Tài liệu miễn phí An ninh - Bảo mật
Download Tài liệu học tập miễn phí An ninh - Bảo mật
cacls /T /E /G administrator:F d:\users\*.*
Cacls will add Full Control for the adminsitrator account all files and subfolders in the Users folder of the D:\ drive.
cacls /T /E /R Everyone d:\users
Cacls will remove all permissions for the 'Everyone' group in all files and subfolders in the Users folder of the D:\ drive.
Be sure to use the /E switch when you are just making modifications to a specific account or group. Without the /E switch, your settings will replace the current security with only what is specified.
...
8/30/2018 2:18:36 AM +00:00
Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM) in the Linux kernel, based on the principle of least privilege. It is not a Linux distribution, but rather a set of modifications that can be applied to Unix-like operating systems, such as Linux and BSD.
8/30/2018 2:18:36 AM +00:00
Developed 1996 as a teaching tool
Santa Clara UniversityProf. Edward Schaefer
Takes an 8-bit block plaintext, a 10 –bit key and produces an 8-bit block of ciphertext
Decryption takes the 8-bit block of ciphertext, the same 10-bit key and produces the original 8-bit block of plaintext
8/30/2018 2:18:36 AM +00:00
transport layer security service
originally developed by Netscape
version 3 designed with public input
subsequently became Internet standard known as TLS (Transport Layer Security)
uses TCP to provide a reliable end-to-end service
SSL has two layers of protocols
8/30/2018 2:18:36 AM +00:00
Block ciphers are among the most widely used types of cryptographic algorithms
provide secrecy and/or authentication services
in particular will introduce DES (Data Encryption Standard)
8/30/2018 2:18:36 AM +00:00
You don’t have to know all of the details
You do need to know your system
What services it is providing
What protocols are involved
What vulnerabilities is has
How to minimize the risks
8/30/2018 2:18:36 AM +00:00
Biggest problem is figuring out who a piece of mail is really from
Must use a higher level mechanism for trust or privacy
Most SMTP clients use sendmail which has been a constant source of security problems for years
8/30/2018 2:18:36 AM +00:00
A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user.
“a program that replicates by “infecting” other programs, so that they contain a copy of the virus”
8/30/2018 2:18:36 AM +00:00
Used to connect two private networks together via the Internet
Used to connect remote users to a private network via the Internet
This could be done by opening your firewall to the LAN networking protocols (NETBIOS, NFS NetWare, AppleTalk))
But… it would also make those protocols available to any one on the Internet and they could come into your LAN at will
Effectively make the whole Internet your LAN
Exposes all of your data
Anyone can easily take advantage of vulnerabilities in your internal hosts
No privacy
Better solution is to use a VPN in conjunction with your firewall
...
8/30/2018 2:18:36 AM +00:00
Protect web content from those who don’t have a “need to know”
Require users to authenticate using a userid/password before they are allowed access to certain URLs
HTTP/1.1 requires that when a user makes a request for a protected resource the server responds with a authentication request header
WWW-Authenticate
contains enough pertinent information to carry out a “challenge-response” session between the user and the server
8/30/2018 2:18:36 AM +00:00
The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.
—The Art of War, Sun Tzu
8/30/2018 2:18:36 AM +00:00
Many savages at the present day regard their names as vital parts of themselves, and therefore take great pains to conceal their real names, lest these should give to evil-disposed persons a handle by which to injure their owners.
—The Golden Bough, Sir James George Frazer
8/30/2018 2:18:36 AM +00:00
All the afternoon Mungo had been working on Stern's code, principally with the aid of the latest messages which he had copied down at the Nevin Square drop. Stern was very confident. He must be well aware London Central knew about that drop. It was obvious that they didn't care how often Mungo read their messages, so confident were they in the impenetrability of the code.
—Talking to Strange Men, Ruth Rendell
8/30/2018 2:18:36 AM +00:00
I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph upon the subject, in which I analyze one hundred and sixty separate ciphers, said Holmes.
—The Adventure of the Dancing Men, Sir Arthur Conan Doyle
8/30/2018 2:18:36 AM +00:00
John wrote the letters of the alphabet under the letters in its first lines and tried it against the message. Immediately he knew that once more he had broken the code. It was extraordinary the feeling of triumph he had. He felt on top of the world. For not only had he done it, had he broken the July code, but he now had the key to every future coded message, since instructions as to the source of the next one must of necessity appear in the current one at the end of each month.
—Talking to Strange Men, Ruth Rendell
...
8/30/2018 2:18:36 AM +00:00
The Devil said to Daniel Webster: Set me a task I can't carry out, and I'll give you anything in the world you ask for.
Daniel Webster: Fair enough. Prove that for n greater than 2, the equation an + bn = cn has no non-trivial solution in the integers.
They agreed on a three-day period for the labor, and the Devil disappeared.
At the end of three days, the Devil presented himself, haggard, jumpy, biting his lip. Daniel Webster said to him, Well, how did you do at my task? Did you prove the theorem?'
Eh? No . . . no, I haven't...
8/30/2018 2:18:36 AM +00:00
Every Egyptian received two names, which were known respectively as the true name and the good name, or the great name and the little name; and while the good or little name was made public, the true or great name appears to have been carefully concealed.
—The Golden Bough, Sir James George Frazer
8/30/2018 2:18:36 AM +00:00
No Singhalese, whether man or woman, would venture out of the house without a bunch of keys in his hand, for without such a talisman he would fear that some devil might take advantage of his weak state to slip into his body.
—The Golden Bough, Sir James George Frazer
8/30/2018 2:18:36 AM +00:00
At cats' green on the Sunday he took the message from the inside of the pillar and added Peter Moran's name to the two names already printed there in the Brontosaur code. The message now read: “Leviathan to Dragon: Martin Hillman, Trevor Allan, Peter Moran: observe and tail.” What was the good of it John hardly knew. He felt better, he felt that at last he had made an attack on Peter Moran instead of waiting passively and effecting no retaliation. Besides, what was the use of being in possession of the key to the codes if he never took...
8/30/2018 2:18:36 AM +00:00
Each of the messages, like each one he had ever read of Stern's commands, began with a number and ended with a number or row of numbers. No efforts on the part of Mungo or any of his experts had been able to break Stern's code, nor was there any clue as to what the preliminary number and those ultimate numbers signified.
—Talking to Strange Men, Ruth Rendell
8/30/2018 2:18:36 AM +00:00
To guard against the baneful influence exerted by strangers is therefore an elementary dictate of savage prudence. Hence before strangers are allowed to enter a district, or at least before they are permitted to mingle freely with the inhabitants, certain ceremonies are often performed by the natives of the country for the purpose of disarming the strangers of their magical powers, or of disinfecting, so to speak, the tainted atmosphere by which they are supposed to be surrounded.
—The Golden Bough, Sir James George Frazer
...
8/30/2018 2:18:36 AM +00:00
will consider authentication functions
developed to support application-level authentication & digital signatures
will consider Kerberos – a private-key authentication service
then X.509 - a public-key directory authentication service
8/30/2018 2:18:36 AM +00:00
Web now widely used by business, government, individuals
but Internet & Web are vulnerable
have a variety of threats
integrity
confidentiality
denial of service
authentication
need added security mechanisms
8/30/2018 2:18:36 AM +00:00
Root of Trust in a PC
Operations or actions based on the TPM have measurable trust.
Flexible usage model permits a wide range of actions to be defined.
Doesn’t Control PC (About DRM)
User still has complete control over platform. It’s OK to turn the TPM off (it ships disabled).
User is free to install any software he/she pleases.
8/30/2018 2:18:36 AM +00:00
SIP is a lightweight, transport-independent, text-based protocol. SIP has the following features:
Lightweight, in that SIP has only four methods, reducing complexity
Transport-independent, because SIP can be used with UDP, TCP, ATM & so on.
Text-based, allowing for low overhead
SIP is primarily used for VOIP calls
8/30/2018 2:18:36 AM +00:00
We now begin our look at building protocols using the basic tools that we have discussed.
The discussion in this lecture will focus on issues of key establishment and the associated notion of authentication
These protocols are not real, but instead are meant to serve just as a high-level survey
Later lectures will go into specific protocols and will uncover practical challenges faced when implementing these protocols
8/30/2018 2:18:36 AM +00:00
This version of the Common Criteria for Information Technology Security Evaluation (CC v3.1) is the first major revision since being published as CC v2.3 in 2005.
CC v3.1 aims to: eliminate redundant evaluation activities; reduce/eliminate activities that contribute little to the final assurance of a product; clarify CC terminology to reduce misunderstanding; restructure and refocus the evaluation activities to those areas where security assurance is gained; and add new CC requirements if needed....
8/30/2018 2:18:35 AM +00:00
Nhu cầu đảm bảo an ninh thông tin có những biến đổi lớn
Trước đây
Chỉ cần các phương tiện vật lý và hành chính
Từ khi có máy tính
Cần các công cụ tự động bảo vệ tệp tin và các thông tin khác lưu trữ trong máy tính
Từ khi có các phương tiện truyền thông và mạng
Cần các biện pháp bảo vệ dữ liệu truyền trên mạng
8/30/2018 2:18:35 AM +00:00
In the last lecture we looked at some high-level descriptions of key distribution and agreement schemes.
These protocols cannot be used as they were stated.
In implementation of the actual protocol, there are many situations one should be careful of.
In this lecture, we will look at some common protocol failures that arise when trying to implement security protocols
We will then look at some specific examples of security protocols
8/30/2018 2:18:35 AM +00:00
As our society grows ever more reliant on computers, so it also becomes more vulnerable to computer crime. Cyber attacks have been plaguing computer users since the 1980s, and computer security experts are predicting that smart telephones and other mobile devices will also become the targets of cyber security threats in the future.
8/30/2018 2:18:35 AM +00:00