Quintus Security Final Presentation 4/29/11 Sanjiv Kawa Joshua Reynolds Moe Hansa Christian Cortes
Agenda • Projects Reasoning and Choice • Server Implementation • Website Structure • Tutorials and Content • Projects Challengesand Successes • Lessons Learned • Questions
Who are we? • Quintus Security: • Quintus of Smyrna • A tale teller of the original Trojan Horse • Greek Mythology • Invasion of Troy • Information Technology • Major: Computer Systems Image 
What is the project? • Security Information Website • Written Tutorials/Papers • Video Demonstrations • Attack Demonstrations • Preventive Demonstrations
Why did we choose it? • Lack of understandable Security Information. • Improper Security Practices in the Industry. • A group passion for security and providing awareness.
Sponsorship • Sponsored by Seccuris Inc. • Intellectual Property of the Capstone Project as provided to Seccuris • Experts in Information Security • Internationally recognized by academic and professional institutes • Based out of Winnipeg Image 
Requirements – Business Plan • Due to the nature of the project a Business Plan was required • A formal document that is needed for the pre-approval for a loan • A Business Plan includes: • Business Goals, Description, and Background • Marketing and Advertising • Competition, Growth Program, Risk Assessment
Server Implementation • HP DL385 G7 • Raid 5 Array (6 Drives) • Hard Drive Encryption • Ubuntu Server v10.10 • PHP5 • apache2 • SSH • SFTP • SSL • MySQL
Website Structure • The website can be broken down into 2 areas: • Administration Section – Accessed via “hidden” path. • User Section – Available to registered users only.
Website Structure - Admin • The Administration Area of the Website consists of 3 sections: • Add User – The creation of either a regular user or moderator. • Delete User – The removal of either a regular user or moderator. • Administrative Logs – Tracks if a moderator has logged, specifies IP and Time.
Website Structure - user • The User area of the Website consists of 2 sections: • About Us – A brief section about each member. • Tutorials – A section dedicated towards security write ups and videos.
Website Structure - Navigation • The website implements uniform navigation. • A standard portal for easy roaming. • One location, serving one purpose. • Complete user control.
Website Structure - Security • Active User Sessions • MD5 Encryption • Java Script Filtration • No $_GET Requests
Tutorials • Basic: • Data Encryption • Malware • Securing Windows • SSL and TLS Image 
Tutorials • Intermediate: • Cross Site Scripting (XSS) • Local/Remote File Inclusions • Network Encryption • Password Cracking • SSL Strip • SQL Injection Image 
tutorials • Advanced: • Buffer Overflows • Wireless Security Image 
challenges & successes • Getting video demonstrations to react in an expected manner • Trying not to make mistakes while recording video tutorials • With practice it became more natural • Documentation Format and Flow • Intellectual Property • Group meetings and Long Discussions regarding the distribution of IP • Time constraints • Not being able to demonstrate all topics of interest
Lessons learned • Planning is key. • Heavy research is required for large projects. • Encryptions algorithms are complicated. • Modern Linux versions have improved security. • Project in itself felt like it was another IT security course. • Most importantly: • Choose a project that you are passionate about, this way it is enjoyable and you will produce your best work.
Thank You Questions are Welcome
References • Image  - Wikipedia: "File:Theprocessionofthetrojanhorseintroybygiovannidomenicotiepolo.jpg - Wikipedia, the free encyclopedia." Wikipedia, the free encyclopedia. N.p., n.d. Web. [Accessed 13 Apr. 2011.] http://en.wikipedia.org/wiki/File:Theprocessionofthetrojanhorseintroybygiovannidomenicotiepolo.jpg • Image  - Seccuris. "Seccuris Inc. - Assured Protection." Seccuris Inc. - Assured Protection. N.p., n.d. Web. [Accessed 13 Apr. 2011]. http://www.seccuris.com/ • Image [3-5] – Microsoft PowerPoint Provided Images