SlideShare ist ein Scribd-Unternehmen logo

Is security optional for Ericsson products

A
aljapaco

The document discusses the importance of security for Ericsson products. It notes that risk assessments, vulnerability analyses, and hardening guidelines are mandatory. It describes using the open source security scanner Nessus to verify product security and find known vulnerabilities. It warns that attackers could use information from Nessus reports to target vulnerabilities. The document urges not skipping patches even behind firewalls, as attackers have many ways of introducing malware. It stresses taking security seriously for Ericsson nodes and employee laptops due to shared vulnerabilities with common software.

Technologie
1 von 18
Downloaden Sie, um offline zu lesen
Is security optional for Ericsson? Jonas Andersson
The answer is NO! (Atleast when it comes to product security)
Some things are mandatory Risk Assessment (RA) Vulnerability Analysis (VA) Hardening guideline
Verifying the product security A product should be as much secure as possible During the VA, tools are used to verify the security One of the tools are a software called “Nessus”
What is Nessus? An open source security scanner Scans for known vulnerabilities Performs a scan from the “network” Gives us a nice looking report
Who else are using Nessus? Customers Attackers ? ?? ?? ? ? ?
The Nessus report Lets have a quick look at a Nessus report
How can an attacker use the information from the Nessus report? If they could scan → They could attack ! (We put this in an ”Ericsson environment” later on)
Lets perform an attack Green background = Target Red background = Attacker
Removing vulnerabilities Do we really need to patch all the time? Our customers need products up and running Can we skip patching if behind a firewall? No one can reach our nodes anyway … or?
Ways of getting closer to the target A lot of different ways of getting malicious software to the target CDs and USB-memory Email attachments Links to malicious sites on the Internet
What if the target machine is a laptop that belongs to an O&M-user? (Or an Ericsson technician?) What if this laptop is connected to a node inside an Ericsson solution?
Do we need to bother? There are several Ericsson products built on common operation systems and software. Example: Yesterday a patch for the Microsoft IIS was released. Everyone using IIS version 6, 7, or 7,5 on Windows Server 2003 and 2008 is vulnerable. By sending a special crafted request an attacker could execute code on the server.
Do we need to bother… again.. Last week Adobe announced a severe vulnerability in Adobe Reader, Flash and Acrobat. This vulnerability is used by attackers in the wild… A patch is hopefully coming in the next two weeks (!) Should an Ericsson employee, or an O&M user, even consider reading a PDF-file attached to an email from his/her boss?
What else could an attacker do? Rootkit Backdoor Redirect network traffic Sniff and collect useful information ?? ?? ? ?
Why TE101? Gives the participants a deeper understanding of the importance when it comes to security requirements: – Generic baseline for Ericsson nodes – Design rules Security know-how inside Ericsson will increase To make Ericsson employees think ”security”
TE101 includes the following topics Network protocols Malicious software Vulnerabilities Verifying security Programming security Firewall fundamentals Intrusion detection Cryptography
Let's go out there and talk security!

Empfohlen

Epoch Universal Solution: Security Offerings
Epoch Universal Solution: Security OfferingsEpoch Universal Solution: Security Offerings
Epoch Universal Solution: Security OfferingsEpoch Universal, Inc.
 
Tirano_Graham_Resume
Tirano_Graham_ResumeTirano_Graham_Resume
Tirano_Graham_ResumeTirano Graham
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 
IOT Security
IOT SecurityIOT Security
IOT SecuritySylvain Martinez
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Cloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesCloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesDr. Rajesh P Barnwal
 
Hacker Proof: Building Secure Software
Hacker Proof: Building Secure SoftwareHacker Proof: Building Secure Software
Hacker Proof: Building Secure SoftwareCesar Cerrudo
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTWSO2
 

Empfohlen

Epoch Universal Solution: Security Offerings
Epoch Universal Solution: Security OfferingsEpoch Universal Solution: Security Offerings
Epoch Universal Solution: Security OfferingsEpoch Universal, Inc.
 
Tirano_Graham_Resume
Tirano_Graham_ResumeTirano_Graham_Resume
Tirano_Graham_ResumeTirano Graham
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 
IOT Security
IOT SecurityIOT Security
IOT SecuritySylvain Martinez
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Cloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesCloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesDr. Rajesh P Barnwal
 
Hacker Proof: Building Secure Software
Hacker Proof: Building Secure SoftwareHacker Proof: Building Secure Software
Hacker Proof: Building Secure SoftwareCesar Cerrudo
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTWSO2
 
Network security
Network security Network security
Network security Madhumithah Ilango
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerProduct of Things
 
IoT Security
IoT SecurityIoT Security
IoT SecurityNarudom Roongsiriwong, CISSP
 
LiPari_Assignment8
LiPari_Assignment8LiPari_Assignment8
LiPari_Assignment8Phillip LiPari
 
eScan Version 14 With Cloud Security.
eScan Version 14 With Cloud Security.eScan Version 14 With Cloud Security.
eScan Version 14 With Cloud Security.eScan
 
Iot(security)
Iot(security)Iot(security)
Iot(security)Shreya Pohekar
 
Matrix Table
Matrix TableMatrix Table
Matrix TableHerrycaRonaldo
 
The Importance of Endpoint Protection - Featuring SEP 14
The Importance of Endpoint Protection - Featuring SEP 14The Importance of Endpoint Protection - Featuring SEP 14
The Importance of Endpoint Protection - Featuring SEP 14Aventis Systems, Inc.
 
2019 Infosec World Keynote
2019 Infosec World Keynote2019 Infosec World Keynote
2019 Infosec World KeynoteJohn Kinsella
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaAndy Shutka
 
Presentation on Network Security
Presentation on Network SecurityPresentation on Network Security
Presentation on Network SecurityAditiPatni3
 
PhD-Guidance-in-Dependable-and-Secure-Computing
PhD-Guidance-in-Dependable-and-Secure-ComputingPhD-Guidance-in-Dependable-and-Secure-Computing
PhD-Guidance-in-Dependable-and-Secure-ComputingPhdtopiccom
 
What Happens At The Edge Of Your Network
What Happens At The Edge Of Your NetworkWhat Happens At The Edge Of Your Network
What Happens At The Edge Of Your NetworkGarland Technology
 
Presentation network security
Presentation network securityPresentation network security
Presentation network securitycegonsoft1999
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and TypesVikram Khanna
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
PhD-Guidance-in-Security
PhD-Guidance-in-SecurityPhD-Guidance-in-Security
PhD-Guidance-in-SecurityPhdtopiccom
 
Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Asiri Hewage
 
Eset India General Presentation
Eset India General PresentationEset India General Presentation
Eset India General PresentationKsenia Kondratieva
 
Partner Welcome Kit
Partner Welcome KitPartner Welcome Kit
Partner Welcome KitLuca Simonelli
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...AVEVA
 

Weitere ähnliche Inhalte

Was ist angesagt?

Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerProduct of Things
 
eScan Version 14 With Cloud Security.
eScan Version 14 With Cloud Security.eScan Version 14 With Cloud Security.
eScan Version 14 With Cloud Security.eScan
 
The Importance of Endpoint Protection - Featuring SEP 14
The Importance of Endpoint Protection - Featuring SEP 14The Importance of Endpoint Protection - Featuring SEP 14
The Importance of Endpoint Protection - Featuring SEP 14Aventis Systems, Inc.
 
2019 Infosec World Keynote
2019 Infosec World Keynote2019 Infosec World Keynote
2019 Infosec World KeynoteJohn Kinsella
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaAndy Shutka
 
Presentation on Network Security
Presentation on Network SecurityPresentation on Network Security
Presentation on Network SecurityAditiPatni3
 
PhD-Guidance-in-Dependable-and-Secure-Computing
PhD-Guidance-in-Dependable-and-Secure-ComputingPhD-Guidance-in-Dependable-and-Secure-Computing
PhD-Guidance-in-Dependable-and-Secure-ComputingPhdtopiccom
 
What Happens At The Edge Of Your Network
What Happens At The Edge Of Your NetworkWhat Happens At The Edge Of Your Network
What Happens At The Edge Of Your NetworkGarland Technology
 
Presentation network security
Presentation network securityPresentation network security
Presentation network securitycegonsoft1999
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and TypesVikram Khanna
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
PhD-Guidance-in-Security
PhD-Guidance-in-SecurityPhD-Guidance-in-Security
PhD-Guidance-in-SecurityPhdtopiccom
 
Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Asiri Hewage
 
Eset India General Presentation
Eset India General PresentationEset India General Presentation
Eset India General PresentationKsenia Kondratieva
 

Was ist angesagt? (20)

Network security
Network security Network security
Network security
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
LiPari_Assignment8
LiPari_Assignment8LiPari_Assignment8
LiPari_Assignment8
 
eScan Version 14 With Cloud Security.
eScan Version 14 With Cloud Security.eScan Version 14 With Cloud Security.
eScan Version 14 With Cloud Security.
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Matrix Table
Matrix TableMatrix Table
Matrix Table
 
The Importance of Endpoint Protection - Featuring SEP 14
The Importance of Endpoint Protection - Featuring SEP 14The Importance of Endpoint Protection - Featuring SEP 14
The Importance of Endpoint Protection - Featuring SEP 14
 
2019 Infosec World Keynote
2019 Infosec World Keynote2019 Infosec World Keynote
2019 Infosec World Keynote
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfua
 
Presentation on Network Security
Presentation on Network SecurityPresentation on Network Security
Presentation on Network Security
 
PhD-Guidance-in-Dependable-and-Secure-Computing
PhD-Guidance-in-Dependable-and-Secure-ComputingPhD-Guidance-in-Dependable-and-Secure-Computing
PhD-Guidance-in-Dependable-and-Secure-Computing
 
What Happens At The Edge Of Your Network
What Happens At The Edge Of Your NetworkWhat Happens At The Edge Of Your Network
What Happens At The Edge Of Your Network
 
Presentation network security
Presentation network securityPresentation network security
Presentation network security
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoT
 
PhD-Guidance-in-Security
PhD-Guidance-in-SecurityPhD-Guidance-in-Security
PhD-Guidance-in-Security
 
Security Aspects in IoT - A Review
Security Aspects in IoT - A Review Security Aspects in IoT - A Review
Security Aspects in IoT - A Review
 
Eset India General Presentation
Eset India General PresentationEset India General Presentation
Eset India General Presentation
 

Ähnlich wie Is security optional for Ericsson products

Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...AVEVA
 
Cyber security course in Kerala , Kochi
Cyber security course in Kerala , KochiCyber security course in Kerala , Kochi
Cyber security course in Kerala , Kochiamallblitz0
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfssuser57b3e5
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attacknewbie2019
 
RSA2015: Securing the Internet of Things
RSA2015: Securing the Internet of ThingsRSA2015: Securing the Internet of Things
RSA2015: Securing the Internet of ThingsDaniel Miessler
 
Microsoft Threat Protection
Microsoft Threat ProtectionMicrosoft Threat Protection
Microsoft Threat ProtectionThierry DEMAN
 
CALL FOR PAPERS - 7th International Conference on Software Security (ICSS 2021)
CALL FOR PAPERS - 7th International Conference on Software Security (ICSS 2021)CALL FOR PAPERS - 7th International Conference on Software Security (ICSS 2021)
CALL FOR PAPERS - 7th International Conference on Software Security (ICSS 2021)ijp2p
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Astaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths DispelledAstaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths Dispelledlosalamos
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptxNBBNOC
 
The new era of mega trends securtity
The new era of mega trends securtityThe new era of mega trends securtity
The new era of mega trends securtityAhmed Sallam
 
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011EASTWEST Public Relations
 
The 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypseThe 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypseChristiaan Beek
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
IoT Agent Design Principles
IoT Agent Design PrinciplesIoT Agent Design Principles
IoT Agent Design Principlesardexateam
 
Product overview-eset-file-security
Product overview-eset-file-securityProduct overview-eset-file-security
Product overview-eset-file-securityÜstün Koruma
 
Network Security v1.0 Network Security v
Network Security v1.0 Network Security vNetwork Security v1.0 Network Security v
Network Security v1.0 Network Security vSYYULIANISKOMMT
 

Ähnlich wie Is security optional for Ericsson products (20)

Partner Welcome Kit
Partner Welcome KitPartner Welcome Kit
Partner Welcome Kit
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
 
Cyber security course in Kerala , Kochi
Cyber security course in Kerala , KochiCyber security course in Kerala , Kochi
Cyber security course in Kerala , Kochi
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attack
 
RSA2015: Securing the Internet of Things
RSA2015: Securing the Internet of ThingsRSA2015: Securing the Internet of Things
RSA2015: Securing the Internet of Things
 
Microsoft Threat Protection
Microsoft Threat ProtectionMicrosoft Threat Protection
Microsoft Threat Protection
 
CALL FOR PAPERS - 7th International Conference on Software Security (ICSS 2021)
CALL FOR PAPERS - 7th International Conference on Software Security (ICSS 2021)CALL FOR PAPERS - 7th International Conference on Software Security (ICSS 2021)
CALL FOR PAPERS - 7th International Conference on Software Security (ICSS 2021)
 
Attacking antivirus
Attacking antivirusAttacking antivirus
Attacking antivirus
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
Astaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths DispelledAstaro Orange Paper Oss Myths Dispelled
Astaro Orange Paper Oss Myths Dispelled
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptx
 
The new era of mega trends securtity
The new era of mega trends securtityThe new era of mega trends securtity
The new era of mega trends securtity
 
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011
 
The 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypseThe 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypse
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
IoT Agent Design Principles
IoT Agent Design PrinciplesIoT Agent Design Principles
IoT Agent Design Principles
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
 
Product overview-eset-file-security
Product overview-eset-file-securityProduct overview-eset-file-security
Product overview-eset-file-security
 
Network Security v1.0 Network Security v
Network Security v1.0 Network Security vNetwork Security v1.0 Network Security v
Network Security v1.0 Network Security v
 

Kürzlich hochgeladen

Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 

Kürzlich hochgeladen (20)

Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 

Is security optional for Ericsson products

  • 1. Is security optional for Ericsson? Jonas Andersson
  • 2. The answer is NO! (Atleast when it comes to product security)
  • 3. Some things are mandatory Risk Assessment (RA) Vulnerability Analysis (VA) Hardening guideline
  • 4. Verifying the product security A product should be as much secure as possible During the VA, tools are used to verify the security One of the tools are a software called “Nessus”
  • 5. What is Nessus? An open source security scanner Scans for known vulnerabilities Performs a scan from the “network” Gives us a nice looking report
  • 6. Who else are using Nessus? Customers Attackers ? ?? ?? ? ? ?
  • 7. The Nessus report Lets have a quick look at a Nessus report
  • 8. How can an attacker use the information from the Nessus report? If they could scan → They could attack ! (We put this in an ”Ericsson environment” later on)
  • 9. Lets perform an attack Green background = Target Red background = Attacker
  • 10. Removing vulnerabilities Do we really need to patch all the time? Our customers need products up and running Can we skip patching if behind a firewall? No one can reach our nodes anyway … or?
  • 11. Ways of getting closer to the target A lot of different ways of getting malicious software to the target CDs and USB-memory Email attachments Links to malicious sites on the Internet
  • 12. What if the target machine is a laptop that belongs to an O&M-user? (Or an Ericsson technician?) What if this laptop is connected to a node inside an Ericsson solution?
  • 13. Do we need to bother? There are several Ericsson products built on common operation systems and software. Example: Yesterday a patch for the Microsoft IIS was released. Everyone using IIS version 6, 7, or 7,5 on Windows Server 2003 and 2008 is vulnerable. By sending a special crafted request an attacker could execute code on the server.
  • 14. Do we need to bother… again.. Last week Adobe announced a severe vulnerability in Adobe Reader, Flash and Acrobat. This vulnerability is used by attackers in the wild… A patch is hopefully coming in the next two weeks (!) Should an Ericsson employee, or an O&M user, even consider reading a PDF-file attached to an email from his/her boss?
  • 15. What else could an attacker do? Rootkit Backdoor Redirect network traffic Sniff and collect useful information ?? ?? ? ?
  • 16. Why TE101? Gives the participants a deeper understanding of the importance when it comes to security requirements: – Generic baseline for Ericsson nodes – Design rules Security know-how inside Ericsson will increase To make Ericsson employees think ”security”
  • 17. TE101 includes the following topics Network protocols Malicious software Vulnerabilities Verifying security Programming security Firewall fundamentals Intrusion detection Cryptography
  • 18. Let's go out there and talk security!