Upload File

user identification operations 4.0

13
   !"#$% &'( #)*+ !),-./0)/)

Upload: silva

Post on 03-Nov-2015

220 views

Category:

Documents


0 download

Report

DESCRIPTION

Our enterprise security platforms are available in both hardware and virtualized form factors, supporting the exact same next-generation firewall feature set for consistency and ease of management. In addition, Panorama™ our centralized management platform is also available in both virtualized and hardware form factors.

TRANSCRIPT

  • PANOS4.0

    NickPiagentini

  • PaloAltoNetworks PANOS4.0 1

    ContentsPANOS4.0UserIDfunctions........................................................................................................................1

    User/GroupEnumeration.......................................................................................................................1

    1. UsingADUserAgentforEnumeration.........................................................................................2

    2. UsingLDAPServersforEnumeration............................................................................................3

    UsertoIPMapping...................................................................................................................................5

    1. ADUserAgent................................................................................................................................5

    2. LDAPUserAgent...........................................................................................................................7

    3. CaptivePortal................................................................................................................................8

    4. TerminalServerAgent................................................................................................................12

    5. PaloAltoNetworksclientsoftware............................................................................................12

    PANOS4.0UserIDfunctionsUserIdentificationinPANOS4.0encompassestwoprimaryfunctions:

    x Enumerationofusersandtheirassociatedgroupmembershipx MappingofthoseuserstotheircurrentIPaddresses.

    Eachofthesefunctionscanbeperformedbydifferentmethods.Somemethodsareeffectiveinspecificnetworkenvironmentsandsomeareapplicableinallenvironments..Bothcomponentswillbediscussedinthisdocument.

    User/GroupEnumerationBeforeasecuritypolicycanbewrittenforgroupsofusers,therelationshipsbetweentheusersandthegroupstheyaremembersofmustbeestablished.ThisinformationisretrievedfromanLDAPdirectory,suchasActiveDirectoryoreDirectory.Thefirewalloranagentwillaccessthedirectoryandsearchforgroupobjects.Eachgroupobjectwillcontainalistofuserobjectsthataremembers.Thislistwillbeevaluatedandwillbecomethelistofusersandgroupsavailableinsecuritypolicyandauthenticationprofiles.Therearetwomethodsforretrievingthisdata:

    1. useanagentthattalkstoActivedirectory,or2. useanagentthattalkstoLDAPservers.

    Bothofthesemethodsarediscussedbelow.

  • PaloAltoNetworks PANOS4.0 2

    1. UsingADUserAgentforEnumeration

    Operation:ThisagentisinstalledasawindowsserviceonaWindowsserverthatisamemberofthedomaintobepolled.ItisconfiguredwithalistofDomainControllersinasingleWindowsDomain,andwillaccessthe

    firstDConthatlistforuserandgroupinformation.IfthefirstDCisnotavailablewhenitdoesgroupenumeration,theagentwillcontinuedownthelistuntilitlocatesaDCthatisavailable.TheagentwillaccessthedomaincontrollerusingMicrosoftRPCandwillreadallofthesecuritygroupsinthedomain.Sincetheagentisonlyconfiguredtomapusersfromasingledomain,anyaccountsfromotherdomainswillbeignored.ForthisreasonitisabestpracticetobuildsecuritypolicyusingDomainGlobalgroups,astheywillonlycontainusers

    fromasingledomainandwillbecorrectlyrepresentedbytheADuserAgent.

    Aftertheagenthasparsedthedomainforgroupsandusers,itcanapplyagroupfiltertosendonlyselectgroupstothefirewall.Itisstronglyrecommendedthatyouconfigureagroupfilter.Byeliminatingunneededgroupsfromthelistthatissenttothefirewall,overallprocessingonthefirewallsManagementPlaneisreduced,andthegroupselectioninterfaceintheUIismoresuccinct/userfriendly.

    Aftertheinitialgroupmembershipisobtained,theagentwillchecktoseeifgroupmembershiphaschangedeverysooften,baseduponaconfigurabletimer(calledUserMembershipTimer).Theagentwillupdatethefirewallwithonlythegroupsthathavechangedmembership.Ifnochangestogroupmembershipisdetectedtherewillbenodatasenttothefirewall.

    Asingleagentcanonlymonitordomaincontrollersfromasingledomain.Theagentcanmonitorupto100individualDCsfromthatsingledomain.Inamultidomainenvironmenttherewillneedtobemultipleagentsdeployed,sothatgroupinformationcanberetrievedfromallthedomains.

    Foreachdomain,thefirewall(orVirtualSystemifthefirewallisoperatinginthatmode)willselectasingleagenttogathergroupdatafrom.Bydefaultitwillbethefirstagentconfigured,butifthatagentisnotavailablethefirewallwilltryotheragentsinthelist.Todeterminetheagentbeingusedbythefirewallforgroupmembershipthe>showuserpanagentstatisticscommandcanbeused.Theagentwiththe*beforethewordconnectedistheonebeingusedforallgroupmembership,asseeninthescreenshotbelow:

  • PaloAltoNetworks PANOS4.0 3

    BestPracticesforADUserAgent1.) ConfigurewellconnectedDomainControllersonthetopofthelistintheagentandfirewall

    configuration.2.) Filterthelistofgroupsthatissenttothefirewalltoincludeonlythegroupsthatwillbeusedin

    firewallpolicy.Ifyouwanttomakesurethatallusersaretracked,includethegroupDomainUsers.

    3.) OnlyuseDomainGlobalgroupsinfirewallpolicywhenoperatinginamultidomainenvironment.NotethatthisisnotinlinewithtraditionalMicrosoftADpractice,whereDomainLocalgroupsareusedtocontrolrightsandaccess.

    4.) Ifsomeagentsarelocatedacrosssloworheavilyimpactedlinksitmaybebesttoconfigureonlythewellconnectedagentsfirstandrunacommit.Thiswillgettheinitialusersandgroupsonthefirewallandinsurethatfutureupdatesarejustdeltas.

    2. UsingLDAPServersforEnumeration

    Operation:ThePaloAltoNetworksnextgenerationfirewallcangatheruserandgroupinformationfromanLDAPdirectorywithouttheuseofanagent.ThismethodcanbeusedtoenumerateActiveDirectoryoranyotherLDAPenvironment.ThefirewallwillperformalloftheLDAPconnectionsandnoagentisrequiredforthisfunction.

    ThefirewalldefinesanumberofLDAPServersundertheUserIdentificationnode.EachLDAPServerinstancerepresentsabindtoaspecificpartofanLDAPtree.Itwillenumeratealloftheuserandgroupobjectsatthatpointandbelow.FilterscanbedefinedinthisconfigurationusingstandardLDAPsyntaxtolimittheusersandgroupsreturned.IfthismethodistobeusedtoenumerateusersfromActiveDirectory,therewillneedtobeaLDAPServerconfiguredforeachdomain.GlobalCatalogscannotbeusedforuserandgroupenumerationacrossADdomains.OnlyLDAPobjectsthatuseafieldtolistmembershipcanbeusedasgroupsonthefirewall.PANOSdoesnotsupporttheuseofcontainerobjectssuchasOrganizationalUnits(OU)assecurityprincipalsinfirewallpolicy.

    AccesscredentialstotheLDAPtreeisspecifiedinaLDAPAuthenticationserverobjectthatisreferencedby

  • PaloAltoNetworks PANOS4.0 4

    theLDAPServerobject.TheAuthenticationServerobjectalsospecifieswhichdirectoryserverswillbecontacted,theordertheywillbecontactedinandwhenthefirewallwilltrythenextoneonthelist.

    ConfigurationoftheLDAPServerobjectrequiresknowledgeoftheLDAPstructureinuse,suchastypesofobjectsusedasgroupsandusers.ForexampleinastandardActiveDirectorydeploymenttheusersareobjectsobjectclass=UserandaremostcommonlyreferredtobyeithertheSAMAccountName

    (jdoe)orUserPrincipalName([email protected])fields.Thegroupsobjectclass=grouparereferredtobytheCNfieldandstorealistofusersinamembersfield.ThislevelofinformationisrequiredtoconfiguretheLDAPServer.ThefollowingisanexampleofLDAPserverconfigurationtoenumerateusersfromallDomainGlobalsecuritygroupsonanActiveDirectorydomain.

    ForinteroperabilitybetweentheLDAPserverandtheADAgent,adomaincanbespecifiedintheserverconfiguration.Thisdomainwillbeaddedasaprefixtoanyuseraccountslearnedbytheagent.BysynchronizingthisvaluewiththeNETBIOSnameoftheADdomaininuse,wecanmapusersauthenticatedbyNTLMtousersenumeratedbyLDAP.

    BestPracticesusingLDAPServers1.) IftheunderlyingdirectoryisActiveDirectory,makesuretheDomainfieldoftheLDAPServer

    matchestheNETBIOSnameofthedomain.2.) UseofanLDAPbrowsercanbeextremelyhelpfulifworkingwithanongenericLDAP

    deployment.3.) Usegroupfilterstominimizethenumberofgroupsreturned.Forexample(grouptype=*46)

    willreturnonlyDomainGlobalsecuritygroups.

  • PaloAltoNetworks PANOS4.0 5

    UsertoIPMappingTheprocessofmappinguserstoIPaddressesisthemorecomplexofthetwoUserIDtasks.PANOS4.0providesmultiplemethodstomapuserstoIPaddresses.Somemethodsrequirespecificdirectorystructurestobeinplace.Somemethodsrequiresoftwareagentsorclientstobeinstalled.IfanyofthemethodsmapausertoanIPaddress,thatdatacanbeusedbythefirewallinbothpolicyandreporting.Userdataiswrittentoallappropriatelogswhenthelogsaregenerated.ThemethodsmappinguserstoIPare:

    1.) ADUserAgent2.) LDAPUserAgent3.) CaptivePortal4.) TerminalServicesAgent5.) PaloAltoNetworksclientsoftware(SSLVPN,GlobalProtect)

    Eachoftheseisdescribedbelow.

    1. ADUserAgentTheADUserAgentperformsboththeenumerationandmappingtasks.Eventhoughtthetwoprocessesareseparate,theagentcannotbeconfiguredtoperformonlyoneortheother.InActiveDirectoryenvironments,theADAgentisveryusefulformappingusersandasaresultisalsocommonlyusedtoenumerateusersaswell.Theagentcanmapusersbymonitoringeventsinthesecuritylogandbyqueryingendpoints.Thesemappingscanbereconfirmedbymonitoringuserconnectionstothedomaincontrollerduringthecourseofwork.Thefirewall

    SecurityLogReadingTheADAgentwillconnecttoeachdomaincontrollerinitslistandmonitorthesecuritylog.Ontheinitialconnectiontheagentwillreadthelast50,000logentries.Aftertheinitialconnection,theagentwillthenmonitorallnewevents.TheADAgentlooksforanyofthefollowingMicrosofteventIDs:

    OnWindows2003DCs:o 672(AuthenticationTicketGranted,whichoccursonthelogonmoment),o 673(ServiceTicketGranted)o 674(TicketGrantedRenewedwhichmayhappenseveraltimesduringthelogonsession)

    OnWindows2008DCs:o 4768(AuthenticationTicketGranted)o 4769(ServiceTicketGranted)o 4770(TicketGrantedRenewed)

    TheseeventswillcontainauserandIPaddress.Theusersdomainwillbecomparedtothedomainthattheagenthasbeenconfiguredtomonitor.Usersfromdomainsotherthanthemonitoreddomainwillbeignored.AlsomonitoredwillbetheIPrangesoftheusers;onlyAllowedIPranges(asconfiguredonthe

  • PaloAltoNetworks PANOS4.0 6

    ADagent)willberecorded.OncetheusernametoIPmappingtableiscreated,theagentwillsendthisdatatothefirewall.Thedefaulttimingforcheckingnewlogeventsiseverysecond,butthistimerisconfigurable.NotethattheseeventswillonlybepresentinthesecuritylogiftheADdomainisconfiguredtologsuccessfulAccountLogonevents.

    SecuritylogreadingislowoverheadfortheDomainControllerandahighlyeffectivemethodofmappingusersinaMicrosoftenvironment.Themappingswillbemaintainedforaconfigurabletimeout,whichisrecommendedtobesettohalftheDHCPleasetimeusedintheenvironment.ClientsystemsinanADdomainusingthedefaultconfigurationwillattempttorenewtheirticketsevery10hours.

    WMI/NetBIOSProbesWherethelogreadingiseffectivelyapassivemethodofusermapping,probingisanactivemethod.Onaconfigurableinterval,theADAgentwillsendaprobetoeachlearnedIPaddressinitslisttoverifythatthesameuserisstillloggedin.Theresultsoftheprobecanbeusedtoupdatetherecordontheagentandthenbepassedontothefirewall.EachlearnedIPwillbeprobedoneperintervalperiod.CareshouldbetakentomakesurethatlargeenvironmentshavealongenoughintervalforallIPstobeprobed.Forexampleinanetworkwith6,000usersandanintervalof10minutes,thatwouldrequire10WMIrequestsasecondfromeachagent.Theseprobesarequeuedandprocessedbytheagentasneeded.

    Inaddition,whenthefirewallreceivestrafficonaninterfaceinazonewithUserIdentificationenabledthatisfromanIPaddressthathasnouserdataassociatedwithit,thefirewallwillsendtheIPtoalltheADgentsconfiguredandaskthemtoprobeittodeterminetheuser.ThisrequestwillbeaddedtothequeuealongwiththeknownIPaddresseswaitingtobepolled.IftheAgentisabletodeterminetheuserattheIPbasedontheprobetheinformationwillbesentbacktothefirewall.

    IftheWMIorNetBIOSprobefailstheIPaddresswillnotbeprobedagainuntilthefirewallseesmoretrafficfromit.

    NetBIOSprobeshavenoauthenticationanddonotrequireanyspecificgroupmembershipoftheAgentaccount.AdrawbacktoNetBIOSisthatitisnotveryreliableacrosslargernetworks;itiscommonlyblockedbyhostbasedfirewallsandwillnotworkforcertainmodernoperatingsystems.(AnythingwithNetBIOSoverTCPdisabled)

    WMIqueriesarefarmorereliableandaresecuredbyeitherNTLMorKerberosbasedauthentication.ToperformthesequeriessuccessfullytheagentaccountneedstherightstoreadtheCIMV2namespaceontheclientsystems.BydefaultonDomainAdministratorshavethisright.TheunderlyingWMIquerythatissentcanbesimulatedwiththefollowingcommand,whereremotecomputerwouldbetheIPaddressofthesystembeingprobed:

    wmic /node:remotecomputer computersystem get username

  • PaloAltoNetworks PANOS4.0 7

    OpenServerSessionsAnyconnectionstoafileorprintserviceontheDomainControllerwillalsobereadbytheagent.Iftheuser/IPcombinationforthesessiondoesnotmatchthecombinationthattheAgentlastlearnedthemappingwillberemovedandtheuserattheIPaddresswillbecomeunknown.Theagentwillnotupdateuserdataasaresultofinformationlearnedfromtheopenserversessions.IftheopensessionconfirmstheuserattheIPaddressthenthatmappingwillhaveitslifetimerenewed.

    InthenormaloperationsofanADdomain,usersonWindowssystemswillconnecttothesysvolshareonthedomaincontrollertocheckfornewGroupPolicyObjects.Thedefaulttimingforthisis90minuteswitha+/30minuteoffset.Forusersconnectedtothenetworkduringaregularworkdaythisprocesswillinsurethattheyremainmappedthroughouttheday.

    AgentandFirewallCommunicationSettingsontheAgentcontrolhowoftentheagentcommunicateswiththeDomainControllersandhostsonthenetwork(forpolling).Thefirewallhasspecific,nonconfigurabletimersforitscommunicationtotheagent.

    x 2seconds:GetlistofnewIP/usermappingfromagent.Thisisadeltaofnewmappingonly.x 2seconds:SendlistofunknownIPaddressesthatwereencounteredintraffictotheagent.x 5seconds:Getagentstatus.Thisisaheartbeatusestodeterminethestatusofeachconfigured

    agent.x 10minutes:Getgroupmembershipchangesfromagent.Thisisjustthedeltaofchangessince

    thelastcheck.x 1hour:GetfulllistofIP/usermappingsfromagent

    BestPracticesforADAgent:1) SettheageouttimerfortheagenttoavalueclosetohalftheDHCPleasetime.2) UseWMIoverNetBIOSifpossible.3) Makesuretoplantheintervalforprobingbasedonthetotalnumberofusersinthe

    environment.

    2. LDAPUserAgentTheLDAPagentprovidestwoveryspecificfunctions.OneistoaccessaneDirectorytreeandreadtheloggedinIPforeachuser.WhentheuserlogsintoeDirectory,theIPaddressoftheendpointisstoredinthedirectoryasafieldintheuserobject.ThisservesasimilarfunctionastheADAgentslogscrapingandonlyworkswitheDirectory.

    ThesecondfunctionoftheLDAPagentistoreceiveXMLuserinformationfromexternalsources.ThisinformationcanbothaddandremoveuserIPmappings.SomeexamplesoftheAPIare:

    1) VisualBasicbasedloginandlogoutscriptsthataddandremovetheuserandalltheIPaddressesoftheendstation.

    2) PerlbasedscriptsforMacbasedsystemstoregisterusersonlogin.3) ModulesforNACappliancesthatpassonuserandIPinformationtothefirewall.

  • PaloAltoNetworks PANOS4.0 8

    TheAPIpassesthedataoverSSLusingasimpleXLMformatasfollows:

    3. CaptivePortalCaptivePortalisanidentificationmethodthatisnotinvokedunlessthereisnouserinformationforHTTPbasedtrafficthatthefirewallencounters.Ifauserhasbeenmappedbyoneoftheotherpossiblemethods,captiveportalwillnotbetriggered.Captiveportalistraditionallyusedtoidentifyusersthathaveslippedthroughtheothermethodsorforenvironmentswheretheothermethodsarenotappropriate.Captiveportalwillonlybetriggeredbyasessionthatmatchesthefollowingcriteria:

    1) ThereisnouserdataforthesourceIPofthesession2) ThesessionisHTTPtraffic3) ThesessionmatchesaCaptivePortalpolicyonthefirewall

    Whencaptiveportalistriggeredthebrowsersessionisinterruptedbythefirewallandusercredentialsarerequested.OncetheuserisidentifiedtheywillremainmappeduntileitheranIdleorhardtimeoutisreached.Atthatpointtheusermappingisremovedandcaptiveportalmaybetriggeredagain.

    ForfirewallsdeployedinL2orVirtualWiremodecaptiveportalmustbeconfiguredtransparently.Inthisconfigurationthefirewallwillspoofthedestinationaddressforuseinauthentication.ThiscangeneratecertificateerrorsiftheoriginalcommunicationwasoverSSL.Amoreflexiblemethodisaredirectcaptiveportal,wherethefirewallusesa302HTTPerrorcodetoredirecttheusertoaL3interfaceownedbythefirewall.WhenusingredirectcaptiveportalaspecificSSLcertificatecanbeinstalledfortheportaltomitigateanycertificatewarnings.Inadditionredirectcaptiveportalcanusecookiestomarkthesession.Thiswillallowthesessiontoremainmappedevenafterthetimeoutshaveexpired.FinallyredirectcaptiveportalwithcookiescansupportauserthatroamsfromoneIPaddresstoanotherwhilekeepingthesessionopen.Whenpossible,captiveportalshouldalwaysbedeployedinredirectmode.

  • PaloAltoNetworks PANOS4.0 9

    Therearethreemethodsforthefirewalltoextractuserdatafromthebrowser:

    1.) NTLMAuthentication2.) WebFormCaptivePortal3.) CertificatebasedAuthentication

    NTLMAuthenticationMicrosoftclientscanparticipateinaNTLMchallengeandresponseexchangethatconsistsof3messages.Thebrowserwillusethecredentialsofthecurrentlysignedinuser.InternetExplorerwilldothisbedefault,andFirefoxcanbeconfiguredtodothisforspecificURIs.(Intheabout:configsetthenetwork.automaticntlmauth.trustedurisvaletothecaptiveportalURI)Thisauthenticationistransparenttotheuser.TheusernamecapturedfromthismethodistheNetBIOSnameintheformofDOMAIN\USER,itwillbemappedtotheappropriateuserIDiftheADAgentisinuse,oriftheLDAPServerconfiguredtoreadtheADdomainhasthecorrectvalueinthedomainfield.IfthebrowseroroperatingsystemdoesnotsupportNTLMauthentication,thefirewallwillfallbacktothenextformofCaptivePortal.WhenconfiguringNTLMbasedauthenticationforCaptivePortalahostnamemustbeprovided.ForNTLMtowork,thishostnamemustnotbefullyqualified.Forexample,iftheDNSnameoftheportalisportal1.company.com,andcompany.comisintheuserssearchsuffix,thecorrectvalefortheNTLMhostwouldbeportal1.

    ThefollowingdiagramshowsNTLMbasedCaptivePortalflowusingaredirect.InthecaseofatransparentmodeCaptivePortaltherewouldbenosteps2or5.Insteadthefirewallwouldspoofthe

  • PaloAltoNetworks PANOS4.0 10

    destinationaddressandprovidethe401errorcodeasifthetargetserverhadsentit.

    WebFormCaptivePortalThismethoddisplaysawebpagewithfieldsforusernameandpassword.ThebackendauthenticationcanbeRADIUS,LDAP,localdatabaseornativeKerberos.Whilethisisthemostdisruptiveuseridentificationmethoditisalsothemethodthatwillworkwithanykindofbrowseroroperatingsystem.Assuchitisanexcellentmethodoflastresort.ThefollowingdiagramshowswebformbasedCaptive

  • PaloAltoNetworks PANOS4.0 11

    Portalflowusingaredirect.

    CertificatebasedAuthenticationAusercertificatecanalsobeusedbythecaptiveportaltoidentifytheuser.CertificatebasedauthrequiresthattrustedCAcertsareloadedonthefirewallandprovisionedforuserauthentication.Whentheuserfirstencounterscaptiveportaltheywillbepromptedforthecertificatetopassontotheserver.Ifnootherauthenticationprofilesareconfiguredforthecaptiveportalallfurtherinteractionbetweenthebrowserandtheportalshouldbetransparenttotheuser.ThisiscurrentlytheonlywaytoachievefullytransparentauthenticationforLinuxandMacclientsusingcaptiveportal.

    BestPracticesforConfiguringCaptivePortal:1.) Configurecaptiveportalinredirectmodewhenpossible.Asingleinterfacecanbeconfiguredfor

    L3operationstohosttheportalfordeploymentsusingL2orvirtualwire.2.) IfusingRADIUSinsuretheproperdefaultdomainisconfiguredforusers.Ifnodomainis

    providedduringtheloginthedefaultdomainwillbeassumed.3.) KerberosauthenticationrequirelessconfigurationforADenvironmentsthenLDAPandshould

    beusedinthesecases.

  • PaloAltoNetworks PANOS4.0 12

    4. TerminalServerAgentTheMSTerminalServeragentisawindowsservicethatisinstalledonaMicrosoftterminalserverorCitrixserver.Thejobofthisagentittointermediatetheassignmentofsourceportstothevarioususerprocesses.Thissourceportinformationispassedontothefirewallandausertableiscreatedincludingtheusername,IPaddressoftheterminalserverandsourceportsoftheusers.Thisinsuresthateachsessionfromtheterminalserveriscorrectlymappedtotheuserthatinitiatedit.Nootherusermappingfeaturesarerequiredfortheseclients,althoughenumerationandgroupmappingstillneedtotakeplace.

    5. PaloAltoNetworksclientsoftwareIftheendpointisrunningoneofthePaloAltoNetworksclientsoftwarepackagesuseridentificationwillbeprovidedbythatsoftware.Therearecurrently2softwarepackagesthatcanrunontheendpoint.NetConnectSSLVPNandGlobalProtect.Bothofthesepackageswillprovideuserinformationtothefirewalltheyareconnectedto.NoothermethodwouldberequiredtomaptheuserstotheirIPaddresses,thoughtherewouldstillneedtobesomethinginplacetoenumeratetheusersandtheirgroupmembership.


4.0 RESULTS 4.1 Characterization and Identification of

Phase of flight identification in general aviation operations

Operations Research 4.0 SoftAS GmbH - Wolfram Operations Research 4.0 ... BasicVarValues: values of the basic variables as functions of the nonbasic variables ListOfBasicVars: list

Industry 4.0 Digital Operations Survey Key Findings Finland

4.0 Identification of SWMUs, AOCs, and Other Undesignated Areas · 2018-12-06 · BAO\072200001 4-1 4.0 Identification of SWMUs, AOCs, and Other Undesignated Areas Tables 4-1 through

Manufacturing 4.0 Operations Scheduling with AGV Battery

Speech Recognition and Identification Materials, Disc 4.0

MOF 4.0: Microsoft Operations Framework 4.0 - A Pocket Guide

Automotive 4.0 Outlook and Implications · 2016-04-04 · Automotive 4.0 - A disruption and new reality in the US? > Identification of major, potentially disruptive trends > Illustration

Indagine conoscitiva sul modello Industry 4.0 · 2 Agenda Pagina A. Industry 4.0: la rivoluzione in atto 3 ... RADIO FREQUENCY IDENTIFICATION (RFID) > Connessione di macchine, sistemi

AUTOMATIC IDENTIFICATION SYSTEM - SPECIAL OPERATIONS

Smart Manufacturing for Industry 4.0 using Radio Frequency ... · Radio Frequency Identification (RFID), an Automated Identification Data Capture (AIDC) technology increasingly being

Hazard Identification in CFR Part 137 Operations

Theory of Attentional Operations in Shape Identification

4.0 HTM 209 – OM Managing Project Operations 171014

Microsoft Operations Framework 4.0 Foundations. Este Workshop de Fundamentos de MOF 4.0 fue traducido por: Julio Iglesias Pérez – MVP Enterprise Security

315 Plant Organization and Operations 4.0

How to manage operations post merger and industry 4.0

Microsoft Operations Framework (MOF) 4.0 microsoft.com/MOF

Microsoft Operations Framework 4.0 Foundations

Reinsurance Leakage – Identification & Prevention ·  · 2017-03-01Prepared by Aon Benfield Inpoint | Operations 2016 Educational Webinar Series Reinsurance Leakage – Identification

PROJECT OPERATIONS MANUAL - JLGC · POM Project Operations Manual ... criteria and conditions for assessment and selection of proposals ... project identification,

Identification and Evaluation of Concepts of Operations ... Tuesday presentations Final/German_sUAS... · Identification and Evaluation of Concepts of Operations for sUAS Package

Lincoln Downtown Traffic Study - 4.0 Traffic Operations

Aftermarket 4.0 Business Operations in the Era of

ABB Ability Industri 4.0 på riktigt Collaborative Operations

Adoption of Operations 4.0 at Zydus - IPA India · 2019-03-05 · Privileged & Confidential Adoption of Operations 4.0 at Zydus This presentation and its materials contain proprietary

4.0. COLLECTION, IDENTIFICATION, EXTRACTION AND ...shodhganga.inflibnet.ac.in/bitstream/10603/54300/9/09_chapter 4.pdf · COLLECTION, IDENTIFICATION, EXTRACTION AND PHYTOCHEMICAL

Identification of priority shorebird conservation areas in ... · Creative Commons CC-BY 4.0 OPENACCESS Identification of priority shorebird conservation areas in the Caribbean Jessica

RailCorp Operations Protocol version 4.0 December 2017€¦ · Operations Protocol Final – version 4.0 – December 2017 7 Peak Passenger Services means all suburban and intercity

Risk Identification and Risk Assessment of Air Taxi Operations for … · 2020-07-10 · 2020-3814-AJTE-MEC 1 1 Risk Identification and Risk Assessment of Air Taxi 2 Operations for

Network OS NETCONF Operations Guide, 4.0 - Fujitsu … · Reserving a port assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 ... x Network OS NETCONF Operations

MRI Technical Operations Manual Version 4.0 28.June Technical Operations Manual Version 4.0 28.June.2012 2 PPMI DTI Operations Manual Version 4.0 28.June.2012 Table of Contents 1

Chapter 4.0 Microscopy, Staining, and Classification · 2020-06-18 · Chapter 4.0 Microscopy, Staining, and Classification 8/20/2017 MDufilho 1 . Classification and Identification

Tag line, tag line Operations Manager 4.0 Customer Strategic Presentation March 2010