SlideShare uma empresa Scribd logo

Protect Your Passwords, Secure Your Servers

Transferir como PPT, PDF
Steven Davis
Steven Davis

There have been too many sites compromising personal data. There is no excuse. It is not hard to stop most, if not all hackers. All you have to do is care about your customers. This module describes how you can easily and effectively stop many hack attacks and protect your customer data on your servers. For more information, tools, and resources, visit http://free2secure.com/. If you are interested in keeping up with the latest books, articles, and tools from me at Free2Secure send me an email steve @ free2secure.com with the subject “Subscribe”. If you have any security questions, issues, or shoot me a note to steve @ free2secure.com with the subject “Help”.

SoftwareTecnologia
1 de 12
Security eBooks Protecting Passwords & Securing Servers Steven Davis steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks Standard Server Architecture • 3-Tier / N-Tier • Lots of Apps and Services on a box • Split up for performance, if at all • … a “mini-cloud” • Why? Servers Expensive… in the old days steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks Bootstrap Attack! • Attackers use weakness in one part of a system to attack another – Privilege Escalation … dangerous if more privileges can get you somewhere – SQL Injection … only dangerous if there is something valuable in the same database or accessible via the same account steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks The Server Architecture Problem • Lots of tools and lots of developers – Many of them not on your team – Very few security focused • Too many things to go wrong! steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks Solution – More Servers (or Virtual Servers) • Break up online service infrastructure to multiple servers by function • Reduce number that are internet facing • Reduce and simplify security interfaces • Add proxies to isolate data and applications steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks One Data Store per Server App Divide for Security Game Engine Player Assets Player Account Community Player Access Info • Separate Database & Access Account • Separate Data Store BETTER • Separate Virtual Server w/own Database App • Separate Actual Server Add “Connector” Datastores (Login Status, Player Stats, etc.) rather than links to critical databases steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks Combine with Proxy Security Some online games dangerously include a SQL client and talk directly to the game server Rules Validation Data Validation Validation Message Incoming Message Database • Protecting Database from SQL injection / direct queries • Allows Rules Validation on Server or reallocation to other players steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks Make Password Service a “Dumb Appliance” Secure User Name / Account Name Password Session Server Account Name / Password Identifier Server Password Identifier / Password Seed Login Server Password Identifier / Password Transform • Separate out Password verification from Login Service/Server • Have Password Service work at a slow pace • Use VERY SLOW Cryptography – Select algorithms or combinations of algorithms to take a specific amount of time… traditional cryptography is designed to run fast to support communications…. This is not the problem we face with passwords! • Consider Split Architectures steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks Protect Email and Online Service Identity Info… by Login Service taking them (Encrypted) Active offline Info Updates Service • Users don’t need regular Back Office access to their entire identity profile… so take Personal Info what is not needed regularly offline Email • Only have temporary store for user info while it is being entered or Payment Info changed steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks Six Forms of Personal ID • Separate them and use them all – Login Name Using emails for user names or – Internal Account Number user names for handles just – Handle (Community name) makes attacking easier – Email – Personal Contact Information – Payment Information steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks What next? • Don’t give up! • More security presentations at: http://free2secure.com/ • Check out my book “Protecting Games” – Additional information at http://playnoevil.com/ • You can “win” the security game steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
Security eBooks About Me • Steven Davis – 25+ Years of Security Expertise – I have worked on everything from online games and satellite TV to Nuclear Command and Control and military communications • http://www.linkedin.com/in/playnoevil – Author, “Protecting Games” • Why Free2Secure? – Security is too expensive and isn’t working. There has to be a better way. I’m exploring these issues for IT security, ebooks, games, and whatever else strikes my fancy at http://free2secure.com/ – Join me there, ask questions, challenge assumptions, let’s make things better steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416

Recomendados

Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Amazon Web Services
 
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...Morgan Simonsen
 
Pricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric WorldPricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric WorldMichele Leroux Bustamante
 
I GOvirtual En Brochure
I GOvirtual En BrochureI GOvirtual En Brochure
I GOvirtual En Brochureguybelliveau
 
Getting Started with Containers
Getting Started with ContainersGetting Started with Containers
Getting Started with ContainersVivek Raja P S
 
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-On
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-OnAWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-On
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-OnAmazon Web Services
 
The VDI InfoSec Conundrum
The VDI InfoSec ConundrumThe VDI InfoSec Conundrum
The VDI InfoSec ConundrumVirtualTal
 
17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvariaLuiz Gustavo Santos
 

Recomendados

Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Amazon Web Services
 
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...Morgan Simonsen
 
Pricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric WorldPricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric WorldMichele Leroux Bustamante
 
I GOvirtual En Brochure
I GOvirtual En BrochureI GOvirtual En Brochure
I GOvirtual En Brochureguybelliveau
 
Getting Started with Containers
Getting Started with ContainersGetting Started with Containers
Getting Started with ContainersVivek Raja P S
 
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-On
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-OnAWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-On
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-OnAmazon Web Services
 
The VDI InfoSec Conundrum
The VDI InfoSec ConundrumThe VDI InfoSec Conundrum
The VDI InfoSec ConundrumVirtualTal
 
17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvariaLuiz Gustavo Santos
 
Protect Your Client Software and Identification Security
Protect Your Client Software and Identification SecurityProtect Your Client Software and Identification Security
Protect Your Client Software and Identification SecuritySteven Davis
 
Fight Game Cheating the Easy Way
Fight Game Cheating the Easy WayFight Game Cheating the Easy Way
Fight Game Cheating the Easy WaySteven Davis
 
Fighting online game cheating with cryptography
Fighting online game cheating with cryptographyFighting online game cheating with cryptography
Fighting online game cheating with cryptographySteven Davis
 
Game Design Principles and Inspiration
Game Design Principles and InspirationGame Design Principles and Inspiration
Game Design Principles and InspirationJohn Say
 
Protect Data in Your Software Client - Data Obfuscation
Protect Data in Your Software Client - Data ObfuscationProtect Data in Your Software Client - Data Obfuscation
Protect Data in Your Software Client - Data ObfuscationSteven Davis
 
Online Security - The Good, the Bad, and the Crooks
Online Security - The Good, the Bad, and the CrooksOnline Security - The Good, the Bad, and the Crooks
Online Security - The Good, the Bad, and the CrooksSteven Davis
 
Data Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities
 
Data Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information Presentationguestf018d88
 
Electronic security
Electronic securityElectronic security
Electronic securityWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Electronic Security
Electronic SecurityElectronic Security
Electronic SecurityWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
How to secure your emails for sensitive docs
How to secure your emails for sensitive docsHow to secure your emails for sensitive docs
How to secure your emails for sensitive docsDavid Strom
 
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...Morgan Simonsen
 
CCNA Security - Chapter 3
CCNA Security - Chapter 3CCNA Security - Chapter 3
CCNA Security - Chapter 3Irsandi Hasan
 
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSDeploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSAmazon Web Services
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeThuan Ng
 
RSA Secur id for windows
RSA Secur id for windowsRSA Secur id for windows
RSA Secur id for windowsarpit06055
 
Owasp & Asp.Net
Owasp & Asp.NetOwasp & Asp.Net
Owasp & Asp.NetÖnsel Akın
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...Liam Cleary [MVP]
 
E commerce security
E commerce securityE commerce security
E commerce securityRoha1234567
 
OISC2013_Presentation
OISC2013_PresentationOISC2013_Presentation
OISC2013_PresentationAustin Nagel
 
Overall cryptography and pki introduction
Overall cryptography and pki introductionOverall cryptography and pki introduction
Overall cryptography and pki introductionAvirot Mitamura
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISECisco Canada
 

Mais conteúdo relacionado

Destaque

Protect Your Client Software and Identification Security
Protect Your Client Software and Identification SecurityProtect Your Client Software and Identification Security
Protect Your Client Software and Identification SecuritySteven Davis
 
Fight Game Cheating the Easy Way
Fight Game Cheating the Easy WayFight Game Cheating the Easy Way
Fight Game Cheating the Easy WaySteven Davis
 
Fighting online game cheating with cryptography
Fighting online game cheating with cryptographyFighting online game cheating with cryptography
Fighting online game cheating with cryptographySteven Davis
 
Game Design Principles and Inspiration
Game Design Principles and InspirationGame Design Principles and Inspiration
Game Design Principles and InspirationJohn Say
 
Protect Data in Your Software Client - Data Obfuscation
Protect Data in Your Software Client - Data ObfuscationProtect Data in Your Software Client - Data Obfuscation
Protect Data in Your Software Client - Data ObfuscationSteven Davis
 
Online Security - The Good, the Bad, and the Crooks
Online Security - The Good, the Bad, and the CrooksOnline Security - The Good, the Bad, and the Crooks
Online Security - The Good, the Bad, and the CrooksSteven Davis
 

Destaque (6)

Protect Your Client Software and Identification Security
Protect Your Client Software and Identification SecurityProtect Your Client Software and Identification Security
Protect Your Client Software and Identification Security
 
Fight Game Cheating the Easy Way
Fight Game Cheating the Easy WayFight Game Cheating the Easy Way
Fight Game Cheating the Easy Way
 
Fighting online game cheating with cryptography
Fighting online game cheating with cryptographyFighting online game cheating with cryptography
Fighting online game cheating with cryptography
 
Game Design Principles and Inspiration
Game Design Principles and InspirationGame Design Principles and Inspiration
Game Design Principles and Inspiration
 
Protect Data in Your Software Client - Data Obfuscation
Protect Data in Your Software Client - Data ObfuscationProtect Data in Your Software Client - Data Obfuscation
Protect Data in Your Software Client - Data Obfuscation
 
Online Security - The Good, the Bad, and the Crooks
Online Security - The Good, the Bad, and the CrooksOnline Security - The Good, the Bad, and the Crooks
Online Security - The Good, the Bad, and the Crooks
 

Semelhante a Protect Your Passwords, Secure Your Servers

Data Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities
 
Data Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information Presentationguestf018d88
 
How to secure your emails for sensitive docs
How to secure your emails for sensitive docsHow to secure your emails for sensitive docs
How to secure your emails for sensitive docsDavid Strom
 
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...Morgan Simonsen
 
CCNA Security - Chapter 3
CCNA Security - Chapter 3CCNA Security - Chapter 3
CCNA Security - Chapter 3Irsandi Hasan
 
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSDeploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSAmazon Web Services
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeThuan Ng
 
RSA Secur id for windows
RSA Secur id for windowsRSA Secur id for windows
RSA Secur id for windowsarpit06055
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...Liam Cleary [MVP]
 
E commerce security
E commerce securityE commerce security
E commerce securityRoha1234567
 
OISC2013_Presentation
OISC2013_PresentationOISC2013_Presentation
OISC2013_PresentationAustin Nagel
 
Overall cryptography and pki introduction
Overall cryptography and pki introductionOverall cryptography and pki introduction
Overall cryptography and pki introductionAvirot Mitamura
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISECisco Canada
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationLiam Cleary [MVP]
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Amazon Web Services
 
Making sense of Microsoft Cloud Licenses Security Features
Making sense of Microsoft Cloud Licenses Security Features Making sense of Microsoft Cloud Licenses Security Features
Making sense of Microsoft Cloud Licenses Security Features TechSoup
 

Semelhante a Protect Your Passwords, Secure Your Servers (20)

Data Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information Presentation
 
Data Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information Presentation
 
Electronic security
Electronic securityElectronic security
Electronic security
 
Electronic Security
Electronic SecurityElectronic Security
Electronic Security
 
How to secure your emails for sensitive docs
How to secure your emails for sensitive docsHow to secure your emails for sensitive docs
How to secure your emails for sensitive docs
 
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
 
CCNA Security - Chapter 3
CCNA Security - Chapter 3CCNA Security - Chapter 3
CCNA Security - Chapter 3
 
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSDeploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWS
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More Safe
 
RSA Secur id for windows
RSA Secur id for windowsRSA Secur id for windows
RSA Secur id for windows
 
Owasp & Asp.Net
Owasp & Asp.NetOwasp & Asp.Net
Owasp & Asp.Net
 
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...SharePoint Saturday The Conference DC - Are you who you say you are share poi...
SharePoint Saturday The Conference DC - Are you who you say you are share poi...
 
E commerce security
E commerce securityE commerce security
E commerce security
 
OISC2013_Presentation
OISC2013_PresentationOISC2013_Presentation
OISC2013_Presentation
 
Overall cryptography and pki introduction
Overall cryptography and pki introductionOverall cryptography and pki introduction
Overall cryptography and pki introduction
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISE
 
SharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorizationSharePoint Saturday Austin - Share point authentication and authorization
SharePoint Saturday Austin - Share point authentication and authorization
 
Office 365 Identity Management options
Office 365 Identity Management options Office 365 Identity Management options
Office 365 Identity Management options
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012
 
Making sense of Microsoft Cloud Licenses Security Features
Making sense of Microsoft Cloud Licenses Security Features Making sense of Microsoft Cloud Licenses Security Features
Making sense of Microsoft Cloud Licenses Security Features
 

Último

Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfLivetecs LLC
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 

Último (20)

Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdf
 
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your BusinessAdvantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 

Protect Your Passwords, Secure Your Servers

  • 1. Security eBooks Protecting Passwords & Securing Servers Steven Davis steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 2. Security eBooks Standard Server Architecture • 3-Tier / N-Tier • Lots of Apps and Services on a box • Split up for performance, if at all • … a “mini-cloud” • Why? Servers Expensive… in the old days steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 3. Security eBooks Bootstrap Attack! • Attackers use weakness in one part of a system to attack another – Privilege Escalation … dangerous if more privileges can get you somewhere – SQL Injection … only dangerous if there is something valuable in the same database or accessible via the same account steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 4. Security eBooks The Server Architecture Problem • Lots of tools and lots of developers – Many of them not on your team – Very few security focused • Too many things to go wrong! steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 5. Security eBooks Solution – More Servers (or Virtual Servers) • Break up online service infrastructure to multiple servers by function • Reduce number that are internet facing • Reduce and simplify security interfaces • Add proxies to isolate data and applications steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 6. Security eBooks One Data Store per Server App Divide for Security Game Engine Player Assets Player Account Community Player Access Info • Separate Database & Access Account • Separate Data Store BETTER • Separate Virtual Server w/own Database App • Separate Actual Server Add “Connector” Datastores (Login Status, Player Stats, etc.) rather than links to critical databases steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 7. Security eBooks Combine with Proxy Security Some online games dangerously include a SQL client and talk directly to the game server Rules Validation Data Validation Validation Message Incoming Message Database • Protecting Database from SQL injection / direct queries • Allows Rules Validation on Server or reallocation to other players steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 8. Security eBooks Make Password Service a “Dumb Appliance” Secure User Name / Account Name Password Session Server Account Name / Password Identifier Server Password Identifier / Password Seed Login Server Password Identifier / Password Transform • Separate out Password verification from Login Service/Server • Have Password Service work at a slow pace • Use VERY SLOW Cryptography – Select algorithms or combinations of algorithms to take a specific amount of time… traditional cryptography is designed to run fast to support communications…. This is not the problem we face with passwords! • Consider Split Architectures steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 9. Security eBooks Protect Email and Online Service Identity Info… by Login Service taking them (Encrypted) Active offline Info Updates Service • Users don’t need regular Back Office access to their entire identity profile… so take Personal Info what is not needed regularly offline Email • Only have temporary store for user info while it is being entered or Payment Info changed steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 10. Security eBooks Six Forms of Personal ID • Separate them and use them all – Login Name Using emails for user names or – Internal Account Number user names for handles just – Handle (Community name) makes attacking easier – Email – Personal Contact Information – Payment Information steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 11. Security eBooks What next? • Don’t give up! • More security presentations at: http://free2secure.com/ • Check out my book “Protecting Games” – Additional information at http://playnoevil.com/ • You can “win” the security game steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416
  • 12. Security eBooks About Me • Steven Davis – 25+ Years of Security Expertise – I have worked on everything from online games and satellite TV to Nuclear Command and Control and military communications • http://www.linkedin.com/in/playnoevil – Author, “Protecting Games” • Why Free2Secure? – Security is too expensive and isn’t working. There has to be a better way. I’m exploring these issues for IT security, ebooks, games, and whatever else strikes my fancy at http://free2secure.com/ – Join me there, ask questions, challenge assumptions, let’s make things better steve@free2secure.com Games, iGaming, and Gambling +1.650.278.7416

Notas do Editor

  1. http://docs.oracle.com/cd/A97335_02/busint.102/a90287/vwarch1.gif