{"id":14,"date":"2021-05-19T07:41:33","date_gmt":"2021-05-19T07:41:33","guid":{"rendered":"https:\/\/www.dcmitsecurity.com\/index.php\/portfolio\/"},"modified":"2024-06-07T10:45:14","modified_gmt":"2024-06-07T08:45:14","slug":"portfolio","status":"publish","type":"page","link":"https:\/\/www.dcmitsecurity.com\/index.php\/portfolio\/","title":{"rendered":"Portfolio"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"14\" class=\"elementor elementor-14\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-fdb9feb elementor-reverse-mobile elementor-section-height-min-height elementor-section-content-middle elementor-section-boxed elementor-section-height-default elementor-section-items-middle\" data-id=\"fdb9feb\" data-element_type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t\t<div class=\"elementor-background-overlay\"><\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-no\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-8ee938a elementor-invisible\" data-id=\"8ee938a\" data-element_type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeInLeft&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fd32d27 elementor-widget elementor-widget-spacer\" data-id=\"fd32d27\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.18.0 - 06-12-2023 *\/\n.elementor-column .elementor-spacer-inner{height:var(--spacer-size)}.e-con{--container-widget-width:100%}.e-con-inner>.elementor-widget-spacer,.e-con>.elementor-widget-spacer{width:var(--container-widget-width,var(--spacer-size));--align-self:var(--container-widget-align-self,initial);--flex-shrink:0}.e-con-inner>.elementor-widget-spacer>.elementor-widget-container,.e-con>.elementor-widget-spacer>.elementor-widget-container{height:100%;width:100%}.e-con-inner>.elementor-widget-spacer>.elementor-widget-container>.elementor-spacer,.e-con>.elementor-widget-spacer>.elementor-widget-container>.elementor-spacer{height:100%}.e-con-inner>.elementor-widget-spacer>.elementor-widget-container>.elementor-spacer>.elementor-spacer-inner,.e-con>.elementor-widget-spacer>.elementor-widget-container>.elementor-spacer>.elementor-spacer-inner{height:var(--container-widget-height,var(--spacer-size))}.e-con-inner>.elementor-widget-spacer.elementor-widget-empty,.e-con>.elementor-widget-spacer.elementor-widget-empty{position:relative;min-height:22px;min-width:22px}.e-con-inner>.elementor-widget-spacer.elementor-widget-empty .elementor-widget-empty-icon,.e-con>.elementor-widget-spacer.elementor-widget-empty .elementor-widget-empty-icon{position:absolute;top:0;bottom:0;left:0;right:0;margin:auto;padding:0;width:22px;height:22px}<\/style>\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d8d4135 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"d8d4135\" data-element_type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;none&quot;}\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.18.0 - 06-12-2023 *\/\n.elementor-widget-divider{--divider-border-style:none;--divider-border-width:1px;--divider-color:#0c0d0e;--divider-icon-size:20px;--divider-element-spacing:10px;--divider-pattern-height:24px;--divider-pattern-size:20px;--divider-pattern-url:none;--divider-pattern-repeat:repeat-x}.elementor-widget-divider .elementor-divider{display:flex}.elementor-widget-divider .elementor-divider__text{font-size:15px;line-height:1;max-width:95%}.elementor-widget-divider .elementor-divider__element{margin:0 var(--divider-element-spacing);flex-shrink:0}.elementor-widget-divider .elementor-icon{font-size:var(--divider-icon-size)}.elementor-widget-divider .elementor-divider-separator{display:flex;margin:0;direction:ltr}.elementor-widget-divider--view-line_icon .elementor-divider-separator,.elementor-widget-divider--view-line_text .elementor-divider-separator{align-items:center}.elementor-widget-divider--view-line_icon .elementor-divider-separator:after,.elementor-widget-divider--view-line_icon .elementor-divider-separator:before,.elementor-widget-divider--view-line_text .elementor-divider-separator:after,.elementor-widget-divider--view-line_text .elementor-divider-separator:before{display:block;content:\"\";border-bottom:0;flex-grow:1;border-top:var(--divider-border-width) var(--divider-border-style) var(--divider-color)}.elementor-widget-divider--element-align-left .elementor-divider .elementor-divider-separator>.elementor-divider__svg:first-of-type{flex-grow:0;flex-shrink:100}.elementor-widget-divider--element-align-left .elementor-divider-separator:before{content:none}.elementor-widget-divider--element-align-left .elementor-divider__element{margin-left:0}.elementor-widget-divider--element-align-right .elementor-divider .elementor-divider-separator>.elementor-divider__svg:last-of-type{flex-grow:0;flex-shrink:100}.elementor-widget-divider--element-align-right .elementor-divider-separator:after{content:none}.elementor-widget-divider--element-align-right .elementor-divider__element{margin-right:0}.elementor-widget-divider:not(.elementor-widget-divider--view-line_text):not(.elementor-widget-divider--view-line_icon) .elementor-divider-separator{border-top:var(--divider-border-width) var(--divider-border-style) var(--divider-color)}.elementor-widget-divider--separator-type-pattern{--divider-border-style:none}.elementor-widget-divider--separator-type-pattern.elementor-widget-divider--view-line .elementor-divider-separator,.elementor-widget-divider--separator-type-pattern:not(.elementor-widget-divider--view-line) .elementor-divider-separator:after,.elementor-widget-divider--separator-type-pattern:not(.elementor-widget-divider--view-line) .elementor-divider-separator:before,.elementor-widget-divider--separator-type-pattern:not([class*=elementor-widget-divider--view]) .elementor-divider-separator{width:100%;min-height:var(--divider-pattern-height);-webkit-mask-size:var(--divider-pattern-size) 100%;mask-size:var(--divider-pattern-size) 100%;-webkit-mask-repeat:var(--divider-pattern-repeat);mask-repeat:var(--divider-pattern-repeat);background-color:var(--divider-color);-webkit-mask-image:var(--divider-pattern-url);mask-image:var(--divider-pattern-url)}.elementor-widget-divider--no-spacing{--divider-pattern-size:auto}.elementor-widget-divider--bg-round{--divider-pattern-repeat:round}.rtl .elementor-widget-divider .elementor-divider__text{direction:rtl}.e-con-inner>.elementor-widget-divider,.e-con>.elementor-widget-divider{width:var(--container-widget-width,100%);--flex-grow:var(--container-widget-flex-grow)}<\/style>\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-14e35c8 elementor-widget elementor-widget-heading\" data-id=\"14e35c8\" data-element_type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;none&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.18.0 - 06-12-2023 *\/\n.elementor-heading-title{padding:0;margin:0;line-height:1}.elementor-widget-heading .elementor-heading-title[class*=elementor-size-]>a{color:inherit;font-size:inherit;line-height:inherit}.elementor-widget-heading .elementor-heading-title.elementor-size-small{font-size:15px}.elementor-widget-heading .elementor-heading-title.elementor-size-medium{font-size:19px}.elementor-widget-heading .elementor-heading-title.elementor-size-large{font-size:29px}.elementor-widget-heading .elementor-heading-title.elementor-size-xl{font-size:39px}.elementor-widget-heading .elementor-heading-title.elementor-size-xxl{font-size:59px}<\/style><h1 class=\"elementor-heading-title elementor-size-default\">Cas client<\/h1>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-99a4894 elementor-widget elementor-widget-heading\" data-id=\"99a4894\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Retour d'exp\u00e9rience de mission<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-293ac1c elementor-hidden-desktop elementor-hidden-tablet elementor-widget elementor-widget-spacer\" data-id=\"293ac1c\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-81d3b62 elementor-invisible\" data-id=\"81d3b62\" data-element_type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeInRight&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-45fbb55 elementor-widget elementor-widget-spacer\" data-id=\"45fbb55\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-52d4c53 elementor-widget__width-initial elementor-widget elementor-widget-image\" data-id=\"52d4c53\" data-element_type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;none&quot;}\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.18.0 - 06-12-2023 *\/\n.elementor-widget-image{text-align:center}.elementor-widget-image a{display:inline-block}.elementor-widget-image a img[src$=\".svg\"]{width:48px}.elementor-widget-image img{vertical-align:middle;display:inline-block}<\/style>\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/www.dcmitsecurity.com\/wp-content\/uploads\/2024\/01\/code-coding-development-svgrepo-com.svg\" class=\"attachment-medium size-medium wp-image-2174\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3f83ca6 elementor-widget elementor-widget-spacer\" data-id=\"3f83ca6\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-96f5bf2 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"96f5bf2\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-no\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-a11b0ae\" data-id=\"a11b0ae\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-11c880e elementor-widget elementor-widget-spacer\" data-id=\"11c880e\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ca7ca76 elementor-widget elementor-widget-heading\" data-id=\"ca7ca76\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Contexte de la mission<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8d2ea34 elementor-widget elementor-widget-heading\" data-id=\"8d2ea34\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Mise en situation<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a712844 elementor-widget elementor-widget-text-editor\" data-id=\"a712844\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.18.0 - 06-12-2023 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#69727d;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#69727d;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<p style=\"text-align: justify;\"><span style=\"font-style: inherit; font-weight: inherit; font-family: var( --e-global-typography-text-font-family ), Sans-serif; color: var(--ast-global-color-3);\">L&rsquo;entreprise s&rsquo;appr\u00eate \u00e0 d\u00e9m\u00e9nager et souhaite en profiter pour passer \u00e0 l&rsquo;\u00e9chelle son infrastructure IT. Elle h\u00e9berge chez un fournisseur cloud un site vitrine et une boutique, ainsi que quelques applications m\u00e9tiers d\u00e9velopp\u00e9es en interne et souhaite en cr\u00e9er de nouvelles. Elle souhaite \u00e9galement passer en revue la s\u00e9curit\u00e9 de ses syst\u00e8mes afin de conna\u00eetre et d&rsquo;ajuster son niveau de risque face \u00e0 la menace cyber.<\/span><\/p><p style=\"text-align: justify;\"><u>Contraintes :<\/u><\/p><ul><li style=\"text-align: justify;\">L&rsquo;entreprise est une petite infrastructure, les frais d&rsquo;h\u00e9bergements et de services doivent \u00eatre r\u00e9duits au minimum ;<\/li><li style=\"text-align: justify;\"><span style=\"font-style: inherit; font-weight: inherit; font-family: var( --e-global-typography-text-font-family ), Sans-serif; color: var(--ast-global-color-3);\">Certains employ\u00e9s travaillent r\u00e9guli\u00e8rement \u00e0 distance ;<\/span><\/li><li style=\"text-align: justify;\">La dur\u00e9e de mission est d\u00e9finie \u00e0 6 mois \u00e0 temps partiel (3\/5).<\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1b43f52 elementor-widget elementor-widget-heading\" data-id=\"1b43f52\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Infrastructure d'origine<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2a9cd4c elementor-widget elementor-widget-text-editor\" data-id=\"2a9cd4c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><u style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\">L&rsquo;infrastructure d&rsquo;origine comporte les \u00e9l\u00e9ments suivants :\u00a0<\/u><\/p><ul><li>Un site vitrine et une boutique ;<\/li><li>Une dizaine d&rsquo;applications m\u00e9tiers dont une partie est \u00e0 usage interne uniquement et une autre pour un usage avec des collaborateurs externes.\u00a0<\/li><\/ul><div><u>Le sch\u00e9ma r\u00e9seau suivant repr\u00e9sente l&rsquo;infrastructure d&rsquo;origine :\u00a0\u00a0<\/u><\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-aa0d6b7 elementor-widget elementor-widget-image\" data-id=\"aa0d6b7\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"10\" height=\"4\" src=\"https:\/\/www.dcmitsecurity.com\/wp-content\/uploads\/2024\/01\/Schema-darchitecture-OVH-v2-adjusted-V2.svg\" class=\"attachment-large size-large wp-image-2460\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-32d3ef6 elementor-widget elementor-widget-text-editor\" data-id=\"32d3ef6\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: justify;\"><span style=\"color: var(--ast-global-color-3); font-style: inherit; font-weight: inherit;\">Un audit de s\u00e9curit\u00e9 de l&rsquo;infrastructure a permis de r\u00e9v\u00e9ler que certaines mesures et bonnes pratiques de s\u00e9curit\u00e9 doivent \u00eatre mises en place afin d&rsquo;obtenir un niveau de s\u00e9curit\u00e9 <\/span><span style=\"color: var(--ast-global-color-3); font-style: inherit;\"><b>\u00e9lev\u00e9<\/b><\/span><span style=\"color: var(--ast-global-color-3); font-style: inherit; font-weight: inherit;\"> par rapport au contexte du client.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9358cbe elementor-widget elementor-widget-heading\" data-id=\"9358cbe\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Proposition d'architecture<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2e27bd7 elementor-widget elementor-widget-text-editor\" data-id=\"2e27bd7\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: justify;\"><u style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\">L&rsquo;architecture suivante est propos\u00e9e au client :\u00a0<\/u><\/p><ul style=\"text-align: justify;\"><li>Installation<b>\u00a0de serveurs physiques<\/b>\u00a0\u00ab\u00a0<b>On Premise\u00a0\u00bb<\/b> (au sein des locaux de l&rsquo;entreprise) afin d&rsquo;h\u00e9berger l&rsquo;ensemble des sites et services Web ;<\/li><li>Cr\u00e9ation d&rsquo;un cluster\u00a0de<b> Haute Disponibilit\u00e9<\/b>\u00a0;<\/li><li>Installation d&rsquo;une <b>architecture de monitoring<\/b>\u00a0et de <b>d\u00e9tection et pr\u00e9vention d&rsquo;intrusion<\/b>\u00a0;<\/li><li><span style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\">Installation d&rsquo;un <\/span><span style=\"font-style: inherit; color: var(--ast-global-color-3);\"><b>VPN<\/b><\/span><span style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\"> pour acc\u00e9der aux services internes depuis Internet ;<\/span><\/li><li>Installation d&rsquo;un <b>serveur de backup.<\/b><\/li><\/ul><p style=\"text-align: justify;\"><span style=\"font-style: inherit; color: var(--ast-global-color-3);\"><u>Pr\u00e9cisions sur les choix cit\u00e9s ci-dessus :\u00a0<\/u><\/span><\/p><p style=\"text-align: justify;\">L&rsquo;installation d&rsquo;une infrastructure <b>On Premise<\/b>\u00a0est motiv\u00e9 par le besoin de <b>r\u00e9duire au minimum les co\u00fbts<\/b> d&rsquo;h\u00e9bergements et de services, sans limiter la mise \u00e0 niveau des serveurs en vue du d\u00e9ploiement de futures applications.<\/p><p style=\"text-align: justify;\"><span style=\"color: var(--ast-global-color-3); font-style: inherit; font-weight: inherit;\">Le choix des technologies de l&rsquo;ensemble de l&rsquo;architecture a \u00e9t\u00e9 motiv\u00e9 par l&rsquo;utilisation d&rsquo;outils\u00a0<\/span><span style=\"color: var(--ast-global-color-3); font-style: inherit;\"><b>\u00e9prouv\u00e9s<\/b><\/span><span style=\"color: var(--ast-global-color-3); font-style: inherit; font-weight: inherit;\">, <\/span><span style=\"color: var(--ast-global-color-3); font-style: inherit;\"><b>activement maintenus<\/b><\/span><span style=\"color: var(--ast-global-color-3); font-style: inherit; font-weight: inherit;\"> et <\/span><span style=\"color: var(--ast-global-color-3); font-style: inherit;\"><b>fortement document\u00e9s<\/b><\/span><span style=\"color: var(--ast-global-color-3); font-style: inherit; font-weight: inherit;\"> afin de <\/span><span style=\"color: var(--ast-global-color-3); font-style: inherit;\">r\u00e9duire la charge de travail<\/span> <span style=\"color: var(--ast-global-color-3); font-style: inherit;\">d&rsquo;installation, de configuration et de maintien en conditions op\u00e9rationnelles<\/span><span style=\"color: var(--ast-global-color-3); font-style: inherit;\">.\u00a0<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b3c8960 elementor-widget elementor-widget-heading\" data-id=\"b3c8960\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Travaux effecut\u00e9s<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-083374b elementor-widget elementor-widget-toggle\" data-id=\"083374b\" data-element_type=\"widget\" data-widget_type=\"toggle.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.18.0 - 06-12-2023 *\/\n.elementor-toggle{text-align:left}.elementor-toggle .elementor-tab-title{font-weight:700;line-height:1;margin:0;padding:15px;border-bottom:1px solid #d5d8dc;cursor:pointer;outline:none}.elementor-toggle .elementor-tab-title .elementor-toggle-icon{display:inline-block;width:1em}.elementor-toggle .elementor-tab-title .elementor-toggle-icon svg{margin-inline-start:-5px;width:1em;height:1em}.elementor-toggle .elementor-tab-title .elementor-toggle-icon.elementor-toggle-icon-right{float:right;text-align:right}.elementor-toggle .elementor-tab-title .elementor-toggle-icon.elementor-toggle-icon-left{float:left;text-align:left}.elementor-toggle .elementor-tab-title .elementor-toggle-icon .elementor-toggle-icon-closed{display:block}.elementor-toggle .elementor-tab-title .elementor-toggle-icon .elementor-toggle-icon-opened{display:none}.elementor-toggle .elementor-tab-title.elementor-active{border-bottom:none}.elementor-toggle .elementor-tab-title.elementor-active .elementor-toggle-icon-closed{display:none}.elementor-toggle .elementor-tab-title.elementor-active .elementor-toggle-icon-opened{display:block}.elementor-toggle .elementor-tab-content{padding:15px;border-bottom:1px solid #d5d8dc;display:none}@media (max-width:767px){.elementor-toggle .elementor-tab-title{padding:12px}.elementor-toggle .elementor-tab-content{padding:12px 10px}}.e-con-inner>.elementor-widget-toggle,.e-con>.elementor-widget-toggle{width:var(--container-widget-width);--flex-grow:var(--container-widget-flex-grow)}<\/style>\t\t<div class=\"elementor-toggle\">\n\t\t\t\t\t\t\t<div class=\"elementor-toggle-item\">\n\t\t\t\t\t<h4 id=\"elementor-tab-title-8591\" class=\"elementor-tab-title\" data-tab=\"1\" role=\"button\" aria-controls=\"elementor-tab-content-8591\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon elementor-toggle-icon-left\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-closed\"><svg class=\"e-font-icon-svg e-fas-caret-right\" viewBox=\"0 0 192 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M0 384.662V127.338c0-17.818 21.543-26.741 34.142-14.142l128.662 128.662c7.81 7.81 7.81 20.474 0 28.284L34.142 398.804C21.543 411.404 0 402.48 0 384.662z\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-opened\"><svg class=\"elementor-toggle-icon-opened e-font-icon-svg e-fas-caret-up\" viewBox=\"0 0 320 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M288.662 352H31.338c-17.818 0-26.741-21.543-14.142-34.142l128.662-128.662c7.81-7.81 20.474-7.81 28.284 0l128.662 128.662c12.6 12.599 3.676 34.142-14.142 34.142z\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-toggle-title\" tabindex=\"0\">Architecture syst\u00e8me et Haute Disponibilit\u00e9<\/a>\n\t\t\t\t\t<\/h4>\n\n\t\t\t\t\t<div id=\"elementor-tab-content-8591\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"1\" role=\"region\" aria-labelledby=\"elementor-tab-title-8591\"><h6 style=\"text-align: left;\">Introduction<\/h6><p style=\"text-align: justify;\">Le choix du support d&rsquo;h\u00e9bergement s&rsquo;est port\u00e9 sur un <b>cluster de<\/b>\u00a0<b>serveurs physiques h\u00e9bergeant des serveurs virtuels<\/b> (hyperviseur de type 1). Les serveurs virtuels (ou machines virtuelles) permettent la segmentation syst\u00e8me et r\u00e9seaux des diff\u00e9rents services qui y sont h\u00e9berg\u00e9s ainsi qu&rsquo;une facilit\u00e9 d&rsquo;administration et de configuration. Enfin, la segmentation syst\u00e8me des services facilite leurs sauvegardes et r\u00e9plications dans l&rsquo;objectif de mettre en place une haute disponibilit\u00e9 active\/passive.<\/p><p style=\"text-align: justify;\">Le cluster doit \u00eatre\u00a0<strong>accessible depuis Internet<\/strong> (r\u00e9seau Wide Area Network &#8211; <strong>WAN<\/strong>) afin d&rsquo;h\u00e9berger les sites publics (site vitrine, boutique, etc). Il doit \u00e9galement \u00eatre accessible depuis le <strong>r\u00e9seau interne<\/strong> (r\u00e9seau Local Area Network &#8211; <strong>LAN<\/strong>) afin d&rsquo;h\u00e9berger les services internes (applications m\u00e9tiers, drive interne, etc.).<\/p><p style=\"text-align: justify;\">Enfin, une <b>sauvegarde journali\u00e8re<\/b> des machines virtuelles est r\u00e9alis\u00e9e et conserv\u00e9e sur un serveur d\u00e9di\u00e9 et distant. L&rsquo;objectif du serveur distant est de sauver les donn\u00e9es de l&rsquo;entreprise en cas de sinistre.<\/p><p style=\"text-align: justify;\">La section suivante d\u00e9crit l&rsquo;architecture de <b>haute disponibilit\u00e9<\/b> choisie pour le client, permettant d&rsquo;assurer la disponibilit\u00e9 des services principaux (sites publics et services internes) en cas de d\u00e9faillance d&rsquo;un serveur physique ou d&rsquo;un serveur virtuel.<\/p><h6 style=\"text-align: justify;\">Architecture de Haute Disponibilit\u00e9 (HA)<\/h6><p style=\"text-align: justify;\">La cr\u00e9ation d&rsquo;un cluster de haute disponibilit\u00e9 n\u00e9cessite un minimum de trois n\u0153uds (serveurs physiques) afin d&rsquo;obtenir un quorum (nombre minimum de n\u0153uds actifs permettant d&rsquo;obtenir un \u00e9tat de coh\u00e9rence du cluster).\u00a0<\/p><p style=\"text-align: justify;\"><span style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\">Le cluster est de type <\/span><strong style=\"font-style: inherit; color: var(--ast-global-color-3);\">Actif-Passif<\/strong><span style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\">, c&rsquo;est-\u00e0-dire qu&rsquo;en cas de d\u00e9faillance d&rsquo;un n\u0153ud, les services pr\u00e9sents sur celui-ci sont red\u00e9marr\u00e9s automatiquement sur un autre n\u0153ud. Pour ce faire, les machines virtuelles pr\u00e9sentes sur un n\u0153uds sont r\u00e9guli\u00e8rement r\u00e9pliqu\u00e9es sur les autres n\u0153uds.<\/span><\/p><p style=\"text-align: justify;\"><u>Voici l&rsquo;architecture minimale requise pour un cluster de ce type :<\/u><\/p><p><a href=\"https:\/\/www.dcmitsecurity.com\/wp-content\/uploads\/2024\/06\/Archi-HA_3nodes.svg\"><img decoding=\"async\" class=\"wp-image-2740 alignleft\" src=\"https:\/\/www.dcmitsecurity.com\/wp-content\/uploads\/2024\/06\/Archi-HA_3nodes.svg\" alt=\"\" width=\"266\" height=\"426\" \/><\/a><\/p><p style=\"text-align: justify;\"><span style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\">La communication inter-n\u0153uds et la r\u00e9plication des machines virtuelles sont r\u00e9alis\u00e9es sur un r\u00e9seau d\u00e9di\u00e9 de haut d\u00e9bit (10GbE). Le commutateur SW_HA permet l&rsquo;interconnexion de ce r\u00e9seau entre les n\u0153uds.<\/span><\/p><p style=\"text-align: justify;\"><span style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\">Dans cette architecture, deux <\/span><i style=\"font-weight: inherit; color: var(--ast-global-color-3);\">Points de D\u00e9faillance Unique <\/i><span style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\">existent :<\/span><\/p><ul style=\"text-align: justify;\"><li>L&rsquo;acc\u00e8s r\u00e9seau du <em>Fournisseur d&rsquo;acc\u00e8s \u00e0 Internet\u00a0<\/em>(FAI) ;<\/li><li>Les commutateurs r\u00e9seau SW_WAN, SW_LAN et SW_HA pouvant \u00eatre rapidement remplac\u00e9s par un commutateur en r\u00e9serve.<\/li><\/ul><p style=\"text-align: justify;\">\u00c9tant donn\u00e9 le co\u00fbt d&rsquo;abonnement \u00e0 un second acc\u00e8s Internet aupr\u00e8s d&rsquo;un second FAI, le client accepte le risque.<\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-toggle-item\">\n\t\t\t\t\t<h4 id=\"elementor-tab-title-8592\" class=\"elementor-tab-title\" data-tab=\"2\" role=\"button\" aria-controls=\"elementor-tab-content-8592\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon elementor-toggle-icon-left\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-closed\"><svg class=\"e-font-icon-svg e-fas-caret-right\" viewBox=\"0 0 192 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M0 384.662V127.338c0-17.818 21.543-26.741 34.142-14.142l128.662 128.662c7.81 7.81 7.81 20.474 0 28.284L34.142 398.804C21.543 411.404 0 402.48 0 384.662z\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-opened\"><svg class=\"elementor-toggle-icon-opened e-font-icon-svg e-fas-caret-up\" viewBox=\"0 0 320 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M288.662 352H31.338c-17.818 0-26.741-21.543-14.142-34.142l128.662-128.662c7.81-7.81 20.474-7.81 28.284 0l128.662 128.662c12.6 12.599 3.676 34.142-14.142 34.142z\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-toggle-title\" tabindex=\"0\">Architecture r\u00e9seaux<\/a>\n\t\t\t\t\t<\/h4>\n\n\t\t\t\t\t<div id=\"elementor-tab-content-8592\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"2\" role=\"region\" aria-labelledby=\"elementor-tab-title-8592\"><p style=\"text-align: justify;\">L&rsquo;architecture r\u00e9seau est bas\u00e9e sur l&rsquo;utilisation des <i>Virtual LAN <\/i>(VLAN), qui sont des r\u00e9seaux locaux virtuels au sein d&rsquo;un r\u00e9seau local (LAN). Ainsi, sur un m\u00eame lien r\u00e9seau physique, plusieurs r\u00e9seaux locaux ind\u00e9pendants coexistent. Les VLANs permettent la segmentation r\u00e9seau.<\/p><p style=\"text-align: justify;\"><u>L&rsquo;architecture suivante segmente le r\u00e9seau en cinq zones distinctes :<\/u><\/p><ul style=\"text-align: justify;\"><li><b>Zone d\u00e9militaris\u00e9e 1<\/b> (DMZ1) &#8211; R\u00e9seau d&rsquo;h\u00e9bergement des <b>services<\/b> <b>ouverts sur Internet<\/b> (site, boutique, etc.) ;<\/li><li><b>Zone d\u00e9militaris\u00e9e 2 <\/b>(DMZ2) &#8211; R\u00e9seau d&rsquo;h\u00e9bergement des <b>bases de donn\u00e9es<\/b> utilis\u00e9es par les services en <b>DMZ1 ;<\/b><\/li><li>Zone de<b> r\u00e9seau interne<\/b> (INTERNE) &#8211; R\u00e9seau d&rsquo;h\u00e9bergement des <b>services internes<\/b> (non ouvert sur Internet), des utilisateurs et p\u00e9riph\u00e9riques de l&rsquo;entreprise ;<\/li><li>Zone de <b>r\u00e9seau invit\u00e9<\/b> (INVITE) &#8211; R\u00e9seau d\u00e9di\u00e9 pour les visiteurs utilisant le Wi-Fi invit\u00e9 ;<\/li><li>Zone de <b>r\u00e9seau d&rsquo;administration<\/b> (ADMIN) &#8211; R\u00e9seau d\u00e9di\u00e9 pour l&rsquo;administration de l&rsquo;ensemble des syst\u00e8mes.<\/li><\/ul><p style=\"text-align: justify;\">Les communications entre les zones sont restreintes par des r\u00e8gles de pare-feu pr\u00e9cises. Par exemple, la zone DMZ1 peut uniquement communiquer avec Internet et la zone DMZ2. La zone DMZ2 est isol\u00e9e de toute communication vers l&rsquo;ext\u00e9rieur. Ainsi, en cas de compromission d&rsquo;un serveur expos\u00e9 sur Internet, l&rsquo;attaquant ne pourra pas se propager sur le r\u00e9seau interne. <a href=\"https:\/\/www.dcmitsecurity.com\/wp-content\/uploads\/2024\/01\/Nouvelle-architecture-securise-ZONES-v4.svg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-2526\" src=\"https:\/\/www.dcmitsecurity.com\/wp-content\/uploads\/2024\/01\/Nouvelle-architecture-securise-ZONES-v4.svg\" alt=\"\" width=\"800\" height=\"509\" \/><\/a><\/p><p style=\"text-align: justify;\">Nous retrouvons sur le sch\u00e9ma les \u00e9l\u00e9ments suivants :<\/p><ul><li style=\"text-align: justify;\">Les serveurs applicatifs <i>SRV_DMZ1<\/i>, <i>SRV_DMZ2<\/i> et <i>SRV_INTERNE<\/i> ;<\/li><li style=\"text-align: justify;\">Le serveur des bases de donn\u00e9es des services publics\u00a0<i>DB_DMZ2<\/i> ;<\/li><li style=\"text-align: justify;\">Les points d&rsquo;acc\u00e8s wifi <i>AP_INVITE<\/i> et <i>AP_INTERNE<\/i> ;<\/li><li style=\"text-align: justify;\">Le pare-feu <i>FW<\/i>\u00a0;<\/li><li style=\"text-align: justify;\">Les stations de travail et p\u00e9riph\u00e9riques du r\u00e9seau interne.<\/li><\/ul><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-toggle-item\">\n\t\t\t\t\t<h4 id=\"elementor-tab-title-8593\" class=\"elementor-tab-title\" data-tab=\"3\" role=\"button\" aria-controls=\"elementor-tab-content-8593\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon elementor-toggle-icon-left\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-closed\"><svg class=\"e-font-icon-svg e-fas-caret-right\" viewBox=\"0 0 192 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M0 384.662V127.338c0-17.818 21.543-26.741 34.142-14.142l128.662 128.662c7.81 7.81 7.81 20.474 0 28.284L34.142 398.804C21.543 411.404 0 402.48 0 384.662z\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-opened\"><svg class=\"elementor-toggle-icon-opened e-font-icon-svg e-fas-caret-up\" viewBox=\"0 0 320 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M288.662 352H31.338c-17.818 0-26.741-21.543-14.142-34.142l128.662-128.662c7.81-7.81 20.474-7.81 28.284 0l128.662 128.662c12.6 12.599 3.676 34.142-14.142 34.142z\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-toggle-title\" tabindex=\"0\">Monitoring et s\u00e9curit\u00e9<\/a>\n\t\t\t\t\t<\/h4>\n\n\t\t\t\t\t<div id=\"elementor-tab-content-8593\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"3\" role=\"region\" aria-labelledby=\"elementor-tab-title-8593\"><h6 style=\"text-align: justify;\">Monitoring<\/h6><p style=\"text-align: justify;\">Une architecture de <b>centralisation des journaux syst\u00e8me<\/b> permet d&rsquo;avoir un retour en temps r\u00e9el de l&rsquo;<b>\u00e9tat des services et serveurs<\/b>.\u00a0 Ici, un ensemble de serveurs de centralisation des journaux (en orange sur le sch\u00e9ma) collectent les journaux des diff\u00e9rents serveurs et p\u00e9riph\u00e9riques pr\u00e9sents sur chaque zone r\u00e9seau. <span style=\"color: var(--ast-global-color-3); font-size: 1rem;\">Les journaux collect\u00e9s sont centralis\u00e9s sur un serveur de monitoring (tel que la suite <a href=\"https:\/\/www.elastic.co\/fr\/elastic-stack\">Elastic<\/a>) afin de les traiter (statistiques, graphiques, alertes, etc.).<a href=\"https:\/\/www.dcmitsecurity.com\/wp-content\/uploads\/2024\/01\/Nouvelle-architecture-securise-LOGS-V3.svg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-2527\" src=\"https:\/\/www.dcmitsecurity.com\/wp-content\/uploads\/2024\/01\/Nouvelle-architecture-securise-LOGS-V3.svg\" alt=\"\" width=\"800\" height=\"509\" \/><\/a><\/span><\/p><p style=\"text-align: justify;\">Nous retrouvons en orange sur le sch\u00e9ma les serveurs de journalisation <b>LOGS_DMZ1<\/b>, <b>LOGS_DMZ2<\/b> et <b>LOGS_INTERNE<\/b> qui retransmettent les journaux vers le serveur de monitoring (elastic).<\/p><h6 style=\"text-align: justify;\"><span style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\">S\u00e9curit\u00e9<\/span><\/h6><p style=\"text-align: justify;\"><span style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\">Cette architecture permet \u00e9galement l&rsquo;installation d&rsquo;outils de s\u00e9curit\u00e9 afin de d\u00e9tecter des comportements anormaux sur le r\u00e9seau ouvert sur Internet. <\/span><span style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\">Des outils de <\/span><span style=\"font-weight: inherit; color: var(--ast-global-color-3);\"><i>D\u00e9tection et de Pr\u00e9vention d&rsquo;Intrusions\u00a0<\/i>(IPS\/IDS)<\/span><span style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\"> tels que <\/span><a style=\"font-style: inherit; font-weight: inherit; background-color: #d9eae3;\" href=\"https:\/\/www.crowdsec.net\/\">Crowdsec<\/a><span style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\">\u00a0analysent les journaux et l\u00e8vent des alertes en cas de d\u00e9tection de signatures caract\u00e9ristiques d&rsquo;attaques. Crowdsec permet \u00e9galement de restreindre l&rsquo;acc\u00e8s \u00e0 une liste communautaire d&rsquo;adresses IP connues pour \u00eatre malveillantes.\u00a0<\/span><\/p><p style=\"text-align: justify;\"><span style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\">La mise en place de Crowdsec passe par l&rsquo;utilisation d&rsquo;un proxy inverse (en orange sur le sch\u00e9ma), permettant de cr\u00e9er un point d&rsquo;entr\u00e9e unique pour les trames r\u00e9seau provenant d&rsquo;Internet et d&rsquo;y appliquer les d\u00e9cisions prises : <a href=\"https:\/\/www.dcmitsecurity.com\/wp-content\/uploads\/2024\/01\/Nouvelle-architecture-securise-CROWDSEC-V4.svg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-2528\" src=\"https:\/\/www.dcmitsecurity.com\/wp-content\/uploads\/2024\/01\/Nouvelle-architecture-securise-CROWDSEC-V4.svg\" alt=\"\" width=\"800\" height=\"509\" \/><\/a><\/span><\/p><p style=\"text-align: justify;\"><span style=\"color: var(--ast-global-color-3); font-style: inherit; font-weight: inherit;\">Les d\u00e9cisions appliqu\u00e9es sur les adresses IP suspectes vont du simple blocage par captcha (pour diff\u00e9rencier un humain d&rsquo;une machine) au blocage temporaire ou d\u00e9finitif de l&rsquo;acc\u00e8s. Les d\u00e9cisions sont r\u00e9guli\u00e8rement remont\u00e9es aupr\u00e8s de l&rsquo;API centrale de Crowdsec permettant de participer \u00e0 la liste communautaire d&rsquo;adresses IP malveillantes.<\/span><\/p><p><!-- notionvc: e72a5890-887b-44a3-9a5c-aaa466b8cd5c --><\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-toggle-item\">\n\t\t\t\t\t<h4 id=\"elementor-tab-title-8594\" class=\"elementor-tab-title\" data-tab=\"4\" role=\"button\" aria-controls=\"elementor-tab-content-8594\" aria-expanded=\"false\">\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon elementor-toggle-icon-left\" aria-hidden=\"true\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-closed\"><svg class=\"e-font-icon-svg e-fas-caret-right\" viewBox=\"0 0 192 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M0 384.662V127.338c0-17.818 21.543-26.741 34.142-14.142l128.662 128.662c7.81 7.81 7.81 20.474 0 28.284L34.142 398.804C21.543 411.404 0 402.48 0 384.662z\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t<span class=\"elementor-toggle-icon-opened\"><svg class=\"elementor-toggle-icon-opened e-font-icon-svg e-fas-caret-up\" viewBox=\"0 0 320 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M288.662 352H31.338c-17.818 0-26.741-21.543-14.142-34.142l128.662-128.662c7.81-7.81 20.474-7.81 28.284 0l128.662 128.662c12.6 12.599 3.676 34.142-14.142 34.142z\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t<a class=\"elementor-toggle-title\" tabindex=\"0\">H\u00e9bergement<\/a>\n\t\t\t\t\t<\/h4>\n\n\t\t\t\t\t<div id=\"elementor-tab-content-8594\" class=\"elementor-tab-content elementor-clearfix\" data-tab=\"4\" role=\"region\" aria-labelledby=\"elementor-tab-title-8594\"><h6 style=\"text-align: justify;\">Conteneurisation<\/h6><p style=\"text-align: justify;\">Une grande partie des sites et services h\u00e9berg\u00e9s sont <b>conteneuris\u00e9s<\/b> gr\u00e2ce \u00e0 la technologie <a href=\"https:\/\/www.docker.com\/\">Docker<\/a>. La conteneurisation permet de <b>cr\u00e9er des environnements isol\u00e9s<\/b> du syst\u00e8me h\u00f4te (appel\u00e9s conteneurs). Ainsi, plusieurs applications n\u00e9cessitant des environnements syst\u00e8me compl\u00e8tement oppos\u00e9s peuvent fonctionner sur le m\u00eame serveur h\u00f4te, sans impact ni conflit avec ce dernier. Le syst\u00e8me h\u00f4te ne devient alors qu&rsquo;un support d&rsquo;h\u00e9bergement de conteneur.<\/p><p style=\"text-align: justify;\">La conteneurisation permet donc<span style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\">\u00a0une grande souplesse et facilite l&rsquo;administration et le d\u00e9ploiement de services. De plus, si la technologie est correctement utilis\u00e9e et configur\u00e9e, elle ajoute une couche suppl\u00e9mentaire de s\u00e9curit\u00e9.<\/span><\/p><h6 style=\"text-align: justify;\"><span style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\">Public Key Infrastructure\u00a0<\/span><\/h6><p style=\"text-align: justify;\">Lors de l&rsquo;h\u00e9bergement de services Web dans un r\u00e9seau local d&rsquo;entreprise, un <i><b>Domain Name Server<\/b><\/i> (DNS) interne est configur\u00e9 afin de r\u00e9soudre les noms d&rsquo;h\u00f4tes internes (exemple : app.entreprise.corp). Ainsi, afin d&rsquo;\u00e9tablir des <b>connexions s\u00e9curis\u00e9es<\/b> et de <b>confiance<\/b> vers ces noms d&rsquo;h\u00f4tes,\u00a0<span style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\">une <\/span><span style=\"color: var(--ast-global-color-3);\"><i><b>Public Key Infrastructure<\/b><\/i><\/span><span style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\"> (PKI) doit \u00eatre mise en place afin de <\/span><span style=\"font-style: inherit; color: var(--ast-global-color-3);\"><b>cr\u00e9er une arborescence de certificats SSL<\/b><\/span><span style=\"font-style: inherit; font-weight: inherit; color: var(--ast-global-color-3);\">\u00a0<\/span><span style=\"color: var(--ast-global-color-3); font-size: 1rem;\">d&rsquo;autorit\u00e9s, interm\u00e9diaires et de services\/utilisateurs.\u00a0<\/span><\/p><p style=\"text-align: justify;\"><span style=\"color: var(--ast-global-color-3); font-size: 1rem;\">Une PKI est une chaine\u00a0<\/span><span style=\"color: var(--ast-global-color-3); font-size: 1rem;\">de confiance\u00a0<\/span><span style=\"color: var(--ast-global-color-3); font-size: 1rem; font-style: inherit; font-weight: inherit;\">arborescente de certificats dont chaque certificat est sign\u00e9 par le certificat interm\u00e9diaire du niveau sup\u00e9rieur. Lorsque le certificat public d&rsquo;autorit\u00e9 est install\u00e9 sur un p\u00e9riph\u00e9rique, celui-ci peut alors \u00e9tablir une communication de confiance avec un pair utilisant un certificat provenant \u00e9galement de la PKI.\u00a0<\/span><\/p><\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5a4c85f elementor-widget elementor-widget-heading\" data-id=\"5a4c85f\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Architecture compl\u00e8te<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-746e37a elementor-widget elementor-widget-text-editor\" data-id=\"746e37a\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p style=\"text-align: justify;\">Le sch\u00e9ma ci-dessous repr\u00e9sente l&rsquo;architecture compl\u00e8te du r\u00e9seau, nous y retrouvons les \u00e9l\u00e9ments cit\u00e9s pr\u00e9c\u00e9demment, soit :<\/p><ul><li style=\"text-align: justify;\">Les zones r\u00e9seaux <i>DMZ1<\/i>, <i>DMZ2<\/i>, <i>INTERNE<\/i>, <i>INVITE<\/i>\u00a0et <i>ADMIN<\/i><\/li><li style=\"text-align: justify;\">Les serveurs de centralisation des journaux syst\u00e8mes <i>LOGS_DMZ1<\/i>, <i>LOGS_DMZ2<\/i> et <i>LOGS_INTERNE<\/i><\/li><li style=\"text-align: justify;\">Le serveur de backup d\u00e9port\u00e9 <i>SRV_BCK<\/i><\/li><li style=\"text-align: justify;\">Le pare-feu <i>FW<\/i><\/li><li style=\"text-align: justify;\">Les serveurs applicatifs et les bases de donn\u00e9es <i>SRV_DMZ1<\/i>, <i>DB_DMZ2<\/i> et <i>SRV_INTERNE<\/i><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0cf3424 elementor-widget elementor-widget-image\" data-id=\"0cf3424\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"11\" height=\"7\" src=\"https:\/\/www.dcmitsecurity.com\/wp-content\/uploads\/2024\/01\/Nouvelle-architecture-securise-Simplifie-V6.svg\" class=\"attachment-large size-large wp-image-2530\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4746651 elementor-hidden-desktop elementor-hidden-tablet elementor-hidden-mobile elementor-widget elementor-widget-text-editor\" data-id=\"4746651\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>\u00a0<\/p><p>NOTES INTERNES :<\/p><p>Parler du SSO ?<\/p><ul><li>Application des recommandations de s\u00e9curit\u00e9 de l\u2019ANSSI sur le d\u00e9ploiement de conteneur Docker (ANSSI-FT-082)<\/li><li>Application des recommandations de s\u00e9curit\u00e9 de l\u2019ANSSI sur l\u2019interconnexion d\u2019un syst\u00e8me d\u2019information \u00e0 internet (ANSSI-PA-066)<\/li><\/ul><div>\u00a0<\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7bea0cd elementor-section-height-min-height elementor-section-boxed elementor-section-height-default elementor-section-items-middle\" data-id=\"7bea0cd\" data-element_type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-no\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f038916\" data-id=\"f038916\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ef657ac elementor-widget__width-auto elementor-widget elementor-widget-heading\" data-id=\"ef657ac\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\"><a href=\"https:\/\/www.dcmitsecurity.com\/index.php\/contact\/\">Contact<\/a><\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6722200 elementor-widget__width-auto elementor-view-default elementor-widget elementor-widget-icon\" data-id=\"6722200\" data-element_type=\"widget\" data-widget_type=\"icon.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-icon-wrapper\">\n\t\t\t<a class=\"elementor-icon elementor-animation-float\" href=\"https:\/\/www.dcmitsecurity.com\/index.php\/contact\/\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 2048 2048\"><path d=\"M6.125 1088h1797.89l-402.976 403 89.994 90L2048 1024l-556.966-557-89.994 90 402.976 403H6.125v128z\"><\/path><\/svg>\t\t\t<\/a>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4318fba elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4318fba\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0252e25\" data-id=\"0252e25\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap\">\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Cas client Retour d&rsquo;exp\u00e9rience de mission Contexte de la mission Mise en situation L&rsquo;entreprise s&rsquo;appr\u00eate \u00e0 d\u00e9m\u00e9nager et souhaite en profiter pour passer \u00e0 l&rsquo;\u00e9chelle son infrastructure IT. Elle h\u00e9berge chez un fournisseur cloud un site vitrine et une boutique, ainsi que quelques applications m\u00e9tiers d\u00e9velopp\u00e9es en interne et souhaite en cr\u00e9er de nouvelles. Elle &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/www.dcmitsecurity.com\/index.php\/portfolio\/\"> <span class=\"screen-reader-text\">Portfolio<\/span> Lire la suite\u00a0\u00bb<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"site-sidebar-layout":"no-sidebar","site-content-layout":"page-builder","ast-site-content-layout":"full-width-container","site-content-style":"unboxed","site-sidebar-style":"unboxed","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"disabled","ast-breadcrumbs-content":"disabled","ast-featured-img":"disabled","footer-sml-layout":"","theme-transparent-header-meta":"enabled","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"class_list":["post-14","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.dcmitsecurity.com\/index.php\/wp-json\/wp\/v2\/pages\/14","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dcmitsecurity.com\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.dcmitsecurity.com\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.dcmitsecurity.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dcmitsecurity.com\/index.php\/wp-json\/wp\/v2\/comments?post=14"}],"version-history":[{"count":305,"href":"https:\/\/www.dcmitsecurity.com\/index.php\/wp-json\/wp\/v2\/pages\/14\/revisions"}],"predecessor-version":[{"id":2755,"href":"https:\/\/www.dcmitsecurity.com\/index.php\/wp-json\/wp\/v2\/pages\/14\/revisions\/2755"}],"wp:attachment":[{"href":"https:\/\/www.dcmitsecurity.com\/index.php\/wp-json\/wp\/v2\/media?parent=14"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}