CeRtiS, BiothentIC,

1
CeRtiS, BiothentIC,

• Or how to secure the entreprise

2
The problems

• The security officer is complaining that
• The staff recruiter is wondering why
• The call center officer is upset about
• The financial manager is asking why and how
• The marketing manager does not understand who
• The RD director is surprised not to access .
• The purchasing manager does not understand why
• and so on

3
The common denominator
4
Physical security steps
5
Logical security steps
6
Differentiating elements
What i know Classics Name, surname Sex Date of
birth Place of birth, Unique E-mail
address Telephone number
What i have basics Mag stripe badge RFID
badge Paper card Unique Smart card Contactless
smart card Dongle with crypto-processor
What i am Unique Fingerprint Iris Hand veins
7
Physical access key
What i know
Parking
reception
What i have
Meeting room
commonplaces
What i am
offices
Vital technical premises nerve center
8
Logical access keys
What i know
Public data
Protected Public data
What i have
Internal data
What i am MOD
Protected internal data
What i am MOC
Sensitive data
Confidential data
MOC matching on card MOD Matching on device
9
Orcanthus solutions
Public data
For every one,
using a single password.
Comfort
CeRtiS Gull
10
Orcanthus solutions
Protected public data,
readable by every one,
using a password.
Modifiable by the author,
using ID/password couple.
Comfort Security
CeRtiS Gull
11
Orcanthus solutions
Internal data,
modifiable by every one,
using ID/password couple,
embedded in a token
Comfort Security
CeRtiS Hawk
12
Orcanthus solutions
Protected internal data,
readable by every one,
using ID/password couple,
embedded in a secure token,
modifiable by the author,
using ID/password couple
embedded in a secure token.
Security
CeRtiS Hawk
13
Orcanthus solutions
Sensitive data,
With limited access,
using ID/password couple,
embedded in a secure token,
modifiable by the author,
using ID/password couple,
embedded in a secure token.
High Security
Biothentic Gull SSOX
14
Orcanthus solutions
Confidential data,
limited access,
using ID/password couple,
embedded in a secure token,
modifiable by the author,
using ID/password couple,
Embedded in a secure token.
High Security
Biothentic Gull SSOX
15
The daily reality

• The biggest threat of computer safety comes from
  user!

• Security should go through password renewal once
  every month minimum!

• Password should be bigger than 8 alphanumeric
  characters !

• In enterprise people manage around 5 to 10
  passwords and in private around 3 to 10 passwords
  or PIN!

• 35 of users give passwords !

• 50 of user make passwords available to any one

• 30 help-desk calls concern a password or
  identification problem

• The cost to manage a password is between 90 and
  185 euros per year and per person

Source Safenet BNP Paribas - IDEX systems
Pistol Star RSA - Siemens
16
The daily reality
Network attacks
Source CanCERT (Canada)
17
The daily reality

• 237 millions virus and computer attacks in S1
  2005
• 137 millions was concentrated on the following
  activities
• Government ( 54 millions attacks),
• Financials (34 millions attacks),
• Manufacturers (all activity sectors) (36 millions
  attacks)
• Health industry (17 millions attacks)

Source IBM
18
Top countries attacked

• United states - 12 millions attacks.
• New-Zeeland - 1,2 millions attacks.
• China - 1 million attacks.
• Ireland is last with a little bit more than
  30 000 attacks.