Presentation is loading. Please wait.

Presentation is loading. Please wait.

Metadata – Threats, PII at RISK ? Sudesh Gadewar.

Published byEmily Wade Modified over 9 years ago

Similar presentations

Presentation on theme: "Metadata – Threats, PII at RISK ? Sudesh Gadewar."— Presentation transcript:

1 Metadata – Threats, PII at RISK ? Sudesh Gadewar

2 Agenda Meta-Data Who, What, When, Where, How, Why Various types of Metadata Metadata association - PII Risks Security issues - Metadata WSDL/content spoofing Security Considerations in Metadata

3 Metadata Metadata, data about data. Metadata gives information about the other Data. Metadata is information about resources: individual files collections of files (relationships among files) complete projects (relationships among files and collections)

4 Meta-Data formatting Who – Created the Data What – is the content of the Data ? When – is created Where – is it geographically How – is the data Developed Why – is the Data Developed

5 Meta-Data association Metadata associated with emails: – Sender's name, email, and IP address – Recipient's name and email address – Date, time, and time zone – Unique identifier of email and related emails – Mail client login records with IP address – Mail client header formats – Subject of email

6 Meta-Data association Metadata associated with mobile phones: – Metadata associated with mobile phones: – Phone number of every caller – Serial numbers of phones involved – Time of call – Duration of call – Location of each participant – Telephone calling card numbers

7 Meta-Data association Metadata associated with web browsers: – Activity including pages the user visits and when visited – User data and possibly user login details with auto-fill features – User IP address, internet service provider, device hardware details, operating system, and browser version – Cookies and cached data from websites

8 Various types of Metadata Descriptive: – Facilitates discovery and describes intellectual content Administrative: – Facilitates management of digital and analog resources Technical: – Describes the technical aspects of the digital object Structural: – Describes the relationships within a digital object Preservation: – Supports long-term retention of the digital object and may overlap with technical, administrative, and structural metadata

9 Metadata WSDL/content spoofing MetaData Sample : Testing the page

10 <wsa10:EndpointReference xmlns:wsa10="http://www.w3.org/2005/08/addressing"> http://services.example.org/stockquote <mex:MetadataSection Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> http://services.example.org/stockquote/metadata <mex:MetadataSection Dialect="http://schemas.xmlsoap.org/wsdl/"> <wsdl:definitions targetNamespace="http://schemas.xmlsoap.org/ws/2004/09/transfer" xmlns:tns="http://schemas.xmlsoap.org/ws/2004/09/transfer" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:import namespace="http://schemas.xmlsoap.org/ws/2004/09/transfer" schemaLocation="http://schemas.xmlsoap.org/ws/2004/09/transfer/transfer.xsd" />

11 <wsdl:input message="tns:EmptyMessage" wsa:Action="http://schemas.xmlsoap.org/ws/2004/09/transfer/Get" /> <wsdl:output message="tns:AnyXmlMessage" wsa:Action="http://schemas.xmlsoap.org/ws/2004/09/transfer/GetResponse" />

12 Content Spoofing Demo on WSDL spoofing Demo on on Content Spoofing

13 Security Considerations in Metadata End user access should be read-only Treat meta data components as any other database component: – Create users and groups – Grant access to groups – Use row-level security (or equivalent) if needed Publish/disable MetaData Use Secure bindings Trusted MetaData Safe Techniques

14 Thank you

Download ppt "Metadata – Threats, PII at RISK ? Sudesh Gadewar."

Similar presentations

Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Hosted Voice Product Training

Hosted Voice Product Training
Configuring Home Network With OpenDNS

Configuring Home Network With OpenDNS
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Design Aspects. User Type the URL address on the cell phone or web browser Not required to login.

Design Aspects. User Type the URL address on the cell phone or web browser Not required to login.
1-1 Introduction to Computer Networks and Data Communications.

1-1 Introduction to Computer Networks and Data Communications.
Introducing Symposia : “ The digital repository that thinks like a librarian”

Introducing Symposia : “ The digital repository that thinks like a librarian”
Free Wi-Fi Zone. Detail Process of Free Wi-Fi Access Switch on Wi-Fi setup on your Wi-Fi enabled Device like Cell Phone, Tablet PC, Laptop & search for.

Free Wi-Fi Zone. Detail Process of Free Wi-Fi Access Switch on Wi-Fi setup on your Wi-Fi enabled Device like Cell Phone, Tablet PC, Laptop & search for.
WORKING WITH DATA ABOUT DATA: Introduction to Metadata 10.03.2009 | Ms Dot Porter| slide 1 A project of the Introduction to Metadata Working with Data.

WORKING WITH DATA ABOUT DATA: Introduction to Metadata | Ms Dot Porter| slide 1 A project of the Introduction to Metadata Working with Data.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Communication Methods Email, or Electronic Mail, is an important part of communication within businesses and should be used effectively. An email is made.

Communication Methods , or Electronic Mail, is an important part of communication within businesses and should be used effectively. An is made.
Market Research. Marketing Intern Project Goal: – By the end of this unit, you will develop an effective marketing research study for a mobile phone company.

Market Research. Marketing Intern Project Goal: – By the end of this unit, you will develop an effective marketing research study for a mobile phone company.
Digital Literacy. Productivity Programs Digital Literacy Courses and Topics Computer Basics Security and Privacy Internet and Web Basics Digital Lifestyle.

Digital Literacy. Productivity Programs Digital Literacy Courses and Topics Computer Basics Security and Privacy Internet and Web Basics Digital Lifestyle.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
CSCI 323 – Web Development Chapter 1 - Setting the Scene We’re going to move through the first few chapters pretty quick since they are a review for most.

CSCI 323 – Web Development Chapter 1 - Setting the Scene We’re going to move through the first few chapters pretty quick since they are a review for most.
CS457/557 Introduction – Chapters 1-2. Relevance of Databases DBs are a part of most decisions in an enterprise – Traditional DBs – Operational – Data.

CS457/557 Introduction – Chapters 1-2. Relevance of Databases DBs are a part of most decisions in an enterprise – Traditional DBs – Operational – Data.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Similar presentations

Ads by Google