1 / 16

EU General Secretaiat of the Council SC, DGA CIS, Communication and Information Systems

EU General Secretaiat of the Council SC, DGA CIS, Communication and Information Systems GS Days – 04.04.13. Mise en place d’une capacite de Defense des Reseaux au sein du Conseil de l’UE – Cyber Securite, de la theorie a la pratique J-L Auboin

galia
Télécharger la présentation

EU General Secretaiat of the Council SC, DGA CIS, Communication and Information Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EU General Secretaiat of the Council SC, DGA CIS, Communication and Information Systems GS Days – 04.04.13 Mise en place d’une capacite de Defense des Reseaux au sein du Conseil de l’UE – Cyber Securite, de la theorie a la pratique J-L Auboin Security Unit, Network Defence Capability – Operational Centre 1

  2. Introduction • Cyber Securite, Cyber Defense, Cyber Espace,….: Nouveaux termes “buzzwords” • Nouveaux Concepts ? • Ou juste nouvelles pieces du puzzle deja complexe de la SECURITE des Systemes d’Information et de Communication (SIC / CIS), avec les problemes de: • Comprehension et Vision globales (au niveau Business Process et Systeme) • Strategies de Developpement Top-Down et / ou Bottom-Up • Estimations de couts • Definitions de contrats cadre adaptes pour acquisitions rapides et specifiques • Implementations concretes pour exploitation operationnelle • Maintien en condition operationnelle • Training approprie pour utilisation optimale des capacites installees • …

  3. Introduction • Basee sur 2 experiences importantes et reussies d’implementation de capacites de Cyber Defense (OTAN et UE), cette conference presente des logiques specialement elaborees et eprouvees: • Concepts generiques • Cles pour la Definition de Strategies de Developpement realisables, et la transformation de la theorie en pratique operationnelle.

  4. Structure de la Presentation • 1. Definitions de Reference • 2. Concepts generiques: definitions d’Ensemble et Structuration du probleme • 3. Cles pour la Definition de Strategies de Developpement – Architecture & Implementation • Analyse Fonctionnelle – Definition detaillee des Besoins et Services de Cyber Securite a partir de: • 1) Definition des CSIRT Services par US CERT • 2) Cadre global des 20 Controles de Cyber Securite • 3) Processus generique de Gestion d’Incidents • Analyse Systeme – Strategies de Definition d’Architectures & d’Implementation, Principes essentiels • 4. Conclusion

  5. 1. Definitions de Reference • Cyber espace: Domaine global constitue d’infrastructures interdependantes de systemes d’information et de communication, y compris leurs liaisons et les liens avec les utilisateurs (directs ou indirects) • Cyber Securite: L’application de toutes les mesures de securite techniques et legales prises pour PROTEGER le Cyber espace en general, et plus particulierement les Infrastructures critiques, en DETECTANT et REPONDANT aux incidents de Securite • Cyber Defense: Action pour PREVENIR, REAGIR et RECOUVRIR - RESTORER apres une Cyber Attaque

  6. - PROTECTION - DETECTION - RESPONSE 2. Concept Generique (1) Menaces / Attaques Evenements / Incidents Cyber Espace Infrastructures Critiques SOC / CERT: ‘Security Operational Centre’ ‘Computer Emergency Response Team’ 6

  7. Contexte Organisationnel (Structures , Mandats , …) Systemes Non Classifies Systemes Classifies de bas niveau Contexte des Politiques de Securite PKIs Systemes Classifies de haut niveau Policies Operational Contexte Gestion Du Personnel PKIs Unclassified & Procedures SECRET - - UE PKIs PKIs Standards SECRET - UE Unclassified Contexte Technologique 2. Concept Generique (2) Contexte d’Infrastructures a proteger

  8. 3. Cles pour la Definition de Strategies de Developpement • Quels que soient les contextes specifiques, les Strategies de Developpement peuvent etre definies a partir de referentiels communs etablissant la liste exhaustive des services possibles (analyse fonctionnelle) • Trois sont proposes ici: • 1) Definition des CSIRT (Computer Security Incident Response Team) Services par US CERT • 2) Cadre global des 20 Controles de Cyber Securite • 3) Processus de Gestion d’Incidents

  9. 1) < CSIRT (Computer Security Incident Response Team) Definition des services par US CERT Carnegie Mellon University • 3 Categories: • Reactive Services: • Alerts & Warnings • Incident Handling • Vulnerability Handling • Artifact Handling • Proactive Services: • Announcements • Technology Watch • Security Audits or Assessments • Configuration & Maintenance of Security Tools / Infrastructure • Development of Security Tools • Intrusion Detection Services • Security-related Information Dissemination • Security Quality Management Services: • Risk Analysis • Business Continuity & Disaster Recovery Planning • Security Consulting • Awareness Building • Education/Training • Product Evaluation or Certification

  10. 2) < 20 Critical Security Controls for Effective Cyber Defence – Shared Responsibilities (References: US Homeland Security; UK Centre for Protection of National Infrastructure Australian Government Department of Defence) • CONTROL 1 - INVENTORY OF AUTHORISED AND UNAUTHORISED DEVICES • CONTROL 2 - INVENTORY OF AUTHORISED AND UNAUTHORISED SOFTWARE • CONTROL 3 - SECURE CONFIGURATIONS FOR HARDWARE AND SOFTWARE ON LAPTOPS, WORKSTATIONS, AND SERVERS • CONTROL 4 - CONTINUOUS VULNERABILITY ASSESSMENT AND REMEDIATION • CONTROL 5 - MALWARE DEFENCES • CONTROL 6 - APPLICATION SOFTWARE SECURITY • CONTROL 7 - WIRELESS DEVICE CONTROL • CONTROL 8 - DATA RECOVERY CAPABILITY • CONTROL 9 - SECURITY SKILLS ASSESSMENT AND APPROPRIATE TRAINING TO FILL GAPS • CONTROL 10 - SECURE CONFIGURATIONS FOR NETWORK DEVICES SUCH AS FIREWALLS, ROUTERS AND SWITCHES • CONTROL 11 - LIMITATION AND CONTROL OF NETWORK PORTS, PROTOCOLS, AND SERVICES • CONTROL 12 - CONTROLLED USE OF ADMINISTRATIVE PRIVILEGES • CONTROL 13 - BOUNDARY DEFENCE • CONTROL 14 - MAINTENANCE, MONITORING, AND ANALYSIS OF SECURITY AUDIT LOGS • CONTROL 15 - CONTROLLED ACCESS BASED ON THE NEED TO KNOW • CONTROL 16 - ACCOUNT MONITORING AND CONTROL • CONTROL 17 - DATA LOSS PREVENTION • CONTROL 18 - INCIDENT RESPONSE CAPABILITY • CONTROL 19 - SECURE NETWORK ENGINEERING • CONTROL 20 - PENETRATION TESTS AND RED TEAM EXERCISES Legend: Green:CMB; Blue:Policy; Orange:Security teams (including SOC); Red:SOC

  11. 3) < Processus Generique de Gestion d’Incidents de Securite informatique • Detection • Identification of attacks/security incidents • Ante-mortem, real time, post-mortem • Reaction/Response • Containment • Eradication • Recovery • Forensics • Lessons learned • Prevention • Apply the lessons learned • Vulnerability/ threat watch • Patch management • Pen testing • Training • Etc. Permanent and recurring processes 11

  12. Recovery Deterrence Threats/Attacks & Vulnerability Prevention & Detection Analysis (NW & Sys levels) Eradication Exemple: Capacites essentielles requises pour supporter le processus de Gestion d’Incidents Honeypot Honeynet Logs analysis Active Forensics Threat Intelligence Mgt Vulnerability Mgt (critical assets) Passive Forensics Dynamic Risk Mgt Reverse Malware Eng. Penetration Testing Cyber Security Visualization Incident Ticketing System & Database (NW Flow Security Monitoring; IPS, DLP, FPC,…) DLP: Data Leakage Prevention IPS : Intrusion Prevention System FPC : Full Packet Capture

  13. 3. Strategie de Developpement d’Architecture :Principes Essentiels mais generaux de SIC • Architectures • de Base • Cible • Intermediaires (Developpement Incremental recommande) • Analyses des Business Process / Services (< 3 Referentiels precedents) • Technologie : Ref. Standards internationaux (y compris de facto standards avec outils Open source) & Best Practices (ex. ENISA)

  14. Strategie de Developpement d’Implementation au niveau Systeme: Centraliser les Capacites Centrales de Gestion Systemes Classifies de bas niveau Systemes non classifies Cyber Capacite Cyber Capacite Plate-forme de Tests Cyber Capacite Cyber Capacite Systemes Classifies de haut niveau

  15. Strategie de Developpement d’Implementation au niveau Fonctionnelle: logique Incrementale 5 1 2 3 4 CONTROL 18 - INCIDENT RESPONSE CAPABILITY Threats Analysis CONTROL 20 - PENETRATION TESTS AND RED TEAM EXERCISES CONTROL 5 - MALWARE DEFENCES Systems Static & Dynamic Security Configs & Logs (SIEM) NW Behaviour / Information Flow Security Analysis Forensics Investigation /Replay + + CONTROL 14 - MAINTENANCE, MONITORING, AND ANALYSIS OF SECURITY AUDIT LOGS CONTROL 11 - LIMITATION AND CONTROL OF NETWORK PROTOCOLS AND SERVICES CONTROL 15 - CONTROLLED ACCESS BASED ON THE NEED TO KNOW, … Vulnerability Assessment CONTROL 4 - CONTINUOUS VULNERABILITY ASSESSMENT AND REMEDIATION

  16. 4. Conclusion • Les bonnes Definitions et Strategies de developpement d’Architecture et d’Implementation de Capacites de Cyber Securite sont fondamentales pour eviter les ecueils et les fausses assurances de Securite • Elles sont necessaires mais pas suffisantes pour des realisations reussies • Elles permettent la mise en œuvre d’un plan de gestion de risques dynamique avec une prioritisation des besoins et un contrôle des couts associes • Ne pas oublier les evolutions en terme de technologie ou d’organisation qui restent un facteur essentiel quant a la perennite des ‘success stories’ initiales

More Related