novembre 2010

INSIA - Cryptologie : Cours N°4

Rédigé par Matthieu CERDA   31 commentaires   Mis à jour le  16/11/2010

Et c'est parti pour de nouvelles aventures !
On commence le cours sur le phénomène de la "folle de charcot" : Une personne peut trouver intuitivement une information en étant en état d'hypersensibilité.

Le professeur aborde avec beaucoup de poésie le hacking éthique.

Quels sont les problèmes rencontrés dans la sécurisation des sites :

  • Le pognon$$$

  • Les failles humaines : négligeance, coût humain, volonté de préserver son travail.

  • Les failles logicielles

Exemple : un serveur, dans les toilettes, sous les tuyaux d'eau, sans ventilation, avec les sauvegardes posées sur le serveur, a l'abandon.

Pourquoi le problème n'est pas aussi connu que ça ?

  • Plus le réseau est grand plus le risque d'être faillible est grand

La crypto permet de contourner le problème : il n'y a plus besoin de réparer toutes les failles très vite, on ralentit les choses.

Une petite présentation ancienne ayant pour sujet une étude de sécurité dans une grande entreprise d'énergie française est faite, et on remarque que le réseau est un vrai gruyère : des vulnérabilités sont présentes a beaucoup de niveaux. Les intervenants extérieurs conseillent la création de "bulles de sécurité", afin de parer au plus urgent.

Le projet est lancé avec une deadline de 3 mois, avec pour objectif de créer un système résistant, mais rencontre une forte opposition des équipes en place qui créent un projet concurrent. (3/2 ans de moratoire et migration vers MS Vista, et organisation d'une journée de la sécurité au stade de france)

Bilan au bout des 2 ans de moratoire : la situation est toujours aussi pourrie, les mdp sont triviaux et tout est vulnérable. Une preuve de concept est présentée pour discréditer toute opposition, et exhibe de manière explicite toutes les failles ...

Une seconde présentation est faite, ayant pour source le Groupe Gartner : Il y a 10 défis pour un groupe informatique

  1. Sécuriser les données

  2. Assurer la continuité d'activité

  3. Nettoyer les réseaux hérités du passé

  4. Organiser la mobilité

  5. Faire plus avec moins

  6. Garantir les performances du système

  7. Certifier l'informatique (normes ISO, etc...)

  8. Simplifier l'infrastructure informatique

  9. Simplifier l'accès aux applications et aux données

Proverbe Texan : "If you always do what you always did, you always get what you always got"

On évolue vers un nouveau paradigme :

  • S (écurité) : de bout en bout

  • A (ccès) : ATTAWAD (AnyTime, AnyWhere, Any Device)

  • C (ontinuité) : Interne et Externe

Grâce a la virtualisation, il devient possible de protéger assez simplement l'information.

Création de systèmes "Secure by design" => Isolation totale de toutes les couches d'opération de l'entreprise.

On gère plusieurs zones séparées, sans interconnexion directe => sandboxes, dont plusieurs implémentations sont proposées aujourd'hui : Citrix, Windows vServer ...

Ce type d'infrastructure est dite "OSS" ou "Bastion".

31 commentaires

#1 nonton movie online a dit :

After looking into a handful of the blog articles on your blog, I really like your way of writing
a blog. I saved it to my bookmark website list and will
be checking back in the near future. Take a look at my web
site as well and tell me your opinion.

#2 Sportwetten Website a dit :

Hey would you mind sharing which blog platform you're using?

I'm planning to start my own blog soon but I'm having a tough time making
a decision between BlogEngine/Wordpress/B2evolution and
Drupal. The reason I ask is because your layout seems different then most blogs and I'm looking for something completely unique.
P.S Sorry for getting off-topic but I had to ask!

#3 dewamovie a dit :

Thank you for any other informative site. Where else may just I get that
type of information written in such a perfect approach? I
have a challenge that I'm just now running on, and I have
been on the look out for such information.

#4 australian open live streaming a dit :

Amazing! Its really awesome article, I have got much clear idea about from this article.

#5 nonton movie a dit :

I just like the helpful info you supply in your articles.
I will bookmark your weblog and check once more here regularly.
I am slightly certain I'll be told many new stuff right here!

Best of luck for the next!

#6 nonton movie a dit :

I just like the helpful info you supply in your articles.
I will bookmark your weblog and check once more here regularly.
I am slightly certain I'll be told many new stuff right here!

Best of luck for the next!

#7 Bandarq online a dit :

Тhiѕ is very interesting, Yoᥙ arе a very skilled blogger.
Ι'ᴠe joined үour rss feed ɑnd loⲟk forward tо seeking
more of your wonderful post. Аlso, I've shared үoսr web site іn my social networks!

#8 Domino99online.net a dit :

Hi there Dear, are you truly visiting this website regularly, if so then you will
definitely take pleasant know-how.

#9 https://Botak-qq.biz a dit :

Nice post. I was checking constantly this blog and I'm impressed!

Extremely helpful info specifically the last part :
) I care for such information a lot. I was seeking this particular information for a very long time.
Thank you and best of luck.

#10 www.itgtennis.com a dit :

I know this if off topic but I'm looking into starting my own blog and
was curious what all is required to get setup?
I'm assuming having a blog like yours would cost a pretty penny?
I'm not very web smart so I'm not 100% sure. Any suggestions or advice would be greatly
appreciated. Cheers

#11 judi bola a dit :

Just desire to say your article is as amazing.
The clearness in your post is simply cool and i can assume you are
an expert on this subject. Well with your permission allow me
to grab your feed to keep updated with forthcoming post. Thanks a million and
please keep up the rewarding work.

#12 Domino Online a dit :

What a information of un-ambiguity and preserveness of valuable know-how regarding unpredicted

#13 streaming vf a dit :

Thank you for every other fantastic article.
Where else may just anyone get that kind of information in such
an ideal way of writing? I have a presentation next week, and I am
on the look for such information.

#14 https://dermavix-cream.org/ a dit :

What's up, this weekend is good designed for me, since this time i am reading this
enormous informative piece of writing here at my house.

#15 a a dit :

Hurrah! In the end I got a weblog from where I be capable
of really obtain useful data regarding my study and knowledge.

#16 https://truu-keto.net/ a dit :

Hello. remarkable job. I did not expect this. This is a excellent story.

#17 Alejandro a dit :

Hi, its nice post regarding media print, we all be familiar with media is
a impressive source of data.

#18 Keesha a dit :

Awesome news it is surely. My teacher has been seeking for this information.

#19 bcaqq a dit :

Thanks for sharing your thoughts about bandarqq.

#20 Nonton Movie Indonesia a dit :

I do accept as true with all of the ideas you've presented in your post.
They are very convincing and will definitely work.
Nonetheless, the posts are very brief for starters. Could you
please lengthen them a bit from next time? Thank you for the post.

#21 detiksport jadwal sepakbola a dit :

This piece of writing offers clear idea in support of the new people of
blogging, that really how to do blogging.

#22 daftar casino online terpercaya a dit :

This article will help the internet visitors for setting up
new weblog or even a blog from start to end.

#23 v1059977.11199.28la.com.cn a dit :

each time i used to read smaller content which as well
clear their motive, and that is also happening with this piece of writing which
I am reading here.

#24 Casino online Indonesia a dit :

What's up mates, how is all, and what you would like to say on the topic of this post, in my view its really
awesome for me.

#25 cashbet99 a dit :

It's actually a nice and useful piece of information.
I am happy that you just shared this useful information with us.
Please stay us up to date like this. Thanks for sharing.

#26 sbobeta88.info a dit :

Definitely believe that which you said. Your favorite reason appeared to be on the web the easiest thing to be aware of.
I say to you, I definitely get annoyed while people consider worries that they
just do not know about. You managed to hit
the nail upon the top and defined out the whole thing without having side-effects
, people can take a signal. Will likely be back to get more.

#27 Kumpulan situs poker online indonesia a dit :

Very nice post. I just stumbled upon your weblog and wanted to
mention that I have really enjoyed surfing around your blog posts.

After all I'll be subscribing for your rss feed and I am hoping you write again soon!

#28 situs judi bola terbesar a dit :

Asking questions are truly good thing if you are
not understanding anything fully, however this piece of writing gives nice understanding

#29 permainan judi kartu online a dit :

Hi, Neat post. There's an issue along with your web site
in internet explorer, would test this? IE nonetheless is the market leader and a large section of other
folks will omit your fantastic writing because of this problem.

#30 poker bonus deposit terbesar a dit :

hi!,I love your writing so much! percentage we keep up a correspondence more about your post on AOL?
I need a specialist in this house to resolve my problem.
Maybe that's you! Looking forward to peer you.

#31 video marketing agency a dit :

Calories give rise to energy but excessive amount of
calories appears into fats. Would it mean gaining or losing weight
and after that being more active, physically or socially.
If you are serious on shedding pounds and want to achieve a
sound body, you must do a number of adjustments in your lifestyle.

Écrire un commentaire

Quelle est la cinquième lettre du mot sauqyg ? :