1 / 21

Trusting the Trust

Trusting the Trust. Budi Rahardjo budi@indocisc.com http://rahard.wordpress.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009. Trust vs. Security [no 100% secure system]. Security vs. …. Convenience Performance Business Requirement. Failing the trust.

shaina
Télécharger la présentation

Trusting the Trust

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Trusting the Trust Budi Rahardjobudi@indocisc.com http://rahard.wordpress.comInixindo Security Day SeminarThe Executive Club, Jakarta, 19 March 2009

  2. Trust vs. Security[no 100% secure system] BR - trusting the trust

  3. Security vs. … • Convenience • Performance • Business Requirement

  4. Failing the trust • Malicious software; virus, worm, … • Malicious users; crackers, attackers, … • Fraud; disgruntled employees, … • Indentity theft; unauthenticated users, … BR - trusting the trust

  5. identity theft[facebook, friendster, … social networksdo you trust your “friends”?] march 2009 BR - trusting the trust 5

  6. “On the internet, nobody knows you’re a dog”

  7. Authentication • Authentication factors • What you have (card, token) • What you know (password, pin, id) • What you are (biometrics) • Electronic transaction requirement • 2 factor-authentication

  8. Do you trust your bank? BR - trusting the trust

  9. [“borrowed” slides on skimmer attached on an ATM machine of a local bank. Sorry, I cannot add the slides here since I don’t know the owner of the slides to ask/acknowledge.] march 2009 BR - trusting the trust 9

  10. Do you trust your e-government?[election jokes, e-gov, e-proc] march 2009 BR - trusting the trust 10

  11. [Examples of bad 2009 election campaign posters are available at http://janganbikinmalu2009.com] march 2009 BR - trusting the trust 11

  12. Can you trust your code? march 2009 BR - trusting the trust 12

  13. Open Source is better, IF … BR - trusting the trust

  14. you play with your code[read Ken Thompson, "Reflections on Trusting Trust" ACM, September 1995] BR - trusting the trust

  15. Reflections on trusting trust • Self reproducing code • “Learning” program • Create trojaned compilercompile a “bug” versionwhen detecta pattern

  16. meaning … skill is important [awareness too] BR - trusting the trust

  17. Reducing Risks • Anti virus, • 2 factors authentication, • … BR - trusting the trust

  18. Reducing Risks • But … really … • people, process, & technology

  19. Reducing Risks • Review periodically by independent, trusted3rd party • How do you trust your partner?

  20. Thank you fortrusting me :) Budi Rahardjobudi@indocisc.com

More Related