1 / 32

Security

Security. Hiroshi Toyoizumi toyoizumi@waseda.jp. Today ’ s Contents. Examples of Security Threats Computer Virus Cracking Phishing Basic of Cryptography. Malicious Mobile Codes: Viruses and Worms. Viruses. crackings. Laroux: Excel Macro Virus. Current epidemics. Cracking.

stevenhess
Download Presentation

Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Hiroshi Toyoizumi toyoizumi@waseda.jp 情報科学

  2. Today’s Contents • Examples of Security Threats • Computer Virus • Cracking • Phishing • Basic of Cryptography 情報科学

  3. Malicious Mobile Codes: Viruses and Worms Viruses crackings 情報科学

  4. Laroux: Excel Macro Virus 情報科学

  5. Current epidemics 情報科学

  6. Cracking • Hijacking your machine. • Stepping stone. • Tamper with www pages. • Leak of important information. 情報科学

  7. Scanning IP addresses 情報科学

  8. Detect Windows shared folder 情報科学

  9. Phishing eBay (phishing) Asking you to go to the fake eBay site and submit your information of password of eBay. From http://www.cobb.com/phish/ebay.html 情報科学

  10. Detail of Phishing The scammers typically send out an e-mail that appears to come from a trusted company such as a bank or an e-commerce Web site. The phishing messages attempt to lure people to a bogus Web site, where they're asked to divulge sensitive personal information. The attackers can then use those details to steal money from the victims' accounts. According to a report from online privacy watchdog Truste, 7 out of 10 people who go online have received phishing e-mails, and 15 percent of those have successfully been duped into providing personal information. From CNET NEWS http://news.com.com/Caught+in+a+phishing+trap/2100-1029_3-5453203.html 情報科学

  11. How to protect cracking • Anti-virus • Pacth • Encryption • Firewalls • IDS:Intrusion Detection System 情報科学

  12. BlackICE: An IDS 情報科学

  13. Secure communication using cryptography • Encrypt important information. • Certify the other party. 情報科学

  14. Common key systemCryptograhpy Cipher text Plain text Same key for encrypt and decrypt 情報科学

  15. Give it a try!Cipher communication Bob Alice 情報科学

  16. Any problems? • It is easy to eavesdropping the key on thei internet. 情報科学

  17. Public Key Cryptograhpy Unique keys for encrypt and decrypt Cipher text Plain text 情報科学

  18. Give it a try!Public key cipher communication Bob Alice 情報科学

  19. Any problems? • Swiching the public key. • Man-in-the-middle-attack. Bob Alice 情報科学

  20. Digital signature Plain text Cipher text A makes a cipher text using the key only known to A. B decrypts the cipher text with the public key of A This is the proof of the plain text is made by A! 情報科学

  21. Key with digital signature Bob Alice 情報科学

  22. Real cipher communication 情報科学

  23. Public key and digital signature 情報科学

  24. Certificate authority 情報科学

  25. e-Government 情報科学

  26. Examples of Topics • Stop Blaming the Victims • The author of Sasser • Adware,Spyware • Spoofing, Backdoor • Personal Firewall • Anti-virus • Spam • Intrusion Detection System • Cookies, Java, Active-x • Biometric • Examples of Phishing • Bots 情報科学

  27. Role Play • Cast • Ohta(太田): Employee of Microsoft • Yamada(山田): Employee of Takada delivery • Employees of Waseda Hospital • Tahara(田原): accounting section • Yano(矢野): freshman in general affair • Yamaguchi(山口): freshman in general affair 情報科学

  28. Scene 1: Call from Takada delivery • Yano: Hello, this is Yano, general affair section in Waseda Hospital. • Yamada: Hi, this is Takada delivery calling. It seems that one of our customer wrongly faxed her address to your company. Could you fax it to us? • (after checking the fax machine.) • Yano: No, we haven’t received your fax. • Yamada: You may found it other place… Maybe in your accounting section? If you find it, please fax it to us at 03-1111-1111. • Yano: OK. 情報科学

  29. Scene 2:Call from Microsoft • Ohta: Hello, this Ohta from Microsoft customer service. We found that your PC is sending too much viruses on the internet, and we received many complaints about it. Please download the anti-virus software that I will mention and install it on your PC. • Yano: Sure. Where can I find the software? 情報科学

  30. Scene 3:Call from accounting section • Tahara: This is Tahara from accounting. Could you do me a favor? • Yamaguchi: Yes. What? • Thara: Our computers are all infected by viruses, but I need the address of a patient, Ryoko Hirosue. Could you call up the data on your screen and fax it to me at accounting section? • Yamaguchi: No problem. 情報科学

  31. Quiz • Did you find any security problem in the role-play? • Write them down. • Describe the counter measures. 情報科学

  32. Steps to obtain the address of Hirosue. • By pretending Tahara of accounting section, have Yamaguchi to fax the address to accounting section. • By pretending a wrong fax, asking Yano to send the fax to Takada delivery. Each employee did what seems to be OK, but as a whole it would make a leak of private information. 情報科学

More Related