SlideShare a Scribd company logo

Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences

Sberbank d.d.
Sberbank d.d.

Analysis of FPZ LMS system application Security auditing methods Methodology of FPZ LMS system protection Preliminary protection Database protection Protection within web application Implemented LMS protection against the most common forms of attacks

EducationTechnology
1 of 11
Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences Peraković, D., Remenar, V. Faculty of Transport and Traffic Sciences, Vukelićeva 4, 10000 Zagreb dragan.perakovic@fpz.hr, vladimir.remenar@fpz.hr IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Keynotes Analysis of FPZ LMS system application Security auditing methods Methodology of FPZ LMS system protection Preliminary protection Database protection Protection within web application Implemented LMS protection against the most common forms of attacks Conclusion Questions IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Analysis of FPZ LMS system Introduced in 2004 4800 students Times accessed: 145,000 Constant growth IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Security auditing methods Auditing techniques Four techniques Manual Static Dynamic Fuzzing Penetration auditing Web application auditing Database auditing IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Methodology of FPZ LMS system protection Preliminary protection Database protection Protection within web application IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Preliminary and database protection Information-communication logical network topology Detailed planning of computer network File checking Format, size and anti virus checking Data encryption Custom built data encryption Database protection Separate database server, firewall protected User account access levels IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Protection within web application Authorization levels Restricted access Following real system (Faculty) Seven levels Automatic logging off the system Open session problem Defined idle time Error management Errors not visible for low level users Custom error pages IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Implemented LMS protection against most common attacks Brute force Frequent method for finding username and password Several methods for defense SQLinject Inserting SQL code into publicly accessible forms Filtering SQL specific characters and commands Cross-site scripting, XSS Cookie theft, session and identity hijacking Filtering specific characters IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Implemented LMS protection against most common attacks Buffer overflow Inputting more data than application can process Data size checking on several levels Denial of service, DoS, DDoS Large amounts of false queries Using special tools like IDS, strange traffic detection 42.zip file Specially designed file, 42kb size, decompresses to 4PB Forbidding acceptance of exactly 42kb files, anti virus that recognizes this type of file IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Conclusion Providing reliable operation, high level of data security Constant security auditing Expand security auditing and protection for all Faculty information systems Permanent education of teaching and non-teaching staff at the Faculty IIS, Faculty of Organization and Informatics, Varaždin, 2007.
Questions? IIS, Faculty of Organization and Informatics, Varaždin, 2007.

Recommended

5. .net framework
5. .net framework5. .net framework
5. .net frameworkPramod Rathore
 
SECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STS
SECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STSSECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STS
SECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STSManoj Kumar K.M
 
Amazon Webservice & Cloud Computing
Amazon Webservice & Cloud ComputingAmazon Webservice & Cloud Computing
Amazon Webservice & Cloud ComputingJack Smith
 
Web service
Web serviceWeb service
Web serviceVaithiyanathan Govindarajan
 
Ppt.1
Ppt.1Ppt.1
Ppt.1veeresh35
 
Network Attacks
Network AttacksNetwork Attacks
Network AttacksSecurityTube.Net
 
Web Service Presentation
Web Service PresentationWeb Service Presentation
Web Service Presentationguest0df6b0
 
CSEDU 2012: Source code validation and plagiarism detection: technology-rich ...
CSEDU 2012: Source code validation and plagiarism detection: technology-rich ...CSEDU 2012: Source code validation and plagiarism detection: technology-rich ...
CSEDU 2012: Source code validation and plagiarism detection: technology-rich ...Ivana Bosnic
 

Recommended

5. .net framework
5. .net framework5. .net framework
5. .net frameworkPramod Rathore
 
SECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STS
SECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STSSECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STS
SECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STSManoj Kumar K.M
 
Amazon Webservice & Cloud Computing
Amazon Webservice & Cloud ComputingAmazon Webservice & Cloud Computing
Amazon Webservice & Cloud ComputingJack Smith
 
Web service
Web serviceWeb service
Web serviceVaithiyanathan Govindarajan
 
Ppt.1
Ppt.1Ppt.1
Ppt.1veeresh35
 
Network Attacks
Network AttacksNetwork Attacks
Network AttacksSecurityTube.Net
 
Web Service Presentation
Web Service PresentationWeb Service Presentation
Web Service Presentationguest0df6b0
 
CSEDU 2012: Source code validation and plagiarism detection: technology-rich ...
CSEDU 2012: Source code validation and plagiarism detection: technology-rich ...CSEDU 2012: Source code validation and plagiarism detection: technology-rich ...
CSEDU 2012: Source code validation and plagiarism detection: technology-rich ...Ivana Bosnic
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityJason Leveille
 
HMSC_AD Event V3
HMSC_AD Event V3HMSC_AD Event V3
HMSC_AD Event V3Đạt Nguyễn
 
Semantic Accessibility to e-Learning Web Services
Semantic Accessibility to e-Learning Web ServicesSemantic Accessibility to e-Learning Web Services
Semantic Accessibility to e-Learning Web ServicesJuan Manuel Dodero
 
Presentation made at seminar in Holland 11. january
Presentation made at seminar in Holland 11. januaryPresentation made at seminar in Holland 11. january
Presentation made at seminar in Holland 11. januaryjab
 
Securing Php
Securing PhpSecuring Php
Securing PhpAung Khant
 
KAWSALYA DEVARASU
KAWSALYA DEVARASUKAWSALYA DEVARASU
KAWSALYA DEVARASUKawsalya Devarasu
 
Mobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security TrainingMobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security TrainingTonex
 
DangThomas_1PageResume_Architect
DangThomas_1PageResume_ArchitectDangThomas_1PageResume_Architect
DangThomas_1PageResume_ArchitectThomas Dang
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and SecurityNawanan Theera-Ampornpunt
 
external oleksandr resume 10-17-16
external oleksandr resume 10-17-16 external oleksandr resume 10-17-16
external oleksandr resume 10-17-16 Oleksandr Fidrya
 
ConnieJusticeCV-2016
ConnieJusticeCV-2016ConnieJusticeCV-2016
ConnieJusticeCV-2016Connie Justice
 
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09technext1
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From MalwareRishu Mehra
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical SecurityJorge Sebastiao
 
Moodle security
Moodle securityMoodle security
Moodle securityDilum Bandara
 
Basic cloud model design
Basic cloud model designBasic cloud model design
Basic cloud model designPabna University of Science and Technology
 
First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017gmaran23
 
Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...
Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...
Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...Baden Hughes
 
PHP Courses in Chandigarh
PHP Courses in ChandigarhPHP Courses in Chandigarh
PHP Courses in ChandigarhDaksha Academy
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 

More Related Content

Similar to Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences

Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefingtechnext1
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityJason Leveille
 
Semantic Accessibility to e-Learning Web Services
Semantic Accessibility to e-Learning Web ServicesSemantic Accessibility to e-Learning Web Services
Semantic Accessibility to e-Learning Web ServicesJuan Manuel Dodero
 
Presentation made at seminar in Holland 11. january
Presentation made at seminar in Holland 11. januaryPresentation made at seminar in Holland 11. january
Presentation made at seminar in Holland 11. januaryjab
 
Mobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security TrainingMobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security TrainingTonex
 
DangThomas_1PageResume_Architect
DangThomas_1PageResume_ArchitectDangThomas_1PageResume_Architect
DangThomas_1PageResume_ArchitectThomas Dang
 
external oleksandr resume 10-17-16
external oleksandr resume 10-17-16 external oleksandr resume 10-17-16
external oleksandr resume 10-17-16 Oleksandr Fidrya
 
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09technext1
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From MalwareRishu Mehra
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical SecurityJorge Sebastiao
 
First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017gmaran23
 
Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...
Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...
Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...Baden Hughes
 
PHP Courses in Chandigarh
PHP Courses in ChandigarhPHP Courses in Chandigarh
PHP Courses in ChandigarhDaksha Academy
 

Similar to Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences (20)

Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
HMSC_AD Event V3
HMSC_AD Event V3HMSC_AD Event V3
HMSC_AD Event V3
 
Semantic Accessibility to e-Learning Web Services
Semantic Accessibility to e-Learning Web ServicesSemantic Accessibility to e-Learning Web Services
Semantic Accessibility to e-Learning Web Services
 
Presentation made at seminar in Holland 11. january
Presentation made at seminar in Holland 11. januaryPresentation made at seminar in Holland 11. january
Presentation made at seminar in Holland 11. january
 
Securing Php
Securing PhpSecuring Php
Securing Php
 
KAWSALYA DEVARASU
KAWSALYA DEVARASUKAWSALYA DEVARASU
KAWSALYA DEVARASU
 
Mobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security TrainingMobile Security Training, Mobile Device Security Training
Mobile Security Training, Mobile Device Security Training
 
DangThomas_1PageResume_Architect
DangThomas_1PageResume_ArchitectDangThomas_1PageResume_Architect
DangThomas_1PageResume_Architect
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and Security
 
external oleksandr resume 10-17-16
external oleksandr resume 10-17-16 external oleksandr resume 10-17-16
external oleksandr resume 10-17-16
 
ConnieJusticeCV-2016
ConnieJusticeCV-2016ConnieJusticeCV-2016
ConnieJusticeCV-2016
 
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From Malware
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical Security
 
Moodle security
Moodle securityMoodle security
Moodle security
 
Basic cloud model design
Basic cloud model designBasic cloud model design
Basic cloud model design
 
First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017
 
Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...
Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...
Management of Metadata in Linguistic Fieldwork: Experience from the ACLA Pro...
 
PHP Courses in Chandigarh
PHP Courses in ChandigarhPHP Courses in Chandigarh
PHP Courses in Chandigarh
 

Recently uploaded

Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonJericReyAuditor
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 

Recently uploaded (20)

Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lesson
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 

Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences

  • 1. Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences Peraković, D., Remenar, V. Faculty of Transport and Traffic Sciences, Vukelićeva 4, 10000 Zagreb dragan.perakovic@fpz.hr, vladimir.remenar@fpz.hr IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 2. Keynotes Analysis of FPZ LMS system application Security auditing methods Methodology of FPZ LMS system protection Preliminary protection Database protection Protection within web application Implemented LMS protection against the most common forms of attacks Conclusion Questions IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 3. Analysis of FPZ LMS system Introduced in 2004 4800 students Times accessed: 145,000 Constant growth IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 4. Security auditing methods Auditing techniques Four techniques Manual Static Dynamic Fuzzing Penetration auditing Web application auditing Database auditing IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 5. Methodology of FPZ LMS system protection Preliminary protection Database protection Protection within web application IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 6. Preliminary and database protection Information-communication logical network topology Detailed planning of computer network File checking Format, size and anti virus checking Data encryption Custom built data encryption Database protection Separate database server, firewall protected User account access levels IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 7. Protection within web application Authorization levels Restricted access Following real system (Faculty) Seven levels Automatic logging off the system Open session problem Defined idle time Error management Errors not visible for low level users Custom error pages IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 8. Implemented LMS protection against most common attacks Brute force Frequent method for finding username and password Several methods for defense SQLinject Inserting SQL code into publicly accessible forms Filtering SQL specific characters and commands Cross-site scripting, XSS Cookie theft, session and identity hijacking Filtering specific characters IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 9. Implemented LMS protection against most common attacks Buffer overflow Inputting more data than application can process Data size checking on several levels Denial of service, DoS, DDoS Large amounts of false queries Using special tools like IDS, strange traffic detection 42.zip file Specially designed file, 42kb size, decompresses to 4PB Forbidding acceptance of exactly 42kb files, anti virus that recognizes this type of file IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 10. Conclusion Providing reliable operation, high level of data security Constant security auditing Expand security auditing and protection for all Faculty information systems Permanent education of teaching and non-teaching staff at the Faculty IIS, Faculty of Organization and Informatics, Varaždin, 2007.
  • 11. Questions? IIS, Faculty of Organization and Informatics, Varaždin, 2007.