Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

How Safe is Your Data Center? Introducing Stealth Solutions from Surient

1.102 Aufrufe

Veröffentlicht am

There is no software without weak points, which can be attacked. Zero Day Exploits attack undisclosed vulnerabilities when there are no patches available. How to protect against such vulnerabilities? Hardly possible? Not if you are using the stealth technology from SURIENT. We will highlight the innovative technology and functionality of the SURIENT Stealth Connect Solution and show how it protects your IT from hacker attacks as well as provide an overview of the SURIENT portfolio for end-to-end security.
Hans-Günther Märkel
Harry Schäfle
Thomas Schkoda

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

How Safe is Your Data Center? Introducing Stealth Solutions from Surient

  1. 1. 0 Copyright 2016 FUJITSU Fujitsu Forum 2016 #FujitsuForum
  2. 2. 1 Copyright 2016 FUJITSU How Secure is Your Data Center? Introducing Stealth Solutions from SURIENT® Hans-Günther Märkle MD Data Center, Wilken Rechenzentrum GmbH Thomas Schkoda Principal Product Manager SURIENT, Fujitsu Harry Schäfle Head of Infrastructure Security EMEIA, Fujitsu
  3. 3. 2 Copyright 2016 FUJITSU 50+Bill. Connected devices in 2020 +44 ZByte New data in 2020 How to ensure Cyber Security in a Hyperconnected World? $2Trill Cyber Crime Costs by 2019
  4. 4. 3 Copyright 2016 FUJITSU Sense the physical world Support people’s decisions and actions Collect large amounts of data Gain New insights Analyze Data Physical World Digital World New Businesses Hyperconnected! Make one World
  5. 5. 4 Copyright 2016 FUJITSU Cyber-Crime Prevent and Investigate INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOTAC)
  6. 6. 5 Copyright 2016 FUJITSU Difficult to Protect Against Unknown  A zero-day (zero-hour, 0-day, day zero) vulnerability is an undisclosed computer- software vulnerability that hackers can exploit to adversely affect computer programs, data, additional computers or a network.  It is known as a "zero-day" because it is not publicly reported or announced before becoming active, leaving the software's author with zero days in which to create patches or advise workarounds to mitigate its actions Source: https://en.wikipedia.org/wiki/Zero-day_(computing)
  7. 7. 6 Copyright 2016 FUJITSU New Thinking is Necessary  No problem can be solved from the same consciousness that they have arisen  „Probleme kann man niemals mit derselben Denkweise lösen, durch die sie entstanden sind.“
  8. 8. 7 Copyright 2016 FUJITSU Generic Security PLUS End to End Security Screen contents can be read Webcam and microphone (internal/external) can be activated and controlled External HDDs, USBs can install viruses and backdoors unnoticed Mouse and keyboard can be read Main memory saves unencrypted data Internal data media (HDD, SSD, DVD) are readable despite encryption BIOS, OS, driver, application can contain backdoors Access to critical data Administrators can access sensible data unnoticed Data is intercepted Outgoing data can be intercepted, read and manipulated Hacker attacks are facilitated by monitoring that is not end-to-end; logs can be falsified Physical access to systems through insufficiently secured access processes Remote access Transfer and control of the systems by remote access Access prepared “sleeping backdoor” ExtranetIntranet CloudInternet Communication (W/LAN, WAN, …) Backdoors in active / passive network components
  9. 9. 8 Copyright 2016 FUJITSU Core is Communication - Stealth Connect Solution  Highly secure,  VPN server not visible – very difficult to attack  Connection creation is cascaded five times – protected by SSH, Secure Knocking, GnuPG, OpenVPN  robust  Robust against dDoS attacks, zero day exploits, man in the middle  “hardware keys” to start local “stealth connect box” (encrypted file system)  Support of remote service  and transparent  Open Source – customers can double check the code  No backdoors – no dependency on laws in this respect
  10. 10. 9 Copyright 2016 FUJITSU SURIENT Innovative Internal Technology: SeMi N-eyes principle PalmSecure ID Match biometric authentication Secure data transfer multiple encryption Decentralized storage of private keys Private keys don’t travel High availability Integrated Secure workflows technical forced Source code provided Closed port communication Signing & encryption Closed port communication
  11. 11. 10 Copyright 2016 FUJITSU SeMi: Send data SeMi: Receive data (retrieve) SeMi: Protection of data and transport channel Stealth! Turning Communication makes Server Invisible
  12. 12. 11 Copyright 2016 FUJITSU Secure Middleware  Well defined behavior/processes  Role based model for n-eyes processes  Decentralized process with no central point of attack  Execution on server is cryptographically linked to the n- eyes-process no open ports no open ports no open ports  Zones with “Separator”  secure interconnect (depending on customers or applications)
  13. 13. 12 Copyright 2016 FUJITSU SURIENT - Comprehensively Secured IP encrypted Storage encrypted Server encapsulated Encapsulted Data Center Secure Middleware Admin The good guys VPN The bad guys Viruses/ Trojans Backup Boot Server High secured rack Block them! Give them access!
  14. 14. 13 Copyright 2016 FUJITSU Service offerings Hardware products Software modules Modular to meet YOUR requirements Security projects - E2E solutions Predefined Solutions More solutions coming Sealed Application Solution (SAS) Sealed Rack Solution (SRS) Stealth Connect Solution (SCS) Encrypted Boot Solution (EBS) Managed Rack Solution (MRS)
  15. 15. 14 Copyright 2016 FUJITSU SURIENT – Cyber Security Solutions
  16. 16. 15 Copyright 2016 FUJITSU SURIENT MRS secures the access to servers & storage Central User Management Integrated central user management allows access rights can be altered at any time. This way users can be deleted very quickly Biometric Authentication User will be uniquely authenticated with biometric methods (FUJITSU PalmSecure ID Match) Monitoring All accesses and actions will be recorded in an auditable fashion and are available for audits High level of security Physical access protection to systems and storage media.
  17. 17. 16 Copyright 2016 FUJITSU SURIENT EBS supports the encryption of hard discs  Servers with encrypted root file systems can be booted without user interaction  Encrypted passphrase is stored on several boot servers  All ports of the boot servers are closed (stealth technology)  Even the administrator doesn’t know the passphrase
  18. 18. 17 Copyright 2016 FUJITSU SURIENT SCS enables a high secure communication  High secure VPN communication between clients and data center  Attackers see only closed ports (stealth technology)  Protects against Zero Day Exploits and Man-in- the-Middle-attacks
  19. 19. 18 Copyright 2016 FUJITSU Welcome on stage Hans-Günther Märkle Wilken Rechenzentrum GmbH
  20. 20. 19 Copyright 2016 FUJITSU Wilken Software Group  Founded in 1977  Owner-managed  520 employees  Head Office: Ulm  Locations in Germany and Switzerland  ERP-standard software
  21. 21. 20 Copyright 2016 FUJITSU Wilken Rechenzentrum GmbH  Founded in 2003  19 employees  Location in Ulm  Provides Wilken’s internal IT  Wilken Software as a Service  Services for external customers
  22. 22. 21 Copyright 2016 FUJITSU Wilken Rechenzentrum GmbH  Specialist for Business Application Hosting  Customer from utility and financial sector, social services, healthcare, tourism and church foundations trust us with their data.  We offer round the clock Managed Services, including Application Management delivered by our own full-time employees in Ulm.  Our data center is audited by the TÜV as highly available and has Level 3 (tekPlus) classification.  SGB- and IDW-Audits, ADV and TOMs are our daily business.  We are part of the critical infrastructure in Germany and actively live security: from operation of firewalls with hundreds of VPN tunnels up to Fujitsu SURIENT Managed Rack Solution.  We are part of the Wilken Corporate Group and operate the development systems of four software ISVs As a result our administrators and DBAs are experienced with DevOps.  Talk to us if you seek a reliable German partner to operate your company’s critical applications.
  23. 23. 22 Copyright 2016 FUJITSU Fujitsu SURIENT Managed Rack Solution  Early Field Test since October 2015  Very close and good cooperation  New requirements were evaluated and added directly to the product  Web interface to manage the solution  Communication between Palm Secure ID Match and Rack Control System: plain SSH  Potential customers and use cases:  Internet provider hardware  Legal firm’s infrastructure  Backend systems for healthcare-terminals  Utility industry (critical infrastructure)  Financial sector  Racks at our locations
  24. 24. 23 Copyright 2016 FUJITSU SURIENT – Next steps
  25. 25. 24 Copyright 2016 FUJITSU SURIENT SRS secures the access to hardware and protects against electronic attacks Control cage 7 units Server, etc. 34 units  Strengthened hardware cages  UPS to the buffered operation of the control cage  No open ports to the outside and therefore no accessible services (stealth technology)  Protects against Zero Day Exploits and Man-in- the-Middle-attacks
  26. 26. 25 Copyright 2016 FUJITSU Main principles of SURIENT  Protection against internal and external attackers  Base Technologies:  Communication through closed ports  Enforced n-eyes-principle  Throughout encryption of data  Use of OpenSource Components of SURIENT can be used for customer-specific solutions
  27. 27. 26 Copyright 2016 FUJITSU Stealth Data Center – No port scans, robust against Zero Day Exploits IP encrypted Storage encrypted Server encapsulated Encapsulted Data Center Secure Middleware Admin The good guys VPN The bad guys Viruses/ Trojans Backup Boot Server High secured rack Block them! Give them access!
  28. 28. 27 Copyright 2016 FUJITSU