DePaul Information Security

Slides:

Advertisements

Similar presentations

II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.

Advertisements

PGP Overview 2004/11/30 Information-Center meeting peterkim.

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Chapter 17 Controls and Security Measures

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Principles of Information Security, 2nd edition1 Cryptography.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer

Guide to Operating System Security Chapter 10 Security.

Encryption Methods By: Michael A. Scott

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.

Fmdszqujpo! Encryption!. Encryption  Group Activity 1:  Take the message you were given, and create your own encryption.  You can encrypt it anyway.

Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.

Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.

Masud Hasan Secue VS Hushmail Project 2.

Operating Systems Concepts 1/e Ruth Watson Chapter 4 Chapter 4 Windows Utilities Ruth Watson.

1 Lesson Internet Organization network Fire wall.

Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.

®® Microsoft Windows 7 Windows Tutorial 5 Protecting Your Computer.

The Microsoft Baseline Security Analyzer A practical look….

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.

Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

PGP ENCRYPTION Prepared by Noel Kigaraba. Introduction This presentation explains the basic information about PGP encryption software. It discusses the.

Dr. Susan Al Naqshbandi The word “Cryptography” is derived from Greek words κρυπτός kryptós meaning “hidden” and γράφω gráfo meaning.

Professional Encryption Software FINECRYPT 8.1. Contents Introduction Introduction Features Features Installation Installation Tests Tests Results Results.

Cryptography. Introduction Encryption  The art (or science) of putting messages into a code, and the study of those coding techniques. Decryption  The.

1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.

3.06 Data Encryption Unit 3 Internet Basics. Introduction In May of 2006, an analyst with the U.S. Department of Veterans Affairs was robbed of his notebook.

1 Information Security Practice I Lab 5. 2 Cryptography and security Cryptography is the science of using mathematics to encrypt and decrypt data.

Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.

Electronic Commerce School of Library and Information Science PGP and cryptography I. What is encryption? Cryptographic systems II. What is PGP? How does.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy

Invitation to Computer Science 5 th Edition Chapter 8 Information Security.

2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.

Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Network Security: Security. Objectives To learn to use security tools –PGP To learn the availability of security libraries –S/MIME.

Privacy and Security Topics From Greenlaw/Hepp, In-line/On-line: Fundamentals of the Internet and the World Wide Web 1 Introduction Known Information Software.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Encryption Name : Maryam Mohammed Alshami ID:H

Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

Information Systems Design and Development Security Precautions Computing Science.

@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

Maninda Edirisooriya. Introduction Extension for Google Chrome. Privacy protection system for online chat. Encrypts chat text using 128 bit AES. Decrypts.

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

Unit 3 Section 6.4: Internet Security

Chapter 6 Application Hardening

Chapter 5 : Designing Windows Server-Level Security Processes

Information Security Session November 11, 2004

Protecting Yourself Keeping Your Secrets Secret November 11, 2004

Chapter 7 STRENGTH OF ENCRYPTION & Public Key Infrastructure

Information Security Session October 24, 2005

Information Security Session October 23, 2006

An Installation Guide of PGP on Windows 2000

Group 2 module 2 obj 15 explain the meaning of terms related to the security of Information Technology Systems.

Unit 32 Every class minute counts! 2 assignments 3 tasks/assignment

Presentation transcript:

DePaul Information Security DePaul University DePaul Information Security

Today Microsoft Baseline Security Analyzer (MBSA) Using Internet Explorer securely Email Privacy and File Integrity Using email encryption Spam

Outline What is MBSA? How to get it? Installation Features Demonstration

Securing Windows Systems Operating System Updates Use a Host Based Firewall Account and Password Security File Sharing Microsoft Applications

What is MBSA? Created for Microsoft Systems specifically Tool to make Windows based systems and server applications more secure. MBSA points out known flaws which are not fixed on the tested system Shows ways to patch security holes Explains correct security guidelines Current version MBSA 2.0 Presents a security snapshot

How to get it? Microsoft Web Site Search on Google http://www.microsoft.com/technet/security/tools/mbsa2/default.mspx Search on Google Microsoft Baseline Security Analyzer

Installation Wizard for easy installation

Features Graphical User Interface (GUI) options Scan local computer Scan for common administrative vulnerabilities Scan for missing security updates against the Microsoft Update catalog Creates reports in MBSA

Supports Checks for common administrative vulnerabilities for: Windows 2000, XP, 2003 Windows Server 2003 IIS 5.0, 6.0 SQL Server 7.0, 2000 IE 5.01+ Office 2000, XP, 2003

Scans for common vulnerabilities Is Windows Firewall enabled? Are Automatic Updates enabled? Are strong passwords enforced? Are unsecured Guest accounts enabled?

MBSA Demonstration

Pretty Good Privacy - PGP What is pgp and why use it Cryptography Key Pairs Using PGP software Exporting, Importing and Backing up Keys Public Key Servers Encrypt/Decrypt Mail Encrypt/Decrypt Files Symmetric (secret or conventional) encryption Demonstration

Encryption Software What is PGP Originally Authored by Philip Zimmermann in 1991 Strong encryption software De-facto standard for email encryption today Originally free software now owned by Network Associates – www.pgp.com In 1997, OpenPGP working group formed to develop an open non-proprietary standard for PGP GnuPG is completely free and compliant with OpenPGP Email should not be considered private PGP Allows for privacy and integrity

Cryptography Communicating in or deciphering secret writings or ciphers Cipher Text Unreadable information – jumbled data Encryption Process of scrambling information converting ordinary plaintext information to cipher test Decryption Recovering the plaintext back from the cipher text Public Key cryptography (asymmetric) Encryption and Decryption are performed using different keys Secret Key cryptography (symmetric) Same key is used for encryption and decryption

How does it work? Two Keys needed – Public and Private To send someone mail or verify their signature, you need to know their public key Using a public key, you encode or “encrypt” a chunk of data (file or email message) Using a private key, you decode or “decrypt” the data to read the file or email

How does it work?

Generating PGP keys The software will generate a public/private key pair You specify the size of the key (1024, 2048 bits) Need to provide a password to protect your key

Public Key – 2048 bits -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> mQGiBERx5hsRBADsidrkWqSRLKM3VS2wZf74X5JwSrOJzJmBNWATdU/CNxC5Ip9m d9NsNGEKeaX81FGs4JDUhqbuXSG8F939B0nN4M4jmiySlgHm/9NbQoMAHx4W0a71 wN05f2UFxWrIsMSBOEWTAsEh3WJ5IcWklohLCnHQjatdeZdoUgL5/4uLzwCg/xLU soKchra6xS5mZju+5wkZa4EEAIqKyXJPfOmQ3+dfaTEJiJASs3MCrDWOcfU4LsE9 jeJKu8bc2Y9NyaJm/GFGRofa8pPf9C0rmTP1pX9enhq0OYUvspulmQjFDvVyiYrG Ixy6au6mFZL4R4/Q306lpqpqTmwi6DEQx0fkwrUrhlj5v04Tofd2U1VYLPvYGXjy RYecA/9xWPmGX+Dca4EAngMyZ1y0GzJnR59bvgtc2eNX0fqesQTrU+coF2gBCdxP CZNtEXyZiEZQ7o8tGEQ5GrvKZM+/W4wAlY0P72GuGhuz1q4+e5NrI7wOGjMd9EXU RTwSlq3qdmv5N/uGmePQ0wj8Eri0cqZjEP3MHhPoKht60BuB2LQWdGVzdCA8dGVz dEBkZXBhdWwuZWR1PokATgQQEQIADgUCRHHmGwQLAwIBAhkBAAoJEMY+hoiF0arf hmAAoL8H0JVdJ9X5CiTMikOyYK9AcbgMAJ4zZhwt22z3Z9CdmmM4KmIOnKc63bkC DQREceYbEAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV 89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50 T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAggAyxVy81TbGHYNV9Mfh5Dfi9Iu vsva8BiGrJFpY0jhfWfDlmGPEtqLZ6YzI++uAXQfuk2xLQsICy9RFflvtmeTNei8 k/2f6l89Pw4Dh+fI5WzMMuXUGW8g7hvSoQ878ffoFL8mQAMD9xntURVFLhne8364 qWTf1JSk0ftdMj0SyK2rXn+3JQPMB0R6x8DW4gM56cLKf09GyWlUqmAn/EXtc9iU L6WfWYywhlJ+VBG22EKnJp+gHY6ib8swmiRK/LvCfY7fNgKAVyJj9M8F0/axm0H9 9bpX3JD36SkfrrUKXacfPJUvJR0ulXwr58PGMvhK04nxXQaMetqqPO/uRLLNIokA RgQYEQIABgUCRHHmGwAKCRDGPoaIhdGq33HdAJ9VXtpQKmnI6RBZ3O6f31fqVMI0 3wCgxMkE2HsZ7+RKieDGNCsH3KFJof0= =oMO0 -----END PGP PUBLIC KEY BLOCK-----

Encrypted Text Hello world Hello World Plain text Encrypt with public key Cipher text -----BEGIN PGP MESSAGE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> qANQR1DBwU4DSTJMC1F2PksQB/0bmezbfmj/1NUYt5qM8TbOOl7uZH8wYNrsVFnF ALv+wwdYFTMhT/DBoSWwnizkY31k0bTei57EjlNjg4z9mqgabm4OCj1s0O3GVQDP tIafYzDmdOrojgZ2jrszExFARL47ygXZA5qnDxoI3W5RiSbn5iQpp66wucJETAey cGQ6dTsnySTtmV9uB/tMyAPPnPQ+FP+Hd1bpBP000R+ySteLHjEKjMV752k= =ScLD -----END PGP MESSAGE----- Decrypt with private key Hello World

Getting encryption applications PGP Commercial applications http://www.pgp.com/ GnuPG Complete and Free implementation http://www.gnupg.org/ For Windows use gpg4win – www.gpg4win.org

Using GnuPG software Exporting, Importing and Backing up keys text or ASCII file BACKUP, I said BACKUP your keys Public Key Servers http://www.keyserver.net/en http://pgp.mit.edu/ Encrypting Email and Files Using Symmetric Encryption Demonstration

The End … Questions