Transcript
CRYENGINE® is Crytek’s key differentiator for success
World leading game development software for sophisticated computer and video games
Highest graphics quality and unique Realtime-3D-Technology
Innovation leadership as a result of 15 years of development know-how
Licensed by numerous third-party game developers and publishers
Sole integrated all-in-one solution for games on platforms of the current and future generation:
CRYENGINE
● 273 509 398 237 shots
That's enough for the continuous
shooting from M137 minigun for 32
years
WARFACE in Numbers
● Aimed at Users
● Aimed at Servers and Services
● Aimed at Network and Infrastructure
Threats categories
● Aimed at Users
● Aimed at Servers and Services
● Aimed at Network and Infrastructure
Threats categories
User awareness
Info banners
Informational e-mails
StaySafeOnline (NCSA)
Threats aimed at Users – Social Engineering
● User awareness
● Info banners
● Informational e-mails
● Cooperation with Law Enforcements
Phishing Attacks
User awareness
Strict password policies
Detection on API / Server level
Threshold on API level
Password-Based Attacks
Browser update reminders
Active Penetration tests
Code Review
Automated code security review
Browser attacks (Web)
NGINX
Up-To date versions
Web server tuning (A+ Certs)
Customized NGINX configuration
Own repos with signed packages
SSL attacks
Automated checks and notification
Critical security updates auto install
RSS subscriptions for team
E-mail subscriptions for team
Unpatched software
N+1
DC Anti-DDOS
WAF ModSecurity (Atomicorp)
Host firewalls (Netfilter)
CDN Protection
Non-standard ports
TCP/UDP Knock-In
Denial of service
Honeypots
Rsyslog
Logs distribution (DC, Studios)
Encrypted relay chains (TLS-protected)
NTP – OpenNTPD (N+1)
Monitoring (N+1)
Attacks on custom services
Confidentiality - only authorized access to data.
Integrity - data has not been improperly altered.
Availability - data and services are always available.
CIA Triad Compliance
Center for Internet Security Benchmarks (CIS)
Defense Information Systems Agency (DISA) STIGs
ISO 27002/17799 Security Standards
National Institute of Standards (NIST) guidelines
National Security Agency (NSA) guidelines
Payment Card Industry Data Security Standards
Site Data Protection (SDP)
CIA Triad Compliance
Use static binary not linked to shared libraries
Strip the binary
GPG signed configuration and baseline database
Own HIDS built-in SMTP
Stealth mode of operation (config hidden in image)
Disable command line parsing without magic word
Rename every installed file to custom name
Pack and encrypt executable
HIDS Additional options
Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow
Vulnerability
More than 19 Critical vulnerabilities in last 5 years
Ipsec attacks
Latest firmware for HW firewalls (NGFW)
StrongSwan IPSec
Auth logs to RADIUS
Least Privileges
DMZ and separate segments
Different security levels
Ipsec attacks
IPsec IKEv2 EAP-TLS with authentication based on
X.509 certificates, elliptic curve DH groups and
ECDSA with built-in integrity and crypto tests for
plugins and libraries.
PacketFence network access control (NAC)
Ipsec attacks
Security Policy
Levels of acceptable risks (Risk Management)
Network Segmentation and VLANs
Network Planning
top related