• Keine Ergebnisse gefunden

Changing the defense paradigms to protect the Cyber

N/A
N/A
Info
Herunterladen
Protected

Academic year: 2021

Aktie "Changing the defense paradigms to protect the Cyber"

Copied!
13
0
0

Wird geladen.... (Jetzt Volltext ansehen)

Jetzt herunterladen ( 13 Seite )

Volltext

(1)

Prof. Dr.

(TU NN)

Norbert Pohlmann

Institute for Internet Security - if(is)

University of Applied Sciences Gelsenkirchen http://www.internet-sicherheit.de

Changing the defense paradigms

to protect the Cyber

(2)

 Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecur ity -if (is), Univ ersity of A pplie d Sc ienc es G elsenkirc hen, Germ any Bugs VPN

- Attacks -

Security Mechanisms

-2

Assessment of the situation

 Attracts <-> Security Mechanisms

(3)

 Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), Univ ersity of A pplie d Sc ienc es G elsenkirc hen, Germ any

Too many vulnerabilities

in our Software

Unsecure websites

in the field

Insufficient anti malware

protection

No international

identity management

© Michael Brown - Fotolia.com 3

IT Security Situation Today

(4)

 Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), Univ ersity of A pplie d Sc ienc es G elsenkirc hen, Germ any

Too high risk in

e-mail communication

SmartPhones

become a challenge

Cloud Computing

becomes a challenge

Smart everything

open new door (attack vectors)

© http://4.bp.blogspot.com © http://www.sevensheaven.nl, via futureclick.net

IT Security Situation Today

 Threat Potential (2/2)

(5)

 Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), Univ ersity of A pplie d Sc ienc es G elsenkirc hen, Germ any

IT Security Situation Today

 Imbalance of power

Imbalance of power in cyberspace between attackers and defenders Highly motivated and skilled attackers

Operating in secrecy from almost anywhere in the world,

Use a lot of computers (Malware, botnets) with unlimited power

Very good, professional and international organized

Successful business concepts

(Underground economy)

(6)

 Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), Univ ersity of A pplie d Sc ienc es G elsenkirc hen, Germ any

Changing the defense paradigms

 Proactive versus reactive IT security

Robust and trusted IT systems security kernel

with separation and isolation technology

combined with intelligent cryptographic security mechanisms

6

Hardware

OS OS

Turaya Security Kernel

App

Isolation Policy Enforcement

App

App

Modularization Trusted Computing Base (TCB) Virtualization Security Module

(7)

 Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), Univ ersity of A pplie d Sc ienc es G elsenkirc hen, Germ any

Security Platform - Turaya

 Architecture and Technology 1/3

Conventional hardware

CPU / hardware devices

TPM

Highest level of protection through hardware-based security

Use the advantages of Trusted Computing technology

(8)

 Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), Univ ersity of A pplie d Sc ienc es G elsenkirc hen, Germ any

Security Platform - Turaya

 Architecture and Technology 2/3

Virtualization layer for the purposes of isolation...

Protect applications Protect user data

Protect against the manipulation of an application (e.g. browser)

... through modern virtualization technologies

Micro-kernel architecture

Use of existing components in compartments

(9)

 Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), Univ ersity of A pplie d Sc ienc es G elsenkirc hen, Germ any

Security Platform - Turaya

 Architecture and Technology 3/3

Security Platform (Trusted Software Layer)

Binding of data to individual compartments Remotes attestation (remote integrity check)

Trusted Path (Between user & application / application & smartcard) Secure policy enforcement , Secure GUI, and so on

(10)

 Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), Univ ersity of A pplie d Sc ienc es G elsenkirc hen, Germ any

Changing the defense paradigms

 Collaboration between the defenders

Using every Computer as a sensor

All computers send information to build up a common situation awareness

Collective counteractive measures

Initiate efficient collective reactions on incidents preferably in an automated fashion

Business model of the defenders` collaboration

Less money for security mechanism, lower risk-level, …

(11)

 Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), Univ ersity of A pplie d Sc ienc es G elsenkirc hen, Germ any

Changing the defense paradigms

 Build up an interna. ITsec infrastructure

E-Mail

Common PKI infrastructure Bridge CA, trust model, ….

ID Management

Common unique identifier Federation, … Trusted IT system Common TPM infrastructure Configuration, …

11

(12)

 Prof . Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty -if (is), Univ ersity of A pplie d Sc ienc es G elsenkirc hen, Germ any

Changing the defense paradigms

 Summary

The security situation today is not good enough

There is an imbalance between attackers and defenders

We have to change our defense paradigms!

Proactive security mechanisms help a lot to protect our IT systems and data

Collaboration between the defenders are a must!

Let us start today to change the defense paradigms …

(13)

Prof. Dr.

(TU NN)

Norbert Pohlmann

Institute for Internet Security - if(is)

University of Applied Sciences Gelsenkirchen http://www.internet-sicherheit.de

Thank you for your attention!

Questions?

Changing the defense paradigms

to protect the Cyber

Referenzen

Jetzt herunterladen ( PDF - 13 Seite - 877.97 KB )

ÄHNLICHE DOKUMENTE

The next step in IT security after Snowden - Pohlmann

Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty - if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any Paradigm Shift – (3).

Network Security in Building Networks - Prof. Norbert Pohlmann

Norb ert P ohlm ann , Ins titute for I ntern et S ecur ity - if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any OS 23 Paradigm Shift

How global is the village Internet - Reality, Necessities...

Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty - if (is), W estpha lian U niv e rsity of A pplie d Science s Ge lsen kirch en, G erm any 27 User Companies

Let us win the battle between attacks and security mechanisms!

Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty - if (is), Univ ersity of A pplie d Sc ienc es G elsenkirc hen, Germ any.. Too many vulnerabilities in

Standardisierung für die Cloud: Keine Standards - kein Erfolg

Norb ert P ohlm ann , Ins titute for I ntern et S ecuri ty - if (is), Univ ersity of A pplie d Sc ienc es G elsenkirc hen, Germ any Public Cloud..  Weaknesses

Cloud Computing European perspective - Prof. Pohlmann

ohlm ann , Ins titute for I ntern et S ecuri ty - if (is), Univ ersity of A pplie d Sc ienc es G elsenkirc hen, Germ any Cloud computing  European perspective..

Die aktuelle Sicherheitslage des Internets - Prof. Pohlmann

Norb ert P ohlm ann, Insti tut fü r Internet Sich erhe it - if (is), Fach hochschu le G elsen kirch en Inhalt Einleitung.. Struktur

Generierung eines Lagebildes des Internets - Prof. Pohlmann

Norb ert P ohlm ann, Insti tut fü r Internet Sich erhe it - if (is), Fach hochschu le G elsen kirch en Inhalt Einleitung.. Struktur