QUINTUS SECURITY Final Presentation 4/29/11 Sanjiv KawaJoshua Reynolds Moe HansaChristian Cortes

AGENDA  Projects Reasoning and Choice  Server Implementation  Website Structure  Tutorials and Content  Projects Challenges and Successes  Lessons Learned  Questions

WHO ARE WE?  Quintus Security:  Quintus of Smyrna  A tale teller of the original Trojan Horse  Greek Mythology  Invasion of Troy  Information Technology  Major: Computer Systems Image [1]

WHAT IS THE PROJECT?  Security Information Website  Written Tutorials/Papers  Video Demonstrations  Attack Demonstrations  Preventive Demonstrations

WHY DID WE CHOOSE IT?  Lack of understandable Security Information.  Improper Security Practices in the Industry.  A group passion for security and providing awareness.

SPONSORSHIP  Sponsored by Seccuris Inc.  Intellectual Property of the Capstone Project as provided to Seccuris  Experts in Information Security  Internationally recognized by academic and professional institutes  Based out of Winnipeg Image [2]

REQUIREMENTS – BUSINESS PLAN  Due to the nature of the project a Business Plan was required  A formal document that is needed for the pre-approval for a loan  A Business Plan includes:  Business Goals, Description, and Background  Marketing and Advertising  Competition, Growth Program, Risk Assessment

ItemCost Windows Server 2008 R2 Enterprise$3, Windows XP SP3 Professional$ VMware Workstation 7.1$ Camtasia for Mac | Screen Recording & Presentation $99.00 Linux Distributions$0.00 Canon FS200 Camcorder$ LaCie 500GB External HD USB 2.0$99.99 Server System ( HP DL385 G7) $ D-Link DGS-1008G 8-Port Gigabit Desktop Switch$59.99 Samsung BX2240X 21.5" Business LED Monitor$ x14’ CAT6 Ethernet Patch Cable$27.92 Microsoft Wireless Desktop 3000 Keyboard & Mouse Bundle, English $49.99 Blue Microphones | Snowflake$83.99 Total$ RESOURCES – TIME SPENT & MATERIAL

MembersPositionTime Spent RateCost Christian CortesResearch & Technologist75 hours$25.10$ Josh ReynoldsProject Manager88 hours$40.00$ Moe HasnaResearch & Technologist83 hours$25.10$ Sanjiv KawaWeb Designer & Architect86 hours$25.10$ Hourly Total332 hoursCost Total$ Grand Total$17,784.23

SERVER IMPLEMENTATION  HP DL385 G7  Raid 5 Array (6 Drives)  Hard Drive Encryption  Ubuntu Server v10.10  PHP5  apache2  SSH  SFTP  SSL  MySQL

WEBSITE STRUCTURE  The website can be broken down into 2 areas:  Administration Section – Accessed via “hidden” path.  User Section – Available to registered users only.

WEBSITE STRUCTURE - ADMIN  The Administration Area of the Website consists of 3 sections:  Add User – The creation of either a regular user or moderator.  Delete User – The removal of either a regular user or moderator.  Administrative Logs – Tracks if a moderator has logged, specifies IP and Time.

WEBSITE STRUCTURE - ADMIN

WEBSITE STRUCTURE - USER  The User area of the Website consists of 2 sections:  About Us – A brief section about each member.  Tutorials – A section dedicated towards security write ups and videos.

WEBSITE STRUCTURE - USER

WEBSITE STRUCTURE - NAVIGATION  The website implements uniform navigation.  A standard portal for easy roaming.  One location, serving one purpose.  Complete user control.

WEBSITE STRUCTURE - SECURITY  Active User Sessions  MD5 Encryption  Java Script Filtration  No $_GET Requests

TUTORIALS  Basic:  Data Encryption  Malware  Securing Windows  SSL and TLS Image [3]

TUTORIALS  Intermediate:  Cross Site Scripting (XSS)  Local/Remote File Inclusions  Network Encryption  Password Cracking  SSL Strip  SQL Injection Image [4]

TUTORIALS  Advanced:  Buffer Overflows  Wireless Security Image [5]

CHALLENGES & SUCCESSES  Getting video demonstrations to react in an expected manner  Trying not to make mistakes while recording video tutorials  With practice it became more natural  Documentation Format and Flow  Intellectual Property  Group meetings and Long Discussions regarding the distribution of IP  Time constraints  Not being able to demonstrate all topics of interest

LESSONS LEARNED  Planning is key.  Heavy research is required for large projects.  Encryptions algorithms are complicated.  Modern Linux versions have improved security.  Project in itself felt like it was another IT security course.  Most importantly:  Choose a project that you are passionate about, this way it is enjoyable and you will produce your best work.

Thank You Questions are Welcome

REFERENCES  Image [1] - Wikipedia: "File:Theprocessionofthetrojanhorseintroybygiovannidomenicotiepolo.jpg - Wikipedia, the free encyclopedia." Wikipedia, the free encyclopedia. N.p., n.d. Web. [Accessed 13 Apr ]  Image [2] - Seccuris. "Seccuris Inc. - Assured Protection." Seccuris Inc. - Assured Protection. N.p., n.d. Web. [Accessed 13 Apr. 2011].  Image [3-5] – Microsoft PowerPoint Provided Images