1 / 18

Website Hardening

Website Hardening. HUIT IT Security | Sep 30 2011. Agenda:. Introduction Anatomy of an Attack Recommendations Q & A Demos. Breadcrumb. Sep 30 2011. Introduction. Citation. HUIT Security | Website Hardening. Breadcrumb. Sep 30 2011. Introduction.

phil
Télécharger la présentation

Website Hardening

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Website Hardening HUIT ITSecurity | Sep 30 2011

  2. Agenda: • Introduction • Anatomy of an Attack • Recommendations • Q & A • Demos

  3. Breadcrumb Sep 30 2011 Introduction Citation HUIT Security | Website Hardening

  4. Breadcrumb Sep 30 2011 Introduction • Content is the cornerstone of information management. The web delivers content, and the model for serving content has progressed from onsite hosting, to managed hosting and is continuing to cloud computing. • With this evolution comes new challenges to protecting both institutional reputation and data. Attackers have shifted their focus from infrastructure resources, to exploiting application code itself. A holistic strategy is critical. Citation HUIT Security | Website Hardening

  5. Breadcrumb Sep 30 2011 Introduction • A new breed of attacker is focusing on these “soft” targets. These attackers seek to gain a widespread audience for their agenda and use anyone leaving themselves open to compromised as a platform to spread their message. • “Cyber-Hacktivists” with personal, political or other motivation have proven adept enough at their craft to gather their share of recent headlines. Citation HUIT Security | Website Hardening

  6. Breadcrumb Sep 30 2011 Introduction • In the light of several recent web application compromises across campus, we would like to share some specific recommendations and best practices resulting from our investigation into those compromises; and these suggestions complement existing hardening guidance. Citation HUIT Security | Website Hardening

  7. Breadcrumb Sep 30 2011 Anatomy of an Attack • Before we dive in to the details. Chris Fahey will take us through an attack. Citation HUIT Security | Website Hardening

  8. Breadcrumb Sep 30 2011 Recommendations • Introduction • As web application attacks continue to increase in frequency, we must work to integrate a thorough approach to security throughout the delivery stack. • It has been our experience that the guidance for hardening networks and hosts also offers a framework for approaching web application security. • Everyone can benefit from immediate proactive measures in advance of any eventual compromise. Citation HUIT Security | Website Hardening

  9. Breadcrumb Sep 30 2011 Recommendations • In general: • Build and integrate security into the application • Assess and remediate vulnerabilities and risks • Implement strong access control measures • Leverage controls in the web server and application framework • Log use and Monitor • Document and maintain policies and procedures • Raise awareness and educate Citation HUIT Security | Website Hardening

  10. Breadcrumb Sep 30 2011 Recommendations • The below suggestions complement existing controls: • Risk Management and Compliance • Host hardening • Network hardening • User education and awareness • You’ve been hacked – now what? Image goes here Citation HUIT Security | Website Hardening

  11. Recommendations

  12. Recommendations

  13. Recommendations

  14. Recommendations HUIT Security | Website Hardening

  15. Breadcrumb Sep 30 2011 Q & A • The objective of Risk Management: • Mitigate • Remediate • Transfer, or • Accept Image goes here Citation HUIT Security | Website Hardening

  16. Breadcrumb Sep 30 2011 IT Security Contact Info • itsecurity@harvard.edu • Helpdesk at x 57777 • These slides will be on http://security.harvard.edu Citation HUIT Security | Website Hardening

  17. Breadcrumb Sep 30 2011 Demos • Password Vaults • Tenable • Hailstorm Citation HUIT Security | Website Hardening

  18. Thank you. Esmond Kane| Website Hardening September 30, 2011

More Related