|
Showing 1 - 15 of
15 matches in All Departments
The purpose of the National Institute of Standards and Technology
Special Publication 800-127, Guide to Securing WiMAX Wireless
Communications, is to provide information to organizations
regarding the security capabilities of wireless communications
using WiMAX networks and to provide recommendations on using these
capabilities. WiMAX technology is a wireless metropolitan area
network (WMAN) technology based upon the IEEE 802.16 standard. It
is used for a variety of purposes, including, but not limited to,
fixed last-mile broadband access, long-range wireless backhaul, and
access layer technology for mobile wireless subscribers operating
on telecommunications networks.
This publication of the NIST seeks to assist organizations in
understanding the challenges in integrating information security
practices into SOA design and development based on Web services.
This publication also provides practical, real-world guidance on
current and emerging standards applicable to Web services, as well
as background information on the most common security threats to
SOAs based on Web services. This document presents information that
is largely independent of particular hardware platforms, operating
systems, and applications. Supplementary security mechanisms (i.e.,
perimeter security appliances) are considered outside the scope of
this publication. Interfaces between Web services components and
supplementary controls are noted as such throughout this document
on a case-by-case basis. The document, while technical in nature,
provides the background information to help readers understand the
topics that are discussed. The intended audience for this document
includes the following: System and software architects and
engineers trained in designing, implementing, testing, or
evaluating Web services; Software developers experienced in XML,
C#, Visual Basic for .NET (VB.NET), C, or Java for Web services;
Security architects, engineers, analysts, and secure software
developers/integrators; Researchers who are furthering and
extending service interfaces and conceptual designs. This document
assumes that readers have some minimal Web services expertise.
Because of the constantly changing nature of Web services threats
and vulnerabilities, readers are expected to take advantage of
other resources (including those listed in this document) for more
current and detailed information. The practices recommended in this
document are designed to help mitigate the risks associated with
Web services. They build on and assume the implementation of
practices described in other NIST guidelines listed in Appendix F.
The remainder of this document is organized into five major
sections. Section 2 provides background to Web services and portals
and their relationship to security. Section 3 discusses the many
relevant Web service security functions and related technology.
Section 4 discusses Web portals, the human user's entry point into
the SOA based on Web services. Section 5 discusses the challenges
associated with secure Web service-enabling of legacy applications.
Finally, Section 6 discusses secure implementation tools and
technologies. The document also contains several appendices.
Appendix A offers discussion of several attacks commonly leveraged
against Web services and SOAs. Appendix B provides an overview of
Electronic Business eXtensible Markup Language (ebXML), a Web
services protocol suite developed by the United Nations Centre for
Trade Facilitation and Electronic Business (UN/CEFACT). Appendices
C and D contain a glossary and acronym list, respectively.
Appendices E and F list print resources and online tools and
resources that may be useful references for gaining a better
understanding of Web services and SOAs, security concepts and
methodologies, and the general relationship between them. Security
Division, Information Technology Laboratory, National Institute of
Standards and Technology.
The purpose of this publication is to help organizations improve
their WLAN security by providing recommendations for WLAN security
configuration and monitoring. This publication supplements other
NIST publications by consolidating and strengthening their key
recommendations.
Computer security incident response has become an important
component of information technology (IT) programs. Because
performing incident response effectively is a complex undertaking,
establishing a successful incident response capability requires
substantial planning and resources. This publication assists
organizations in establishing computer security incident response
capabilities and handling incidents efficiently and effectively.
This publication provides guidelines for incident handling,
particularly for analyzing incident-related data and determining
the appropriate response to each incident. The guidelines can be
followed independently of particular hardware platforms, operating
systems, protocols, or applications.
The National Institute of Standards and Technology Special
Publication 800-121 Revision 1, Guide to Bluetooth Security is the
first revision to NIST SP 800-121, Guide to Bluetooth Security.
Bluetooth is an open standard for short-range radio frequency
communication. Bluetooth technology is used primarily to establish
wireless personal area networks. It has been integrated into many
types of business and consumer devices, including cellular phones,
personal digital assistants, laptops, automobiles, printers, and
headsets. This publication provides information on the security
capabilities of Bluetooth and gives recommendations to
organizations employing Bluetooth technologies on securing them
effectively. Updates in this revision include the latest
vulnerability mitigation information for Secure Simple Pairing,
introduced in Bluetooth v2.1 + Enhanced Data Rate (EDR), as well as
an introduction to and discussion of Bluetooth v3.0 + High Speed
and Bluetooth v4.0 security mechanisms and recommendations.
The National Institute of Standards and Technology Special
Publication 800-97 provides readers with a detailed explanation of
next generation 802.11 wireless security. It describes the
inherently flawed Wired Equivalent Privacy (WEP) and explains
802.11i's two-step approach (interim and long-term) to providing
effective wireless security. It describes secure methods used to
authenticate users in a wireless environment, and presents several
sample case studies of wireless deployment. It also includes
guidance on best practices for establishing secure wireless
networks using the emerging Wi-Fi technology.
The National Institute of Standards and Technology Special
Publication 800-126 Revision 2 "The Technical Specifications for
the Security Content Automaton Protocol (SCAP): SCAP Version 1.2"
provides the definitive technical specification for version 1.2 of
the Security Content Automation Protocol (SCAP). SCAP consists of a
suite of specifications for standardizing the format and
nomenclature by which information about software flaws and security
configurations is communicated, both to machines and humans. This
document defines requirements for creating and processing SCAP
content. These requirements build on the requirements defined
within the individual SCAP component specifications. Each new
requirement pertains either to using multiple component
specifications together or to further constraining one of the
individual component specifications.
The National Institute of Standards and Technology Special
Publication 800-153 provides information on the Guidelines for
Securing Wireless Local Area Networks (WLANs). A wireless local
area network (WLAN) is a group of wireless networking devices
within a limited geographic area, such as an office building, that
exchange data through radio communications. The security of each
WLAN is heavily dependent on how well each WLAN component-including
client devices, APs, and wireless switches-is secured throughout
the WLAN lifecycle, from initial WLAN design and deployment through
ongoing maintenance and monitoring. The purpose of this publication
is to help organizations improve their WLAN security by providing
recommendations for WLAN security configuration and monitoring.
This publication supplements other NIST publications by
consolidating and strengthening their key recommendations.
NIST Special Publication 800-82. This document provides guidance
for establishing secure industrial control systems (ICS). These
ICS, which include supervisory control and data acquisition (SCADA)
systems, distributed control systems (DCS), and other control
system configurations such as skid-mounted Programmable Logic
Controllers (PLC) are often found in the industrial control
sectors. ICS are typically used in industries such as electric,
water and wastewater, oil and natural gas, transportation,
chemical, pharmaceutical, pulp and paper, food and beverage, and
discrete manufacturing (e.g., automotive, aerospace, and durable
goods.) SCADA systems are generally used to control dispersed
assets using centralized data acquisition and supervisory control.
DCS are generally used to control production systems within a local
area such as a factory using supervisory and regulatory control.
PLCs are generally used for discrete control for specific
applications and generally provide regulatory control. These
control systems are vital to the operation of the U.S. critical
infrastructures that are often highly interconnected and mutually
dependent systems. It is important to note that approximately 90
percent of the nation's critical infrastructures are privately
owned and operated. Federal agencies also operate many of the ICS
mentioned above; other examples include air traffic control and
materials handling (e.g., Postal Service mail handling.) This
document provides an overview of these ICS and typical system
topologies, identifies typical threats and vulnerabilities to these
systems, and provides recommended security countermeasures to
mitigate the associated risks. National Institute of Standards and
Technology. U.S. Department of Commerce.
This guide provides detailed information about the security of
Windows XP, security configuration guidelines for popular
applications, and security configuration guidelines for the Windows
XP operating system. The guide documents the methods that system
administrators can use to implement each security setting
recommended. The principal goal of the document is to recommend and
explain tested, secure settings for Windows XP workstations with
the objective of simplifying the administrative burden of improving
the security of Windows XP systems in five types of environments:
SOHO, enterprise, and three custom environments, specialized
security-limited functionality, legacy, and Federal Desktop Core
Configuration (FDCC).
This publication helps teleworkers secure the external devices they
use for telework, such as personally owned and third-party
privately owned desktop and laptop computers and consumer devices
(e.g., cell phones, personal digital assistants PDA]). The document
focuses specifically on security for telework involving remote
access to organizations' nonpublic computing resources. It provides
practical, real world recommendations for securing telework
computers' operating systems (OS) and applications, as well as home
networks that the computers use. It presents basic recommendations
for securing consumer devices used for telework. The document also
presents advice on protecting the information stored on telework
computers and removable media. In addition, it provides tips on
considering the security of a device owned by a third party before
deciding whether it should be used for telework.
The purpose of this document is to describe a strategy allowing
agencies to PIV-enable their PACS, and migrate to government-wide
interoperability. Specifically, the document recommends a
risk-based approach for selecting appropriate PIV authentication
mechanisms to manage physical access to Federal government
facilities and assets.
The purpose of this document is to provide an overview of active
content and mobile code technologies in use today and offer
insights for making informed IT security decisions on their
application and treatment. The discussion gives details about the
threats, technology risks, and safeguards for end user systems,
such as desktops and laptops. Although various end user
applications, such as email clients, can involve active content,
Web browsers remain the primary vehicle for delivery and are
underscored in the discussion. The tenets presented for Web
browsers apply equally well to other end user applications and can
be inferred directly.
This document seeks to assist organizations in understanding the
capabilities of firewall technologies and firewall policies. It
provides practical guidance on developing firewall policies and
selecting, configuring, testing, deploying, and managing firewalls.
This document is a guide to the basic technical aspects of
conducting information security assessments. It presents technical
testing and examination methods and techniques that an organization
might use as part of an assessment, and offers insights to
assessors on their execution and the potential impact they may have
on systems and networks. For an assessment to be successful and
have a positive impact on the security posture of a system (and
ultimately the entire organization), elements beyond the execution
of testing and examination must support the technical process.
Suggestions for these activities-including a robust planning
process, root cause analysis, and tailored reporting-are also
presented in this guide.
|
You may like...
Midnights
Taylor Swift
CD
R418
Discovery Miles 4 180
|