html5-img
1 / 23

Anti Hacker Poetry in the Mac OS X

Anti Hacker Poetry in the Mac OS X. Your karma check for today: There once was a user that whined/ his existing OS was so blind/ he'd do better to pirate/ an OS that ran great/ but found his hardware declined./ Please don't steal Mac OS!/ Really, that's way uncool./

urbana
Télécharger la présentation

Anti Hacker Poetry in the Mac OS X

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Anti Hacker Poetry in the Mac OS X • Your karma check for today: There once was a user that whined/ his existing OS was so blind/ he'd do better to pirate/ an OS that ran great/ but found his hardware declined./ Please don't steal Mac OS!/ Really, that's way uncool./ (C) Apple Computer, Inc."

  2. Multi-layered Network Security Technology Solutions DATA Technology Solutions Organizational Policies Industry and Legal Standards

  3. Automated Attack Vectors

  4. 2012 Threat Assessment Report • Industrial Threats (Stuxnet) • Embedded Hardware Attacks • Hacktivism rises (Anonymous) • Cyberwar (as in Georgia-Russia conflict) • Spam goes legit • Mobile threats (DroidKungFu) • Mobile Banking threats (Zeus and SpyEye) • Rogue Certificates

  5. Automated Attack VectorsViruses • A computer program file capable of attaching to disks or other files • Necessary characteristics of a virus: • It is able to replicate • It requires a host program as a carrier • It is activated by external action

  6. Automated Attack VectorsWorms • A self-replicating computer program, similar to a virus • A virus attaches itself to, and becomes part of, another executable program • A worm is self-contained and does not need to be part of another program to propagate itself • The Robert Morris Worm • Written at Cornell • Released at MIT • Fixed at Harvard

  7. Automated Attack VectorsBots • Derived from the word Robot • Program designed to search for information Internet with little human intervention • Search engines typically use bots to gather information for their databases

  8. Automated Attack VectorsBots • Thousands of highly configurable bot packages available on Internet • Usually between 10,000-100,000 machines • Some at 350,000 • Considered the No. 1 emerging online threat

  9. Automated Attack VectorsBots: uses • DDoS attacks • Information theft • keyboard logging, network monitoring, etc • Trade Bandwidth between hacker communities • Host illegal data • Pirated software, movies, games, etc.

  10. Automated Attack VectorsBots: prime targets • High bandwidth (“cable bots”) • High availability systems • Low user sophistication • System located in geography providing low likelihood of law enforcement effectiveness

  11. Security Teams at Microsoft

  12. Vulnerability Reported • Is the reported problem really a vulnerability? A security vulnerability is a flaw in a product that makes it infeasible – even when using the product properly – to prevent an attacker from usurping privileges on the user's system, regulating its operation, compromising data on it, or assuming ungranted trust. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/essays/vulnrbl.asp

  13. Vulnerability Reported

  14. Biometrics 101 (cont) Required System Components • A biometric authentication device is made up of three components: • A database of biometric data. • Input procedures and devices. • Output and graphical interfaces.

  15. Identification Vs. Verification • In identification, the system then attempts to find out who the sample belongs to, by comparing the sample with a database of samples in the hope of finding a match (this is known as a one-to-many comparison). "Who is this?" • Verification is a one-to-one comparison in which the biometric system attempts to verify an individual's identity. "Is this person who he/she claims to be?"

  16. Security Measures for the Internet Age

  17. Encryption Plaintext Ciphertext Plaintext Encryption Decryption • Cryptography: art and science of keeping messages secure • Cryptanalysis: art and science of breaking ciphertext • Cryptology: area of mathematics that covers both

  18. Encryption continued • If • M=the plaintext message • C=the encrypted ciphertext • E=encryption algorithm • D=decryption algorithm • Then • E(M)=C • D(C)=M • D(E(M))=M

  19. Algorithms and Keyspaces • The cryptographic algorithm (cipher) is a mathematical function used for encryption and decryption • Security based on restriction to internals of algorithm • But • If someone leaves group • Someone buys algorithm • Problems of restricted algos solved with using keys

  20. Keys • Any one of a large number of values • The total possible set of keys is called the keyspace • The encryption and decryption is dependent on key • So • EK(M)=C • DK(C)=M • DK(EK(M))=M • What does this mean? • DK2(EK1(M))=M

  21. Private vs. Public Key Encryption symmetric asymmetric

  22. Symmetric vs. Asymmetric algorithms • Symmetric • Typically use the same key for encryption and decryption • Sender and receiver must agree to secret key before sending message • Asymmetric • Key for encryption is different from one for decryption • Encryption key can be made public • Decryption key is private • Sometimes called public key encryption

  23. Cryptanalysis • Recovering the plaintext without the key (an attack) • All secrecy resides in the key • Types of attack • Ciphertext-only attack • Known-plaintext attack • Chosen-plaintext attack • Adaptive-chosen-plaintext attack • Rubber-hose attack • Purchase-key attack

More Related