Your SlideShare is downloading. ×
Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences

1,123

Published on

Analysis of FPZ LMS system application …

Analysis of FPZ LMS system application
Security auditing methods
Methodology of FPZ LMS system protection
Preliminary protection
Database protection
Protection within web application
Implemented LMS protection against the most common forms of attacks

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,123
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences
    Peraković, D., Remenar, V.
    Faculty of Transport and Traffic Sciences, Vukelićeva 4, 10000 Zagreb
    dragan.perakovic@fpz.hr, vladimir.remenar@fpz.hr
    IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 2. Keynotes
    Analysis of FPZ LMS system application
    Security auditing methods
    Methodology of FPZ LMS system protection
    Preliminary protection
    Database protection
    Protection within web application
    Implemented LMS protection against the most common forms of attacks
    Conclusion
    Questions
    IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 3. Analysis of FPZ LMS system
    Introduced in 2004
    4800 students
    Times accessed: 145,000
    Constant growth
    IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 4. Security auditing methods
    Auditing techniques
    Four techniques
    Manual
    Static
    Dynamic
    Fuzzing
    Penetration auditing
    Web application auditing
    Database auditing
    IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 5. Methodology of FPZ LMS system protection
    Preliminary protection
    Database protection
    Protection within web application
    IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 6. Preliminary and database protection
    Information-communication logical network topology
    Detailed planning of computer network
    File checking
    Format, size and anti virus checking
    Data encryption
    Custom built data encryption
    Database protection
    Separate database server, firewall protected
    User account access levels
    IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 7. Protection within web application
    Authorization levels
    Restricted access
    Following real system (Faculty)
    Seven levels
    Automatic logging off the system
    Open session problem
    Defined idle time
    Error management
    Errors not visible for low level users
    Custom error pages
    IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 8. Implemented LMS protection against most common attacks
    Brute force
    Frequent method for finding username and password
    Several methods for defense
    SQLinject
    Inserting SQL code into publicly accessible forms
    Filtering SQL specific characters and commands
    Cross-site scripting, XSS
    Cookie theft, session and identity hijacking
    Filtering specific characters
    IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 9. Implemented LMS protection against most common attacks
    Buffer overflow
    Inputting more data than application can process
    Data size checking on several levels
    Denial of service, DoS, DDoS
    Large amounts of false queries
    Using special tools like IDS, strange traffic detection
    42.zip file
    Specially designed file, 42kb size, decompresses to 4PB
    Forbidding acceptance of exactly 42kb files, anti virus that recognizes this type of file
    IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 10. Conclusion
    Providing reliable operation, high level of data security
    Constant security auditing
    Expand security auditing and protection for all Faculty information systems
    Permanent education of teaching and non-teaching staff at the Faculty
    IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 11. Questions?
    IIS, Faculty of Organization and Informatics, Varaždin, 2007.

×