Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
網路安全 @ INFOR
Search
tewei
October 21, 2014
Technology
0
73
網路安全 @ INFOR
tewei
October 21, 2014
Tweet
Share
More Decks by tewei
See All by tewei
Alcoholism Treatment: A Translational Perspective
tewei
0
180
AI in Medicine @ APMSS 2019
tewei
1
400
Do No Harm Book Report
tewei
0
51
古騰堡革命
tewei
0
75
個人申請
tewei
0
120
Entresoft Program 2015-16
tewei
0
120
Intro to CS Course Outline
tewei
0
48
Deep and Reinforced Learning
tewei
1
100
網站程式設計[1] @ INFOR
tewei
0
88
Other Decks in Technology
See All in Technology
VS CodeでAWSを操作しよう
smt7174
8
1.8k
チームでロジカルシンキングに改めて向き合っている話 〜学習環境と実践⽅法〜
sansantech
PRO
3
2.9k
Building a RAG-poweredAI chat appwith Python and VS Code
pamelafox
0
110
私が trocco を推す理由
__allllllllez__
1
270
Java EE/Jakarta EEの現状と将来―クラウドネイティブ時代にJava EEは対応できるのか?―
takakiyo
1
170
現代CSSフレームワークの内部実装とその仕組み
poteboy
8
3.7k
Cracking the KubeCon CfP
inductor
2
250
ワールドカフェI /チューターを改良する / World Café I and Improving the Tutors
ks91
PRO
0
130
競技としてのKaggle、役に立つKaggle
yu4u
5
2k
今日からできる!簡単 .NET 高速化 Tips -2024 edition-
xin9le
4
1.9k
プロトタイピングによる不確実性の低減 / Reducing Uncertainty through Prototyping
ohbarye
5
390
AWSに詳しくない人でも始められるコスト最適化ガイド
yuhta28
1
260
Featured
See All Featured
jQuery: Nuts, Bolts and Bling
dougneiner
59
7.1k
Faster Mobile Websites
deanohume
299
30k
Designing on Purpose - Digital PM Summit 2013
jponch
110
6.5k
A Tale of Four Properties
chriscoyier
151
22k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
104
6.6k
How GitHub Uses GitHub to Build GitHub
holman
468
290k
What's new in Ruby 2.0
geeforr
337
31k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k
The Power of CSS Pseudo Elements
geoffreycrofte
60
5k
The Cult of Friendly URLs
andyhume
74
5.7k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
501
140k
Six Lessons from altMBA
skipperchong
21
3k
Transcript
網路安全 Alexander Shieh @ INFOR 2014/9/11
今天會講到什麼 • 重新認識網⾴頁、網路 • Cookie, Session, CookieSession • 代碼注⼊入Injection:跨站指令XSS、SQL Injection
• 阻斷服務DDoS • VPN & Proxy • 密碼學Cryptography:DH、RSA、ECC、數位簽章
放輕鬆今天不會有很多實作 抱持著愉悅的⼼心情就好
什麼是網⾴頁 • HTTP Request • Cache • TCP/IP • 下載IG圖⽚片
• 下載FB影⽚片 • Facebook帳號保安
TCP/IP
TCP/IP • Application (HTTP/SSL/FTP…) • Transport(TCP) • Network(IP) • Physical(PPP)
TCP/IP • Application (HTTP/SSL/FTP…) • Transport(TCP) • Network(IP) • Physical(PPP)
TCP/IP • Application (HTTP/SSL/FTP…) • Transport(TCP) • Network(IP) • Physical(PPP)
我現在不想講這個
• Developer Tools • Resources • Frames>Images
• chrome://cache/ • find mp4
! SQL Injection • 隨便打個’或是’ or ‘1’ = ‘1 •
如果加⼀一些其他的東⻄西怎辦www • 不要去打夢駝林會被ban ip
XSS • 撈cookie=>XSRF • ⾃自⼰己盜⾃自⼰己的帳
如何在網路上匿名 Stay Anonymous Image: http://manurevah.com/blah/en/blog/ISP-vs-VPN-vs-Tor CC-BY-NC-SA
原本上網的⽅方式
• 架在網際網路上的私⼈人網路 • 因為Tunnel所以可以換IP(Encrypted, Encapsulation) • IPSec, SSL VPN •
Open VPN VPN
• Image: https://www.torproject.org/about/overview
• Image: https://www.torproject.org/about/overview
• Image: https://www.torproject.org/about/overview Random Circuit Every 10 min
• Image: https://www.torproject.org/about/overview Random Circuit Every 10 min
• Image: https://www.torproject.org/about/overview Random Circuit Every 10 min
Cryptography • Image: http://www.di.ens.fr/~pnguyen/
囧rz
囧rz • Cryptographic Hash Algorithm
囧rz • Cryptographic Hash Algorithm • 對稱式加密演算法
囧rz • Cryptographic Hash Algorithm • 對稱式加密演算法 • AES/DES
囧rz • Cryptographic Hash Algorithm • 對稱式加密演算法 • AES/DES •
⾮非對稱式加密
囧rz • Cryptographic Hash Algorithm • 對稱式加密演算法 • AES/DES •
⾮非對稱式加密 • Diffie-Hellman Key Exchange
囧rz • Cryptographic Hash Algorithm • 對稱式加密演算法 • AES/DES •
⾮非對稱式加密 • Diffie-Hellman Key Exchange • RSA Public Key Cryptosystem
囧rz • Cryptographic Hash Algorithm • 對稱式加密演算法 • AES/DES •
⾮非對稱式加密 • Diffie-Hellman Key Exchange • RSA Public Key Cryptosystem • Elliptic Curve Cryptography
⽣生活中的例⼦子 • TLS/SSL=>HTTPS • ⾃自然⼈人憑證 • http://smartfacts.cr.yp.to/ smartfacts-20130916.pdf • Bitcoin
• http://hitcon.org/2014/ downloads/E1_06_Chris %20Lin%20-%20Bitcoin %20Security.pdf
監聽封包 • 因為 802.11有監聽模式,但在監聽模式不能傳送也不能攔 截,只要未加密過的連線都有可能看到明⽂文 • 主要的兩個技術: • http://en.wikipedia.org/wiki/Promiscuous_mode •
http://en.wikipedia.org/wiki/Monitor_mode
Wireshark
Capture Options