Ne Course Part One
backdoor
493 views
71 slides
Nov 25, 2007
Slide 1 of 71
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
About This Presentation
No description available for this slideshow.
Slide Content
UNO Copyright: MCC 1
Network Professional CourseNetwork Professional Course
Data & Network SecurityData & Network Security
U Nyein OoU Nyein Oo
COO/DirectorCOO/Director
Myanma Computer Co., LtdMyanma Computer Co., Ltd
Network Professional CourseNetwork Professional Course
Data & Network SecurityData & Network Security
U Nyein OoU Nyein Oo
COO/DirectorCOO/Director
Myanma Computer Co., LtdMyanma Computer Co., Ltd
UNO Copyright: MCC 2
Part OnePart One
Computer VirusComputer Virus
Part OnePart One
Computer VirusComputer Virus
UNO Copyright: MCC 3
Topics to be coveredTopics to be covered
Computer virus
Different type of virus
Macro virus
Worm
Trojan horse
Hybrids
Malware
Spam
Spyware
And And
preventing Computer Viruspreventing Computer Virus
Topics to be coveredTopics to be covered
Computer virus
Different type of virus
Macro virus
Worm
Trojan horse
Hybrids
Malware
Spam
Spyware
And And
preventing Computer Viruspreventing Computer Virus
UNO Copyright: MCC 4
What is Computer Virus?What is Computer Virus?
In 1983, Fred Cohen coined the term “computer virus”,
assume a virus was "a program that can 'infect' other
programs by modifying them to include a possibly
evolved copy of itself.”
Mr. Cohen expanded his definition a year later in his
1984 paper, “A Computer Virus”, noting that “a virus
can spread throughout a computer system or network
using the authorizations of every user using it to infect
their programs”.
What is Computer Virus?What is Computer Virus?
In 1983, Fred Cohen coined the term “computer virus”,
assume a virus was "a program that can 'infect' other
programs by modifying them to include a possibly
evolved copy of itself.”
Mr. Cohen expanded his definition a year later in his
1984 paper, “A Computer Virus”, noting that “a virus
can spread throughout a computer system or network
using the authorizations of every user using it to infect
their programs”.
UNO Copyright: MCC 5
Some History on Fred CohenSome History on Fred Cohen
•BS (Electrical Engineering )
•MS (Information Science)
•Ph.D (Electrical and Computer Engineering)
•Inventor of “Computer Viruses” (1983)
•First published most current virus defense techniques
•Consultant, computer security
•Fred Cohen &Associates
•Sandia National Laboratories
•Global reputation for integrity
Some History on Fred CohenSome History on Fred Cohen
•BS (Electrical Engineering )
•MS (Information Science)
•Ph.D (Electrical and Computer Engineering)
•Inventor of “Computer Viruses” (1983)
•First published most current virus defense techniques
•Consultant, computer security
•Fred Cohen &Associates
•Sandia National Laboratories
•Global reputation for integrity
UNO Copyright: MCC 6
Macro virusMacro virus
Macro viruses are a special case of viruses. Instead of
infecting software program files directly, macro viruses
infect Microsoft Office documents and templates.
They exist because Microsoft has implemented a
complete programming language in their Office
applications which allows any document to contain
software code.
Macro virusMacro virus
Macro viruses are a special case of viruses. Instead of
infecting software program files directly, macro viruses
infect Microsoft Office documents and templates.
They exist because Microsoft has implemented a
complete programming language in their Office
applications which allows any document to contain
software code.
UNO Copyright: MCC 7
Macro virus (cont:)Macro virus (cont:)
Macro viruses can be extremely dangerous, since the
scripting language built-in to Microsoft Office (called
"Visual Basic for Applications") gives the virus full control
of the computer, including the ability to run arbitrary
software, send e-mail, delete files, or activate some other
malicious payload.
Macro virus (cont:)Macro virus (cont:)
Macro viruses can be extremely dangerous, since the
scripting language built-in to Microsoft Office (called
"Visual Basic for Applications") gives the virus full control
of the computer, including the ability to run arbitrary
software, send e-mail, delete files, or activate some other
malicious payload.
UNO Copyright: MCC 8
What is worm?What is worm?
In contrast to viruses, computer worms are malicious
programs that copy themselves from system to system,
rather than sensitive legal files.
For example, a mass-mailing
email worm is a worm that
sends copies of itself via email.
A network worm makes copies
of itself throughout a network,
an Internet worm sends copies
of itself via vulnerable computers
on the Internet, and so on.
What is worm?What is worm?
In contrast to viruses, computer worms are malicious
programs that copy themselves from system to system,
rather than sensitive legal files.
For example, a mass-mailing
email worm is a worm that
sends copies of itself via email.
A network worm makes copies
of itself throughout a network,
an Internet worm sends copies
of itself via vulnerable computers
on the Internet, and so on.
UNO Copyright: MCC 9
What is Trojan Horses?What is Trojan Horses?
Trojans, another form of malware, are generally agreed
upon as doing something other than the user expected,
with that “something” defined as malicious.
Most often, Trojans are
associated with remote
access programs that perform
illicit operations such as
password-stealing or which
allow compromised machines
to be used for targeted denial
(rejection) of service attacks.
What is Trojan Horses?What is Trojan Horses?
Trojans, another form of malware, are generally agreed
upon as doing something other than the user expected,
with that “something” defined as malicious.
Most often, Trojans are
associated with remote
access programs that perform
illicit operations such as
password-stealing or which
allow compromised machines
to be used for targeted denial
(rejection) of service attacks.
UNO Copyright: MCC 10
Trojan Horses (cont:)Trojan Horses (cont:)
One of the more basic forms of a denial of service
(DoS) attack involves flooding a target system with so
much data, traffic, or commands that it can no longer
perform its core functions.
When multiple machines are gathered together to
launch such an attack, it is known as a distributed
denial of service attack, or DDoS.
Trojan Horses (cont:)Trojan Horses (cont:)
One of the more basic forms of a denial of service
(DoS) attack involves flooding a target system with so
much data, traffic, or commands that it can no longer
perform its core functions.
When multiple machines are gathered together to
launch such an attack, it is known as a distributed
denial of service attack, or DDoS.
UNO Copyright: MCC 11
What is Hybrids?What is Hybrids?
In fact, most dangerous software combines the features
of several types. One of the first successful e-mail
attacks, the Happy99 Virus, wasn't merely a virus.
When opened, it displayed
a pleasant fireworks animation,
tricking the user into thinking it
was a harmless entertainment
like a trojan.
What is Hybrids?What is Hybrids?
In fact, most dangerous software combines the features
of several types. One of the first successful e-mail
attacks, the Happy99 Virus, wasn't merely a virus.
When opened, it displayed
a pleasant fireworks animation,
tricking the user into thinking it
was a harmless entertainment
like a trojan.
UNO Copyright: MCC 12
Hybrids (cont:)Hybrids (cont:)
Then, like a virus, it modified the computer's operating
system files and installed software code which would
create copies of itself whenever the user sent e-mail.
Finally, like a worm, Happy99 propagated to other
computers via e-mail.
Hybrids (cont:)Hybrids (cont:)
Then, like a virus, it modified the computer's operating
system files and installed software code which would
create copies of itself whenever the user sent e-mail.
Finally, like a worm, Happy99 propagated to other
computers via e-mail.
UNO Copyright: MCC 13
What is malware?What is malware?
Taken as a group, these many types of software are
called "malicious software", because they modify your
computer's files without asking and attempt to perform
some kind of annoying or dangerous activity.
In the computer community,
the spectrum of malicious
software is often called
malware.
What is malware?What is malware?
Taken as a group, these many types of software are
called "malicious software", because they modify your
computer's files without asking and attempt to perform
some kind of annoying or dangerous activity.
In the computer community,
the spectrum of malicious
software is often called
malware.
UNO Copyright: MCC 14
What is SPAM?What is SPAM?
"Spamming [the sending of unsolicited email] is the
scourge of electronic-mail and newsgroups on the
Internet.
It can seriously interfere with the operation of public
services, to say nothing of the effect it may have on
any individual's e-mail mail system.
Spammers are, in effect, taking
resources away from users and
service suppliers without
compensation and without
authorization."
What is SPAM?What is SPAM?
"Spamming [the sending of unsolicited email] is the
scourge of electronic-mail and newsgroups on the
Internet.
It can seriously interfere with the operation of public
services, to say nothing of the effect it may have on
any individual's e-mail mail system.
Spammers are, in effect, taking
resources away from users and
service suppliers without
compensation and without
authorization."
UNO Copyright: MCC 15
SpywareSpyware
Spyware is any software or program that employs a
user's Internet connection in the background (the so-
called "backchannel") without their knowledge or
explicit permission.
SpywareSpyware
Spyware is any software or program that employs a
user's Internet connection in the background (the so-
called "backchannel") without their knowledge or
explicit permission.
UNO Copyright: MCC 16
UNO Copyright: MCC 17
Virus EncyclopediaVirus Encyclopedia
1. File Virus
2. Boot Virus
3. Multi parties Virus (File and Boot )
4. Multi Platform Virus
5. Virus Constructors
6. Script Virus
7. Polymorphic Generator
8. Virus Hoaxes
9. Palm
10. Jokes
Virus EncyclopediaVirus Encyclopedia
1. File Virus
2. Boot Virus
3. Multi parties Virus (File and Boot )
4. Multi Platform Virus
5. Virus Constructors
6. Script Virus
7. Polymorphic Generator
8. Virus Hoaxes
9. Palm
10. Jokes
UNO Copyright: MCC 18
File Extensions of EvilFile Extensions of Evil
User File Extension
Xxx.doc
Xxx.xls
Xxx.ppt
xxx.pmd
Xxx.pdf
Xxx.bmp
And others
System File Extension
Xxx.exe
Xxx.bat
Xxx.com
xxx.sys
Xxx.int
Xxx.dll
And others
File Extensions of EvilFile Extensions of Evil
User File Extension
Xxx.doc
Xxx.xls
Xxx.ppt
xxx.pmd
Xxx.pdf
Xxx.bmp
And others
System File Extension
Xxx.exe
Xxx.bat
Xxx.com
xxx.sys
Xxx.int
Xxx.dll
And others
UNO Copyright: MCC 19
The Golden Rule of E-mail ProtectionThe Golden Rule of E-mail Protection
NEVER OPEN AN E-MAIL ATTACHMENT UNLESS
YOU HAVE INDEPENDENTLY CONFIRMED ITS
CONTENT AND VALIDITY!
a separate e-mail with a clear description of the file
names and contents of the attachments,
a telephone call discussing the attached files,
a face-to-face conversation, or
any other communication independent of the e-mail
containing the attachments, which specifies the file
names and file contents.
The Golden Rule of E-mail ProtectionThe Golden Rule of E-mail Protection
NEVER OPEN AN E-MAIL ATTACHMENT UNLESS
YOU HAVE INDEPENDENTLY CONFIRMED ITS
CONTENT AND VALIDITY!
a separate e-mail with a clear description of the file
names and contents of the attachments,
a telephone call discussing the attached files,
a face-to-face conversation, or
any other communication independent of the e-mail
containing the attachments, which specifies the file
names and file contents.
UNO Copyright: MCC 20
Example of Attached FileExample of Attached File
Example of Attached FileExample of Attached File
UNO Copyright: MCC 21
Other Ways to Secure Your System Other Ways to Secure Your System
Don't use file and print sharing unless you must
If you do use file sharing, use good passwords
Don't allow Windows to open .VBS(vb script)
or .WSF(Windows Script) files
Beware software of unknown origin
Forged E-mail Addresses
Anti-virus Software
Malicious Software Documented at Rice
To get More Help
To Find Security Patches
Other Ways to Secure Your System Other Ways to Secure Your System
Don't use file and print sharing unless you must
If you do use file sharing, use good passwords
Don't allow Windows to open .VBS(vb script)
or .WSF(Windows Script) files
Beware software of unknown origin
Forged E-mail Addresses
Anti-virus Software
Malicious Software Documented at Rice
To get More Help
To Find Security Patches
UNO Copyright: MCC 22
Example of Service Pack FileExample of Service Pack File
Example of Service Pack FileExample of Service Pack File
UNO Copyright: MCC 23
Top 10 Virus Report in Feb 2007
Top 10 Virus Report in Feb 2007
UNO Copyright: MCC 24
Top Antivirus SoftwareTop Antivirus Software
Nortan Antivirus ( www.symantec.com)
Mcafee Antivirus ( www.macfee.com)
Bitdeffender (www.bitdeffender.com)
F-Secure (www.f-secrure.com)
PC-cillin (www.trendmicro.com)
E-safe…etc
Top Antivirus SoftwareTop Antivirus Software
Nortan Antivirus ( www.symantec.com)
Mcafee Antivirus ( www.macfee.com)
Bitdeffender (www.bitdeffender.com)
F-Secure (www.f-secrure.com)
PC-cillin (www.trendmicro.com)
E-safe…etc
UNO Copyright: MCC 25
UNO Copyright: MCC 26
UNO Copyright: MCC 27
UNO Copyright: MCC 28
UNO Copyright: MCC 29
UNO Copyright: MCC 30
UNO Copyright: MCC 31
UNO Copyright: MCC 32
criteria of anti-virus software.criteria of anti-virus software.
Ease of Use
Effective at Identifying Viruses and Worms
Effective at Cleaning or Isolating Infected Files
Activity Reporting
Feature Set (Scanning Capabilities)
Ease of Installation and Setup
Help Documentation
criteria of anti-virus software.criteria of anti-virus software.
Ease of Use
Effective at Identifying Viruses and Worms
Effective at Cleaning or Isolating Infected Files
Activity Reporting
Feature Set (Scanning Capabilities)
Ease of Installation and Setup
Help Documentation
UNO Copyright: MCC 33
Main Features of AntivirusMain Features of Antivirus
Provides complete e-mail virus Protection
Eliminates all types of viruses
Easy to use: install and forget
Automatic virus definitions updates
Uses powerful virus scanning engines
Creates detailed scan reports ..etc
Main Features of AntivirusMain Features of Antivirus
Provides complete e-mail virus Protection
Eliminates all types of viruses
Easy to use: install and forget
Automatic virus definitions updates
Uses powerful virus scanning engines
Creates detailed scan reports ..etc
UNO Copyright: MCC 34
Activity Log File LocationActivity Log File Location
Activity Log File LocationActivity Log File Location
UNO Copyright: MCC 35
Preventing Computer VirusPreventing Computer Virus
1.Install anti-virus software and keep the virus
definitions up to date.
2.Don't automatically open attachments
3.Scan all incoming email attachments
4.Get immediate protection
5.Update your anti-virus software frequently.
6.Avoid downloading files you can't be sure are safe
7.Don't boot from a floppy disk
8.Don't share floppies
9.Scan floppies before using them
10.Use common sense
Preventing Computer VirusPreventing Computer Virus
1.Install anti-virus software and keep the virus
definitions up to date.
2.Don't automatically open attachments
3.Scan all incoming email attachments
4.Get immediate protection
5.Update your anti-virus software frequently.
6.Avoid downloading files you can't be sure are safe
7.Don't boot from a floppy disk
8.Don't share floppies
9.Scan floppies before using them
10.Use common sense
UNO Copyright: MCC 36
Useful linksUseful links
Virus Encyclopedia
http://www.antivirus.com/vinfo/virusencyclo/
Virus pattern downloads http://
www.antivirus.com/download/pattern.asp
Subscribe to email alerts on Virus http://www.antivirus.com/vinfo/
Online virus scanner, Housecall
http://housecall.antivirus.com/
Real-time Virus Tracking
http://wtc.trendmicro.com/wtc/
Mcafee Security
http://www.mcafee.com
Nortan Antivirus
http://symantec.com
Useful linksUseful links
Virus Encyclopedia
http://www.antivirus.com/vinfo/virusencyclo/
Virus pattern downloads http://
www.antivirus.com/download/pattern.asp
Subscribe to email alerts on Virus http://www.antivirus.com/vinfo/
Online virus scanner, Housecall
http://housecall.antivirus.com/
Real-time Virus Tracking
http://wtc.trendmicro.com/wtc/
Mcafee Security
http://www.mcafee.com
Nortan Antivirus
http://symantec.com
UNO Copyright: MCC 37
Part TwoPart Two
OOthers Data Security Issuethers Data Security Issue
Part TwoPart Two
OOthers Data Security Issuethers Data Security Issue
UNO Copyright: MCC 38
Topic to be coveredTopic to be covered
Encryption
Firewall
Authentication
Virtual Private Network (VPN)
Digital Certificate
Digital Signature
Certification Authorities
On-Line Security Assistants
Topic to be coveredTopic to be covered
Encryption
Firewall
Authentication
Virtual Private Network (VPN)
Digital Certificate
Digital Signature
Certification Authorities
On-Line Security Assistants
UNO Copyright: MCC 39
EncryptionEncryption
The translation of data into a secret code. Encryption is the
most effective way to achieve data security.
To read an encrypted file, you must have access to a secret
key or password that enables you to decrypt it.
Unencrypted data is called plain text; encrypted data is
referred to as cipher text.
There are two main types of encryption: asymmetric
encryption (also called public-key encryption) and
symmetric encryption.
EncryptionEncryption
The translation of data into a secret code. Encryption is the
most effective way to achieve data security.
To read an encrypted file, you must have access to a secret
key or password that enables you to decrypt it.
Unencrypted data is called plain text; encrypted data is
referred to as cipher text.
There are two main types of encryption: asymmetric
encryption (also called public-key encryption) and
symmetric encryption.
UNO Copyright: MCC 40
Sample Diagram for EncryptionSample Diagram for Encryption
Sample Diagram for EncryptionSample Diagram for Encryption
UNO Copyright: MCC 41
FirewallFirewall
A combination of hardware and software that secures
access to and from the LAN.
A firewall blocks unwanted access to the protected
network while giving the protected network access to
networks outside of the firewall.
An organization will typically install a firewall to give users
access to the internet while protecting their internal
information.
FirewallFirewall
A combination of hardware and software that secures
access to and from the LAN.
A firewall blocks unwanted access to the protected
network while giving the protected network access to
networks outside of the firewall.
An organization will typically install a firewall to give users
access to the internet while protecting their internal
information.
UNO Copyright: MCC 42
42
Sample usage of FirewallSample usage of Firewall
42
Sample usage of FirewallSample usage of Firewall
UNO Copyright: MCC 43
AuthenticationAuthentication
Determines a user's identity, as well as determining what
a user is authorized to access.
The most common form of authentication is user name
and password, although this also provides the lowest level
of security.
VPNs use digital certificates and digital signatures to more
accurately identify the user.
AuthenticationAuthentication
Determines a user's identity, as well as determining what
a user is authorized to access.
The most common form of authentication is user name
and password, although this also provides the lowest level
of security.
VPNs use digital certificates and digital signatures to more
accurately identify the user.
UNO Copyright: MCC 44
Sample Authentication Sample Authentication
Sample Authentication Sample Authentication
UNO Copyright: MCC 45
Virtual Private NetworkVirtual Private Network
A virtual private network (VPN) is a private data
network that makes use of the public
telecommunication infrastructure, maintaining privacy
through the use of a tunneling protocol and security
procedures.
The idea of the VPN is to give the company the same
capabilities at much lower cost by using the shared
public infrastructure rather than a private one.
Virtual Private NetworkVirtual Private Network
A virtual private network (VPN) is a private data
network that makes use of the public
telecommunication infrastructure, maintaining privacy
through the use of a tunneling protocol and security
procedures.
The idea of the VPN is to give the company the same
capabilities at much lower cost by using the shared
public infrastructure rather than a private one.
UNO Copyright: MCC 46
Tunneling ProtocolTunneling Protocol
A tunneling protocol is a network protocol which
encapsulates one protocol or session inside another.
Protocol A is encapsulated within protocol B, such that
A treats B as though it were a data link layer.
Tunneling is used to get data between administrative
domains which use a protocol that is not supported by
the internet connecting those domains.
Tunneling ProtocolTunneling Protocol
A tunneling protocol is a network protocol which
encapsulates one protocol or session inside another.
Protocol A is encapsulated within protocol B, such that
A treats B as though it were a data link layer.
Tunneling is used to get data between administrative
domains which use a protocol that is not supported by
the internet connecting those domains.
UNO Copyright: MCC 47
VPNs ScenariosVPNs Scenarios
Internet VPN
Over the public access Internet
Connect remote office across the Internet
Connect remote dialup users to their home gateway
through ISP: known as VPDN
Intranet VPN
Within an enterprise or organization that might or
might not involve traffic traversing a WAN
Extranet VPN
Between two or more separate entities that can
involve data traversing the Internet or some other
WAN
VPNs ScenariosVPNs Scenarios
Internet VPN
Over the public access Internet
Connect remote office across the Internet
Connect remote dialup users to their home gateway
through ISP: known as VPDN
Intranet VPN
Within an enterprise or organization that might or
might not involve traffic traversing a WAN
Extranet VPN
Between two or more separate entities that can
involve data traversing the Internet or some other
WAN
UNO Copyright: MCC 48
Sample usage of VPN
Sample usage of VPN
UNO Copyright: MCC 49
Why should use VPN?Why should use VPN?
Data confidentiality
Encrypt the packets before transmitting across the
network
Data Integrity
Authenticate peers and examine packets ensuring
that data has not been altered during transmission
Data origin authentication
Authenticate the source of data sent
Depend on data integrity service
Anti-replay
Detect and reject replayed packets preventing
spoofing and MITM attacks
Why should use VPN?Why should use VPN?
Data confidentiality
Encrypt the packets before transmitting across the
network
Data Integrity
Authenticate peers and examine packets ensuring
that data has not been altered during transmission
Data origin authentication
Authenticate the source of data sent
Depend on data integrity service
Anti-replay
Detect and reject replayed packets preventing
spoofing and MITM attacks
UNO Copyright: MCC 50
Digital CertificateDigital Certificate
Electronic counterparts to driver licenses, passports.
Certificates are the framework for identification
information, and bind identities with public keys.
They provide a foundation for
identification ,
authentication and
non-repudiation.
Enable individuals and organizations to secure
business and personal transactions across
communication networks.
Digital CertificateDigital Certificate
Electronic counterparts to driver licenses, passports.
Certificates are the framework for identification
information, and bind identities with public keys.
They provide a foundation for
identification ,
authentication and
non-repudiation.
Enable individuals and organizations to secure
business and personal transactions across
communication networks.
UNO Copyright: MCC 51
Types of CertificatesTypes of Certificates
Root or Authority certificates
These are self signed by the CA that created them
Institutional authority certificates
Also called as “campus certificates”
Client certificates
These are also known as end-entity
certificates, identity certificates,or personal
certificates.
Web server certificates
used for secure communications to and from
Web servers
Types of CertificatesTypes of Certificates
Root or Authority certificates
These are self signed by the CA that created them
Institutional authority certificates
Also called as “campus certificates”
Client certificates
These are also known as end-entity
certificates, identity certificates,or personal
certificates.
Web server certificates
used for secure communications to and from
Web servers
UNO Copyright: MCC 52
Sample of Digital CertificateSample of Digital Certificate
Sample of Digital CertificateSample of Digital Certificate
UNO Copyright: MCC 53
Content of Digital CertificateContent of Digital Certificate
Version
Serial number
Certificate issuer
Certificate holder
Validity period Attributes, known as certificate extensions,
that contain additional information such as allowable uses
for this certificate
Digital signature from the certification authority to ensure
that the certificate has not been altered and to indicate the
identity of the issuer
And other…
Content of Digital CertificateContent of Digital Certificate
Version
Serial number
Certificate issuer
Certificate holder
Validity period Attributes, known as certificate extensions,
that contain additional information such as allowable uses
for this certificate
Digital signature from the certification authority to ensure
that the certificate has not been altered and to indicate the
identity of the issuer
And other…
UNO Copyright: MCC 54
Digital SignatureDigital Signature
An electronic signature that can be used to authenticate
the identity of the sender of a message, or of the signer of
a document.
It can also be used to ensure that the original content of
the message or document that has been conveyed is
unchanged.
Digital SignatureDigital Signature
An electronic signature that can be used to authenticate
the identity of the sender of a message, or of the signer of
a document.
It can also be used to ensure that the original content of
the message or document that has been conveyed is
unchanged.
UNO Copyright: MCC 55
How Digital Signature Work?How Digital Signature Work?
How Digital Signature Work?How Digital Signature Work?
UNO Copyright: MCC 56
Digital Certificate SampleDigital Certificate Sample
Digital Certificate SampleDigital Certificate Sample
UNO Copyright: MCC 57
Verisign Certificate SampleVerisign Certificate Sample
Verisign Certificate SampleVerisign Certificate Sample
UNO Copyright: MCC 58
Certification AuthorityCertification Authority
A third party organization which is used to confirm the
relationship between a party to the https transaction
and that party's public key.
Certification authorities may be widely known and
trusted institutions for Internet based transactions;
where https is used on companies internal networks, an
internal department within the company may fulfill this
role.
Certification AuthorityCertification Authority
A third party organization which is used to confirm the
relationship between a party to the https transaction
and that party's public key.
Certification authorities may be widely known and
trusted institutions for Internet based transactions;
where https is used on companies internal networks, an
internal department within the company may fulfill this
role.
UNO Copyright: MCC 59
How CA Work?How CA Work?
How CA Work?How CA Work?
UNO Copyright: MCC 60
Some Famous CAsSome Famous CAs
Verisign ( www.verisign.com)
Europki (www.europki.org)
CyberTrust ( www.cybertrust.com)
And many more…
Some Famous CAsSome Famous CAs
Verisign ( www.verisign.com)
Europki (www.europki.org)
CyberTrust ( www.cybertrust.com)
And many more…
UNO Copyright: MCC 61
UNO Copyright: MCC 62
UNO Copyright: MCC 63
UNO Copyright: MCC 64
On Line Security AssistantOn Line Security Assistant
The CERT® Program is part of the Software
Engineering Institute (SEI), a federally funded
research and development center at Carnegie Mellon
University in Pittsburgh, Pennsylvania. Following the
Morris worm incident, which brought 10 percent of
internet systems to a halt in November 1988, the
Defense Advanced Research Projects Agency
(DARPA) charged the SEI with setting up a center to
coordinate communication among experts during
security emergencies and to help prevent future
incidents. This center was named the
CERT Coordination Center (CERT/CC).
On Line Security AssistantOn Line Security Assistant
The CERT® Program is part of the Software
Engineering Institute (SEI), a federally funded
research and development center at Carnegie Mellon
University in Pittsburgh, Pennsylvania. Following the
Morris worm incident, which brought 10 percent of
internet systems to a halt in November 1988, the
Defense Advanced Research Projects Agency
(DARPA) charged the SEI with setting up a center to
coordinate communication among experts during
security emergencies and to help prevent future
incidents. This center was named the
CERT Coordination Center (CERT/CC).
UNO Copyright: MCC 65
On Line Security AssistantsOn Line Security Assistants
On Line Security AssistantsOn Line Security Assistants
UNO Copyright: MCC 66
Area of work by CERTArea of work by CERT
Software Assurance
Secure Systems
Organizational Security
Coordinated Response
Education and Training
Area of work by CERTArea of work by CERT
Software Assurance
Secure Systems
Organizational Security
Coordinated Response
Education and Training
UNO Copyright: MCC 67
Participation in OrganizationsParticipation in Organizations
Forum of Incident Response and Security Teams
(FIRST) - The CERT/CC was a founding member of
FIRST, which is a coalition of individual response teams
around the world.
Internet Engineering Task Force (IETF) - The IETF is
an international organization that is instrumental in
developing internet standards.
National Security Telecommunications Advisory
Committee's Network Security Information
Exchange (NSTAC NSIE) - The NSTAC NSIE works to
reduce vulnerabilities in critical infrastructures.
Participation in OrganizationsParticipation in Organizations
Forum of Incident Response and Security Teams
(FIRST) - The CERT/CC was a founding member of
FIRST, which is a coalition of individual response teams
around the world.
Internet Engineering Task Force (IETF) - The IETF is
an international organization that is instrumental in
developing internet standards.
National Security Telecommunications Advisory
Committee's Network Security Information
Exchange (NSTAC NSIE) - The NSTAC NSIE works to
reduce vulnerabilities in critical infrastructures.
UNO Copyright: MCC 68
UNO Copyright: MCC 69
UNO Copyright: MCC 70
Myanmar Online Security Myanmar Online Security
Myanmar Online Security Myanmar Online Security
UNO Copyright: MCC 71
Thanks You!Thanks You!
Thanks You!Thanks You!
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 493
- Slides 71
- Favorites 2
- Age 6581 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views