DOCSLIB.ORG

Towards an Evaluation of a Recommended Tor Browser Configuration in Light of Website Fingerprinting Attacks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Towards an Evaluation of a Recommended Tor Browser Configuration in Light of Website Fingerprinting Attacks by Fayzah, Alshammari Thesis submitted In partial fulfillment of the requirements For the M.Sc. degree in Computer Science School of Electrical Engineering and Computer Science Faculty of Engineering University of Ottawa © Fayzah Alshammari, Ottawa, Canada, 2017 Abstract Website Fingerprinting (WF) attacks have become an area of concern for advocates of web Privacy Enhancing Technology (PET)s as they may allow a passive, local, eaves- dropper to eventually identify the accessed web page, endangering the protection offered by those PETs. Recent studies have demonstrated the effectiveness of those attacks through a number of experiments. However, some researchers in academia and Tor com- munity demonstrated that the assumptions of WF attacks studies greatly simplify the problem and don't reflect the evaluation of this vulnerability in practical scenarios. That leads to suspicion in the Tor community and among Tor Browser users about the efficacy of those attacks in real-world scenarios. In this thesis, we survey the literature of WF showing the research assumptions that have been made in the WF attacks against Tor. We then assess their practicality in real-world settings by evaluating their compliance to Tor Browser threat model, design requirements and to the Tor Project recommen- dations. Interestingly, we found one of the research assumptions related to the active content configuration in Tor Browser to be a reasonable assumption in all settings. Dis- abling or enabling the active content are both reasonable given the fact that the enabled configuration is the default of the Tor Browser, and the disabled one is the configuration recommended by Tor Project for users who require the highest possible security and anonymity. However, given the current published WF attacks, disabling the active con- tent is advantageous for the attacker as it makes the classification task easier by reducing the level of a web page randomness. To evaluate Tor Browser security in our proposed more realistic threat model, we collect a sample of censored dynamic web pages with Tor Browser in the default setting, which enables active content such as Javascript, and in the recommended setting by the Tor Project which disables the active content. We use Panchenko Support Vector Machine (SVM) classifier to study the identifiability of this ii sample of web pages. For pages that are very dynamic, we achieve a recognition rate of 42% when JavaScript is disabled, compared to 35% when turned on. Our results show that the recommended "more secure" setting for Tor Browser is actually more vulnerable to WF attacks than the default and non-recommended setting. iii Acknowledgements Profound thanks to Allah for his favor, grace, mercies and unrelenting love. To King Abdullah bin Abdulaziz Alsaud, may Allah have mercy on him, for his ex- ceptional role in promoting woman education and rights in Saudi Arabia. To King Saud University for sponsoring me during my studies. To my supervisor, the incomparable Professor Carlisle Adams. I'm lucky and honored to have this opportunity to work closely under his supervision and with him. I'm grateful for every single moment I spent in his office discussing problems, solutions, struggles, and ideas. I owe a lot of my professional, academic and personal development to Carlisle Adams. His patience, endless support, encouragement, and guidance have helped me to cross a lot of boundaries. This thesis wouldn't have seen the light without his unlimited support and encouragement. I would also like to mention the great opportunities I have had as one of his graduate students to work with industry and government software engineers, designers, and team leaders to solve real world problems. Such as our work with Canada Border Service Agency CBSA, Trend Micro, and the chance to volunteer in security related projects, such as the IBM Watson for Cyber Security project. That gave me the fascinating opportunity to witness and participate in the sharing and development of ideas which evolved into real world implementations, and experienced real world problems decomposed back into their constituent theoretical elements. All of this would not have been possible without Carlisle's support. To the awesome people in Carlisle Adam's research group; David Bissessar, Maryam Hezaveh, Ali Noman, Xiaomei Zhang, Mike Wakim, Alain Tambay and Dr.David Knox; iv I'm grateful for the wonderful and challenging times we went through together while solving problems and achieving milestones. To Michael Mann from Wireshark, for taking the time to code for Tor Dissector, and leaving useful comments and suggestions for integrating Tor Dissector with Wireshark plug-ins. To Nick Mathewson from the Tor project for answering my questions about the baseline code for Tor. To Ian Goldberg's research group at the University of Waterloo, for having me in a workshop discussing website fingerprinting attacks. To Marc Juarez for gracefully sharing their datasets and code with us. To all my friends, particularly Kenniy Olorunnimbe, Riyas Valiya, Dela De Yongester; thank you so much for always being there when I needed you. To my brother "Rfytzy" Saad, who came with me to Canada and showed me how a person can play the role of a whole family; I love you and I will be always grateful for you. To my family, thank you for always loving me unconditionally. To the "Anonymous" who doesn't want to be named; thank you so much for everything! v Dedication In loving memory of Hammed Rahal Alshammari and Fayez Hammed Alshammari. You are gone, but never forgotten. Father and Brother, I will always love you. vi Contents Acronyms xi I INTRODUCTION 1 1 Introduction 2 1.1 Thesis Hypothesis . .4 1.2 Thesis Contribution . .5 1.3 Thesis Outline . .6 II BACKGROUND AND LITERATURE REVIEW 8 2 Private Web Browsing over Tor 9 2.1 Web Browsing . 10 2.1.1 Web Page Loading . 10 2.1.2 Web Pages Types . 12 2.2 Web Browsing Privacy Concerns . 13 2.3 Tor....................................... 14 2.3.1 Tor Architecture . 14 2.3.2 Tor Protocol . 16 vi 2.3.3 Tor Dissector . 19 2.4 Web Browsing over Tor . 20 2.4.1 Tor Browser . 21 2.4.2 The Active Content Setting in Tor Browser . 21 2.5 Summary . 22 3 Website Fingerprinting 24 3.1 Website Fingerprinting Threat Model . 25 3.2 Website Fingerprinting Procedure . 26 3.3 Website Fingerprinting Survey . 27 3.3.1 Website Fingerprinting Attacks . 29 3.3.2 Website Fingerprinting Defenses . 33 3.3.3 Practicality of Website Fingerprinting Attacks . 35 3.4 Summary . 45 III ADDRESSING THE PROBLEM 47 4 Experimental Design 48 4.1 Prior Work Datasets . 50 4.2 Our Web Pages List . 52 4.2.1 Web Pages Selection . 53 4.2.2 Web Pages Cleaning . 54 4.2.3 Web Pages Categorization . 55 4.3 Data Collection . 56 4.3.1 Software and Libraries . 57 4.3.2 Data Generator Script . 60 vii 4.4 Traffic Pre-Processing . 62 4.5 Features Extraction . 62 4.6 Classification . 63 4.7 Summary . 64 5 Evaluation and Experimental Results 65 5.1 Evaluation Metric . 65 5.2 Evaluation Results . 66 5.3 Comparison with the existing works . 68 5.4 Limitations . 68 5.5 Summary . 69 6 Conclusions 71 6.1 Future Work . 73 A CensoredURLs List 75 viii List of Tables 4.1 Summary of the datasets used in the WF attacks against Tor. The "X" indicates not available and the "X" indicates available while the "?" indi- cates the authors didn't specify . 51 4.2 CensoredDynaimcURLs list . 57 5.1 The Accuracy results for CensoredDynaimcURLs (%) . 67 ix List of Figures 2.1 Web Page Request Flow Example . 11 2.2 Tor Network Architecture . 15 2.3 Tor Network Architecture [68] . 18 2.4 Tor Dissector . 19 3.1 Website Fingerprinting Attacks Scenario . 26 3.2 Website Fingerprinting Procedure . 27 3.3 Website Fingerprinting Survey . 29 4.1 Traffic Generator Components . 58 x Acronyms HMM Hidden Markov Model HTML Hyper Text Markup Language HTTP Hyper Text Transfer Protocol HTTP Obfuscation HTTPOS IP Internet Protocol ISP Internet Service Provider JAP JonDonym Anonymous Proxy K-NN k Nearest Neighbor ONI OpenNet Initiative OP Onion Proxy OR Onion Router OSAD Optimal String Alignment Distance PET Privacy Enhancing Technology PII Personally Identifiable Information xi RBF Radial Basis Function RWB Reporters Without Borders SSL Secure Socket Layer SVM Support Vector Machine TCP Transport Control Protocol TLS Transport Layer Security Tor The Onion Router UNESCO United Nations Educational, Scientific and Cultural Organization URL Uniform Resource Locator VOIP Voice-over-IP WF Website Fingerprinting xii Part I INTRODUCTION 1 Chapter 1 Introduction \My computer was arrested before I was." Syrian Activist [51] The Internet, specifically, the web, has become a major platform for freedom of opinion and expression [21] as it enables individuals who have access to it to seek, receive and impart opinions, ideas and information of all forms, instantly and inexpensively across the globe [21]. It was built fundamentally without any regard for protecting the privacy of its users. The absence of personal privacy protections built into the Internet and the constantly increasing threat of unlawful data tracking, censorship, and surveillance of web users' lives, force individuals around the world to seek and rely on privacy and anonymity technologies that can be used with the web to compensate for its lack of security and safety. Anonymity technologies have appeared as a potential good candidate to enhance people's human rights over the Internet so they could seek, receive and impart information without risk of disclosure, tracking and surveillance as mentioned in the United Nations Educational, Scientific and Cultural Organization (UNESCO) report [21] on the promotion and protection of the right to freedom of opinion and expression.
Recommended publications
  • Technical Report (Open)SSH Secure Use Recommendations

    Technical Report (Open)SSH Secure Use Recommendations

    DAT-NT-007-EN/ANSSI/SDE PREMIERMINISTRE Secrétariat général Paris, August 17, 2015 de la défense et de la sécurité nationale No DAT-NT-007-EN/ANSSI/SDE/NP Agence nationale de la sécurité Number of pages des systèmes d’information (including this page): 21 Technical report (Open)SSH secure use recommendations Targeted audience Developers Administrators X IT security managers X IT managers Users Document Information Disclaimer This document, written by the ANSSI, presents the “(Open)SSH secure use recom- mendations”. It is freely available at www.ssi.gouv.fr/nt-ssh. It is an original creation from the ANSSI and it is placed under the “Open Licence” published by the Etalab mission (www.etalab.gouv.fr). Consequently, its diffusion is unlimited and unrestricted. This document is a courtesy translation of the initial French document “Recommanda- tions pour un usage sécurisé d’(Open)SSH”, available at www.ssi.gouv.fr/nt-ssh. In case of conflicts between these two documents, the latter is considered as the only reference. These recommendations are provided as is and are related to threats known at the publication time. Considering the information systems diversity, the ANSSI cannot guarantee direct application of these recommendations on targeted information systems. Applying the following recommendations shall be, at first, validated by IT administrators and/or IT security managers. Document contributors Contributors Written by Approved by Date Cisco1, DAT DAT SDE August 17, 2015 Document changelog Version Date Changelog based on 1.3 – french August 17, 2015 Translation Contact information Contact Address Email Phone 51 bd de La Bureau Communication Tour-Maubourg [email protected] 01 71 75 84 04 de l’ANSSI 75700 Paris Cedex 07 SP 1.
  • Not-Quite-So-Broken TLS Lessons in Re-Engineering a Security Protocol Specification and Implementation

    Not-Quite-So-Broken TLS Lessons in Re-Engineering a Security Protocol Specification and Implementation

    Not-quite-so-broken TLS Lessons in re-engineering a security protocol specification and implementation David Kaloper Meršinjak Hannes Mehnert Peter Sewell Anil Madhavapeddy University of Cambridge, Computer Labs Usenix Security, Washington DC, 12 August 2015 INT SSL23_GET_CLIENT_HELLO(SSL *S) { CHAR BUF_SPACE[11]; /* REQUEST THIS MANY BYTES IN INITIAL READ. * WE CAN DETECT SSL 3.0/TLS 1.0 CLIENT HELLOS * ('TYPE == 3') CORRECTLY ONLY WHEN THE FOLLOWING * IS IN A SINGLE RECORD, WHICH IS NOT GUARANTEED BY * THE PROTOCOL SPECIFICATION: * BYTE CONTENT * 0 TYPE \ * 1/2 VERSION > RECORD HEADER * 3/4 LENGTH / * 5 MSG_TYPE \ * 6-8 LENGTH > CLIENT HELLO MESSAGE Common CVE sources in 2014 Class # Memory safety 15 State-machine errors 10 Certificate validation 5 ASN.1 parsing 3 (OpenSSL, GnuTLS, SecureTransport, Secure Channel, NSS, JSSE) Root causes Error-prone languages Lack of separation Ambiguous and untestable specification nqsb approach Choice of language and idioms Separation and modular structure A precise and testable specification of TLS Reuse between specification and implementation Choice of language and idioms OCaml: a memory-safe language with expressive static type system Well contained side-effects Explicit flows of data Value-based Explicit error handling We leverage it for abstraction and automated resource management. Formal approaches Either reason about a simplified model of the protocol; or reason about small parts of OpenSSL. In contrast, we are engineering a deployable implementation. nqsb-tls A TLS stack, developed from scratch, with dual goals: Executable specification Usable TLS implementation Structure nqsb-TLS ML module layout Core Is purely functional: VAL HANDLE_TLS : STATE -> BUFFER -> [ `OK OF STATE * BUFFER OPTION * BUFFER OPTION | `FAIL OF FAILURE ] Core OCaml helps to enforce state-machine invariants.
  • Openssh Client Cryptographic Module Versions 1.0, 1.1 and 1.2

    Openssh Client Cryptographic Module Versions 1.0, 1.1 and 1.2

    OpenSSH Client Cryptographic Module versions 1.0, 1.1 and 1.2 FIPS 140-2 Non-Proprietary Security Policy Version 3.0 Last update: 2021-01-13 Prepared by: atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 www.atsec.com © 2021 Canonical Ltd. / atsec information security This document can be reproduced and distributed only whole and intact, including this copyright notice. OpenSSH Client Cryptographic Module FIPS 140-2 Non-Proprietary Security Policy Table of Contents 1. Cryptographic Module Specification ....................................................................................................... 5 1.1. Module Overview .................................................................................................................................... 5 1.2. Modes of Operation ................................................................................................................................ 9 2. Cryptographic Module Ports and Interfaces ......................................................................................... 10 3. Roles, Services and Authentication ...................................................................................................... 11 3.1. Roles ...................................................................................................................................................... 11 3.2. Services .................................................................................................................................................
  • Copyrighted Material

    Copyrighted Material

    Anonymizing 1 Your Activities In our daily lives we like to have a certain level of privacy. We have curtains on our win- dows, doors for our offices, and even special screen protectors for computers to keep out prying eyes. This idea of wanting privacy also extends to the use of the Internet. We do not want people knowing what we typed in Google, what we said in our Instant Message conversations, or what websites we visited. Unfortunately, your private information is largely available if someone is watching. When doing any number of things on the Internet, there are plenty of reasons you might want to go incognito. However, that does not mean you’re doing anything wrong or illegal. he justification for anonymity when researching malware and bad guys is pretty Tstraightforward. You do not want information to show up in logs and other records that might tie back to you or your organization. For example, let’s say you work at a finan- cial firm and you recently detected that a banking trojan infected several of your systems. You collected malicious domain names, IP addresses, and other data related to the malware. The next steps you take in your research may lead you to websites owned by the criminals. As a result, if you are not taking precautions to stay anonymous, your IP address will show up in various logs and be visible to miscreants. If the criminals can identify you or the organization from which you conduct your research, they may COPYRIGHTEDchange tactics or go into hiding, MATERIAL thus spoiling your investigation.
  • Firefox Quantum Remove Recommended by Pocket From

    Firefox Quantum Remove Recommended by Pocket From

    Firefox Quantum Remove Recommended By Pocket From Lamellar Gary restitutes: he ligatured his recognisance bearishly and dully. Desireless Redford suburbanized very monotonously while Silvester remains dysteleological and unconfined. Skin-deep Algernon never dislodged so westerly or stanchion any floppiness war. Stack traces are now shown for exceptions inside your console. Press to restore system options as which process starts it'll remove by the jailbreak. It is enabled by default in development versions of Firefox, but average in release versions. We have always bear the result in scratchpad and by pocket. Earn an issue that ff is by firefox quantum. You for tweetdeck, or login to network failures due to open source ip address bar at your activity. Ask a question and give support. Who cares about the features? 2012 after Mozilla detected a security flaw and recommended downgrading to. Access the feature for android firefox remove by now called extensions available for recommended by ad blockers work unencumbered by ad is a set to. This will open large number of your browser extensions that pisses me of money if you can either automatically updated their next app integrated into detail of. Dec 01 2017 Firefox Quantum's interface is still extremely customizable thanks to. Where is the back latch on Firefox? Mozilla Firefox or simply Firefox is that free quote open-source web browser developed by the. It will not collect data in private browser windows, and when Mozilla shares the results of its research, it will do so in a way that minimizes the risk of users being identified, Boyd said.
  • Openssh-Ldap-Pubkey Documentation Release 0.3.0

    Openssh-Ldap-Pubkey Documentation Release 0.3.0

    openssh-ldap-pubkey Documentation Release 0.3.0 Kouhei Maeda May 18, 2020 Contents 1 openssh-ldap-pubkey 3 1.1 Status...................................................3 1.2 Requirements...............................................3 1.3 See also..................................................3 2 How to setup LDAP server for openssh-lpk5 2.1 Precondition...............................................5 2.2 Requirements...............................................5 2.3 Install...................................................5 3 How to setup OpenSSH server9 3.1 Precondition...............................................9 3.2 Requirements...............................................9 3.3 Install with nslcd (recommend).....................................9 3.4 Install without nslcd........................................... 11 4 History 13 4.1 0.3.0 (2020-05-18)............................................ 13 4.2 0.2.0 (2018-09-30)............................................ 13 4.3 0.1.3 (2018-08-18)............................................ 13 4.4 0.1.2 (2017-11-25)............................................ 13 4.5 0.1.1 (2015-10-16)............................................ 14 4.6 0.1.0 (2015-10-16)............................................ 14 5 Contributors 15 6 Indices and tables 17 i ii openssh-ldap-pubkey Documentation, Release 0.3.0 Contents: Contents 1 openssh-ldap-pubkey Documentation, Release 0.3.0 2 Contents CHAPTER 1 openssh-ldap-pubkey 1.1 Status 1.2 Requirements 1.2.1 LDAP server • Add openssh-lpk schema. • Add an objectClass ldapPublicKey to user entry. • Add one or more sshPublicKey attribute to user entry. 1.2.2 OpenSSH server • OpenSSH over 6.2. • Installing this utility. • Setup AuthorozedKeysCommand and AuthorizedKeysCommandUser in sshd_config. 1.3 See also • OpenSSH 6.2 release 3 openssh-ldap-pubkey Documentation, Release 0.3.0 • openssh-lpk 4 Chapter 1. openssh-ldap-pubkey CHAPTER 2 How to setup LDAP server for openssh-lpk 2.1 Precondition This article restricts OpenLDAP with slapd_config on Debian systems only.
  • Arxiv:1911.09312V2 [Cs.CR] 12 Dec 2019

    Arxiv:1911.09312V2 [Cs.CR] 12 Dec 2019

    Revisiting and Evaluating Software Side-channel Vulnerabilities and Countermeasures in Cryptographic Applications Tianwei Zhang Jun Jiang Yinqian Zhang Nanyang Technological University Two Sigma Investments, LP The Ohio State University [email protected] [email protected] [email protected] Abstract—We systematize software side-channel attacks with three questions: (1) What are the common and distinct a focus on vulnerabilities and countermeasures in the cryp- features of various vulnerabilities? (2) What are common tographic implementations. Particularly, we survey past re- mitigation strategies? (3) What is the status quo of cryp- search literature to categorize vulnerable implementations, tographic applications regarding side-channel vulnerabili- and identify common strategies to eliminate them. We then ties? Past work only surveyed attack techniques and media evaluate popular libraries and applications, quantitatively [20–31], without offering unified summaries for software measuring and comparing the vulnerability severity, re- vulnerabilities and countermeasures that are more useful. sponse time and coverage. Based on these characterizations This paper provides a comprehensive characterization and evaluations, we offer some insights for side-channel of side-channel vulnerabilities and countermeasures, as researchers, cryptographic software developers and users. well as evaluations of cryptographic applications related We hope our study can inspire the side-channel research to side-channel attacks. We present this study in three di- community to discover new vulnerabilities, and more im- rections. (1) Systematization of literature: we characterize portantly, to fortify applications against them. the vulnerabilities from past work with regard to the im- plementations; for each vulnerability, we describe the root cause and the technique required to launch a successful 1.
  • Draft Clearclick: Effective Client-Side Protection Against UI

    Draft Clearclick: Effective Client-Side Protection Against UI

    Draft ClearClick: Effective Client-Side Protection Against UI Redressing Attacks Giorgio Maone <giorgio at maone.net> Rev. 2, May 3, 2012 Abstract “User Interface Redressing”, popularized in 2008 as “Clickjacking”, designates a class of attacks, leveraging ambient authority and the coexistence in modern user agents of multiple browsing contexts, which trick an authorized human into interacting with UI elements that actually belong to the targeted web application, but have been obscured or decontextualized by attacker-provided content. This interaction induces unintended application state changes on behalf of the victim – similarly to Cross Site Request Forgery – but defeats traditional CSRF protections, such as form tokens, by exploiting the legitimate web application UI itself, which those countermeasures are meant to validate. The main defense currently adopted by mainstream browsers requires a server- side opt-in signal and prohibits legitimate, widespread use cases such as cross-site subdocument embedding. Another countermeasure immune to these limitations (enabled by default, entirely client-side and designed to allow cross-domain embedding) is the ClearClick module, included in the NoScript add-on for Mozilla Firefox just days after the first Clickjacking announcement. This document describes the rationale behind it and the way it works. Keywords: clickjacking, anti-clickjacking, UI redressing, ClearClick, X-Frame-Options. 1. Introduction In September 2008, Jeremiah Grossman and Robert “RSnake” Hansen canceled a previously announced
  • Finding and Installing Firefox Extensions SURF’S UP

    Finding and Installing Firefox Extensions SURF’S UP

    LINUXUSER DeskTOPia: Firefox Add-ons Finding and installing Firefox extensions SURF’S UP If you look around the Internet, you’ll find a number of useful add-ons for Mozilla Firefox. BY ANDREAS KNEIB he Mozilla Firefox browser is de- most useful modules for the new Firefox the module is available. Then just re- signed to easily accommodate ex- 1.5. launch the web browser to enable the Ttensions, and the Firefox commu- tools. nity has responded with a rich assort- Getting Started If Firefox fails to locate working exten- ment of add-on modules. If you’re inter- If your Linux distribution doesn’t have sions, the old extensions will stay dis- ested in higher performance, or even if the latest version of Firefox, you can abled until an update becomes available you just want to check the weather, download it from the Firefox homepage or until you remove the extensions man- you’ll find a Firefox add-on to meet your at [1]. Once you have installed the latest ually. If you still encounter problems, needs. We took a look at some of the version, you can open the Firefox Exten- such as the program crashing because sion Manager (Figure 1) by selecting the browser has stumbled over an in- Tools | Extensions. The Extension Man- compatible or broken module, you can ager is a central tool for plug-in manage- try starting the program in safe mode ment. using the following parameters in the If your Firefox 1.0 version already has command line: firefox -safe-mode. a number of extensions installed before In safe mode, all extensions and you upgrade to Firefox 1.5, the browser themes [4] are disabled, and you can should now show you if the modules are run the Extension Manager to remove compatible with the new version.
  • Scripting the Openssh, SFTP, and SCP Utilities on I Scott Klement

    Scripting the Openssh, SFTP, and SCP Utilities on I Scott Klement

    Scripting the OpenSSH, SFTP, and SCP Utilities on i Presented by Scott Klement http://www.scottklement.com © 2010-2015, Scott Klement Why do programmers get Halloween and Christmas mixed-up? 31 OCT = 25 DEC Objectives Of This Session • Setting up OpenSSH on i • The OpenSSH tools: SSH, SFTP and SCP • How do you use them? • How do you automate them so they can be run from native programs (CL programs) 2 What is SSH SSH is short for "Secure Shell." Created by: • Tatu Ylönen (SSH Communications Corp) • Björn Grönvall (OSSH – short lived) • OpenBSD team (led by Theo de Raadt) The term "SSH" can refer to a secured network protocol. It also can refer to the tools that run over that protocol. • Secure replacement for "telnet" • Secure replacement for "rcp" (copying files over a network) • Secure replacement for "ftp" • Secure replacement for "rexec" (RUNRMTCMD) 3 What is OpenSSH OpenSSH is an open source (free) implementation of SSH. • Developed by the OpenBSD team • but it's available for all major OSes • Included with many operating systems • BSD, Linux, AIX, HP-UX, MacOS X, Novell NetWare, Solaris, Irix… and yes, IBM i. • Integrated into appliances (routers, switches, etc) • HP, Nokia, Cisco, Digi, Dell, Juniper Networks "Puffy" – OpenBSD's Mascot The #1 SSH implementation in the world. • More than 85% of all SSH installations. • Measured by ScanSSH software. • You can be sure your business partners who use SSH will support OpenSSH 4 Included with IBM i These must be installed (all are free and shipped with IBM i **) • 57xx-SS1, option 33 = PASE • 5733-SC1, *BASE = Portable Utilities • 5733-SC1, option 1 = OpenSSH, OpenSSL, zlib • 57xx-SS1, option 30 = QShell (useful, not required) ** in v5r3, had 5733-SC1 had to be ordered separately (no charge.) In v5r4 or later, it's shipped automatically.
  • Using Vmware Vrealize Orchestrator 8.4 Plug-Ins

    Using Vmware Vrealize Orchestrator 8.4 Plug-Ins

    Using VMware vRealize Orchestrator 8.4 Plug-Ins 15 APRIL 2021 vRealize Orchestrator 8.4 Using VMware vRealize Orchestrator 8.4 Plug-Ins You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com © Copyright 2008-2021 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 2 Contents Using VMware vRealize Orchestrator Plug-Ins 9 1 Introduction to vRealize Orchestrator Plug-Ins 10 vRealize Orchestrator Architecture 11 Plug-Ins Installed with the vRealize Orchestrator Server 11 Access the vRealize Orchestrator API Explorer 14 Time Zone Codes 15 2 Configuring the vRealize Orchestrator Plug-Ins 18 Manage vRealize Orchestrator Plug-Ins 18 Install or Update a vRealize Orchestrator Plug-In 19 Delete a Plug-In 19 3 Using the Active Directory Plug-In 21 Configuring the Active Directory Plug-In 21 Using the Active Directory Plug-In Workflow Library 22 Computer Workflows 22 Organizational Unit Workflows 22 User Workflows 23 User Group Workflows 23 Client-Side Load Balancing for the Active Directory Plug-In 24 4 Using the AMQP Plug-In 25 Configuring the AMQP Plug-In 25 Add a Broker 25 Subscribe to Queues 26 Update a Broker 27 Using the AMQP Plug-In Workflow Library 27 Declare a Binding 28 Declare a Queue 28 Declare an Exchange 29 Send a Text Message 30 Delete a Binding 31 5 Using the Configuration Plug-In 32 6 Using the Dynamic Types Plug-In 34 Dynamic Types Configuration Workflows 34 VMware, Inc.
  • Privacy-Enhancing Technologies for the Internet

    Privacy-Enhancing Technologies for the Internet

    Privacy-enhancing technologies for the Internet Ian Goldberg David Wagner Eric Brewer University of California, Berkeley iang,daw,brewer ¡ @cs.berkeley.edu Abstract ing privacy issues on the Internet, and Section 3 provides some relevant background. We then discuss Internet pri- The increased use of the Internet for everyday activi- vacy technology chronologically, in three parts: Section 4 ties is bringing new threats to personal privacy. This pa- describes the technology of yesterday, Section 5 explains per gives an overview of existing and potential privacy- today’s technology, and Section 6 explores the technology enhancing technologies for the Internet, as well as moti- of tomorrow. Finally, we conclude in Section 7. vation and challenges for future work in this field. 2. Motivation 1. Introduction The threats to one’s privacy on the Internet are two-fold: your online actions could be (1) monitored by unauthorized Recently the Internet has seen tremendous growth, with parties and (2) logged and preserved for future access many the ranks of new users swelling at ever-increasing rates. years later. You might not realize that your personal infor- This expansion has catapulted it from the realm of academic mation has been monitored, logged, and subsequently dis- research towards new-found mainstream acceptance and in- closed; those who would compromise your privacy have no creased social relevance for the everyday individual. Yet incentive to warn you. this suddenly increased reliance on the Internet has the po- The threat of long-term storage and eventual disclosure tential to erode personal privacies we once took for granted. of personal information is especially acute on the Internet.