Download
quintus security n.
Skip this Video
Loading SlideShow in 5 Seconds..
Quintus Security PowerPoint Presentation
Download Presentation
Quintus Security

Quintus Security

114 Vues Download Presentation
Télécharger la présentation

Quintus Security

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Quintus Security Final Presentation 4/29/11 Sanjiv Kawa Joshua Reynolds Moe Hansa Christian Cortes

  2. Agenda • Projects Reasoning and Choice • Server Implementation • Website Structure • Tutorials and Content • Projects Challengesand Successes • Lessons Learned • Questions

  3. Who are we? • Quintus Security: • Quintus of Smyrna • A tale teller of the original Trojan Horse • Greek Mythology • Invasion of Troy • Information Technology • Major: Computer Systems Image [1]

  4. What is the project? • Security Information Website • Written Tutorials/Papers • Video Demonstrations • Attack Demonstrations • Preventive Demonstrations

  5. Why did we choose it? • Lack of understandable Security Information. • Improper Security Practices in the Industry. • A group passion for security and providing awareness.

  6. Sponsorship • Sponsored by Seccuris Inc. • Intellectual Property of the Capstone Project as provided to Seccuris • Experts in Information Security • Internationally recognized by academic and professional institutes • Based out of Winnipeg Image [2]

  7. Requirements – Business Plan • Due to the nature of the project a Business Plan was required • A formal document that is needed for the pre-approval for a loan • A Business Plan includes: • Business Goals, Description, and Background • Marketing and Advertising • Competition, Growth Program, Risk Assessment

  8. Resources – Time spent & material

  9. Resources – Time spent & material

  10. Server Implementation • HP DL385 G7 • Raid 5 Array (6 Drives) • Hard Drive Encryption • Ubuntu Server v10.10 • PHP5 • apache2 • SSH • SFTP • SSL • MySQL

  11. Website Structure • The website can be broken down into 2 areas: • Administration Section – Accessed via “hidden” path. • User Section – Available to registered users only.

  12. Website Structure - Admin • The Administration Area of the Website consists of 3 sections: • Add User – The creation of either a regular user or moderator. • Delete User – The removal of either a regular user or moderator. • Administrative Logs – Tracks if a moderator has logged, specifies IP and Time.

  13. Website Structure - Admin

  14. Website Structure - user • The User area of the Website consists of 2 sections: • About Us – A brief section about each member. • Tutorials – A section dedicated towards security write ups and videos.

  15. Website Structure - User

  16. Website Structure - Navigation • The website implements uniform navigation. • A standard portal for easy roaming. • One location, serving one purpose. • Complete user control.

  17. Website Structure - Security • Active User Sessions • MD5 Encryption • Java Script Filtration • No $_GET Requests

  18. Tutorials • Basic: • Data Encryption • Malware • Securing Windows • SSL and TLS Image [3]

  19. Tutorials • Intermediate: • Cross Site Scripting (XSS) • Local/Remote File Inclusions • Network Encryption • Password Cracking • SSL Strip • SQL Injection Image [4]

  20. tutorials • Advanced: • Buffer Overflows • Wireless Security Image [5]

  21. challenges & successes • Getting video demonstrations to react in an expected manner • Trying not to make mistakes while recording video tutorials • With practice it became more natural • Documentation Format and Flow • Intellectual Property • Group meetings and Long Discussions regarding the distribution of IP • Time constraints • Not being able to demonstrate all topics of interest

  22. Lessons learned • Planning is key. • Heavy research is required for large projects. • Encryptions algorithms are complicated. • Modern Linux versions have improved security. • Project in itself felt like it was another IT security course. • Most importantly: • Choose a project that you are passionate about, this way it is enjoyable and you will produce your best work.

  23. Thank You Questions are Welcome

  24. References • Image [1] - Wikipedia: "File:Theprocessionofthetrojanhorseintroybygiovannidomenicotiepolo.jpg - Wikipedia, the free encyclopedia." Wikipedia, the free encyclopedia. N.p., n.d. Web. [Accessed 13 Apr. 2011.] http://en.wikipedia.org/wiki/File:Theprocessionofthetrojanhorseintroybygiovannidomenicotiepolo.jpg • Image [2] - Seccuris. "Seccuris Inc. - Assured Protection." Seccuris Inc. - Assured Protection. N.p., n.d. Web. [Accessed 13 Apr. 2011]. http://www.seccuris.com/ • Image [3-5] – Microsoft PowerPoint Provided Images