Upload
urbana
View
26
Download
1
Embed Size (px)
DESCRIPTION
Anti Hacker Poetry in the Mac OS X. Your karma check for today: There once was a user that whined/ his existing OS was so blind/ he'd do better to pirate/ an OS that ran great/ but found his hardware declined./ Please don't steal Mac OS!/ Really, that's way uncool./ - PowerPoint PPT Presentation
Citation preview
1
Anti Hacker Poetry in the Mac Anti Hacker Poetry in the Mac OS XOS X
Your karma check for today:Your karma check for today:
There once was a user that whined/There once was a user that whined/
his existing OS was so blind/his existing OS was so blind/
he'd do better to pirate/he'd do better to pirate/
an OS that ran great/an OS that ran great/
but found his hardware declined./but found his hardware declined./
Please don't steal Mac OS!/Please don't steal Mac OS!/
Really, that's way uncool./Really, that's way uncool./
(C) Apple Computer, Inc." (C) Apple Computer, Inc."
2
Multi-layered Network SecurityMulti-layered Network Security
Technology SolutionsDATADATA
Technology Solutions
Organizational Policies
Industry and Legal Standards
3
Automated Attack VectorsAutomated Attack Vectors
2012 Threat Assessment 2012 Threat Assessment ReportReport
Industrial Threats (Stuxnet)Industrial Threats (Stuxnet)
Embedded Hardware AttacksEmbedded Hardware Attacks
Hacktivism rises (Anonymous)Hacktivism rises (Anonymous)
Cyberwar (as in Georgia-Russia conflict)Cyberwar (as in Georgia-Russia conflict)
Spam goes legitSpam goes legit
Mobile threats (DroidKungFu)Mobile threats (DroidKungFu)
Mobile Banking threats (Zeus and SpyEye)Mobile Banking threats (Zeus and SpyEye)
Rogue CertificatesRogue Certificates4
5
Automated Attack VectorsAutomated Attack Vectors VirusesViruses
A computer program file capable of A computer program file capable of attaching to disks or other files attaching to disks or other files
Necessary characteristics of a virus:Necessary characteristics of a virus:It is able to replicateIt is able to replicate
It requires a host program as a carrierIt requires a host program as a carrier
It is activated by external actionIt is activated by external action
6
Automated Attack VectorsAutomated Attack Vectors WormsWorms
A self-replicating computer program, similar A self-replicating computer program, similar to a virusto a virusA virus attaches itself to, and becomes part A virus attaches itself to, and becomes part of, another executable programof, another executable programA worm is self-contained and does not need A worm is self-contained and does not need to be part of another program to propagate to be part of another program to propagate itselfitselfThe Robert Morris WormThe Robert Morris Worm
Written at CornellWritten at CornellReleased at MITReleased at MITFixed at HarvardFixed at Harvard
7
Automated Attack VectorsAutomated Attack Vectors BotsBots
Derived from the word RobotDerived from the word Robot
Program designed to search for Program designed to search for information Internet with little human information Internet with little human interventionintervention
Search engines typically use bots to Search engines typically use bots to gather information for their databasesgather information for their databases
8
Automated Attack VectorsAutomated Attack Vectors BotsBots
Thousands of highly configurable bot Thousands of highly configurable bot packages available on Internetpackages available on Internet
Usually between 10,000-100,000 machinesUsually between 10,000-100,000 machines
Some at 350,000Some at 350,000
Considered the No. 1 emerging online threatConsidered the No. 1 emerging online threat
9
Automated Attack VectorsAutomated Attack Vectors Bots: usesBots: uses
DDoS attacksDDoS attacks
Information theftInformation theftkeyboard logging, network monitoring, etckeyboard logging, network monitoring, etc
Trade Bandwidth between hacker Trade Bandwidth between hacker communitiescommunities
Host illegal dataHost illegal dataPirated software, movies, games, etc.Pirated software, movies, games, etc.
10
Automated Attack VectorsAutomated Attack Vectors Bots: prime targetsBots: prime targets
High bandwidth (“cable bots”)High bandwidth (“cable bots”)
High availability systemsHigh availability systems
Low user sophisticationLow user sophistication
System located in geography providing System located in geography providing low likelihood of law enforcement low likelihood of law enforcement effectivenesseffectiveness
11
Security Teams at MicrosoftSecurity Teams at Microsoft
PSS Security – Microsoft Services and Our Customers
Trustworthy Computing SecurityStrategy for Trustworthy Computing
Microsoft SecurityResponse Center
(MSRC)
Corporate SecurityOperations, Network Security
Security Business & Technology Unit(SBTU)
Microsoft ConsultingNational Practice TWC
Premier Support ServicesSecurity Solutions Architects
Secure Windows Initiative (SWI)
Security Center of Excellence(SCOE)
MSN, MS.com, etc.
12
Vulnerability ReportedVulnerability Reported
Is the reported problem really a Is the reported problem really a vulnerabilityvulnerability??
A security vulnerability is a flaw in a product A security vulnerability is a flaw in a product that makes it infeasible – even when using that makes it infeasible – even when using the product properly – to prevent an the product properly – to prevent an attacker from usurping privileges on the attacker from usurping privileges on the user's system, regulating its operation, user's system, regulating its operation, compromising data on it, or assuming compromising data on it, or assuming ungranted trust.ungranted trust.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/essays/vulnrbl.asphttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/essays/vulnrbl.asp
13
Vulnerability ReportedVulnerability Reported
14
Biometrics 101 (cont)Biometrics 101 (cont)
Required System ComponentsRequired System Components
A biometric authentication device is made A biometric authentication device is made up of three components: up of three components:
A database of biometric data. A database of biometric data.
Input procedures and devices. Input procedures and devices.
Output and graphical interfaces. Output and graphical interfaces.
15
Identification Vs. VerificationIdentification Vs. Verification
In identification, the system then attempts to find In identification, the system then attempts to find out who the sample belongs to, by comparing the out who the sample belongs to, by comparing the sample with a database of samples in the hope of sample with a database of samples in the hope of finding a match (this is known as a finding a match (this is known as a one-to-many one-to-many comparisoncomparison). ). "Who is this?""Who is this?"
Verification is a Verification is a one-to-one comparisonone-to-one comparison in which in which the biometric system attempts to verify an the biometric system attempts to verify an individual's identity. individual's identity. "Is this person who he/she "Is this person who he/she claims to be?"claims to be?"
16
Security Measures for the Security Measures for the Internet Age Internet Age
17
EncryptionEncryption
Encryption Decryption
PlaintextPlaintextCiphertextCiphertext PlaintextPlaintext
•CryptographyCryptography: art and science of keeping messages secure•CryptanalysisCryptanalysis: art and science of breaking ciphertext•CryptologyCryptology: area of mathematics that covers both
18
Encryption continuedEncryption continued
If If M=the plaintext messageM=the plaintext message
C=the encrypted ciphertextC=the encrypted ciphertext
E=encryption algorithmE=encryption algorithm
D=decryption algorithmD=decryption algorithm
ThenThenE(M)=CE(M)=C
D(C)=MD(C)=M
D(E(M))=MD(E(M))=M
19
Algorithms and KeyspacesAlgorithms and Keyspaces
The cryptographic algorithm (cipher) is a The cryptographic algorithm (cipher) is a mathematical function used for encryption and mathematical function used for encryption and decryptiondecryption
Security based on restriction to internals of Security based on restriction to internals of algorithmalgorithm
ButButIf someone leaves groupIf someone leaves group
Someone buys algorithmSomeone buys algorithm
Problems of restricted algos solved with using Problems of restricted algos solved with using keyskeys
20
KeysKeys
Any one of a large number of valuesAny one of a large number of valuesThe total possible set of keys is called the The total possible set of keys is called the keyspacekeyspaceThe encryption and decryption is dependent on The encryption and decryption is dependent on keykeySoSo
EEKK(M)=C(M)=CDDKK(C)=M(C)=MDDKK(E(EKK(M))=M(M))=MWhat does this mean?What does this mean?
DDK2K2(E(EK1K1(M))=M(M))=M
21
Private vs. Public Key Private vs. Public Key EncryptionEncryption
symmetric
asymmetric
22
Symmetric vs. Asymmetric Symmetric vs. Asymmetric algorithmsalgorithms
SymmetricSymmetricTypically use the same key for encryption and Typically use the same key for encryption and decryptiondecryptionSender and receiver must agree to secret key before Sender and receiver must agree to secret key before sending messagesending message
AsymmetricAsymmetricKey for encryption is different from one for decryptionKey for encryption is different from one for decryptionEncryption key can be made publicEncryption key can be made publicDecryption key is privateDecryption key is privateSometimes called public key encryptionSometimes called public key encryption
23
Cryptanalysis Cryptanalysis
Recovering the plaintext without the key (an Recovering the plaintext without the key (an attack)attack)All secrecy resides in the keyAll secrecy resides in the keyTypes of attackTypes of attack
Ciphertext-only attackCiphertext-only attackKnown-plaintext attack Known-plaintext attack Chosen-plaintext attackChosen-plaintext attackAdaptive-chosen-plaintext attackAdaptive-chosen-plaintext attackRubber-hose attackRubber-hose attackPurchase-key attackPurchase-key attack