Security Hiroshi Toyoizumi [email protected] 情報科学 1 Today’s Contents 1. Examples of Security Threats 1. Computer Virus 2. Cracking 3. Phishing 2. Basic of Cryptography 情報科学 2 Malicious Mobile Codes: Viruses and Worms Viruses crackings 情報科学 3 Laroux: Excel Macro Virus 情報科学 4 Current epidemics 情報科学 5 Cracking 1. 2. 3. 4. Hijacking your machine. Stepping stone. Tamper with www pages. Leak of important information. 情報科学 6 Scanning IP addresses 情報科学 7 Detect Windows shared folder 情報科学 8 Phishing eBay (phishing) Asking you to go to the fake eBay site and submit your information of password of eBay. From http://www.cobb.com/phish/ebay.html 情報科学 9 Detail of Phishing The scammers typically send out an email that appears to come from a trusted company such as a bank or an e-commerce Web site. The phishing messages attempt to lure people to a bogus Web site, where they're asked to divulge sensitive personal information. The attackers can then use those details to steal money from the victims' accounts. According to a report from online privacy watchdog Truste, 7 out of 10 people who go online have received phishing e-mails, and 15 percent of those have successfully been duped into providing personal information. From CNET NEWS 情報科学 http://news.com.com/Caught+in+a+phishing+trap/21001029_3-5453203.html 10 How to protect cracking » » » » » Anti-virus Pacth Encryption Firewalls IDS:Intrusion Detection System 情報科学 11 BlackICE: An IDS 情報科学 12 Secure communication using cryptography » Encrypt important information. » Certify the other party. 情報科学 13 Common key system Cryptograhpy Plain text Same key for encrypt and decrypt 情報科学 Cipher text 14 Give it a try! Cipher communication Bob Alice 情報科学 15 Any problems? » It is easy to eavesdropping the key on thei internet. 情報科学 16 Public Key Cryptograhpy Unique keys for encrypt and decrypt Cipher text Plain text 情報科学 17 Give it a try! Public key cipher communication Bob Alice 情報科学 18 Any problems? » Swiching the public key. » Man-in-the-middle-attack. Bob 情報科学 Alice 19 Digital signature Plain text Cipher text 1. 2. 3. 情報科学 A makes a cipher text using the key only known to A. B decrypts the cipher text with the public key of A This is the proof of the plain text is made by A! 20 Key with digital signature Bob Alice 情報科学 21 Real cipher communication 情報科学 22 Public key and digital signature 情報科学 23 Certificate authority 情報科学 24 e-Government 情報科学 25 Examples of Topics 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. Stop Blaming the Victims The author of Sasser Adware,Spyware Spoofing, Backdoor Personal Firewall Anti-virus Spam Intrusion Detection System Cookies, Java, Active-x Biometric Examples of Phishing 情報科学 Bots 26 Role Play » Cast Ohta(太田): Employee of Microsoft Yamada(山田): Employee of Takada delivery Employees of Waseda Hospital »Tahara(田原): accounting section »Yano(矢野): freshman in general affair »Yamaguchi(山口): freshman in general affair 情報科学 27 Scene 1: Call from Takada delivery 1. Yano: Hello, this is Yano, general affair section in Waseda Hospital. 2. Yamada: Hi, this is Takada delivery calling. It seems that one of our customer wrongly faxed her address to your company. Could you fax it to us? 3. (after checking the fax machine.) 4. Yano: No, we haven’t received your fax. 5. Yamada: You may found it other place… Maybe in your accounting section? If you find it, please fax it to us at 03-1111-1111. 6. Yano: OK. 情報科学 28 Scene 2: Call from Microsoft 1. Ohta: Hello, this Ohta from Microsoft customer service. We found that your PC is sending too much viruses on the internet, and we received many complaints about it. Please download the anti-virus software that I will mention and install it on your PC. 2. Yano: Sure. Where can I find the software? 情報科学 29 1. 2. 3. 4. Scene 3: Call from accounting section Tahara: This is Tahara from accounting. Could you do me a favor? Yamaguchi: Yes. What? Thara: Our computers are all infected by viruses, but I need the address of a patient, Ryoko Hirosue. Could you call up the data on your screen and fax it to me at accounting section? Yamaguchi: No problem. 情報科学 30 Quiz » Did you find any security problem in the role-play? » Write them down. » Describe the counter measures. 情報科学 31 Steps to obtain the address of Hirosue. 1. By pretending Tahara of accounting section, have Yamaguchi to fax the address to accounting section. 2. By pretending a wrong fax, asking Yano to send the fax to Takada delivery. Each employee did what seems to be OK, but as a whole it would make a leak of private information. 情報科学 32
© Copyright 2024 ExpyDoc
