Auteur/autrice : Matthieu Filizzola

  • Comprendre la granularité de l’autorisation d’accès : du coarse-grained au fine-grained

    Imaginez un bâtiment où tout le monde posséderait la même clé : du stagiaire au directeur, chacun pourrait ouvrir les mêmes portes. Gestion simple… mais surface de risque immense.

    À l’inverse, imaginez un bâtiment où chaque porte, chaque tiroir, chaque armoire nécessiterait une clé spécifique : sécurité maximale, mais complexité ingérable.

    Entre ces deux extrêmes se situe la réalité du contrôle d’accès moderne. Les organisations doivent ajuster finement la granularité de leurs autorisations, ni trop large, ni trop pointilliste afin de garantir sécurité, flexibilité et conformité.

    Cet article présente les trois grands niveaux de granularité : coarse-grained, medium-grained et fine-grained authorization, et explique comment ils s’articulent dans les systèmes d’accès contemporains.

    Comprendre ces niveaux est essentiel pour concevoir des architectures de sécurité robustes, adaptées à la conformité, à la résilience et aux exigences modernes de gouvernance des accès.

    Les fondements du contrôle d’accès

    Avant d’entrer dans la granularité, rappelons les deux piliers du contrôle d’accès :

    • Authentification : prouver qui est l’utilisateur.
    • Autorisation : déterminer ce qu’il peut voir, faire ou modifier.

    Ces mécanismes reposent sur différents modèles :

    • DAC (Discretionary Access Control) : droits attribués à la discrétion du propriétaire d’une ressource. Simple, mais risqué.
    • MAC (Mandatory Access Control) : décisions centralisées basées sur des niveaux de classification. Très sûr, très rigide.
    • RBAC (Role-Based Access Control) : droits attribués par rôle, scalable et intuitif.

    Les évolutions modernes incluent ABAC, PBAC et ReBAC, intégrant des décisions dynamiques basées sur des attributs, des politiques ou des relations.

    La granularité se superpose à tous ces modèles pour définir le niveau de détail des autorisations.

    L’autorisation à granularité grossière (Coarse-Grained Authorization)

    Le coarse-grained repose sur un critère unique ou très large : rôle, service, groupe, réseau, etc.

    Tous les utilisateurs partageant ce critère reçoivent le même niveau d’accès, sans variation contextuelle.

    On met les utilisateurs dans de grands “paniers” : Employés, Managers, RH, IT… et chaque panier reçoit ou perd un bloc d’autorisations.

    Exemples
    • « Utilisateur dans le département Ventes → accès CRM autorisé. »
    • « Adresse IP interne → accès au portail interne. »
    Avantages
    • Très simple et rapide à administrer.
    • Performant et peu coûteux.
    • Lisible pour l’audit de haut niveau.
    Limites
    • Manque de finesse : contrevient au principe du moindre privilège.
    • Rigidité : peu adapté aux cas particuliers.
    • Explosion du nombre de règles avec la croissance de l’organisation.
    • Risque élevé en cas de compromission d’un rôle large.

    L’autorisation à granularité moyenne (Medium-Grained)

    Le medium-grained se situe entre les accès globaux et les contrôles hyper précis.

    Il s’applique généralement au niveau des API, services ou modules.

    Il répond à des questions comme :

    « Cet utilisateur peut-il exécuter GET/POST/DELETE sur ce point d’entrée précis ? »

    Les décisions reposent sur :

    • rôle,
    • méthode HTTP,
    • scopes / claims du jeton,
    • métadonnées d’API.
    Modèles associés
    • RBAC enrichi (rôles + actions par endpoint)
    • ABAC simplifié (quelques attributs simples)
    Avantages
    • Parfait pour les architectures microservices.
    • Contrôle précis des opérations (GET vs DELETE).
    • Lisible, auditable, scalable depuis un RBAC existant.
    Limites
    • Ne protège pas encore les données internes (ligne, champ…).
    • Multiplication rapide des règles si non centralisées.
    • Peu ou pas de contexte dynamique.

    L’autorisation à granularité fine (Fine-Grained Authorization)

    La FGA permet des décisions d’accès contextuelles, dynamiques, conditionnelles, souvent au niveau :

    • de l’enregistrement,
    • du champ,
    • de l’attribut,
    • de la relation organisationnelle.

    Elle s’appuie sur ABAC, PBAC ou ReBAC.

    Critères évalués
    • Attributs utilisateur (rôle, service, habilitation)
    • Sensibilité et propriétaire de la ressource
    • Contexte (heure, appareil, localisation, risque)
    • Type d’action demandée
    Avantages
    • Précision maximale
    • Mise en œuvre du moindre privilège
    • Aligné avec les stratégies Zero Trust et les exigences réglementaires
    Limites
    • Très complexe à modéliser
    • Dépend fortement de la qualité des attributs
    • Impact potentiel sur la performance

    Vers une approche multi-niveau

    Les organisations modernes combinent les trois :

    • Coarse-grained pour déterminer l’accès global à l’application (SSO / IAM).
    • Medium-grained pour contrôler les actions dans l’application.
    • Fine-grained pour sécuriser les données sensibles selon le contexte.

    Cette approche en couches permet un contrôle d’accès :

    global, opérationnel, contextuel.

    La granularité n’est pas un détail technique : c’est un indicateur de maturité en gouvernance des accès.

    • Le coarse-grained fixe le périmètre général.
    • Le medium-grained régule les actions.
    • Le fine-grained apporte la précision contextuelle indispensable.

    Avec la montée des architectures distribuées et des exigences de conformité, combiner intelligemment ces trois niveaux devient un impératif stratégique. Les approches policy-as-code permettent désormais d’automatiser ces règles, de les centraliser et de renforcer la lisibilité globale du contrôle d’accès.

  • Travailler chez Ariovis ça ressemble à quoi ?

    Travailler chez Ariovis, ça ressemble à quoi ?

    Chez Ariovis, on parle souvent de sécurité, de conformité, d’IAM ou de PAM. Mais au quotidien, il s’agit surtout d’un travail collectif où la rigueur, la curiosité et la confiance font la différence. Derrière chaque mission IAM, PAM ou Zero Trust, il y a des ingénieurs, des consultants et des profils hybrides, tous animés par la même exigence : faire les choses sérieusement, avec méthode et engagement.

    Un recrutement exigeant, à l’image de nos projets

    Rejoindre Ariovis, c’est intégrer une équipe qui aime les défis et valorise l’excellence technique. Notre approche du recrutement est simple : clarté, exigence et transparence. Chaque rencontre est l’occasion d’un échange sincère : comprendre les motivations, identifier les forces et s’assurer que la collaboration s’inscrira dans la durée. Les candidats échangent avec plusieurs membres de l’équipe, découvrent nos projets et nos méthodes avant même de signer.

    Louis Munzner, consultant Ariovis

    « Pour moi, le recrutement chez Ariovis se démarque surtout par sa transparence, et c’est clairement ce qui fait sa force. L’objectif est simple : exprimer clairement les besoins de l’entreprise, tout en cherchant à comprendre ceux du candidat. C’est un recrutement qui ne cherche pas à « tester » mais à comprendre, et c’est ce qui rend l’expérience à la fois humaine et constructive. »

    Cette exigence dès le départ pose les bases : rigueur, bienveillance et envie de progresser ensemble. 

    Des experts reconnus, passionnés et engagés

    Les équipes Ariovis rassemblent des profils confirmés IAM, PAM, sécurité applicative, gouvernance d’accès et certifiés sur les solutions phares du marché (Usercube, Netwrix, Ping Identity, CyberArk…).

    Au-delà des outils, c’est la capacité à comprendre les enjeux, à structurer et à transmettre qui fait la différence.

    Enaëlle Desclous, consultante Ariovis

    « Ce qui m’a marqué dès le début du recrutement, c’est le fait que l’humain soit autant valorisé que les compétences techniques. L’entraide au sein de l’équipe, en plus des formations externes, m’a permis de prendre rapidement de nouvelles responsabilités. » 

    Ici, la progression n’est pas un mot creux : pair programming, retours d’expérience, échanges entre pairs et accompagnement par des référents font partie du quotidien. Pas de hiérarchie rigide, mais une exigence partagée. Une équipe soudée, exigeante et bienveillante

    Quentin Joly, consultant Ariovis

    « Dès le début, on a un visage lors des entretiens, on se met à notre place. Bien plus que le côté technique, c’est l’humain qui est retenu : sa motivation, ses envies. On ne m’a pas menti : s’il y a autant d’efforts sur le recrutement, c’est parce qu’ici, c’est une équipe soudée qui est recherchée pour travailler sur le long terme. »

    Au fil des projets, cette cohésion s’exprime naturellement : on échange, on se challenge, on se forme mutuellement. Les succès individuels nourrissent la réussite collective, et chaque mission devient une opportunité d’apprentissage et d’évolution. 

    L’expertise Ariovis, une exigence partagée

    Chez Ariovis, la maîtrise technique s’accompagne d’une culture forte de la qualité et du partage. Nos équipes interviennent sur des environnements complexes, souvent critiques, où précision, documentation et accompagnement client sont essentiels. Cette approche rigoureuse et collaborative garantit la fiabilité de nos interventions et la confiance durable de nos partenaires.

    En résumé

    Travailler chez Ariovis, c’est rejoindre un collectif d’experts exigeants, passionnés et accessibles. Des professionnels engagés dans leur travail, attachés à la qualité autant qu’à l’esprit d’équipe. On y apprend vite, on y progresse ensemble, et on y reste parce qu’on s’y sent utile. 

    Chez Ariovis, la compétence ne se revendique pas : elle se démontre, chaque jour, sur le terrain.

  • What’s My Cookie ? Comprendre et sécuriser vos cookies de session

    Pourquoi parler de cookies en cybersécurité ?

    Quand on évoque les cookies, on pense souvent à de
    petits fichiers marketing utilisés pour tracer notre navigation. Mais en
    cybersécurité, certains cookies jouent un rôle bien plus critique : les cookies
    de session.

    Ces jetons, générés après une authentification, remplacent
    temporairement votre mot de passe. Ils permettent à votre navigateur de prouver
    que vous êtes bien connecté, sans avoir à saisir vos identifiants à chaque
    action.

    ⚠ Problème : si un cookie de
    session est intercepté par un attaquant, celui-ci peut reprendre votre session
    sans déclencher d’alerte. Votre identité numérique devient alors directement
    exposée.

    Les cookies de session : un maillon faible de
    l’authentification

    • Ils
      contiennent votre identité numérique active
      : mot de passe remplacé
      par un simple jeton.
    • Ils
      circulent entre navigateur et serveur
      : parfois sans chiffrement
      suffisant.
    • Ils
      peuvent être mal configurés
      : durée trop longue, absence de protection
      HttpOnly ou Secure.

    Un cookie de session mal protégé ouvre la voie à des
    attaques comme :

    • Le session
      hijacking
      (détournement de session).
    • Le cross-site
      scripting
      (XSS) exploitant un cookie vulnérable.
    • Le
      vol d’identité numérique dans des environnements non sécurisés.

    Un outil concret pour comprendre : l’extension What’s
    My Cookie ?

    Pour accompagner la formation et la sensibilisation à ces
    enjeux, Ariovis a développé une extension Chrome gratuite : What’s My Cookie ?.

    Cette extension permet de :

    • Visualiser
      les cookies de session actifs
      sur le site consulté.
    • Analyser
      leur structure
      et comprendre leur portée.
    • Identifier
      rapidement les risques
      liés à une configuration faible ou vulnérable.

    Pour qui est pensé What’s My Cookie ?

    • Étudiants
      et jeunes experts en cybersécurité
      : un outil pédagogique accessible
      pour mieux appréhender l’Identity & Access Management (IAM) et
      les enjeux de sécurité des sessions.
    • Experts
      et auditeurs cyber
      : un support rapide pour tester, illustrer ou
      challenger les mécanismes d’authentification lors d’un audit.

    Comprendre pour mieux se protéger

    La cybersécurité ne repose pas seulement sur des solutions
    techniques avancées. Elle exige aussi une compréhension fine des mécanismes
    invisibles
    , comme ceux qui régissent la gestion des cookies.

    En adoptant des pratiques de configuration sécurisées et en
    utilisant des outils pédagogiques tels que What’s My Cookie ?,
    entreprises et experts peuvent réduire les risques liés à la compromission des
    sessions web.

    👉 Téléchargez l’extension
    What’s My Cookie ? dès aujourd’hui sur le Chrome Web Store.

  • Zero Trust & IAM: The Role of IAM in an Efficient Zero Trust Strategy

    The traditional perimeter model is becoming increasingly obsolete. Once an attacker enters the IT system and gains access to the internal network, they can move laterally (meaning they can explore and access systems and services within the network) often without strong authentication or authorization controls at each step. 

    This lack of control allows the attacker to increase privileges, access sensitive data, or compromise other systems. 

    This is where Zero Trust comes into play. In Zero Trust, nothing and no one is trusted by default, even within the perimeter. Access attempts are dynamically verified by taking into account identity, context, and security posture. 

    IAM (Identity and Access Management) aims to: 

    • Verify identity (human and non-human) 
    • ● Apply conditional access policies 
    • ● Manage rights with models (RBAC, ABAC, CBAC) 

    In this article, we will see that IAM is not just a component, but a pillar of a Zero Trust strategy. 

    Zero Trust in a nutshell According to the NIS 

    What is Zero Trust? 

    The NIST (National Institute of Standards and Technology) answers this question in a publication called Zero Trust Architecture

    NIST defines Zero Trust as a paradigm that grants no implicit trust to a user, device, or network (whether internal or external). Access to a resource must be authenticated, authorized, and continuously validated. 

    The 7 pillars of Zero Trust 

    To implement a sound Zero Trust strategy, NIST identifies 7 foundational pillars:

    1. Resources: All assets (data, devices, etc.) are considered resources. 
    2. Communication: Communications are no longer trusted, whether they are internal to company equipment or coming from outside. Consequently, the same security measures must be applied by default (they must be authenticated and authorized). 
    3. Session-based access: Access is granted per session with granular control. 
    4. Dynamic Policies: Access decisions are based on dynamic policies that include context and behavior analysis. 
    5. Monitoring: The integrity and security of company assets must be continuously monitored. 
    6. Authentication & Authorization: Access to resources is dynamically authenticated and authorized through continuous monitoring, re-evaluation, and policy enforcement to maintain a balance between security and efficiency. 
    7. Constant Improvement: The organization must collect as much information as possible about its assets, infrastructure, networks, and communications to strengthen its security policies. 

    Logical Components of a ZTA 

    There are several necessary logical components for implementing a ZTA (Zero Trust Architecture). These components are services that can be On-Premises or even in the cloud. 

    Here is the description of the components: 

    • Policy Engine (PE): Makes access decisions. 
    • Policy Administrator (PA): Implements decisions through the network. 
    • Policy Enforcement Point (PEP): Implements access policies at the resource level 
    • Data sources: CDM, PKI, SIEM, IAM, etc. 

    IAM: The Foundation of a ZTA Policy 

    IAM is at the Heart of Zero Trust 

    IAM manages, verifies, and controls identities (human and non-human). It enables granular and dynamic access control based on attributes, context (location, time), and behavioral context. 

    In Zero Trust, every decision depends on precise identity verification and real-time context evaluation. These two points are managed by IAM. 

    Without IAM, a Zero Trust strategy could not be relevant.

    Essential IAM components  

     Several IAM components are crucial for implementing a ZTA. Ariovis proposes here a list of essential components: 

    • Identity Lifecycle Management: Onboarding, Offboarding, Joiner-Mover-Leaver (JML), temporary access, all processes that ensure the right access at the right time for the necessary duration. 
    • Strong Authentication: Adaptive MFA, biometrics, passwordless. 
    • Rights Models: Use of rights models such as RBAC (Role-Based Access Control) and/or ABAC (Attribute-Based Access Control) for the principle of least privilege and contextual access. 
    • Privileged Access Management (PAM): Strict control and monitoring of administrator and sensitive accounts. 
    • Non-Person Identity (NPE): Securing the management of service accounts, API keys, secrets, and certificates used by services, bots, and applications.

    From traditional IAM to Zero Trust IAM 

    Static IAM vs Dynamic IAM 

    Traditionally, IAM relies on single authentication during login and a static RBAC model. Zero Trust IAM requires continuous validation of identity and context during a session. Access is dynamically re-evaluated based on context. 

    Integration with other Zero Trust components 

    IAM does not work in isolation in a ZTA. For IAM to be as effective as possible, it must be integrated with Zero Trust components: 

    • UEBA (User and Entity Behavior Analytics): By analyzing behavior and detecting anomalies, UEBA enables IAM to trigger additional authentication or dynamically restrict access. 
    • Policy Engine (PE) and Policy Administrator (PA): IAM directly uses these components to apply real-time decisions on access control. PE and PA will use IAM information to make granular decisions. 
    • Standard Protocols: SAML, OIDC (OpenID Connect), and SCIM protocols are essential for streamlining identity federation, authentication, and managing identity lifecycles. Here, you can find a guide on how to connect an application with OIDC.

    Migration to a ZTA 

    To migrate to a ZTA, there are two key points according to NIST: 

    • Start with a hybrid approach: Most organizations use a hybrid model, which combines the perimeter model with a Zero Trust approach. 
    • Progressive and based on Use Case: Migration should be incremental, focused on specific use cases rather than a complete transformation all at once. 

    Here are the key migration steps: 

    1. Identify the actors: To begin, list the users, services, and non-human identities that interact with resources. Don’t forget identities that come from shadow IT, which we call ​ « Hidden IAM  » 
    2. Asset inventory: Next, make an inventory of the hardware, software, data, and cloud services that the organization manages or owns. 
    3. Identify key processes: Then, identify critical workflows, and perform risk analysis to define access requirements. 
    4. Define access policies: Next, develop dynamic policies based on identities, asset status, and context (e.g., location, time, etc.) 
    5. Technology selection: Before deployment, research and choose solutions for Zero Trust components: IAM, PDP, PEP, etc. 
    6. Initial deployment and monitoring: Now begin deploying the ZTA. Start with low-risk use cases. Monitor the new architecture and make configuration adjustments if needed. 
    7. Extend the ZTA: Finally, continue deployment on increasingly critical systems. 

    Conclusion 

    IAM is much more than a cybersecurity component; it’s a pillar of a sound Zero Trust strategy. In a world where identity is a major target for attackers, IAM is the control tower for continuously verifying, authorizing, and monitoring every access request. 

    At Ariovis we apply these principles with our clients. In all our integrations, we use a Zero Trust approach. This means that every solution we implement has no implicit trust, requires authentication at every step, and applies dynamic rules based on context. For us, Zero Trust is not just a « buzzword, » but a concrete model anchored at the heart of our IAM projects. 

     

  • DNS4EU: Digital Security or Censorship Tool? What You Really Need to Know

    The internet is a space of freedom, but also a space of threats.

    In this context, the European Union launched DNS4EU: a European DNS service promoted as safer, more transparent, and more privacy-friendly. But since its announcement, opinions have been divided:

    Is DNS4EU a response to cybersecurity and digital sovereignty challenges, or a step toward greater state control of the internet?

    Let’s break down this sensitive topic and offer a practical guide for those who want to take back control.

    DNS: A small acronym, a big issue

    Before diving into DNS4EU, let’s clarify what DNS (Domain Name System) actually is.

    When you type a web address (like ariovis.fr), your device uses a DNS server to translate that domain name into an IP address, so you’re directed to the right website. Think of it as the invisible phone book of the internet.

    Here’s the problem: these DNS servers often belong to your internet provider or a major American tech company. They can:

    • log your queries,
    • exploit your data for commercial purposes,
    • or censor content, depending on the country and its policies.

    That’s where DNS4EU comes in.

    DNS4EU: An ambitious European project

    DNS4EU is a public DNS service supported by the European Commission, with clear goals:

    • provide local, secure DNS resolution,
    • offer a European alternative to Google, Cloudflare, OpenDNS, etc.,
    • protect citizens against digital threats (phishing, malware…),
    • comply with GDPR and reduce data exploitation for commercial use.

    In concrete terms, DNS4EU promises:

    • more privacy,
    • more transparency,
    • more technological sovereignty for Europeans.

    But some also see… a risk of misuse.

    Digital freedoms: A line that must not be crossed

    A fair question many people are asking: if Europe provides a centralized DNS, what’s to stop it from eventually blocking content or creating a blacklist of forbidden sites like in more authoritarian regimes?

    For now, DNS4EU is optional, and its setup is entirely voluntary.

    But this skepticism raises a broader question: who controls the internet’s critical infrastructure, and under what conditions?

    Using DNS4EU means choosing European transparency over the commercial opacity of some foreign services.

    But like any tool, it all comes down to how it’s governed and how it’s used.

    Using DNS4EU at home: Why (and how) to set it up?

    Despite the debates, DNS4EU can be a powerful cybersecurity tool for individuals.

    Switching your DNS to DNS4EU enables you to:

    • better protect your privacy,
    • automatically block malicious websites,
    • improve stability and speed, thanks to local infrastructure,
    • and filter sensitive content (useful for children, for instance).

    The good news: it only takes a few minutes to set up, directly on your internet router.

    At Ariovis, we’ve created simple, step-by-step guides tailored to each ISP:

    In just a few clicks, you can regain control of your browsing, without installing any software or configuring each device individually.

    In conclusion: Get informed to make better choices

    DNS4EU is neither a magic bullet nor a looming threat. It’s a tool, and it’s up to each person to make an informed decision about how to use it.

    The real challenge isn’t choosing between “freedom” or “security,” but finding a smart balance that respects your rights and meets your digital needs.

    By configuring your own DNS, you’re already taking a step toward more responsible and sovereign browsing.

    And if you want to go further — protect your home network, help your children navigate online, or just stay informed — check out our practical, easy-to-understand content on Instagram:
    @ariovis_officiel 

    Simple tips, no jargon, for a safer, more conscious web.

  • V25.06

    Ariovis keeps improving the client experience!

    Simplified access, streamlined communication, enriched content…
    Here’s a quick overview of the latest updates.

    New Features

    • Extranet :
      • Microsoft OAuth Now Available
        • Received your client access? Good news : you can now log in directly using your Microsoft account.

      •  
        Improved Client Communication
        • Implementation of a centralized system to efficiently share news, critical alerts, and personalized content with our clients.

    Improvements

    • Academy : 
      • Strengthen your understanding of IAM challenges with 8 targeted courses

        • Enriched with 8 expert modules focused on major IAM trends: artificial intelligence, digital identity, security, sovereignty, access innovations… Everything you need to strengthen your skills on today’s and tomorrow’s key challenges.

    Fixes

    • Display issue across our three sites (Extranet, JobsBlog)
      • A display bug temporarily affected our websites: the background turned white, making the text unreadable. An alternative solution was implemented immediately while a permanent fix was being developed. The issue has now been fully resolved.

    Your Ariovis Team

  • Installing DNS4EU on a Bbox: The Complete Guide by Ariovis

    Are you a Bouygues Telecom subscriber looking to better secure your internet connection? Installing DNS4EU on your Bbox is a simple and effective solution to strengthen both the privacy and security of your online activity. At Ariovis, experts in cybersecurity and access management (IAM), we’ll show you how to easily configure DNS4EU on your Bbox.

    Why configure DNS4EU on your Bbox ?

    DNS servers translate domain names (like ariovis.fr) into IP addresses. By default, the Bbox uses Bouygues Telecom’s DNS servers, which may not provide optimal privacy.

    DNS4EU is a European DNS service supported by the European Commission, designed to ensure :

    • Better protection of personal data
    • Secure internet browsing
    • A reliable and high-performance European infrastructure

    By configuring DNS4EU on your Bbox, you gain stronger daily cybersecurity.

    How to install DNS4EU on your Bbox

    Here are the simple steps recommended by Ariovis experts to configure DNS4EU on your Bbox :

    1. Log in to your Bbox interface

    • Make sure you’re connected to your Bouygues Telecom network (Wi-Fi or Ethernet).
    • Open a browser and go to:

    http://192.168.1.254

    • Log in with your credentials. By default, the username is often admin, and the password is located on a label underneath your Bbox.

    Access the DNS settings

    • In the menu, click Advanced Settings or Local Network.
    • Then find the DNS Servers or DNS Configuration section.

    3. Configure DNS4EU servers on your Bbox

    Here are the 5 official DNS4EU addresses you can set on your Bbox for enhanced privacy and network security:

    • 86.54.11.1 (DNS4EU primaire – IPv4)
    • 86.54.11.201 (DNS4EU secondaire – IPv4)
    • 2a13:1001::86:54:11:1 (DNS4EU primaire – IPv6)
    • 2a13:1001::86:54:11:201​ (DNS4EU secondaire – IPv6)

    How to apply the settings:

    1. In your Bbox interface, go to Advanced Settings > Network.
    2. Find the DNS Servers section, and replace the existing values with the five DNS4EU addresses above.
    3. Save your changes and restart your Bbox and connected devices to apply the new DNS settings.

    These five servers (two IPv4 and three IPv6) offer a more secure, reliable, and privacy-respecting browsing experience, fully aligned with European standards.

    Need more help? Check out our full tutorial to guide you through the setup based on your Bbox model (4, 5, or 6).

    4. Save your changes and restart the Bbox

    • Save the configuration changes.
    • Restart your Bbox and all connected devices to apply the new DNS settings.

    Verify that DNS4EU is active

    To make sure your Bbox is now using DNS4EU, perform a quick test :

    The response should show a DNS server address matching DNS4EU (51.81.216.60 or 51.81.216.70).

    Ariovis – Your Partner for Stronger Cybersecurity

    Changing your DNS servers is a first step toward better protecting your home network. At Ariovis, we help both individuals and businesses secure their infrastructure and manage identity and access (IAM).

    For any questions or personalized support, contact us or visit our website : ariovis.fr.

    Conclusion

    Installing DNS4EU on your Bbox is a simple and effective way to improve the privacy and security of your internet browsing. Follow this Ariovis guide for a successful setup and browse with confidence thanks to a European DNS service focused on protecting your data.

  • Installing DNS4EU on a Livebox: The Complete Guide by Ariovis

    Are you an Orange customer looking to enhance the security and privacy of your internet connection? Installing DNS4EU on your Livebox is a simple and effective way to protect your browsing. At Ariovis, experts in cybersecurity and access management (IAM), we’ll walk you through how to configure DNS4EU on your Livebox.

    Why configure DNS4EU on your Livebox ?

    The DNS server is a core component that translates domain names into IP addresses. By default, the Livebox uses Orange’s DNS servers, which don’t always offer optimal privacy guarantees.

    DNS4EU, a European DNS service supported by the European Commission, provides:

    • Better protection of personal data
    • Secure browsing
    • A reliable and high-performing European DNS infrastructure

    By setting up DNS4EU on your Livebox, you can browse the web more securely with a DNS service that respects your privacy.

    How to install DNS4EU on your Livebox?

    Here are the steps recommended by Ariovis experts to configure DNS4EU on your Livebox :

    1. Access the Livebox management interface

    • Connect to your Livebox network (Wi-Fi or Ethernet)
    • Open a browser and go to:

    http://192.168.1.1

    • Log in with your credentials (the default password is printed on your Livebox label)

    2. Access DNS settings

    • In the main menu, click Advanced Settings
    • Then go to the Network or DNS Configuration section

    Configure DNS4EU servers on your Livebox

    Here are the 5 official DNS4EU addresses you can set on your Livebox for enhanced privacy and network security:

    • 86.54.11.1 (DNS4EU primaire – IPv4)
    • 86.54.11.201 (DNS4EU secondaire – IPv4)
    • 2a13:1001::86:54:11:1 (DNS4EU primaire – IPv6)
    • 2a13:1001::86:54:11:201​ (DNS4EU secondaire – IPv6)

    How to apply the settings:

    1. In your Livebox interface, go to Advanced Settings > Network.
    2. Find the DNS Servers section, and replace the existing values with the five DNS4EU addresses above.
    3. Save your changes and restart your Livebox and connected devices to apply the new DNS settings.

    These five servers (two IPv4 and three IPv6) offer a more secure, reliable, and privacy-respecting browsing experience, fully aligned with European standards.

    Need more help? Check out our full tutorial to guide you through the setup based on your Livebox model (4, 5, or 6).

    4. Save and restart

    • Save the changes
    • Restart your Livebox and connected devices to apply the new DNS settings

    Check that DNS4EU is active on your Livebox

    To check whether DNS4EU is correctly in use :

    The response should show a DNS server address matching DNS4EU (51.81.216.60 or 51.81.216.70)

    Ariovis, your expert in cybersecurity and access management

    Configuring DNS4EU is a first step toward securing your home network. At Ariovis, we help both individuals and businesses with their cybersecurity and Identity & Access Management (IAM) strategies.

    For personalized support, contact us or visit our website : ariovis.fr.

    Conclusion

    Installing DNS4EU on your Livebox is a simple and effective way to strengthen your online privacy and browsing security. 
    Follow this Ariovis guide for a quick setup and enjoy a European DNS service that protects your data.

  • The Consultant’s Sweet Spot: The Art of Balancing Expertise, Impact, and Simplicity

    At Ariovis, we believe that a consultant’s success doesn’t rely solely on technical mastery. It comes to life at the intersection of three key dimensions: technical proficiency, economic relevance, and client experience. This is what we call the sweet spot – that point of balance where you deliver the right level of expertise, at the right price, with the right feeling. This is also how we manage and grow our teams.


    An Ariovis consultant doesn’t seek to be the best at everything

    In a world where technical complexity continues to increase, there’s a frequent temptation to want to master everything. But being an expert in everything often means being an expert in nothing. Instead, we encourage our consultants to focus on what they do best – while understanding the challenges around them. This controlled specialization is what allows us to remain clear, relevant, and truly effective.

    « Security meets business »: more than a slogan, it’s a methodology

    Our motto isn’t limited to a punchline. It reflects a deep conviction: cybersecurity shouldn’t slow down the business, it should support it. This is why we expect our consultants to move beyond a purely technical stance. To understand business challenges. To know when to say no – but also how to propose a better-formulated “yes”.
    An Ariovis consultant is above all a business partner, not a simple executor. He or she knows that true added value isn’t measured solely in lines of code, but in the real impact of recommendations.

    The question that changes everything: « Why? »

    We encourage all our consultants to apply this simple principle:
    • ● Always seek to understand the « why » behind the « how ».
    Why secure this access? Why integrate this tool now? Why is this choice important for this particular client?
    It’s by asking these questions that a mature consulting posture emerges, an actor’s posture. This is also how we build a lasting impact, far from the « isolated technical task » approach.

    Follow-up, evaluation, and support: management centered on balance

    At Ariovis, consultants themselves are evaluated according to their ability to find their own sweet spot:
    • Can they deliver effective solutions without overcomplicating?
    • Can they adapt their recommendations to the clients’ context?
    • Are they able to explain a complex technical idea simply?
    • Do they go above and beyond their job description to advance the project?
    • Does the client understand the value they bring, or are they just an executor?
    These aren’t boxes to check, but levers for progression. The sweet spot is a compass, not a rigid grid. It guides our interviews, our feedback, and even our recruitment.

    In conclusion: impact, not demonstration

    At Ariovis, we don’t value the demonstration of knowledge for its own sake. What matters is the result for the client, ease of use, and the trust built. This is what true professionalism means to us.

    And you, where is your sweet spot? Discover it with Ariovis, join us: http://spontannee.ariovis.fr
     

      

  • V25.04

    Ariovis Enhances the Client and Candidate Experience

    A seamless recruitment site, a knowledge base accessible via the extranet, and thoughtful extras to make your experience even smoother. Discover all the details below 👇 

    New Features

    • Extranet : 

      • Manage your contact information independently through Ariovis extranet,  directly from your client area.​
         
    • Recruitment 
      • Want to join the Ariovis adventure? We’ve made it easier than ever: a dedicated career site, an express application form, follow-up emails… applying has never been so simple. Check out our openings
    • Knowledge Database
       
      • Sharing is in our DNA: Ariovis is launching its knowledge base on the client extranet. Identity Manager (Usercube), frequently asked questions, Ariovis solutions… and this is just the beginning!

         

    Improvements

    • Academy : 
      • New courses and webinars on IAM are now available in your client area.

    Your Ariovis Team