12
SCL Security Keeping the Bad Guys Out SCL Infrastructure Keeping the Good Guys In

SCL Conference 2015: Keeping The Bad Guys Out

  • Upload
    scl-uk

  • View
    218

  • Download
    0

Embed Size (px)

DESCRIPTION

A look at SCL's security and infrastructure

Citation preview

Page 1: SCL Conference 2015: Keeping The Bad Guys Out

SCL SecurityKeeping the Bad Guys Out

SCL InfrastructureKeeping the Good Guys In

Page 2: SCL Conference 2015: Keeping The Bad Guys Out

SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY

How do we implement security?

Hardware

Software

Good processes and procedures

Page 3: SCL Conference 2015: Keeping The Bad Guys Out

SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY

Hardware:Firewalls

App ServerWeb Server

DB Server

Page 4: SCL Conference 2015: Keeping The Bad Guys Out

SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY

Hardware:Firewalls

App ServerWeb Server

DB Server

Port Scanning

Page 5: SCL Conference 2015: Keeping The Bad Guys Out

SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY

Hardware:Firewalls

App ServerWeb Server

DB Server

Intrusion detection/prevention & Anti-virus

Page 6: SCL Conference 2015: Keeping The Bad Guys Out

SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY

Hardware:HSM

Hardware Security Module Dedicated security device

Used for our Apple iPad Application

Data is never transmitted in clear text

Page 7: SCL Conference 2015: Keeping The Bad Guys Out

SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY

Software

Secure Socket Layers (SSL & HTTPS)

Stored data encrypted

Secure file transfer

Removal of any software that isn’t needed (hardening)

Scanning for stored card numbers

Page 8: SCL Conference 2015: Keeping The Bad Guys Out

SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY

Good Processes & Procedures

Documented security processes

Security training & reminders for Employees

Separation of duties

Camera and door entry systems

Page 9: SCL Conference 2015: Keeping The Bad Guys Out

SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY

Who tests us?

PCI-DSS Level 1 Service Provider Annual Audits

Network penetration test (at least annually)

Application penetration tests

Code reviews

Customer Audits Often add to PCI

Have industry focus

Page 10: SCL Conference 2015: Keeping The Bad Guys Out

SCL CONFERENCE 2015: THE PRICE OF GREATNESS IS RESPONSIBILITY

Infrastructure

Fault Tolerance Everything has a backup

Our design fails over automatically

Scalability Easy to add capacity (hardware)

Automatically add capacity on demand (software)

Monitoring

Page 11: SCL Conference 2015: Keeping The Bad Guys Out
Page 12: SCL Conference 2015: Keeping The Bad Guys Out

"Giving the bad guys no sleep"

"Giving the bad guys no sleep"

Internet
Good guys v bad guys

Good guys v bad guys

Sports
Search and Discover the Bad Guys in

Search and Discover the Bad Guys in

Documents
Learning from the bad guys is learning from the best

Learning from the bad guys is learning from the best

Documents
FREE! Issue 1 Of Project Superpowers: Bad Guys

FREE! Issue 1 Of Project Superpowers: Bad Guys

Documents
Gov 2.0 public 2.0 bad guys 2.0 v3

Gov 2.0 public 2.0 bad guys 2.0 v3

Technology
Beware of the ‘Bad Guys’: Economic Inequality, Perceived

Beware of the ‘Bad Guys’: Economic Inequality, Perceived

Documents
Facial stereotypes of good guys and bad guys: A ...Facial stereotypes of good guys and bad guys: A replication and extension ALVIN G. GOLDSTEIN, JUNE E. CHANCE, and BARBARA GILBERT

Facial stereotypes of good guys and bad guys: A ...Facial stereotypes of good guys and bad guys: A replication and extension ALVIN G. GOLDSTEIN, JUNE E. CHANCE, and BARBARA GILBERT

Documents
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception

NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception

Internet
Owning bad guys {and mafia} with Javascript botnets · Owning "bad" guys {and mafia} with Javascript botnets Chema Alonso

Owning bad guys {and mafia} with Javascript botnets · Owning "bad" guys {and mafia} with Javascript botnets Chema Alonso

Documents
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats

Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats

Business
Good Guys vs. Bad Guys: Security Awareness & Social Engineering

Good Guys vs. Bad Guys: Security Awareness & Social Engineering

Social Media
Made in carcere - Bad guys can do good things

Made in carcere - Bad guys can do good things

Documents
The Bad Guys in the Big Bad Wolf - Scholastic · 2019-09-06 · The Bad Guys in the Big Bad Wolf BY AARON BLABEY When Mr. Wolf is blown up to Godzilla proportions, the Bad Guys find

The Bad Guys in the Big Bad Wolf - Scholastic · 2019-09-06 · The Bad Guys in the Big Bad Wolf BY AARON BLABEY When Mr. Wolf is blown up to Godzilla proportions, the Bad Guys find

Documents
Busting Bad Guys

Busting Bad Guys

Documents
The Bad Guys - Scholastic

The Bad Guys - Scholastic

Documents
NATO REALLY SECRET AND NOT FOR BAD GUYS · 2020. 4. 21. · NATO – REALLY SECRET AND NOT FOR BAD GUYS 2 NATO – REALLY SECRET AND NOT FOR BAD GUYS HQ AFNORTH OSLO CONOP 475/19

NATO REALLY SECRET AND NOT FOR BAD GUYS · 2020. 4. 21. · NATO – REALLY SECRET AND NOT FOR BAD GUYS 2 NATO – REALLY SECRET AND NOT FOR BAD GUYS HQ AFNORTH OSLO CONOP 475/19

Documents
Analyzing Changes in Financial Position. Bad news guys… Balance sheets…

Analyzing Changes in Financial Position. Bad news guys… Balance sheets…

Documents
Find out the “ Bad guys ” on the Symbian

Find out the “ Bad guys ” on the Symbian

Documents
IBM Security Solutions Keeping the Bad Guys Out- Safeguarding

IBM Security Solutions Keeping the Bad Guys Out- Safeguarding

Documents
Fighting Bad Guys with International Trade Law

Fighting Bad Guys with International Trade Law

Documents
Selective COX-2 Inhibitors: Good or Bad Guys?

Selective COX-2 Inhibitors: Good or Bad Guys?

Documents
Piracy and Ad Fraud - Bad Guys Rip Off Studios Twice

Piracy and Ad Fraud - Bad Guys Rip Off Studios Twice

Internet
Most Evilest Bad Guys!

Most Evilest Bad Guys!

Documents
What your Network Looks Like to the Bad Guys€¦ · What your Network Looks Like to the Bad Guys Dave De Coster decoster@wisc.edu

What your Network Looks Like to the Bad Guys€¦ · What your Network Looks Like to the Bad Guys Dave De Coster [email protected]

Documents
New Classicals and Keynesians, or the Good Guys and the Bad Guys

New Classicals and Keynesians, or the Good Guys and the Bad Guys

Documents
Owning "bad" guys {and mafia} with Javascript botnets

Owning "bad" guys {and mafia} with Javascript botnets

Documents
MsWLZ--Mythic Bad Guys

MsWLZ--Mythic Bad Guys

Education
Bad Guys Prefer Nunas

Bad Guys Prefer Nunas

Documents
The Bad Guys - ScholasticThe Bad Guys by Aaron Blabey Booktalk! Things never go well for the Big Bad Wolf. He is always defending himself and his wily ways, but mostly, he’s just

The Bad Guys - ScholasticThe Bad Guys by Aaron Blabey Booktalk! Things never go well for the Big Bad Wolf. He is always defending himself and his wily ways, but mostly, he’s just

Documents