Upload
dugan
View
39
Download
0
Embed Size (px)
DESCRIPTION
ระบบคอมพิวเตอร์. ความมั่นคงปลอดภัย. ของ. คำแนะนำในการป้องความปลอดภัย พื้นฐานของคอมพิวเตอร์. }. ทรัพยากรที่เกี่ยวกับคอมพิวเตอร์ประกอบด้วย. อุปกรณ์คอมพิวเตอร์ (Hardware). โปรแกรมคอมพิวเตอร์ (Software). ทรัพยากร. ข้อมูล. บุคลากร (Peopleware). - PowerPoint PPT Presentation
Citation preview
0*
(Software) (Hardware) (Peopleware) }
0*
- Hardware- - 1 - -
0*
, , Hacker, Cracker
0*
Version 1. 2.
0*
3. 4. HW / SW Virus
0*
Hard copy (paper) Hardcopy
0*
Virus Trojan Super zapTargetSystemProgram
0*
, Hang
0*
1.2. 3. 4. 5. 6. 7. 8.
0*
1. 2. 3. 4.
0*
7
1. ()2. 3. 4. ,5. 6. 7.
0*
-LAN - Lan-
0*
20 1. 2. 3. 4. 5. ,6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17.18.19.20.
0*
- CPU - Mainboard- Monitor- Keyboard- Printer- Cable- Scanner - UPS- Source Program- OS- MS office- Data for execution- Operator- System- Engineer- Programmer- Program Manual- H/W Manual- Paper- Forms- Toner- Cartridge- Diskette
0*
AssetSecrecyIntegrityAvailability-Overload ,Destroyed,Tempered withFail ,Stolen,UnavailableStolenCopiedPiratedTrojan Horse Modified Tampered withDelete Misplace Usage expired--Quit TerminateRetire Onvacation--Lost , Stolen--Lost ,destroy ,Stolen
0*
1. 2. 3. - 4. 5. 6. 7.
0*
, ,
0*
X
XXXXXXXXXX--X-----XX
0*
1.2. 3. 4. 5.,6. 7., 8.9.10. 11. 12. 13. 14. 15. 16.
0*
Never alone principles 1 1. 2. Time Limitation of Duties 3. Separation of Duties
0*
1. 0peration programming 2. 3. Computer Operation 4. 5. + 6. + program database
0*
Operators 1. 2.
0*
1.2.3.4.5. - 1.2.3.
0*
Threat tree ThreatDenial of Service threat SubthreatsDisclisure threatsIntegrity threat Subthreats
0*
ThreatSubtheats2Subtheats1effort = moderate(2)effort = high (3)criticality = high (3)criticality = moderate (2)
EffortCriticationTypeValveTypeValveLow1Low1Moderate2Moderate2high3high3
Risk = Critical/ EffortRisk = 3/2=1.8Risk = 2/3=0.67
0*
Aircraft TemperatureServo to engineCooling SystemPosition SensorMain ControllerFlight recorder(Back Box)Maincontroller=High =3Temperature=Moderate =2Cooling System=Moderate=2Servo to engine=High=3Flight recorder=Low=1
0*
Aircraft AircraftDisclosure threat Denial of Service threat Integrity threatServo to engine Critical = 3Effort = 2 Risk = 1.5 Cooling SystemCritical = 2 Effort = 3Risk = 0.67TemperatureCritical =2 Effort = 3Risk = 0.67 Fight recorderCritical = 1Effort = 3Risk = 0.3Main ControllerCritical = 3Effort = 3Risk = 1
0*
NoYes
0*
1.2.3. 4.5.6. SW / HW
0*
2. , , 3. Overhead1. , ,
0*
1
2.
3.
0*
1
0*
2.
Period of InterruptionAnnual CostNone10 millions3 millisecond 1 millions1 hour$ 100,0001 day$ 1,0001 year$ 100,000
0*
3.
Period of InterruptionAnnual Cost20 millions $ 1001 day$ 1,0001 year$ 100,000
0*
1. 25 2. 3. 4. 5. 6.
0*
-
0*
Radar
0*
()
0*
1. access 2. Hack 3. 4.
0*
Safe-T-Cut
0*
Telephone Telephone User name, password
0*
Network , HW / SW Firewall Firewall Hacker
0*
0*
1. 2 1.1
0*
1.2 ( level)
0*
2. Chief Executive Officer (CEO) (BOSS) System administrator CERT (Computer Emergency Response Team ) Site
0*
3. () Crash , hang Account [email protected] New file Iloveyou.exe,Nakedwife File account file file
0*
4.
0*
0*
file format
0*
(shut down system)
0*
user
0*
Policy revise policy
0*
CERT Computer Emergency Response TeamAn organization or a team that provides, to definedconstituency, services and support for bothpreventing and responding the computer security incidents.
0*
1. 1 2. 3. 4. CERT
0*
1 . CERT1. 2. 3. 4. 5.
0*
6. 7. 8. 9. 10. 11.12. CERT
0*
0*
0*
CERT
0*
IDS Hacker IDS
0*
1. Password2. ()3. 4. 5. 6. Loopback
Network
0*
multiple Soure Network
0*
Hacker Network
0*
Loopback Network A B C E D
0*
text key Crytanalysis
0*
C = EK 1EK = 2P2EK = 2PC = EK(3)P = 3 P = 3C = 18 C = 18C = 6Encryption ()Encryption ()P = Ek- 1 ( C)P = 3EK- 1 = 2C = 26 = 3Decryption ()P = Ek 1 (C)C = EK (P3)P = ?C = EK (3) C = 18C = 6
0*
Private Key Encryption AlgorithmEK (3) = 3EK (M) = 2* MDK ( C ) = C2EK (M) = MM = 3EK (3) = 2*3 = 6C = 6C = 6DK ( 6 ) =26 M = 3
0*
() ( ) F = KeyC = N Q T A J D T Z PEPSI = KeyC = S E J E I I I P M = I LOVE YOU M = I LOVE YOU