Transcript EC security programs

9
Security Issues in EC
中央大學.資訊管理系
范錚強
mailto: [email protected]
http://www.mgt.ncu.edu.tw/~ckfarn
2013.05
中央大學。范錚強
1
What Is Information Security?
Protecting information and information
systems from unauthorized access, use,
disclosure, disruption, modification,
perusal, inspection, recording or
destruction
中央大學。范錚強
2
安全威脅有多大？
2010年電腦犯罪及安全調查
來源：Computer Security Institute (CSI),
CSI Survey 2010/11
2007年美國企業因資訊安全問題而衍生的
損失，平均高達35萬
(2006: 17萬)
41.1%企業遭受到某種資訊安全破壞
(2007: 46%; 2006:53%; 2005: 56%)
https://cours.etsmtl.ca/log619/documents/divers/CSIsurvey2010.pdf
中央大學。范錚強
3
經驗到資訊安全問題的企業
中央大學。范錚強
4
從企業內部來的安全威脅
企業的安全威脅並不只從外部入侵
中央大學。范錚強
5
Major EC Security Concerns
中央大學。范錚強
6
The Drivers of EC Security Problems
The Internet’s Vulnerable Design
開放系統設計
彈性的定址方式 (IP address, Domain name)
Keystroke logging (keylogging): A method of capturing
and recording user keystrokes
The Shift to Profit-Induced Crimes
Internet underground economy
E-markets for stolen information made up of thousands
of websites that sell credit card numbers, social security
numbers, other data such as numbers of bank accounts,
social network IDs, passwords, and much more
中央大學。范錚強
7 9-7
What kinds of security
questions arise?
From the user’s perspective:
How can the user be sure that the Web server is
owned and operated by a legitimate company?
How does the user know that the Web page and form
do not contain some malicious or dangerous code or
content?
How does the user know that the owner of the Web
site will not distribute the information the user
provides to some other party?
中央大學。范錚強
8
What kinds of security
questions arise?
From the company’s perspective:
How does the company know the user will
not attempt to break into the Web server or
alter the pages and content at the site?
How does the company know that the user
will not try to disrupt the server so that it is
not available to others?
中央大學。范錚強
9
What kinds of security
questions arise?
From both parties’ perspectives:
How do both parties know that the network
connection is free from eavesdropping by a
third party “listening” on the line?
How do they know that the information sent
back-and-forth between the server and the
user’s browser has not been altered?
中央大學。范錚強
10
Basic Security Terminology
Business continuity plan 商業存續計畫
A plan that keeps the business running after a
disaster occurs; each function in the business should
have a valid recovery capability plan
Cybercrime 網路犯罪
Intentional crimes carried out on the Internet
Cybercriminal 網路罪犯
A person who intentionally carries out crimes over
the Internet
Exposure 風險暴露
The estimated cost, loss, or damage that can result if
a threat exploits a vulnerability
中央大學。范錚強
11 9-11
Basic Security Terminology 2
Fraud 弊端
Any business activity that uses deceitful practices or
devices to deprive another of property or other rights
Malware (malicious software) 惡意軟體
A generic term for malicious software
Phishing 釣魚法
A crimeware technique to steal the identity of a target
company to get the identities of its customers
Risk 風險
The probability that a vulnerability will be known
and used
中央大學。范錚強
12 9-12
Basic Security Terminology 3
Social engineering 社交工程
A type of nontechnical attack that uses some ruse to trick users
into revealing information or performing an action that
compromises a computer or network
Spam 垃圾郵件
The electronic equivalent of junk mail
Vulnerability 弱點
Weakness in software or other mechanism that threatens the
confidentiality, integrity, or availability of an asset (recall the
CIA model); it can be directly used by a hacker to gain access to
a system or network
Zombies 僵屍
Computers infected with malware that are under the control of a
spammer, hacker, or other criminal
中央大學。范錚強
13 9-13
Security Battleground
中央大學。范錚強
14
The Threats, Attacks, And
Attackers
Unintentional Threats
Human error （標錯價）
Environmental hazards （天然災害）
Malfunctions in the computer system
Intentional Attacks and Crimes
The Criminals and Methods
Hacker: Someone who gains unauthorized access to a
computer system
Cracker: A malicious hacker
中央大學。范錚強
15 9-15
EC Security Requirements
Authentication身份確認
Process to verify (assure) the real identity of an individual,
computer, computer program, or EC website
Authorization授權
Process of determining what the authenticated entity is allowed
to access and what operations it is allowed to perform
Auditing 稽核
Availability 可用性
Nonrepudiation 不可否認
Assurance that online customers or trading partners cannot
falsely deny (repudiate) their purchase or transaction
中央大學。范錚強
16
The Defense: Defenders, Strategy,
And Methods
EC security strategy
A strategy that views EC security as the process of
preventing and detecting unauthorized use of the
organization’s brand, identity, website, e-mail,
information, or other asset and attempts to defraud
the organization, its customers, and employees
deterring measures
Actions that will make criminals abandon their idea
of attacking a specific system (e.g., the possibility of
losing a job for insiders)
中央大學。范錚強
17
Methods
prevention measures
Ways to help stop unauthorized users (also known as
“intruders”) from accessing any part of the EC system
detection measures
Ways to determine whether intruders attempted to break into the
EC system; whether they were successful; and what they may
have done
information assurance (IA)
The protection of information systems against unauthorized
access to or modification of information whether in storage,
processing, or transit, and against the denial of service to
authorized users, including those measures necessary to detect,
document, and counter such threats
中央大學。范錚強
18
中央大學。范錚強
19
Malicious Code: Viruses, Worms,
And Trojan Horses
Virus
A piece of software code that inserts itself into a host, including
the operating systems, in order to propagate; it requires that its
host program be run to activate it
Worm
A software program that runs independently, consuming the
resources of its host in order to maintain itself, that is capable of
propagating a complete working version of itself onto another
machine
Macro virus (macro worm)
A macro virus or macro worm is executed when the application
object that contains the macro is opened or a particular
procedure is executed
中央大學。范錚強
20
中央大學。范錚強
21
Other Technical Attack Methods
Trojan horse
A program that appears to have a useful function but that
contains a hidden function that presents a security risk
Banking Trojan
A Trojan that comes to life when computer owners visit one of a
number of online banking or e-commerce sites
Denial-of-service (DoS) attack
An attack on a website in which an attacker uses specialized
software to send a flood of data packets to the target computer
with the aim of overloading its resources
中央大學。范錚強
22
Technical Attack Methods
Page hijacking
Creating a rogue copy of a popular website that
shows contents similar to the original to a Web
crawler; once there, an unsuspecting user is
redirected to malicious websites
Botnet
A huge number (e.g., hundreds of thousands) of
hijacked Internet computers that have been set up to
forward traffic, including spam and viruses, to other
computers on the Internet
Malvertising
中央大學。范錚強
23
Nontechnical Attacks: Social
Engineering
A type of nontechnical attack that uses social
pressures to trick computer users into
compromising computer networks to which those
individuals have access
向屬下要帳號密碼
A multiprong approach should be used to combat
social engineering
Education and training
Policies and procedures
Penetration testing
中央大學。范錚強
24
Nontechnical Methods
Social Phishing
Sophisticated Phishing Methods
Identity Theft and Identify Fraud
Fraud that involves stealing an identity of a
person and then the use of that identity by
someone pretending to be someone else in
order to steal money or get other benefits
中央大學。范錚強
25
中央大學。范錚強
26
Social Networking Makes Social Engineering Easy
中央大學。范錚強
27
Nontechnical Methods
e-mail spam
A subset of spam that involves nearly identical messages sent to
numerous recipients by e-mail
Spyware
Software that gathers user information over an Internet connection
without the user’s knowledge
search engine spam
Pages created deliberately to trick the search engine into offering
inappropriate, redundant, or poor-quality search results
spam site
Page that uses techniques that deliberately subvert a search engine’s
algorithms to artificially inflate the page’s rankings
Splog
Short for spam blog, a site created solely for marketing purposes
中央大學。范錚強
28
CIA security triad (CIA triad)
Three security concepts important to
information on the Internet: confidentiality,
integrity, and availability
中央大學。范錚強
29
CIA Triad
Confidentiality
Assurance of data privacy and accuracy. Keeping private or
sensitive information from being disclosed to unauthorized
individuals, entities, or processes
Integrity
Assurance that stored data has not been modified without
authorization; a message that was sent is the same message that
was received
Availability
Assurance that access to data, the Web site, or other EC data
service is timely, available, reliable, and restricted to
unauthorized users
中央大學。范錚強
30
The Information Assurance Model
Assessing Security Needs
vulnerability assessment
The process of identifying, quantifying, and prioritizing the
vulnerabilities in a system
penetration test (pen test)
A method of evaluating the security of a computer system or a
network by simulating an attack from a malicious source, (e.g.,
a cracker)
EC security programs
All the policies, procedures, documents, standards, hardware,
software, training, and personnel that work together to protect
information, the ability to conduct business, and other assets
中央大學。范錚強
31
中央大學。范錚強
32
中央大學。范錚強
33
The Defense Side of EC
Systems
1) Defending access to computing systems, data
flow, and EC transactions
2) Defending EC networks
3) General, administrative, and application controls
4) Protection against social engineering and fraud
5) Disaster preparation, business continuity, and
risk management
6) Implementing enterprisewide security programs
中央大學。范錚強
34
Access control
Mechanism that determines who can legitimately
use a network resource
Authorization and Authentication
biometric control
An automated method for verifying the identity of a
person based on physical or behavioral
characteristics
biometric systems
Authentication systems that identify a person by
measurement of a biological characteristic, such as
fingerprints, iris (eye) patterns, facial features, or
voice
中央大學。范錚強
35
Securing EC Communications
public key infrastructure (PKI)
A scheme for securing e-payments using public key
encryption and various technical components
encryption
The process of scrambling (encrypting) a message in
such a way that it is difficult, expensive, or timeconsuming for an unauthorized person to unscramble
(decrypt) it
plaintext
An unencrypted message in human-readable form
中央大學。范錚強
36
Securing EC Communications
ciphertext
A plaintext message after it has been encrypted
into a machine-readable form
encryption algorithm
The mathematical formula used to encrypt the
plaintext into the ciphertext, and vice versa
key
The secret code used to encrypt and decrypt a
message
中央大學。范錚強
37
Securing EC Communications
Symmetric (private) key system
An encryption system that uses the same key to
encrypt and decrypt the message
Data Encryption Standard (DES)
The standard symmetric encryption algorithm
supported the NIST and used by U.S. government
agencies until October 2, 2000
中央大學。范錚強
38
Public (Asymmetric) Key
Encryption
public key encryption
Method of encryption that uses a pair of
matched keys—a public key to encrypt a
message and a private key to decrypt it, or
vice versa
public key
Encryption code that is publicly available to
anyone
中央大學。范錚強
39
非對稱金鑰
又稱RSA加密
由R/S/A三位學者發明，由數學方式產生一對
不相同的金鑰
兩者之間無法經由任何數學運算獲得，必須同
時產生
其中之一由私人保存，另一個則公開
經由私鑰加密者，只能由公鑰解密，反過來也
一樣
中央大學。范錚強
40
非對稱式金鑰，防止外洩
R公鑰加密
S
信息
明文
信息
密文
R私鑰解密
信息
密文
中央大學。范錚強
R
信息
明文
41
非對稱式金鑰，防止否認
R公鑰加密
S
信息
明文
信息
密文
S私鑰加密
R私鑰解密
信息
密文
R
信息
明文
S公鑰解密
中央大學。范錚強
42
PKI/CA
PKI – Public Key Infrastructure
公開金鑰架構
利用非對稱金鑰來進行的加解密機制
CA – Certificate Authority
憑證中心：公鑰憑證發行單位
需要有公信力
有層級性的發行單位
中央大學。范錚強
43
非對稱金鑰的發行
公鑰憑證
發證者名稱
有效日期
持有人姓名
持有人公鑰
電子文件
XXXX契約
事前向有公信
力的憑證機構
註冊，由其簽
發公鑰憑證。
CA簽章
數位簽章
X509
110111001
(類似印鑑登記)
范錚強
一對一配對
關係
簽章私鑰
中央大學。范錚強
公開供鑑別
簽署者身分
簽章公鑰
44
Digital Signatures
digital signature
An identifying code that can be used to authenticate the identity
of the sender of a document
hash
A mathematical computation that is applied to a message, using
a private key, to encrypt the message
message digest
A summary of a message, converted into a string of digits, after
the hash has been applied
digital envelope
The combination of the encrypted original message and the
digital signature, using the recipient’s public key
中央大學。范錚強
45
中央大學。范錚強
46
Secure Socket Layer (SSL)
Protocol that utilizes standard certificates
for authentication and data encryption to
ensure privacy or confidentiality
在用戶不知覺的情況之下，交換資料的電
腦間交換非對稱金鑰
Transport Layer Security (TLS)
As of 1996, another name for the SSL
protocol
中央大學。范錚強
47
Firewall
A single point between two or more
networks where all traffic must pass (choke
point); the device authenticates, controls,
and logs all traffic
中央大學。范錚強
48
中央大學。范錚強
49
Securing EC Networks
DMZ: Demilitarized Zone 非戰區
Network area that sits between an organization’s
internal network and an external network (Internet),
providing physical isolation between the two
networks that is controlled by rules enforced by a
firewall.
personal firewall
A network node designed to protect an individual
user’s desktop system from the public network by
monitoring all the traffic that passes through the
computer’s network interface card.
中央大學。范錚強
50
Virtual private network (VPN)
A network that uses the public Internet to carry
information but remains private by using
encryption to scramble the communications,
authentication to ensure that information has not
been tampered with, and access control to verify
the identity of anyone using the network
Protocol tunneling
Method used to ensure confidentiality and integrity
of data transmitted over the Internet by encrypting
data packets, sending them in packets across the
Internet, and decrypting them at the destination
address
中央大學。范錚強
51
中央大學。范錚強
52
中央大學。范錚強
53
資訊安全的威脅
惡意
非人為、無意
硬體破壞
竊盜、搗毀
自然災害、儲存媒體
損毀
資料破壞
資料竄改、資料增刪、 程式師無能、不小心、
系統性更動資料
遺漏
資料外洩
資料複製、網路截取、 不小心
詐騙
網路入侵
竊取資料、破壞、將受 ──
侵電腦作為犯罪工具
中央大學。范錚強
54
安全的基本基本觀念
安全不是絕對的
安全和易用性的兩難
安全是有價的
你願意付出什麼樣的代價？
你的安全風險 exposure 有多高？
資訊安全有技術面和人性面
破壞安全者，都是「人」
主要是內部的人
人性！！
中央大學。范錚強
55
安全和易用性
想一想，你回家和出門時…
進門需要開十個鎖
出門需要鎖十道門…
你十天之後會做什麼？
風險和安全措施的對稱
中央大學。范錚強
56
資訊安全的確保
評估風險和損失
針對可能的威脅加以防護
以技術加上來制度（或習慣）來防範
瞭解技術的特性
以技術來加強、以制度來確保
鏈條的強度，是最弱一環的強度
中央大學。范錚強
57
你花100萬買了一輛新車
請問：以下什麼行動是合理的？
你花了50萬裝了一個防盜設備
你雇用專人24小時輪班看守
你花了3萬買失竊險
什麼叫合理？
中央大學。范錚強
58
你家附近最近小偷猖獗
弟弟提議加裝一套新的鎖頭
你檢驗後，發現新鎖頭雖然是你能負擔
的鎖頭中最好的，但還是無法保障100%
安全
請問，買不買？
中央大學。范錚強
59
安全的「洋蔥」
企業環境
國際標準
安全政策
人事管制
通訊管制
輸入輸出管制
保險
進出管控
流程
管制
程式
管制
硬體
資料
操作管制
隔離
應用軟體
法律環境
復原計畫
稽核
軌跡
文件
管制
使用者
安全方案
管制
企業體
中央大學。范錚強
60
技術掛帥的環境
重視實體安全、通訊安全
忽略管理面、人性面
幸好…
資訊安全防護在1999/2000年，出現國際標
準：BS7799/ISO17799/ISO27001
中央大學。范錚強
61
BS7799/ISO17799
英國的資訊安全標準
被國際標準組織接受
內容：資訊安全的管控
從政策、程序、存取、復原等
完整的資訊安全考量
中央大學。范錚強
62
BS7799 的安全十大項目
安全政策：提供管理面的指導性原則
安全組織
資產分類與管理
依風險和損害對資產採取分級分類
人事管制
減少人為錯誤、偷竊、欺詐或濫用設施的風險
實體和環境安全
中央大學。范錚強
63
BS7799 的主要內容2
通訊與操作管制
存取管制
安全體系的建立和維持
復原計畫
防止商業活動的中斷，並保護關鍵的業務
過程免受重大故障或災難的影響
符合法律和規章
中央大學。范錚強
64
安全管理重點
Process life cycle control
全程的管理和安全確保，而非侷限於技術面
SOP
做你說你要做的事，但你要做什麼？為何？
Check and balance
權責分離、制衡
Recovery
萬一出事，如何處理？
中央大學。范錚強
65
Business Continuity and
Disaster Recovery Planning
Disaster avoidance
An approach oriented toward prevention. The
idea is to minimize the chance of avoidable
disasters (such as fire or other human-caused
threats).
Risk-management and cost-benefit analysis
Risk-Management Analysis
Ethical Issues
中央大學。范錚強
66
EC Security Policies and
Training
Acceptable use policy (AUP)
Policy that informs users of their
responsibilities when using company
networks, wireless devices, customer data,
and so forth.
中央大學。范錚強
67