HW #7: Security Design Principles/Threat Modeling. CS 392/6813: Computer Security Fall 2008 Due 11/30/08. [100pts]
|
|
- Lilian Williams
- 5 years ago
- Views:
Transcription
1 HW 7: Security Design Principles/Threat Modeling CS 392/6813: Computer Security Fall 2008 Due 11/30/08 [100pts] Note: For this HW, you are free to work in teams of no more than two people! Each team needs to submit only one copy of their HW, with the names of team members clearly marked. Please MAKE SURE that your answers are original and honest if you copy your answers from resources you don t cite, you ll be easily caught, and would not be given any credit! Problem 1 [40pts] In this exercise, your task is to prepare an attack/threat tree related to the security and privacy of RFID communication. Your primary reference is this presentation: which lists various threats (and also possible solutions, you don t need to refer to the solutions for the sake of this exercise). You are also recommended and free to use any other resources (they are there aplenty online) to prepare your attack tree. Try to cover all possible attacks, from the physical layer to the application layer, and with respect to both security and privacy, and try to cover all steps in a particular attack. If your tree becomes huge, you can split it up among separate trees. It is preferable to use a Textual representation for the tree. The tree can also be hand-drawn, but it should be clear and easily understandable (that s the whole purpose of attack trees to document the attacks nicely) Your work would be useful for my present/future research in this area by looking at a well-documented and complete attack tree, I can have a very clear understanding of all possible threats. Thanks to you in advance Problem 2 [7*3=21pts] If you don t know about them already, learn about the following computer security concepts (say, through wikipedia), explain them in your own words and discuss which security design principle(s) they exploit or violate: 1. Two-Factor Authentication 2. Spam ( , web,..) 3. Pharming
2 4. Trusted computing 5. Reverse engineering 6. Site-Specific Browser 7. P2P Pollution Problem 3 [20+19pts] A web server implements access control using two mechanisms. The (perl based) pseudo code for the implementation of these two mechanisms, called version 1 and version2, is provided below. Argue whether or not version 1 and version 2 implementations satisfy the eight security design principles that we studied in class. In case a design principle is not applicable, mention it and explain the reason why it is not applicable Pseudocode for Web Server Access Control Application version 1 Network Setup Setup Socket Listening for Connections socket_listen(); Bind Socket to port 80 bind_socket(port) bind_socket(80); Start Listening to incoming connections listen(); Accept new connection while listen == true accept(); Connected to Client Ask if user is returning or needs new account. send_welcome(); logcredentials(); catch_response will determine what the user's answer is and ensure it is then send it on to create new user or returning user
3 in the format we want (yes or no) catch_response(); new_user(); returning_user(); This function is responsible for keeping track of all attempts to log in to the server. sub logcredentials $username = request_name(); Create a password hash using our propriety hash function. The code for proprietyhash() has not been included in this document because it is closed-source and has been patented. $passhash = proprietyhash(request_passwd()); setuid("root"); open(loghandle, "+<credlog.txt") or die("error opening log file."); print ($loghandle $username. $passhash); close loghandle; setuid("http_daemon"); Create a new user account new_user function $name = request_new_name(); Make sure username is 8 or more characters and less than 15 input_lenght(min, max, name) input_length(8, 15, $name) To prevent username guessing, check that the username contains at least three non-alphanumeric characters while ($numspecialchars < 3) If the provided username does not have the requisite amount of special characters, request a new username. $name = request_new_name(); Count the number of characters in the provided username. $numspecialchars =0 foreach $byte (split //, $name) if(isspecialchar($byte)) $numspecialchars++; See if username exists by checking against /etc/.app_passwd file user_exists($name) Request new name if necessary $name = request_new_name();
4 If name is ok, ask for password $newpass = request_new_pass(); Ensure password is 8 or more characters max 30 input_length(8, 30, $newpass); If password fails check, ask for new one $newpass = request_new_pass(); If password and name are ok, record them to /etc/app_passwd First need hash of password, passwd_hash calls the unix command line md5 -s program to create a secure hash $passwd_hash = gen_hash($newpass) Write out username, password and date of creation to /etc/app_passwd file Grab Date $date = gen_timestamp(); add_user(date, username, password hash) add_user($date, $name, $passwd_hash); Authenticate Returning User returning_user function $username = request_name(); $pass = request_passwd(); $rsakey = getrsakey(); First need hash of password, passwd_hash calls the unix command line md5 -s program to create a secure hash $passwd_hash = gen_hash($pass) Compare the given username and password hash to the hash stored in /etc/app_passwd file for the given user through the compare_pass() function compare_pass(user, hash) $validcredentials = compare_pass($username, $passwd_hash); Check if the RSA Key supplied by the user matches the one stored by the server $legitimatekey = keycheck($rsakey); Grab Date so we can record last login time $date = gen_timestamp(); If the user is authenticated, report last login time and record current time if ($validcredentials && $legitimatekey) $lastlogin = grab_logintime($username);
5 record_login_time($username, $date); From here user can procede into system else if user fails login, start back over and let them try again else send_welcome(); Pseudocode for Web Server Access Control Application version 2 This function is responsible for checking whether or not a user has been authenticated within a given time span. sub getauthentication($username) $authenticationstatus; setuid("root"); open(authfilehandle, "+<authentication.txt") or die("error opening authentication file."); $line = <authfilehandle>; chomp $line; if ($line == $username) $authenticationstatus=1; else $authenticationstatus=0; setuid("http_daemon"); return $authenticationstatus $authenticated =getauthentication($username); Network Setup Setup Socket Listening for Connections socket_listen(); Bind Socket to port 80 bind_socket(port) bind_socket(80);
6 Start Listening to incoming connections listen(); Accept new connection while listen == true accept(); Connected to Client If connecting client is running v2 then they should send cert right away $cert = grab_cert(); Check if the certificate sent by the client has been previously accepted if ($authenticated) Allow the user access to the server. spawnshell(); else See if cert is signed by our CA and if signature is valid check_cert(certificate) returns true or false $signed_cert = check_cert($cert); Procede with Certificate Authentication If the cert is signed by our CA we can procede to check cert for freshness if($signed_cert) $cert_date = get_cert_date($cert) Grab Date so we can compare to date on cert $today = gen_timestamp(); cert false Compare date on cert to today's date to determine freshness of compare_dates(date, date, time limit in days) returns true or $fresh = compare_dates($today, $cert_date, 365) if (!$fresh) then disconnnect("certificate is no longer valid.") else continue $username = extract_user($cert); Check name on cert against list in /etc/app_certs check_user(username) returns true or false depending on
7 if the Name from the certificate is stored in the app_certs file $valid_user = check_user($username); From here user can procede into system if $valid $authenticated = 1; Note this authentication for later use. setauthentication($authenticated, $username); continue... else disconnect("certificate does not contain valid Authentication Name") Revert to version 1 else if!$signed_cert If Certificate is not valid, either the cert is bad or the client is not using v2 of software. Lets post a message about where to get info on v2 of software and how to get a valid cert from our cert server then drop back to username/password access Welcome tells user about upgrade procedures send_welcome(); Authenticate Returning User returning_user function $username = request_name(); $pass = request_passwd(); First need hash of password, passwd_hash calls the unix command line md5 -s program to create a secure hash $passwd_hash = gen_hash($pass) in Compare the given username and password hash to the hash stored
8 /etc/app_passwd file for the given user through the compare_pass() function compare_pass(user, hash) $valid = compare_pass($username, $passwd_hash); Grab Date so we can record last login time $date = gen_timestamp(); If the user is authenticated, report last login time and record current time if ($valid) $lastlogin = grab_logintime($username); record_login_time($username, $date); From here user can procede into system $authenticated = 1; Note this authentication for later use. setauthentication($authenticated, $username); spawnshell(); else if user fails login, let them in as a guest. else $username = "guest"; $pass = ""; Allow the guest user access to the server. spawnshell();
TOTAL CONTROL SECURITY END USER GUIDE
TOTAL CONTROL EMAIL SECURITY END USER GUIDE Welcome to the Total Control email security solution, which protects you against spam, viruses, phishing exploits, and other email-borne threats. In this guide,
More informationProving who you are. Passwords and TLS
Proving who you are Passwords and TLS Basic, fundamental problem Client ( user ) How do you prove to someone that you are who you claim to be? Any system with access control must solve this Users and servers
More informationOrbital provide a secure (SSL) Mailserver to protect your privacy and accounts.
Email Configuration This document is designed to help our clients in setting up email accounts on popular devices and email client software. Orbital provide a secure (SSL) Mailserver to protect your privacy
More informationCrypto meets Web Security: Certificates and SSL/TLS
CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationSCRAM authentication Heikki Linnakangas / Pivotal
SCRAM authentication Heikki Linnakangas / Pivotal pg_hba.conf # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all trust # Use plaintext authentication
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationTPM v.s. Embedded Board. James Y
TPM v.s. Embedded Board James Y What Is A Trusted Platform Module? (TPM 1.2) TPM 1.2 on the Enano-8523 that: How Safe is your INFORMATION? Protects secrets from attackers Performs cryptographic functions
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationSCRAM authentication Heikki Linnakangas / Pivotal
SCRAM authentication Heikki Linnakangas / Pivotal pg_hba.conf # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all trust # Use plaintext authentication
More informationConnectUPS-X / -BD /-E How to use and install SSL, SSH
ConnectUPS-X /-BD /-E product family Root CA Certificate installation Rev. B Page 1/16 Index 1. How to use and install SSL (Secure Socket Layer)...3 1.1. General Certificate warning message if not installed...3
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationEnroll in Two factor Authentication - iphone
OVERVIEW Passwords are increasingly easy to compromise. They can often be stolen, guessed, or hacked you might not even know someone is accessing your account. Two factor authentication adds a second layer
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationSecuring PostgreSQL From External Attack
Securing From External Attack BRUCE MOMJIAN, ENTERPRISEDB September, 2009 Abstract systems are rich with attack vectors to exploit. This presentation explores the many potential external vulnerabilities
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationLet us know what you d like to do:
Thank you for registering your new Co-operative Energy online account. Your new online account has a fresh new look and brings home energy management right to your fingertips. Below you will find a guide
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationApache Security with SSL Using FreeBSD
Apache Security with SSL Using FreeBSD cctld Workshop February 14, 2007 Hervey Allen Network Startup Resource Center Some SSL background Invented by Netscape for secure commerce. Only available using Netscape
More informationElements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 3 Due: Monday, 11/28/2016 at 11:55pm PT Solution: Will be posted
More informationSecurity in ECE Systems
Lecture 11 Information Security ECE 197SA Systems Appreciation Security in ECE Systems Information security Information can be very valuable Secure communication important to protect information Today
More informationQuick Start. for Users. Online Banking
Quick Start for Users Online Banking Table of Contents Getting Started... 1 Multifactor Authentication.... 2 Log In.... 3 Reset Your Password.... 4 Reset Your Security Question... 6 Change Your Phone Number....
More informationYou are just a couple of steps away from your new Sky and Tools powered by Google. next >>
You are just a couple of steps away from your new Sky Email and Tools powered by Google next >> First enable POP Download at sky.com/tools 1 2 POP lets you download messages from Sky s email servers onto
More informationLecture 3 - Passwords and Authentication
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 3 - Passwords and Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor
More information(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection
Pattern Recognition and Applications Lab (System) Integrity attacks System Abuse, Malicious File upload, SQL Injection Igino Corona igino.corona (at) diee.unica.it Computer Security April 9, 2018 Department
More informationConfiguring OpenVPN on pfsense
Configuring OpenVPN on pfsense Configuring OpenVPN on pfsense Posted by Glenn on Dec 29, 2013 in Networking 0 comments In this article I will go through the configuration of OpenVPN on the pfsense platform.
More informationProgramming Project # 2. CS255 Due: Wednesday, 3/9, 11:59pm Pacific Elizabeth Stinson
Programming Project # 2 CS255 Due: Wednesday, 3/9, 11:59pm Pacific Elizabeth Stinson The players CertificateAuthority: everyone trusts him He signs the pub keys of valid entities (Brokers, BrokerClients)
More informationBEYOND TRADITIONAL PASSWORD AUTHENTICATION: PKI & BLOCKCHAIN
SESSION ID: GPS-R09B BEYOND TRADITIONAL PASSWORD AUTHENTICATION: PKI & BLOCKCHAIN Sid Desai Head of Business Development Remme.io @skd_desai Agenda Our relationship to our digital-selves Evolution of Authentication
More informationTopic 15: Authentication
Topic 15: Authentication CITS3403 Agile Web Development Getting MEAN with Mongo, Express, Angular and Node, Chapter 11 Semester 1, 2018 Secure web apps Security is a primary concern for anyone developing
More informationFall 2005 Joseph/Tygar/Vazirani/Wagner Final
CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner Final PRINT your name:, (last) SIGN your name: (first) PRINT your Unix account name: PRINT your TA s name: You may consult any books, notes,
More informationSE420 Software Quality Assurance
SE420 Software Quality Assurance Encryption Backgrounder September 5, 2014 Sam Siewert Encryption - Substitution Re-map Alphabet, 1-to-1 and On-to (function) A B C D E F G H I J K L M N O P Q R S T U V
More informationCHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM
109 CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM Security is considered to be the most critical factor in many applications. The main issues of such
More informationSPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
SPOOFING Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Determine relevance of
More informationStep 1 - Go to Step 2 - Login to your account. Step 3 - Click Register for a Test. Step 4 - Read the Requirements
Step 1 - Go to www.texes.ets.org Go to www.texes.ets.org Click the register link found in the top navigation. Step 2 - Login to your account Enter your username and password and click login. If you do
More informationSecurity Cooperation Information Portal
June 2017 https://www.scportal.us/ Contents Website... 3 Home... 3 Registration Info... 3 User Agreement... 4 SCIP Logon... 4 Digital Certificate with Name CAC or PKI users... 4 Token Users... 5 Warning
More informationExchange 2013 User Guide For Apple devices
Exchange 2013 User Guide For Apple devices Notes and pre-setup advice 3 Exchange 2013 differences 3 Ultra Quick start guide 3 Welcome to Exchange 2013 4 Welcome 4 About Exchange mailboxes 4 Getting Started
More informationJohn Coggeshall Copyright 2006, Zend Technologies Inc.
PHP Security Basics John Coggeshall Copyright 2006, Zend Technologies Inc. Welcome! Welcome to PHP Security Basics Who am I: John Coggeshall Lead, North American Professional Services PHP 5 Core Contributor
More informationSecuring PostgreSQL From External Attack
Securing From External Attack BRUCE MOMJIAN systems are rich with attack vectors to exploit. This presentation explores the many potential external vulnerabilities and shows how they can be secured. Includes
More informationGrandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide
Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide Table of Contents SUPPORTED DEVICES... 5 INTRODUCTION... 6 GWN7000 VPN FEATURE... 7 OPENVPN CONFIGURATION... 8 OpenVPN
More informationDigi Application Guide Configure VPN Tunnel with Certificates on Digi Connect WAN 3G
1. Configure Digi Connect WAN 3G VPN Tunnel with Certificates. Objective: Configure a Digi Connect WAN 3G to build a VPN tunnel using custom certificates. 1.1 Software Requirements - Digi Device Discovery
More informationRegister ASA. A Guide to Registering Travel Teams RETURNING TEAM 2014 Version
Register ASA A Guide to Registering Travel Teams RETURNING TEAM 2014 Version Southern California ASA Revised 12/10/2013 1 New for 2014 Photo ID s are no longer required. Travel Teams have the option of
More informationRegistration Cheat Sheet
Registration Cheat Sheet Click on the links below for step-by-step instructions on how to register for the Vitality Walk online at www.parkinsonrockies.org/vitalitywalk A few important notes before you
More informationWeb Client Installation under Windows 7 and Windows Vista
Web Client Installation under Windows 7 and Windows Vista Due to extended and enhanced security features of Windows 7, Windows Vista, and Internet Explorer, the installation of the Web client is different
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationAttacking Your Two-Factor Authentication (PS: Use Two-Factor Authentication)
Attacking Your Two-Factor Authentication (PS: Use Two-Factor Authentication) 08 Jun 2017 K-LUG Technical Meeting Rochester, MN Presented by: Vi Grey Independent Security Researcher https://vigrey.com Who
More informationR (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.
R (2) N (5) Oral (3) Total (10) Dated Sign Experiment No: 1 Problem Definition: Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing. 1.1 Prerequisite:
More informationSEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security
SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security Consider 2. Based on DNS, identified the IP address of www.cuhk.edu.hk is 137.189.11.73. 1. Go to http://www.cuhk.edu.hk 3. Forward the
More informationMULTI FACTOR AUTHENTICATION USING THE NETOP PORTAL. 31 January 2017
MULTI FACTOR AUTHENTICATION USING THE NETOP PORTAL 31 January 2017 Contents 1 Introduction... 2 1.1 Prerequisite for configuring the multi-factor authentication:... 2 1.1.1 On the Guest side... 2 1.1.2
More informationowncloud Android App Manual
owncloud Android App Manual Release 2.0.0 The owncloud developers December 14, 2017 CONTENTS 1 Using the owncloud Android App 1 1.1 Getting the owncloud Android App...................................
More informationFIPS Management. FIPS Management Overview. Configuration Changes in FIPS Mode
This chapter contains the following sections: Overview, on page 1 Configuration Changes in FIPS Mode, on page 1 Switching the Appliance to FIPS Mode, on page 2 Encrypting Sensitive Data in FIPS Mode, on
More informationManaging Administrative Security
5 CHAPTER 5 Managing Administrative Security This chapter describes how to manage administrative security by using the secure administration feature. This chapter assumes that you are familiar with security
More informationShould you encounter any issues or have questions as you go through this registration process, please send an to:
User Registration In order to use EFIS 2.0, a one-time registration process is required. This document outlines the steps required to register your user account and access EFIS 2.0: This registration process
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationInternet security and privacy
Internet security and privacy SSL/TLS 1 Application layer App. TCP/UDP IP L2 L1 2 Application layer App. SSL/TLS TCP/UDP IP L2 L1 3 History of SSL/TLS Originally, SSL Secure Socket Layer, was developed
More informationOE TRACKER Mobile App by ARBO
Description OE TRACKER Mobile App by ARBO Instructions for Optometrists Attending CE Courses (for Apple v 1.2 and Android v 1.2) Optometrists can use the OE TRACKER mobile app to record attendance at continuing
More informationCOMP 250. Lecture 27. hashing. Nov. 10, 2017
COMP 250 Lecture 27 hashing Nov. 10, 2017 1 RECALL Map keys (type K) values (type V) Each (key, value) pairs is an entry. For each key, there is at most one value. 2 RECALL Special Case keys are unique
More informationElements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 3 Due: Monday, 11/28/2016 at 11:55pm PT Solution: Will be posted
More informationQualys Cloud Platform (VM, PC) v8.x Release Notes
Qualys Cloud Platform (VM, PC) v8.x Release Notes Version 8.18.1 April 1, 2019 This new release of the Qualys Cloud Platform (VM, PC) includes improvements to Vulnerability Management and Policy Compliance.
More informationLet us know what you d like to do:
Thank you for registering your new Co-operative Energy online account. Your new online account has a fresh new look and brings home energy management right to your fingertips. Below you will find a guide
More informationSmartVoice Portal. End User Quick Start Guide. Contact Customer Care at /26/2017 for additional assistance.
SmartVoice Portal End User Quick Start Guide Contact Customer Care at 877-487-8722 3/26/2017 for additional assistance. 1 LOGIN Go to https://portal.sv.tpx.com Enter the Username and Password information
More informationPrinting wirelessly from your own device at KDL branches. Creating an account as a first time user
Printing wirelessly from your own device at KDL branches Creating an account as a first time user 1. Go to the SmartALEC portal through any online browser (ie, Chrome, Safari, Edge, Opera) by going to
More informationBerner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 2
Table of Contents Hacking Web Sites Broken Authentication Emmanuel Benoist Spring Term 2018 Introduction Examples of Attacks Brute Force Session Spotting Replay Attack Session Fixation Attack Session Hijacking
More informationSecuring PostgreSQL From External Attack
Securing PostgreSQL From External Attack BRUCE MOMJIAN systems are rich with attack vectors to exploit. This presentation explores the many potential PostgreSQL external vulnerabilities and shows how they
More informationConfigure Settings and Customize Notifications on FindIT Network Probe
Configure Email Settings and Customize Email Notifications on FindIT Network Probe Objective Cisco FindIT Network Probe equips a network administrator with indispensable tools that help securely monitor
More informationThis Security Policy describes how this module complies with the eleven sections of the Standard:
Vormetric, Inc Vormetric Data Security Server Module Firmware Version 4.4.1 Hardware Version 1.0 FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation May 24 th, 2012 2011 Vormetric Inc. All rights
More informationCryptography for Software and Web Developers
Cryptography for Software and Web Developers Part 4: randomness, hashing, tokens Hanno Böck 2014-05-28 1 / 13 Bad random numbers Random fails Example: Factoring RSA keys Good / bad randomness In security
More informationComodo Endpoint Security Manager Software Version 3.4
Cert dialog Comodo Endpoint Security Manager Software Version 3.4 How to Upgrade CESM from Version 3.3 to 3.4 Guide Version 3.4.072415 Comodo Security Solutions, Inc. 1255 Broad Street Clifton, NJ 07013
More informationSecure PostgreSQL Deployment
Secure PostgreSQL Deployment PGDay'14 Russia St Petersburg, Russia Magnus Hagander magnus@hagander.net PRODUCTS CONSULTING APPLICATION MANAGEMENT IT OPERATIONS SUPPORT TRAINING Magnus Hagander PostgreSQL
More informationAriba Supplier Information Management
Ariba Supplier Information Management Supplier Registration Process Ariba Self Registration Handbook General Atomics 1 What is Ariba SIM? Ariba Supplier Information Management (SIM) is a SAP solution that
More informationSigning up for Psychology Experiments Instructions
Signing up for Psychology Experiments Instructions http://experimetrix.com/vandy/ Experimetrix is a web site that handles the scheduling of all of the psychology experiments available for credit. It also
More informationHow to register and enter scores for a NASP virtual tournament. Basic Steps:
How to register and enter scores for a NASP virtual tournament. Basic Steps: 1. Register the school and the tournament roster. 2. Add group information, coaches, and other registration info. 3. Come back
More informationSCRAM authentication. Michael Paquier VMware 2017/12/06, PGConf Asia 2017
SCRAM authentication Michael Paquier VMware 2017/12/06, PGConf Asia 2017 Authentication methods Password Plain text MD5 SCRAM-SHA-256 RADIUS, ldap, pam, BSD... SSL certificates Kerberos, SSPI (Windows)
More informationInstallation guide for Choic Multi User Edition
Installation guide for ChoiceMail Multi User Edition March, 2004 Version 2.1 Copyright DigiPortal Software Inc., 2002 2004 All rights reserved ChoiceMail Multi User Installation Guide 1. Go to the URL
More informationChapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing
Chapter 6: Digital Certificates Introduction Methods PKI Digital Certificate Passing Prof Bill Buchanan OBE http://asecuritysite.com/crypto06 http://asecuritysite.com/encryption Identity on the Internet
More informationManaging External Identity Sources
CHAPTER 5 The Cisco Identity Services Engine (Cisco ISE) integrates with external identity sources to validate credentials in user authentication functions, and to retrieve group information and other
More informationLecture 3 - Passwords and Authentication
Lecture 3 - Passwords and Authentication CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12 What is authentication? Reliably verifying
More informationGE Supplier Portal Guide.
GE Supplier Portal Guide http://www.gesupplier.com FAQ (Frequent Asked Questions) 1. What web address should I use to go to GE Supplier Portal? 2. Do I need to register to be able to access Accounts Payable
More informationSecure IIS Web Server with SSL
Publication Date: May 24, 2017 Abstract The purpose of this document is to help users to Install and configure Secure Socket Layer (SSL) Secure the IIS Web server with SSL It is supported for all EventTracker
More informationProvider Treatment Portal User Guide
Provider Treatment Portal User Guide THE SMARTER WAY TO SUBMIT AND TRACK APTP FORMS OVERVIEW Welcome to Procura s Provider Treatment Portal User Guide. This new portal provides a fast, secure and efficient
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall 2011.
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2011 Quiz I: Solutions Please do not write in the boxes below. I (xx/20) II (xx/10) III (xx/16)
More informationIntroduction to Security and User Authentication
Introduction to Security and User Authentication Brad Karp UCL Computer Science CS GZ03 / M030 14 th November 2016 Topics We ll Cover User login authentication (local and remote) Cryptographic primitives,
More informationCS 326: Operating Systems. Networking. Lecture 17
CS 326: Operating Systems Networking Lecture 17 Today s Schedule Project 3 Overview, Q&A Networking Basics Messaging 4/23/18 CS 326: Operating Systems 2 Today s Schedule Project 3 Overview, Q&A Networking
More informationRobust Defenses for Cross-Site Request Forgery Review
Robust Defenses for Cross-Site Request Forgery Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 16, 2011 1 Introduction to the topic and the reason for the topic
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Midterm 2 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be
More informationBitcoin, Security for Cloud & Big Data
Bitcoin, Security for Cloud & Big Data CS 161: Computer Security Prof. David Wagner April 18, 2013 Bitcoin Public, distributed, peer-to-peer, hash-chained audit log of all transactions ( block chain ).
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 6 Week of March 6, 2017 Question 1 Password Hashing (10 min) When storing a password p for user u, a website randomly generates a string s (called
More informationSymantec Security. Setup and Configuration Guide
Symantec Email Security Setup and Configuration Guide I. Requirements A Symantec Email Security subscription A registered domain name Hosted email service Internet connection 2 II. Getting Started When
More informationSecurity & Privacy. Larry Rudolph. Pervasive Computing MIT SMA 5508 Spring 2006 Larry Rudolph
Security & Privacy Larry 1 Who cares about Privacy? Everybody? Nobody? Criminals? Governments? Corporations? Privacy is the right to keep information hidden. But there is lots of information. You do not
More informationNESSO QUICKSTART GUIDE
Fleet Numerical Meteorology and Oceanography Center NESSO QUICKSTART GUIDE REGISTRATION AND USE April 20, 2007 Version 2.04 Approved for public release; distribution is unlimited Navy Enterprise Single
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More information0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken
0/41 Alice Who? Authentication Protocols Andreas Zeller/Stephan Neuhaus Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken The Menu 1/41 Simple Authentication Protocols The Menu 1/41 Simple
More informationMaria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor Security
Migrant Student Information Exchange (MSIX) Security, Privacy and Account Management Webinar Deloitte Consulting LLP. February 22, 2018 Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor
More informationEnroll in MyCardStatement.com Client User Guide
Enroll in MyCardStatement.com Client User Guide GETTING STARTED Visit MyCardStatement.com. Click on Enroll Now! ACCOUNT ENROLLMENT Input your full credit card number on the face of the card (do not use
More informationFPS BYOD Wireless Network
FPS BYOD Wireless Network This document will help users connect their personally owned wireless devices to Framingham Public Schools BYOD wireless network. Visitors: If you have a visitor with a personal
More informationRegister ASA. A Guide to Registering Travel Teams CREATING A NEW TEAM 2014 Version
Register ASA A Guide to Registering Travel Teams CREATING A NEW TEAM 2014 Version Southern California ASA Revised 12/10/2013 1 New for 2014 Photo ID s are no longer required. Travel Teams have the option
More informationUTM Firewall Registration & Activation Manual DFL-260/ 860. Ver 1.00 Network Security Solution
UTM Firewall Registration & Activation Manual DFL-260/ 860 Ver 1.00 curitycu Network Security Solution http://security.dlink.com.tw 1.Introduction...02 2.Apply for a D-Link Membership...03 3.D-Link NetDefend
More informationKerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos
Kerberos and Public-Key Infrastructure Key Points Kerberos is an authentication service designed for use in a distributed environment. Kerberos makes use of a thrusted third-part authentication service
More information6.033 Computer System Engineering
MIT OpenCourseWare http://ocw.mit.edu 6.033 Computer System Engineering Spring 2009 For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms. Nickolai Zeldovich
More informationHow to use CPCS-ON System: LOGGING IN & MANAGING USERS
Things you will need: The email sent to you with your Username and Password. The web address where the system is located, given to you in the same e-mail. What is the basic system functionality: CPCS-On
More information10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms
Authentication IT443 Network Security Administration Instructor: Bo Sheng Authentication Mechanisms Key Distribution Center and Certificate Authorities Session Key 1 2 Authentication Authentication is
More information