The next step in IT security after Snowden

Similar documents
IP Reputation Exchange security research

European Internet Situation Awareness The Global View

Internet Continuous Situation Awareness

IoT Security for Critical Information Infrastructures. Andrey Tikhonov

IFIP World Computer Congress (WCC2010)

Google on BeyondCorp: Empowering employees with security for the cloud era

Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge

Cisco Self Defending Network

CSI: VIDEO SURVEILLANCE CONVERTING THE JUGGERNAUT

OS Security IV: Virtualization and Trusted Computing

Secure Sharing of an ICT Infrastructure Through Vinci

Hypervisor Security First Published On: Last Updated On:

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Mind Over Matter: The Pragmatic, Strong, and Smart Approach to Security

Operating system hardening

Building secure devices on the intelligent edge with Azure Sphere. Paul Foster, Microsoft Dr Hassan Harb, E.On

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

ANATOMY OF AN ATTACK!

Lecture Embedded System Security Introduction to Trusted Computing

Lecture Embedded System Security Introduction to Trusted Computing

Security+ SY0-501 Study Guide Table of Contents

Technical Brief Distributed Trusted Computing

How do you decide what s best for you?

Windows IoT Security. Jackie Chang Sr. Program Manager

M2M / IoT Security. Eurotech`s Everyware IoT Security Elements Overview. Robert Andres

Ceedo Client Family Products Security

Analyzing Huge Data for Suspicious Traffic. Christian Landström, Airbus DS

Security analysis of OpenID, followed by a reference implementation of an npabased OpenID provider

PrecisionAccess Trusted Access Control

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

A Unified Threat Defense: The Need for Security Convergence

Lecture Embedded System Security Introduction to Trusted Computing

PLATFORM CONVERGENCE JOURNEY

IoT It s All About Security

Applied IT Security. Device Security. Dr. Stephan Spitz 10 Development Security. Applied IT Security, Dr.

Who s Protecting Your Keys? August 2018

Stakeholders Analysis

Business Strategy Theatre

Implementing Security in Windows 2003 Network (70-299)

IT Security Manifesto

Education Network Security

Certificate Enrollment- and Signing Services for the Cloud. A behind-the-scenes presentation of a successful cooperation between

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Smart Attacks require Smart Defence Moving Target Defence

Implementing Cisco Network Security (IINS) 3.0

Provisioning secure Identity for Microcontroller based IoT Devices

Unicorn: Two- Factor Attestation for Data Security

Forensic Network Analysis in the Time of APTs

Understanding Cisco Unified Communications Security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

SECURITY ARCHITECTURES CARSTEN WEINHOLD

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Network Device Provisioning

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Information Security: Principles and Practice Second Edition. Mark Stamp

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Automated Mobile Security (ESUKOM)

The Most Important Facts in a Nutshell Content Security User Interface Security Infrastructure Security In Detail...

Agenda: Insurance Academy Event

Module Overview. works Identify NAP enforcement options Identify scenarios for NAP usage

CISCO SHIELDED OPTICAL NETWORKING

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

TAKING THE MODULAR VIEW

CyberP3i Course Module Series

Intel Software Guard Extensions

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

RSA SecurID Ready Implementation Guide

QuoVadis Trustlink Schweiz AG Teufenerstrasse 11, 9000 St. Gallen

Advanced Systems Security: Putting It Together Systems

Changing face of endpoint security

An Introduction to Trusted Platform Technology

TRUSTED SUPPLY CHAIN & REMOTE PROVISIONING WITH THE TRUSTED PLATFORM MODULE

Creating the Complete Trusted Computing Ecosystem:

Windows ierīces Enterprise infrastruktūrā. Aris Dzērvāns Microsoft

Secure & Unified Identity

Say Goodbye to Enterprise IT: Welcome to the Mobile First World. Sean Ginevan, Senior Director, Strategy Infosecurity Europe

An Overview of Secure and Authenticated Remote Access to Central Sites

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Cisco ASA 5500 Series IPS Edition for the Enterprise

CTS2134 Introduction to Networking. Module 08: Network Security

Public Key Infrastructure

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

PGP Desktop Security 7.0 Checkpoint Firewall1 / VPN1 ver 4.1 / 2000

Data Retrieval Firm Boosts Productivity while Protecting Customer Data

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

Kaspersky Open Space Security

Total Threat Protection. Whitepaper

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

Future-ready security for small and mid-size enterprises

Windows in the enterprise

Intel and Symantec: Improving performance, security, manageability and data protection

PRACTICAL NETWORK DEFENSE VERSION 1

FAQ TALK2M. ewon SA Avenue de l artisanat, Braine L Alleud Belgium

Information security summary

Mobile Devices prioritize User Experience

align security instill confidence

CS 356 Internet Security Protocols. Fall 2013

Transcription:

The next step in IT security after Snowden Prof. Dr. (TU NN) Norbert Pohlmann Institute for Internet Security - if(is) Westphalian University of Applied Sciences Gelsenkirchen, Germany www.internet-sicherheit.de

Content Evaluation of IT Security Much more encryption is needed Paradigm Shifts in IT and IT Security Summary 2

Evaluation of IT Security Overview of the biggest problems IT security problems The Internet user is still a problem Today Snowden Smartphones offer new attack vectors Manipulated IT and IT security technologies Time 3

Evaluation of IT Security Our challenge IT security problems Today Time 4

Active Encryption Much more is needed Encryption for a sustainable protection of our data IPSec (every 125 th IP packet), SSL (every 7 th IP packet), E-Mail-Encryption (~ every 20 th E-Mail),... Disc-, File Encryption, Requirements: Trustworthy encryption technology (No backdoors, strong random numbers, correct implementation,...) Very powerful IT security industry in DE IT Security made in Germany Trustworthy IT security infrastructure (PKI with RA und CA; Root certificates, ) 5

Paradigm Shift (1) More responsibility less indifference Producer responsibility Software and hardware will better matched and problems would be better identified and solved. Validation / Certification Independent and qualified organizations prove (improve) the quality of IT (security) products and solution 6

Paradigm Shift (2) More proactive less reactive IT security Reactive IT Security Systems Today we use a lot of reactive IT security solutions and that means we are always running behind the attacker. The idea of reactive IT security is, if we detect an attack, we try to protect us as fast as possible to reduce the damage. For example reactive IT security systems are Intrusion Detection Solutions Anti-Malware products Anti-Spam /-Phishing Airbag approach : If it happens, it should hurt less. 7

Paradigm Shift (2) More proactive less reactive IT security Proactive IT Security Systems Proactive IT security offers more robust and much more trustworthy protection. Here we use for example a security kernel with separation and isolation technology combined with intelligent cryptographic security mechanisms. ( Trusted Platform ) ESP strategy : Avoid skidding, before it happens. 8

Paradigm Shift (2) Trusted Platform Robustness/Modularity Modularization Virtualization Trusted Platform Trusted Computing Base App Strong Isolation OS OS Security Kernel / Virtualization Hardware App Trusted Software Layer App Security Module Integrity Control Trusted Interaction Remote Attestation, Binding, Sealing Trusted Boot 9

Paradigm Shift (3) More object less perimeter security Perimeter security Defense Model: Protect a set of computer systems and networks with the help of Firewalls, VPNs, Intrusion detection and so on. Assumption: The computers and the networks are fixed installed. Evaluation: Modern world uses flexible and distributed mobile devices. Perimeter security can t protect us like in the past! 10

Paradigm Shift (3) More object less perimeter security Object Security (Information Flow Control) Idea: Domain object-oriented security, in which the objects are provided with rights. The rights define who can use the object with which action in which IT environment Object Lifecycle Protection Distributed Policy Enforcement (even on foreign systems) generation destruction Control processing 11

Paradigm Shift (4) More collaboration less separation Imbalance of power in cyberspace between attackers and defenders. Collaboration helps to overcome the imbalanced situation 12

The next step in IT security Summary Over the time our IT security problems have become bigger and bigger! It is very important that we use much more encryption We need paradigm shifts in IT and IT security, so that we can build trust in using the Internet in the future More responsibility less indifference More proactive less reactive IT security More object less perimeter security More collaboration less separation 13

The next step in IT security after Snowden Thank you for your attention! Questions? Prof. Dr. (TU NN) Norbert Pohlmann Institute for Internet Security - if(is) Westphalian University of Applied Sciences Gelsenkirchen, Germany www.internet-sicherheit.de

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback