190 likes | 309 Views
Security o n Web 2.0. Krasznay Csaba. Google Search Trends. Press Trends. Media Image of Web 2.0. gossip. malware. deface. child porn. death. lynching. data breach. data retention. phishing. anti-privacy. What really is Web 2.0?. Risk Assessment. Web 2.0 threats.
E N D
Security onWeb 2.0 Krasznay Csaba
Media Image of Web 2.0 gossip malware deface child porn death lynching databreach data retention phishing anti-privacy
Target: the Person • Think about Cyber-bullying and cyber-stalking • Threats: Identity theft, Harassment, Age verification threats • Vulnerabilities: Access, Authentication, Authorization; End-user Related problems • Incident:the story of Megan Meier • And think about what happened with Lori Drew… • Asset: Private information, personal reputation, Physical security • Impact: lethal…
Target: the Company • Think about the Twitter account hacks • Threats: Identity theft, Harassment, Spam, Information fraud • Vulnerabilities: : Access, Authentication, Authorization; Knowledge and Information Management vulnerabilities • Incident: celebrity Twitter hacks • Asset: Corporate and personal reputation, Corporate secrets • Impact: high
Target: the Country • Think about WikiLeaks • Threat: Data leak • Vulnerabilities: Access, Authentication, Authorisation; Development Process Issues; Knowledge and Information Management vulnerabilities; End-user Related problems; General Software and Scripting Vulnerabilities • Incident: Afghan War Diary • Impact: high (maybe lethal?)
Target: the Computer • Think about the Web 2.0 worms • Threats: Botnets, Financial losses, Identity theft, Spam, Hiding of origin, Resource consumption • Vulnerabilities: Access, Authentication, Authorisation; Development Process Issues; End-user Related problems; General Software and Scripting Vulnerabilities • Incident: the KOOBFACE worm • Impact: high
Conclusions • Nothing has changed in our behavior for centuries, but we have new tools and broader audience • Web 2.0 services are generally more secure in traditional technical aspect than other type of web services, but preventive controls are not enough • We have to deal with the problem between the keyboard and the chair…
Maslow's hierarchy of needs • Web 2.0 realizes three layers of human needs • So people needs safety and security – but maybe we didn’t realize it yet • If Web 2.0 can be lethal, do we also need the physiological layer?
Countermeasures • Technical countermeasures: • Preventive controls focusing on information (DLP) • Detective controls (log management) • Secure applications (WAF, application controls) • Administrative countermeasures • New security policy approach • New legal background • Broad awareness training • Communication, communication, communication • Mathematical countermeasures • The more information we have the less value they have
E-mail: csaba@krasznay.hu Web: www.krasznay.hu Facebook: http://www.facebook.com/krasznay.csaba Twitter: http://twitter.com/csabika25 THANK YOU!