Presentation is loading. Please wait.

Presentation is loading. Please wait.

DePaul Information Security

Published byAdrian Nicholson Modified over 8 years ago

Similar presentations

Presentation on theme: "DePaul Information Security"— Presentation transcript:

1 DePaul Information Security
DePaul University DePaul Information Security

2 Today Microsoft Baseline Security Analyzer (MBSA)
Using Internet Explorer securely Privacy and File Integrity Using encryption Spam

3 Outline What is MBSA? How to get it? Installation Features
Demonstration

4 Securing Windows Systems
Operating System Updates Use a Host Based Firewall Account and Password Security File Sharing Microsoft Applications

5 What is MBSA? Created for Microsoft Systems specifically
Tool to make Windows based systems and server applications more secure. MBSA points out known flaws which are not fixed on the tested system Shows ways to patch security holes Explains correct security guidelines Current version MBSA 2.0 Presents a security snapshot

6 How to get it? Microsoft Web Site Search on Google
Search on Google Microsoft Baseline Security Analyzer

7 Installation Wizard for easy installation

8 Features Graphical User Interface (GUI) options Scan local computer
Scan for common administrative vulnerabilities Scan for missing security updates against the Microsoft Update catalog Creates reports in MBSA

9 Supports Checks for common administrative vulnerabilities for:
Windows 2000, XP, 2003 Windows Server 2003 IIS 5.0, 6.0 SQL Server 7.0, 2000 IE 5.01+ Office 2000, XP, 2003

10 Scans for common vulnerabilities
Is Windows Firewall enabled? Are Automatic Updates enabled? Are strong passwords enforced? Are unsecured Guest accounts enabled?

11 MBSA Demonstration

12 Pretty Good Privacy - PGP
What is pgp and why use it Cryptography Key Pairs Using PGP software Exporting, Importing and Backing up Keys Public Key Servers Encrypt/Decrypt Mail Encrypt/Decrypt Files Symmetric (secret or conventional) encryption Demonstration

13 Encryption Software What is PGP
Originally Authored by Philip Zimmermann in 1991 Strong encryption software De-facto standard for encryption today Originally free software now owned by Network Associates – In 1997, OpenPGP working group formed to develop an open non-proprietary standard for PGP GnuPG is completely free and compliant with OpenPGP should not be considered private PGP Allows for privacy and integrity

14 Cryptography Communicating in or deciphering secret writings or ciphers Cipher Text Unreadable information – jumbled data Encryption Process of scrambling information converting ordinary plaintext information to cipher test Decryption Recovering the plaintext back from the cipher text Public Key cryptography (asymmetric) Encryption and Decryption are performed using different keys Secret Key cryptography (symmetric) Same key is used for encryption and decryption

15 How does it work? Two Keys needed – Public and Private
To send someone mail or verify their signature, you need to know their public key Using a public key, you encode or “encrypt” a chunk of data (file or message) Using a private key, you decode or “decrypt” the data to read the file or

16 How does it work?

17 Generating PGP keys The software will generate a public/private key pair You specify the size of the key (1024, 2048 bits) Need to provide a password to protect your key

18 Public Key – 2048 bits -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware for non-commercial use < mQGiBERx5hsRBADsidrkWqSRLKM3VS2wZf74X5JwSrOJzJmBNWATdU/CNxC5Ip9m d9NsNGEKeaX81FGs4JDUhqbuXSG8F939B0nN4M4jmiySlgHm/9NbQoMAHx4W0a71 wN05f2UFxWrIsMSBOEWTAsEh3WJ5IcWklohLCnHQjatdeZdoUgL5/4uLzwCg/xLU soKchra6xS5mZju+5wkZa4EEAIqKyXJPfOmQ3+dfaTEJiJASs3MCrDWOcfU4LsE9 jeJKu8bc2Y9NyaJm/GFGRofa8pPf9C0rmTP1pX9enhq0OYUvspulmQjFDvVyiYrG Ixy6au6mFZL4R4/Q306lpqpqTmwi6DEQx0fkwrUrhlj5v04Tofd2U1VYLPvYGXjy RYecA/9xWPmGX+Dca4EAngMyZ1y0GzJnR59bvgtc2eNX0fqesQTrU+coF2gBCdxP CZNtEXyZiEZQ7o8tGEQ5GrvKZM+/W4wAlY0P72GuGhuz1q4+e5NrI7wOGjMd9EXU RTwSlq3qdmv5N/uGmePQ0wj8Eri0cqZjEP3MHhPoKht60BuB2LQWdGVzdCA8dGVz dEBkZXBhdWwuZWR1PokATgQQEQIADgUCRHHmGwQLAwIBAhkBAAoJEMY+hoiF0arf hmAAoL8H0JVdJ9X5CiTMikOyYK9AcbgMAJ4zZhwt22z3Z9CdmmM4KmIOnKc63bkC DQREceYbEAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV 89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50 T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAggAyxVy81TbGHYNV9Mfh5Dfi9Iu vsva8BiGrJFpY0jhfWfDlmGPEtqLZ6YzI++uAXQfuk2xLQsICy9RFflvtmeTNei8 k/2f6l89Pw4Dh+fI5WzMMuXUGW8g7hvSoQ878ffoFL8mQAMD9xntURVFLhne8364 qWTf1JSk0ftdMj0SyK2rXn+3JQPMB0R6x8DW4gM56cLKf09GyWlUqmAn/EXtc9iU L6WfWYywhlJ+VBG22EKnJp+gHY6ib8swmiRK/LvCfY7fNgKAVyJj9M8F0/axm0H9 9bpX3JD36SkfrrUKXacfPJUvJR0ulXwr58PGMvhK04nxXQaMetqqPO/uRLLNIokA RgQYEQIABgUCRHHmGwAKCRDGPoaIhdGq33HdAJ9VXtpQKmnI6RBZ3O6f31fqVMI0 3wCgxMkE2HsZ7+RKieDGNCsH3KFJof0= =oMO0 -----END PGP PUBLIC KEY BLOCK-----

19 Encrypted Text Hello world Hello World Plain text
Encrypt with public key Cipher text -----BEGIN PGP MESSAGE----- Version: PGPfreeware for non-commercial use < qANQR1DBwU4DSTJMC1F2PksQB/0bmezbfmj/1NUYt5qM8TbOOl7uZH8wYNrsVFnF ALv+wwdYFTMhT/DBoSWwnizkY31k0bTei57EjlNjg4z9mqgabm4OCj1s0O3GVQDP tIafYzDmdOrojgZ2jrszExFARL47ygXZA5qnDxoI3W5RiSbn5iQpp66wucJETAey cGQ6dTsnySTtmV9uB/tMyAPPnPQ+FP+Hd1bpBP000R+ySteLHjEKjMV752k= =ScLD -----END PGP MESSAGE----- Decrypt with private key Hello World

20 Getting encryption applications
PGP Commercial applications GnuPG Complete and Free implementation For Windows use gpg4win –

21 Using GnuPG software Exporting, Importing and Backing up keys
text or ASCII file BACKUP, I said BACKUP your keys Public Key Servers Encrypting and Files Using Symmetric Encryption Demonstration

22 The End … Questions

Download ppt "DePaul Information Security"

Similar presentations

II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.

II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.
PGP Overview 2004/11/30 Information-Center meeting peterkim.

PGP Overview 2004/11/30 Information-Center meeting peterkim.
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.

Pretty Good Privacy (PGP). How PGP works PGP uses both public-key cryptography and symmetric key cryptography, and includes a system which binds the public.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer

Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
Guide to Operating System Security Chapter 10 E-mail Security.

Guide to Operating System Security Chapter 10 Security.
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
SMUCSE 5349/49 Email Security. SMUCSE 5349/7349 Threats Threats to the security of e-mail itself –Loss of confidentiality E-mails are sent in clear over.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Fmdszqujpo! Encryption!. Encryption  Group Activity 1:  Take the message you were given, and create your own encryption.  You can encrypt it anyway.

Fmdszqujpo! Encryption!. Encryption  Group Activity 1:  Take the message you were given, and create your own encryption.  You can encrypt it anyway.
Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.

Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.

Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
Masud Hasan 03-60-475 SecueEmail VS Hushmail Project 2.

Masud Hasan Secue VS Hushmail Project 2.
Operating Systems Concepts 1/e Ruth Watson Chapter 4 Chapter 4 Windows Utilities Ruth Watson.

Operating Systems Concepts 1/e Ruth Watson Chapter 4 Chapter 4 Windows Utilities Ruth Watson.

Similar presentations

Ads by Google