Details
=======
IPsec is an IP security feature that provides robust authentication
and encryption of IP packets. IKE is a key management protocol
standard that is used with the IPsec standard.
IKE is a hybrid protocol that implements the Oakley and SKEME key
exchanges inside the Internet Security Association and Key Management
Protocol (ISAKMP) framework. (ISAKMP, Oakley, and SKEME are security
Details
=======
IPsec is an IP security feature that provides robust authentication
and encryption of IP packets. IKE is a key management protocol
standard that is used in conjunction with the IPsec standard.
IKE is a hybrid protocol that implements the Oakley and SKEME key
exchanges inside the Internet Security Association and Key Management
Protocol (ISAKMP) framework. (ISAKMP, Oakley, and SKEME are security
Inference/Controlled Disclosure
Information Warfare
Intellectual Property Protection
Intrusion and Attack Detection
Intrusion and Attack Response
Key Management
Privacy-Enhancing Technology
Secure Networking
Secure System Design
Security Management
Security for Mobile Code
this vulnerability.
A successful attack may result in a reload of the device.
Remote access VPN connections will have Internet Security Association
and Key Management Protocol (ISAKMP) enabled on an interface with the
crypto command, such as: crypto isakmp enable outside.
This vulnerability is documented in Cisco Bug ID CSCso69942
and has been assigned Common Vulnerabilities and Exposures (CVE)
identifier CVE-2008-2733.
eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic
filesystem for Linux.
It is derived from Erez Zadok's Cryptfs, implemented through the FiST
framework for generating stacked filesystems. eCryptfs extends Cryptfs to
provide advanced key management and policy features. eCryptfs stores
cryptographic metadata in the header of each file written, so that encrypted
files can be copied between hosts; the file will be decryptable with the
proper key, and there is no need to keep track of any additional information
aside from what is already in the encrypted file itself. Think of eCryptfs as
a sort of ``gnupgfs.''
eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic
filesystem for Linux.
It is derived from Erez Zadok's Cryptfs, implemented through the FiST
framework for generating stacked filesystems. eCryptfs extends Cryptfs to
provide advanced key management and policy features. eCryptfs stores
cryptographic metadata in the header of each file written, so that encrypted
files can be copied between hosts; the file will be decryptable with the
proper key, and there is no need to keep track of any additional information
aside from what is already in the encrypted file itself. Think of eCryptfs as
a sort of ``gnupgfs.''
Crafted Internet Key Exchange (IKE) Message Denial of Service Vulnerability
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
IPsec is an IP security feature that provides robust authentication
and encryption of IP packets. IKE is a key management protocol
standard that is used in conjunction with the IPsec standard. A DoS
vulnerability exists in the IKE implementation of the Cisco ASA.
During successful exploitation, an unauthenticated attacker may cause
an affected device to reload.
The topics include social engineering, security of the GSM air interface,
design of secure protocols, physical security, Web 2.0, exploit/malware
analysis & design, security awareness, abusing device drivers, #twitter
risks, attacks on smart-card secured online banking, security risks and
defence for developers, advanced database exploits, abusing firmware,
security analysis of the TCP & IP protocols, key management, incident
response, e-voting, advanced keyboard sniffing, malware for routers,
large-scale network attack simulation, cloud computing, next generation
intrusion detection/prevention, among others. We also show a demonstration
of an DoS attack against a GSM network by means of a phone with modified
firmware.
SafeGuard Enterprise is too different from SafeGuard Easy that any observations on SGE could be applied to it.
While SafeGuard Easy was explicitly designed to be as undemanding as possible in terms of infrastructure and had no real central management,
SG Enterprise uses a Client/Server model with central management and database, allowing administrators to centrally
control all policies and key management.
The only things needed to install a client is the client software package, and a digitally signed configuration package that identifies the client's home server and its certificate.
All policies, keys, etc are transported to clients using session-key encrypted network connections. In addition, critical data is digitally signed using company-specific keys.
It's an interesting document. There's more info about FIPS and it's relation with Common Criteria here:
http://csrc.nist.gov/groups/STM/cmvp/index.html#05
On that link you can read:
"The Common Criteria (CC) and FIPS 140-2 are different in the abstractness and focus of tests. FIPS 140-2 testing is against a defined cryptographic module and provides a suite of conformance tests to four security levels. FIPS 140-2 describes the requirements for cryptographic modules and includes such areas as physical security, key management, self tests, roles and services, etc. The standard was initially developed in 1994 - prior to the development of the CC. CC is an evaluation against a created protection profile (PP) or security target (ST). Typically, a PP covers a broad range of products."
I can read the term "roles"...
If you read the "FIPS 140-2 Non-Proprietary Security Policy" you will see that:
"FIPS Mode Configuration
