• No results found

Your security Our Mission

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Your security Our Mission"

Copied!
14
0
0

Loading.... (view fulltext now)

Download now ( 14 Page )

Full text

(1)

Your security…

(2)

BadUSB

Karsten Nohl and Jakob Lell introduced at BlackHat

2014 in Las Vegas the danger of BadUSB attacks.

This concept represents the manipulation of a USB’s

firmware with the intent to jeopardize a computer’s

security.

USB port is not reserved anymore only for mice and

keyboards. Now it is used for many more devices, from

charging to storing.

Something as small and innocent as a jump drive can,

once connected, upload a virus, redirect internet traffic

or pretend to be a keyboard to manipulate sensitive

files.

(3)

Short Introduction of Ramon Mörl

30 years of experience in IT security

Leading activities in projects for companies

such as HP, IBM, Siemens, ICL and Bull in

Belgium, Germany, France, Italy, Austria,

Switzerland and the USA

Worked as an independent evaluator and

consultant for the European Union, particularly

in the area of ECMA and ISO standards for IT

security

Since 2002 managing director for itWatch

GmbH

(4)

Complete chain of trust:

Technology

The example of the mouse with "additional

function“

Your Security …

(5)

Input devices

A nice mouse is additionally a faked keyboard

– (see BadUSB at

Black Hat 2014 in Las Vegas)

(6)

Processing of submissions under

Windows (simplified illustration)

Bluetooth Stack

Bluetooth HID

USB

Devices

USB Stack

USB HID

HID

Class

Driver

Keyboard

Map

Driver

Mouse

Class

Driver

Keyboard Class Driver Mouse

Class

Driver

Message Queue

Applications

HID (Human Interface Device) Stack

Interface

Kernel mode

User mode

Applications

Software Key-Logger

Software Key-Logger

Hardware Key-Logger

Software Key-Logger

(7)

Points of attacks

Bluetooth Stack Bluetooth HID USBDevices USB Stack USB HID

HIDClassDriver

Keyboard MapDriver Mouse MapDriver Keyboard Class Driver Mouse Class Driver

Message Queue Applications HID Stack Interface Kernel mode User mode Applications USB Stack USB FS

File System Driver FS Mapper Driver FS Mapper Driver File System (FS)

Applications

(8)

What is Security really?

A secure car:

Belts

Airbags

Mirror

ABS

Light

Despite of

All that

You won‘t

Go Diving

!

(9)

Secure Keyboard

“Secure Keyboard”

consists of everything what is needed

to fend attacks which are addressed by “BadUSB”.

These include:

The profound authentication of devices,

protection against double devices,

freezing of a hardware sets at the time of delivery,

prohibition of unknown processes

and the secure transmission of passwords past the

vulnerabilities of the operating system straight in the

application or login, so that hardware and software

keyloggers don’t have a chance.

(10)

Conclusion & outlook to the future

Many products and process models provide supposedly secure

application, however "the last gap" remains often ignored by IT

security.

This last gap comprises various facets, such as legal certainty

and involvement in the organization and technology. This

includes the

“Secure Keyboard”, the automatic recognition of

IT-Risks at the workplace and the reporting and management of

these risks in defined and also for human understandable

processes, which integrate the user in real time with mandatory

dialogues.

During all activities the user is supported through permanent

identification and separation of critical behaviors on the

basis of a software patent. itWatch provides several new

solutions which close the critical last gap. The new products are

an addition to the traditional topics of the itWatch Enterprise

Security Suite including Data Loss Prevention (DLP), Endpoint

(11)

itWatch Enterprise Security Suite

DeviceWatch

ApplicationWatch

XRayWatch

PDWatch

CDWatch

DEvCon

ReCAppS

Device control

Application control

Block and audit files

and content

Mobile encryption,

both locally and

centrally

Media-based

protection

Cascading device

event console

Virtual lock

PrintWatch

AwareWatch

ReplicationWatch

CryptWatch

RiskWatch

LogOnWatch

MalWareTrap

Print control

Security awareness in

real-time

Secure data replication

Encryption on unprotected

third party computers

Risk assessment with one

click

Securely pass passwords on

applications and login

(12)

Partner of itWatch

Microsoft and itWatch work hand in hand - Together, the

companies present the secure Windows 8 Tablet

f.l.t.r.: Ramon Mörl (Managing director of itWatch GmbH) and

Michael Kranawetter

(Head of Information Security, Chief Security Advisor Germany,

Microsoft Deutschland GmbH, Unterschleißheim)

Sponsored by BMWi: Joint research project of itWatch and WIBU

Systems

Together with T-Systems and other manufacturers itWatch has

developed a hardware-independent laptop and tablet,.which are

approved by BSI VS-NfD.

(13)
(14)

ct 1/2003

References

Download now ( PDF - 14 Page - 1.17 MB )

Related documents

Basin Development Challenges - Stakeholder Consultation Workshop Report - Volta River Basin

After some welcoming words from the directors of the organizing institutions ‐‐ Alain Vidal, Director  of  the  CPWF,  Charles  Biney,  Executive  Director 

Governance and Accountability

• External audit of debt management activities policies and • External audit of debt management activities, policies, and  operations within the past 5 years Score C

Does Exposure to Asbestos Cause Ovarian Cancer? A Systematic Literature Review and Meta-analysis

The present study has shown that 4 of 14 cohort studies reported a statistically significant excess rate for ovarian cancer among women exposed to asbestos.. Of the remaining

Other Income (Form 1040 Line 21)

 1099-LTC (Long Term Care income)  Cancellation of Credit Card Debt..  Nursing Home Assessment Recovery…click here

Is it now time to promote mixed enteral and parenteral nutrition for the critically ill patient?

more BL, Doig CJ, Hameed SM (2005) Implementation of a nutrition support protocol increases the proportion of mechanically ventilated patients reach- ing enteral nutrition targets

An investigation into the roles of water, sanitation, and hygiene in the control of schistosomes and other helminths

As discussed in the Introduction (Sections 1.3.6 and 1.3.7), the relationships between WASH and schistosome and STH transmission have plausibility at a basic level: parasite

Review of ecological restoration technology for mine tailings in China

Physical remediation uses physical methods to restore fertility of the tailings in order to make them suitable for vegetation growth, including covering with other soil

Caffeine, breakfast cereal and time of day: effects on alertness, encoding and recall

One issue where there has been less agreement is whether there are benchmark tests that reliably show effects of caffeine in different contexts. Smith,