SlideShare ist ein Scribd-Unternehmen logo

BISC 2013: Hosting and security

Frank Louwers
Frank Louwers

This document discusses security challenges in hosting environments, including DDoS attacks and how they have evolved over time. It also addresses how laws and government surveillance programs can impact hosting providers. Some key points include: - DDoS attacks are increasingly large in scale and use amplification techniques, making them difficult to defend against. External protection services are very expensive. - Traditional firewalls are ineffective against many modern attacks which exploit weaknesses in websites or use stolen credentials. The "onion model" of multiple layers of security is recommended. - Hosting servers located in one country may still be subject to laws and surveillance programs of the country where the hosting company is headquartered or network owner is based. This can allow governments

Technologie
1 von 24
Downloaden Sie, um offline zu lesen
Frank Louwers - Security challenges in a hosting environment - 20131024 Frank Louwers Openminds bvba Co-founder en COO Managed Hosting frank@openminds.be
Frank Louwers - Security challenges in a hosting environment - 20131024 DDoS and how they changed
Frank Louwers - Security challenges in a hosting environment - 20131024 (D)DoS attacks are not new Used to be targeted at: •Competing game clans •IRC servers •Political parties
Frank Louwers - Security challenges in a hosting environment - 20131024 DDoS attack shift •“Occupy movement”: a lot of attacks on banks •Political parties •“companies and organisations with negative press” (Monsanto, Press-agency of the Belgian Catholic Church, ...)
Frank Louwers - Security challenges in a hosting environment - 20131024 Attacks we can’t explain •Radio Stations?! •Software development companies •B2B online shops?
Frank Louwers - Security challenges in a hosting environment - 20131024 DDoS attacks: new tricks •Amplification attacks: attacker sends 2 Mbps stream, gets multiplied by 20, results in 40 Mbps attack •Now multiply by 100 bots, so 4Gbps attack •Bad configured DNS servers •DNSSec increases the problem
Frank Louwers - Security challenges in a hosting environment - 20131024 Protect against DDoS attacks •UDP: yes, can be blocked by decent routers •SYN flood: difficult: compare to tickets at butcher •Huge amount of bandwidth: impossible: 100000 cars on road built for 100 cars (only option: remove roadsigns)
Frank Louwers - Security challenges in a hosting environment - 20131024 Protection by external firms •Good ones: very very very expensive (but they work!) •Cheaper ones: no “unlimited” protection •2013: large number of new cheap players •Some of them Russian and very cheap •Would you pay the attacker to block the attack?
Frank Louwers - Security challenges in a hosting environment - 20131024 Conclusion: “the new normal” •DDoS attacks are here to stay •Invest in tools to detect the attack •Invest in procedures: know how to respond •Get to know the external players •Insurance? Some insurance companies cover this
Frank Louwers - Security challenges in a hosting environment - 20131024 About that firewall... Or why your firewall isn’t going to help much (in a hosting environment)
Frank Louwers - Security challenges in a hosting environment - 20131024 Traditional big firewall is useless •Will not protect you against 99.5% of break-ins we see •Bad code in CMS/Websites (> 98%) •Stolen credentials (caused by spyware) •Infected customer computers used as launchplatform •Not flexible enough (Cloud, scaling, ...) •Unmaintainable, unupgradeable
Frank Louwers - Security challenges in a hosting environment - 20131024 We are under attack... •All the time •Every server •Impossible to filter signal out of the noise •Or at least very difficult
Frank Louwers - Security challenges in a hosting environment - 20131024 So what does work? The Onion Model
Frank Louwers - Security challenges in a hosting environment - 20131024 Onion model •Maintained website (ask for maintenance contract) •written in the right mindset (“we will be attacked”) •Small, efficient host-firewalls •Try to detect anomalies •Force secure credentials or 2-Factor Authentication •Make customers aware of the problems, teach them ... •Know what happens on the network
Frank Louwers - Security challenges in a hosting environment - 20131024 ... and automate •Human factor weakest link •so take away human factor where possible •Automate configuration management: •Less mistakes •Quickly apply fix to large # of servers
Frank Louwers - Security challenges in a hosting environment - 20131024 Hosting providers and the law
Frank Louwers - Security challenges in a hosting environment - 20131024 Which laws?
Frank Louwers - Security challenges in a hosting environment - 20131024 Which laws apply? •“Laws of country where the server is located, applies” •“Laws of country where company HQ are, applies” •But that’s not always the case!
Frank Louwers - Security challenges in a hosting environment - 20131024 Servers in Europe, US laws •Amazon Ireland, Microsoft Azure Europe, Rackspace UK •Are all American companies, or controlled by US entity •So they must follow US law! •PATRIOT Act •(so FBI can get a copy of your data without a warrant)
Frank Louwers - Security challenges in a hosting environment - 20131024 Networks •Almost all of the big networks are American • So assume “they” can read everything you put on the wire • So use good encryption or VPN links •AMS-IX wanted to open US branch • huge concerns by members!
Frank Louwers - Security challenges in a hosting environment - 20131024 Snowden and the NSA •It has become clear the the NSA has access to a lot of data •why is there no real outrage? •Do we really think this is “normal”? Do we accept this?
Frank Louwers - Security challenges in a hosting environment - 20131024 Laws that change everything Last proposal for “Internet tap”: •coffee-bar next door that offers free WiFi •forced to buy 25 000 € tap box •to allow police to tap the “public network”
Frank Louwers - Security challenges in a hosting environment - 20131024 Laws that change everything •Data-retention law: •Vague, “details” (= entire law) to be filled in by RD •Clearly targeted at the “small fish” •Real criminal rents 30 euro dedicated service, no logs
Frank Louwers - Security challenges in a hosting environment - 20131024 Laws that change everything •A lot of “Notice and Take Down” proposals: •requires us as a hoster, to be a judge. •We are not judges, and don’t want to be! •Changes the intent of the current law completely! •“mere conduit” vs “judge”

Empfohlen

The 12 Home Security Tips of Christmas
The 12 Home Security Tips of ChristmasThe 12 Home Security Tips of Christmas
The 12 Home Security Tips of Christmas
Keytek Locksmiths
 
Innovative Security Group Official Flyer
Innovative Security Group Official FlyerInnovative Security Group Official Flyer
Innovative Security Group Official Flyer
Paul Mashauri
 
Network Security
Network SecurityNetwork Security
Network Security
ADVA
 
concox gsm alarm products
concox gsm alarm productsconcox gsm alarm products
concox gsm alarm products
concox
 
Devopsdays Ignite: BGP for all your ha needs
Devopsdays Ignite: BGP for all your ha needsDevopsdays Ignite: BGP for all your ha needs
Devopsdays Ignite: BGP for all your ha needs
Frank Louwers
 
Iso9001 Agile Teams
Iso9001 Agile TeamsIso9001 Agile Teams
Iso9001 Agile Teams
Frank Louwers
 
Openminds Techtalk: DNS
Openminds Techtalk: DNSOpenminds Techtalk: DNS
Openminds Techtalk: DNS
Frank Louwers
 
Node.js: waarom en hoe
Node.js: waarom en hoeNode.js: waarom en hoe
Node.js: waarom en hoe
Frank Louwers
 

Empfohlen

The 12 Home Security Tips of Christmas
The 12 Home Security Tips of ChristmasThe 12 Home Security Tips of Christmas
The 12 Home Security Tips of Christmas
Keytek Locksmiths
 
Innovative Security Group Official Flyer
Innovative Security Group Official FlyerInnovative Security Group Official Flyer
Innovative Security Group Official Flyer
Paul Mashauri
 
Network Security
Network SecurityNetwork Security
Network Security
ADVA
 
concox gsm alarm products
concox gsm alarm productsconcox gsm alarm products
concox gsm alarm products
concox
 
Devopsdays Ignite: BGP for all your ha needs
Devopsdays Ignite: BGP for all your ha needsDevopsdays Ignite: BGP for all your ha needs
Devopsdays Ignite: BGP for all your ha needs
Frank Louwers
 
Iso9001 Agile Teams
Iso9001 Agile TeamsIso9001 Agile Teams
Iso9001 Agile Teams
Frank Louwers
 
Openminds Techtalk: DNS
Openminds Techtalk: DNSOpenminds Techtalk: DNS
Openminds Techtalk: DNS
Frank Louwers
 
Node.js: waarom en hoe
Node.js: waarom en hoeNode.js: waarom en hoe
Node.js: waarom en hoe
Frank Louwers
 
Webinar: Insights from CYREN's Q3 trend report
Webinar: Insights from CYREN's Q3 trend reportWebinar: Insights from CYREN's Q3 trend report
Webinar: Insights from CYREN's Q3 trend report
Cyren, Inc
 
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PROIDEA
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
Sophos Benelux
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
PECB
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
AlgoSec
 
Hunt for the red DA
Hunt for the red DAHunt for the red DA
Hunt for the red DA
Neil Lines
 
OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentation
uisgslide
 
FMK2014 FileMaker Security and Database Encryption by Jon Thatcher
FMK2014 FileMaker Security and Database Encryption by Jon ThatcherFMK2014 FileMaker Security and Database Encryption by Jon Thatcher
FMK2014 FileMaker Security and Database Encryption by Jon Thatcher
Verein FM Konferenz
 
Securing your web infrastructure
Securing your web infrastructureSecuring your web infrastructure
Securing your web infrastructure
WP Engine
 
Cybersecurity Concerns You Should be Thinking About
Cybersecurity Concerns You Should be Thinking AboutCybersecurity Concerns You Should be Thinking About
Cybersecurity Concerns You Should be Thinking About
Advanced Technology Consulting (ATC)
 
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PROIDEA
 
Alex Michael | Empowering End Users: Your Frontline Cyber Security Defence
Alex Michael | Empowering End Users: Your Frontline Cyber Security DefenceAlex Michael | Empowering End Users: Your Frontline Cyber Security Defence
Alex Michael | Empowering End Users: Your Frontline Cyber Security Defence
Pro Mrkt
 
Recover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by TictacRecover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by Tictac
TicTac Data Recovery
 
Shining a Light on Cyber Threats from the Dark Web
Shining a Light on Cyber Threats from the Dark WebShining a Light on Cyber Threats from the Dark Web
Shining a Light on Cyber Threats from the Dark Web
SurfWatch Labs
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Cyren, Inc
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
Imperva
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your Business
Lucy Denver
 
The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surface
Jason Bloomberg
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
Andris Soroka
 
Hunting Attackers with Network Audit Trails
Hunting Attackers with Network Audit TrailsHunting Attackers with Network Audit Trails
Hunting Attackers with Network Audit Trails
Lancope, Inc.
 
GDPR for Nerders - OpenTechTalks Gent 2019
GDPR for Nerders - OpenTechTalks Gent 2019GDPR for Nerders - OpenTechTalks Gent 2019
GDPR for Nerders - OpenTechTalks Gent 2019
Frank Louwers
 
Docker security 101 (CfgMgmtCamp 2019)
Docker security 101 (CfgMgmtCamp 2019)Docker security 101 (CfgMgmtCamp 2019)
Docker security 101 (CfgMgmtCamp 2019)
Frank Louwers
 

Weitere ähnliche Inhalte

Ähnlich wie BISC 2013: Hosting and security

Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
PECB
 
FMK2014 FileMaker Security and Database Encryption by Jon Thatcher
FMK2014 FileMaker Security and Database Encryption by Jon ThatcherFMK2014 FileMaker Security and Database Encryption by Jon Thatcher
FMK2014 FileMaker Security and Database Encryption by Jon Thatcher
Verein FM Konferenz
 
The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surface
Jason Bloomberg
 
Hunting Attackers with Network Audit Trails
Hunting Attackers with Network Audit TrailsHunting Attackers with Network Audit Trails
Hunting Attackers with Network Audit Trails
Lancope, Inc.
 

Ähnlich wie BISC 2013: Hosting and security (20)

Webinar: Insights from CYREN's Q3 trend report
Webinar: Insights from CYREN's Q3 trend reportWebinar: Insights from CYREN's Q3 trend report
Webinar: Insights from CYREN's Q3 trend report
 
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
 
Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.Compliance made easy. Pass your audits stress-free.
Compliance made easy. Pass your audits stress-free.
 
Hunt for the red DA
Hunt for the red DAHunt for the red DA
Hunt for the red DA
 
OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentation
 
FMK2014 FileMaker Security and Database Encryption by Jon Thatcher
FMK2014 FileMaker Security and Database Encryption by Jon ThatcherFMK2014 FileMaker Security and Database Encryption by Jon Thatcher
FMK2014 FileMaker Security and Database Encryption by Jon Thatcher
 
Securing your web infrastructure
Securing your web infrastructureSecuring your web infrastructure
Securing your web infrastructure
 
Cybersecurity Concerns You Should be Thinking About
Cybersecurity Concerns You Should be Thinking AboutCybersecurity Concerns You Should be Thinking About
Cybersecurity Concerns You Should be Thinking About
 
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
 
Alex Michael | Empowering End Users: Your Frontline Cyber Security Defence
Alex Michael | Empowering End Users: Your Frontline Cyber Security DefenceAlex Michael | Empowering End Users: Your Frontline Cyber Security Defence
Alex Michael | Empowering End Users: Your Frontline Cyber Security Defence
 
Recover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by TictacRecover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by Tictac
 
Shining a Light on Cyber Threats from the Dark Web
Shining a Light on Cyber Threats from the Dark WebShining a Light on Cyber Threats from the Dark Web
Shining a Light on Cyber Threats from the Dark Web
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your Business
 
The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surface
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
 
Hunting Attackers with Network Audit Trails
Hunting Attackers with Network Audit TrailsHunting Attackers with Network Audit Trails
Hunting Attackers with Network Audit Trails
 

Mehr von Frank Louwers

Mehr von Frank Louwers (9)

GDPR for Nerders - OpenTechTalks Gent 2019
GDPR for Nerders - OpenTechTalks Gent 2019GDPR for Nerders - OpenTechTalks Gent 2019
GDPR for Nerders - OpenTechTalks Gent 2019
 
Docker security 101 (CfgMgmtCamp 2019)
Docker security 101 (CfgMgmtCamp 2019)Docker security 101 (CfgMgmtCamp 2019)
Docker security 101 (CfgMgmtCamp 2019)
 
IPv6 voor webbouwers
IPv6 voor webbouwersIPv6 voor webbouwers
IPv6 voor webbouwers
 
Ondernemende ingenieurs 20100429
Ondernemende ingenieurs 20100429Ondernemende ingenieurs 20100429
Ondernemende ingenieurs 20100429
 
Rails Servers - Arrrrcamp 20090508
Rails Servers - Arrrrcamp 20090508Rails Servers - Arrrrcamp 20090508
Rails Servers - Arrrrcamp 20090508
 
Dns Problems - Zoocamp 20090523
Dns Problems - Zoocamp 20090523Dns Problems - Zoocamp 20090523
Dns Problems - Zoocamp 20090523
 
Schaalbaarheid En Optimalisatie
Schaalbaarheid En OptimalisatieSchaalbaarheid En Optimalisatie
Schaalbaarheid En Optimalisatie
 
Africa On Rails
Africa On RailsAfrica On Rails
Africa On Rails
 
OpenID Intro @ Barcamp Brussels 3
OpenID Intro @ Barcamp Brussels 3OpenID Intro @ Barcamp Brussels 3
OpenID Intro @ Barcamp Brussels 3
 

Kürzlich hochgeladen

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

BISC 2013: Hosting and security

  • 1. Frank Louwers - Security challenges in a hosting environment - 20131024 Frank Louwers Openminds bvba Co-founder en COO Managed Hosting frank@openminds.be
  • 2. Frank Louwers - Security challenges in a hosting environment - 20131024 DDoS and how they changed
  • 3. Frank Louwers - Security challenges in a hosting environment - 20131024 (D)DoS attacks are not new Used to be targeted at: •Competing game clans •IRC servers •Political parties
  • 4. Frank Louwers - Security challenges in a hosting environment - 20131024 DDoS attack shift •“Occupy movement”: a lot of attacks on banks •Political parties •“companies and organisations with negative press” (Monsanto, Press-agency of the Belgian Catholic Church, ...)
  • 5. Frank Louwers - Security challenges in a hosting environment - 20131024 Attacks we can’t explain •Radio Stations?! •Software development companies •B2B online shops?
  • 6. Frank Louwers - Security challenges in a hosting environment - 20131024 DDoS attacks: new tricks •Amplification attacks: attacker sends 2 Mbps stream, gets multiplied by 20, results in 40 Mbps attack •Now multiply by 100 bots, so 4Gbps attack •Bad configured DNS servers •DNSSec increases the problem
  • 7. Frank Louwers - Security challenges in a hosting environment - 20131024 Protect against DDoS attacks •UDP: yes, can be blocked by decent routers •SYN flood: difficult: compare to tickets at butcher •Huge amount of bandwidth: impossible: 100000 cars on road built for 100 cars (only option: remove roadsigns)
  • 8. Frank Louwers - Security challenges in a hosting environment - 20131024 Protection by external firms •Good ones: very very very expensive (but they work!) •Cheaper ones: no “unlimited” protection •2013: large number of new cheap players •Some of them Russian and very cheap •Would you pay the attacker to block the attack?
  • 9. Frank Louwers - Security challenges in a hosting environment - 20131024 Conclusion: “the new normal” •DDoS attacks are here to stay •Invest in tools to detect the attack •Invest in procedures: know how to respond •Get to know the external players •Insurance? Some insurance companies cover this
  • 10. Frank Louwers - Security challenges in a hosting environment - 20131024 About that firewall... Or why your firewall isn’t going to help much (in a hosting environment)
  • 11. Frank Louwers - Security challenges in a hosting environment - 20131024 Traditional big firewall is useless •Will not protect you against 99.5% of break-ins we see •Bad code in CMS/Websites (> 98%) •Stolen credentials (caused by spyware) •Infected customer computers used as launchplatform •Not flexible enough (Cloud, scaling, ...) •Unmaintainable, unupgradeable
  • 12. Frank Louwers - Security challenges in a hosting environment - 20131024 We are under attack... •All the time •Every server •Impossible to filter signal out of the noise •Or at least very difficult
  • 13. Frank Louwers - Security challenges in a hosting environment - 20131024 So what does work? The Onion Model
  • 14. Frank Louwers - Security challenges in a hosting environment - 20131024 Onion model •Maintained website (ask for maintenance contract) •written in the right mindset (“we will be attacked”) •Small, efficient host-firewalls •Try to detect anomalies •Force secure credentials or 2-Factor Authentication •Make customers aware of the problems, teach them ... •Know what happens on the network
  • 15. Frank Louwers - Security challenges in a hosting environment - 20131024 ... and automate •Human factor weakest link •so take away human factor where possible •Automate configuration management: •Less mistakes •Quickly apply fix to large # of servers
  • 16. Frank Louwers - Security challenges in a hosting environment - 20131024 Hosting providers and the law
  • 17. Frank Louwers - Security challenges in a hosting environment - 20131024 Which laws?
  • 18. Frank Louwers - Security challenges in a hosting environment - 20131024 Which laws apply? •“Laws of country where the server is located, applies” •“Laws of country where company HQ are, applies” •But that’s not always the case!
  • 19. Frank Louwers - Security challenges in a hosting environment - 20131024 Servers in Europe, US laws •Amazon Ireland, Microsoft Azure Europe, Rackspace UK •Are all American companies, or controlled by US entity •So they must follow US law! •PATRIOT Act •(so FBI can get a copy of your data without a warrant)
  • 20. Frank Louwers - Security challenges in a hosting environment - 20131024 Networks •Almost all of the big networks are American • So assume “they” can read everything you put on the wire • So use good encryption or VPN links •AMS-IX wanted to open US branch • huge concerns by members!
  • 21. Frank Louwers - Security challenges in a hosting environment - 20131024 Snowden and the NSA •It has become clear the the NSA has access to a lot of data •why is there no real outrage? •Do we really think this is “normal”? Do we accept this?
  • 22. Frank Louwers - Security challenges in a hosting environment - 20131024 Laws that change everything Last proposal for “Internet tap”: •coffee-bar next door that offers free WiFi •forced to buy 25 000 € tap box •to allow police to tap the “public network”
  • 23. Frank Louwers - Security challenges in a hosting environment - 20131024 Laws that change everything •Data-retention law: •Vague, “details” (= entire law) to be filled in by RD •Clearly targeted at the “small fish” •Real criminal rents 30 euro dedicated service, no logs
  • 24. Frank Louwers - Security challenges in a hosting environment - 20131024 Laws that change everything •A lot of “Notice and Take Down” proposals: •requires us as a hoster, to be a judge. •We are not judges, and don’t want to be! •Changes the intent of the current law completely! •“mere conduit” vs “judge”