More Related Content Similar to La securite dans tous ses etats (20) More from Interface ULg, LIEGE science park (20) La securite dans tous ses etats3. +
.: Agenda :.
n General Security Basics
n Threats
n Hints and Best Practices
n An eye on ULg
n Responsibilities
© 2014 SEGI ULg – Simon FRANCOIS
3
4. +
.: Basics : the Triad :.
n CIA
n Confidentiality
n Integrity
n Availability
© 2014 SEGI ULg – Simon FRANCOIS
4
5. +
.: Basics : Broad Spectrum :.
according to CISSP CBK
© 2014 SEGI ULg – Simon FRANCOIS
n Access control
n Software development
n BCP & DRP
n Cryptography
n IS Governance and Risk
Management
n Legal, Regulations,
Investigations,
Compliance…
n Security Operations
n Physical (Environment)
Security
n Security Architecture and
Design
5
6. +
.: Basics : Deeper in Access Control :.
according to CISSP CBK
© 2014 SEGI ULg – Simon FRANCOIS
6
7. +
.: Basics : not that obvious :.
according to Sean Bean
© 2014 SEGI ULg – Simon FRANCOIS
7
8. +
.: Agenda :.
n General Security Basics
n Threats
n Hints and Best Practices
n An eye on ULg
n Responsibilities
© 2014 SEGI ULg – Simon FRANCOIS
8
11. +
.:Threats : sad truths :.
It’s a trap!
© 2014 SEGI ULg – Simon FRANCOIS
n80% of the exploits rely on
well known weaknesses that
haven’t been addressed (Source :Verizon 2013Q4)
nBiggest flaw is the human factor
nYou won’t stop a determined hacker ; you
play a game where he’s one step ahead
11
12. +
.: Agenda :.
n General Security Basics
n Threats
n Hints and Best Practices
n An eye on ULg
n Responsibilities
© 2014 SEGI ULg – Simon FRANCOIS
12
13. +
.: BP : the cost of security :.
How valuable are your assets ?
© 2014 SEGI ULg – Simon FRANCOIS
99% -
100% -
Percentage of blocked threats
Risk
=
(Vulnerability
*
Exposure)
-‐
Security
13
14. +
.: BP : every layer its job :.
n Let firewalls and routers
deal with IP. Not your code,
not your server.
n Let centralized services
(AAA, monitoring) deal with
their responsibilities. Not
your code.
n Let the OS libraries do their
job. Don’t override if not
vital.
© 2014 SEGI ULg – Simon FRANCOIS
14
15. +
.: BP : Secure everything :.
n Security must become a reflex action
n Don’t add security a posteriori
n Think, build and develop with security in mind
n Use TLS as often as possible
n As a client : chose smtpS, imapS…
n As a provider : force httpS, Sftp…
n AAA your users
n No anonymous connection (unless public)
n Keep track and liability
© 2014 SEGI ULg – Simon FRANCOIS
15
16. +
.: BP : Logs! Logs! Logs! :.
nKeep logs of everything
n Network devices, servers, OS events, personal
computers, applications…
n Only way to analyze, understand, a posteriori
n Use accounting for users’ activity
n Liability
n Legal matters
n Have your logs analyzed by software
16
17. +
.: Agenda :.
n General security basics
n Threats
n Best practices
n An eye on ULg
n Responsibilities
© 2014 SEGI ULg – Simon FRANCOIS
17
18. +
.: Information System @ ULg :.
Systems side
n 2 datacenters with High Availability
n 2 secured rooms, distant from 3km
n Many 10Gbps direct optical fibers
n NetApp Metrocluster
n 260 TB storage, 150TB VTL
n Super calculator (1920 cores ; 7,7TB RAM)
n >1,000 servers
n > 95% virtual
n All above hosted @SEGI ! Many more across Campus…
© 2014 SEGI ULg – Simon FRANCOIS
18
19. +
.: Information System @ ULg :.
Network side
n 50,000 network access wall plugs
n 1,800 WiFi access points
n 500 switches ; 15 core routers (10Gbps partial
mesh)
n > 30 firewalls
n 2 next generation firewalls (NGFW) since 2009
n 2x 1Gbps through Belnet (> 20TB/7TB per month)
n Kind of Internet Service Provider
© 2014 SEGI ULg – Simon FRANCOIS
19
21. +
.: Information System @ ULg :.
Institutional security features
n Virtual network split (VLAN ;VRF)
n Local firewalls
n Internet border firewalls and NG firewalls
n IDS / IPS = Threat prevention
n URL filtering : dangerous or dubious websites
n Antispam
n Antivirus
© 2014 SEGI ULg – Simon FRANCOIS
21
22. +
.: Information System @ ULg :.
Security side
n Hundreds of thousands automatic attacks
denied each… day.
n SQL-Injection, brute force, C&C traffic, stack
overflow, SIP spyware…
n Phishing still works fine, at every attempt
n Locally managed servers are barely updated
n Personal passwords : shared, easy to find…
n No auth apps, infected BYOD…
© 2014 SEGI ULg – Simon FRANCOIS
22
23. +
.: Agenda :.
n General security basics
n Threats
n Best practices
n An eye on ULg
n Responsibilities
© 2014 SEGI ULg – Simon FRANCOIS
23
24. +
.: Responsibilities :.
nSecurity fails because of the weakest
link
nà Security is everyone’s
responsibility!
nWe wantYOU to share,
inform, educate, help,
correct… others.
© 2014 SEGI ULg – Simon FRANCOIS
24
25. +
Q & A’s ?
Simon.Francois@ulg.ac.be
© 2014 SEGI ULg – Simon FRANCOIS
25