Hewitt.com Redesign - PowerPoint PPT Presentation

About This Presentation
Title:

Hewitt.com Redesign

Description:

Hewitt.com Redesign Security Considerations Jorgen Hesselberg, MITP 07 Brute Force Business Background Hewitt Associates Market leader in HR management and ... – PowerPoint PPT presentation

Number of Views:119
Avg rating:3.0/5.0
Slides: 11
Provided by: jorg2190
Category:
Tags: com | hewitt | redesign | website

less

Transcript and Presenter's Notes

Title: Hewitt.com Redesign


1
Hewitt.com Redesign
  • Security Considerations
  • Jorgen Hesselberg, MITP07Brute Force

2
Business Background
  • Hewitt Associates
  • Market leader in HR management and outsourcing
  • Major competitors Accenture, Watson Wyatt, ADS
  • 24,000 employees worldwide
  • 3 Billion annual revenue (06)
  • last among competitors in internally
    commissioned web site study

3
Hewitt.com redesign
  • Implementation approach
  • Outsource website design and development
  • ARC Worldwide (Leo Burnett)
  • Outsource hosting services
  • SAVVIS

4
Planning and Risk Mitigation
  • Outsourced hosting alleviated security fears
  • Physical separation from Hewitts customer data
  • Legal responsibility on vendors
  • Prove that the system is safe before paying
  • Perform thorough ethical hack by outside security
    firm
  • Symantec

5
Business Risk Identification
  • DOS attacks would be bad
  • but defacing the site would be much worse.
  • Loss of credibility in conservative industry
  • Brand name capital loss (Goodwill)
  • Public embarrassment
  • Legal implications

6
Vulnerability Report Results
  • Overall, site security was solid. No known
    vulnerabilities related to the Hewitt.com site.
  • However, content management tool used to update
    material on site was accessed through separate
    site only protected through encrypted username
    and password

7
Management Reaction
  • Does not sound like a big deal
  • Probably not much to worry about
  • I cant even remember my own password, much less
    hack anyone elses

8
Regroup and Recover
  • Hewitt security personnel confirmed that current
    Hewitt.com site gets attacked more than 1000
    times every hour of every day
  • Port sniffing
  • Mini-DOS attacks
  • Cross site scripting attempts
  • etc
  • I presented management with these results...with
    pretty graphs. ?

9
Solution and Aftermath
  • Management saw potential issue
  • Agreed to add VPN requirement to scope to add
    extra layer of security
  • Not a perfect solution, but reduced risk
    significantly
  • Had to balance practicality and benefits
  • Symantec approved approach, identified risk as
    acceptable

10
Hewitt.com launch
  • within three months
  • Number of hits from target segments increased
    354
  • Industry professionals
  • HR Analysts
  • Most popular HR site in the world
  • More than 400,000 hits a month
  • and no hacker attacks!!! ?
Write a Comment
User Comments (0)
About PowerShow.com