SlideShare una empresa de Scribd logo

ICT Security 2010: Le minacce delle nuove tecnologie

Alessio Pennasilico
Alessio Pennasilico

Intervento tenuto assieme a SonicWAll per analizzare eventuali rischi presenti nelle reti moderne grazie alle tecnologie più utilizzate, e come mitigarle.

Tecnología
1 de 39
Descargar para leer sin conexión
Alessio L.R. Pennasilico mayhem@alba.st twitter: mayhemspp FaceBook: alessio.pennasilico Phone/Fax +39 045 8271202 Via Roveggia 43, Verona Via Doria 3, Milano http://www.aisgroup.it/ info@aisgroup.it Cristiano Cafferata ccafferata@sonicwall.com BDM & SE Italia e Grecia La tecnologia intorno a me, la sicurezza dentro di me Friday, 29 October, 2010
Alessio L.R. Pennasilico Alessio L.R. Pennasilico Board of Directors: Associazione Informatici Professionisti, CLUSIT Associazione Italiana Professionisti Sicurezza Informatica Italian Linux Society, LUGVR, Sikurezza.org Hacker’s Profiling Project 2 ! Security Evangelist @ Friday, 29 October, 2010
Alessio L.R. Pennasilico Rischi dellaVirtualizzazione accesso all’interfaccia amministrativa test reachability per HA vMotion iSCSI, NFS 3 Friday, 29 October, 2010
Alessio L.R. Pennasilico Proteggere leVM Segmentare la rete Applicare filtri IDS Antivirus 4 Friday, 29 October, 2010
Today’s Network Security Requirements Situational Visibility & Awareness  Application Intelligence, Control with Visualization  Scanning of all out-going and in-coming traffic Protection & Risk Management  Security effectiveness for maximum catch rates  Zero-day protection Secure Access and Manageability Flexible, yet granular controls Multi-vendor interoperability Scalability Technology and Solutions Network Performance/ Policy & Administration Compliance Regulations and Standards Proof  Physical and virtualized assets  Distributed networks  Users and Applications  Mobile devices  Embedded sensors 2 Copyright 2010 SonicWALL Inc. All Right Reserved. Friday, 29 October, 2010
Vulnerabilities in the software everyone uses everyday … It’s Human Nature … Programmers make mistakes Malware exploits mistakes Malware  propaga+ng  at  Applica+on  Layer 7 Copyright 2010 SonicWALL Inc. All Right Reserved. Friday, 29 October, 2010
Alessio L.R. Pennasilico VoIP Risks I telefoni IP, per funzionare, possono eseguire diverse azioni preliminari, vulnerabili a diversi attacchi: ✓ottengono l'indirizzo IP da un server DHCP ✓ottengono dal DHCP l'indirizzo di un TFTP server ➡ io sono il server DHCP, ti indirizzo al mio TFTP ✓scaricano il firmware dal TFTP server ➡ io sono il TFTP e ti do il mio firmware/configurazione ✓scaricano la configurazione dal TFTP server ➡ io leggo la configurazione dal server TFTP ✓si autenticano sul serverVoIP ➡ sniffo, o mi fingo il PBX e forzo auth plain text 7 Friday, 29 October, 2010
Alessio L.R. Pennasilico Attenzione IlVoIP può essere più sicuro della telefonia tradizionale. Questo tuttavia si ottiene attraverso una corretta progettazione, implementazione e verifica, seguendo alcune best practice, sia dal punto di vista tecnico che dal punto di vista della formazione. 8 Friday, 29 October, 2010
Alessio L.R. Pennasilico VoIP Segmentare la rete Applicare filtri IDS/Antivirus QoS Managed WiFi 9 Friday, 29 October, 2010
Challenges in a Web 2.0 Environment  Allow use of Social Networking … but protect it … and control who’s using it  Allow use of Streaming Video … but control its usage  At the same time … Restrict P2P Applications … Restrict File Sharing … Restrict Gaming … Prioritize VoIP Copyright 2010 SonicWALL Inc. All Right Reserved.14 Friday, 29 October, 2010
Streaming Video Copyright 2010 SonicWALL Inc. All Right Reserved.12 Recreational UseBusiness Use Friday, 29 October, 2010
Application Chaos IT Controls Challenged Unacceptable AppsAcceptable Apps Identify, Manage and Control Application Chaos CONFIDENTIAL All Rights Reserved11 Friday, 29 October, 2010
Alessio L.R. Pennasilico Rischi del Wireless Perchè proprio io? ...Wardriving... 13 Friday, 29 October, 2010
Alessio L.R. Pennasilico Device 14 Friday, 29 October, 2010
Alessio L.R. Pennasilico Antenne 15 Friday, 29 October, 2010
Alessio L.R. Pennasilico Mezzi alternativi 16 Friday, 29 October, 2010
Alessio L.R. Pennasilico Molto alternativi... 17 Friday, 29 October, 2010
Alessio L.R. Pennasilico Personalizzazioni 18 Friday, 29 October, 2010
Alessio L.R. Pennasilico Coordinate GPS 19 Friday, 29 October, 2010
Alessio L.R. Pennasilico Cracca al Tesoro Caccia al Tesoro “Geek” www.wardriving.it 20 Friday, 29 October, 2010
Alessio L.R. Pennasilico Misure Inutili Nascondere il nome della rete non serve Filtrare i mac-address non serve WEP da un falso senso di sicurezza 21 Friday, 29 October, 2010
Alessio L.R. Pennasilico Proteggere il WiFi WPA2 a casa è una soluzione adatta In azienda è possibile fare IPSec su WiFi oppure WPA2/Enterprise 22 Friday, 29 October, 2010
Alessio L.R. Pennasilico Proteggere le reti SCADA Segmentare la rete Applicare filtri IDS Antivirus Encryption 23 Friday, 29 October, 2010
Application Intelligence & Control Copyright 2010 SonicWALL Inc. All Right Reserved.16 Identify Categorize Control By Application By User/Group By Content Inspection By Application By Application Category By Destination By Content By User/Group Prioritize Manage Block Prevent Malware Prevent Intrusion Attempts Next Generation Firewall Platform Friday, 29 October, 2010
Example: Prioritize Application Bandwidth Goal Prioritize mission critical applications, such as SAP, Salesforce.com and SharePoint. Ensuring these applications have priority to get the network bandwidth they need to operate can improve business productivity. Solution: App: SAP, Sharepoint, SFDC Action: Bandwidth Prioritize Schedule: Always Users: All Application priority can be date based (think end-of-quarter priority for sales applications) Copyright 2010 SonicWALL Inc. All Right Reserved.29 Friday, 29 October, 2010
Visualize - Attacks Copyright 2010 SonicWALL Inc. All Right Reserved.24 Friday, 29 October, 2010
Visualize - Applications Copyright 2010 SonicWALL Inc. All Right Reserved.23 Friday, 29 October, 2010
Alessio L.R. Pennasilico Minacce “esterne” IDS Antivirus Antispam 28 Friday, 29 October, 2010
Identify – By Users Copyright 2010 SonicWALL Inc. All Right Reserved.19 Friday, 29 October, 2010
Categorize Copyright 2010 SonicWALL Inc. All Right Reserved.20 Friday, 29 October, 2010
Malware loves Social Networking Too Set-up: Create bogus celebrity LinkedIn profiles Lure: Place link to celebrity “videos” in profile Attack: Download of “codec” required to view video Infect: Codec is actually Malware Result: System compromised (Gregg Keizer, Computerworld Jan 7, 2009) 8 Copyright 2010 SonicWALL Inc. All Right Reserved. Friday, 29 October, 2010
http://www.aisgroup.it/ Conclusioni Friday, 29 October, 2010
SonicWALL Application Control Appliances Copyright 2010 SonicWALL Inc. All Right Reserved. NSA E7500/8500 NSA E6500 NSA E5500 TZ 210 Series NSA 3500 NSA 2400 NSA 240 NSA 4500 NSA 2400MX 31 Friday, 29 October, 2010
SonicWALL Next Generation Firewalls feature:  Multi-Function Security Integration  Complete Threat Protection with Intrusion Prevention & Anti-Malware/ Virus/Spyware  Content Control & URL Filtering  Full “Enterprise” quality Integrated Anti-SPAM  Protect whole infrastructures such as StoneWare Access  Application Visibility  Integrated Application Firewall  Policy control over Applications, Application use & File Types  Ultimate Connectivity  “Clean VPN” Secure IPSec Site-to-Site VPN Connectivity, Clean Wireless, Wireless Switch / Controller  Exceptional User Policy Control and Access to Resources  Integrated Wireless Switch offer “Clean Wireless”  Reliability, Optimization & Flexibility  Highly Redundant Hardware – Power/Fans  Business Application Prioritization & QoS  Integrated Server Load Balancing Feature-set  Flexible Deployments branch office, corporate & department network Applications  Award winning: Deployment & Management Deep Packet Firewall Clean VPN Intrusion Prevention Anti-Malware Content Filtering Bandwidth Management Application Firewall Full Anti-SPAM Clean Wireless Friday, 29 October, 2010
Alessio L.R. Pennasilico Prodotto sviluppato per rispondere integralmente alle esigenze del decreto “amministratori di sistema” 35 Friday, 29 October, 2010
Alessio L.R. Pennasilico VoIP Web Interface di gestione Interfaccia utente via web Multisede Integrazione di: fax/sms/skype/device “esotici” 36 Friday, 29 October, 2010
Alessio L.R. Pennasilico La sicurezza Non è un prodotto E’ un processo 37 Friday, 29 October, 2010
Alessio L.R. Pennasilico Budget? 81% delle intrusioni avvengono su reti che non sodisfano i requirement delle più diffuse norme/best practice / guidelines Gartner 38 Friday, 29 October, 2010
Alessio L.R. Pennasilico mayhem@alba.st twitter: mayhemspp FaceBook: alessio.pennasilico Phone/Fax +39 045 8271202 Via Roveggia 43, Verona Via Doria 3, Milano http://www.aisgroup.it/ info@aisgroup.it Cristiano Cafferata ccafferata@sonicwall.com BDM & SE Italia e Grecia Grazie!T h e s e s l i d e s a r e written by Alessio L.R. P e n n a s i l i c o a k a mayhem. They are subjected to Creative Commons Attribution- S h a r e A l i k e - 2 . 5 version; you can copy, modify, or sell them. “Please” cite your source and use the same licence :) Friday, 29 October, 2010

Recomendados

My Final Year Project
My Final Year ProjectMy Final Year Project
My Final Year ProjectMOHAMMEDELALAM1
 
Complete Security
Complete SecurityComplete Security
Complete SecuritySophos
 
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...Software Park Thailand
 
Sophos EndUser Protection
Sophos EndUser ProtectionSophos EndUser Protection
Sophos EndUser ProtectionSophos
 
VTI Learning Series Beyond the Convergence of Physical & Cyber Security
VTI Learning Series Beyond the Convergence of Physical & Cyber SecurityVTI Learning Series Beyond the Convergence of Physical & Cyber Security
VTI Learning Series Beyond the Convergence of Physical & Cyber SecurityShane Glenn
 
Firewall final (fire wall)
Firewall final (fire wall)Firewall final (fire wall)
Firewall final (fire wall)JIEMS Akkalkuwa
 
Get the Most From Your Firewall
Get the Most From Your FirewallGet the Most From Your Firewall
Get the Most From Your FirewallSophos
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 PraesentationSophan_Pheng
 

Recomendados

My Final Year Project
My Final Year ProjectMy Final Year Project
My Final Year ProjectMOHAMMEDELALAM1
 
Complete Security
Complete SecurityComplete Security
Complete SecuritySophos
 
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...Software Park Thailand
 
Sophos EndUser Protection
Sophos EndUser ProtectionSophos EndUser Protection
Sophos EndUser ProtectionSophos
 
VTI Learning Series Beyond the Convergence of Physical & Cyber Security
VTI Learning Series Beyond the Convergence of Physical & Cyber SecurityVTI Learning Series Beyond the Convergence of Physical & Cyber Security
VTI Learning Series Beyond the Convergence of Physical & Cyber SecurityShane Glenn
 
Firewall final (fire wall)
Firewall final (fire wall)Firewall final (fire wall)
Firewall final (fire wall)JIEMS Akkalkuwa
 
Get the Most From Your Firewall
Get the Most From Your FirewallGet the Most From Your Firewall
Get the Most From Your FirewallSophos
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 PraesentationSophan_Pheng
 
TI Safe ICS Cybersecurity Training
TI Safe ICS Cybersecurity TrainingTI Safe ICS Cybersecurity Training
TI Safe ICS Cybersecurity TrainingTI Safe
 
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...TI Safe
 
BYOD - Protecting Your School
BYOD - Protecting Your SchoolBYOD - Protecting Your School
BYOD - Protecting Your SchoolSophos
 
Cisco VMDC Cloud Security 1.0 Design Guide
Cisco VMDC Cloud Security 1.0 Design GuideCisco VMDC Cloud Security 1.0 Design Guide
Cisco VMDC Cloud Security 1.0 Design GuideCisco Service Provider
 
Ignite 2019
Ignite 2019Ignite 2019
Ignite 2019TI Safe
 
Sophos utm-roadshow-south africa-2012
Sophos utm-roadshow-south africa-2012Sophos utm-roadshow-south africa-2012
Sophos utm-roadshow-south africa-2012dvanwyk30
 
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisAprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisTI Safe
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...Cisco Canada
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetIvan Carmona
 
Axoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing ServicesAxoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing ServicesBulent Buyukkahraman
 
Samsung and Android Security brochure
Samsung and Android Security brochureSamsung and Android Security brochure
Samsung and Android Security brochureSherief Razzaque
 
Sophos Mobile Control - Product Overview
Sophos Mobile Control - Product OverviewSophos Mobile Control - Product Overview
Sophos Mobile Control - Product OverviewSophos
 
Partner Zymbian & Fortinet webinar on Web2.0 security
Partner Zymbian & Fortinet webinar on Web2.0 securityPartner Zymbian & Fortinet webinar on Web2.0 security
Partner Zymbian & Fortinet webinar on Web2.0 securityZymbian
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
VSD Infotech
VSD InfotechVSD Infotech
VSD InfotechVSD infotech
 
Implementing cisco network security
Implementing cisco network securityImplementing cisco network security
Implementing cisco network securityqosnetworking
 
Implementing cisco network security
Implementing cisco network securityImplementing cisco network security
Implementing cisco network securityqosnetworking
 
Gate protect presentation
Gate protect presentationGate protect presentation
Gate protect presentationBliegh Alshareef
 
Ite pc v40_chapter9_edited_h
Ite pc v40_chapter9_edited_hIte pc v40_chapter9_edited_h
Ite pc v40_chapter9_edited_hDave Arvin
 
Building a data network (wired and wireless
Building a data network (wired and wirelessBuilding a data network (wired and wireless
Building a data network (wired and wirelessFedora Leo
 
Vpn Mobility VoIP
Vpn Mobility VoIPVpn Mobility VoIP
Vpn Mobility VoIPAlessio Pennasilico
 
Internet (in)sicuro
Internet (in)sicuroInternet (in)sicuro
Internet (in)sicuroAlessio Pennasilico
 

Más contenido relacionado

La actualidad más candente

TI Safe ICS Cybersecurity Training
TI Safe ICS Cybersecurity TrainingTI Safe ICS Cybersecurity Training
TI Safe ICS Cybersecurity TrainingTI Safe
 
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...TI Safe
 
BYOD - Protecting Your School
BYOD - Protecting Your SchoolBYOD - Protecting Your School
BYOD - Protecting Your SchoolSophos
 
Cisco VMDC Cloud Security 1.0 Design Guide
Cisco VMDC Cloud Security 1.0 Design GuideCisco VMDC Cloud Security 1.0 Design Guide
Cisco VMDC Cloud Security 1.0 Design GuideCisco Service Provider
 
Ignite 2019
Ignite 2019Ignite 2019
Ignite 2019TI Safe
 
Sophos utm-roadshow-south africa-2012
Sophos utm-roadshow-south africa-2012Sophos utm-roadshow-south africa-2012
Sophos utm-roadshow-south africa-2012dvanwyk30
 
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisAprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisTI Safe
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...Cisco Canada
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetIvan Carmona
 
Axoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing ServicesAxoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing ServicesBulent Buyukkahraman
 
Samsung and Android Security brochure
Samsung and Android Security brochureSamsung and Android Security brochure
Samsung and Android Security brochureSherief Razzaque
 
Sophos Mobile Control - Product Overview
Sophos Mobile Control - Product OverviewSophos Mobile Control - Product Overview
Sophos Mobile Control - Product OverviewSophos
 
Partner Zymbian & Fortinet webinar on Web2.0 security
Partner Zymbian & Fortinet webinar on Web2.0 securityPartner Zymbian & Fortinet webinar on Web2.0 security
Partner Zymbian & Fortinet webinar on Web2.0 securityZymbian
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
Implementing cisco network security
Implementing cisco network securityImplementing cisco network security
Implementing cisco network securityqosnetworking
 
Implementing cisco network security
Implementing cisco network securityImplementing cisco network security
Implementing cisco network securityqosnetworking
 
Ite pc v40_chapter9_edited_h
Ite pc v40_chapter9_edited_hIte pc v40_chapter9_edited_h
Ite pc v40_chapter9_edited_hDave Arvin
 
Building a data network (wired and wireless
Building a data network (wired and wirelessBuilding a data network (wired and wireless
Building a data network (wired and wirelessFedora Leo
 

La actualidad más candente (20)

TI Safe ICS Cybersecurity Training
TI Safe ICS Cybersecurity TrainingTI Safe ICS Cybersecurity Training
TI Safe ICS Cybersecurity Training
 
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
 
BYOD - Protecting Your School
BYOD - Protecting Your SchoolBYOD - Protecting Your School
BYOD - Protecting Your School
 
Cisco VMDC Cloud Security 1.0 Design Guide
Cisco VMDC Cloud Security 1.0 Design GuideCisco VMDC Cloud Security 1.0 Design Guide
Cisco VMDC Cloud Security 1.0 Design Guide
 
Ignite 2019
Ignite 2019Ignite 2019
Ignite 2019
 
Sophos utm-roadshow-south africa-2012
Sophos utm-roadshow-south africa-2012Sophos utm-roadshow-south africa-2012
Sophos utm-roadshow-south africa-2012
 
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriaisAprendizado de máquinas aplicado à segurança cibernética de plantas industriais
Aprendizado de máquinas aplicado à segurança cibernética de plantas industriais
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
 
Axoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing ServicesAxoss Wireless Penetration Testing Services
Axoss Wireless Penetration Testing Services
 
Samsung and Android Security brochure
Samsung and Android Security brochureSamsung and Android Security brochure
Samsung and Android Security brochure
 
Sophos Mobile Control - Product Overview
Sophos Mobile Control - Product OverviewSophos Mobile Control - Product Overview
Sophos Mobile Control - Product Overview
 
Partner Zymbian & Fortinet webinar on Web2.0 security
Partner Zymbian & Fortinet webinar on Web2.0 securityPartner Zymbian & Fortinet webinar on Web2.0 security
Partner Zymbian & Fortinet webinar on Web2.0 security
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
VSD Infotech
VSD InfotechVSD Infotech
VSD Infotech
 
Implementing cisco network security
Implementing cisco network securityImplementing cisco network security
Implementing cisco network security
 
Implementing cisco network security
Implementing cisco network securityImplementing cisco network security
Implementing cisco network security
 
Gate protect presentation
Gate protect presentationGate protect presentation
Gate protect presentation
 
Ite pc v40_chapter9_edited_h
Ite pc v40_chapter9_edited_hIte pc v40_chapter9_edited_h
Ite pc v40_chapter9_edited_h
 
Building a data network (wired and wireless
Building a data network (wired and wirelessBuilding a data network (wired and wireless
Building a data network (wired and wireless
 

Destacado

e-mail Power: 2010: servono ancora le
e-mail Power: 2010: servono ancora le e-mail Power: 2010: servono ancora le
e-mail Power: 2010: servono ancora le Alessio Pennasilico
 
Linux Day 2010: Virtualizzare con OpenVZ
Linux Day 2010: Virtualizzare con OpenVZLinux Day 2010: Virtualizzare con OpenVZ
Linux Day 2010: Virtualizzare con OpenVZAlessio Pennasilico
 
Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura
Smau 2010 MIlano: Seminario AIPSI Virtualizzazione SicuraSmau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura
Smau 2010 MIlano: Seminario AIPSI Virtualizzazione SicuraAlessio Pennasilico
 

Destacado (7)

Vpn Mobility VoIP
Vpn Mobility VoIPVpn Mobility VoIP
Vpn Mobility VoIP
 
Internet (in)sicuro
Internet (in)sicuroInternet (in)sicuro
Internet (in)sicuro
 
e-mail Power: 2010: servono ancora le
e-mail Power: 2010: servono ancora le e-mail Power: 2010: servono ancora le
e-mail Power: 2010: servono ancora le
 
Paranoia is a virtue
Paranoia is a virtueParanoia is a virtue
Paranoia is a virtue
 
Linux Day 2010: Virtualizzare con OpenVZ
Linux Day 2010: Virtualizzare con OpenVZLinux Day 2010: Virtualizzare con OpenVZ
Linux Day 2010: Virtualizzare con OpenVZ
 
Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura
Smau 2010 MIlano: Seminario AIPSI Virtualizzazione SicuraSmau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura
Smau 2010 MIlano: Seminario AIPSI Virtualizzazione Sicura
 
All your bases belong to us
All your bases belong to usAll your bases belong to us
All your bases belong to us
 

Similar a ICT Security 2010: Le minacce delle nuove tecnologie

Porticor - Can Data be safe in Public Clouds, in Compliance with Standards
Porticor - Can Data be safe in Public Clouds, in Compliance with StandardsPorticor - Can Data be safe in Public Clouds, in Compliance with Standards
Porticor - Can Data be safe in Public Clouds, in Compliance with Standardsgiladpn
 
It securepro 10 nov 2010
It securepro 10 nov 2010It securepro 10 nov 2010
It securepro 10 nov 2010Agora Group
 
Palo Alto Networks, The Networking Security Company
Palo Alto Networks, The Networking Security CompanyPalo Alto Networks, The Networking Security Company
Palo Alto Networks, The Networking Security Companydtimal
 
Emea Corporate Presentation 0709 Lin
Emea Corporate Presentation 0709 LinEmea Corporate Presentation 0709 Lin
Emea Corporate Presentation 0709 LinJoe Sarno
 
Watch guard solution
Watch guard solutionWatch guard solution
Watch guard solutionlaonap166
 
Enhanced Dynamic Leakage Detection and Piracy Prevention in Content Delivery ...
Enhanced Dynamic Leakage Detection and Piracy Prevention in Content Delivery ...Enhanced Dynamic Leakage Detection and Piracy Prevention in Content Delivery ...
Enhanced Dynamic Leakage Detection and Piracy Prevention in Content Delivery ...Editor IJMTER
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solutionmatthew.maisel
 
Cisco Meraki- Simplifying IT
Cisco Meraki- Simplifying ITCisco Meraki- Simplifying IT
Cisco Meraki- Simplifying ITCisco Canada
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer ConferenceFabio Pietrosanti
 
Security Issues of IoT with Fog
Security Issues of IoT with FogSecurity Issues of IoT with Fog
Security Issues of IoT with FogAchu Anna
 
UserGate Proxy & Firewall
UserGate Proxy & FirewallUserGate Proxy & Firewall
UserGate Proxy & Firewallentensys
 
Presentation cisco cloud security strategy
Presentation cisco cloud security strategyPresentation cisco cloud security strategy
Presentation cisco cloud security strategyxKinAnx
 
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Zernike College
 
Fortinet ixia ottawa, june 2013
Fortinet ixia ottawa, june 2013Fortinet ixia ottawa, june 2013
Fortinet ixia ottawa, june 2013juliankanarek
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation SecurityBGA Cyber Security
 

Similar a ICT Security 2010: Le minacce delle nuove tecnologie (20)

Presentacion Palo Alto Networks
Presentacion Palo Alto NetworksPresentacion Palo Alto Networks
Presentacion Palo Alto Networks
 
Porticor - Can Data be safe in Public Clouds, in Compliance with Standards
Porticor - Can Data be safe in Public Clouds, in Compliance with StandardsPorticor - Can Data be safe in Public Clouds, in Compliance with Standards
Porticor - Can Data be safe in Public Clouds, in Compliance with Standards
 
It securepro 10 nov 2010
It securepro 10 nov 2010It securepro 10 nov 2010
It securepro 10 nov 2010
 
Ngfw overview
Ngfw overviewNgfw overview
Ngfw overview
 
Palo Alto Networks, The Networking Security Company
Palo Alto Networks, The Networking Security CompanyPalo Alto Networks, The Networking Security Company
Palo Alto Networks, The Networking Security Company
 
Emea Corporate Presentation 0709 Lin
Emea Corporate Presentation 0709 LinEmea Corporate Presentation 0709 Lin
Emea Corporate Presentation 0709 Lin
 
Watch guard solution
Watch guard solutionWatch guard solution
Watch guard solution
 
Premobox Overview-V1
Premobox Overview-V1Premobox Overview-V1
Premobox Overview-V1
 
Enhanced Dynamic Leakage Detection and Piracy Prevention in Content Delivery ...
Enhanced Dynamic Leakage Detection and Piracy Prevention in Content Delivery ...Enhanced Dynamic Leakage Detection and Piracy Prevention in Content Delivery ...
Enhanced Dynamic Leakage Detection and Piracy Prevention in Content Delivery ...
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solution
 
Cisco Meraki- Simplifying IT
Cisco Meraki- Simplifying ITCisco Meraki- Simplifying IT
Cisco Meraki- Simplifying IT
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
 
Security Issues of IoT with Fog
Security Issues of IoT with FogSecurity Issues of IoT with Fog
Security Issues of IoT with Fog
 
UserGate Proxy & Firewall
UserGate Proxy & FirewallUserGate Proxy & Firewall
UserGate Proxy & Firewall
 
INTERNET PROTOCOL VIDEO SURVEILLANCE
INTERNET PROTOCOL VIDEO SURVEILLANCEINTERNET PROTOCOL VIDEO SURVEILLANCE
INTERNET PROTOCOL VIDEO SURVEILLANCE
 
Presentation cisco cloud security strategy
Presentation cisco cloud security strategyPresentation cisco cloud security strategy
Presentation cisco cloud security strategy
 
Fortinet Perspectiva Coporativa
Fortinet Perspectiva CoporativaFortinet Perspectiva Coporativa
Fortinet Perspectiva Coporativa
 
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009
 
Fortinet ixia ottawa, june 2013
Fortinet ixia ottawa, june 2013Fortinet ixia ottawa, june 2013
Fortinet ixia ottawa, june 2013
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
 

Más de Alessio Pennasilico

Perchè il tuo tablet interessa ai criminali
Perchè il tuo tablet interessa ai criminaliPerchè il tuo tablet interessa ai criminali
Perchè il tuo tablet interessa ai criminaliAlessio Pennasilico
 
Odio le mie applicazioni web e chi le ha scritte
Odio le mie applicazioni web e chi le ha scritteOdio le mie applicazioni web e chi le ha scritte
Odio le mie applicazioni web e chi le ha scritteAlessio Pennasilico
 
Sistemi SCADA e profili criminali
Sistemi SCADA e profili criminaliSistemi SCADA e profili criminali
Sistemi SCADA e profili criminaliAlessio Pennasilico
 
Come il Cloud Computing può salvare l'analogico
Come il Cloud Computing può salvare l'analogicoCome il Cloud Computing può salvare l'analogico
Come il Cloud Computing può salvare l'analogicoAlessio Pennasilico
 
Linux Day 2010: Mi hanno installato Linux... ed ora?
Linux Day 2010: Mi hanno installato Linux... ed ora?Linux Day 2010: Mi hanno installato Linux... ed ora?
Linux Day 2010: Mi hanno installato Linux... ed ora?Alessio Pennasilico
 
Smau 2010 Milano: Seminario AIPSI Business Continuity e Disaster Recovery
Smau 2010 Milano: Seminario AIPSI Business Continuity e Disaster RecoverySmau 2010 Milano: Seminario AIPSI Business Continuity e Disaster Recovery
Smau 2010 Milano: Seminario AIPSI Business Continuity e Disaster RecoveryAlessio Pennasilico
 
Smau 2010 Milano: Seminario AIPSI Sicurezza del VoIP
Smau 2010 Milano: Seminario AIPSI Sicurezza del VoIPSmau 2010 Milano: Seminario AIPSI Sicurezza del VoIP
Smau 2010 Milano: Seminario AIPSI Sicurezza del VoIPAlessio Pennasilico
 
Smau 2010 Milano: Seminario Clusit per Intel sulla security
Smau 2010 Milano: Seminario Clusit per Intel sulla securitySmau 2010 Milano: Seminario Clusit per Intel sulla security
Smau 2010 Milano: Seminario Clusit per Intel sulla securityAlessio Pennasilico
 
Linux Day 2010: Linux Security Demystified
Linux Day 2010: Linux Security DemystifiedLinux Day 2010: Linux Security Demystified
Linux Day 2010: Linux Security DemystifiedAlessio Pennasilico
 
Porte aperte alla tecnologia: Creare una strategia di Disaster Recovery
Porte aperte alla tecnologia: Creare una strategia di Disaster RecoveryPorte aperte alla tecnologia: Creare una strategia di Disaster Recovery
Porte aperte alla tecnologia: Creare una strategia di Disaster RecoveryAlessio Pennasilico
 
ESC 2010: Virtualizzazione (in)security
ESC 2010: Virtualizzazione (in)securityESC 2010: Virtualizzazione (in)security
ESC 2010: Virtualizzazione (in)securityAlessio Pennasilico
 
Seminario Clusit Security Summit 2010: Minacce per la virtualizzazione
Seminario Clusit Security Summit 2010: Minacce per la virtualizzazioneSeminario Clusit Security Summit 2010: Minacce per la virtualizzazione
Seminario Clusit Security Summit 2010: Minacce per la virtualizzazioneAlessio Pennasilico
 
Next Hope New York 2010: Bakeca.it DDoS case history
Next Hope New York 2010: Bakeca.it DDoS case historyNext Hope New York 2010: Bakeca.it DDoS case history
Next Hope New York 2010: Bakeca.it DDoS case historyAlessio Pennasilico
 

Más de Alessio Pennasilico (16)

Perchè il tuo tablet interessa ai criminali
Perchè il tuo tablet interessa ai criminaliPerchè il tuo tablet interessa ai criminali
Perchè il tuo tablet interessa ai criminali
 
RSA vs Hacker
RSA vs HackerRSA vs Hacker
RSA vs Hacker
 
Odio le mie applicazioni web e chi le ha scritte
Odio le mie applicazioni web e chi le ha scritteOdio le mie applicazioni web e chi le ha scritte
Odio le mie applicazioni web e chi le ha scritte
 
Rischi o vulnerabilità?
Rischi o vulnerabilità?Rischi o vulnerabilità?
Rischi o vulnerabilità?
 
Sistemi SCADA e profili criminali
Sistemi SCADA e profili criminaliSistemi SCADA e profili criminali
Sistemi SCADA e profili criminali
 
Come il Cloud Computing può salvare l'analogico
Come il Cloud Computing può salvare l'analogicoCome il Cloud Computing può salvare l'analogico
Come il Cloud Computing può salvare l'analogico
 
Linux Day 2010: Mi hanno installato Linux... ed ora?
Linux Day 2010: Mi hanno installato Linux... ed ora?Linux Day 2010: Mi hanno installato Linux... ed ora?
Linux Day 2010: Mi hanno installato Linux... ed ora?
 
Smau 2010 Milano: Seminario AIPSI Business Continuity e Disaster Recovery
Smau 2010 Milano: Seminario AIPSI Business Continuity e Disaster RecoverySmau 2010 Milano: Seminario AIPSI Business Continuity e Disaster Recovery
Smau 2010 Milano: Seminario AIPSI Business Continuity e Disaster Recovery
 
Smau 2010 Milano: Seminario AIPSI Sicurezza del VoIP
Smau 2010 Milano: Seminario AIPSI Sicurezza del VoIPSmau 2010 Milano: Seminario AIPSI Sicurezza del VoIP
Smau 2010 Milano: Seminario AIPSI Sicurezza del VoIP
 
Smau 2010 Milano: Seminario Clusit per Intel sulla security
Smau 2010 Milano: Seminario Clusit per Intel sulla securitySmau 2010 Milano: Seminario Clusit per Intel sulla security
Smau 2010 Milano: Seminario Clusit per Intel sulla security
 
Linux Day 2010: Linux Security Demystified
Linux Day 2010: Linux Security DemystifiedLinux Day 2010: Linux Security Demystified
Linux Day 2010: Linux Security Demystified
 
OpenOffice
OpenOfficeOpenOffice
OpenOffice
 
Porte aperte alla tecnologia: Creare una strategia di Disaster Recovery
Porte aperte alla tecnologia: Creare una strategia di Disaster RecoveryPorte aperte alla tecnologia: Creare una strategia di Disaster Recovery
Porte aperte alla tecnologia: Creare una strategia di Disaster Recovery
 
ESC 2010: Virtualizzazione (in)security
ESC 2010: Virtualizzazione (in)securityESC 2010: Virtualizzazione (in)security
ESC 2010: Virtualizzazione (in)security
 
Seminario Clusit Security Summit 2010: Minacce per la virtualizzazione
Seminario Clusit Security Summit 2010: Minacce per la virtualizzazioneSeminario Clusit Security Summit 2010: Minacce per la virtualizzazione
Seminario Clusit Security Summit 2010: Minacce per la virtualizzazione
 
Next Hope New York 2010: Bakeca.it DDoS case history
Next Hope New York 2010: Bakeca.it DDoS case historyNext Hope New York 2010: Bakeca.it DDoS case history
Next Hope New York 2010: Bakeca.it DDoS case history
 

Último

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 

Último (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 

ICT Security 2010: Le minacce delle nuove tecnologie

  • 1. Alessio L.R. Pennasilico mayhem@alba.st twitter: mayhemspp FaceBook: alessio.pennasilico Phone/Fax +39 045 8271202 Via Roveggia 43, Verona Via Doria 3, Milano http://www.aisgroup.it/ info@aisgroup.it Cristiano Cafferata ccafferata@sonicwall.com BDM & SE Italia e Grecia La tecnologia intorno a me, la sicurezza dentro di me Friday, 29 October, 2010
  • 2. Alessio L.R. Pennasilico Alessio L.R. Pennasilico Board of Directors: Associazione Informatici Professionisti, CLUSIT Associazione Italiana Professionisti Sicurezza Informatica Italian Linux Society, LUGVR, Sikurezza.org Hacker’s Profiling Project 2 ! Security Evangelist @ Friday, 29 October, 2010
  • 3. Alessio L.R. Pennasilico Rischi dellaVirtualizzazione accesso all’interfaccia amministrativa test reachability per HA vMotion iSCSI, NFS 3 Friday, 29 October, 2010
  • 4. Alessio L.R. Pennasilico Proteggere leVM Segmentare la rete Applicare filtri IDS Antivirus 4 Friday, 29 October, 2010
  • 5. Today’s Network Security Requirements Situational Visibility & Awareness  Application Intelligence, Control with Visualization  Scanning of all out-going and in-coming traffic Protection & Risk Management  Security effectiveness for maximum catch rates  Zero-day protection Secure Access and Manageability Flexible, yet granular controls Multi-vendor interoperability Scalability Technology and Solutions Network Performance/ Policy & Administration Compliance Regulations and Standards Proof  Physical and virtualized assets  Distributed networks  Users and Applications  Mobile devices  Embedded sensors 2 Copyright 2010 SonicWALL Inc. All Right Reserved. Friday, 29 October, 2010
  • 6. Vulnerabilities in the software everyone uses everyday … It’s Human Nature … Programmers make mistakes Malware exploits mistakes Malware  propaga+ng  at  Applica+on  Layer 7 Copyright 2010 SonicWALL Inc. All Right Reserved. Friday, 29 October, 2010
  • 7. Alessio L.R. Pennasilico VoIP Risks I telefoni IP, per funzionare, possono eseguire diverse azioni preliminari, vulnerabili a diversi attacchi: ✓ottengono l'indirizzo IP da un server DHCP ✓ottengono dal DHCP l'indirizzo di un TFTP server ➡ io sono il server DHCP, ti indirizzo al mio TFTP ✓scaricano il firmware dal TFTP server ➡ io sono il TFTP e ti do il mio firmware/configurazione ✓scaricano la configurazione dal TFTP server ➡ io leggo la configurazione dal server TFTP ✓si autenticano sul serverVoIP ➡ sniffo, o mi fingo il PBX e forzo auth plain text 7 Friday, 29 October, 2010
  • 8. Alessio L.R. Pennasilico Attenzione IlVoIP può essere più sicuro della telefonia tradizionale. Questo tuttavia si ottiene attraverso una corretta progettazione, implementazione e verifica, seguendo alcune best practice, sia dal punto di vista tecnico che dal punto di vista della formazione. 8 Friday, 29 October, 2010
  • 9. Alessio L.R. Pennasilico VoIP Segmentare la rete Applicare filtri IDS/Antivirus QoS Managed WiFi 9 Friday, 29 October, 2010
  • 10. Challenges in a Web 2.0 Environment  Allow use of Social Networking … but protect it … and control who’s using it  Allow use of Streaming Video … but control its usage  At the same time … Restrict P2P Applications … Restrict File Sharing … Restrict Gaming … Prioritize VoIP Copyright 2010 SonicWALL Inc. All Right Reserved.14 Friday, 29 October, 2010
  • 11. Streaming Video Copyright 2010 SonicWALL Inc. All Right Reserved.12 Recreational UseBusiness Use Friday, 29 October, 2010
  • 12. Application Chaos IT Controls Challenged Unacceptable AppsAcceptable Apps Identify, Manage and Control Application Chaos CONFIDENTIAL All Rights Reserved11 Friday, 29 October, 2010
  • 13. Alessio L.R. Pennasilico Rischi del Wireless Perchè proprio io? ...Wardriving... 13 Friday, 29 October, 2010
  • 16. Alessio L.R. Pennasilico Mezzi alternativi 16 Friday, 29 October, 2010
  • 17. Alessio L.R. Pennasilico Molto alternativi... 17 Friday, 29 October, 2010
  • 19. Alessio L.R. Pennasilico Coordinate GPS 19 Friday, 29 October, 2010
  • 20. Alessio L.R. Pennasilico Cracca al Tesoro Caccia al Tesoro “Geek” www.wardriving.it 20 Friday, 29 October, 2010
  • 21. Alessio L.R. Pennasilico Misure Inutili Nascondere il nome della rete non serve Filtrare i mac-address non serve WEP da un falso senso di sicurezza 21 Friday, 29 October, 2010
  • 22. Alessio L.R. Pennasilico Proteggere il WiFi WPA2 a casa è una soluzione adatta In azienda è possibile fare IPSec su WiFi oppure WPA2/Enterprise 22 Friday, 29 October, 2010
  • 23. Alessio L.R. Pennasilico Proteggere le reti SCADA Segmentare la rete Applicare filtri IDS Antivirus Encryption 23 Friday, 29 October, 2010
  • 24. Application Intelligence & Control Copyright 2010 SonicWALL Inc. All Right Reserved.16 Identify Categorize Control By Application By User/Group By Content Inspection By Application By Application Category By Destination By Content By User/Group Prioritize Manage Block Prevent Malware Prevent Intrusion Attempts Next Generation Firewall Platform Friday, 29 October, 2010
  • 25. Example: Prioritize Application Bandwidth Goal Prioritize mission critical applications, such as SAP, Salesforce.com and SharePoint. Ensuring these applications have priority to get the network bandwidth they need to operate can improve business productivity. Solution: App: SAP, Sharepoint, SFDC Action: Bandwidth Prioritize Schedule: Always Users: All Application priority can be date based (think end-of-quarter priority for sales applications) Copyright 2010 SonicWALL Inc. All Right Reserved.29 Friday, 29 October, 2010
  • 26. Visualize - Attacks Copyright 2010 SonicWALL Inc. All Right Reserved.24 Friday, 29 October, 2010
  • 27. Visualize - Applications Copyright 2010 SonicWALL Inc. All Right Reserved.23 Friday, 29 October, 2010
  • 28. Alessio L.R. Pennasilico Minacce “esterne” IDS Antivirus Antispam 28 Friday, 29 October, 2010
  • 29. Identify – By Users Copyright 2010 SonicWALL Inc. All Right Reserved.19 Friday, 29 October, 2010
  • 30. Categorize Copyright 2010 SonicWALL Inc. All Right Reserved.20 Friday, 29 October, 2010
  • 31. Malware loves Social Networking Too Set-up: Create bogus celebrity LinkedIn profiles Lure: Place link to celebrity “videos” in profile Attack: Download of “codec” required to view video Infect: Codec is actually Malware Result: System compromised (Gregg Keizer, Computerworld Jan 7, 2009) 8 Copyright 2010 SonicWALL Inc. All Right Reserved. Friday, 29 October, 2010
  • 33. SonicWALL Application Control Appliances Copyright 2010 SonicWALL Inc. All Right Reserved. NSA E7500/8500 NSA E6500 NSA E5500 TZ 210 Series NSA 3500 NSA 2400 NSA 240 NSA 4500 NSA 2400MX 31 Friday, 29 October, 2010
  • 34. SonicWALL Next Generation Firewalls feature:  Multi-Function Security Integration  Complete Threat Protection with Intrusion Prevention & Anti-Malware/ Virus/Spyware  Content Control & URL Filtering  Full “Enterprise” quality Integrated Anti-SPAM  Protect whole infrastructures such as StoneWare Access  Application Visibility  Integrated Application Firewall  Policy control over Applications, Application use & File Types  Ultimate Connectivity  “Clean VPN” Secure IPSec Site-to-Site VPN Connectivity, Clean Wireless, Wireless Switch / Controller  Exceptional User Policy Control and Access to Resources  Integrated Wireless Switch offer “Clean Wireless”  Reliability, Optimization & Flexibility  Highly Redundant Hardware – Power/Fans  Business Application Prioritization & QoS  Integrated Server Load Balancing Feature-set  Flexible Deployments branch office, corporate & department network Applications  Award winning: Deployment & Management Deep Packet Firewall Clean VPN Intrusion Prevention Anti-Malware Content Filtering Bandwidth Management Application Firewall Full Anti-SPAM Clean Wireless Friday, 29 October, 2010
  • 35. Alessio L.R. Pennasilico Prodotto sviluppato per rispondere integralmente alle esigenze del decreto “amministratori di sistema” 35 Friday, 29 October, 2010
  • 36. Alessio L.R. Pennasilico VoIP Web Interface di gestione Interfaccia utente via web Multisede Integrazione di: fax/sms/skype/device “esotici” 36 Friday, 29 October, 2010
  • 37. Alessio L.R. Pennasilico La sicurezza Non è un prodotto E’ un processo 37 Friday, 29 October, 2010
  • 38. Alessio L.R. Pennasilico Budget? 81% delle intrusioni avvengono su reti che non sodisfano i requirement delle più diffuse norme/best practice / guidelines Gartner 38 Friday, 29 October, 2010
  • 39. Alessio L.R. Pennasilico mayhem@alba.st twitter: mayhemspp FaceBook: alessio.pennasilico Phone/Fax +39 045 8271202 Via Roveggia 43, Verona Via Doria 3, Milano http://www.aisgroup.it/ info@aisgroup.it Cristiano Cafferata ccafferata@sonicwall.com BDM & SE Italia e Grecia Grazie!T h e s e s l i d e s a r e written by Alessio L.R. P e n n a s i l i c o a k a mayhem. They are subjected to Creative Commons Attribution- S h a r e A l i k e - 2 . 5 version; you can copy, modify, or sell them. “Please” cite your source and use the same licence :) Friday, 29 October, 2010