Upload
maximilian-lloyd
View
240
Download
2
Embed Size (px)
Citation preview
情報科学 2
Today’s Contents
1. Examples of Security Threats1. Computer Virus2. Cracking3. Phishing
2. Basic of Cryptography
1. Examples of Security Threats1. Computer Virus2. Cracking3. Phishing
2. Basic of Cryptography
情報科学 6
Cracking
1. Hijacking your machine.2. Stepping stone.3. Tamper with www pages.4. Leak of important information.
1. Hijacking your machine.2. Stepping stone.3. Tamper with www pages.4. Leak of important information.
情報科学 9
Phishing
From http://www.cobb.com/phish/ebay.html
eBay (phishing) Asking you to go to the fake eBay site and submit your information of password of eBay.
情報科学 10
Detail of PhishingThe scammers typically send out an e-mail that appears to come from a trusted company such as a bank or an e-commerce Web site. The phishing messages attempt to lure people to a bogus Web site, where they're asked to divulge sensitive personal information. The attackers can then use those details to steal money from the victims' accounts.
According to a report from online privacy watchdog Truste, 7 out of 10 people who go online have received phishing e-mails, and 15 percent of those have successfully been duped into providing personal information.
From CNET NEWS http://news.com.com/Caught+in+a+phishing+trap/2100-1029_3-5453203.html
情報科学 11
How to protect cracking
» Anti-virus» Pacth» Encryption» Firewalls» IDS:Intrusion Detection System
» Anti-virus» Pacth» Encryption» Firewalls» IDS:Intrusion Detection System
情報科学 13
Secure communication using cryptography
» Encrypt important information. » Certify the other party.» Encrypt important information. » Certify the other party.
情報科学 16
Any problems?
» It is easy to eavesdropping the key on thei internet.
» It is easy to eavesdropping the key on thei internet.
情報科学 19
Any problems?» Swiching the public key. » Man-in-the-middle-attack.» Swiching the public key. » Man-in-the-middle-attack.
AliceBob
情報科学 20
Digital signaturePlain text Cipher text
1. A makes a cipher text using the key only known to A.
2. B decrypts the cipher text with the public key of A
3. This is the proof of the plain text is made by A!
情報科学 26
Examples of Topics1. Stop Blaming the Victims2. The author of Sasser3. Adware,Spyware4. Spoofing, Backdoor5. Personal Firewall6. Anti-virus7. Spam8. Intrusion Detection System9. Cookies, Java, Active-x10. Biometric11. Examples of Phishing12. Bots
1. Stop Blaming the Victims2. The author of Sasser3. Adware,Spyware4. Spoofing, Backdoor5. Personal Firewall6. Anti-virus7. Spam8. Intrusion Detection System9. Cookies, Java, Active-x10. Biometric11. Examples of Phishing12. Bots
情報科学 27
Role Play
» Cast Ohta (太田) : Employee of Microsoft Yamada (山田) : Employee of Takada del
ivery Employees of Waseda Hospital
»Tahara (田原) : accounting section»Yano (矢野) : freshman in general affair»Yamaguchi( 山口): freshman in general affair
» Cast Ohta (太田) : Employee of Microsoft Yamada (山田) : Employee of Takada del
ivery Employees of Waseda Hospital
»Tahara (田原) : accounting section»Yano (矢野) : freshman in general affair»Yamaguchi( 山口): freshman in general affair
情報科学 28
Scene 1: Call from Takada delivery
1. Yano: Hello, this is Yano, general affair section in Waseda Hospital.
2. Yamada: Hi, this is Takada delivery calling. It seems that one of our customer wrongly faxed her address to your company. Could you fax it to us?
3. (after checking the fax machine.)4. Yano: No, we haven’t received your fax.5. Yamada: You may found it other place… Maybe
in your accounting section? If you find it, please fax it to us at 03-1111-1111.
6. Yano: OK.
1. Yano: Hello, this is Yano, general affair section in Waseda Hospital.
2. Yamada: Hi, this is Takada delivery calling. It seems that one of our customer wrongly faxed her address to your company. Could you fax it to us?
3. (after checking the fax machine.)4. Yano: No, we haven’t received your fax.5. Yamada: You may found it other place… Maybe
in your accounting section? If you find it, please fax it to us at 03-1111-1111.
6. Yano: OK.
情報科学 29
Scene 2:Call from Microsoft
1.Ohta: Hello, this Ohta from Microsoft customer service. We found that your PC is sending too much viruses on the internet, and we received many complaints about it. Please download the anti-virus software that I will mention and install it on your PC.
2.Yano: Sure. Where can I find the software?
1.Ohta: Hello, this Ohta from Microsoft customer service. We found that your PC is sending too much viruses on the internet, and we received many complaints about it. Please download the anti-virus software that I will mention and install it on your PC.
2.Yano: Sure. Where can I find the software?
情報科学 30
Scene 3:Call from accounting
section1. Tahara: This is Tahara from accounting. Could you
do me a favor?2. Yamaguchi: Yes. What?3. Thara: Our computers are all infected by viruses, bu
t I need the address of a patient, Ryoko Hirosue. Could you call up the data on your screen and fax it to me at accounting section?
4. Yamaguchi: No problem.
1. Tahara: This is Tahara from accounting. Could you do me a favor?
2. Yamaguchi: Yes. What?3. Thara: Our computers are all infected by viruses, bu
t I need the address of a patient, Ryoko Hirosue. Could you call up the data on your screen and fax it to me at accounting section?
4. Yamaguchi: No problem.
情報科学 31
Quiz
» Did you find any security problem in the role-play?
» Write them down.» Describe the counter measures.
» Did you find any security problem in the role-play?
» Write them down.» Describe the counter measures.
情報科学 32
Steps to obtain the address of Hirosue.
1. By pretending Tahara of accounting section, have Yamaguchi to fax the address to accounting section.
2. By pretending a wrong fax, asking Yano to send the fax to Takada delivery.
Each employee did what seems to be OK, but as a whole it would make a leak of private information.
1. By pretending Tahara of accounting section, have Yamaguchi to fax the address to accounting section.
2. By pretending a wrong fax, asking Yano to send the fax to Takada delivery.
Each employee did what seems to be OK, but as a whole it would make a leak of private information.