Securing Sakai: Ensuring a Secure Sakai Instance Sean DeMonner Alan Berg Anthony White Ian Boston Matthew Jones 2010 Sakai Conference Denver, Colorado.

Slides:



Advertisements
Similar presentations
8th Sakai Conference4-7 December 2007 Newport Beach What does Quality Assurance Mean to Sakai? Alan Berg Megan May Seth Theriault.
Advertisements

June 10-15, 2012 Growing Community; Growing Possibilities Joe Humbert, Indiana University Brian Richwine, Indiana University.
Jason Ming Sun ICT Academic Systems University of South Africa Government CIO Summit Towards reducing costs of doing business in government.
Summit 2011 Outcomes PRESENTED BY __________. About the Summit Over 180 application security experts from over 120 companies, 30 different countries,
WEST Presented By 3s. Introduction Project Overview Project Overview Use Case Diagram Use Case Diagram Domain Model Diagram Domain Model Diagram UI for.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Cyber Security – Our Approach James Clement Network Specialist ETS: Communications & Network Services
Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.
Understanding your child’s IEP.  The Individualized Education Plan (IEP) is intended to help students with disabilities interact with the same content.
Open Source Content Management System - JOOMLA Swapnil S. Chafale Nagpur (M.S.) India Paper-Presentation For ATCON-2009 Conference.
What does QA mean to Sakai? Megan May – Sakai Foundation Aaron Zeckoski – CARET Alan Berg – UVA David Horwitz – Cape Town Seth Theriault- Columbia Linda.
Mental Health Survey 2015: Webinar 14 th January 2015.
Build a CMS Website. The topics this chapter covers are: What is CMS ? What you can do with CMS The benefits and disadvantages of using a content management.
Tutorial Introduction Fidelity NTSConnect is an innovative Web-based software solution designed for use by customers of Fidelity National Title Insurance.
Website Hardening HUIT IT Security | Sep
By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
LGC Website and Customer On-line Tools LGC RESOURCE 2014.
Systems Development Life Cycle Dirt Sport Custom.
I18n BOF Raúl E. Mengod López Universidad Politécnica de Valencia.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
Staying Safe Online Keep your Information Secure.
Jack Malloch Product Service Advisor Global Support Services.
Sakai Overview Sakai Conference: June 12-14, 2007 Amsterdam, NL.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
Internationalization 3.0 Beth Kirschner University of Michigan.
What is Sakai QA? Alan Berg, Interim QA Director, Sakai Foundation Anthony Whyte, Release manager, Sakai Foundation Aaron Zeckoski, Software Engineer,
Immunization Data Exchange (BYIM v 2.0*1) Transporting the Message to the IIS Nathan Bunker & John Parker Updated 08/05/2011.
GGF Fall 2004 Brussels, Belgium September 20th, 2004 James Marsteller Pittsburgh Supercomptuing Center
Sakai Best Practices Alan Berg, Interim QA Director, Sakai Foundation Aaron Zeckoski, Software Engineer, Unicon and Maint Team Lead, Sakai.
Project Dragon Small Business Website Content Management System.
Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003.
Getting Involved in Sakai Peter A. Knoop Project Coordinator Sakai Foundation/University of Michigan 8th Sakai Conference4-7 December 2007Newport Beach.
Mtivity Client Support System Quick start guide. Mtivity Client Support System We are very pleased to announce the launch of a new Client Support System.
10 ways to make a good Sakai release Aaron Zeckoski, Unicon Anthony Whyte, Sakai Foundation Jean-François Lévêque, UPMC.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
This agreement covers the services provided to ● by the Communications team Services Provided The following services and systems will be provided to the.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
One Click Install Melanie Adcock
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
Ethics and Compliance Program Overview June 2, 2008.
GOOGLE SITES HOW TO USE GOOGLE SITES TO CREATE A WEBSITE FOR CORNERS, STUDENT GROUPS, YOUTH CLUBS, YALI STEPHEN PERRY, IRO, GHANA OCTOBER 2014.
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Scheduler CSE 403 Project SDS Presentation. What is our project? We are building a web application to manage user’s time online User comes to our webpage.
Update from the Sakai Requirements Working Group Mark Norton, Chairman, REQ-WG.
1 Update from the Sakai Requirements Working Group Mark Norton Mara Hancock.
Yesdatabas Team Void Main. Team Members Daniel MeteyerMichael MartinCorey McClymondsPatrick Stetter.
Gaspar Modelo-Howard NEEScomm Cybersecurity Software Engineer Saurabh Bagchi NEEScomm Cybersecurity Officer.
June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud and Software Vulnerabilities Linda Cornwall, STFC 20.
START Application Spencer Johnson Jonathan Barella Cohner Marker.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
1. Begin Quick Start 2. Administration 3. Good to Know 4. Slightly Technical 5. User Experience 6. You are ready to go !
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 7 EMPLOYMENT CONTRACTS & CODES OF CONDUCT.
ALPA Information Technology Conference November 16-18, 2005.
HMSI Hotel Management System Integrated 01 STARTTHE IDEAPLANREQUIREM ENTS DESIGNTESTDEMO.
Quarterly Geo/SIG Coordinator Webinar June 25, 2014.
Project Dragon Small Business Website Content Management System.
PHP online test script - i-netsolution
Critical Security Controls
Pressure Cooker: Access Controls in New and Existing ERP Systems
Ways to Secure CMS Websites. The most widely used Content Management Systems are Wordpress, Joomla and Drupal as per statistics. The highest CMS platforms.
OWASP Secure Coding Practices Quick Reference Guide
EPAM Cloud Orchestration
E-NOTIFY and CAER OnLine Training
NEW! Student Organization Database
Training 101 : Accessing iBoomerang Tools
HOW DO I CONTACT GMAIL BY PHONE IN USA
Greetings! Tracy Garceau Colorado Department of Regulatory Agencies
Presentation transcript:

Securing Sakai: Ensuring a Secure Sakai Instance Sean DeMonner Alan Berg Anthony White Ian Boston Matthew Jones 2010 Sakai Conference Denver, Colorado Tuesday, Jun 15 (15: :30)

11th Sakai Conference - June 15-17, 2010 Overview Sakai security policy Who is on the Security Working Group? [identifying by name/institution, or in person] What to do if you suspect a security issue Security related activities o Reactive development o Proactive investigation (U-M, Sakai Foundation) Top 10 list for Production instances Recap and Q&A 11th Sakai Conference - June 15-17, 2010

Sakai Security Policy Issues restricted to Sakai security contacts and members of the Sakai Security Work Group Security advisories and security updates issued to the general public once existing Sakai installations have been notified and given time to patch their systems. Three levels of issue severity: Critical, Major, Minor 11th Sakai Conference - June 15-17, 2010

Security Working Group Alan Berg, UvA Noah Botimer, UMich Matthew Buckett, Oxford Jon Gorrono, UC Davis Matt Jones, UMich Charles Hedrick, Rutgers David Horwitz, UCT Dawn Isabel, UMich Jean-Francois Leveque, UPMC Stephen Marquard, UCT Charles Severance, UMich Steve Swinsburg, ANU Seth Theriault, Columbia Anthony Whyte, Sakai Foundation / UMich 11th Sakai Conference - June 15-17, 2010

Handling Security Issues NOTICE: If you uncover a security vulnerability in Sakai software please do not voice your concerns on any public listserv, blog or other open communication channel but instead notify the Sakai Foundation immediately at Please provide a callback telephone number so that we can contact you by telephone if it is deemed necessary. 11th Sakai Conference - June 15-17, 2010

Security Activities: Reactive Over 150 issues in last 6 months(?) o Not always resolved as quickly as we'd like o Security coordinator, anyone? Many fixes in 2.7, some of which were U-M reported items that were responded to very quickly Other info on issue counts, turnaround times, etc. from Jiras? 11th Sakai Conference - June 15-17, 2010

Security Activities: Proactive U-M Testing o Penetration testing summary; annual plan? Sakai Foundation Testing o Security Sweep 2.7  Review Jira  Simple penetration testing  Static code analysis Sakai 3 and security 11th Sakai Conference - June 15-17, 2010

Sakai 3 and Security Changed security model was: All UI content from the server made secure, no chink now: Data is insecure UI must construct a secure UI (needs diagram here, I can talk to this slide: Ian 11th Sakai Conference - June 15-17, 2010

"Top 10 List" Have a rep on the security team; adopt need-to-know basis Admin Account management Admin Account passwords Separate daily driver and admin accounts Server & Database user passwords Code reviews with security emphasis Best practices System patches Independent audit of system and processes Secure the web services: o services-in-sakai-and.html 11th Sakai Conference - June 15-17, 2010

Easy Reading OWASP Top 10 Lulu Website for OWASP books Google Caja Project 11th Sakai Conference - June 15-17, 2010

Thank you for your interest! Recap & QA 11th Sakai Conference - June 15-17, 2010

[Slide Title] 11th Sakai Conference - June 15-17, 2010

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.