SlideShare a Scribd company logo
1 of 14
Download to read offline
IT SECURITY
INTRODUCTION
By:
Wan Seman Bin Wan Ismail
Recap
WORLD INTERNET USAGE AND POPULATION STATISTICS
June 30, 2012
World Regions
Population
( 2012 Est.)
Internet Users
Dec. 31, 2000
Internet Users
Latest Data
Penetration
(% Population)
Growth
2000-2012
Users %
of Table
Africa 1,073,380,925 4,514,400 167,335,676 15.6 % 3,606.7 % 7.0 %
Asia 3,922,066,987 114,304,000 1,076,681,059 27.5 % 841.9 % 44.8 %
Europe 820,918,446 105,096,093 518,512,109 63.2 % 393.4 % 21.5 %
Middle East 223,608,203 3,284,800 90,000,455 40.2 % 2,639.9 % 3.7 %
North America 348,280,154 108,096,800 273,785,413 78.6 % 153.3 % 11.4 %
Latin America / Caribbean 593,688,638 18,068,919 254,915,745 42.9 % 1,310.8 % 10.6 %
Oceania / Australia 35,903,569 7,620,480 24,287,919 67.6 % 218.7 % 1.0 %
WORLD TOTAL 7,017,846,922 360,985,492 2,405,518,376 34.3 % 566.4 % 100.0 %
NOTES: (1) Internet Usage and World Population Statistics are for June 30, 2012. (2) CLICK on each world region name for detailed regional usage information. (3) Demographic (Population) numbers are based
on data from the US Census Bureau and local census agencies. (4) Internet usage information comes from data published by Nielsen Online, by the International Telecommunications Union, by GfK, local ICT
Regulators and other reliable sources. (5) For definitions, disclaimers, navigation help and methodology, please refer to the Site Surfing Guide. (6) Information in this site may be cited, giving the due credit
towww.internetworldstats.com. Copyright © 2001 - 2013, Miniwatts Marketing Group. All rights reserved worldwide.
Top Security breach
• CIA
• NASA
• Yahoo Account
• Sample:-
• 30,000 Web Sites Hacked A Day
• http://www.forbes.com/sites/jameslyne/2013/09/06/30000-web-
sites-hacked-a-day-how-do-you-host-yours/
• Local: Name it 
It Security MYTH
• Product X will solve all our security problems
• But we’re so young
• We can control our users
• Security is for techies
• Code-breaking is a man’s world
• We can make it 100% secure
• We’re not worth attacking
• Our organization is secure because we haven’t been
hacked yet
• Security decreases usability
What is IT Security
• IT Security Basic Concept
• IT Security Element
IT Security Basic Concept
• Confidentiality (Kerahsiaan)
• Integrity (Kebolehpercayaan)
• Availability (Keberadaan)
IT Security Element
• People
• Technology
• Process
Layman term?
• What is IT Security
Quick Sample
• People
• Information security knowledge (seminar, courses, training, strong
password) – IT Security literate
• Technology
• Firewall, antivirus, antispam, ids, ips – up to date
• Process
• Record, monitoring, certification (ISMS), knowledge transfer
Testing
• http://crackme.cenzic.com
• Get the username and password list
• 15 min only
• GUD LUCK
• Price Bounty – RM 10
Hardening
• SQL Injection
• $name = mysql_real_escape_string($_POST['name']);
• $pwd = mysql_real_escape_string($_POST['pwd']);
•
htaccess• # No web server version and indexes
• ServerSignature Off
• Options -Indexes
•
• # Enable rewrite engine
• RewriteEngine On
•
• # Block suspicious request methods
• RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
• RewriteRule ^(.*)$ - [F,L]
•
• # Block WP timthumb hack
• RewriteCond %{REQUEST_URI} (timthumb.php|phpthumb.php|thumb.php|thumbs.php) [NC]
• RewriteRule . - [S=1]
•
• # Block suspicious user agents and requests
• RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
• RewriteCond %{HTTP_USER_AGENT} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
• RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|)|(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-
perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
• RewriteCond %{THE_REQUEST} ? HTTP/ [NC,OR]
• RewriteCond %{THE_REQUEST} /* HTTP/ [NC,OR]
• RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
• RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
• RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]
•
• # Block MySQL injections, RFI, base64, etc.
• RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
• RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(..//?)+ [OR]
• RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
• RewriteCond %{QUERY_STRING} =PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
• RewriteCond %{QUERY_STRING} (../|..) [OR]
• RewriteCond %{QUERY_STRING} ftp: [NC,OR]
• RewriteCond %{QUERY_STRING} http: [NC,OR]
• RewriteCond %{QUERY_STRING} https: [NC,OR]
• RewriteCond %{QUERY_STRING} =|w| [NC,OR]
• RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
• RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
• RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
• RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
• RewriteCond %{QUERY_STRING} (<|%3C).*iframe.*(>|%3E) [NC,OR]
• RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
• RewriteCond %{QUERY_STRING} base64_encode.*(.*) [NC,OR]
• RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*([^)]*) [NC,OR]
• RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
• RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) [OR]
• RewriteCond %{QUERY_STRING} ^.*([|]|(|)|<|>).* [NC,OR]
• RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
• RewriteCond %{QUERY_STRING} (./|../|.../)+(motd|etc|bin) [NC,OR]
• RewriteCond %{QUERY_STRING} (localhost|loopback|127.0.0.1) [NC,OR]
• RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
• RewriteCond %{QUERY_STRING} concat[^(]*( [NC,OR]
• RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
• RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
• RewriteCond %{QUERY_STRING} (;|<|>|'|"|)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode)
[NC,OR]
• RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
XSS
• Options +FollowSymLinks
• RewriteEngine On
• RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
• RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
• RewriteCond %{QUERY_STRING} (<|%3C).*iframe.*(>|%3E) [NC,OR]
• RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
• RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
• RewriteRule ^(.*)$ index_error.php [F,L]
• RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
• RewriteRule .* – [F]
• # Anti cross site tracing – protection
• RewriteEngine On
• RewriteCond %{REQUEST_METHOD} ^TRACE
• RewriteRule .* – [F]
• # prevent image theft / hotlinking
• RewriteEngine on
• RewriteCond %{HTTP_REFERER} !^$
• RewriteCond %{HTTP_REFERER} !^http://(www.)?yoursite.com.com/.*$ [NC]
• RewriteCond %{HTTP_USER_AGENT} !(googlebot-image|msnbot|psbot|yahoo-
mmcrawler|cavalla_bot) [NC]
• RewriteRule .(gif|jpg)$ – [F]
Reward
• AT&T -http://developer.att.com/developer/apiDetailPage.jsp?passedItemId=10700235 -
• (To submit you need to sign up to the free
Developer API program)
• Avast! - http://www.avast.com/bug-bounty
• Barracuda - http://barracudalabs.com/
• Coinbase - https://coinbase.com/whitehat
• Chromium Project - http://www.chromium.org/
• Cryptocat - https://crypto.cat/bughunt/
• Facebook - http://www.facebook.com/whitehat/
• Etsy - http://www.etsy.com/help/article/2463
• Gallery - http://codex.gallery2.org/Bounties
• Ghostscript -http://ghostscript.com/Bug_bounty_program.html(Mostly software development, occasional security issues)
• Google -http://www.google.com/about/company/rewardprogram.html
• Hex-Rays - http://www.hex-rays.com/bugbounty.shtml
• IntegraXor (SCADA) -http://www.integraxor.com/blog/integraxor-hmi-scada-bug-bounty-program
• LaunchKey - https://launchkey.com/docs/whitehat
• Marktplaats - http://statisch.marktplaats.nl/help/
• Mega.co.nz -http://thenextweb.com/insider/2013/02/01/kim-dotcom-puts-up-13500-bounty-for-first-person-to-break-megas-security-system/
• Meraki - http://www.meraki.com/trust/#srp
• Microsoft -http://www.microsoft.com/security/msrc/report
• Mozilla - http://www.mozilla.org/security/bug-bounty.html
• Paypal -https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues
• PikaPay - https://www.pikapay.com/pikapay-security-policy/
• Piwik - http://piwik.org/security/
• Ricebridge - http://www.ricebridge.com/bugs.htm (Only available to customers)
• Ripple - https://ripple.com/bug-bounty/
• Samsung - https://samsungtvbounty.com/
• Simple - https://www.simple.com/policies/website-security/
• Tarsnap - https://www.tarsnap.com/bugbounty.html
• Qiwi - https://www.qiwi.ru/page/hack.action
• Qmail - http://cr.yp.to/djbdns/guarantee.html
• Yandex -http://company.yandex.com/security/index.xml
• Zerobrane -http://notebook.kulchenko.com/zerobrane/zerobrane-studio-bug-bounty
•

More Related Content

Similar to IT Security in Malaysia

North American collaborations via INSPIRE/MASSIF
North American collaborations via INSPIRE/MASSIFNorth American collaborations via INSPIRE/MASSIF
North American collaborations via INSPIRE/MASSIFmbasti2
 
G-Clouds Architecture and Security (fragment of course materials)
G-Clouds Architecture and Security (fragment of course materials)G-Clouds Architecture and Security (fragment of course materials)
G-Clouds Architecture and Security (fragment of course materials)Вячеслав Аксёнов
 
Being a tweaker modern web performance techniques
Being a tweaker   modern web performance techniquesBeing a tweaker   modern web performance techniques
Being a tweaker modern web performance techniquesChris Love
 
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...CanSecWest
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxJustineGarcia32
 
Microsoft IO 101 Training
Microsoft IO 101 TrainingMicrosoft IO 101 Training
Microsoft IO 101 Trainingvncson
 
Data cleansing and prep with synapse data flows
Data cleansing and prep with synapse data flowsData cleansing and prep with synapse data flows
Data cleansing and prep with synapse data flowsMark Kromer
 
Data cleansing and data prep with synapse data flows
Data cleansing and data prep with synapse data flowsData cleansing and data prep with synapse data flows
Data cleansing and data prep with synapse data flowsMark Kromer
 
Microsoft Cybersecurity Solutions CISO.pptx
Microsoft Cybersecurity Solutions CISO.pptxMicrosoft Cybersecurity Solutions CISO.pptx
Microsoft Cybersecurity Solutions CISO.pptxQuang Anh Trinh
 
Computer Science
Computer ScienceComputer Science
Computer ScienceWendy Lile
 
A Survey on “Pass sequence acting as OTP using Login Indicator preventing Sho...
A Survey on “Pass sequence acting as OTP using Login Indicator preventing Sho...A Survey on “Pass sequence acting as OTP using Login Indicator preventing Sho...
A Survey on “Pass sequence acting as OTP using Login Indicator preventing Sho...IRJET Journal
 
SDN Dependability: Assessment, Techniques, and Tools - SDN Research Group - I...
SDN Dependability: Assessment, Techniques, and Tools - SDN Research Group - I...SDN Dependability: Assessment, Techniques, and Tools - SDN Research Group - I...
SDN Dependability: Assessment, Techniques, and Tools - SDN Research Group - I...Stenio Fernandes
 
Practical advice for cloud data protection ulf mattsson - jun 2014
Practical advice for cloud data protection   ulf mattsson - jun 2014Practical advice for cloud data protection   ulf mattsson - jun 2014
Practical advice for cloud data protection ulf mattsson - jun 2014Ulf Mattsson
 
Beyond the mcse red teaming active directory
Beyond the mcse  red teaming active directoryBeyond the mcse  red teaming active directory
Beyond the mcse red teaming active directoryPriyanka Aash
 
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMSecure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMBill McGee
 
Machine Learning with Microsoft Azure
Machine Learning with Microsoft AzureMachine Learning with Microsoft Azure
Machine Learning with Microsoft AzureDmitry Petukhov
 
C:\Ihc\Bp Mlink\Presentations\Emirates Brisbane Feb 2010
C:\Ihc\Bp Mlink\Presentations\Emirates Brisbane Feb 2010C:\Ihc\Bp Mlink\Presentations\Emirates Brisbane Feb 2010
C:\Ihc\Bp Mlink\Presentations\Emirates Brisbane Feb 2010BPM Link
 

Similar to IT Security in Malaysia (20)

North American collaborations via INSPIRE/MASSIF
North American collaborations via INSPIRE/MASSIFNorth American collaborations via INSPIRE/MASSIF
North American collaborations via INSPIRE/MASSIF
 
G-Clouds Architecture and Security (fragment of course materials)
G-Clouds Architecture and Security (fragment of course materials)G-Clouds Architecture and Security (fragment of course materials)
G-Clouds Architecture and Security (fragment of course materials)
 
Steganography
SteganographySteganography
Steganography
 
Being a tweaker modern web performance techniques
Being a tweaker   modern web performance techniquesBeing a tweaker   modern web performance techniques
Being a tweaker modern web performance techniques
 
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
CSW2017 Minrui yan+Jianhao-liu a visualization tool for evaluating can-bus cy...
 
Amit Nath
Amit NathAmit Nath
Amit Nath
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptx
 
Microsoft IO 101 Training
Microsoft IO 101 TrainingMicrosoft IO 101 Training
Microsoft IO 101 Training
 
Data cleansing and prep with synapse data flows
Data cleansing and prep with synapse data flowsData cleansing and prep with synapse data flows
Data cleansing and prep with synapse data flows
 
Data cleansing and data prep with synapse data flows
Data cleansing and data prep with synapse data flowsData cleansing and data prep with synapse data flows
Data cleansing and data prep with synapse data flows
 
Microsoft Cybersecurity Solutions CISO.pptx
Microsoft Cybersecurity Solutions CISO.pptxMicrosoft Cybersecurity Solutions CISO.pptx
Microsoft Cybersecurity Solutions CISO.pptx
 
Hacking 101 3
Hacking 101 3Hacking 101 3
Hacking 101 3
 
Computer Science
Computer ScienceComputer Science
Computer Science
 
A Survey on “Pass sequence acting as OTP using Login Indicator preventing Sho...
A Survey on “Pass sequence acting as OTP using Login Indicator preventing Sho...A Survey on “Pass sequence acting as OTP using Login Indicator preventing Sho...
A Survey on “Pass sequence acting as OTP using Login Indicator preventing Sho...
 
SDN Dependability: Assessment, Techniques, and Tools - SDN Research Group - I...
SDN Dependability: Assessment, Techniques, and Tools - SDN Research Group - I...SDN Dependability: Assessment, Techniques, and Tools - SDN Research Group - I...
SDN Dependability: Assessment, Techniques, and Tools - SDN Research Group - I...
 
Practical advice for cloud data protection ulf mattsson - jun 2014
Practical advice for cloud data protection   ulf mattsson - jun 2014Practical advice for cloud data protection   ulf mattsson - jun 2014
Practical advice for cloud data protection ulf mattsson - jun 2014
 
Beyond the mcse red teaming active directory
Beyond the mcse  red teaming active directoryBeyond the mcse  red teaming active directory
Beyond the mcse red teaming active directory
 
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMSecure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDM
 
Machine Learning with Microsoft Azure
Machine Learning with Microsoft AzureMachine Learning with Microsoft Azure
Machine Learning with Microsoft Azure
 
C:\Ihc\Bp Mlink\Presentations\Emirates Brisbane Feb 2010
C:\Ihc\Bp Mlink\Presentations\Emirates Brisbane Feb 2010C:\Ihc\Bp Mlink\Presentations\Emirates Brisbane Feb 2010
C:\Ihc\Bp Mlink\Presentations\Emirates Brisbane Feb 2010
 

More from Tajul Azhar Mohd Tajul Ariffin (6)

Security Realism in Education
Security Realism in EducationSecurity Realism in Education
Security Realism in Education
 
Input Output Control System
Input Output Control SystemInput Output Control System
Input Output Control System
 
Malaysia Focus 2014 Vol: 1/2014
Malaysia Focus 2014 Vol: 1/2014Malaysia Focus 2014 Vol: 1/2014
Malaysia Focus 2014 Vol: 1/2014
 
Panduan solat sunat tarawih
Panduan solat sunat tarawihPanduan solat sunat tarawih
Panduan solat sunat tarawih
 
Panduan Ringkas Bilal Solat Tarawih 20 rakaat
Panduan Ringkas Bilal Solat Tarawih 20 rakaatPanduan Ringkas Bilal Solat Tarawih 20 rakaat
Panduan Ringkas Bilal Solat Tarawih 20 rakaat
 
Big data in malaysia
Big data in malaysiaBig data in malaysia
Big data in malaysia
 

Recently uploaded

LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfmchristianalwyn
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsRoxana Stingu
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteMavein
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Shubham Pant
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024Jan Löffler
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpressssuser166378
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdfShreedeep Rayamajhi
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxnaveenithkrishnan
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilitiesalihassaah1994
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSedrianrheine
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 

Recently uploaded (12)

LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpress
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilities
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
 

IT Security in Malaysia

  • 2. Recap WORLD INTERNET USAGE AND POPULATION STATISTICS June 30, 2012 World Regions Population ( 2012 Est.) Internet Users Dec. 31, 2000 Internet Users Latest Data Penetration (% Population) Growth 2000-2012 Users % of Table Africa 1,073,380,925 4,514,400 167,335,676 15.6 % 3,606.7 % 7.0 % Asia 3,922,066,987 114,304,000 1,076,681,059 27.5 % 841.9 % 44.8 % Europe 820,918,446 105,096,093 518,512,109 63.2 % 393.4 % 21.5 % Middle East 223,608,203 3,284,800 90,000,455 40.2 % 2,639.9 % 3.7 % North America 348,280,154 108,096,800 273,785,413 78.6 % 153.3 % 11.4 % Latin America / Caribbean 593,688,638 18,068,919 254,915,745 42.9 % 1,310.8 % 10.6 % Oceania / Australia 35,903,569 7,620,480 24,287,919 67.6 % 218.7 % 1.0 % WORLD TOTAL 7,017,846,922 360,985,492 2,405,518,376 34.3 % 566.4 % 100.0 % NOTES: (1) Internet Usage and World Population Statistics are for June 30, 2012. (2) CLICK on each world region name for detailed regional usage information. (3) Demographic (Population) numbers are based on data from the US Census Bureau and local census agencies. (4) Internet usage information comes from data published by Nielsen Online, by the International Telecommunications Union, by GfK, local ICT Regulators and other reliable sources. (5) For definitions, disclaimers, navigation help and methodology, please refer to the Site Surfing Guide. (6) Information in this site may be cited, giving the due credit towww.internetworldstats.com. Copyright © 2001 - 2013, Miniwatts Marketing Group. All rights reserved worldwide.
  • 3. Top Security breach • CIA • NASA • Yahoo Account • Sample:- • 30,000 Web Sites Hacked A Day • http://www.forbes.com/sites/jameslyne/2013/09/06/30000-web- sites-hacked-a-day-how-do-you-host-yours/ • Local: Name it 
  • 4. It Security MYTH • Product X will solve all our security problems • But we’re so young • We can control our users • Security is for techies • Code-breaking is a man’s world • We can make it 100% secure • We’re not worth attacking • Our organization is secure because we haven’t been hacked yet • Security decreases usability
  • 5. What is IT Security • IT Security Basic Concept • IT Security Element
  • 6. IT Security Basic Concept • Confidentiality (Kerahsiaan) • Integrity (Kebolehpercayaan) • Availability (Keberadaan)
  • 7. IT Security Element • People • Technology • Process
  • 8. Layman term? • What is IT Security
  • 9. Quick Sample • People • Information security knowledge (seminar, courses, training, strong password) – IT Security literate • Technology • Firewall, antivirus, antispam, ids, ips – up to date • Process • Record, monitoring, certification (ISMS), knowledge transfer
  • 10. Testing • http://crackme.cenzic.com • Get the username and password list • 15 min only • GUD LUCK • Price Bounty – RM 10
  • 11. Hardening • SQL Injection • $name = mysql_real_escape_string($_POST['name']); • $pwd = mysql_real_escape_string($_POST['pwd']); •
  • 12. htaccess• # No web server version and indexes • ServerSignature Off • Options -Indexes • • # Enable rewrite engine • RewriteEngine On • • # Block suspicious request methods • RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC] • RewriteRule ^(.*)$ - [F,L] • • # Block WP timthumb hack • RewriteCond %{REQUEST_URI} (timthumb.php|phpthumb.php|thumb.php|thumbs.php) [NC] • RewriteRule . - [S=1] • • # Block suspicious user agents and requests • RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR] • RewriteCond %{HTTP_USER_AGENT} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] • RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|)|(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww- perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR] • RewriteCond %{THE_REQUEST} ? HTTP/ [NC,OR] • RewriteCond %{THE_REQUEST} /* HTTP/ [NC,OR] • RewriteCond %{THE_REQUEST} etc/passwd [NC,OR] • RewriteCond %{THE_REQUEST} cgi-bin [NC,OR] • RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR] • • # Block MySQL injections, RFI, base64, etc. • RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR] • RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(..//?)+ [OR] • RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR] • RewriteCond %{QUERY_STRING} =PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR] • RewriteCond %{QUERY_STRING} (../|..) [OR] • RewriteCond %{QUERY_STRING} ftp: [NC,OR] • RewriteCond %{QUERY_STRING} http: [NC,OR] • RewriteCond %{QUERY_STRING} https: [NC,OR] • RewriteCond %{QUERY_STRING} =|w| [NC,OR] • RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR] • RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR] • RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] • RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] • RewriteCond %{QUERY_STRING} (<|%3C).*iframe.*(>|%3E) [NC,OR] • RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] • RewriteCond %{QUERY_STRING} base64_encode.*(.*) [NC,OR] • RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*([^)]*) [NC,OR] • RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR] • RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) [OR] • RewriteCond %{QUERY_STRING} ^.*([|]|(|)|<|>).* [NC,OR] • RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR] • RewriteCond %{QUERY_STRING} (./|../|.../)+(motd|etc|bin) [NC,OR] • RewriteCond %{QUERY_STRING} (localhost|loopback|127.0.0.1) [NC,OR] • RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] • RewriteCond %{QUERY_STRING} concat[^(]*( [NC,OR] • RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR] • RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR] • RewriteCond %{QUERY_STRING} (;|<|>|'|"|)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR] • RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
  • 13. XSS • Options +FollowSymLinks • RewriteEngine On • RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR] • RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] • RewriteCond %{QUERY_STRING} (<|%3C).*iframe.*(>|%3E) [NC,OR] • RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR] • RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) • RewriteRule ^(.*)$ index_error.php [F,L] • RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) • RewriteRule .* – [F] • # Anti cross site tracing – protection • RewriteEngine On • RewriteCond %{REQUEST_METHOD} ^TRACE • RewriteRule .* – [F] • # prevent image theft / hotlinking • RewriteEngine on • RewriteCond %{HTTP_REFERER} !^$ • RewriteCond %{HTTP_REFERER} !^http://(www.)?yoursite.com.com/.*$ [NC] • RewriteCond %{HTTP_USER_AGENT} !(googlebot-image|msnbot|psbot|yahoo- mmcrawler|cavalla_bot) [NC] • RewriteRule .(gif|jpg)$ – [F]
  • 14. Reward • AT&T -http://developer.att.com/developer/apiDetailPage.jsp?passedItemId=10700235 - • (To submit you need to sign up to the free Developer API program) • Avast! - http://www.avast.com/bug-bounty • Barracuda - http://barracudalabs.com/ • Coinbase - https://coinbase.com/whitehat • Chromium Project - http://www.chromium.org/ • Cryptocat - https://crypto.cat/bughunt/ • Facebook - http://www.facebook.com/whitehat/ • Etsy - http://www.etsy.com/help/article/2463 • Gallery - http://codex.gallery2.org/Bounties • Ghostscript -http://ghostscript.com/Bug_bounty_program.html(Mostly software development, occasional security issues) • Google -http://www.google.com/about/company/rewardprogram.html • Hex-Rays - http://www.hex-rays.com/bugbounty.shtml • IntegraXor (SCADA) -http://www.integraxor.com/blog/integraxor-hmi-scada-bug-bounty-program • LaunchKey - https://launchkey.com/docs/whitehat • Marktplaats - http://statisch.marktplaats.nl/help/ • Mega.co.nz -http://thenextweb.com/insider/2013/02/01/kim-dotcom-puts-up-13500-bounty-for-first-person-to-break-megas-security-system/ • Meraki - http://www.meraki.com/trust/#srp • Microsoft -http://www.microsoft.com/security/msrc/report • Mozilla - http://www.mozilla.org/security/bug-bounty.html • Paypal -https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues • PikaPay - https://www.pikapay.com/pikapay-security-policy/ • Piwik - http://piwik.org/security/ • Ricebridge - http://www.ricebridge.com/bugs.htm (Only available to customers) • Ripple - https://ripple.com/bug-bounty/ • Samsung - https://samsungtvbounty.com/ • Simple - https://www.simple.com/policies/website-security/ • Tarsnap - https://www.tarsnap.com/bugbounty.html • Qiwi - https://www.qiwi.ru/page/hack.action • Qmail - http://cr.yp.to/djbdns/guarantee.html • Yandex -http://company.yandex.com/security/index.xml • Zerobrane -http://notebook.kulchenko.com/zerobrane/zerobrane-studio-bug-bounty •