Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences<br />Perakov...
Keynotes<br />Analysis of FPZ LMS system application<br />Security auditing methods<br />Methodology of FPZ LMS system pro...
Analysis of FPZ LMS system<br />Introduced in 2004<br />4800 students<br />Times accessed: 145,000<br />Constant growth<br...
Security auditing methods<br />Auditing techniques<br />Four techniques<br />Manual<br />Static<br />Dynamic<br />Fuzzing<...
Methodology of FPZ LMS system protection<br />Preliminary protection<br />Database protection<br />Protection within web a...
Preliminary and database protection<br />Information-communication logical network topology<br />Detailed planning of comp...
Protection within web application<br />Authorization levels<br />Restricted access<br />Following real system (Faculty)<br...
Implemented LMS protection against most common attacks<br />Brute force<br />Frequent method for finding username and pass...
Implemented LMS protection against most common attacks<br />Buffer overflow<br />Inputting more data than application can ...
Conclusion<br />Providing reliable operation, high level of data security<br />Constant security auditing<br />Expand secu...
Questions?<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
Upcoming SlideShare
Loading in …5
×

Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences

1,434 views

Published on

Analysis of FPZ LMS system application
Security auditing methods
Methodology of FPZ LMS system protection
Preliminary protection
Database protection
Protection within web application
Implemented LMS protection against the most common forms of attacks

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,434
On SlideShare
0
From Embeds
0
Number of Embeds
49
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences

  1. 1. Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Transport and Traffic Sciences<br />Peraković, D., Remenar, V.<br />Faculty of Transport and Traffic Sciences, Vukelićeva 4, 10000 Zagreb<br />dragan.perakovic@fpz.hr, vladimir.remenar@fpz.hr<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  2. 2. Keynotes<br />Analysis of FPZ LMS system application<br />Security auditing methods<br />Methodology of FPZ LMS system protection<br />Preliminary protection<br />Database protection<br />Protection within web application<br />Implemented LMS protection against the most common forms of attacks<br />Conclusion<br />Questions<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  3. 3. Analysis of FPZ LMS system<br />Introduced in 2004<br />4800 students<br />Times accessed: 145,000<br />Constant growth<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  4. 4. Security auditing methods<br />Auditing techniques<br />Four techniques<br />Manual<br />Static<br />Dynamic<br />Fuzzing<br />Penetration auditing<br />Web application auditing<br />Database auditing<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  5. 5. Methodology of FPZ LMS system protection<br />Preliminary protection<br />Database protection<br />Protection within web application<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  6. 6. Preliminary and database protection<br />Information-communication logical network topology<br />Detailed planning of computer network<br />File checking<br />Format, size and anti virus checking<br />Data encryption<br />Custom built data encryption<br />Database protection<br />Separate database server, firewall protected<br />User account access levels<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  7. 7. Protection within web application<br />Authorization levels<br />Restricted access<br />Following real system (Faculty)<br />Seven levels<br />Automatic logging off the system<br />Open session problem<br />Defined idle time <br />Error management<br />Errors not visible for low level users<br />Custom error pages<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  8. 8. Implemented LMS protection against most common attacks<br />Brute force<br />Frequent method for finding username and password<br />Several methods for defense<br />SQLinject<br />Inserting SQL code into publicly accessible forms<br />Filtering SQL specific characters and commands <br />Cross-site scripting, XSS<br />Cookie theft, session and identity hijacking<br />Filtering specific characters<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  9. 9. Implemented LMS protection against most common attacks<br />Buffer overflow<br />Inputting more data than application can process<br />Data size checking on several levels<br />Denial of service, DoS, DDoS<br />Large amounts of false queries<br />Using special tools like IDS, strange traffic detection<br />42.zip file<br />Specially designed file, 42kb size, decompresses to 4PB<br />Forbidding acceptance of exactly 42kb files, anti virus that recognizes this type of file<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  10. 10. Conclusion<br />Providing reliable operation, high level of data security<br />Constant security auditing<br />Expand security auditing and protection for all Faculty information systems<br />Permanent education of teaching and non-teaching staff at the Faculty<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />
  11. 11. Questions?<br />IIS, Faculty of Organization and Informatics, Varaždin, 2007.<br />

×