Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Medieval Castles and Modern Servers

398 views

Published on

We have been building castles and fortifications for thousands of years. Many of them were never breached. IT security, on the other hand, is a very young discipline where defense mechanisms have not really stood the test of time and breaches are happening every day.

Looking at historical defense techniques and fortress architectures can therefore serve as an inspiration for strong IT security architectures. This presentation looks at agile and flexible defenses, layered security and whitelisting. None of these concepts are entirely new to the IT security industry. But implementations usually stop with the buzzword or at the network level. This talk brings evidence for the effectiveness of the concepts across the centuries and hopes to help them achieve a breakthrough on all levels.

Furthermore, the talk educates the audience about medieval castles and how the metaphor can be put to use when explaining complicated IT security concepts to non-technical audiences. Again, the metaphor is not new, but people are usually only scratching the surface when they talk of medieval castles and modern servers.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Medieval Castles and Modern Servers

  1. 1. Dr. Christian Folini Medieval Castles and Modern Servers @ChrFolini
  2. 2. Dr. Christian Folini  PhD in Medieval History  Former president of the Company of St. George, a medieval reenactment company 2 Replace box with photo then send to back @ChrFolini
  3. 3.  Author of the ModSecurity Handbook, 2. Ed  Co-Lead of the OWASP ModSecurity Core Rule Set Project  Program chair Swiss Cyber Storm Conference  Vize-President Swiss Cyber Experts  Over 10 years of experience in IT Security 3 Replace box with photo then send to back Dr. Christian Folini @ChrFolini
  4. 4.  3 Problems  3 Solutions  3 Useful Security Practices 4 Program @ChrFolini
  5. 5.  One vulnerability is enough 5 Problem 1 @ChrFolini
  6. 6. 6 British Library Royal 18 D II, f. 75r
  7. 7.  Denial of Service 7 Problem 2 @ChrFolini
  8. 8. 8 British Library Royal 15 E I, f. 280v
  9. 9.  Advanced Persistent Threats 9 Problem 3 @ChrFolini
  10. 10. 10 Victoria & Albert Museum Miskina, Akbarnama
  11. 11. 11 Victoria & Albert Museum Miskina, Akbarnama, Detail
  12. 12. “The nation-state attackers? There’s a reason it’s called advanced persistent threats. Because we’ll poke and we’ll poke. We’ll wait and we’ll wait and we’ll wait, right? We’re looking for that opportunity—that opening and that opportunity, to finish the mission.” 12 Rob Joyce, NSA Tailored Access Operations @ChrFolini
  13. 13.  Flexibility 13 Solution 1 @ChrFolini
  14. 14. German Sallet, around 1480 14
  15. 15. German Sallet, around 1480, Company of St. George 15
  16. 16.  Defense in Depth Related terms:  Multiple Lines of Defense  Layered Defense  Security in Layers 16 Solution 2 @ChrFolini
  17. 17. Castle Hochosterwitz, Carinthia, Austria South East 17
  18. 18. Castle Hochosterwitz, Carinthia, Austria East 18
  19. 19. Castle Hochosterwitz, Carinthia, Austria, North 19
  20. 20. Castle Hochosterwitz, Carinthia, Austria, South 20
  21. 21. Castle Hallwyl, Argovia, Switzerland 21
  22. 22. Castle Chillon, Lake Geneva, Switzerland 22
  23. 23.  Whitelisting Related terms:  Positive Security  Least Privilege Principle  Positive Input Validation  Reduction of Attack Surface 23 Solution 3 @ChrFolini
  24. 24. Metnitz, Carinthia, Austria 24
  25. 25. Metnitz, Carinthia, Austria 25
  26. 26. Waffentor, Hochosterwitz, Carinthia, Austria 26
  27. 27. Nauders, Tyrol, Austria 27
  28. 28. Tower of London 28
  29. 29.  Security Updates 29 Useful Security Practice 1 @ChrFolini
  30. 30. Castel de Pioz, Guadalajara, Spain 30
  31. 31.  Detailed Inventory Related terms:  Software Bill of Materials  Dependency Tracking  Detailed diagrams 31 Useful Security Practice 2 @ChrFolini
  32. 32. Habsburger Rotulus, around 1290 Hauptstaatsarchiv Stuttgart H 162 Nr. 1 32
  33. 33. Cairo, Map of Piri Reis 33
  34. 34. Cairo, Map of Piri Reis, detail 34
  35. 35.  Bug Bounty Programs Related term:  Red Teaming 35 Useful Security Practice 3 @ChrFolini
  36. 36. Bellifortis, UB Frankfurt a.M. Ms. germ. qu. 15, fol 61r 36
  37. 37. Bellifortis, Det Kongelige Bibliotek Copenhagen MS Thott.290.2º, fol 22v 37
  38. 38.  One weakness is enough  Denial of Service Attacks  Advanced Persistent Threats  Flexibility  Defense in Depth  Whitelisting  Security Updates  Detailed Inventory  Bug Bounty Programs 38 Summary @ChrFolini
  39. 39. Dr. Christian Folini  christian.folini@netnea.com  @ChrFolini  https://www.christian-folini.ch 39 Replace box with photo then send to back @ChrFolini

×