DePaul University.


79 views
Uploaded on:
Description
DePaul University DePaul Data Security Today Microsoft Pattern Security Analyzer (MBSA) Utilizing Web Wayfarer safely Email Protection and Record Honesty Utilizing email encryption Spam Plot What is MBSA? How to get it? Establishment Highlights Showing
Transcripts
Slide 1

DePaul University DePaul Information Security

Slide 2

Today Microsoft Baseline Security Analyzer (MBSA) Using Internet Explorer safely Email Privacy and File Integrity Using email encryption Spam

Slide 3

Outline What is MBSA? How to get it? Establishment Features Demonstration

Slide 4

Securing Windows Systems Operating System Updates Use a Host Based Firewall Account and Password Security File Sharing Microsoft Applications

Slide 5

What is MBSA? Made for Microsoft Systems particularly Tool to make Windows based frameworks and server applications more secure. MBSA focuses out known blemishes which are not altered on the tried framework Shows approaches to fix security gaps Explains right security rules Current rendition MBSA 2.0 Presents a security depiction

Slide 6

How to get it? Microsoft Web Site http://www.microsoft.com/technet/security/apparatuses/mbsa2/default.mspx Search on Google Microsoft Baseline Security Analyzer

Slide 7

Installation Wizard for simple establishment

Slide 8

Features Graphical User Interface (GUI) choices Scan neighborhood PC Scan for regular regulatory vulnerabilities Scan for missing security redesigns against the Microsoft Update inventory Creates reports in MBSA

Slide 9

Supports Checks for normal managerial vulnerabilities for: Windows 2000, XP, 2003 Windows Server 2003 IIS 5.0, 6.0 SQL Server 7.0, 2000 IE 5.01+ Office 2000, XP, 2003

Slide 10

Scans for basic vulnerabilities Is Windows Firewall empowered? Are Automatic Updates empowered? Are solid passwords upheld? Are unsecured Guest records empowered?

Slide 11

MBSA Demonstration

Slide 12

Pretty Good Privacy - PGP What is pgp and why use it Cryptography Key Pairs Using PGP programming Exporting, Importing and Backing up Keys Public Key Servers Encrypt/Decrypt Mail Encrypt/Decrypt Files Symmetric (mystery or routine) encryption Demonstration

Slide 13

Encryption Software What is PGP Originally Authored by Philip Zimmermann in 1991 Strong encryption programming De-facto standard for email encryption today Originally free programming now possessed by Network Associates – www.pgp.com In 1997, OpenPGP working gathering framed to build up an open non-exclusive standard for PGP GnuPG is totally free and agreeable with OpenPGP Email ought not be viewed as private PGP Allows for security and honesty

Slide 14

Cryptography Communicating in or translating mystery compositions or figures Cipher Text Unreadable data – disordered information Encryption Process of scrambling data changing over normal plaintext data to figure test Decryption Recovering the plaintext again from the figure content Public Key cryptography (hilter kilter) Encryption and Decryption are performed utilizing diverse keys Secret Key cryptography (symmetric) Same key is utilized for encryption and unscrambling

Slide 15

How can it work? Two Keys required – Public and Private To send somebody mail or check their mark, you have to know their open key Using an open key, you encode or “encrypt” a lump of information (document or email message) Using a private key, you decipher or “decrypt” the information to peruse the record or email

Slide 16

How can it work?

Slide 17

Generating PGP keys The product will create an open/private key pair You indicate the key\'s measure (1024, 2048 bits) Need to give a secret key to secure you\'re key

Slide 18

Public Key – 2048 bits - BEGIN PGP PUBLIC KEY BLOCK - Version: PGPfreeware 6.5.8 for non-business use <http://www.pgp.com> mQGiBERx5hsRBADsidrkWqSRLKM3VS2wZf74X5JwSrOJzJmBNWATdU/CNxC5Ip9m d9NsNGEKeaX81FGs4JDUhqbuXSG8F939B0nN4M4jmiySlgHm/9NbQoMAHx4W0a71 wN05f2UFxWrIsMSBOEWTAsEh3WJ5IcWklohLCnHQjatdeZdoUgL5/4uLzwCg/xLU soKchra6xS5mZju+5wkZa4EEAIqKyXJPfOmQ3+dfaTEJiJASs3MCrDWOcfU4LsE9 jeJKu8bc2Y9NyaJm/GFGRofa8pPf9C0rmTP1pX9enhq0OYUvspulmQjFDvVyiYrG Ixy6au6mFZL4R4/Q306lpqpqTmwi6DEQx0fkwrUrhlj5v04Tofd2U1VYLPvYGXjy RYecA/9xWPmGX+Dca4EAngMyZ1y0GzJnR59bvgtc2eNX0fqesQTrU+coF2gBCdxP CZNtEXyZiEZQ7o8tGEQ5GrvKZM+/W4wAlY0P72GuGhuz1q4+e5NrI7wOGjMd9EXU RTwSlq3qdmv5N/uGmePQ0wj8Eri0cqZjEP3MHhPoKht60BuB2LQWdGVzdCA8dGVz dEBkZXBhdWwuZWR1PokATgQQEQIADgUCRHHmGwQLAwIBAhkBAAoJEMY+hoiF0arf hmAAoL8H0JVdJ9X5CiTMikOyYK9AcbgMAJ4zZhwt22z3Z9CdmmM4KmIOnKc63bkC DQREceYbEAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV 89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50 T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAggAyxVy81TbGHYNV9Mfh5Dfi9Iu vsva8BiGrJFpY0jhfWfDlmGPEtqLZ6YzI++uAXQfuk2xLQsICy9RFflvtmeTNei8 k/2f6l89Pw4Dh+fI5WzMMuXUGW8g7hvSoQ878ffoFL8mQAMD9xntURVFLhne8364 qWTf1JSk0ftdMj0SyK2rXn+3JQPMB0R6x8DW4gM56cLKf09GyWlUqmAn/EXtc9iU L6WfWYywhlJ+VBG22EKnJp+gHY6ib8swmiRK/LvCfY7fNgKAVyJj9M8F0/axm0H9 9bpX3JD36SkfrrUKXacfPJUvJR0ulXwr58PGMvhK04nxXQaMetqqPO/uRLLNIokA RgQYEQIABgUCRHHmGwAKCRDGPoaIhdGq33HdAJ9VXtpQKmnI6RBZ3O6f31fqVMI0 3wCgxMkE2HsZ7+RKieDGNCsH3KFJof0= =oMO0 - END PGP PUBLIC KEY BLOCK -

Slide 19

Encrypted Text Plain content Hello world Encrypt with open key Cipher content - BEGIN PGP MESSAGE - Version: PGPfreeware 6.5.8 for non-business use <http://www.pgp.com> qANQR1DBwU4DSTJMC1F2PksQB/0bmezbfmj/1NUYt5qM8TbOOl7uZH8wYNrsVFnF ALv+wwdYFTMhT/DBoSWwnizkY31k0bTei57EjlNjg4z9mqgabm4OCj1s0O3GVQDP tIafYzDmdOrojgZ2jrszExFARL47ygXZA5qnDxoI3W5RiSbn5iQpp66wucJETAey cGQ6dTsnySTtmV9uB/tMyAPPnPQ+FP+Hd1bpBP000R+ySteLHjEKjMV752k= =ScLD - END PGP MESSAGE - Decrypt with private key Plain content Hello World

Slide 20

Getting encryption applications PGP Commercial applications http://www.pgp.com/GnuPG Complete and Free usage http://www.gnupg.org/For Windows use gpg4win – www.gpg4win.org

Slide 21

Using GnuPG programming Exporting, Importing and Backing up keys content or ASCII record BACKUP, I said BACKUP your keys Public Key Servers http://www.keyserver.net/en http://pgp.mit.edu/Encrypting Email and Files Using Symmetric Encryption Demonstration

Slide 22

The End … Questio

Recommended
View more...