Download presentation
Presentation is loading. Please wait.
1
Metadata – Threats, PII at RISK ? Sudesh Gadewar
2
Agenda Meta-Data Who, What, When, Where, How, Why Various types of Metadata Metadata association - PII Risks Security issues - Metadata WSDL/content spoofing Security Considerations in Metadata
3
Metadata Metadata, data about data. Metadata gives information about the other Data. Metadata is information about resources: individual files collections of files (relationships among files) complete projects (relationships among files and collections)
4
Meta-Data formatting Who – Created the Data What – is the content of the Data ? When – is created Where – is it geographically How – is the data Developed Why – is the Data Developed
5
Meta-Data association Metadata associated with emails: – Sender's name, email, and IP address – Recipient's name and email address – Date, time, and time zone – Unique identifier of email and related emails – Mail client login records with IP address – Mail client header formats – Subject of email
6
Meta-Data association Metadata associated with mobile phones: – Metadata associated with mobile phones: – Phone number of every caller – Serial numbers of phones involved – Time of call – Duration of call – Location of each participant – Telephone calling card numbers
7
Meta-Data association Metadata associated with web browsers: – Activity including pages the user visits and when visited – User data and possibly user login details with auto-fill features – User IP address, internet service provider, device hardware details, operating system, and browser version – Cookies and cached data from websites
8
Various types of Metadata Descriptive: – Facilitates discovery and describes intellectual content Administrative: – Facilitates management of digital and analog resources Technical: – Describes the technical aspects of the digital object Structural: – Describes the relationships within a digital object Preservation: – Supports long-term retention of the digital object and may overlap with technical, administrative, and structural metadata
9
Metadata WSDL/content spoofing MetaData Sample : Testing the page
10
<wsa10:EndpointReference xmlns:wsa10="http://www.w3.org/2005/08/addressing"> http://services.example.org/stockquote <mex:MetadataSection Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> http://services.example.org/stockquote/metadata <mex:MetadataSection Dialect="http://schemas.xmlsoap.org/wsdl/"> <wsdl:definitions targetNamespace="http://schemas.xmlsoap.org/ws/2004/09/transfer" xmlns:tns="http://schemas.xmlsoap.org/ws/2004/09/transfer" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:import namespace="http://schemas.xmlsoap.org/ws/2004/09/transfer" schemaLocation="http://schemas.xmlsoap.org/ws/2004/09/transfer/transfer.xsd" />
11
<wsdl:input message="tns:EmptyMessage" wsa:Action="http://schemas.xmlsoap.org/ws/2004/09/transfer/Get" /> <wsdl:output message="tns:AnyXmlMessage" wsa:Action="http://schemas.xmlsoap.org/ws/2004/09/transfer/GetResponse" />
12
Content Spoofing Demo on WSDL spoofing Demo on on Content Spoofing
13
Security Considerations in Metadata End user access should be read-only Treat meta data components as any other database component: – Create users and groups – Grant access to groups – Use row-level security (or equivalent) if needed Publish/disable MetaData Use Secure bindings Trusted MetaData Safe Techniques
14
Thank you
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.