Distributed Systems - Security

Transcript

1. Sikkerhed

2. Hvad er sikkerhed for jer?

3. “ One of the most weird-styled incidents of its times,

   Kevin Poulsen was arrested in the year 1990 in the US after he hacked all the phone lines in the LA City. It was announced on the radio station that the 102nd caller who would call in the contest hosted by the channel would receive a Porsche as a gift and Kevin hacked all the phone lines in the city to secure his victory. A bad idea, but what an idea!

4. “ In the year 1983, Kevin Poulsen (yes, the Porsche

   guy), then a young student in college, hacked into Arpanet. Poulsen was too sharp for his age and took control over the Arpanet that was considered as a precursor to internet and controlled the network that extended all over the US. Network security experts and firewalls were almost defenseless against the young hacker for some time.
5. None

6. Sikkerhed Basalt set: Begrænse adgangen til information

7. Security Threats Leakage Acquisition of information by an unauthorized recipient.

   Eksempel: Edward Snowden, eller Helle Thorning Schmidts skattesag. Tampering Unauthorized altering of information. Eksempel: Afstemningsfusk. Vandalism Interference with the proper operation of a system without a gain to the perpetrator. Eksempel: DDoS angreb, SQL dumps, take-overs.

8. Man in the Middle

9. Eavesdropping

10. Masquerade

11. Tampering

12. Replaying

13. Denial of Service

14. Social Engineering Er den oftest forekommende sikkerhedsbrist i systemer -

    hvilket I kender fra “Catch Me If You Can” og Kevin Mitnick.

15. Hashing Vi tager en streng, som vi laver en hashet

    værdi af. Den samme streng som hashes med samme algoritme vil give samme hashede værdi - men vil ikke kunne de-hashes. Så vi kan ikke komme tilbage igen, hvilket er den rigtige måde at håndtere passwords. Hashing vs Kryptering Kryptering Vi tager en streng og laver den om til noget uforståeligt, men vi har mulighed for at dekryptere beskeden igen, såfremt vi kender måden beskeden er krypteret på. Derfor er dette nyttigt når vi udveksler information på tværs af netværk.

16. d863a4046633d551b0660318e674ecbe Hash: md5(‘Henrik Thorn’)

17. Streng SALT Hash Secure Hash

18. http://plaintextoffenders.com/ En side der pænt lister alle, som gemmer passwords

    i clear text

19. “ Encryption is the process of encoding messages or information

    in such a way that only authorized parties can read it

20. C = E k (m) Beskeden M krypteres med cypher

    (E), som benytter en nøgle K
21. None

22. Private and Public Keys The Public Key is what its

    name suggests - Public. It is made available to everyone via a publicly accessible repository or directory. On the other hand, the Private Key must remain confidential to its respective owner. Afsender krypterer med sin modtagers public key og modtager har nu mulighed for at dekryptere med sin private key. Beskeden kan ikke læses af andre end de to - og afsender kan ikke dekryptere beskeden igen.

23. SSL / HTTPS Certifikater

24. “ There are two types of encryption: one that will

    prevent your sister from reading your diary and one that will prevent your government

25. thanks! Any questions? You can find me at @henrikthorn [email protected]