SlideShare a Scribd company logo
1 of 11
Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences Peraković, D., Remenar, V. Faculty of Transport and Traffic Sciences, Vukelićeva 4, 10000 Zagreb dragan.perakovic@fpz.hr, vladimir.remenar@fpz.hr IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Keynotes Analysis of FPZ LMS system application Security auditing methods Methodology of FPZ LMS system protection Preliminary protection Database protection Protection within web application Implemented LMS protection against the most common forms of attacks Conclusion Questions IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Analysis of FPZ LMS system Introduced in 2004 4800 students Times accessed: 145,000 Constant growth IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Security auditing methods Auditing techniques Four techniques Manual Static Dynamic Fuzzing Penetration auditing Web application auditing Database auditing IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Methodology of FPZ LMS system protection Preliminary protection Database protection Protection within web application IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Preliminary and database protection Information-communication logical network topology Detailed planning of computer network File checking Format, size and anti virus checking Data encryption Custom built data encryption Database protection Separate database server, firewall protected User account access levels IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Protection within web application Authorization levels Restricted access Following real system (Faculty) Seven levels Automatic logging off the system Open session problem Defined idle time  Error management Errors not visible for low level users Custom error pages IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Implemented LMS protection against most common attacks Brute force Frequent method for finding username and password Several methods for defense SQLinject Inserting SQL code into publicly accessible forms Filtering SQL specific characters and commands  Cross-site scripting, XSS Cookie theft, session and identity hijacking Filtering specific characters IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Implemented LMS protection against most common attacks Buffer overflow Inputting more data than application can process Data size checking on several levels Denial of service, DoS, DDoS Large amounts of false queries Using special tools like IDS, strange traffic detection 42.zip file Specially designed file, 42kb size, decompresses to 4PB Forbidding acceptance of exactly 42kb files, anti virus that recognizes this type of file IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Conclusion Providing reliable operation, high level of data security Constant security auditing Expand security auditing and protection for all Faculty information systems Permanent education of teaching and non-teaching staff at the Faculty IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Questions? IIS, Faculty of Organization and Informatics, Varaždin, 2007.

More Related Content

Similar to Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences

Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityJason Leveille
 
Semantic Accessibility to e-Learning Web Services
Semantic Accessibility to e-Learning Web ServicesSemantic Accessibility to e-Learning Web Services
Semantic Accessibility to e-Learning Web ServicesJuan Manuel Dodero
 
Presentation made at seminar in Holland 11. january
Presentation made at seminar in Holland 11. januaryPresentation made at seminar in Holland 11. january
Presentation made at seminar in Holland 11. januaryjab
 
Mobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security TrainingMobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security TrainingTonex
 
DangThomas_1PageResume_Architect
DangThomas_1PageResume_ArchitectDangThomas_1PageResume_Architect
DangThomas_1PageResume_ArchitectThomas Dang
 
external oleksandr resume 10-17-16
external oleksandr resume 10-17-16 external oleksandr resume 10-17-16
external oleksandr resume 10-17-16 Oleksandr Fidrya
 
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09technext1
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From MalwareRishu Mehra
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical SecurityJorge Sebastiao
 
First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017gmaran23
 
Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...
Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...
Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...Baden Hughes
 
PHP Courses in Chandigarh
PHP Courses in ChandigarhPHP Courses in Chandigarh
PHP Courses in ChandigarhDaksha Academy
 

Similar to Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences (20)

Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
HMSC_AD Event V3
HMSC_AD Event V3HMSC_AD Event V3
HMSC_AD Event V3
 
Semantic Accessibility to e-Learning Web Services
Semantic Accessibility to e-Learning Web ServicesSemantic Accessibility to e-Learning Web Services
Semantic Accessibility to e-Learning Web Services
 
Presentation made at seminar in Holland 11. january
Presentation made at seminar in Holland 11. januaryPresentation made at seminar in Holland 11. january
Presentation made at seminar in Holland 11. january
 
Securing Php
Securing PhpSecuring Php
Securing Php
 
KAWSALYA DEVARASU
KAWSALYA DEVARASUKAWSALYA DEVARASU
KAWSALYA DEVARASU
 
Mobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security TrainingMobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security Training
 
DangThomas_1PageResume_Architect
DangThomas_1PageResume_ArchitectDangThomas_1PageResume_Architect
DangThomas_1PageResume_Architect
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and Security
 
external oleksandr resume 10-17-16
external oleksandr resume 10-17-16 external oleksandr resume 10-17-16
external oleksandr resume 10-17-16
 
ConnieJusticeCV-2016
ConnieJusticeCV-2016ConnieJusticeCV-2016
ConnieJusticeCV-2016
 
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From Malware
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical Security
 
Moodle security
Moodle securityMoodle security
Moodle security
 
Basic cloud model design
Basic cloud model designBasic cloud model design
Basic cloud model design
 
First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017
 
Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...
Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...
Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...
 
PHP Courses in Chandigarh
PHP Courses in ChandigarhPHP Courses in Chandigarh
PHP Courses in Chandigarh
 

Recently uploaded

4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptxmary850239
 
ICS 2208 Lecture Slide Notes for Topic 6
ICS 2208 Lecture Slide Notes for Topic 6ICS 2208 Lecture Slide Notes for Topic 6
ICS 2208 Lecture Slide Notes for Topic 6Vanessa Camilleri
 
DBMSArchitecture_QueryProcessingandOptimization.pdf
DBMSArchitecture_QueryProcessingandOptimization.pdfDBMSArchitecture_QueryProcessingandOptimization.pdf
DBMSArchitecture_QueryProcessingandOptimization.pdfChristalin Nelson
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Association for Project Management
 
The Emergence of Legislative Behavior in the Colombian Congress
The Emergence of Legislative Behavior in the Colombian CongressThe Emergence of Legislative Behavior in the Colombian Congress
The Emergence of Legislative Behavior in the Colombian CongressMaria Paula Aroca
 
4.9.24 Social Capital and Social Exclusion.pptx
4.9.24 Social Capital and Social Exclusion.pptx4.9.24 Social Capital and Social Exclusion.pptx
4.9.24 Social Capital and Social Exclusion.pptxmary850239
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxSayali Powar
 
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC ...
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC ...BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC ...
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC ...Nguyen Thanh Tu Collection
 
physiotherapy in Acne condition.....pptx
physiotherapy in Acne condition.....pptxphysiotherapy in Acne condition.....pptx
physiotherapy in Acne condition.....pptxAneriPatwari
 
DiskStorage_BasicFileStructuresandHashing.pdf
DiskStorage_BasicFileStructuresandHashing.pdfDiskStorage_BasicFileStructuresandHashing.pdf
DiskStorage_BasicFileStructuresandHashing.pdfChristalin Nelson
 
How to Uninstall a Module in Odoo 17 Using Command Line
How to Uninstall a Module in Odoo 17 Using Command LineHow to Uninstall a Module in Odoo 17 Using Command Line
How to Uninstall a Module in Odoo 17 Using Command LineCeline George
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQuiz Club NITW
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...Nguyen Thanh Tu Collection
 
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...Nguyen Thanh Tu Collection
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17Celine George
 
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...DhatriParmar
 
Sulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesSulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesVijayaLaxmi84
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...Nguyen Thanh Tu Collection
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxkarenfajardo43
 

Recently uploaded (20)

4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx4.9.24 School Desegregation in Boston.pptx
4.9.24 School Desegregation in Boston.pptx
 
Chi-Square Test Non Parametric Test Categorical Variable
Chi-Square Test Non Parametric Test Categorical VariableChi-Square Test Non Parametric Test Categorical Variable
Chi-Square Test Non Parametric Test Categorical Variable
 
ICS 2208 Lecture Slide Notes for Topic 6
ICS 2208 Lecture Slide Notes for Topic 6ICS 2208 Lecture Slide Notes for Topic 6
ICS 2208 Lecture Slide Notes for Topic 6
 
DBMSArchitecture_QueryProcessingandOptimization.pdf
DBMSArchitecture_QueryProcessingandOptimization.pdfDBMSArchitecture_QueryProcessingandOptimization.pdf
DBMSArchitecture_QueryProcessingandOptimization.pdf
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
 
The Emergence of Legislative Behavior in the Colombian Congress
The Emergence of Legislative Behavior in the Colombian CongressThe Emergence of Legislative Behavior in the Colombian Congress
The Emergence of Legislative Behavior in the Colombian Congress
 
4.9.24 Social Capital and Social Exclusion.pptx
4.9.24 Social Capital and Social Exclusion.pptx4.9.24 Social Capital and Social Exclusion.pptx
4.9.24 Social Capital and Social Exclusion.pptx
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
 
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC ...
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC ...BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC ...
BÀI TẬP BỔ TRỢ 4 KĨ NĂNG TIẾNG ANH LỚP 8 - CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC ...
 
physiotherapy in Acne condition.....pptx
physiotherapy in Acne condition.....pptxphysiotherapy in Acne condition.....pptx
physiotherapy in Acne condition.....pptx
 
DiskStorage_BasicFileStructuresandHashing.pdf
DiskStorage_BasicFileStructuresandHashing.pdfDiskStorage_BasicFileStructuresandHashing.pdf
DiskStorage_BasicFileStructuresandHashing.pdf
 
How to Uninstall a Module in Odoo 17 Using Command Line
How to Uninstall a Module in Odoo 17 Using Command LineHow to Uninstall a Module in Odoo 17 Using Command Line
How to Uninstall a Module in Odoo 17 Using Command Line
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
 
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN THEO CÂU CHO HỌC SINH LỚP 12 ĐỂ ĐẠT ĐIỂM 5+ THI TỐT NGHIỆP THPT ...
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17
 
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
 
Sulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesSulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their uses
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - I-LEARN SMART WORLD - CẢ NĂM - CÓ FILE NGHE (BẢN...
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
 

Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences

  • 1. Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences Peraković, D., Remenar, V. Faculty of Transport and Traffic Sciences, Vukelićeva 4, 10000 Zagreb dragan.perakovic@fpz.hr, vladimir.remenar@fpz.hr IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 2. Keynotes Analysis of FPZ LMS system application Security auditing methods Methodology of FPZ LMS system protection Preliminary protection Database protection Protection within web application Implemented LMS protection against the most common forms of attacks Conclusion Questions IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 3. Analysis of FPZ LMS system Introduced in 2004 4800 students Times accessed: 145,000 Constant growth IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 4. Security auditing methods Auditing techniques Four techniques Manual Static Dynamic Fuzzing Penetration auditing Web application auditing Database auditing IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 5. Methodology of FPZ LMS system protection Preliminary protection Database protection Protection within web application IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 6. Preliminary and database protection Information-communication logical network topology Detailed planning of computer network File checking Format, size and anti virus checking Data encryption Custom built data encryption Database protection Separate database server, firewall protected User account access levels IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 7. Protection within web application Authorization levels Restricted access Following real system (Faculty) Seven levels Automatic logging off the system Open session problem Defined idle time Error management Errors not visible for low level users Custom error pages IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 8. Implemented LMS protection against most common attacks Brute force Frequent method for finding username and password Several methods for defense SQLinject Inserting SQL code into publicly accessible forms Filtering SQL specific characters and commands Cross-site scripting, XSS Cookie theft, session and identity hijacking Filtering specific characters IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 9. Implemented LMS protection against most common attacks Buffer overflow Inputting more data than application can process Data size checking on several levels Denial of service, DoS, DDoS Large amounts of false queries Using special tools like IDS, strange traffic detection 42.zip file Specially designed file, 42kb size, decompresses to 4PB Forbidding acceptance of exactly 42kb files, anti virus that recognizes this type of file IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 10. Conclusion Providing reliable operation, high level of data security Constant security auditing Expand security auditing and protection for all Faculty information systems Permanent education of teaching and non-teaching staff at the Faculty IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 11. Questions? IIS, Faculty of Organization and Informatics, Varaždin, 2007.