SSTIC 2012 – Day One
As every year, the famous Symposium on Information and Communication Technology Security (SSTIC) takes place in Rennes! Intrinsec attends these conferences and offers you a summary of each day.
20 Years of PaX
Speaker: PaX Team (Pipacs)
To celebrate the 20th anniversary of the PaX kernel patch, Pipacs offers us a look back at the various features offered by its solution.
To limit the impact of vulnerabilities caused by development or design errors, the patch strengthens the execution environment: non-executable and read-only kernel memory pages, separation of Userland and Kernelland memory ranges, memory cleanup after freeing…
Pipacs also points out the existence of various GCC plugins that automatically enhance security at compile time: overflow detection on allocations, automatic "constancy" of structures, etc.
Finally, Pipacs reviews future improvements to PaX, including the improvement and addition of GCC plugins, but also the development of protection mechanisms dedicated to hypervisors.
Slides: future
SSL/TLS: Current State of Recommendations
Speaker: Olivier Levillain (ANSSI)
After a brief historical overview of SSL and TLS, Olivier Levillain reviews the known vulnerabilities in the different versions of SSL and TLS, then follows up with reminders about how the protocols work.
Olivier then addresses server configuration issues, mainly concerning authorized cryptographic suites, and reminds us that centralized configuration of Microsoft Windows (via the registry) can lead to malfunctions if it is too heavily reinforced (significantly limiting cryptographic suites).
In conclusion, the speaker specifies that these protocols are reliable and proven, but that it is only possible to best ensure the confidentiality and integrity of exchanges if the client and the server are controlled.
Slides: future
NetZob, a tool for reverse engineering communication protocols
Speakers: Frédéric Guihery / Georges Bossert / Guillaume Hiet
After a few reminders about the usefulness (and difficulty) of reverse engineering network protocols which led to the design of this tool, the team presents the model used to define a communication protocol: a vocabulary and a grammar.
By relying on an L* algorithm, the tool is able to semi-automatically slice the different fields of the protocol messages and then by performing a series of tests the tool reconstructs the different operating graphs of the protocol.
Netzob's operational demonstrations are impressive, but reveal a high degree of complexity in its use. Nevertheless, the development of such a tool remains a remarkable achievement and deserves the community's attention.
RDP Security
Speakers: Arnaud Ebalard / Aurélien Bordes / Raphaël Rigo (ANSSI)
A very interesting conference on Microsoft's Remote Desktop Protocol, which emphasizes the large number of features offered and the extreme complexity of the solution.
The speakers present the various weaknesses of the protocol (weak encryption keys, no server authentication, etc.) and then present the improvements proposed in the latest versions, including the implementation of NLA (Network Level Authentication) which allows server authentication and error reporting in case of interception only if the client is correctly configured.
The conclusion of the presentation is unequivocal: it is strongly advised to restrict RDP access to administrators only and to use network segmentation to limit the risks of interception of flows.
Slides: future
WinRT
Speakers: Kevin Skudlapski / Sébastien Renaud (ANSSI)
Slides: future
Information, the intangible capital of the company
Speaker: Garance Mathias
Through this conference, the lawyer proposes to cover the legal aspects dealing with the company's information assets.
The conference, rather disappointing in both content and form, perhaps due to a lack of interaction with the public and concrete cases, nevertheless served to highlight the existence of a large legal void concerning the protection of the intangible assets of the company.
Slides: future
Auditing permissions in an Active Directory environment
Speaker: Géraud de Drouas / Pierre Capillon (ANSSI)
ANSSI presents here an interesting methodology for auditing permissions by extracting information from the "ntds.dit" file of a domain controller.
Using an internally developed tool (not published, but provided on request), the speakers explain that it is possible to eliminate the many legitimate permissions to focus on a snippet of abusive permissions to be checked manually.
In conclusion, the speakers reiterated that permission audits must be carried out periodically in order to detect as early as possible any opportunities for abusive access to domain objects.
Slides: future
Windows 8 and security: an overview of new features
Speaker: Bernard Ourghanlian (Microsoft)
Microsoft presents here the various security features implemented on Windows 8.
The main focus is on leveraging hardware by using UEFI and the Trusted Platform Module (TPM) to enable malware analysis during boot, control of boot elements (UEFI, OS loader, etc.) and to facilitate the deployment of Bitlocker encryption in the enterprise.
However, it is interesting to put this presentation into perspective with that of Jonathan Brossard at the Hackito Ergo Sum conference, which dealt with the significant risk of manufacturers positioning hardware backdoors.
Slides: future
10 years of SSTIC
Speakers: Fred Raynal / Nicolas Fischbach / Philippe Biondi
Through this conference, the founding team of SSTIC looks back on the good times and tensions of the early years of the event, which is celebrating its 10th anniversary this year.
A very pleasant conference to close this first day, an opportunity to analyze the evolution of SSTIC over the last 10 years, and to launch some reflections on the future of the information systems security market in France.
Slides: future
