Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting the Player– Information Security Concerns Gus March 21, 2014.

Published byDeborah Johnston Modified over 9 years ago

Similar presentations

Presentation on theme: "Protecting the Player– Information Security Concerns Gus March 21, 2014."— Presentation transcript:

1 Protecting the Player– Information Security Concerns Gus Fritschie @gfritschie March 21, 2014

2 © SeNet International Corp. 20142March 2014 SeNet Overview While there is the potential for attacks against the iGaming application and infrastructure, it is easier to attack the consumer. Why spend days trying to exploit a SQL Injection vulnerability when all you need to do is have a player click a link. The focus of this talk is on protecting the player.

3 © SeNet International Corp. 20143March 2014 SeNet Houston, We Have a Problem

4 © SeNet International Corp. 20144March 2014 SeNet Barcelona Laptop Incident http://pokerfuse.com/news/live-and-online/confirmed-ept-barcelona- laptop-infected-with-screen-sharing-trojan-11-12/

5 © SeNet International Corp. 20145March 2014 SeNet Las Vegas Sands Hacked

6 © SeNet International Corp. 20146March 2014 SeNet What Can Sites Do? There are many steps that sites can take to help protect their players, here are some: Security Awareness User security controls (i.e. password policy, multi-factor authentication, account lockout) Site security controls (i.e. SSL, secure coding, secure configuration) Continuous Monitoring

7 © SeNet International Corp. 20147March 2014 SeNet Security Awareness Operators need to do more to raise security awareness among their customers. This could take the form of logon messages, emails, or other forms of communication. Last year Poker Stars released a guide on protecting your laptop that was distributed at an EPT event in the wake of the Barcelona hotel incident. Learn a lesson from Facebook.

8 © SeNet International Corp. 20148March 2014 SeNet User Controls Password complexity requirements Session timeout Account Lockout Multiple Sessions Dual-factor authentication IP/MAC Restrictions Logon Notification

9 © SeNet International Corp. 20149March 2014 SeNet Site Controls Security Code Reviews 3 rd Party and Internal Security Reviews Secure architecture design and implementation Configuration Management Encryption (data-in-transit and data-at-rest)

10 © SeNet International Corp. 201410March 2014 SeNet Continuous Monitoring Collusion/bot detection Abnormal activity/win rates Account Activities Logging/SIEM Important to monitor not only technical controls, but management and operational controls too

11 © SeNet International Corp. 201411March 2014 SeNet Examples

12 © SeNet International Corp. 201412March 2014 SeNet Security Configuration Issues

13 © SeNet International Corp. 201413March 2014 SeNet Authentication Weaknesses http://www.onlinepokerreport.com/9529/authentication- comparison-two-nj-igaming-sites/

14 © SeNet International Corp. 201414March 2014 SeNet Backend Password and Username Exposed in Request

15 © SeNet International Corp. 201415March 2014 SeNet Password Stored in Clear-text in Database Using the forgot password function the password is sent via email and is the same password as initially set. This indicates passwords are stored in clear-text.

16 © SeNet International Corp. 201416March 2014 SeNet Weak Password Policy

Download ppt "Protecting the Player– Information Security Concerns Gus March 21, 2014."

Similar presentations

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Secure Lync mobile Authentication

Secure Lync mobile Authentication
SITS:Vision Annual the Hilton Deansgate Hotel, Manchester Mike Fisher – Technical Services Team Leader Security and Hosting 12-13 July 2011.

SITS:Vision Annual the Hilton Deansgate Hotel, Manchester Mike Fisher – Technical Services Team Leader Security and Hosting July 2011.
Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)
Sandhills Center Encryption Overview for External Recipients

Sandhills Center Encryption Overview for External Recipients
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Gefördert durch das Kompetenzzentrenprogramm DI Alfred Wertner 19. September 2014 Ubiquitous Personal Computing © Know-Center 2014 www.know-center.at Security.

Gefördert durch das Kompetenzzentrenprogramm DI Alfred Wertner 19. September 2014 Ubiquitous Personal Computing © Know-Center Security.
What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.

What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.
OWASP Principles for GIS Data Security Keeping your GIS data secure.

OWASP Principles for GIS Data Security Keeping your GIS data secure.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
MITP 458 Application Layer Security By Techjocks.

MITP 458 Application Layer Security By Techjocks.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Web-based Document Management System By Group 3 Xinyi Dong Matthew Downs Joshua Ferguson Sriram Gopinath Sayan Kole.

Web-based Document Management System By Group 3 Xinyi Dong Matthew Downs Joshua Ferguson Sriram Gopinath Sayan Kole.
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
PCI: As complicated as it sounds? Gerry Lawrence CTO

PCI: As complicated as it sounds? Gerry Lawrence CTO

Similar presentations

Ads by Google