Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trusting the Trust Budi Rahardjo Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Trusting the Trust Budi Rahardjo Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009."— Presentation transcript:

1 Trusting the Trust Budi Rahardjo budi@indocisc.com http://rahard.wordpress.com Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009

2 Trust vs. Security [no 100% secure system] march 20092BR - trusting the trust

3 Security vs. … Convenience Performance Business Requirement

4 Failing the trust Malicious software; virus, worm, … Malicious users; crackers, attackers, … Fraud; disgruntled employees, … Indentity theft; unauthenticated users, … march 2009BR - trusting the trust4

5 identity theft [facebook, friendster, … social networks do you trust your “friends”?] march 20095BR - trusting the trust

6 “On the internet, nobody knows you’re a dog”

7 Authentication Authentication factors –What you have (card, token) –What you know (password, pin, id) –What you are (biometrics) Electronic transaction requirement –2 factor-authentication

8 Do you trust your bank? march 20098BR - trusting the trust

9 [“borrowed” slides on skimmer attached on an ATM machine of a local bank. Sorry, I cannot add the slides here since I don’t know the owner of the slides to ask/acknowledge.] march 20099BR - trusting the trust

10 Do you trust your e- government? [election jokes, e-gov, e-proc] march 200910BR - trusting the trust

11 [Examples of bad 2009 election campaign posters are available at http://janganbikinmalu2009.com] march 200911BR - trusting the trust

12 Can you trust your code ? march 200912BR - trusting the trust

13 Open Source is better, IF … march 200913BR - trusting the trust

14 you play with your code [read Ken Thompson, "Reflections on Trusting Trust" ACM, September 1995] march 200914BR - trusting the trust

15 Reflections on trusting trust Self reproducing code “Learning” program Create trojaned compiler compile a “bug” version when detect a pattern

16 meaning … skill is important [awareness too] march 200916BR - trusting the trust

17 Reducing Risks Anti virus, 2 factors authentication, … march 2009BR - trusting the trust17

18 Reducing Risks But … really … people, process, & technology

19 Reducing Risks Review periodically by independent, trusted 3 rd party How do you trust your partner?

20 Thank you for trusting me :) Budi Rahardjo budi@indocisc.com

21

Download ppt "Trusting the Trust Budi Rahardjo Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009."

Similar presentations

IT Security Assurance Management of Network and User Behavior Budi Rahardjo INDOCISC - ID-CERT -

IT Security Assurance Management of Network and User Behavior Budi Rahardjo INDOCISC - ID-CERT -
A Gift of Fire, 2edChapter 7: Computer Crime1 Computer Crime.

A Gift of Fire, 2edChapter 7: Computer Crime1 Computer Crime.
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.

Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.
Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.

Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Bruce Schneier Lanette Dowell November 25, 2009. Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.

Bruce Schneier Lanette Dowell November 25, Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.
Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.

Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.

Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
INTRODUCTION Coined in 1996 by computer hackers. Hackers use e-mail to fish the internet hoping to hook users into supplying them the logins, passwords.

INTRODUCTION Coined in 1996 by computer hackers. Hackers use to fish the internet hoping to hook users into supplying them the logins, passwords.

Similar presentations

Ads by Google