computing security

Download Computing security

Post on 15-Jan-2015

204 views

Category:

Technology

0 download

Embed Size (px)

DESCRIPTION

 

TRANSCRIPT

  • 1. Human, Computer and Vulnerability :(20113920)tgnice@nchovy.com 1

2. Table of Contents 1. Background ..41.1 IT Trend .... 51.2 Prediction ...... 81.3 Benchmarking .. 101.4 What They Do ........ 111.5 CES 2012 ..14 2. What is Profiling .. 152.1 Definition .... 162.2 Type of Profiling .. 172.3 Different View ....182.4 Expectation .... 19 3. Why Do We Profiling .203.1 Origins .....213.2 Present .... 223.3 Future ..........24 4. Mobile User Profiling ................ 254.1 Context Aware ...............264.2 Set of Raw Data ............... 284.3 Extract Attribute ... 304.4 Constraints . 312 3. Table of Contents 5. Intelligence .....32 5.1 Introduce .. 33 5.2 Intellectual Intelligence..34 5.3 Emotional Intelligence ..35 5.4 Qualified Intelligence .36 6. Related Works ........ 37 6.1 Web Profiling..38 6.2 Location Sensing.. 39 6.3 Energy Efficiency..40 6.4 Emotion Sensing .41 6.5 Privacy ..43 7. Approach ........... 44 7.1 Privacy Problem .................. 45 7.2 User Profiling ................. 46 7.3 Research Goal ................ 48 Appendix49 References59 3 4. 4 5. 0. Speaker Profile (2007. 11 ~ 2010. 12) nchovy team in INZEN Security Nchovy.com Foundation Member Krakenapps.org Committer IDS Neowatcher Maintainer Malware, Exploit Analysis Security Group Chief (2011. 02 ~ 2011. 12) Freelance at Future System , Itnade Conference 2008.02 PADOCON Spoofing & Scanning Certification CCNP LPIC CISA5 6. 6 7. 1. Prologue 1.1 Are you Safe?7 8. 1. Prologue 1.2 Do You Know?8 9. 1. Prologue 1.2 Do You Know?9 10. 1. Prologue1.3 Cyber Attack10 11. 1. Prologue1.4 Threat11 12. 1. Prologue1.5 We Need This?12 13. 13 14. 2. Hackers2.1 History Hacking has been around for more than acentury. In the 1870s, several teenagerswere flung off the countrys brand newphone system by enraged authorities University facilities with huge mainframecomputers, like MITs artificial intelligencelab, become staging grounds for hackers.At first, "hacker" was a positive term for aperson with a mastery of computers whocould push programs beyond what theywere designed to do. John Draper makes a long-distance call forfree by blowing a precise tone into atelephone that tells the phone system toopen a line. Draper discovered the whistleas a give-away in a box of childrens cereal14 15. 2. Hackers 2.1 History Two members of Californias HomebrewComputer Club begin making "blueboxes," devices used to hack into thephone system. The members, who adopthandles "Berkeley Blue" (Steve Jobs) and"Oak Toebark" (Steve Wozniak), later goon to found Apple Computer. Morris, Son of former National SecurityAgency scientist Robert Morris, is knownas the creator of the Morris Worm, thefirst computer worm to be unleashed onthe Internet. As a result of this crime, hewas the first person prosecuted under the1986 Computer Fraud and Abuse Act. 15 16. 2. Hackers 2.1 History Kevin Mitnick secretly monitors the e-mail ofMCI and Digital Equipment security officials.He is arrested (again), N.C., after he is trackeddown via computer by Tsutomu Shimomuraat the San Diego Supercomputer Center. Tsutomu Shimomura is a senior fellow at theSan Diego Supercomputer Center, where heworks on problems in areas as diverse ascomputational physics and computer security.In February 1995 he helped several onlineservice and Internet companies track downcomputer outlaw Kevin Mitnick. 16 17. 2. Hackers2.2 Now 17 18. 2. Hackers2.2 Now 18 19. 2. Hackers2.3 Kind of 19 20. 2. Hackers2.4 Near Enemy 20 21. 21 22. 3. Information Security3.1 Definitions Protecting information and informationsystems from unauthorized access, use,disclosure, disruption, modification,perusal, inspection, recording ordestruction Computer security and informationassurance are frequently usedinterchangeably Confidentiality, Integrity, Availability Plus Accountability(Non-Repudiation) Process, Risk Management, BCP/DRP 22 23. 3. Information Security 3.2 Attributes Confidentiality used to prevent the disclosure ofinformation to unauthorized individuals orsystems Integrity means that data cannot be modified undetectably. This is not the same thing as referential integrity in databases Availability A requirement intended to assure that systems work promptly and service is not denied to authorized users Accountability(Non-Repudiation) The requirement that actions of an entitymay be traced uniquely to that entity.23 24. 3. Information Security 3.3 Risk Management Risk management is the identification,assessment, and prioritization of risks(defined in ISO 31000 as the effect ofuncertainty on objectives, whether positive ornegative) followed by coordinated andeconomical application of resources tominimize, monitor, and control the probabilityand/or impact of unfortunate events or tomaximize the realization of opportunities Composite Risk Index = Impact of Risk event xProbability of Occurrence24 25. 3. Information Security3.4 Process Security Governance The Software Engineering Institute at Carnegie Mellon University, in a publicationtitled "Governing for Enterprise Security (GES)", defines characteristics of effectivesecurity governance Incident Response Plans computer security incident management involves the monitoring and detection of security events on a computer or computer network, and the execution of proper responses to those events Change Management Change management is an IT service management discipline. The objective of changemanagement in this context is to ensure that standardized methods and proceduresare used for efficient and prompt handling of all changes to control IT infrastructure,in order to minimize the number and impact of any related incidents upon service 25 26. 3. Information Security3.5 BCP/DRP BCP may be a part of an organizationallearning effort that helps reduceoperational risk. BCP is working out how to continueoperations under adverse conditions thatinclude local events like building fires,theft, and vandalism, regional incidentslike earthquakes and floods, and nationalincidents like pandemic illnesses. Disaster recovery is the process, policiesand procedures related to preparing forrecovery or continuation of technologyinfrastructure critical to an organizationafter a natural or human-induced disaster 26 27. 27 28. 4. Social Engineering4.1 Survey28 29. 4. Social Engineering4.2 Fact29 30. 4. Social Engineering 4.3 Human Vulnerability30 31. 4. Social Engineering4.4 Based on Trust31 32. 4. Social Engineering4.5 Physical Security Basic Security Robbery / Access Control Protect Asset from External Threat Include People 32 33. 33 34. 5. Network Hacking5.1 DoS A denial-of-service attack (DoS attack) ordistributed denial-of-service attack (DDoS attack)is an attempt to make a computer or networkresource unavailable to its intended users Method Consumption of computational resources,such as bandwidth, disk space, or processortime. Disruption of configuration information,such as routing information. Disruption of state information, such asunsolicited resetting of TCP sessions. Disruption of physical network components. Obstructing the communication mediabetween the intended users and the victimso that they can no longer communicateadequately.34 35. 5. Network Hacking 5.2 ARP Spoofing ARP spoofing is a computer hacking techniquewhereby an attacker sends fake ("spoofed")Address Resolution Protocol (ARP) messagesonto a Local Area Network. Even ARP entries which have not yet expiredwill be overwritten when a new ARP replypacket is received. There is no method in theARP protocol by which a host can authenticatethe peer from which the packet originated. Thisbehavior is the vulnerability which allows ARPspoofing to occur. Defense Static ARP entries OS Security 35 36. 5. Network Hacking 5.3 XSS Cross-site scripting (XSS) is a type of computer insecurity vulnerability typically found inWeb applications (such as web browsers through breaches of browser security) thatenables attackers to inject client-side script into Web pages viewed by other users. XSS vulnerabilities have been reported and exploited since the 1990s. Prominent sitesaffected in the past include the social-networking sites Twitter, Facebook, MySpace,and Orkut.36 37. 37 38. 6. Malware6.1 Types of Malware 38 39. 6. Malware6.2 Original Sin 39 40. 6. Malware 6.3 Definition Short for Malicious Software Software designed to disrupt computeroperation, gather sensitive information,or gain unauthorized access to computersystems Computer viruses, worms, trojan horses,spyware, adware, most rootkits, andother malicious programs Is not the same as defective software 40 41. 6. Malware6.4 Infection Called Virus, Worm Many early infectious programs. They weregenerally intended to be harmless or merelyannoying, rather than to cause serious damageto computer systems Before Internet access became widespread,viruses spread on personal computers byinfecting the executable boot sectors of floppydisks Virus is used for a program has infected someexecutable software and, when run, causesthe virus to spread to other executables. A worm is a program that actively transmitsitself over a network to infect other computers.41 42. 6. Malware 6.5 Concealment Called Trojan Horses, Rootkit, Backdoor When a malicious program is disguised assomething normal or desirable, users may betempted to install it without realizing it. This isthe technique of the Trojan horse or trojan. A rootkit was a set of tools installed by a humanattacker on a Unix system, allowing the attackerto gain administrator (root) access A backdoor is a method of bypassing normalauthentication procedure42 43. 43 44. 7. Encryption7.1 Origins44 45. 7. Encryption7.1 Origins A watermark is a recognizable image orpattern in paper that appears as variousshades of lightness/darkness when viewed bytransmitted light (or when viewed byreflected light, atop a dark background),caused by thickness or density variation