Embed Size (px)
Citation preview
BinaryEdge.ioBe Ready. Be Safe. Be Secure.
The State of Web Security in Switzerland
AGENDA
Who am I?
What do we do?
Switzerland and Cybersecurity
Headers
Dataleaks affecting Switzerland
Data exposed
WHO AM I?
Tiago Henriques
Tiago is the CEO and Data necromancer at BinaryEdge however he gets to meddle in the intersection of data science and cybersecurity by providing his team with lovely problems that they solve on a daily basis.
WHAT DO WE DO?
VNC
RDP
Files People
Social
Companyregistration
internal
external
Phone
Linked urls
BGP
AS
Whois
AS membership
AS peer
List of IPs
Sharedinfrastructure
Co-hostedsites
Contact
Geolocation
Officelocations
Socialnetworks
Phone
portscan
dns
torrents
Screenshots
Web
Services
http https
Users
AppsFiles
Peers Torrent name
BannersImage
Classifier
Vulnerabilities
200Ports scanned
per month
>120 millionIPs with services
> 1.5 billionEvents generated
per month
DATA POINTS
metadata
PhotosFamily&friends
Behaviour
LikesTopics
Search
NewsForums
Sub-reddits
DomainsAXFRMX records
WebserverFrameworkHeadersCookies
CertificateConfigurationAuthoritiesEntities
OCR
SWip addressurl address
SMB
WHAT DO WE DO?
balgan@DESKTOP-PAGM894 /cygdrive/d/270m domains/cctld_lists$ head ch.csvgoogle.chuploadable.cheztv.chprojectfreetv.chblick.chricardo.chwatchseries-online.ch20min.chcokeandpopcorn.chbluewin.ch
balgan@DESKTOP-PAGM894 /cygdrive/d/270m domains/cctld_lists$ cat ch.csv | wc -l1533995
SWITZERLAND AND CYBERSECURITY
INSURANCEBANKING PHARMA
SWITZERLAND AND CYBERSECURITY
Source: https://securityheaders.io
SERVER
STRICT-TRANSPORT-SECURITY
X-FRAME-OPTIONS
X-CONTENT-TYPE-OPTIONS
X-XSS-PROTECTION
CONTENT-SECURITY-POLICY
PUBLIC-KEY-PINS
This Server header seems to advertise the software being run on the server but you can remove or change this value.
HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.
X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjack-ing.
X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is “X-Content-Type-Options: nosniff!”.
X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. The best configuration is “X-XSS-Protection: 1; mode=block”.
Content-Security-Policy is an effective measure to protect your site from XSS attacks. By wh-itelisting sources of approved content, you can prevent the browser from loading malicious assets. Analyse this policy in more detail.
HTTP Public Key Pinning protects your site from MiTM attacks using rogue X.509 certificates. By whitelisting only the identities that the browser should trust, your users are protected in the event of a certificate authority is compromised. Analyse this policity in more detail.
HEADERS
Most Common Server Headers (top20)
HEADERS
0 35,00017,5008,750 26,250
Strict-Transport-Security
X-XSS-Protection
Content-Security-Policy(report + enforced)
Public-key-Pins(report + enforced)
X-Content-Type-Options
X-Frame-Options
32,687
31,552
20,220
16,444
1,282
210
Most Common Security Headers in Switzerland
HEADERS
BANKS - WEBSITES
UBS.COM
CREDIT-SUISSE.COM
JULIUSBAER.COM
POSTFINANCE.CH
BANKCOOP.CH
FALCONPB.COM
X-frame-options
Strict-Transport-Security
X-Content-Type-Options
Content-Security-Policy
Public-Key-Pins
X-XSS-Protection
SECURITY HEADER
DOESN’T HAVE SECURITY HEADER HAS SECURITY HEADER
RAIFFEISEN.CH
HEADERS
HEADERS
BANKS - E-BANKING
UBS.COM
CREDIT-SUISSE.COM
JULIUSBAER.COM
POSTFINANCE.CH
BANKCOOP.CH
FALCONPB.COM
X-frame-options
Strict-Transport-Security
X-Content-Type-Options
Content-Security-Policy
Public-Key-Pins
X-XSS-Protection
SECURITY HEADER
DOESN’T HAVE SECURITY HEADER HAS SECURITY HEADER
RAIFFEISEN.CH
BANKS - E-BANKING
UBS.COM
CREDIT-SUISSE.COM
JULIUSBAER.COM
POSTFINANCE.CH
BANKCOOP.CH
FALCONPB.COM
X-frame-options
Strict-Transport-Security
X-Content-Type-Options
Content-Security-Policy
Public-Key-Pins
X-XSS-Protection
SECURITY HEADER
DOESN’T HAVE SECURITY HEADER HAS SECURITY HEADER
RAIFFEISEN.CH
THIS IS HARD TO DO RIGHT!
HEADERS
https://www.troyhunt.com/how-chromes-buggy-content-security-policy-implementation-cost-me-money/
HEADERS
CANTONAL BANKS CYBER COMPETITION - E-BANKING
ZÜRCHER (ZKB.CH)
VAUDOISE (BCV.CH)
BASLER (BKB.CH)
LUZERNER (LUKB.CH)
ST.GALLER (SGKB.CH)
BERNER (BEKB.CH)
X-frame-options
Strict-Transport-Security
X-Content-Type-Options
Content-Security-Policy
Public-Key-Pins
X-XSS-Protection
SECURITY HEADER
DOESN’T HAVE SECURITY HEADER HAS SECURITY HEADER
HEADERS
INSURANCE COMPANIES
ZURICH FINANCIAL SERVICES
SWISS RE
WINTERTHUR GROUP
SWISS LIFE
BALOISE
HELVETIA PATRIA
X-frame-options
Strict-Transport-Security
X-Content-Type-Options
Content-Security-Policy
Public-Key-Pins
X-XSS-Protection
SECURITY HEADER
DOESN’T HAVE SECURITY HEADER HAS SECURITY HEADER
HEADERS
INVALID CONFIGURATION
SUVA
GROUPE ALLIANZ (SUISSE)
LA MOBILIERE
VAUDOISE ASSURANCES
PHARMACEUTICAL/CHEMICAL COMPANIES
NOVARTIS
ROCHE
SYNGENTA
CLARIANT
CIBA
X-frame-options
Strict-Transport-Security
X-Content-Type-Options
Content-Security-Policy
Public-Key-Pins
X-XSS-Protection
SECURITY HEADER
HEADERS
DOESN’T HAVE SECURITY HEADER HAS SECURITY HEADER
aerzte-zh.ch/
HEADERS
87
33
3
X-FRAME-OPTIONS
X-XSS-PROTECTION
STRICT-TRANSPORT-SECURITY
CONTENT-SECURITY-POLICY
PUBLIC-KEY-PINS
X-CONTENT-TYPE-OPTIONS
0
130 DOCTOR WEBSITES
DATA LEAKS
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
DATA LEAKS AFFECTING SWITZERLAND
UBS
26,763
Credit Suisse
14,262
Julius Bär
765
ZürcherKantonalbank
505
Raiffeisen
442
BanqueCantonale Vaudoise
375
PostFinance
352
FalconPrivate Bank
64
St. GallerKantonalbank
56
LuzernerKantonalbank
50
BernerKantonalbank
47
BaslerKantonalbank
41
Bank Coop
31
BANKS
DATA LEAKS AFFECTING SWITZERLAND
INSURANCE COMPANIES
ZurichFinancialServices2,753
Swiss Re
2,883
WinterthurGroup
554
Swiss Life
507
Baloise
414
HelvetiaPatria
239
Suva
230
Groupe Allianz (Suisse)
6
La Mobiliere
0
VaudoiseAssurances
228
DATA LEAKS AFFECTING SWITZERLAND
PHARMACEUTICAL/CHEMICAL COMPANIES
Novartis
19,872
Roche
17,708
Syngenta
6,409
Clariant
0
Ciba
676
31
DATA LEAKS AFFECTING SWITZERLAND
DATA EXPOSEDDATA EXPOSED
DATA EXPOSEDDATA EXPOSED
DATA EXPOSEDDATA EXPOSED
DATA EXPOSEDDATA EXPOSED
DATA EXPOSEDDATA EXPOSED
Big Data TechnologiesChanges in amount of data exposed on the internetMongoDB Memcached Redis 2 TB
644.3 TB
Aug 2015 Jan 2016 July 2016
724.7 TB 627.7 TB
13.2 TB11.3 TB
710.9 TB 12.0 TB
598.7 TB 27.5 TB 1.5 TB
1.8 TB
619.8 TB
DATA EXPOSEDDATA EXPOSED
BE READY. BE SAFE. BE SECURE.
www.binaryedge.io
CONTIGENCY THREAT SAFE IRRELEVANT
