the future of internet security
play

The Future of Internet Security Keeping up with the ever changing - PowerPoint PPT Presentation

Oct 25, 2023 •333 likes •694 views

The Future of Internet Security Keeping up with the ever changing security Drupalcon 2017 threats to Drupal and the web 1 Who is this guy? Chris Teitzel Founder / CEO Lockr technerdteitzel Cellar Door 7 years 10 months in Drupal

  1. The Future of Internet Security Keeping up with the ever changing security Drupalcon 2017 threats to Drupal and the web 1

  2. Who is this guy? Chris Teitzel Founder / CEO Lockr technerdteitzel Cellar Door ● 7 years 10 months in Drupal ● Omega, Encrypt, Key, File Encrypt, Field Encrypt... 2 Chris Teitzel @technerdteitzel

  3. 3 The mysterious future

  4. 4 The mysterious future

  5. 5 The mysterious future

  6. 6 The mysterious future

  7. 7 The mysterious future

  8. 8 The mysterious future

  9. 9 The mysterious future

  10. 10 The mysterious present

  11. As your digital footprint Your entire life is expands, so does the amount of personal data at connected... risk *I’m not inherently saying this is bad, but as developers we have a responsibility 11 Don’t be afraid, be proactive about security

  12. 12 Breaches are not going away

  13. Data is the most The ability to collect, analyze, forecast and act valuable asset in upon data will drive the next decade of global the world business growth We need to look no further than the acquisition of The Weather Channel by IBM. The ability to feed detailed weather data into Watson multiplies the inherent value of the data. 13 Don’t be afraid, be proactive about security

  14. “ Whether you are going for a run, watching TV or even just sitting in traffic, virtually every activity creates a digital trace… As devices from watches to cars connect to the internet, the volume (of data) is increasing: some estimate that a self-driving car will generate 100 gigabytes per second . Meanwhile, artificial-intelligence (AI) techniques such as machine learning extract more value from data. Algorithms can predict when a customer is ready to buy, a jet-engine needs servicing or a person is at risk of a disease. Industrial giants such as GE and Siemens now sell themselves as data firms.” https://www.economist.com/news/leaders/21721656-data-econ omy-demands-new-approach-antitrust-rules-worlds-most-valua 14 ble-resource

  15. Successful Companies Collect Data ● Whether you think the data is important at this time, data can have future value ● Use data to drive your decisions, back up your theories, and lead your company, product and team 15 PII isn’t just just an acronym, it is someone’s life

  16. IoT Turning into IoHT ● DDoS attack of orchestrated DVR and IoT devices took down Dyn ● Car computers programmed to stop and baby monitors being compromised are just the first wave ● Every connection to the web, creates a new surface for attack and data loss 16 Thermostats will take over the world

  17. Personal Data Everywhere ● Seemingly innocent data can be pieced into an identity ○ Quick survey ● Identity theft isn’t the only goal for a breach ○ Corporate Espionage ○ Political gain ● Inform your users what you are collecting It’s not just the right thing to do, it’s the law! ○ 17 Social hacking is as profitable as credit card numbers

  18. Regulations Increasing ● Poor security has become a “cost of business” ● Acronyms for every industry: ○ PCI ○ HIPAA, FERPA, FISMA in the U.S. ○ The GDPR in the EU (and U.K.) 18 GDPR covers more than you think

  19. GDPR Leading the way ● May 25, 2018 enforcement begins ● More than just a cookie warning ● Security by design ● Data portability and the right to be forgotten ● Protection of personal data ○ Anonymization ○ Pseudonymization ○ Encryption ● 4% of global revenue as a maximum fine 19 GDPR is the future of global data privacy

  20. Drupal as a full stack Drupal as a headless website datasource 20 The two sides to Drupal

  21. Drupal as a headless datasource 21 The two sides to Drupal

  22. OWASP Top 10 2017 (not final) ● A1 - Injection ● A2 - Authentication and Session Management ● A3 - Cross-site Scripting ● A4 - Access Control ● A5 - Security Misconfiguration ● A6 - Sensitive Information Disclosure ● A7 - TBA (Insufficient Attack Protection?) ● A8 - Cross-site Request Forgery ● A9 - Using Components with Known Vulnerabilities ● A10 - TBA (Underprotetcted APIs?) 22 Top 10 things to take into account when building any site

  23. Drupal as a Datasource 23 Drupal as part of the larger ecosystem

  24. Drupal as a Datasource ● Arguably the best open-source CMS for complex data modeling and distribution ○ Entities in Drupal 7 led the way ○ API first design of Drupal 8 continues to grow ○ Inclusion of Media in core ● Tailoring the “Authoring experience” instead of the user experience 24 Drupal gives powerful tools for data modeling

  25. An API Driven World Payment Email SMTP Relays Authentication Gateways Marketing Shipping Cloud Providers Encryption APIs 25 Multiple entry points for attack

  26. Recent Attack “...we know that a threat actor used one of our AWS keys to gain access to our AWS platform via API from an intermediate host with another, smaller service provider in the US.” 26 Recent Secrets Based Attacks

  27. Grow a team mentality of Security starts at security in an ever the top changing online threat landscape 27 Build in security as a team practice

  28. A little humor… a lot of truth 28 Security as an afterthought

  29. Team Security Best Practices ● Don’t discount security concerns ● Always ask: What if this information gets out? ● Use tools and services to protect before an attack ○ Password vaults ○ WAF/CDN ● If an incident occurs: ○ Breath - staying calm avoids poor decisions ○ Backup - You want to know why it occurred ○ Post-Mortem - Don’t blame, learn 29 Teams that secure together stay together

  30. Drupal Modules for Security ● Encrypt (Real AES) ● Key ● Password Policy ● TFA (Two Factor Authentication) 30 Just a sampling - many many more exist

  31. Guardr - Secure Drupal Distribution ● Distribution with modules and settings ● Helps Drupal meet today’s enterprise and regulatory needs https://drupal.org/project/guard ● r 31 Guardr a secure starting point to Drupal

  32. The Price of DevOps “If your website is worth more than $5… Pay more than $5 for hosting it .” 32 Drew Gorton

  33. Don’t Do Security Alone ● Open source does not make software less secure ○ Do update your software ● Focus on what you do best as a team/company and let the experts do their job ● Continually re-evaluate your data decisions 33 I get by with a little help from my friends

  34. Security Doesn’t Kill the Fun ● The future of the web, and Drupal, is an exciting new frontier ● Use Drupal to create the next generation of IoT and connected deviceS 34 Create the future you want to live in

  35. Thank You! Drupalcon 2017 Slides will be up shortly 35

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Internet Security Alliance The Internet Security Alliance is a collaborative effort with

The Internet Security Alliance The Internet Security Alliance is a collaborative effort with

The Internet Security Alliance The Internet Security Alliance is a collaborative effort with Carnegie Mellon University. It is a cross-sector, internationally- based trade association devoted to cyber security. ISA has individual corporate

349 views • 30 slides
Future Internet Future Internet Internet has evolved from 4-node network to ubiquituous, global

Future Internet Future Internet Internet has evolved from 4-node network to ubiquituous, global

An Architecture for An Architecture for Supporting Future Internet Supporting Future Internet Applications Applications Sebastian Mies Institute of Telematics, University of Karlsruhe (TH), Germany The SpoVNet Consortium: University of

268 views • 11 slides
Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN

244 views • 23 slides
Trust and Security in the Future Internet Ilaria Matteucci Istituto di Informatica e Telematica -

Trust and Security in the Future Internet Ilaria Matteucci Istituto di Informatica e Telematica -

Trust and Security in the Future Internet Ilaria Matteucci Istituto di Informatica e Telematica - Consiglio Nazionale delle Ricerche 5th of December 2019 Main Research Areas Authentication Risk Management Authorization and Usage

534 views • 10 slides
Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second edition Firewall and Internet Security, the Second Hundred (Internet)

801 views • 78 slides
Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology

Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology

ITS335 Internet Security Internet Security Secure Email Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 its335y15s2l10,

450 views • 25 slides
Distributed mobility management more IPv4 blocks available) for Future Internet for Future

Distributed mobility management more IPv4 blocks available) for Future Internet for Future

Internet Core network: converge (cellular and Internet no Distributed mobility management more IPv4 blocks available) for Future Internet for Future Internet Access networks: diverse Devices: multiple interfaces, multiple

145 views • 12 slides
The Internet Security Alliance The Internet Security Alliance is a collaborative effort between

The Internet Security Alliance The Internet Security Alliance is a collaborative effort between

The Internet Security Alliance The Internet Security Alliance is a collaborative effort between Carnegie Mellon Universitys Software Engineering Institute (SEI) and its CERT Coordination Center (CERT/CC) and the Electronic Industries Alliance

294 views • 10 slides
Internet Security HTTPS SSH CSS441: Security and Cryptography Sirindhorn International

Internet Security HTTPS SSH CSS441: Security and Cryptography Sirindhorn International

CSS441 Internet Security Web Security TLS/SSL Internet Security HTTPS SSH CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015

832 views • 32 slides
Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things

Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things

Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things (IoT)? Why is IoT Security so Important? Dyn DDOS Attack What are the security challenges of an IoT network? A Proposed Taxonomy

176 views • 14 slides
Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security Protocols Application layer security (email) PGP, S/MIME Transport layer security Bart Preneel SSL / TLS June 2003 Network layer

571 views • 19 slides
Future Internet of Services Future Internet of Services 3 Perspective From a TAS 3 Perspective

Future Internet of Services Future Internet of Services 3 Perspective From a TAS 3 Perspective

Future Internet of Services Future Internet of Services 3 Perspective From a TAS 3 Perspective From a TAS Danny De Cock TAS 3 Project Coordinator Slides available from http://godot.be/slides Email: Danny.DeCock@esat.kuleuven.be Future

252 views • 12 slides
A Public Web Services Security Framework Based on Current and Future Usage Scenarios Internet

A Public Web Services Security Framework Based on Current and Future Usage Scenarios Internet

A Public Web Services Security Framework Based on Current and Future Usage Scenarios Internet Computing 2002 Conference, Las Vegas, June 2002 J.Thelin, Chief Architect PJ.Murray, Product Manager Cape Clear Software Inc. Web Services Usage

357 views • 11 slides
ICANN & Internet Security (DNS) Security Albert Daniels Albert.daniels@icann.og Internet

ICANN & Internet Security (DNS) Security Albert Daniels Albert.daniels@icann.og Internet

ICANN & Internet Security (DNS) Security Albert Daniels Albert.daniels@icann.og Internet Week Guyana 11 th October 2017 | 1 What Does ICANN Mean for the End User? POLIC Y The Domain Name System Policy Development is an L-Root is one

636 views • 32 slides
The Economy is reliant on the Internet The state of Internet security is eroding quickly. Trust

The Economy is reliant on the Internet The state of Internet security is eroding quickly. Trust

The Economy is reliant on the Internet The state of Internet security is eroding quickly. Trust in online transactions is evaporating, and it will require strong security leadership for that trust to be restored. For the Internet to remain the

433 views • 29 slides
COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus

COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus

COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus Worm Trojan Spyware Adware Messenger Service 2 VIRUS VIRUS A virus must meet two A computer virus is a small criteria:

525 views • 23 slides
Emerging Leaders in Employment Services Informational webinar Jenny StonemeierAPSE Rick

Emerging Leaders in Employment Services Informational webinar Jenny StonemeierAPSE Rick

Emerging Leaders in Employment Services Informational webinar Jenny StonemeierAPSE Rick McAllisterSubject Matter Expert February 26, 2020 Topics for Today Overview of the Emerging Leaders in Employment Services Who is the ideal

468 views • 13 slides
CS675: Convex and Combinatorial Optimization Fall 2019 Introduction to Optimization Instructor:

CS675: Convex and Combinatorial Optimization Fall 2019 Introduction to Optimization Instructor:

CS675: Convex and Combinatorial Optimization Fall 2019 Introduction to Optimization Instructor: Shaddin Dughmi Outline Course Overview 1 Administrivia 2 Outline Course Overview 1 Administrivia 2 Mathematical Optimization The task of

746 views • 23 slides
COM S 211 Computers and Programming (also ENGRD 211) Fall, spring, summer. 3 credits.

COM S 211 Computers and Programming (also ENGRD 211) Fall, spring, summer. 3 credits.

COM S 211 Computers and Programming (also ENGRD 211) Fall, spring, summer. 3 credits. Prerequisite: COM S 100 or an equivalent course in Java or C++. Intermediate programming in a high-level language and introduction to computer science. Topics

548 views • 24 slides
CS440/ECE448 Lecture 28: Review I Final Exam Mon, May 6, 9:3010:45 Covers all lectures after

CS440/ECE448 Lecture 28: Review I Final Exam Mon, May 6, 9:3010:45 Covers all lectures after

CS440/ECE448 Lecture 28: Review I Final Exam Mon, May 6, 9:3010:45 Covers all lectures after the first exam. Same format as the first exam. Location: TBA Conflict exam: Wed, May 8, 9:3010:45 Location: Siebel 3403. If you need to take

1.25k views • 95 slides
Comprehensive Primary Care Plus Advancing the Delivery of and Payment for Primary Care

Comprehensive Primary Care Plus Advancing the Delivery of and Payment for Primary Care

Comprehensive Primary Care Plus Advancing the Delivery of and Payment for Primary Care Information for Payers 1 Comprehensive Primary Care Plus Center for Medicare & Medicaid Innovation Three Main Goals Underlie CPC+ 1 A dvance care

515 views • 22 slides
PT Link Net Tbk Q1 2018 Earnings Conference Call April 30, 2018 Double Digit Revenue &

PT Link Net Tbk Q1 2018 Earnings Conference Call April 30, 2018 Double Digit Revenue &

PT Link Net Tbk Q1 2018 Earnings Conference Call April 30, 2018 Double Digit Revenue & Earnings Growth Revenue, EBITDA , Net Profit EBITDA (Rp Bn) Revenue (Rp Bn) 600 60% 59.0% 550 58.5% 50% 500 40% 450 30% 400 534 473 20%

347 views • 9 slides
PT Link Net Tbk Q3 2016 Earnings Conference Call November 2, 2016 9M 2016 highlights

PT Link Net Tbk Q3 2016 Earnings Conference Call November 2, 2016 9M 2016 highlights

PT Link Net Tbk Q3 2016 Earnings Conference Call November 2, 2016 9M 2016 highlights Achievements - Revenue growth grew steady at 14% yoy - Profitable growth sustained with EBITDA grew 17% yoy, at high of 59% - Net profit up 31% yoy at a

130 views • 9 slides
Well, he (or she) will get over it! Yes, but at what cost? Isaiah 59:12 Behold, the

Well, he (or she) will get over it! Yes, but at what cost? Isaiah 59:12 Behold, the

Well, he (or she) will get over it! Yes, but at what cost? Isaiah 59:12 Behold, the LORD's hand is not shortened, That it cannot save; Nor His ear heavy That it cannot hear 2 But your iniquities Nor His ear heavy, That it cannot

1.18k views • 89 slides

More recommend