Security Primer“To Serve & Protect”

Puleen Patel

November 6, 2010

Introduction Traditional View The Map of The Web Digital View Types of Breaches Security Terminologies Questions

Overview

My name is Puleen, Technology is my passion During the day a Canadian Bank lets me

apply, learn and grow my passion At other times

Hi!

Protection of Content◦ Belongings

Jewels, Car, Money…◦ Information

Financial, Bills, Will…◦ Communication

Voice conversations, Messages, Letters…

Security – Traditional View

A Map of The Web

Protection of Content◦ Physical Assets

Servers, Workstations, Laptops…◦ Software & Intellectual Assets

Applications, Code, Databases…◦ Channels

IM, Email, Web, Mobile…◦ Social *NEW*

Facebook, MySpace, Flickr, Picasa…

Security – Digital View

Network◦ IP Spoofing / Maquerading◦ Packet Sniffing◦ Denial of Service Attacks◦ …

Application◦ Login / Password◦ Email◦ SQL Injection◦ Session Hijacking◦ Cross-Site Scripting◦ Phishing◦ …

Types of Breaches

Encryption◦ Secure Socket Layer (SSL / HTTPS)◦ Secure FTP (SFTP)◦ Secure Email (Digital Signatures)◦ Public Key Interchange (PKI / Digital Certificates)

Firewalls / Gateways Virtual Private Networks (VPN)

Security Terminologies

In 2007, parent company of Winner / HomeSense had 2 million visa card numbers in Canada and 20 million globally stolen by fraudsters

Phishing sites attempt to send emails that take users to legitimate looking websites which are setup to capture confidential information

May 2010, a security exploit was discovered which allowed capturing Facebook friends list, email addresses and other data by way of Cross Site Scripting (XSS)

IT security breaches at Canadian firms account for an average annual loss of $834,149, a figure that reflects a 97 per cent increase from the $423,469 average cost reported in 2008, according to a national study released Tuesday.

Real-Life Examples

http://puleen.com http://blog.puleen.com puleen@gmail.com @puleen

Contact Info

Making Sense of Security - http://www.technicalinfo.net/index.html

Web Application Security - http://www.phpwact.org/security/web_application_security

Apache Security - http://www.apachesecurity.net/ IT Security Best Practices - http://

www.internet.com/IT/Security/BestPractices Best Computer Security Practices of Home, Home Office,

Small Business and Telecommuters - http://www.sans.org/reading_room/whitepapers/hsoffice/computer-security-practices-home-home-office-small-business-telecommuters_616

Security Best Practices for Twitter applications - http://dev.twitter.com/pages/security_best_practices

References