Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Nuclear powered software securty

D5a2aef3c745cca287ddef1948157fd3?s=47 carnage
July 01, 2017

Nuclear powered software securty

D5a2aef3c745cca287ddef1948157fd3?s=128

carnage

July 01, 2017
Tweet

More Decks by carnage

Other Decks in Technology

Transcript

  1. Nuclear Powered Software Security Chris Riley Dutch PHP Conference 2017

    1
  2. Introduction

  3. Beware of lists 1

  4. Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via

    Wikimedia Commons 2
  5. Nuclear bomb 1By United States Department of Energy [Public domain],

    via Wikimedia Commons 3
  6. Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],

    via Wikimedia Commons 4
  7. Fault Tree Analysis

  8. Loss of cooling 5

  9. Loss of power 6

  10. Inhibit gate 7

  11. E-Commerce 8

  12. E-Commerce 9

  13. How to use your diagram • Consider risk from each

    item 10
  14. How to use your diagram • Consider risk from each

    item • Consider mitigations 10
  15. How to use your diagram • Consider risk from each

    item • Consider mitigations • Not all mitigations will be technical 10
  16. Defence in Depth

  17. A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],

    via Wikimedia Commons 11
  18. Everything is connected 11

  19. Defense in depth 12

  20. Database Access 13

  21. Adding encryption 14

  22. Zonal analysis

  23. United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via

    Wikimedia Commons 15
  24. What can we learn from this? 15

  25. Zonal analysis for security • Administrator passwords 16

  26. Zonal analysis for security • Administrator passwords • Shared systems

    16
  27. Zonal analysis for security • Administrator passwords • Shared systems

    • Operating system vulnerabilities 16
  28. Assume everything is open to the internet. 16

  29. Zonal analysis for data • Look for data hotspots 17

  30. Zonal analysis for data • Look for data hotspots •

    Focus on hotspots 17
  31. Zonal analysis for data • Look for data hotspots •

    Focus on hotspots • Reduce data in hotspots 17
  32. Failing safe

  33. Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons

    18
  34. Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],

    via Wikimedia Commons 19
  35. Failing secure 19

  36. What happens when something goes wrong? 19

  37. Conclusion

  38. Identify undesirable outcomes 19

  39. Layer your defences 19

  40. Look out for single points of failure 19

  41. Handle failures securely 19

  42. Thanks • @giveupalready • https://github.com/carnage • https://carnage.github.io • https://joind.in/talk/92308 20