SlideShare a Scribd company logo

La securite dans tous ses etats

Interface ULg, LIEGE science park
Interface ULg, LIEGE science park
1 of 25
Download to read offline
+ Simon FRANCOIS Responsable Réseau et Sécurité www.segi.be Simon.Francois@ulg.ac.be La sécurité dans tous ses états 11/03/2014 1
+ .:We don’t mess with Security :. © 2013 SEGI ULg – Simon FRANCOIS 2
+ .: Agenda :. n General Security Basics n Threats n Hints and Best Practices n An eye on ULg n Responsibilities © 2014 SEGI ULg – Simon FRANCOIS 3
+ .: Basics : the Triad :. n CIA n Confidentiality n Integrity n Availability © 2014 SEGI ULg – Simon FRANCOIS 4
+ .: Basics : Broad Spectrum :. according to CISSP CBK © 2014 SEGI ULg – Simon FRANCOIS n Access control n Software development n BCP & DRP n Cryptography n IS Governance and Risk Management n Legal, Regulations, Investigations, Compliance… n Security Operations n Physical (Environment) Security n Security Architecture and Design 5
+ .: Basics : Deeper in Access Control :. according to CISSP CBK © 2014 SEGI ULg – Simon FRANCOIS 6
+ .: Basics : not that obvious :. according to Sean Bean © 2014 SEGI ULg – Simon FRANCOIS 7
+ .: Agenda :. n General Security Basics n Threats n Hints and Best Practices n An eye on ULg n Responsibilities © 2014 SEGI ULg – Simon FRANCOIS 8
+ .:Threats : they are Legion (1) :. © 2014 SEGI ULg – Simon FRANCOIS 9
+ .:Threats : they are Legion (2) :. © 2014 SEGI ULg – Simon FRANCOIS 10
+ .:Threats : sad truths :. It’s a trap! © 2014 SEGI ULg – Simon FRANCOIS n80% of the exploits rely on well known weaknesses that haven’t been addressed (Source :Verizon 2013Q4) nBiggest flaw is the human factor nYou won’t stop a determined hacker ; you play a game where he’s one step ahead 11
+ .: Agenda :. n General Security Basics n Threats n Hints and Best Practices n An eye on ULg n Responsibilities © 2014 SEGI ULg – Simon FRANCOIS 12
+ .: BP : the cost of security :. How valuable are your assets ? © 2014 SEGI ULg – Simon FRANCOIS 99% - 100% - Percentage of blocked threats Risk  =  (Vulnerability  *  Exposure)  -­‐  Security 13
+ .: BP : every layer its job :. n Let firewalls and routers deal with IP. Not your code, not your server. n Let centralized services (AAA, monitoring) deal with their responsibilities. Not your code. n Let the OS libraries do their job. Don’t override if not vital. © 2014 SEGI ULg – Simon FRANCOIS 14
+ .: BP : Secure everything :. n Security must become a reflex action n Don’t add security a posteriori n Think, build and develop with security in mind n Use TLS as often as possible n As a client : chose smtpS, imapS… n As a provider : force httpS, Sftp… n AAA your users n No anonymous connection (unless public) n Keep track and liability © 2014 SEGI ULg – Simon FRANCOIS 15
+ .: BP : Logs! Logs! Logs! :. nKeep logs of everything n Network devices, servers, OS events, personal computers, applications… n Only way to analyze, understand, a posteriori n Use accounting for users’ activity n Liability n Legal matters n Have your logs analyzed by software 16
+ .: Agenda :. n General security basics n Threats n Best practices n An eye on ULg n Responsibilities © 2014 SEGI ULg – Simon FRANCOIS 17
+ .: Information System @ ULg :. Systems side n 2 datacenters with High Availability n 2 secured rooms, distant from 3km n Many 10Gbps direct optical fibers n NetApp Metrocluster n 260 TB storage, 150TB VTL n Super calculator (1920 cores ; 7,7TB RAM) n >1,000 servers n > 95% virtual n All above hosted @SEGI ! Many more across Campus… © 2014 SEGI ULg – Simon FRANCOIS 18
+ .: Information System @ ULg :. Network side n 50,000 network access wall plugs n 1,800 WiFi access points n 500 switches ; 15 core routers (10Gbps partial mesh) n > 30 firewalls n 2 next generation firewalls (NGFW) since 2009 n 2x 1Gbps through Belnet (> 20TB/7TB per month) n Kind of Internet Service Provider © 2014 SEGI ULg – Simon FRANCOIS 19
© 2014 SEGI ULg – Simon FRANCOIS 20
+ .: Information System @ ULg :. Institutional security features n Virtual network split (VLAN ;VRF) n Local firewalls n Internet border firewalls and NG firewalls n IDS / IPS = Threat prevention n URL filtering : dangerous or dubious websites n Antispam n Antivirus © 2014 SEGI ULg – Simon FRANCOIS 21
+ .: Information System @ ULg :. Security side n Hundreds of thousands automatic attacks denied each… day. n SQL-Injection, brute force, C&C traffic, stack overflow, SIP spyware… n Phishing still works fine, at every attempt n Locally managed servers are barely updated n Personal passwords : shared, easy to find… n No auth apps, infected BYOD… © 2014 SEGI ULg – Simon FRANCOIS 22
+ .: Agenda :. n General security basics n Threats n Best practices n An eye on ULg n Responsibilities © 2014 SEGI ULg – Simon FRANCOIS 23
+ .: Responsibilities :. nSecurity fails because of the weakest link nà Security is everyone’s responsibility! nWe wantYOU to share, inform, educate, help, correct… others. © 2014 SEGI ULg – Simon FRANCOIS 24
+ Q & A’s ? Simon.Francois@ulg.ac.be © 2014 SEGI ULg – Simon FRANCOIS 25

Recommended

Cyber Defense in 2016
Cyber Defense in 2016Cyber Defense in 2016
Cyber Defense in 2016
Nixu Corporation
 
English2
English2English2
English2
s1170130
 
Nixu Cyber Defense Center - You have one fear less.
Nixu Cyber Defense Center - You have one fear less.Nixu Cyber Defense Center - You have one fear less.
Nixu Cyber Defense Center - You have one fear less.
Nixu Corporation
 
Azlan Security Offering
Azlan Security OfferingAzlan Security Offering
Azlan Security Offering
Gianandrea Daverio
 
Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...
IJNSA Journal
 
Best Information Security Tips for Better Computing
Best Information Security Tips for Better ComputingBest Information Security Tips for Better Computing
Best Information Security Tips for Better Computing
Patten John
 
Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...
IJNSA Journal
 
WannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt RansomwareWannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt Ransomware
Ayoub Rouzi
 

Recommended

Cyber Defense in 2016
Cyber Defense in 2016Cyber Defense in 2016
Cyber Defense in 2016
Nixu Corporation
 
English2
English2English2
English2
s1170130
 
Nixu Cyber Defense Center - You have one fear less.
Nixu Cyber Defense Center - You have one fear less.Nixu Cyber Defense Center - You have one fear less.
Nixu Cyber Defense Center - You have one fear less.
Nixu Corporation
 
Azlan Security Offering
Azlan Security OfferingAzlan Security Offering
Azlan Security Offering
Gianandrea Daverio
 
Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...
IJNSA Journal
 
Best Information Security Tips for Better Computing
Best Information Security Tips for Better ComputingBest Information Security Tips for Better Computing
Best Information Security Tips for Better Computing
Patten John
 
Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...
IJNSA Journal
 
WannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt RansomwareWannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt Ransomware
Ayoub Rouzi
 
Risk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewRisk Analytics: One Intelligent View
Risk Analytics: One Intelligent View
Skybox Security
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
BGA Cyber Security
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
Cisco Canada
 
Cisco Live Cancun PR Session
Cisco Live Cancun PR SessionCisco Live Cancun PR Session
Cisco Live Cancun PR Session
Felipe Lamus
 
Check Point vs competition security effectiveness
Check Point vs competition security effectiveness Check Point vs competition security effectiveness
Check Point vs competition security effectiveness
Moti Sagey מוטי שגיא
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
Chrysostomos Christofi
 
Check Point: Securing Web 2.0
Check Point: Securing Web 2.0 Check Point: Securing Web 2.0
Check Point: Securing Web 2.0
Group of company MUK
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA Cyber Security
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
Lancope, Inc.
 
Check Point NGFW
Check Point NGFWCheck Point NGFW
Check Point NGFW
Group of company MUK
 
Check Point: From Branch to Data Center
Check Point: From Branch to Data CenterCheck Point: From Branch to Data Center
Check Point: From Branch to Data Center
Group of company MUK
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
Scalar Decisions
 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseWebinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Cyren, Inc
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
Scalar Decisions
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and Sourcefire
Global Knowledge Training
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...
Cisco Canada
 
Wireless Network Security Palo Alto Networks / Aruba Networks Integration
Wireless Network Security Palo Alto Networks / Aruba Networks IntegrationWireless Network Security Palo Alto Networks / Aruba Networks Integration
Wireless Network Security Palo Alto Networks / Aruba Networks Integration
Aruba, a Hewlett Packard Enterprise company
 
Infosec cert service
Infosec cert serviceInfosec cert service
Infosec cert service
Minh Le
 
Check Point vSEC - Bezpečnostní řešení pro moderní datová centra
Check Point vSEC - Bezpečnostní řešení pro moderní datová centraCheck Point vSEC - Bezpečnostní řešení pro moderní datová centra
Check Point vSEC - Bezpečnostní řešení pro moderní datová centra
MarketingArrowECS_CZ
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
Scalar Decisions
 
20191129 - le point-diagnostic-pi - picarre
20191129 - le point-diagnostic-pi - picarre20191129 - le point-diagnostic-pi - picarre
20191129 - le point-diagnostic-pi - picarre
Interface ULg, LIEGE science park
 
2019 09 26 - le point - Convaincre son banquier
2019 09 26 - le point - Convaincre son banquier2019 09 26 - le point - Convaincre son banquier
2019 09 26 - le point - Convaincre son banquier
Interface ULg, LIEGE science park
 

More Related Content

Similar to La securite dans tous ses etats

apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
Chrysostomos Christofi
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
Lancope, Inc.
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and Sourcefire
Global Knowledge Training
 

Similar to La securite dans tous ses etats (20)

Risk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewRisk Analytics: One Intelligent View
Risk Analytics: One Intelligent View
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
Cisco Live Cancun PR Session
Cisco Live Cancun PR SessionCisco Live Cancun PR Session
Cisco Live Cancun PR Session
 
Check Point vs competition security effectiveness
Check Point vs competition security effectiveness Check Point vs competition security effectiveness
Check Point vs competition security effectiveness
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
 
Check Point: Securing Web 2.0
Check Point: Securing Web 2.0 Check Point: Securing Web 2.0
Check Point: Securing Web 2.0
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
 
Check Point NGFW
Check Point NGFWCheck Point NGFW
Check Point NGFW
 
Check Point: From Branch to Data Center
Check Point: From Branch to Data CenterCheck Point: From Branch to Data Center
Check Point: From Branch to Data Center
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseWebinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of Defense
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and Sourcefire
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...
 
Wireless Network Security Palo Alto Networks / Aruba Networks Integration
Wireless Network Security Palo Alto Networks / Aruba Networks IntegrationWireless Network Security Palo Alto Networks / Aruba Networks Integration
Wireless Network Security Palo Alto Networks / Aruba Networks Integration
 
Infosec cert service
Infosec cert serviceInfosec cert service
Infosec cert service
 
Check Point vSEC - Bezpečnostní řešení pro moderní datová centra
Check Point vSEC - Bezpečnostní řešení pro moderní datová centraCheck Point vSEC - Bezpečnostní řešení pro moderní datová centra
Check Point vSEC - Bezpečnostní řešení pro moderní datová centra
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
 

More from Interface ULg, LIEGE science park

20181130 le point-innovatech-analyse multicritere
20181130 le point-innovatech-analyse multicritere20181130 le point-innovatech-analyse multicritere
20181130 le point-innovatech-analyse multicritere
Interface ULg, LIEGE science park
 
20181026 - le point - incitants fiscaux R&D - MoneyOak
20181026 - le point - incitants fiscaux R&D - MoneyOak20181026 - le point - incitants fiscaux R&D - MoneyOak
20181026 - le point - incitants fiscaux R&D - MoneyOak
Interface ULg, LIEGE science park
 
Aides à l'Innovation de la Région Wallonne - Le Point du LIEGE science park -...
Aides à l'Innovation de la Région Wallonne - Le Point du LIEGE science park -...Aides à l'Innovation de la Région Wallonne - Le Point du LIEGE science park -...
Aides à l'Innovation de la Région Wallonne - Le Point du LIEGE science park -...
Interface ULg, LIEGE science park
 
The competencies of the University of Liège for the aerospace cluster SKYWIN
The competencies of the University of Liège for the aerospace cluster SKYWINThe competencies of the University of Liège for the aerospace cluster SKYWIN
The competencies of the University of Liège for the aerospace cluster SKYWIN
Interface ULg, LIEGE science park
 

More from Interface ULg, LIEGE science park (20)

20191129 - le point-diagnostic-pi - picarre
20191129 - le point-diagnostic-pi - picarre20191129 - le point-diagnostic-pi - picarre
20191129 - le point-diagnostic-pi - picarre
 
2019 09 26 - le point - Convaincre son banquier
2019 09 26 - le point - Convaincre son banquier2019 09 26 - le point - Convaincre son banquier
2019 09 26 - le point - Convaincre son banquier
 
2019 03 29_ le point_EUREKA_SPW
2019 03 29_ le point_EUREKA_SPW2019 03 29_ le point_EUREKA_SPW
2019 03 29_ le point_EUREKA_SPW
 
Réforme code des sociétés - Le Point du LIEGE science park - 25 janvier 2019
Réforme code des sociétés - Le Point du LIEGE science park - 25 janvier 2019Réforme code des sociétés - Le Point du LIEGE science park - 25 janvier 2019
Réforme code des sociétés - Le Point du LIEGE science park - 25 janvier 2019
 
20181130 le point-innovatech-analyse multicritere
20181130 le point-innovatech-analyse multicritere20181130 le point-innovatech-analyse multicritere
20181130 le point-innovatech-analyse multicritere
 
20181026 - le point - incitants fiscaux R&D - MoneyOak
20181026 - le point - incitants fiscaux R&D - MoneyOak20181026 - le point - incitants fiscaux R&D - MoneyOak
20181026 - le point - incitants fiscaux R&D - MoneyOak
 
SISEM, motivation des équipes projets - Le Point du LIEGE science park - 30 m...
SISEM, motivation des équipes projets - Le Point du LIEGE science park - 30 m...SISEM, motivation des équipes projets - Le Point du LIEGE science park - 30 m...
SISEM, motivation des équipes projets - Le Point du LIEGE science park - 30 m...
 
Aides à l'Innovation de la Région Wallonne - Le Point du LIEGE science park -...
Aides à l'Innovation de la Région Wallonne - Le Point du LIEGE science park -...Aides à l'Innovation de la Région Wallonne - Le Point du LIEGE science park -...
Aides à l'Innovation de la Région Wallonne - Le Point du LIEGE science park -...
 
Protocole NAGOYA - Le Point du LIEGE science park - 27 octobre 2017
Protocole NAGOYA - Le Point du LIEGE science park - 27 octobre 2017Protocole NAGOYA - Le Point du LIEGE science park - 27 octobre 2017
Protocole NAGOYA - Le Point du LIEGE science park - 27 octobre 2017
 
Actifs immatériels - enjeux levée de fonds - Le Point du LIEGE science park -...
Actifs immatériels - enjeux levée de fonds - Le Point du LIEGE science park -...Actifs immatériels - enjeux levée de fonds - Le Point du LIEGE science park -...
Actifs immatériels - enjeux levée de fonds - Le Point du LIEGE science park -...
 
Incitants fiscaux R&D - Le Point du LIEGE science park - 19 mai 2017
Incitants fiscaux R&D - Le Point du LIEGE science park - 19 mai 2017Incitants fiscaux R&D - Le Point du LIEGE science park - 19 mai 2017
Incitants fiscaux R&D - Le Point du LIEGE science park - 19 mai 2017
 
20170428 - Le Point - Protection des données à caractère personnel - CRIDS
20170428 - Le Point - Protection des données à caractère personnel - CRIDS20170428 - Le Point - Protection des données à caractère personnel - CRIDS
20170428 - Le Point - Protection des données à caractère personnel - CRIDS
 
Intelligence artificielle - juridique - Le Point du LIEGE science park - 31 m...
Intelligence artificielle - juridique - Le Point du LIEGE science park - 31 m...Intelligence artificielle - juridique - Le Point du LIEGE science park - 31 m...
Intelligence artificielle - juridique - Le Point du LIEGE science park - 31 m...
 
20170224_Le Point_valoriser une entreprise technologique_deloitte
20170224_Le Point_valoriser une entreprise technologique_deloitte20170224_Le Point_valoriser une entreprise technologique_deloitte
20170224_Le Point_valoriser une entreprise technologique_deloitte
 
The competencies of the University of Liège for the aerospace cluster SKYWIN
The competencies of the University of Liège for the aerospace cluster SKYWINThe competencies of the University of Liège for the aerospace cluster SKYWIN
The competencies of the University of Liège for the aerospace cluster SKYWIN
 
Impression 3D et droit des marques _ Le Point du LiEGE science park _ 27 janv...
Impression 3D et droit des marques _ Le Point du LiEGE science park _ 27 janv...Impression 3D et droit des marques _ Le Point du LiEGE science park _ 27 janv...
Impression 3D et droit des marques _ Le Point du LiEGE science park _ 27 janv...
 
ULg-Skywin - Multibody & mechatronic systems laboratory - MMS
ULg-Skywin - Multibody & mechatronic systems laboratory - MMSULg-Skywin - Multibody & mechatronic systems laboratory - MMS
ULg-Skywin - Multibody & mechatronic systems laboratory - MMS
 
ULg-Skywin - Modelling for aquatic systems - MAST
ULg-Skywin - Modelling for aquatic systems - MASTULg-Skywin - Modelling for aquatic systems - MAST
ULg-Skywin - Modelling for aquatic systems - MAST
 
ULg-Skywin - Microsys
ULg-Skywin - MicrosysULg-Skywin - Microsys
ULg-Skywin - Microsys
 
ULg-Skywin - Lentic
ULg-Skywin - LenticULg-Skywin - Lentic
ULg-Skywin - Lentic
 

La securite dans tous ses etats

  • 1. + Simon FRANCOIS Responsable Réseau et Sécurité www.segi.be Simon.Francois@ulg.ac.be La sécurité dans tous ses états 11/03/2014 1
  • 2. + .:We don’t mess with Security :. © 2013 SEGI ULg – Simon FRANCOIS 2
  • 3. + .: Agenda :. n General Security Basics n Threats n Hints and Best Practices n An eye on ULg n Responsibilities © 2014 SEGI ULg – Simon FRANCOIS 3
  • 4. + .: Basics : the Triad :. n CIA n Confidentiality n Integrity n Availability © 2014 SEGI ULg – Simon FRANCOIS 4
  • 5. + .: Basics : Broad Spectrum :. according to CISSP CBK © 2014 SEGI ULg – Simon FRANCOIS n Access control n Software development n BCP & DRP n Cryptography n IS Governance and Risk Management n Legal, Regulations, Investigations, Compliance… n Security Operations n Physical (Environment) Security n Security Architecture and Design 5
  • 6. + .: Basics : Deeper in Access Control :. according to CISSP CBK © 2014 SEGI ULg – Simon FRANCOIS 6
  • 7. + .: Basics : not that obvious :. according to Sean Bean © 2014 SEGI ULg – Simon FRANCOIS 7
  • 8. + .: Agenda :. n General Security Basics n Threats n Hints and Best Practices n An eye on ULg n Responsibilities © 2014 SEGI ULg – Simon FRANCOIS 8
  • 9. + .:Threats : they are Legion (1) :. © 2014 SEGI ULg – Simon FRANCOIS 9
  • 10. + .:Threats : they are Legion (2) :. © 2014 SEGI ULg – Simon FRANCOIS 10
  • 11. + .:Threats : sad truths :. It’s a trap! © 2014 SEGI ULg – Simon FRANCOIS n80% of the exploits rely on well known weaknesses that haven’t been addressed (Source :Verizon 2013Q4) nBiggest flaw is the human factor nYou won’t stop a determined hacker ; you play a game where he’s one step ahead 11
  • 12. + .: Agenda :. n General Security Basics n Threats n Hints and Best Practices n An eye on ULg n Responsibilities © 2014 SEGI ULg – Simon FRANCOIS 12
  • 13. + .: BP : the cost of security :. How valuable are your assets ? © 2014 SEGI ULg – Simon FRANCOIS 99% - 100% - Percentage of blocked threats Risk  =  (Vulnerability  *  Exposure)  -­‐  Security 13
  • 14. + .: BP : every layer its job :. n Let firewalls and routers deal with IP. Not your code, not your server. n Let centralized services (AAA, monitoring) deal with their responsibilities. Not your code. n Let the OS libraries do their job. Don’t override if not vital. © 2014 SEGI ULg – Simon FRANCOIS 14
  • 15. + .: BP : Secure everything :. n Security must become a reflex action n Don’t add security a posteriori n Think, build and develop with security in mind n Use TLS as often as possible n As a client : chose smtpS, imapS… n As a provider : force httpS, Sftp… n AAA your users n No anonymous connection (unless public) n Keep track and liability © 2014 SEGI ULg – Simon FRANCOIS 15
  • 16. + .: BP : Logs! Logs! Logs! :. nKeep logs of everything n Network devices, servers, OS events, personal computers, applications… n Only way to analyze, understand, a posteriori n Use accounting for users’ activity n Liability n Legal matters n Have your logs analyzed by software 16
  • 17. + .: Agenda :. n General security basics n Threats n Best practices n An eye on ULg n Responsibilities © 2014 SEGI ULg – Simon FRANCOIS 17
  • 18. + .: Information System @ ULg :. Systems side n 2 datacenters with High Availability n 2 secured rooms, distant from 3km n Many 10Gbps direct optical fibers n NetApp Metrocluster n 260 TB storage, 150TB VTL n Super calculator (1920 cores ; 7,7TB RAM) n >1,000 servers n > 95% virtual n All above hosted @SEGI ! Many more across Campus… © 2014 SEGI ULg – Simon FRANCOIS 18
  • 19. + .: Information System @ ULg :. Network side n 50,000 network access wall plugs n 1,800 WiFi access points n 500 switches ; 15 core routers (10Gbps partial mesh) n > 30 firewalls n 2 next generation firewalls (NGFW) since 2009 n 2x 1Gbps through Belnet (> 20TB/7TB per month) n Kind of Internet Service Provider © 2014 SEGI ULg – Simon FRANCOIS 19
  • 20. © 2014 SEGI ULg – Simon FRANCOIS 20
  • 21. + .: Information System @ ULg :. Institutional security features n Virtual network split (VLAN ;VRF) n Local firewalls n Internet border firewalls and NG firewalls n IDS / IPS = Threat prevention n URL filtering : dangerous or dubious websites n Antispam n Antivirus © 2014 SEGI ULg – Simon FRANCOIS 21
  • 22. + .: Information System @ ULg :. Security side n Hundreds of thousands automatic attacks denied each… day. n SQL-Injection, brute force, C&C traffic, stack overflow, SIP spyware… n Phishing still works fine, at every attempt n Locally managed servers are barely updated n Personal passwords : shared, easy to find… n No auth apps, infected BYOD… © 2014 SEGI ULg – Simon FRANCOIS 22
  • 23. + .: Agenda :. n General security basics n Threats n Best practices n An eye on ULg n Responsibilities © 2014 SEGI ULg – Simon FRANCOIS 23
  • 24. + .: Responsibilities :. nSecurity fails because of the weakest link nà Security is everyone’s responsibility! nWe wantYOU to share, inform, educate, help, correct… others. © 2014 SEGI ULg – Simon FRANCOIS 24
  • 25. + Q & A’s ? Simon.Francois@ulg.ac.be © 2014 SEGI ULg – Simon FRANCOIS 25