Upgrade to Pro — share decks privately, control downloads, hide ads and more …

網路安全 @ INFOR

Avatar for tewei tewei
October 21, 2014
Technology
0
86

網路安全 @ INFOR

Avatar for tewei

tewei

October 21, 2014
Tweet

More Decks by tewei

See All by tewei
Alcoholism Treatment: A Translational Perspective
Avatar for tewei tewei
0
190
AI in Medicine @ APMSS 2019
Avatar for tewei tewei
1
420
Do No Harm Book Report
Avatar for tewei tewei
0
66
古騰堡革命
Avatar for tewei tewei
0
110
個人申請
Avatar for tewei tewei
0
140
Entresoft Program 2015-16
Avatar for tewei tewei
0
150
Intro to CS Course Outline
Avatar for tewei tewei
0
60
Deep and Reinforced Learning
Avatar for tewei tewei
1
120
網站程式設計[1] @ INFOR
Avatar for tewei tewei
0
110

Other Decks in Technology

See All in Technology
【M3】攻めのセキュリティの実践!プロアクティブなセキュリティ対策の実践事例
Avatar for mizu axelmizu
0
130
大規模プロダクトで実践するAI活用の仕組みづくり
Avatar for daiki k1tikurisu
3
720
Quarkusで作るInteractive Stream Application
Avatar for Tomohiro Hashidate joker1007
0
130
ソフトウェア開発現代史: 55%が変化に備えていない現実 ─ AI支援型開発時代のReboot Japan #agilejapan
Avatar for Hiroyuki TAKAHASHI takabow
4
3.1k
AIと自動化がもたらす業務効率化の実例: 反社チェック等の調査・業務プロセス自動化
Avatar for enpipi enpipi
0
410
『HOWはWHY WHATで判断せよ』 〜『ドメイン駆動設計をはじめよう』の読了報告と、本質への探求〜
Avatar for HideyukiKitao panda728
PRO
5
1.7k
マーケットプレイス版Oracle WebCenter Content For OCI
Avatar for oracle4engineer oracle4engineer
PRO
3
1.3k
Claude Code 10連ガチャ
Avatar for uhyo uhyo
3
680
ググるより、AIに聞こう - Don’t Google it, ask AI
Avatar for Oikon oikon48
0
870
Redux → Recoil → Zustand → useSyncExternalStore: 状態管理の10年とReact本来の姿
Avatar for ZOZO Developers zozotech
PRO
14
7.1k
なぜインフラコードのモジュール化は難しいのか - アプリケーションコードとの本質的な違いから考える
Avatar for Gosuke Miyashita mizzy
50
15k
Post-AIコーディング時代のエンジニア生存戦略
Avatar for shinoyu shinoyu
0
280

Featured

See All Featured
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
65
8k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
379
70k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
40
2.2k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
91
590k
Building Adaptive Systems
Avatar for Chris Keathley keathley
44
2.8k
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
31
2.9k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
31
2.7k
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.5k
Docker and Python
Avatar for Tania Allard trallard
46
3.6k
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
463
33k
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
51
51k

Transcript

  1. 網路安全 Alexander Shieh @ INFOR 2014/9/11

  2. 今天會講到什麼 • 重新認識網⾴頁、網路 • Cookie, Session, CookieSession • 代碼注⼊入Injection:跨站指令XSS、SQL Injection

    • 阻斷服務DDoS • VPN & Proxy • 密碼學Cryptography:DH、RSA、ECC、數位簽章

  3. 放輕鬆今天不會有很多實作 抱持著愉悅的⼼心情就好

  4. 什麼是網⾴頁 • HTTP Request • Cache • TCP/IP • 下載IG圖⽚片

    • 下載FB影⽚片 • Facebook帳號保安

  5. TCP/IP

  6. TCP/IP • Application (HTTP/SSL/FTP…) • Transport(TCP) • Network(IP) • Physical(PPP)

  7. TCP/IP • Application (HTTP/SSL/FTP…) • Transport(TCP) • Network(IP) • Physical(PPP)

  8. TCP/IP • Application (HTTP/SSL/FTP…) • Transport(TCP) • Network(IP) • Physical(PPP)

    我現在不想講這個

  9. • Developer Tools • Resources • Frames>Images

  10. • chrome://cache/ • find mp4

  11. ! SQL Injection • 隨便打個’或是’ or ‘1’ = ‘1 •

    如果加⼀一些其他的東⻄西怎辦www • 不要去打夢駝林會被ban ip

  12. XSS • 撈cookie=>XSRF • ⾃自⼰己盜⾃自⼰己的帳

  13. 如何在網路上匿名 Stay Anonymous Image: http://manurevah.com/blah/en/blog/ISP-vs-VPN-vs-Tor CC-BY-NC-SA

  14. 原本上網的⽅方式

  15. • 架在網際網路上的私⼈人網路 • 因為Tunnel所以可以換IP(Encrypted, Encapsulation) • IPSec, SSL VPN •

    Open VPN VPN

  16. • Image: https://www.torproject.org/about/overview

  17. • Image: https://www.torproject.org/about/overview

  18. • Image: https://www.torproject.org/about/overview Random Circuit Every 10 min

  19. • Image: https://www.torproject.org/about/overview Random Circuit Every 10 min

  20. • Image: https://www.torproject.org/about/overview Random Circuit Every 10 min

  21. Cryptography • Image: http://www.di.ens.fr/~pnguyen/

  22. 囧rz

  23. 囧rz • Cryptographic Hash Algorithm

  24. 囧rz • Cryptographic Hash Algorithm • 對稱式加密演算法

  25. 囧rz • Cryptographic Hash Algorithm • 對稱式加密演算法 • AES/DES

  26. 囧rz • Cryptographic Hash Algorithm • 對稱式加密演算法 • AES/DES •

    ⾮非對稱式加密

  27. 囧rz • Cryptographic Hash Algorithm • 對稱式加密演算法 • AES/DES •

    ⾮非對稱式加密 • Diffie-Hellman Key Exchange

  28. 囧rz • Cryptographic Hash Algorithm • 對稱式加密演算法 • AES/DES •

    ⾮非對稱式加密 • Diffie-Hellman Key Exchange • RSA Public Key Cryptosystem

  29. 囧rz • Cryptographic Hash Algorithm • 對稱式加密演算法 • AES/DES •

    ⾮非對稱式加密 • Diffie-Hellman Key Exchange • RSA Public Key Cryptosystem • Elliptic Curve Cryptography

  30. ⽣生活中的例⼦子 • TLS/SSL=>HTTPS • ⾃自然⼈人憑證 • http://smartfacts.cr.yp.to/ smartfacts-20130916.pdf • Bitcoin

    • http://hitcon.org/2014/ downloads/E1_06_Chris %20Lin%20-%20Bitcoin %20Security.pdf

  31. 監聽封包 • 因為 802.11有監聽模式,但在監聽模式不能傳送也不能攔 截,只要未加密過的連線都有可能看到明⽂文 • 主要的兩個技術: • http://en.wikipedia.org/wiki/Promiscuous_mode •

    http://en.wikipedia.org/wiki/Monitor_mode

  32. Wireshark

  33. Capture Options