Quintus Security. Final Presentation 4/29/11 Sanjiv KawaJoshua Reynolds Moe HansaChristian Cortes. Agenda. Projects Reasoning and Choice Server Implementation Website Structure Tutorials and Content Projects Challenges and Successes Lessons Learned Questions. Who are we?. - PowerPoint PPT Presentation
Quintus Security
Quintus SecurityFinal Presentation4/29/11
Sanjiv KawaJoshua ReynoldsMoe HansaChristian
CortesAgendaProjects Reasoning and ChoiceServer
ImplementationWebsite StructureTutorials and ContentProjects
Challenges and SuccessesLessons LearnedQuestionsWho are we?Quintus
Security:Quintus of SmyrnaA tale teller of the original Trojan
HorseGreek Mythology Invasion of Troy
Information Technology Major: Computer Systems
Image [1]What is the project?Security Information Website
Written Tutorials/Papers
Video DemonstrationsAttack DemonstrationsPreventive
Demonstrations
Why did we choose it?Lack of understandable Security
Information.
Improper Security Practices in the Industry.
A group passion for security and providing
awareness.SponsorshipSponsored by Seccuris Inc.Intellectual
Property of the Capstone Project as provided to SeccurisExperts in
Information SecurityInternationally recognized by academic and
professional institutesBased out of Winnipeg
Image [2]REMEMBER TO THANK SECCURIS AND PAUL HERE!!6Requirements
Business PlanDue to the nature of the project a Business Plan was
required
A formal document that is needed for the pre-approval for a
loan
A Business Plan includes:Business Goals, Description, and
BackgroundMarketing and Advertising Competition, Growth Program,
Risk Assessment
ItemCostWindows Server 2008 R2Enterprise$3,999.00Windows XP SP3
Professional $149.99VMware Workstation 7.1$133.00Camtasia for Mac |
Screen Recording & Presentation$99.00Linux
Distributions$0.00Canon FS200 Camcorder $272.99LaCie 500GB External
HD USB 2.0$99.99 Server System (HP DL385 G7)$2849.99D-Link
DGS-1008G 8-Port Gigabit Desktop Switch$59.99SamsungBX2240X 21.5"
Business LED Monitor
$229.994x14 CAT6 Ethernet Patch Cable$27.92Microsoft Wireless
Desktop 3000 Keyboard & Mouse Bundle, English$49.99Blue
Microphones | Snowflake$83.99Total$8139.83Resources Time spent
& material Resources Time spent & material
MembersPositionTime SpentRateCostChristian CortesResearch &
Technologist
75 hours$25.10
$1882.5Josh ReynoldsProject Manager88 hours$40.00$3520.0Moe
HasnaResearch & Technologist
83 hours$25.10
$2083.3Sanjiv KawaWeb Designer & Architect 86
hours$25.10
$2158.6Hourly Total332 hoursCost Total$9644.4Grand
Total$17,784.23Server Implementation
HP DL385 G7Raid 5 Array (6 Drives)Hard Drive Encryption
Ubuntu Server v10.10PHP5apache2SSHSFTPSSLMySQL
10Website StructureThe website can be broken down into 2
areas:
Administration Section Accessed via hidden path.
User Section Available to registered users only.
Website Structure - AdminThe Administration Area of the Website
consists of 3 sections:
Add User The creation of either a regular user or moderator.
Delete User The removal of either a regular user or
moderator.
Administrative Logs Tracks if a moderator has logged, specifies
IP and Time.Website Structure - Admin
Website Structure - userThe User area of the Website consists of
2 sections:
About Us A brief section about each member.
Tutorials A section dedicated towards security write ups and
videos.
Website Structure - User
Website Structure - NavigationThe website implements uniform
navigation.A standard portal for easy roaming.One location, serving
one purpose.Complete user control.
Website Structure - SecurityActive User SessionsMD5
EncryptionJava Script FiltrationNo $_GET Requests
TutorialsBasic:Data EncryptionMalwareSecuring WindowsSSL and
TLS
Image [3]TutorialsIntermediate:Cross Site Scripting
(XSS)Local/Remote File InclusionsNetwork EncryptionPassword
CrackingSSL StripSQL Injection
Image [4]tutorialsAdvanced:Buffer OverflowsWireless Security
Image [5]challenges & successesGetting video demonstrations
to react in an expected manner
Trying not to make mistakes while recording video tutorialsWith
practice it became more natural
Documentation Format and Flow
Intellectual Property Group meetings and Long Discussions
regarding the distribution of IP
Time constraints Not being able to demonstrate all topics of
interestLessons learnedPlanning is key.Heavy research is required
for large projects.Encryptions algorithms are complicated.Modern
Linux versions have improved security.Project in itself felt like
it was another IT security course.
Most importantly:
Choose a project that you are passionate about, this way it is
enjoyable and you will produce your best work.
Thank You Questions are WelcomeReferencesImage [1] - Wikipedia:
"File:Theprocessionofthetrojanhorseintroybygiovannidomenicotiepolo.jpg
- Wikipedia, the free encyclopedia." Wikipedia, the free
encyclopedia. N.p., n.d. Web. [Accessed 13 Apr. 2011.]
http://en.wikipedia.org/wiki/File:Theprocessionofthetrojanhorseintroybygiovannidomenicotiepolo.jpgImage
[2] - Seccuris. "Seccuris Inc. - Assured Protection." Seccuris Inc.
- Assured Protection. N.p., n.d. Web. [Accessed 13 Apr. 2011].
http://www.seccuris.com/Image [3-5] Microsoft PowerPoint Provided
Images
