Online Security - The Good, the Bad, and the Crooks

1,105 views

Published on

An overview of security with a focus on game security. Discusses the differences between "troublesome" participants and actual criminals as well as how to approach security problems. Also of interest for general IT security practitioners.

For more information, resources, and tools, visit http://free2secure.com/.

If you have any security questions or comments, contact me at steve@free2secure.com

Published in: Software, Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,105
On SlideShare
0
From Embeds
0
Number of Embeds
416
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • http://upload.wikimedia.org/wikipedia/commons/thumb/f/fa/Judo_pictogram.svg/300px-Judo_pictogram.svg.png
  • http://cs110.wellesley.edu/lectures/L18-encryption/public.jpg http://3.bp.blogspot.com/-FzZ5f4TC31Q/T2HwCzBKBCI/AAAAAAAAAFY/eClW6eBDyNQ/s1600/firewall.jpg http://www.latisys.com/media/images/instrusion-detection.jpg
  • http://www.gamesindustry.biz/articles/2012-06-15-korea-bans-online-game-item-trades http://www.mediabistro.com/appnewser/skout-shuts-down-teen-community-after-rape-allegations-surface_b23750 http://www.rockpapershotgun.com/2012/06/13/oho-max-payne-3-cheaters-forced-to-play-against-other/ http://www.rockpapershotgun.com/2012/06/12/slashing-hackers-diablos-rmah-to-require-authenticator/ http://www.gamesindustry.biz/articles/2012-06-12-report-habbo-investors-dump-shares-over-grooming-investigation
  • http://upload.wikimedia.org/wikipedia/commons/thumb/a/af/Villainc.svg/220px-Villainc.svg.png
  • http://images4.wikia.nocookie.net/__cb20070222084238/uncyclopedia/images/2/29/Don%27t_Ban_Me_Admin.png
  • http://certifinder.files.wordpress.com/2011/08/employee-theft1.jpg?w=270&h=184 http://saleshq.monster.com/nfs/saleshq/attachment_images/0005/6678/Card_Dealer_crop380w.jpg
  • http://cdn.ientry.com/sites/webpronews/pictures/world-0929_616.jpg
  • http://www.tagbanger.com/wp-content/uploads/2007/12/pebkac.jpg http://www.onesteptoweightloss.com/wp-content/uploads/2012/01/how-to-buy-shakeology-cheap.jpg http://thewvsr.com/wp-content/uploads/2010/03/cheap.png
  • http://ecx.images-amazon.com/images/I/41nufUTxzPL.jpg
  • http://i2.squidoocdn.com/resize/squidoo_images/590/draft_lens18291405module152180351photo_1312905257Stoll_Cuckoo_Egg.jpg
  • http://hostedmedia.reimanpub.com/TFH/Step-By-Step/FH02NOV_PETRIM_10.JPG
  • http://www.judo-snijders.nl/fotos/algemeen-judo/early-judo.jpg
  • Online Security - The Good, the Bad, and the Crooks

    1. 1. Security eBooks Game Security The Good, the Bad, and The Crooks Steven Davis steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    2. 2. Security eBooks What is security? Encryption? Firewalls? Access Control? Etc. Etc. Etc. steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    3. 3. Security eBooks Security is… ! ws No Ne e tl osi ng th mo in ney ng ei tbNo Usually steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    4. 4. Security eBooks Security is doing whatever it takes to make your game secure Business, Game Design, Technology… Anything steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    5. 5. Security eBooks Security is People, not Technology steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    6. 6. Security eBooks The Bad Guy wants to Win! • Make Money • Get Free Stuff • Stroke Ego – – High Score/Leaderboard – Compete/Cheat – Fame as Hacker and he doesn’t care how steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    7. 7. Security eBooks – Play with Friends ” (your level restrictions tly en & character er equipment may make iff this impossible) “D – Limited Time g yi n – Your Game is Boring! p la “I want the good stuff” s er ayPl The Customer is often Right! steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    8. 8. Security eBooks • Onerous security procedures • Security is not their job! • If people break security, it is OUR fault, not Its hard to be good theirs steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    9. 9. Security eBooks business, there is a thief who … if there is value in your Crooks will happily loot it. • Want to make money… no matter how – Identity theft – Credit card fraud – Break into email and other accounts – Steal your stuff & sell it – Steal accounts steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    10. 10. Security eBooks Stop Crooks • They may be making more money from your business than you do – You may be protecting the wrong things – A stolen ID is worth $1 to $12 or more • … what is an account worth to you? • … are you protecting that kind of value? • Sony PSN was not concerned about identity theft – … nor was Valve – … nor was Riot Games One of these days, the – … nor was LinkedIn government is going to – … nor was TJX make you responsible for • They are deadly serious. You need to security. stop them. They can ruin your business. Your customers certainly do today. steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    11. 11. Security eBooks How does security help make more money? Bring in more Revenue. Reduce Costs ge an Change our perspective and ch relationship with our players to rk ve wo •Don’t ban ha we •Create communities of like players ay w •Stopping bad guys is only part of m ho e the answer… And may not be an W answer at all Goal: Move players from “Bad” and “Different” to Good and PAYING! steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    12. 12. Security eBooksSecurity Systems are everywhere… ” …they evolved over time… f ree s Do s ei a ac ub u rchau cou le e r p y ou di nt ntr ng , t t in y wr o ra g ils & ip t is e r rec y ou “ If ….We don’t even notice them as security systems anymore (and we get in trouble when we don’t) steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    13. 13. Security eBooks Why is Security so difficult today? • “Security” used to mean… – Law Enforcement – Alarm Systems The world is changing • New businesses and business models • New ways of interacting • Radical change in scale • All are changing faster and faster • … and security takes a while to catch up • We can’t wait for solutions to evolve slowly anymore steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    14. 14. Security eBooks Security is the problemProblem Exists Between Keyboard And Chair FallacyBroken security business modelsCheap companies Essential misunderstanding of security steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    15. 15. Security eBooks Security Today – The Good Disney fights Piracy with Prizes & • Disney fights counterfeit Holograms products by using a promotion – Customers send in Proof of Purchase w/holograms to enter contest – Disney uses entries to identify locations where counterfeit goods are sold and made • Turn customers into security partners • Security gets paid for out of Marketing Budget! steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    16. 16. Security eBooks Security Today – The Bad • Famous security case based on discrepancy between 2 audit trails • Too many systems confuse having an “audit log” with multiple independent audit records • RESULT – continued difficulty identifying security breaches • LESSON – Independent Systems & Real Analysis (Mis)Understanding Audit steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    17. 17. Security eBooks What do good security solutions look like? Recoverable/Repairable Recoverable/Repairable ktCheap Reliable rfe pe Im Independent Systems and Layers … “Security Mesh” steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    18. 18. Security eBooks Strive for simple security “security shims” “naturally secure” steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    19. 19. Security eBooks g it akin to ut m hard abo t as uch righ is as m thing ong rity some ing wr S ecu do eth y to do som eas steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    20. 20. Security eBooks How do you win? Security Judo Authority, Trust, Efficiency Specific, Practical Measures steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    21. 21. Security eBooks What next? • Don’t give up! • More security presentations at: http://free2secure.com/ • Check out my book “Protecting Games” – Additional information at http://playnoevil.com/ • You can “win” the security game steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    22. 22. Security eBooks About Me • Steven Davis – 25+ Years of Security Expertise – I have worked on everything from online games and satellite TV to Nuclear Command and Control and military communications • http://www.linkedin.com/in/playnoevil – Author, “Protecting Games” • Why Free2Secure? – Security is too expensive and isn’t working. There has to be a better way. I’m exploring these issues for IT security, ebooks, games, and whatever else strikes my fancy at http://free2secure.com/ – Join me there, ask questions, challenge assumptions, let’s make things better steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416

    ×