DOCSLIB.ORG

Using Mobile Platforms for Sensitive Government Business

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Using Mobile Platforms for Sensitive Government Business UNCLASSIFIED Using Mobile Platforms for Sensitive Government Business Samuel Chenoweth Command, Control, Communications and Intelligence Division Defence Science and Technology Organisation DSTO-GD-0722 ABSTRACT Mobile platforms such as smartphones are becoming increasingly popular for both personal and commercial use. When the data being stored and transmitted by these devices is sensitive this can introduce a host of security issues, some of which are discussed in this report. A summary is provided of existing practices for the use of mobile devices with sensitive information, in both governmental and business contexts, and emerging technologies for improving security are reviewed. Finally, some recommendations are offered for policymakers interested in increasing the role that mobile devices are allowed to play within the Australian Public Service and elsewhere. RELEASE LIMITATION Approved for public release UNCLASSIFIED UNCLASSIFIED Published by Command, Control, Communications and Intelligence Division DSTO Defence Science and Technology Organisation PO Box 1500 Edinburgh South Australia 5111 Australia Telephone: (08) 7389 5555 Fax: (08) 7389 6567 © Commonwealth of Australia 2013 AR-015-497 January 2013 APPROVED FOR PUBLIC RELEASE UNCLASSIFIED UNCLASSIFIED Using Mobile Platforms for Sensitive Government Business Executive Summary This report investigates the issues and risks that are involved when mobile platforms, such as smartphones, are used for conducting sensitive government business. The objective of this work is to develop fresh but well researched perspectives on the manner in which these devices may be used without compromising security, so that policymakers within Defence and elsewhere in Australian government can be better informed when making decisions. The report offers specific advice on how smartphone policies and research efforts may be adjusted to improve smartphone utility in government, better protect confidential information and save on certification costs. A range of general security issues associated with smartphones are discussed. Additional issues are also identified that arise in specific usage scenarios, namely the traditional corporate technology paradigm where the organisation owns and administers the device and the bring-your-own device paradigm. Some of the known smartphone vulnerabilities are outlined, along with the threats that may exploit these. A survey of current and emerging smartphone technologies is presented, with a focus of technology for improving smartphone security or facilitating the integration of employee-owned smartphones with corporate or government systems. This survey includes a review of smartphone technology certified for use within the Australian government. Existing policy and practice for professional smartphone use is reviewed and critiqued, considering the experiences of private industry, the United States Government and the Australian government. Finally, some suggestions are made for how Australian government policy could be improved to provide better utility for professional smartphone users within government, whilst minimising the security risks. Based on technology which is currently available, this report recommends that the present policy of certifying popular commercial smartphone operating systems and allowing users to use personal devices for professional purposes should be reviewed, in favour of forcing users to use a government owned smartphone with a certified hypervisor operating system. Such a system provides secure separation of a number of different enclaves on the phone, which the user may switch between. The advantage of this is that there can be several professional enclaves on the phone, each administered by the organisation and at its own individual classification level, with the operating systems installed and configured by the organisation’s information technology staff (e.g. a UNCLASSIFIED UNCLASSIFIED previously certified operating system such as Windows Mobile). Moreover, there can also be a personal enclave running an operating system of the employee’s choice (e.g. Android), which is fully controlled by the employee and which can become compromised without affecting the security of the other enclaves or the privacy of any sensitive information stored on them. Some suggestions are also made for areas worthy of future research. In particular, it is recommended that head-mounted audiovisual displays be investigated as a means for allowing the private use of smartphones in public. As an extension of this, it is also proposed that a trusted input / output device be developed, which can allow a user to interact with remote applications on a secure government network, over a virtual private network connection through a personal smartphone and the Internet service provided by the carrier (both of which may be considered to be untrusted). UNCLASSIFIED UNCLASSIFIED DSTO-GD-0722 Contents 1. INTRODUCTION............................................................................................................... 1 2. GENERAL SECURITY ISSUES, VULNERABILITIES AND THREATS................. 1 2.1 Data Storage Confidentiality.................................................................................. 2 2.2 User Authentication ................................................................................................. 2 2.2.1 A Case Study – The iPhone 4S............................................................... 3 2.3 Phone to Network Authentication......................................................................... 5 2.4 Network to Phone Authentication......................................................................... 6 2.4.1 GSM........................................................................................................... 6 2.4.2 UMTS ........................................................................................................ 6 2.5 Data Transmission Confidentiality....................................................................... 7 2.6 Data Transmission Integrity................................................................................... 7 2.7 Confidentiality, Integrity and Authentication using Other Protocols ........... 7 2.7.1 NFC ........................................................................................................... 8 2.7.2 Bluetooth................................................................................................... 9 2.7.3 WiFi ........................................................................................................... 9 2.8 Security Policy Consistency.................................................................................... 9 2.9 Side-Channels.......................................................................................................... 10 2.10 Application Level Vulnerabilities....................................................................... 12 2.11 Confidentiality in the User’s Physical Environment ....................................... 13 2.12 Privacy Issues........................................................................................................... 14 3. ADDITIONAL ISSUES IN THE CORPORATE CONTEXT .................................... 14 3.1 Additional Issues Under the Traditional Corporate Information Technology Paradigm ............................................................................................ 14 3.1.1 Information Separation and Ownership ............................................ 15 3.1.2 Loss of Authorised Custody of the Smartphone............................... 15 3.1.3 Sharing Administration Rights with the User................................... 16 3.1.4 Personnel and Safety Issues ................................................................. 16 3.1.5 Financial Issues ...................................................................................... 17 3.2 Additional Issues Under the Bring-Your-Own-Device Paradigm................. 18 3.2.1 Information separation and ownership.............................................. 18 3.2.2 Loss of Custody of the Smartphone.................................................... 19 3.2.3 Sharing Administration Rights with the Organisation.................... 19 3.2.4 Personnel and Safety Issues ................................................................. 20 3.2.5 Financial Issues ...................................................................................... 20 3.3 Issues Specific to the Australian Government Context................................... 20 4. SMARTPHONE TECHNOLOGY REVIEW................................................................. 22 4.1 Emerging Security Technology ............................................................................ 22 4.1.1 Security Enhancing Software............................................................... 22 4.1.2 User Authentication Technology ........................................................ 22 4.1.3 Side Channel Countermeasures .......................................................... 25 UNCLASSIFIED UNCLASSIFIED DSTO-GD-0722 4.2 Technology for Mixed Professional and Personal Use of Smartphones...... 27 4.2.1 Enterproid’s Divide............................................................................... 27 4.2.2 Redbend’s vLogix.................................................................................. 28 4.2.3 VMWare’s Mobile Virtualization Platform........................................ 28 4.2.4 Green Hills Platform for Trusted
Load more

Recommended publications
  • Flextivity Getting Started Guide
    Getting Started Guide Before you set up your account, you may want to spend a few minutes thinking about what you want to get out of Flextivity. Of course, Flextivity helps you successfully manage basic security such as Anti-Malware protection and a powerful Network Firewall across the computers in your organization. However, Flextivity goes beyond this. We have included a few tools to help you get the most out of your deployment. Acceptable Use Policies Most employees really want to do a good job and be productive. Nonetheless, personal Internet use has been found to be one of the number one time wasters at work. Experiments have shown that people who are able to successfully resist the temptation to surf at work make more mistakes than they would if there were no temptation[1]. It’s harder for them to learn new skills, too. The practical implication of this is that employers shouldn’t have rules against surfing and then leave access to the web wide open. Instead, it’s best to allow internet access only when it is appropriate. Intego Flextivity gives you the flexibility to manage your acceptable use policy the way that works for you. Do you want to limit use on your office wifi, but let employees surf as they please when they take laptops home? With Flextivity, you can do that. Do you want to put reasonable limits on social media surfing in the office – say, 30 minutes over the course of a day? You can do that too. Intego Flextivity helps you balance trust and team morale while putting common sense checks in place.
    [Show full text]
  • Os X Block Application from Internet Access
    Os X Block Application From Internet Access ionopause!Photographic Cupolated Rickard fibDru some grumbled guacharos sanctimoniously. and microfilm his determent so promisingly! Overviolent and malfunctioning Pasquale never balloted his Then, using Vallum, you can set bandwidth limits for each process, independently. IE by calling this without checking the console exists first. We have strong opinions about controlling where kids use their tech. Murus makes use of anchors to separate inbound and outbound filtering rules from options rules, redirection, translation and dummynet rules. Safari says that it cannot locate the website host; it does not say I am not connected to the Internet. Managed Services views, and assigning groups to such services. Do you see anything new you could remove so you can try again? Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. An inclusive firewall does the reverse. As a quick update it seems that is you are not using an account with admin privileges, you may need supply admin credentials for the first time you download an app to install it, which may solve some of the problem. OS X Server offers options for managing this, but you can also do the same in the client version of the OS. Talk with your children so they know what is acceptable, who they are allowed to text, sites they should stay away from, for example. Then everything else is blocked. Dropbox syncing newly changed files, and so on.
    [Show full text]
  • Personal Firewalls Are a Necessity for Solo Users
    Personal firewalls are a necessity for solo users COMPANY PRODUCT PLATFORM NOTES PRICE Aladdin Knowledge Systems Ltd. SeSafe Desktop Windows Combines antivirus with content filtering, blocking and $72 Arlington Heights, Ill. monitoring 847-808-0300 www.ealaddin.com Agnitum Inc. Outpost Firewall Pro Windows Blocks ads, sites, programs; limits access by specific times $40 Nicosia, Cyprus www.agnitum.com Computer Associates International Inc. eTrust EZ Firewall Windows Basic firewall available only by download $40/year Islandia, N.Y. 631-342-6000 my-etrust.com Deerfield Canada VisNetic Firewall Windows Stateful, packet-level firewall for workstations, mobile $101 (Canadian) St. Thomas, Ontario for Workstations users or telecommuters 519-633-3403 www.deerfieldcanada.ca Glucose Development Corp. Impasse Mac OS X Full-featured firewall with real-time logging display $10 Sunnyvale, Calif. www.glu.com Intego Corp. NetBarrier Personal Firewall Windows Full-featured firewall with cookie and ad blocking $50 Miami 512-637-0700 NetBarrier 10.1 Mac OS X Full-featured firewall $60 www.intego.com NetBarrier 2.1 Mac OS 8 and 9 Full-featured firewall $60 Internet Security Systems Inc. BlackIce Windows Consumer-oriented PC firewall $30 Atlanta 404-236-2600 RealSecure Desktop Windows Enterprise-grade firewall system for remote, mobile and wireless users Varies blackice.iss.net/ Kerio Technologies Inc. Kerio Personal Firewall Windows Bidirectional, stateful firewall with encrypted remote-management option $39 Santa Clara, Calif. 408-496-4500 www.kerio.com Lava Software Pty. Ltd. AdWare Plus Windows Antispyware blocks some advertiser monitoring but isn't $27 Falköping, Sweden intended to block surveillance utilities 46-0-515-530-14 www.lavasoft.de Network Associates Inc.
    [Show full text]
  • Hostscan 4.8.01064 Antimalware and Firewall Support Charts
    HostScan 4.8.01064 Antimalware and Firewall Support Charts 10/1/19 © 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco public. Page 1 of 76 Contents HostScan Version 4.8.01064 Antimalware and Firewall Support Charts ............................................................................... 3 Antimalware and Firewall Attributes Supported by HostScan .................................................................................................. 3 OPSWAT Version Information ................................................................................................................................................. 5 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.890.0 for Windows .................................................. 5 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.890.0 for Windows ........................................................ 44 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.824.0 for macos .................................................... 65 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.824.0 for macOS ........................................................... 71 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.730.0 for Linux ...................................................... 73 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.730.0 for Linux .............................................................. 76 ©201 9 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
    [Show full text]
  • Malware List.Numbers
    CLASS A - Tested once a month (and as significant updates and samples are available) (95% or higher detection rate) CLASS B - Tested every two months (and if many new samples or significant updates are available) (95 - 85% detection rate) CLASS C - Tested every three months (85-75% detection rate) CLASS D - Tested every six months (75% or lower detection rates) For Comparison, not an actual Antivirus CLASS F - Excluded from future testing (read notes) Notes, comments, remarks, FAQ and everything else. McAfee Endpoint Protection for Malware Family (by year) # Malware Sample Type MD5 Hash Avast 9.0 Intego VirusBarrier X8 10.8 Norman 3.0.7664 ESET 6.0 Sophos 9 F-Secure 1.0 Kaspersky Security 14 G Data AntiVirus for Mac Dr Web 9.0.0 Avira ClamXav 2.6.4 (web version) Norton 12.6 (26) Comodo Webroot 8 Thirtyseven4 Total Security eScan 5.5-7 iAntivirus 1.1.4 (282) ProtectMac 1.3.2 - 1.4 BitDefender 2.30 - 3.0.6681 McAfee Internet Security for Mac* AVG AntiVirus for Mac Dr Web Light 6.0.6 (201207050) Max Secure Antivirus MacBooster X-Protect Gatekeeper Intego VirusBarrier 2013 10.7 Intego VirusBarrier X6 VirusBarrier Express 1.1.6 (79) Panda Antivirus 1.6 Bitdefender (App Store) 2.21 MacKeeper 2.5.1 - 2.8 (476) Panda Antivirus 10.7.6 Trend Micro Titanium 3.0 McAfee Security 1.2.0 (1549) Norton 11.1.1 (2) Trend Micro Smart Sur. 1.6.1101 McAfee VirusScan for Mac 8.6.1 FortiClient 5.0.6.131 Quick Heal Total Sec 1.0 MacScan 2.9.4 McAfee Virex 7.7 (163) Magician 1.4.3 Vipre 1.0.51 Mac Malware Remover 1.1.6 MD5 Hash Mac 1 Price -> Free $39.99 (Internet
    [Show full text]
  • Insight MFR By
    Manufacturers, Publishers and Suppliers by Product Category 11/6/2017 10/100 Hubs & Switches ASCEND COMMUNICATIONS CIS SECURE COMPUTING INC DIGIUM GEAR HEAD 1 TRIPPLITE ASUS Cisco Press D‐LINK SYSTEMS GEFEN 1VISION SOFTWARE ATEN TECHNOLOGY CISCO SYSTEMS DUALCOMM TECHNOLOGY, INC. GEIST 3COM ATLAS SOUND CLEAR CUBE DYCONN GEOVISION INC. 4XEM CORP. ATLONA CLEARSOUNDS DYNEX PRODUCTS GIGAFAST 8E6 TECHNOLOGIES ATTO TECHNOLOGY CNET TECHNOLOGY EATON GIGAMON SYSTEMS LLC AAXEON TECHNOLOGIES LLC. AUDIOCODES, INC. CODE GREEN NETWORKS E‐CORPORATEGIFTS.COM, INC. GLOBAL MARKETING ACCELL AUDIOVOX CODI INC EDGECORE GOLDENRAM ACCELLION AVAYA COMMAND COMMUNICATIONS EDITSHARE LLC GREAT BAY SOFTWARE INC. ACER AMERICA AVENVIEW CORP COMMUNICATION DEVICES INC. EMC GRIFFIN TECHNOLOGY ACTI CORPORATION AVOCENT COMNET ENDACE USA H3C Technology ADAPTEC AVOCENT‐EMERSON COMPELLENT ENGENIUS HALL RESEARCH ADC KENTROX AVTECH CORPORATION COMPREHENSIVE CABLE ENTERASYS NETWORKS HAVIS SHIELD ADC TELECOMMUNICATIONS AXIOM MEMORY COMPU‐CALL, INC EPIPHAN SYSTEMS HAWKING TECHNOLOGY ADDERTECHNOLOGY AXIS COMMUNICATIONS COMPUTER LAB EQUINOX SYSTEMS HERITAGE TRAVELWARE ADD‐ON COMPUTER PERIPHERALS AZIO CORPORATION COMPUTERLINKS ETHERNET DIRECT HEWLETT PACKARD ENTERPRISE ADDON STORE B & B ELECTRONICS COMTROL ETHERWAN HIKVISION DIGITAL TECHNOLOGY CO. LT ADESSO BELDEN CONNECTGEAR EVANS CONSOLES HITACHI ADTRAN BELKIN COMPONENTS CONNECTPRO EVGA.COM HITACHI DATA SYSTEMS ADVANTECH AUTOMATION CORP. BIDUL & CO CONSTANT TECHNOLOGIES INC Exablaze HOO TOO INC AEROHIVE NETWORKS BLACK BOX COOL GEAR EXACQ TECHNOLOGIES INC HP AJA VIDEO SYSTEMS BLACKMAGIC DESIGN USA CP TECHNOLOGIES EXFO INC HP INC ALCATEL BLADE NETWORK TECHNOLOGIES CPS EXTREME NETWORKS HUAWEI ALCATEL LUCENT BLONDER TONGUE LABORATORIES CREATIVE LABS EXTRON HUAWEI SYMANTEC TECHNOLOGIES ALLIED TELESIS BLUE COAT SYSTEMS CRESTRON ELECTRONICS F5 NETWORKS IBM ALLOY COMPUTER PRODUCTS LLC BOSCH SECURITY CTC UNION TECHNOLOGIES CO FELLOWES ICOMTECH INC ALTINEX, INC.
    [Show full text]
  • Advanced Administration Guide – Endpoint Protection
    Advanced Administration Guide – Endpoint Protection Advanced administration guide 1 Advanced Administration Guide – Endpoint Protection Tabla de contenidos 1. INTRODUCTION ..............................................................................................................12 1.1. WHAT'S NEW IN THIS VERSION ...........................................................................................13 1.2. WHAT IS ENDPOINT PROTECTION? ......................................................................................14 THE PROTECTION .................................................................................................................. 14 WHICH PROTECTIONS ARE AVAILABLE? ..................................................................................... 14 INSTALLATION ....................................................................................................................... 14 1.3. PROTECTION TECHNOLOGIES ..............................................................................................15 ANTI-EXPLOIT TECHNOLOGY .................................................................................................... 15 SECURITY FROM THE CLOUD AND COLLECTIVE INTELLIGENCE ......................................................... 15 1.4. INFORMATION, QUERIES AND SERVICES .................................................................................16 USEFUL LINKS ....................................................................................................................... 16 ENDPOINT
    [Show full text]
  • J I Truste Ne Ork
    Internet Security A Jumpstart for Systems Administrators and IT Managers Tim Speed Juanita Ellis Digital Press An imprint of Elsevier Science Amsterdam, Boston • London • New York o Oxford • Paris • San Diego San Francisco • Singapore • Sydney • Tokyo Digital Press is an imprint of Elsevier Science. Copyright © 2003, Elsevier Science (USA). All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Recognizing the importance of preserving what has been written, Elsevier Science prints its books on acid-free paper whenever possible. Library of Congress Cataloging-in-Publication Data ISBN 1-55558-298-2 British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library. The publisher offers special discounts on bulk orders of this book. For information, please contact: Manager of Special Sales Elsevier Science 200 Wheeler Road Burlington, MA 01803 Tel: 781-313-4700 Fax: 781-313-4882 For information on all Digital Press publications available, contact our World Wide Web home page at: http://www.digitalpress.com or http://www.bh.com/digitalpress 1098765432 1 Printed in the United States of America To Linda Speed~my split apart. -T.S. To my dad, Charles Ellis. -J.E. This Page Intentionally Left Blank Contents Foreword ix Acknowledgments xi Introduction xiii The Internet and Security I. I The
    [Show full text]
  • Free Antivirus Software No Creditcard Required
    Free Antivirus Software No Creditcard Required proclaimerRube remains depilates largest scorching? after Tomkin Unteachable becharm hieroglyphically Spiros flume his or falconers shatters anydismantled capa. Is mistily. Thurstan windswept or sunlit when scripts some And young to 1 million dollar coverage for lawyers and experts if needed for all plans. Avast Free Antivirus gives you more on many competing commercial products On top village excellent antivirus protection it adds a network security scanner a password manager browser protection and wheat It's an amazing collection of security features considering that this product is free. 3 best free antivirus software determine your PC Saga. And intrusion detection Secure traffic with Anti-virus malware protection Secure endpoints with patch management. With Frontier virus protection security software your devices are protected. Offers protection for a PC PC antivirus software installs easily understand it can be old to. Do I need Need Antivirus If I Browse Carefully and coherent Common. Try duty free F-Secure. The challenge software scans your you for malware destroying any infections it to find. Best Antivirus Software for 2021 eSecurityPlanet. Internet security free download. Cloud hosted anti-spam and antivirus protection for domain owners stop email born. There are some good free antivirus packages that are available against no leash to download and use. Cameras literally require the iPad to melt within 6'I'm willing to showcase a year on. Their editors gave three Avast Free Antivirus AVG Anti-Virus Free Edition and ThreatFire AntiVirus Free Edition five axis of. 7 best antivirus for Windows 7 to desktop after support ends.
    [Show full text]
  • Software Products and Associated Services
    Framework Y10178 Issue No.9 Software Products and Associated Services Pro5 USER GUIDE ISSUE NO.9 Contract Period: 4 years – 1st May 2012 to 31st August 2016 Copyright in this material vests in Commercial Services (on behalf of PRO5) and must not be copied or otherwise reproduced without the prior written permission of Commercial Services (on behalf of PRO5) Commercial Services and PRO5 disclaim any liability for any loss or damage that may arise as a consequence of the misuse or abuse of this material. Users of the material do so on the basis that they will seek their own independent advice on the relevance of the material for their particular requirements. Framework Y10178 Issue No.9 CONTENTS SECTION 1 – SCOPE AND CONTEXT SECTION 2 – USING THE FRAMEWORK SECTION 3 – SUPPLIER CONTACT DETAILS SECTION 4 – MONITORING FORM SECTION 5 – TERMS AND CONDITIONS/OJEU AWARD NOTICE LEAD AUTHORITY CONTACT DETAILS Stefanie Tyler (Contract Manager) [email protected] Tel: 01622 236662 Jenny Ware (Contract Manager) [email protected] Tel: 01622 236971 *Please NOTE! All these contact details supersede previous details. KCS (Kent County Supplies) Unit 1, Aylesford Commercial Park, New Hythe Lane, Aylesford, Kent. ME20 7FE Original OJEU contract ref: 2011/s 151-251029 OJEU Award Notice ref: 2012/S 67-108816 Framework Y10178 Issue No.9 Section One - Scope and Context In accordance with best procurement practice, EU & UK Procurement Directives & Regulations Kent County Council, Commercial Services (the Contracting Authority), on behalf of PRO5 Group has created an accessible Framework Agreement (the Agreement) for the supply and delivery of Software Products and Associated Services.
    [Show full text]
  • Listener Feedback Q&A
    Security Now! Transcript of Episode #173 Page 1 of 37 Transcript of Episode #173 Listener Feedback Q&A #55 Description: Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed. High quality (64 kbps) mp3 audio file URL: http://media.GRC.com/sn/SN-173.mp3 Quarter size (16 kbps) mp3 audio file URL: http://media.GRC.com/sn/sn-173-lq.mp3 INTRO: Netcasts you love, from people you trust. This is TWiT. Leo Laporte: Bandwidth for Security Now! is provided by AOL Radio at AOL.com/podcasting. This is Security Now! with Steve Gibson, Episode 173 for December 4, 2008: Listener Feedback #55. This show is brought to you by listeners like you and your contributions. We couldn't do it without you. Thanks so much. It's time for Security Now!, the show that looks at security, now. Right now. Right this minute. Steve Gibson is here. Hi, Steve. Steve Gibson: Hey, Leo. Leo: From GRC.com, the man who discovered spyware, coined the term, created the first antispyware program, has written so many useful security utilities like ShieldsUP!, Shoot The Messenger, Unplug n' Pray. And every week we talk about the latest security news and answer questions and also kind of explain, I think you're really good at teaching, what all this is.
    [Show full text]
  • SP 800-42 Is Superseded in Its Entirety by the Publication of SP 800-115 (September 2008)
    Archived NIST Technical Series Publication The attached publication has been archived (withdrawn), and is provided solely for historical purposes. It may have been superseded by another publication (indicated below). Archived Publication Series/Number: NIST Special Publication 800-42 Title: Guideline on Network Security Testing Publication Date(s): October 2003 Withdrawal Date: September 2008 Withdrawal Note: SP 800-42 is superseded in its entirety by the publication of SP 800-115 (September 2008). Superseding Publication(s) The attached publication has been superseded by the following publication(s): Series/Number: NIST Special Publication 800-115 Title: Technical Guide to Information Security Testing and Assessment Author(s): Karen Scarfone, Murugiah Souppaya, Amanda Cody, Angela Orebaugh Publication Date(s): September 2008 URL/DOI: http://dx.doi.org/10.6028/NIST.SP.800-115 Additional Information (if applicable) Contact: Computer Security Division (Information Technology Lab) Latest revision of the SP 800-115 (as of June 19, 2015) attached publication: Related information: http://csrc.nist.gov/ Withdrawal N/A announcement (link): Date updated: June Ϯϯ, 2015 Guideline on Network Security NIST Special Publication 800-42 Testing Recommendations of the National Institute of Standards and Technology John Wack, Miles Tracy, Murugiah Souppaya C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 October 2003 U.S. Department of Commerce Donald L. Evans, Secretary Technology Administration Phillip J. Bond, Under Secretary for Technology National Institute of Standards and Technology Arden L. Bement, Jr., Director SP 800-42 GUIDELINE ON NETWORK SECURITY TESTING Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S.
    [Show full text]