1 / 22

DePaul University

DePaul University DePaul Information Security Today Microsoft Baseline Security Analyzer (MBSA) Using Internet Explorer securely Email Privacy and File Integrity Using email encryption Spam Outline What is MBSA? How to get it? Installation Features Demonstration

Gabriel
Download Presentation

DePaul University

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DePaul University DePaul Information Security

  2. Today • Microsoft Baseline Security Analyzer (MBSA) • Using Internet Explorer securely • Email Privacy and File Integrity • Using email encryption • Spam

  3. Outline • What is MBSA? • How to get it? • Installation • Features • Demonstration

  4. Securing Windows Systems • Operating System Updates • Use a Host Based Firewall • Account and Password Security • File Sharing • Microsoft Applications

  5. What is MBSA? • Created for Microsoft Systems specifically • Tool to make Windows based systems and server applications more secure. • MBSA points out known flaws which are not fixed on the tested system • Shows ways to patch security holes • Explains correct security guidelines • Current version MBSA 2.0 • Presents a security snapshot

  6. How to get it? • Microsoft Web Site • http://www.microsoft.com/technet/security/tools/mbsa2/default.mspx • Search on Google • Microsoft Baseline Security Analyzer

  7. Installation • Wizard for easy installation

  8. Features • Graphical User Interface (GUI) options • Scan local computer • Scan for common administrative vulnerabilities • Scan for missing security updates against the Microsoft Update catalog • Creates reports in MBSA

  9. Supports • Checks for common administrative vulnerabilities for: • Windows 2000, XP, 2003 • Windows Server 2003 • IIS 5.0, 6.0 • SQL Server 7.0, 2000 • IE 5.01+ • Office 2000, XP, 2003

  10. Scans for common vulnerabilities • Is Windows Firewall enabled? • Are Automatic Updates enabled? • Are strong passwords enforced? • Are unsecured Guest accounts enabled?

  11. MBSA Demonstration

  12. Pretty Good Privacy - PGP • What is pgp and why use it • Cryptography • Key Pairs • Using PGP software • Exporting, Importing and Backing up Keys • Public Key Servers • Encrypt/Decrypt Mail • Encrypt/Decrypt Files • Symmetric (secret or conventional) encryption • Demonstration

  13. Encryption Software • What is PGP • Originally Authored by Philip Zimmermann in 1991 • Strong encryption software • De-facto standard for email encryption today • Originally free software now owned by Network Associates – www.pgp.com • In 1997, OpenPGP working group formed to develop an open non-proprietary standard for PGP • GnuPG is completely free and compliant with OpenPGP • Email should not be considered private • PGP Allows for privacy and integrity

  14. Cryptography • Communicating in or deciphering secret writings or ciphers • Cipher Text • Unreadable information – jumbled data • Encryption • Process of scrambling informationconverting ordinary plaintext information to cipher test • Decryption • Recovering the plaintext back from the cipher text • Public Key cryptography (asymmetric) • Encryption and Decryption are performed using different keys • Secret Key cryptography (symmetric) • Same key is used for encryption and decryption

  15. How does it work? • Two Keys needed – Public and Private • To send someone mail or verify their signature, you need to know their public key • Using a public key, you encode or “encrypt” a chunk of data (file or email message) • Using a private key, you decode or “decrypt” the data to read the file or email

  16. How does it work?

  17. Generating PGP keys • The software will generate a public/private key pair • You specify the size of the key (1024, 2048 bits) • Need to provide a password to protect your key

  18. Public Key – 2048 bits -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> mQGiBERx5hsRBADsidrkWqSRLKM3VS2wZf74X5JwSrOJzJmBNWATdU/CNxC5Ip9m d9NsNGEKeaX81FGs4JDUhqbuXSG8F939B0nN4M4jmiySlgHm/9NbQoMAHx4W0a71 wN05f2UFxWrIsMSBOEWTAsEh3WJ5IcWklohLCnHQjatdeZdoUgL5/4uLzwCg/xLU soKchra6xS5mZju+5wkZa4EEAIqKyXJPfOmQ3+dfaTEJiJASs3MCrDWOcfU4LsE9 jeJKu8bc2Y9NyaJm/GFGRofa8pPf9C0rmTP1pX9enhq0OYUvspulmQjFDvVyiYrG Ixy6au6mFZL4R4/Q306lpqpqTmwi6DEQx0fkwrUrhlj5v04Tofd2U1VYLPvYGXjy RYecA/9xWPmGX+Dca4EAngMyZ1y0GzJnR59bvgtc2eNX0fqesQTrU+coF2gBCdxP CZNtEXyZiEZQ7o8tGEQ5GrvKZM+/W4wAlY0P72GuGhuz1q4+e5NrI7wOGjMd9EXU RTwSlq3qdmv5N/uGmePQ0wj8Eri0cqZjEP3MHhPoKht60BuB2LQWdGVzdCA8dGVz dEBkZXBhdWwuZWR1PokATgQQEQIADgUCRHHmGwQLAwIBAhkBAAoJEMY+hoiF0arf hmAAoL8H0JVdJ9X5CiTMikOyYK9AcbgMAJ4zZhwt22z3Z9CdmmM4KmIOnKc63bkC DQREceYbEAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV 89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50 T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAggAyxVy81TbGHYNV9Mfh5Dfi9Iu vsva8BiGrJFpY0jhfWfDlmGPEtqLZ6YzI++uAXQfuk2xLQsICy9RFflvtmeTNei8 k/2f6l89Pw4Dh+fI5WzMMuXUGW8g7hvSoQ878ffoFL8mQAMD9xntURVFLhne8364 qWTf1JSk0ftdMj0SyK2rXn+3JQPMB0R6x8DW4gM56cLKf09GyWlUqmAn/EXtc9iU L6WfWYywhlJ+VBG22EKnJp+gHY6ib8swmiRK/LvCfY7fNgKAVyJj9M8F0/axm0H9 9bpX3JD36SkfrrUKXacfPJUvJR0ulXwr58PGMvhK04nxXQaMetqqPO/uRLLNIokA RgQYEQIABgUCRHHmGwAKCRDGPoaIhdGq33HdAJ9VXtpQKmnI6RBZ3O6f31fqVMI0 3wCgxMkE2HsZ7+RKieDGNCsH3KFJof0= =oMO0 -----END PGP PUBLIC KEY BLOCK-----

  19. Encrypted Text • Plain text • Hello world • Encrypt with public key • Cipher text -----BEGIN PGP MESSAGE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> qANQR1DBwU4DSTJMC1F2PksQB/0bmezbfmj/1NUYt5qM8TbOOl7uZH8wYNrsVFnF ALv+wwdYFTMhT/DBoSWwnizkY31k0bTei57EjlNjg4z9mqgabm4OCj1s0O3GVQDP tIafYzDmdOrojgZ2jrszExFARL47ygXZA5qnDxoI3W5RiSbn5iQpp66wucJETAey cGQ6dTsnySTtmV9uB/tMyAPPnPQ+FP+Hd1bpBP000R+ySteLHjEKjMV752k= =ScLD -----END PGP MESSAGE----- • Decrypt with private key • Plain text • Hello World

  20. Getting encryption applications • PGP • Commercial applications • http://www.pgp.com/ • GnuPG • Complete and Free implementation • http://www.gnupg.org/ • For Windows use gpg4win – www.gpg4win.org

  21. Using GnuPG software • Exporting, Importing and Backing up keys • text or ASCII file • BACKUP, I said BACKUP your keys • Public Key Servers • http://www.keyserver.net/en • http://pgp.mit.edu/ • Encrypting Email and Files • Using Symmetric Encryption • Demonstration

  22. The End … Questions

More Related