DOCSLIB.ORG

Security Guide for Cisco Unified Communications Manager, Release 11.0(1) First Published: 2015-06-08

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Guide for Cisco Unified Communications Manager, Release 11.0(1) First Published: 2015-06-08 Security Guide for Cisco Unified Communications Manager, Release 11.0(1) First Published: 2015-06-08 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http:// www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) © 2016 Cisco Systems, Inc. All rights reserved. CONTENTS Preface Preface xv Purpose xv Audience xvi Organization xvi Related Documentation xviii Conventions xviii Obtain Documentation, Support, and Security Guidelines xix Cisco Product Security Overview xix PART I Security Basics 1 CHAPTER 1 Security Overview 3 Terms and Acronyms 3 System Requirements 7 Features List 8 Security Icons 9 Interactions and Restrictions 10 Interactions 10 Restrictions 11 Authentication and Encryption 12 Barge and Encryption 12 Wideband Codecs and Encryption 13 Media Resources and Encryption 13 Phone Support and Encryption 13 Phone Support and Encrypted Setup Files 14 Security Icons and Encryption 14 Cluster and Device Security Modes 14 Security Guide for Cisco Unified Communications Manager, Release 11.0(1) iii Contents Digest Authentication and Encryption 15 Packet Capturing and Encryption 15 Best Practices 15 Device Resets, Server and Cluster Reboots, and Service Restarts 16 Reset Devices, Reboot Servers and Clusters, and Restart Services 16 Media Encryption with Barge Setup 17 CTL Client, SSL, CAPF, and Security Token Installation 18 TLS and IPSec 18 Certificates 18 Phone Certificate Types 19 Server Certificate Types 20 Support for Certificates From External CAs 21 Authentication, Integrity, and Authorization 22 Image Authentication 22 Device Authentication 22 File Authentication 23 Signaling Authentication 23 Digest Authentication 24 Authorization 26 Encryption 27 Signaling Encryption 27 Media Encryption 27 Configuration File Encryption 29 NMAP Scan Operation 29 Set Up Authentication and Encryption 30 Where to Find More Information 32 CHAPTER 2 Hypertext Transfer Protocol Over Secure Sockets Layer (HTTPS) 35 HTTPS 35 HTTPS for Cisco Unified IP Phone Services 37 Cisco Unified IP Phones Supporting HTTPS 37 Features That Support HTTPS 37 Cisco Unified IP Phone Services Settings 38 Enterprise Parameter Settings for HTTPS Support 40 Save Certificate to Trusted Folder Using Internet Explorer 8 40 Security Guide for Cisco Unified Communications Manager, Release 11.0(1) iv Contents Copy Internet Explorer 8 Certificate to File 41 First-Time Authentication for Firefox with HTTPS 42 Save Certificate to Trusted Folder Using Firefox 3.x 43 Copy Firefox 3.x Certificate to File 43 First-Time Authentication for Safari with HTTPS 44 Save Certificate to Trusted Folder Using Safari 4.x 45 Copy Safari 4.x Certificate to File 46 Where to Find More Information About HTTPS Setup 46 CHAPTER 3 Default Security Setup 47 Default Security Features 47 Trust Verification Service 48 TVS Description 48 Initial Trust List 48 ITL Files 49 ITL File Contents 49 ITL and CTL File Interaction 49 Certificate Management Changes for ITLRecovery Certificate 50 Update ITL File for IP Phones 50 Autoregistration 50 Obtain Cisco Unified IP Phone Support List 51 ECDSA Support for Common Criteria for Certified Solutions 51 Certificate Manager ECDSA Support 51 SIP ECDSA Support 52 CAPF ECDSA Support 52 Entropy 53 HTTPS Support for Configuration Download 53 CTI Manager Support 54 Certificate Regeneration 54 Regenerate CAPF Certificate 54 Regenerate TVS Certificate 55 Regenerate TFTP Certificate 55 Tomcat Certificate Regeneration 55 System Back-Up Procedure After TFTP Certificate Regeneration 56 Security Guide for Cisco Unified Communications Manager, Release 11.0(1) v Contents Refresh Upgrade From Cisco Unified Communications Manager Release 7.x to Release 8.6 Or Later 56 Roll Back Cluster to a Pre-8.0 Release 57 Switch Back to Release 8.6 or Later After Revert 58 Migrate IP Phones Between Clusters with Cisco Unified Communications Manager and ITL Files 59 Bulk Certificate Export 60 Generate Self-Signed Certificate 60 Self-signed Certificate Fields 61 Generate Certificate Signing Request 62 Certificate Signing Request Fields 63 Interactions and Restrictions 64 Perform Bulk Reset of ITL File 64 View the Validity of ITLRecovery Certificate 65 CHAPTER 4 Cisco CTL Client Setup 67 About Cisco CTL Client Setup 68 Addition of Second SAST Role in the CTL File for Recovery 68 Cluster Encryption Configuration Through CLI 69 Return to CTL Client for Cluster Encryption 70 Remove eToken Run Time Environment 3.00 for CTL Client 5.0 Plug-In 70 Cisco CTL Client Setup Tips 71 Set Up Cisco CTL Client 72 Activate Cisco CTL Provider Service 73 Cisco CAPF Service Activation 74 Set Up Ports for TLS Connection 74 Cisco CTL Client Installation 75 Upgrade Cisco CTL Client and Migrate Cisco CTL File 76 Set Up Cisco CTL Client 76 Update CTL File 80 Delete CTL File Entry 82 Update Cisco Unified Communications Manager Security Mode 82 Cisco CTL Client Settings 83 Verify Cisco Unified Communications Manager Security Mode 85 Set Up Smart Card Service to Started or Automatic 86 Security Guide for Cisco Unified Communications Manager, Release 11.0(1) vi Contents Security Token Password (eToken) Modification 86 Delete CTL File on Cisco Unified IP Phone 87 Determine Cisco CTL Client Version 87 Verify or Uninstall Cisco CTL Client 88 CHAPTER 5 Certificate Setup 89 About Certificate Setup 89 Find Certificate 89 Upload Certificate or Certificate Chain 90 Certificate Settings 90 PART II Security for Cisco Unified IP Phone and Cisco Voice-Messaging Ports 93 CHAPTER 6 Phone Security 95 Phone Security 95 Trusted Devices 96 Cisco Unified Communications Manager Administration 96 Device Called Trust Determination Criteria 97 Phone Model Support 97 Preferred Vendor SIP Phone Security Set Up 98 Set Up Preferred Vendor SIP Phone Security Profile Per-Device Certificates 98 Set Up Preferred Vendor SIP Phone Security Profile Shared Certificates 98 View Phone Security Settings 99 Set Up Phone Security 99 Where to Find More Information About Phone Security 100 CHAPTER 7 Phone Security Profile Setup 101 About Phone Security Profile Setup 101 Phone Security Profile Setup Tips 102 Find Phone Security Profile 102 Set Up Phone Security Profile 103 Phone Security Profile Settings 104 Apply Phone Security Profile 110 Synchronize Phone Security Profile with Phones 111 Delete Phone Security Profile 112 Security Guide for Cisco Unified Communications Manager, Release 11.0(1) vii Contents Find Phones with Phone Security Profiles 112 Where to Find More Information About Security Profiles 113 CHAPTER 8 Secure and Nonsecure Indication Tone Setup 115 Secure and Nonsecure Indication Tones 115 Protected Devices 115 Supported Devices 116 Secure and Nonsecure Indication Tones Important Information 116 Secure Tone Setup Requirements 117 CHAPTER 9 Encryption to Analog Endpoint Setup 119 Analog Phone Security Profile 119 Certificate Management for Secure Analog Phones 119 CHAPTER 10 Certificate Authority Proxy Function 121 About Certificate Authority Proxy Function 121 Cisco Unified IP Phone and CAPF Interaction 122 CAPF Interaction with IPv6 Addressing 123 CAPF System Interactions and
Load more

Recommended publications
  • Use Style: Paper Title
    Forensic Investigations of Popular Ephemeral Messaging Applications on Android and iOS Platforms M A Hannan Bin Azhar, Rhys Cox and Aimee Chamberlain School of Engineering, Technology and Design Canterbury Christ Church University Canterbury, United Kingdom e-mail: [email protected]; [email protected]; [email protected]; Abstract—Ephemeral messaging applications are growing It is not just criminals using EMAs. Mobile phones are an increasingly popular on the digital mobile market. However, essential part of modern-day life. According to the Global they are not always used with good intentions. Criminals may System for Mobile Communications [6], there were five see a gateway into private communication with each other billion mobile users in the world by the second quarter of through this transient application data. This could negatively 2017, with a prediction that another 620 million people will impact criminal court cases for evidence, or civil matters. To become mobile phone users by 2020, together that would find out if messages from such applications can indeed be account for almost three quarters of the world population. Due recovered or not, a forensic examination of the device would be to the increasing popularity in mobile phones, there is required by the law enforcement authority. This paper reports naturally an increasing concern over mobile security and how mobile forensic investigations of ephemeral data from a wide range of applications using both proprietary and freeware safe communication between individuals or groups is. It is forensic tools. Both Android and iOS platforms were used in the known that EMAs can be used in civil concerns such as investigation.
    [Show full text]
  • Best Apps for Secret Texting
    Best Apps For Secret Texting Ceremonial and plumbeous Duncan tyre so venomous that Marc complexions his fauna. Unsteady Antoine cark academically and eruditely, she consummating her latching concoct adequately. Unwept Erik pickaxes some usneas and advising his wraith so diversely! Therefore not safe the best texting app which private message A secret debate on your smartphone makes texting faster and easier by. Please do for secret best apps for texting between the secret chat with friends! Here's a Secret or Hide Text Messages on Your Android. Cheating Apps To splash For On old Phone In 2021 Highster Mobile. Instead of unwanted messages in the pin that emphasizes data for best apps secret texting app does. So i somehow feel is the secret best apps texting apps for your mates can also send voice messaging focused on both download an invalid number. Viber Viber is a messaging app with low cloak-and-dagger features like Secret Chats. Top 5 app to hide texts and calls on Android techlabuzzcom. CoverMe is by secret texting APP with marine grade encryption available since both Android and iOS devices With end-to-end encryption the text messages are highly secured so only nutrition and the person evil are communicating with can review what he sent totally safe from interception. OneOne is someone new app for Android and iOS that offers private and untraceable text messaging Photographer and entrepreneur Kevin Abosch is the wheat behind OneOne. Incognito mode allows you over be hidden on Confide so long can't we found by. 7 Secret Texting ideas alphabet code coding alphabet.
    [Show full text]
  • Killer Apps: Vanishing Messages, Encrypted Communications, and Challenges to Freedom of Information Laws When Public Officials “Go Dark”
    JOURNAL OF LAW, TECHNOLOGY & THE INTERNET • VOLUME 10 • ISSUE 1 • 2019 KILLER APPS: VANISHING MESSAGES, ENCRYPTED COMMUNICATIONS, AND CHALLENGES TO FREEDOM OF INFORMATION LAWS WHEN PUBLIC OFFICIALS “GO DARK” Dr. Daxton R. Stewart1 ABSTRACT Government officials such as White House staffers and the Missouri governor have been communicating among themselves and leaking to journalists using apps such as Signal and Confide, which allow users to encrypt messages or to make them vanish after they are received. By using these apps, government officials are "going dark" by avoiding detection of their communications in a way that undercuts freedom of information laws. This article explores the challenges presented by government employee use of encrypted and ephemeral messaging apps by examining three policy approaches: (1) banning use of the apps, (2) enhancing existing archiving and record-keeping practices, or (3) legislatively expanding quasi-government body definitions. Each of these approaches will be analyzed as potential ways to manage the threat presented by “killer apps” to open records laws. Keywords: government, encryption, messaging, freedom of information, record- keeping, communication, privacy 1 Ph.D., J.D., LL.M., Professor at Texas Christian University. JOURNAL OF LAW, TECHNOLOGY & THE INTERNET • VOLUME 10 • ISSUE 1 • 2019 Killer Apps: Vanishing Messages, Encrypted Communications, and Challenges to Freedom of Information Laws when Public Officials “Go Dark” CONTENTS INTRODUCTION .......................................................................................................
    [Show full text]
  • Untraceable Links: Technology Tricks Used by Crooks to Cover Their Tracks
    UNTRACEABLE LINKS: TECHNOLOGY TRICKS USED BY CROOKS TO COVER THEIR TRACKS New mobile apps, underground networks, and crypto-phones are appearing daily. More sophisticated technologies such as mesh networks allow mobile devices to use public Wi-Fi to communicate from one device to another without ever using the cellular network or the Internet. Anonymous and encrypted email services are under development to evade government surveillance. Learn how these new technology capabilities are making anonymous communication easier for fraudsters and helping them cover their tracks. You will learn how to: Define mesh networks. Explain the way underground networks can provide untraceable email. Identify encrypted email services and how they work. WALT MANNING, CFE President Investigations MD Green Cove Springs, FL Walt Manning is the president of Investigations MD, a consulting firm that conducts research related to future crimes while also helping investigators market and develop their businesses. He has 35 years of experience in the fields of criminal justice, investigations, digital forensics, and e-discovery. He retired with the rank of lieutenant after a 20-year career with the Dallas Police Department. Manning is a contributing author to the Fraud Examiners Manual, which is the official training manual of the ACFE, and has articles published in Fraud Magazine, Police Computer Review, The Police Chief, and Information Systems Security, which is a prestigious journal in the computer security field. “Association of Certified Fraud Examiners,” “Certified Fraud Examiner,” “CFE,” “ACFE,” and the ACFE Logo are trademarks owned by the Association of Certified Fraud Examiners, Inc. The contents of this paper may not be transmitted, re-published, modified, reproduced, distributed, copied, or sold without the prior consent of the author.
    [Show full text]
  • Security Guide for Cisco Unified Communications Manager, Release 12.5(1)SU2
    Security Guide for Cisco Unified Communications Manager, Release 12.5(1)SU2 First Published: 2020-02-03 Last Modified: 2021-09-27 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • A Comparison of Chat Applications in Terms of Security and Privacy
    See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/334537058 A Comparison of Chat Applications in Terms of Security and Privacy Conference Paper · July 2019 CITATION READS 1 1,071 3 authors: Johnny Botha Carien van 't Wout Council for Scientific and Industrial Research, South Africa Council for Scientific and Industrial Research, South Africa 8 PUBLICATIONS 19 CITATIONS 9 PUBLICATIONS 1 CITATION SEE PROFILE SEE PROFILE Louise Leenen University of the Western Cape 57 PUBLICATIONS 302 CITATIONS SEE PROFILE Some of the authors of this publication are also working on these related projects: Network Threats View project Ant Colony Induced Decision Trees for Intrusion Detection View project All content following this page was uploaded by Johnny Botha on 18 July 2019. The user has requested enhancement of the downloaded file. A Comparison of Chat Applications in Terms of Security and Privacy J. Botha1, C. Van ‘t Wout1, L. Leenen2 1Council for Scientific and Industrial Research (CSIR), Pretoria, South Africa 2 University of the Western Cape [email protected] 1 [email protected] 2 [email protected] Abstract: Mobile messaging or chat Applications (Apps) have gained increasing popularity over the past decade. Large amounts of data are being transmitted over the internet when people make use of these Apps. Metadata and personal information are being collected and stored every day while consumers are seeking protection against surveillance as well as against attacks from hackers. There are countless Apps available but some are leading the way in popularity, platform availability and features. WhatsApp, one of the leading Apps, revealed in 2016 that it had more than one billion users.
    [Show full text]
  • Forensic Investigations of Popular Ephemeral Messaging Applications on Android and Ios Platforms
    International Journal on Advances in Security, vol 13 no 1 & 2, year 2020, http://www.iariajournals.org/security/ 41 Forensic Investigations of Popular Ephemeral Messaging Applications on Android and iOS Platforms M A Hannan Bin Azhar, Rhys Cox and Aimee Chamberlain School of Engineering, Technology and Design Canterbury Christ Church University Canterbury, United Kingdom e-mail: [email protected]; [email protected]; [email protected]; Abstract—Ephemeral messaging applications are growing It is not just criminals using EMAs. Mobile phones are an increasingly popular on the digital mobile market. However, essential part of modern-day life. According to the Global they are not always used with good intentions. Criminals may System for Mobile Communications [6], there were five see a gateway into private communication with each other billion mobile users in the world by the second quarter of through this transient application data. This could negatively 2017, with a prediction that another 620 million people will impact criminal court cases for evidence, or civil matters. To become mobile phone users by 2020, together that would find out if messages from such applications can indeed be account for almost three quarters of the world population. Due recovered or not, a forensic examination of the device would be to the increasing popularity in mobile phones, there is required by the law enforcement authority. This paper reports naturally an increasing concern over mobile security and how mobile forensic investigations of ephemeral data from a wide range of applications using both proprietary and freeware safe communication between individuals or groups is.
    [Show full text]
  • The Cultural Contradictions of Cryptography: a History of Secret Codes in Modern America
    The Cultural Contradictions of Cryptography: A History of Secret Codes in Modern America Charles Berret Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy under the Executive Committee of the Graduate School of Arts and Sciences Columbia University 2019 © 2018 Charles Berret All rights reserved Abstract The Cultural Contradictions of Cryptography Charles Berret This dissertation examines the origins of political and scientific commitments that currently frame cryptography, the study of secret codes, arguing that these commitments took shape over the course of the twentieth century. Looking back to the nineteenth century, cryptography was rarely practiced systematically, let alone scientifically, nor was it the contentious political subject it has become in the digital age. Beginning with the rise of computational cryptography in the first half of the twentieth century, this history identifies a quarter-century gap beginning in the late 1940s, when cryptography research was classified and tightly controlled in the US. Observing the reemergence of open research in cryptography in the early 1970s, a course of events that was directly opposed by many members of the US intelligence community, a wave of political scandals unrelated to cryptography during the Nixon years also made the secrecy surrounding cryptography appear untenable, weakening the official capacity to enforce this classification. Today, the subject of cryptography remains highly political and adversarial, with many proponents gripped by the conviction that widespread access to strong cryptography is necessary for a free society in the digital age, while opponents contend that strong cryptography in fact presents a danger to society and the rule of law.
    [Show full text]
  • Security Guide for Cisco Unified Communications Manager, Release 11.5(1)SU3
    Security Guide for Cisco Unified Communications Manager, Release 11.5(1)SU3 First Published: 2017-08-18 Last Modified: 2019-09-24 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • Security Now! #603 - 03-14-17 Vault 7
    Security Now! #603 - 03-14-17 Vault 7 This week on Security Now! This week Steve and Leo discuss March's long-awaited patch Tuesday, the release deployment of Google Invisible reCaptcha, getting more than you bargained for with a new Android smartphone, the new "Find my iPhone" phishing campaign, the failure of WiFi anti-tracking, a nasty and significant new hard-to-fix web server 0-day vulnerability, what if your ISP decides to unilaterally block a service you depend upon?, shining some much-needed light onto a poorly conceived end-to-end messaging application, two quick takes, a bit of errata and miscellany... and a look into what Wikileaks revealed about the CIA's data collection capabilities and practices. Our Picture of the Week “ExtremeTech: Microsoft now puts ads in Windows 10 File Explorer, because of course” https://www.extremetech.com/computing/245553-microsoft-now-puts-ads-windows-file-explorer Security News The long-awaited March Patch Tuesday??? ● Critical: ○ Security Update for Adobe Flash Player ○ Security Update for Microsoft Graphics Component ○ Security Update for Microsoft Windows SMB Server ○ Security Update for Microsoft Windows PDF Library ○ Security Update for Windows Hyper-V ○ Cumulative Security Update for Microsoft Edge ○ Cumulative Security Update for Internet Explorer ● Plus 11 "Important" updates ○ https://technet.microsoft.com/en-us/security/bulletins Google takes their "Invisible reCaptcha" public ● https://www.google.com/recaptcha/intro/invisible.html ● Tag line: "Tough on bots, Easy on humans" ● Quote: Not just distorted text ● reCAPTCHA doesn’t depend solely on text distortions to separate man from machines. Rather it uses advanced risk analysis techniques, considering the user’s entire engagement with the CAPTCHA, and evaluates a broad range of cues that distinguish humans from bots.
    [Show full text]
  • Chatting About Data
    Chatting about data Lorenzo Martinico MInf Project (Part 2) Report Master of Informatics School of Informatics University of Edinburgh 2019 3 Abstract Conversation privacy is not one of the primary concerns in the development of chat- bots, which require the use of powerful Natural Language Processing engines to func- tion. Applications of the technology in healthcare require confidentiality of patient information. We propose the first decentralised chatbot protocol, designed to protect message contents and user identities from a powerful global adversary that controls the NLP server. Our design moves the central data processing to the chatbot client and hides the message sender through anonymous routing and the removal of linguistic features. A variety of attacks and their mitigations are discussed. Initial benchmark results are reported on language transformations. 4 Acknowledgements There are too many people to thank for helping me get to this point. Limiting myself to the creation of this report, my thanks go to: • Lorenzo, Yanna and Cee, for double checking my maths and making sure, one way or another, that I got through the last few weeks; • Brennan, for some thoughtful last minute feedback, and for putting up with my impossible hours; • my parents, for the constant encouragement and support throughout my aca- demic career, and beyond; and to my father in particular for patiently going over the formatting of more than 200 citations; Special thanks go the whole faculty and staff of Informatics and Edinburgh Uni- versity, for enabling
    [Show full text]
  • Designing User-Centered Privacy-Enhancing Technologies
    Designing User-Centered Privacy-Enhancing Technologies Ruba Abu-Salma A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy of University College London Department of Computer Science University College London 3 I, Ruba Abu-Salma, confirm that the work presented in this thesis is my own. Where information has been derived from other sources, I confirm that this has been indicated in the work. Abstract Computer security and privacy experts have always advocated the widespread adoption of privacy-enhancing technologies (PETs). However, it remains unclear if mainstream users1 understand what protection these technologies offer. Unlike prior work, we take a user-centered approach to evaluating the user experience, and improving the design, of two PETs: secure (mainly encrypted) communications and private browsing. Prior studies have shown poor usability primarily hampers the adoption and use of secure communication tools. However, we found – by conducting five qualitative (n=102) and two quantitative (n=425) user studies – that, in addition to poor usability, lack of utility and incorrect user mental models of secure communications are primary obstacles to adoption. Users will not adopt a communication tool that is both usable and secure, but lacks utility (due to, e.g., the tool’s small userbase). Further, most users do not know what it means for a usable and secure tool that is widely-adopted and offers utility (e.g., What- sApp) to be end-to-end encrypted. Incorrect mental models of encryption lead people to use less secure channels that they incorrectly perceive as more secure than end-to-end encrypted tools.
    [Show full text]