Successfully reported this slideshow.
Your SlideShare is downloading. ×

Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
5. .net framework
5. .net framework
Loading in …3
×

Check these out next

1 of 11 Ad

Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences

Analysis of FPZ LMS system application
Security auditing methods
Methodology of FPZ LMS system protection
Preliminary protection
Database protection
Protection within web application
Implemented LMS protection against the most common forms of attacks

Analysis of FPZ LMS system application
Security auditing methods
Methodology of FPZ LMS system protection
Preliminary protection
Database protection
Protection within web application
Implemented LMS protection against the most common forms of attacks

Advertisement
Advertisement

More Related Content

Similar to Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences (20)

Advertisement

Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences

  1. 1. Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences<br />Peraković, D., Remenar, V.<br />Faculty of Transport and Traffic Sciences, Vukelićeva 4, 10000 Zagreb<br />dragan.perakovic@fpz.hr, vladimir.remenar@fpz.hr<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  2. 2. Keynotes<br />Analysis of FPZ LMS system application<br />Security auditing methods<br />Methodology of FPZ LMS system protection<br />Preliminary protection<br />Database protection<br />Protection within web application<br />Implemented LMS protection against the most common forms of attacks<br />Conclusion<br />Questions<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  3. 3. Analysis of FPZ LMS system<br />Introduced in 2004<br />4800 students<br />Times accessed: 145,000<br />Constant growth<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  4. 4. Security auditing methods<br />Auditing techniques<br />Four techniques<br />Manual<br />Static<br />Dynamic<br />Fuzzing<br />Penetration auditing<br />Web application auditing<br />Database auditing<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  5. 5. Methodology of FPZ LMS system protection<br />Preliminary protection<br />Database protection<br />Protection within web application<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  6. 6. Preliminary and database protection<br />Information-communication logical network topology<br />Detailed planning of computer network<br />File checking<br />Format, size and anti virus checking<br />Data encryption<br />Custom built data encryption<br />Database protection<br />Separate database server, firewall protected<br />User account access levels<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  7. 7. Protection within web application<br />Authorization levels<br />Restricted access<br />Following real system (Faculty)<br />Seven levels<br />Automatic logging off the system<br />Open session problem<br />Defined idle time <br />Error management<br />Errors not visible for low level users<br />Custom error pages<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  8. 8. Implemented LMS protection against most common attacks<br />Brute force<br />Frequent method for finding username and password<br />Several methods for defense<br />SQLinject<br />Inserting SQL code into publicly accessible forms<br />Filtering SQL specific characters and commands <br />Cross-site scripting, XSS<br />Cookie theft, session and identity hijacking<br />Filtering specific characters<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  9. 9. Implemented LMS protection against most common attacks<br />Buffer overflow<br />Inputting more data than application can process<br />Data size checking on several levels<br />Denial of service, DoS, DDoS<br />Large amounts of false queries<br />Using special tools like IDS, strange traffic detection<br />42.zip file<br />Specially designed file, 42kb size, decompresses to 4PB<br />Forbidding acceptance of exactly 42kb files, anti virus that recognizes this type of file<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  10. 10. Conclusion<br />Providing reliable operation, high level of data security<br />Constant security auditing<br />Expand security auditing and protection for all Faculty information systems<br />Permanent education of teaching and non-teaching staff at the Faculty<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  11. 11. Questions?<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />

×