Game Security - The Good, the Bad, and the Crooks

22
Securit y eBooks Games, iGaming, and Gambling [email protected] +1.650.278.7416 The Good, the Bad, and The Crooks Game Security Steven Davis
  • date post

    19-Oct-2014
  • Category

    Technology

  • view

    808
  • download

    4

description

First part of a game security course. Discusses the differences between "troublesome" participants and actual criminals as well as how to approach security problems. Also off interest for general IT security practitioners. For the rest of this course, visit http://free2secure.com/. You may also want to check out my book "Protecting Games" - see http://playnoevil.com/ for details.

Transcript of Game Security - The Good, the Bad, and the Crooks

Page 1: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

The Good, the Bad, and

The Crooks

Game Security

Steven Davis

Page 2: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

What is security?Encryption?Firewalls?Access Control?

Etc.Etc.Etc.

Page 3: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

Not b

eing

in th

e New

s!

Not losing money

Usually

Security is…

Page 4: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

Security is doing whatever it takes to make your game secure

Business, Game Design, Technology…Anything

Page 5: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

Security is People, not Security is People, not TechnologyTechnology

Page 6: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

The Bad Guy wants The Bad Guy wants to Win!to Win!

• Make MoneyMake Money• Get Free StuffGet Free Stuff• Stroke Ego –Stroke Ego –

– High Score/LeaderboardHigh Score/Leaderboard– Compete/CheatCompete/Cheat– Fame as HackerFame as Hacker

and he doesn’t care howand he doesn’t care how

Page 7: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

Play

ers

play

ing

“Diff

eren

tly”

Play

ers

play

ing

“Diff

eren

tly” – Play with Friends Play with Friends

(your level restrictions (your level restrictions & character & character equipment may make equipment may make this impossible)this impossible)

– Limited TimeLimited Time– Your Game is Boring!Your Game is Boring!

““I want the good stuff”I want the good stuff”

The Customer is often Right!

Page 8: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

• Onerous security procedures

• Security is not their job!

• If people break If people break security, it is security, it is OUR fault, not OUR fault, not theirstheirsIts hard to be goodIts hard to be good

Page 9: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

Crooks

• Want to make money… no matter how– Identity theft– Credit card fraud– Break into email and other accounts– Steal your stuff & sell it– Steal accounts … if

th

ere

is v

alu

e in

yo

ur

bu

sin

ess,

th

ere

is a

th

ief

wh

o

will

hap

pily

loo

t it

.

Page 10: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

Stop Crooks• They may be making more money

from your business than you do– You may be protecting the wrong

things– A stolen ID is worth $1 to $12 or more

• … what is an account worth to you?• … are you protecting that kind of

value?• Sony PSN was not concerned about

identity theft– … nor was Valve– … nor was Riot Games– … nor was LinkedIn– … nor was TJX

• They are deadly serious. You need to stop them. They can ruin your business.

One of these days, the One of these days, the government is going to government is going to make you responsible for make you responsible for security.security.

Your customers certainly do Your customers certainly do today.today.

Page 11: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

How does security help make more money?

Goal:

Move players from “Bad” and “Different” to Good and PAYING!

Change our perspective and relationship with our players

•Don’t ban•Create communities of like players •Stopping bad guys is only part of the answer… And may not be an answer at allW

e may have to

change

We m

ay have to change

how we w

ork

how we w

ork

Bring in more Revenue.Reduce Costs

Page 12: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

Security Systems are everywhere…

….We don’t even notice them as security systems anymore (and we get in trouble when we don’t)

“If your re

ceipt is wrong, y

our purchase is fre

e”

Double entry

accounting &

audit trails

…they evolved over time…

Page 13: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

Why is Security so difficult today?• “Security” used to mean…

– Law Enforcement– Alarm Systems

• New businesses and business models

• New ways of interacting• Radical change in scale• All are changing faster and faster

• … and security takes a while to catch up

• We can’t wait for solutions to evolve slowly anymore

The world is changing

Page 14: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

Security is the problem

Essential misunderstanding of security

Problem Exists Between Keyboard And Chair Fallacy

Broken security business modelsCheap companies

Page 15: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

Security Today – The Good

Disney fights Piracy with Prizes & Holograms

• Disney fights counterfeit products by using a promotion– Customers send in Proof of

Purchase w/holograms to enter contest

– Disney uses entries to identify locations where counterfeit goods are sold and made

• Turn customers into security partners

• Security gets paid for out of Marketing Budget!

Page 16: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

(Mis)Understanding Audit

• Famous security case based on discrepancy between 2 audit trails

• Too many systems confuse having an “audit log” with multiple independent audit records

• RESULT – continued difficulty identifying security breaches

• LESSON – Independent Systems & Real Analysis

Security Today – The Bad

Page 17: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

CheapCheapWhat do good security solutions look like?

Independent Systems and Layers … “Security Mesh”

Imperfekt

Imperfekt

Recoverable/

Recoverable/

Repaira

ble

Repaira

ble

Reliable

Reliable

Page 18: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

Strive for simple security“security shims”

“naturally secure”

Page 19: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

Security is as much about making it

easy to do something right as hard to

do something wrong

Page 20: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

How do you win?

Security JudoAuthority, Trust, Efficiency

Specific, Practical Measures

Page 21: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

What next?• Don’t give up!

• More security presentations at: http://free2secure.com/

• Check out my book “Protecting Games”– Additional information at http://playnoevil.com/

• You can “win” the security game

Page 22: Game Security - The Good, the Bad, and the Crooks

Security eBooks

Games, iGaming, and Gambling [email protected]+1.650.278.7416

About Me• Steven Davis

– 25+ Years of Security Expertise

– I have worked on everything from online games and satellite TV to Nuclear Command and Control and military communications

• http://www.linkedin.com/in/playnoevil

– Author, “Protecting Games”

• Why Free2Secure?– Security is too expensive and isn’t working. There has to be a better way.

I’m exploring these issues for IT security, ebooks, games, and whatever else strikes my fancy at http://free2secure.com/

– Join me there, ask questions, challenge assumptions, let’s make things better