1 / 16

Security o n Web 2.0

Security o n Web 2.0. Krasznay Csaba. Google Search Trends. Press Trends. Media Image of Web 2.0. gossip. malware. deface. child porn. death. lynching. data breach. data retention. phishing. anti-privacy. What really is Web 2.0?. Risk Assessment. Web 2.0 threats.

ide
Download Presentation

Security o n Web 2.0

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security onWeb 2.0 Krasznay Csaba

  2. Google Search Trends

  3. Press Trends

  4. Media Image of Web 2.0 gossip malware deface child porn death lynching databreach data retention phishing anti-privacy

  5. What really is Web 2.0?

  6. Risk Assessment

  7. Web 2.0 threats

  8. Web 2.0 vulnerabilities

  9. Target: the Person • Think about Cyber-bullying and cyber-stalking • Threats: Identity theft, Harassment, Age verification threats • Vulnerabilities: Access, Authentication, Authorization; End-user Related problems • Incident:the story of Megan Meier • And think about what happened with Lori Drew… • Asset: Private information, personal reputation, Physical security • Impact: lethal…

  10. Target: the Company • Think about the Twitter account hacks • Threats: Identity theft, Harassment, Spam, Information fraud • Vulnerabilities: : Access, Authentication, Authorization; Knowledge and Information Management vulnerabilities • Incident: celebrity Twitter hacks • Asset: Corporate and personal reputation, Corporate secrets • Impact: high

  11. Target: the Country • Think about WikiLeaks • Threat: Data leak • Vulnerabilities: Access, Authentication, Authorisation; Development Process Issues; Knowledge and Information Management vulnerabilities; End-user Related problems; General Software and Scripting Vulnerabilities • Incident: Afghan War Diary • Impact: high (maybe lethal?)

  12. Target: the Computer • Think about the Web 2.0 worms • Threats: Botnets, Financial losses, Identity theft, Spam, Hiding of origin, Resource consumption • Vulnerabilities: Access, Authentication, Authorisation; Development Process Issues; End-user Related problems; General Software and Scripting Vulnerabilities • Incident: the KOOBFACE worm • Impact: high

  13. Conclusions • Nothing has changed in our behavior for centuries, but we have new tools and broader audience • Web 2.0 services are generally more secure in traditional technical aspect than other type of web services, but preventive controls are not enough • We have to deal with the problem between the keyboard and the chair…

  14. Maslow's hierarchy of needs • Web 2.0 realizes three layers of human needs • So people needs safety and security – but maybe we didn’t realize it yet • If Web 2.0 can be lethal, do we also need the physiological layer?

  15. Countermeasures • Technical countermeasures: • Preventive controls focusing on information (DLP) • Detective controls (log management) • Secure applications (WAF, application controls) • Administrative countermeasures • New security policy approach • New legal background • Broad awareness training • Communication, communication, communication • Mathematical countermeasures • The more information we have the less value they have

  16. E-mail: csaba@krasznay.hu Web: www.krasznay.hu Facebook: http://www.facebook.com/krasznay.csaba Twitter: http://twitter.com/csabika25 THANK YOU!

More Related