1 / 24

Quintus Security

Quintus Security. Final Presentation 4/29/11 Sanjiv Kawa Joshua Reynolds Moe Hansa Christian Cortes. Agenda. Projects Reasoning and Choice Server Implementation Website Structure Tutorials and Content Projects Challenges and Successes Lessons Learned Questions. Who are we?.

sabina
Télécharger la présentation

Quintus Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Quintus Security Final Presentation 4/29/11 Sanjiv Kawa Joshua Reynolds Moe Hansa Christian Cortes

  2. Agenda • Projects Reasoning and Choice • Server Implementation • Website Structure • Tutorials and Content • Projects Challengesand Successes • Lessons Learned • Questions

  3. Who are we? • Quintus Security: • Quintus of Smyrna • A tale teller of the original Trojan Horse • Greek Mythology • Invasion of Troy • Information Technology • Major: Computer Systems Image [1]

  4. What is the project? • Security Information Website • Written Tutorials/Papers • Video Demonstrations • Attack Demonstrations • Preventive Demonstrations

  5. Why did we choose it? • Lack of understandable Security Information. • Improper Security Practices in the Industry. • A group passion for security and providing awareness.

  6. Sponsorship • Sponsored by Seccuris Inc. • Intellectual Property of the Capstone Project as provided to Seccuris • Experts in Information Security • Internationally recognized by academic and professional institutes • Based out of Winnipeg Image [2]

  7. Requirements – Business Plan • Due to the nature of the project a Business Plan was required • A formal document that is needed for the pre-approval for a loan • A Business Plan includes: • Business Goals, Description, and Background • Marketing and Advertising • Competition, Growth Program, Risk Assessment

  8. Resources – Time spent & material

  9. Resources – Time spent & material

  10. Server Implementation • HP DL385 G7 • Raid 5 Array (6 Drives) • Hard Drive Encryption • Ubuntu Server v10.10 • PHP5 • apache2 • SSH • SFTP • SSL • MySQL

  11. Website Structure • The website can be broken down into 2 areas: • Administration Section – Accessed via “hidden” path. • User Section – Available to registered users only.

  12. Website Structure - Admin • The Administration Area of the Website consists of 3 sections: • Add User – The creation of either a regular user or moderator. • Delete User – The removal of either a regular user or moderator. • Administrative Logs – Tracks if a moderator has logged, specifies IP and Time.

  13. Website Structure - Admin

  14. Website Structure - user • The User area of the Website consists of 2 sections: • About Us – A brief section about each member. • Tutorials – A section dedicated towards security write ups and videos.

  15. Website Structure - User

  16. Website Structure - Navigation • The website implements uniform navigation. • A standard portal for easy roaming. • One location, serving one purpose. • Complete user control.

  17. Website Structure - Security • Active User Sessions • MD5 Encryption • Java Script Filtration • No $_GET Requests

  18. Tutorials • Basic: • Data Encryption • Malware • Securing Windows • SSL and TLS Image [3]

  19. Tutorials • Intermediate: • Cross Site Scripting (XSS) • Local/Remote File Inclusions • Network Encryption • Password Cracking • SSL Strip • SQL Injection Image [4]

  20. tutorials • Advanced: • Buffer Overflows • Wireless Security Image [5]

  21. challenges & successes • Getting video demonstrations to react in an expected manner • Trying not to make mistakes while recording video tutorials • With practice it became more natural • Documentation Format and Flow • Intellectual Property • Group meetings and Long Discussions regarding the distribution of IP • Time constraints • Not being able to demonstrate all topics of interest

  22. Lessons learned • Planning is key. • Heavy research is required for large projects. • Encryptions algorithms are complicated. • Modern Linux versions have improved security. • Project in itself felt like it was another IT security course. • Most importantly: • Choose a project that you are passionate about, this way it is enjoyable and you will produce your best work.

  23. Thank You Questions are Welcome

  24. References • Image [1] - Wikipedia: "File:Theprocessionofthetrojanhorseintroybygiovannidomenicotiepolo.jpg - Wikipedia, the free encyclopedia." Wikipedia, the free encyclopedia. N.p., n.d. Web. [Accessed 13 Apr. 2011.] http://en.wikipedia.org/wiki/File:Theprocessionofthetrojanhorseintroybygiovannidomenicotiepolo.jpg • Image [2] - Seccuris. "Seccuris Inc. - Assured Protection." Seccuris Inc. - Assured Protection. N.p., n.d. Web. [Accessed 13 Apr. 2011]. http://www.seccuris.com/ • Image [3-5] – Microsoft PowerPoint Provided Images

More Related