1. QUINTUS SECURITY Final Presentation 4/29/11 Sanjiv KawaJoshua Reynolds Moe HansaChristian Cortes

2. AGENDA  Projects Reasoning and Choice  Server Implementation  Website Structure  Tutorials and Content  Projects Challenges and Successes  Lessons Learned  Questions

3. WHO ARE WE?  Quintus Security:  Quintus of Smyrna  A tale teller of the original Trojan Horse  Greek Mythology  Invasion of Troy  Information Technology  Major: Computer Systems Image [1]

4. WHAT IS THE PROJECT?  Security Information Website  Written Tutorials/Papers  Video Demonstrations  Attack Demonstrations  Preventive Demonstrations

5. WHY DID WE CHOOSE IT?  Lack of understandable Security Information.  Improper Security Practices in the Industry.  A group passion for security and providing awareness.

6. SPONSORSHIP  Sponsored by Seccuris Inc.  Intellectual Property of the Capstone Project as provided to Seccuris  Experts in Information Security  Internationally recognized by academic and professional institutes  Based out of Winnipeg Image [2]

7. REQUIREMENTS – BUSINESS PLAN  Due to the nature of the project a Business Plan was required  A formal document that is needed for the pre-approval for a loan  A Business Plan includes:  Business Goals, Description, and Background  Marketing and Advertising  Competition, Growth Program, Risk Assessment

8. ItemCost Windows Server 2008 R2 Enterprise$3,999.00 Windows XP SP3 Professional$149.99 VMware Workstation 7.1$133.00 Camtasia for Mac | Screen Recording & Presentation $99.00 Linux Distributions$0.00 Canon FS200 Camcorder$272.99 LaCie 500GB External HD USB 2.0$99.99 Server System ( HP DL385 G7) $2849.99 D-Link DGS-1008G 8-Port Gigabit Desktop Switch$59.99 Samsung BX2240X 21.5" Business LED Monitor$229.99 4x14’ CAT6 Ethernet Patch Cable$27.92 Microsoft Wireless Desktop 3000 Keyboard & Mouse Bundle, English $49.99 Blue Microphones | Snowflake$83.99 Total$8139.83 RESOURCES – TIME SPENT & MATERIAL

9. MembersPositionTime Spent RateCost Christian CortesResearch & Technologist75 hours$25.10$1882.5 Josh ReynoldsProject Manager88 hours$40.00$3520.0 Moe HasnaResearch & Technologist83 hours$25.10$2083.3 Sanjiv KawaWeb Designer & Architect86 hours$25.10$2158.6 Hourly Total332 hoursCost Total$9644.4 Grand Total$17,784.23

10. SERVER IMPLEMENTATION  HP DL385 G7  Raid 5 Array (6 Drives)  Hard Drive Encryption  Ubuntu Server v10.10  PHP5  apache2  SSH  SFTP  SSL  MySQL

11. WEBSITE STRUCTURE  The website can be broken down into 2 areas:  Administration Section – Accessed via “hidden” path.  User Section – Available to registered users only.

12. WEBSITE STRUCTURE - ADMIN  The Administration Area of the Website consists of 3 sections:  Add User – The creation of either a regular user or moderator.  Delete User – The removal of either a regular user or moderator.  Administrative Logs – Tracks if a moderator has logged, specifies IP and Time.

13. WEBSITE STRUCTURE - ADMIN

14. WEBSITE STRUCTURE - USER  The User area of the Website consists of 2 sections:  About Us – A brief section about each member.  Tutorials – A section dedicated towards security write ups and videos.

15. WEBSITE STRUCTURE - USER

16. WEBSITE STRUCTURE - NAVIGATION  The website implements uniform navigation.  A standard portal for easy roaming.  One location, serving one purpose.  Complete user control.

17. WEBSITE STRUCTURE - SECURITY  Active User Sessions  MD5 Encryption  Java Script Filtration  No $_GET Requests

18. TUTORIALS  Basic:  Data Encryption  Malware  Securing Windows  SSL and TLS Image [3]

19. TUTORIALS  Intermediate:  Cross Site Scripting (XSS)  Local/Remote File Inclusions  Network Encryption  Password Cracking  SSL Strip  SQL Injection Image [4]

20. TUTORIALS  Advanced:  Buffer Overflows  Wireless Security Image [5]

21. CHALLENGES & SUCCESSES  Getting video demonstrations to react in an expected manner  Trying not to make mistakes while recording video tutorials  With practice it became more natural  Documentation Format and Flow  Intellectual Property  Group meetings and Long Discussions regarding the distribution of IP  Time constraints  Not being able to demonstrate all topics of interest

22. LESSONS LEARNED  Planning is key.  Heavy research is required for large projects.  Encryptions algorithms are complicated.  Modern Linux versions have improved security.  Project in itself felt like it was another IT security course.  Most importantly:  Choose a project that you are passionate about, this way it is enjoyable and you will produce your best work.

23. Thank You Questions are Welcome

24. REFERENCES  Image [1] - Wikipedia: "File:Theprocessionofthetrojanhorseintroybygiovannidomenicotiepolo.jpg - Wikipedia, the free encyclopedia." Wikipedia, the free encyclopedia. N.p., n.d. Web. [Accessed 13 Apr. 2011.] http://en.wikipedia.org/wiki/File:Theprocessionofthetrojanhorseintroybygiovannidomenicotiepolo.jpg  Image [2] - Seccuris. "Seccuris Inc. - Assured Protection." Seccuris Inc. - Assured Protection. N.p., n.d. Web. [Accessed 13 Apr. 2011]. http://www.seccuris.com/ http://www.seccuris.com/  Image [3-5] – Microsoft PowerPoint Provided Images