Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
+
Simon FRANCOIS
Responsable Réseau et Sécurité
www.segi.be Simon.Francois@ulg.ac.be
La sécurité
dans tous
ses états
11/03...
+
.:We don’t mess with Security :.
© 2013 SEGI ULg – Simon FRANCOIS
2
+
.: Agenda :.
n General Security Basics
n Threats
n Hints and Best Practices
n An eye on ULg
n Responsibilities
© 20...
+
.: Basics : the Triad :.
n CIA
n Confidentiality
n Integrity
n Availability
© 2014 SEGI ULg – Simon FRANCOIS
4
+
.: Basics : Broad Spectrum :.
according to CISSP CBK
© 2014 SEGI ULg – Simon FRANCOIS
n Access control
n Software deve...
+
.: Basics : Deeper in Access Control :.
according to CISSP CBK
© 2014 SEGI ULg – Simon FRANCOIS
6
+
.: Basics : not that obvious :.
according to Sean Bean
© 2014 SEGI ULg – Simon FRANCOIS
7
+
.: Agenda :.
n General Security Basics
n Threats
n Hints and Best Practices
n An eye on ULg
n Responsibilities
© 20...
+
.:Threats : they are Legion (1) :.
© 2014 SEGI ULg – Simon FRANCOIS
9
+
.:Threats : they are Legion (2) :.
© 2014 SEGI ULg – Simon FRANCOIS
10
+
.:Threats : sad truths :.
It’s a trap!
© 2014 SEGI ULg – Simon FRANCOIS
n80% of the exploits rely on
well known weaknes...
+
.: Agenda :.
n General Security Basics
n Threats
n Hints and Best Practices
n An eye on ULg
n Responsibilities
© 20...
+
.: BP : the cost of security :.
How valuable are your assets ?
© 2014 SEGI ULg – Simon FRANCOIS
99% -
100% -
Percentage ...
+
.: BP : every layer its job :.
n Let firewalls and routers
deal with IP. Not your code,
not your server.
n Let central...
+
.: BP : Secure everything :.
n Security must become a reflex action
n Don’t add security a posteriori
n Think, build ...
+
.: BP : Logs! Logs! Logs! :.
nKeep logs of everything
n Network devices, servers, OS events, personal
computers, appli...
+
.: Agenda :.
n General security basics
n Threats
n Best practices
n An eye on ULg
n Responsibilities
© 2014 SEGI UL...
+
.: Information System @ ULg :.
Systems side
n 2 datacenters with High Availability
n 2 secured rooms, distant from 3km...
+
.: Information System @ ULg :.
Network side
n 50,000 network access wall plugs
n 1,800 WiFi access points
n 500 switc...
© 2014 SEGI ULg – Simon FRANCOIS
20
+
.: Information System @ ULg :.
Institutional security features
n Virtual network split (VLAN ;VRF)
n Local firewalls
n...
+
.: Information System @ ULg :.
Security side
n Hundreds of thousands automatic attacks
denied each… day.
n SQL-Injecti...
+
.: Agenda :.
n General security basics
n Threats
n Best practices
n An eye on ULg
n Responsibilities
© 2014 SEGI UL...
+
.: Responsibilities :.
nSecurity fails because of the weakest
link
nà Security is everyone’s
responsibility!
nWe wan...
+
Q & A’s ?
Simon.Francois@ulg.ac.be
© 2014 SEGI ULg – Simon FRANCOIS
25
Upcoming SlideShare
Loading in …5
×

La securite dans tous ses etats

353 views

Published on

  • Login to see the comments

  • Be the first to like this

La securite dans tous ses etats

  1. 1. + Simon FRANCOIS Responsable Réseau et Sécurité www.segi.be Simon.Francois@ulg.ac.be La sécurité dans tous ses états 11/03/2014 1
  2. 2. + .:We don’t mess with Security :. © 2013 SEGI ULg – Simon FRANCOIS 2
  3. 3. + .: Agenda :. n General Security Basics n Threats n Hints and Best Practices n An eye on ULg n Responsibilities © 2014 SEGI ULg – Simon FRANCOIS 3
  4. 4. + .: Basics : the Triad :. n CIA n Confidentiality n Integrity n Availability © 2014 SEGI ULg – Simon FRANCOIS 4
  5. 5. + .: Basics : Broad Spectrum :. according to CISSP CBK © 2014 SEGI ULg – Simon FRANCOIS n Access control n Software development n BCP & DRP n Cryptography n IS Governance and Risk Management n Legal, Regulations, Investigations, Compliance… n Security Operations n Physical (Environment) Security n Security Architecture and Design 5
  6. 6. + .: Basics : Deeper in Access Control :. according to CISSP CBK © 2014 SEGI ULg – Simon FRANCOIS 6
  7. 7. + .: Basics : not that obvious :. according to Sean Bean © 2014 SEGI ULg – Simon FRANCOIS 7
  8. 8. + .: Agenda :. n General Security Basics n Threats n Hints and Best Practices n An eye on ULg n Responsibilities © 2014 SEGI ULg – Simon FRANCOIS 8
  9. 9. + .:Threats : they are Legion (1) :. © 2014 SEGI ULg – Simon FRANCOIS 9
  10. 10. + .:Threats : they are Legion (2) :. © 2014 SEGI ULg – Simon FRANCOIS 10
  11. 11. + .:Threats : sad truths :. It’s a trap! © 2014 SEGI ULg – Simon FRANCOIS n80% of the exploits rely on well known weaknesses that haven’t been addressed (Source :Verizon 2013Q4) nBiggest flaw is the human factor nYou won’t stop a determined hacker ; you play a game where he’s one step ahead 11
  12. 12. + .: Agenda :. n General Security Basics n Threats n Hints and Best Practices n An eye on ULg n Responsibilities © 2014 SEGI ULg – Simon FRANCOIS 12
  13. 13. + .: BP : the cost of security :. How valuable are your assets ? © 2014 SEGI ULg – Simon FRANCOIS 99% - 100% - Percentage of blocked threats Risk  =  (Vulnerability  *  Exposure)  -­‐  Security 13
  14. 14. + .: BP : every layer its job :. n Let firewalls and routers deal with IP. Not your code, not your server. n Let centralized services (AAA, monitoring) deal with their responsibilities. Not your code. n Let the OS libraries do their job. Don’t override if not vital. © 2014 SEGI ULg – Simon FRANCOIS 14
  15. 15. + .: BP : Secure everything :. n Security must become a reflex action n Don’t add security a posteriori n Think, build and develop with security in mind n Use TLS as often as possible n As a client : chose smtpS, imapS… n As a provider : force httpS, Sftp… n AAA your users n No anonymous connection (unless public) n Keep track and liability © 2014 SEGI ULg – Simon FRANCOIS 15
  16. 16. + .: BP : Logs! Logs! Logs! :. nKeep logs of everything n Network devices, servers, OS events, personal computers, applications… n Only way to analyze, understand, a posteriori n Use accounting for users’ activity n Liability n Legal matters n Have your logs analyzed by software 16
  17. 17. + .: Agenda :. n General security basics n Threats n Best practices n An eye on ULg n Responsibilities © 2014 SEGI ULg – Simon FRANCOIS 17
  18. 18. + .: Information System @ ULg :. Systems side n 2 datacenters with High Availability n 2 secured rooms, distant from 3km n Many 10Gbps direct optical fibers n NetApp Metrocluster n 260 TB storage, 150TB VTL n Super calculator (1920 cores ; 7,7TB RAM) n >1,000 servers n > 95% virtual n All above hosted @SEGI ! Many more across Campus… © 2014 SEGI ULg – Simon FRANCOIS 18
  19. 19. + .: Information System @ ULg :. Network side n 50,000 network access wall plugs n 1,800 WiFi access points n 500 switches ; 15 core routers (10Gbps partial mesh) n > 30 firewalls n 2 next generation firewalls (NGFW) since 2009 n 2x 1Gbps through Belnet (> 20TB/7TB per month) n Kind of Internet Service Provider © 2014 SEGI ULg – Simon FRANCOIS 19
  20. 20. © 2014 SEGI ULg – Simon FRANCOIS 20
  21. 21. + .: Information System @ ULg :. Institutional security features n Virtual network split (VLAN ;VRF) n Local firewalls n Internet border firewalls and NG firewalls n IDS / IPS = Threat prevention n URL filtering : dangerous or dubious websites n Antispam n Antivirus © 2014 SEGI ULg – Simon FRANCOIS 21
  22. 22. + .: Information System @ ULg :. Security side n Hundreds of thousands automatic attacks denied each… day. n SQL-Injection, brute force, C&C traffic, stack overflow, SIP spyware… n Phishing still works fine, at every attempt n Locally managed servers are barely updated n Personal passwords : shared, easy to find… n No auth apps, infected BYOD… © 2014 SEGI ULg – Simon FRANCOIS 22
  23. 23. + .: Agenda :. n General security basics n Threats n Best practices n An eye on ULg n Responsibilities © 2014 SEGI ULg – Simon FRANCOIS 23
  24. 24. + .: Responsibilities :. nSecurity fails because of the weakest link nà Security is everyone’s responsibility! nWe wantYOU to share, inform, educate, help, correct… others. © 2014 SEGI ULg – Simon FRANCOIS 24
  25. 25. + Q & A’s ? Simon.Francois@ulg.ac.be © 2014 SEGI ULg – Simon FRANCOIS 25

×