depaul university l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
DePaul University PowerPoint Presentation
Download Presentation
DePaul University

Loading in 2 Seconds...

play fullscreen
1 / 22

DePaul University - PowerPoint PPT Presentation


  • 487 Views
  • Uploaded on

DePaul University DePaul Information Security Today Microsoft Baseline Security Analyzer (MBSA) Using Internet Explorer securely Email Privacy and File Integrity Using email encryption Spam Outline What is MBSA? How to get it? Installation Features Demonstration

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'DePaul University' - Gabriel


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
depaul university

DePaul University

DePaul Information Security

today
Today
  • Microsoft Baseline Security Analyzer (MBSA)
  • Using Internet Explorer securely
  • Email Privacy and File Integrity
    • Using email encryption
  • Spam
outline
Outline
  • What is MBSA?
  • How to get it?
  • Installation
  • Features
  • Demonstration
securing windows systems
Securing Windows Systems
  • Operating System Updates
  • Use a Host Based Firewall
  • Account and Password Security
  • File Sharing
  • Microsoft Applications
what is mbsa
What is MBSA?
  • Created for Microsoft Systems specifically
  • Tool to make Windows based systems and server applications more secure.
  • MBSA points out known flaws which are not fixed on the tested system
  • Shows ways to patch security holes
  • Explains correct security guidelines
  • Current version MBSA 2.0
  • Presents a security snapshot
how to get it
How to get it?
  • Microsoft Web Site
    • http://www.microsoft.com/technet/security/tools/mbsa2/default.mspx
  • Search on Google
    • Microsoft Baseline Security Analyzer
installation
Installation
  • Wizard for easy installation
features
Features
  • Graphical User Interface (GUI) options
  • Scan local computer
  • Scan for common administrative vulnerabilities
  • Scan for missing security updates against the Microsoft Update catalog
  • Creates reports in MBSA
supports
Supports
  • Checks for common administrative vulnerabilities for:
    • Windows 2000, XP, 2003
    • Windows Server 2003
    • IIS 5.0, 6.0
    • SQL Server 7.0, 2000
    • IE 5.01+
    • Office 2000, XP, 2003
scans for common vulnerabilities
Scans for common vulnerabilities
  • Is Windows Firewall enabled?
  • Are Automatic Updates enabled?
  • Are strong passwords enforced?
  • Are unsecured Guest accounts enabled?
pretty good privacy pgp
Pretty Good Privacy - PGP
  • What is pgp and why use it
  • Cryptography
  • Key Pairs
  • Using PGP software
    • Exporting, Importing and Backing up Keys
    • Public Key Servers
    • Encrypt/Decrypt Mail
    • Encrypt/Decrypt Files
    • Symmetric (secret or conventional) encryption
  • Demonstration
encryption software
Encryption Software
  • What is PGP
    • Originally Authored by Philip Zimmermann in 1991
    • Strong encryption software
    • De-facto standard for email encryption today
  • Originally free software now owned by Network Associates – www.pgp.com
  • In 1997, OpenPGP working group formed to develop an open non-proprietary standard for PGP
  • GnuPG is completely free and compliant with OpenPGP
  • Email should not be considered private
  • PGP Allows for privacy and integrity
cryptography
Cryptography
  • Communicating in or deciphering secret writings or ciphers
  • Cipher Text
    • Unreadable information – jumbled data
  • Encryption
    • Process of scrambling informationconverting ordinary plaintext information to cipher test
  • Decryption
    • Recovering the plaintext back from the cipher text
  • Public Key cryptography (asymmetric)
    • Encryption and Decryption are performed using different keys
  • Secret Key cryptography (symmetric)
    • Same key is used for encryption and decryption
how does it work
How does it work?
  • Two Keys needed – Public and Private
  • To send someone mail or verify their signature, you need to know their public key
  • Using a public key, you encode or “encrypt” a chunk of data (file or email message)
  • Using a private key, you decode or “decrypt” the data to read the file or email
generating pgp keys
Generating PGP keys
  • The software will generate a public/private key pair
  • You specify the size of the key (1024, 2048 bits)
  • Need to provide a password to protect your key
public key 2048 bits
Public Key – 2048 bits

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

mQGiBERx5hsRBADsidrkWqSRLKM3VS2wZf74X5JwSrOJzJmBNWATdU/CNxC5Ip9m

d9NsNGEKeaX81FGs4JDUhqbuXSG8F939B0nN4M4jmiySlgHm/9NbQoMAHx4W0a71

wN05f2UFxWrIsMSBOEWTAsEh3WJ5IcWklohLCnHQjatdeZdoUgL5/4uLzwCg/xLU

soKchra6xS5mZju+5wkZa4EEAIqKyXJPfOmQ3+dfaTEJiJASs3MCrDWOcfU4LsE9

jeJKu8bc2Y9NyaJm/GFGRofa8pPf9C0rmTP1pX9enhq0OYUvspulmQjFDvVyiYrG

Ixy6au6mFZL4R4/Q306lpqpqTmwi6DEQx0fkwrUrhlj5v04Tofd2U1VYLPvYGXjy

RYecA/9xWPmGX+Dca4EAngMyZ1y0GzJnR59bvgtc2eNX0fqesQTrU+coF2gBCdxP

CZNtEXyZiEZQ7o8tGEQ5GrvKZM+/W4wAlY0P72GuGhuz1q4+e5NrI7wOGjMd9EXU

RTwSlq3qdmv5N/uGmePQ0wj8Eri0cqZjEP3MHhPoKht60BuB2LQWdGVzdCA8dGVz

dEBkZXBhdWwuZWR1PokATgQQEQIADgUCRHHmGwQLAwIBAhkBAAoJEMY+hoiF0arf

hmAAoL8H0JVdJ9X5CiTMikOyYK9AcbgMAJ4zZhwt22z3Z9CdmmM4KmIOnKc63bkC

DQREceYbEAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV

89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50

T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb

zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX

Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT

CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAggAyxVy81TbGHYNV9Mfh5Dfi9Iu

vsva8BiGrJFpY0jhfWfDlmGPEtqLZ6YzI++uAXQfuk2xLQsICy9RFflvtmeTNei8

k/2f6l89Pw4Dh+fI5WzMMuXUGW8g7hvSoQ878ffoFL8mQAMD9xntURVFLhne8364

qWTf1JSk0ftdMj0SyK2rXn+3JQPMB0R6x8DW4gM56cLKf09GyWlUqmAn/EXtc9iU

L6WfWYywhlJ+VBG22EKnJp+gHY6ib8swmiRK/LvCfY7fNgKAVyJj9M8F0/axm0H9

9bpX3JD36SkfrrUKXacfPJUvJR0ulXwr58PGMvhK04nxXQaMetqqPO/uRLLNIokA

RgQYEQIABgUCRHHmGwAKCRDGPoaIhdGq33HdAJ9VXtpQKmnI6RBZ3O6f31fqVMI0

3wCgxMkE2HsZ7+RKieDGNCsH3KFJof0=

=oMO0

-----END PGP PUBLIC KEY BLOCK-----

encrypted text
Encrypted Text
  • Plain text
    • Hello world
  • Encrypt with public key
  • Cipher text

-----BEGIN PGP MESSAGE-----

Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

qANQR1DBwU4DSTJMC1F2PksQB/0bmezbfmj/1NUYt5qM8TbOOl7uZH8wYNrsVFnF

ALv+wwdYFTMhT/DBoSWwnizkY31k0bTei57EjlNjg4z9mqgabm4OCj1s0O3GVQDP

tIafYzDmdOrojgZ2jrszExFARL47ygXZA5qnDxoI3W5RiSbn5iQpp66wucJETAey

cGQ6dTsnySTtmV9uB/tMyAPPnPQ+FP+Hd1bpBP000R+ySteLHjEKjMV752k=

=ScLD

-----END PGP MESSAGE-----

  • Decrypt with private key
  • Plain text
    • Hello World
getting encryption applications
Getting encryption applications
  • PGP
    • Commercial applications
    • http://www.pgp.com/
  • GnuPG
    • Complete and Free implementation
    • http://www.gnupg.org/
    • For Windows use gpg4win – www.gpg4win.org
using gnupg software
Using GnuPG software
  • Exporting, Importing and Backing up keys
    • text or ASCII file
    • BACKUP, I said BACKUP your keys
  • Public Key Servers
    • http://www.keyserver.net/en
    • http://pgp.mit.edu/
  • Encrypting Email and Files
  • Using Symmetric Encryption
  • Demonstration
the end
The End …

Questions