction in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. Trademarks used in this text: Dell, the DELL logo, Inspiron, Dell Precision, Dimension, OptiPlex, Latitude, PowerEdge, PowerVault, PowerApp, PowerConnect, and Dell OpenManage are trademarks of Dell Inc.; Intel, Pentium, and Celeron are registered trademarks of Intel Corporation; Microsoft, Windows, and Outlook are registered trademarks of Microsoft Corporation.
    [Show full text]
  • Requests Documentation Release 2.26.0
    Requests Documentation Release 2.26.0 Kenneth Reitz Sep 21, 2021 Contents 1 Beloved Features 3 2 The User Guide 5 2.1 Installation of Requests.........................................5 2.2 Quickstart................................................6 2.3 Advanced Usage............................................. 15 2.4 Authentication.............................................. 30 3 The Community Guide 33 3.1 Recommended Packages and Extensions................................ 33 3.2 Frequently Asked Questions....................................... 34 3.3 Integrations................................................ 35 3.4 Articles & Talks............................................. 35 3.5 Support.................................................. 36 3.6 Vulnerability Disclosure......................................... 36 3.7 Release Process and Rules........................................ 38 3.8 Community Updates........................................... 38 3.9 Release History.............................................. 39 4 The API Documentation / Guide 71 4.1 Developer Interface........................................... 71 5 The Contributor Guide 93 5.1 Contributor’s Guide........................................... 93 5.2 Authors.................................................. 96 Python Module Index 103 Index 105 i ii Requests Documentation, Release 2.26.0 Release v2.26.0. (Installation) Requests is an elegant and simple HTTP library for Python, built for human beings. Behold, the power of Requests: >>>r= requests.get ('https://api.github.com/user',
    [Show full text]
  • Diffie and Hellman Receive 2015 Turing Award Rod Searcey/Stanford University
    Diffie and Hellman Receive 2015 Turing Award Rod Searcey/Stanford University. Linda A. Cicero/Stanford News Service. Whitfield Diffie Martin E. Hellman ernment–private sector relations, and attracts billions of Whitfield Diffie, former chief security officer of Sun Mi- dollars in research and development,” said ACM President crosystems, and Martin E. Hellman, professor emeritus Alexander L. Wolf. “In 1976, Diffie and Hellman imagined of electrical engineering at Stanford University, have been a future where people would regularly communicate awarded the 2015 A. M. Turing Award of the Association through electronic networks and be vulnerable to having for Computing Machinery for their critical contributions their communications stolen or altered. Now, after nearly to modern cryptography. forty years, we see that their forecasts were remarkably Citation prescient.” The ability for two parties to use encryption to commu- “Public-key cryptography is fundamental for our indus- nicate privately over an otherwise insecure channel is try,” said Andrei Broder, Google Distinguished Scientist. fundamental for billions of people around the world. On “The ability to protect private data rests on protocols for a daily basis, individuals establish secure online connec- confirming an owner’s identity and for ensuring the integ- tions with banks, e-commerce sites, email servers, and the rity and confidentiality of communications. These widely cloud. Diffie and Hellman’s groundbreaking 1976 paper, used protocols were made possible through the ideas and “New Directions in Cryptography,” introduced the ideas of methods pioneered by Diffie and Hellman.” public-key cryptography and digital signatures, which are Cryptography is a practice that facilitates communi- the foundation for most regularly used security protocols cation between two parties so that the communication on the Internet today.
    [Show full text]
  • Pulse Secure Virtual Traffic Manager: Trafficscript Guide, V19.3
    Pulse Secure Virtual Traffic Manager: TrafficScript Guide Supporting Pulse Secure Virtual Traffic Manager 19.3 Product Release 19.3 Published 15 October, 2019 Document Version 1.0 Pulse Secure Virtual Traffic Manager: TrafficScript Guide Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose CA 95134 www.pulsesecure.net © 2019 by Pulse Secure, LLC. All rights reserved. Pulse Secure and the Pulse Secure logo are trademarks of Pulse Secure, LLC in the United States. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Pulse Secure, LLC assumes no responsibility for any inaccuracies in this document. Pulse Secure, LLC reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Pulse Secure Virtual Traffic Manager: TrafficScript Guide The information in this document is current as of the date on the title page. END USER LICENSE AGREEMENT The Pulse Secure product that is the subject of this technical documentation consists of (or is intended for use with) Pulse Secure software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at http://www.pulsesecure.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of that EULA. © 2019 Pulse Secure, LLC. Pulse Secure Virtual Traffic Manager: TrafficScript Guide Contents PREFACE . 1 DOCUMENT CONVENTIONS . 1 TEXT FORMATTING CONVENTIONS . 1 COMMAND SYNTAX CONVENTIONS . 1 NOTES AND WARNINGS. 2 REQUESTING TECHNICAL SUPPORT . 2 SELF-HELP ONLINE TOOLS AND RESOURCES. 2 OPENING A CASE WITH PSGSC . 3 INTRODUCTION.
    [Show full text]
  • Leveraging Integrated Cryptographic Service Facility
    Front cover Leveraging Integrated Cryptographic Service Facility Lydia Parziale Redpaper International Technical Support Organization Leveraging Integrated Cryptographic Service Facility January 2018 REDP-5431-00 Note: Before using this information and the product it supports, read the information in “Notices” on page v. First Edition (January 2018) This edition applies to Version 2 Release 3 of IBM z/OS (product number 5650-ZOS). © Copyright International Business Machines Corporation 2018. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . .v Trademarks . vi Preface . vii Authors. vii Now you can become a published author, too! . vii Comments welcome. viii Stay connected to IBM Redbooks . viii Chapter 1. Overview . 1 1.1 The need for cryptography . 2 1.2 Cryptographic architectures . 3 1.2.1 PKCS #11 . 3 1.2.2 IBM Common Cryptographic Architecture. 3 1.3 System Authorization Facility . 4 1.4 What ICSF is . 5 1.4.1 ICSF services . 5 1.4.2 ICSF options . 6 1.4.3 SAF-protecting ICSF services and IBM CCA Keys. 8 Chapter 2. IBM Z hardware cryptography implementation . 9 2.1 CP Assist for Cryptographic Functions . 10 2.2 The IBM Cryptographic Coprocessor . 10 2.3 The Trusted Key Entry workstation . 12 2.3.1 Clear key versus secure key versus protected key. 12 2.3.2 TKE and the benefits of using ICSF and protected keys . 14 Chapter 3. Auditing . 15 3.1 ICSF: Enhanced logging for PCI audit requirements . 16 3.2 ICSF and SMF .
    [Show full text]
  • Hardware List
    FATA INSTITUTIONAL STRENGTHENING PROJECT (FISP) Survey of Existing IT Infrastructure of FATA Secretariat/ FATA Development Authority (FDA) 2014 Prepared by Abacus Consulting under Contract # AID-391-C-11-00003 The FATA Secretariat Support Project (FSSP) is made possible by the support of the American people through the United States Agency for International Development (USAID). The FSSP is being implemented through Abacus Consulting. DISCLAIMER: The authors’ views expressed in this publication do not necessarily reflect the views of the United States Agency for International Development or the United States Government. Consolidated Summary Report of FATA Secretariat & FATA Development Authority (FDA) Hardware Summary By Organization By Functional Status Sr# Organization No of Hardware Sr# Status No of Hardware 1 FATA Secretariat 350 1 Functional 343 2 Non Functional 5 By CPU Type 3 Semi Functional 2 Sr# CPU Type No of Hardware 1 Pentium4 53 By Hardware Type 2 Core Dou 8 Sr# Hardware Type No of Hardware 3 Dual Core 24 1 Server 21 4 Core 2 Duo 146 2 Desktop 253 5 Core i3 51 3 Laptop 76 6 Core i5 29 7 Core i7 10 8 Intel Xeon 21 9 Pentium D 7 By Organization By Functional Status Sr# Organization No of Hardware Sr# Status No of Hardware 1 FATA Development Authority 107 1 Functional 105 2 Non Functional 2 By CPU Type Sr# CPU Type No of Hardware By Hardware Type 1 Pentium4 7 Sr# Hardware Type No of Hardware 2 Core Dou 1 1 Server 7 3 Dual Core 3 2 Desktop 67 4 Core 2 Duo 78 3 Laptop 33 5 Intel Xeon 7 6 Pentium D 11 Peripherals Summary By Organization
    [Show full text]