Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

Slides:



Advertisements
Similar presentations
Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.
Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Hacking Case Study Sungchul Hong. Acme Art, Inc. Case October 31, A hacker stole credit card numbers from the online store’s database.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
Uniqueness of user names is enforced Customer information logged to database Require contact information as well as address address will.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Instructions for Weds. Jan Get your Century 21 Jr. textbook 2.Log in to the computers 3.On page 80, read the Objectives listed under “Lesson 13:
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Installing and Configuring a Secure Web Server COEN 351 David Papay.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Team - CA CSCI 5234 Web Security.  Collect and document information of ecommerce security mechanisms.  Using: wiki engine for collaboration.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Protecting Customer Websites and Web Applications Web Application Security.
Security. Introduction to Security Why do we need security? What happens if data is lost? –Wrong business decisions through lack of information –Long-term.
Defining Security Issues
PCI: As complicated as it sounds? Gerry Lawrence CTO
MSS*: Chapter 3 Shopping carts & Payment gateways * McClure, Stuart, Saumil Shah, and Shreeraj Shah. Web Hacking: attacks and defense. Addison Wesley.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Database Vulnerability And Encryption Presented By: Priti Talukder.
Report task. Security risks such as hacking, viruses and id theft Security prevention such as Firewalls, SSL and general security standards The laws which.
Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim
CPT 123 Internet Skills Class Notes Internet Security Session A.
INTRUDERS BY VISHAKHA RAUT TE COMP OUTLINE INTRODUCTION TYPES OF INTRUDERS INTRUDER BEHAVIOR PATTERNS INTRUSION TECHNIQUES QUESTIONS ON INTRUDERS.
Name:Neha Madgaonkar Roll no:  What are intruders?  Types  Behavior  Techniques.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
Module 7: Advanced Application and Web Filtering.
Module 11: Designing Security for Network Perimeters.
Network Security & Accounting
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
TCOM Information Assurance Management Software Hacking.
1 Figure 9-3: Webserver and E-Commerce Security Importance of Webservice and E-Commerce Security  Cost of disruptions  The cost of loss of reputation.
Csci5233 Computer Security & Integrity 1 Overview of Security & Java (based on GS: Ch. 1)
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Security A major concern related to the design of web applications Many sites contain a huge quantity of personal and financial information. Web sites.
Web Security. Introduction Webserver hacking refers to attackers taking advantage of vulnerabilities inherent to the web server software itself These.
Data Security in Local Network Using Distributed Firewall Presented By- Rahul N.Bais Guide Prof. Vinod Nayyar H.O.D Prof.Anup Gade.
Information Security: Current Threats Marc Scarborough Information Security Officer
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
Module 7: Designing Security for Accounts and Services.
Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.
IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.
Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.
@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Common Methods Used to Commit Computer Crimes
Secure Software Confidentiality Integrity Data Security Authentication
Lesson Objectives Aims You should be able to:
Threats to computers Andrew Cormack UKERNA.
Chapter 5 Electronic Commerce | Security
Security mechanisms and vulnerabilities in .NET
Protect crypto exchange website from hackers
Chapter 5 Electronic Commerce | Security
Web Servers / Deployment
6. Application Software Security
Presentation transcript:

csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

csci5931 Web Security2 A Hacked E-commerce Site  A security officer’s nightmare!  Users’ passwords got stolen!  Customers’ credit card numbers were exposed.  Merchandize were purchased on line using the stolen credit cards.  The company’s reputation was ruined.  The CIO or security officer’s job is at stake.  …

csci5931 Web Security3 Case Study: A Forensic Log  page 2 of the MSS book:  Five groups of log entries (a, b, …, f)  The company’s firewall was configured to prevent any traffic but HTTP traffic via port 80 (HTTP) and port 443 (SSL).  The intruder exploited a vulnerability in the index.cgi script to list the content of the system password file.  Q: What vulnerability was exploited?

csci5931 Web Security4 Analysis of the Hacking Incident  pages 2 to 9  What knowledge and skills does a “successful” hacker need to possess?  Understanding of Web server operation, scripting language used, activation mechanisms  Understanding of operating system commands  Lots of patience and some luck  Anything missing from the list?

csci5931 Web Security5 Can the Incident Have Been Prevented?  Yes. There exist “stronger” security technology to counter the potential attacks. Examples?  Elimination of source code exposure  Set-up of a DMZ  Enforcement of access control list  The “least privilege” rule  …  See an overview of common solutions in GS Chapter 1.

csci5931 Web Security6 Lessons Learned from the Case Study  A firewall does not guarantee a secure e-commerce site. Why?  Security auditing has its limits. Why?  Strong password protection may not be enough. Why?  The bottom line: The secure operation of a web site requires a mixture of protection mechanisms, each taking care of one of the many components and links in a N-tier web-based application and all together deliver a secure web site.

csci5931 Web Security7 Next  Review of the N-tier web based applications  Review of cryptography  Java security model

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.