SLIDE 1
Communication security
- ver the Internet
Me Internet Resource Attack vectors Server Client Internet
Communication security over the Internet The big picture Me - - PowerPoint PPT Presentation
Communication security over the Internet The big picture Me - - PowerPoint PPT Presentation
Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN
SLIDE 2
SLIDE 3
DNS WWW Router Client LAN MAN Internet Back Bone
Networking
- verview
SLIDE 4
Internet LAN Router 1 2 3 1 2 3 4 5 MITM (Man In The Middle)
AV: Spoofing
SLIDE 5
Internet W-LAN Router Sniffer
AV: Sniffing Use WPA! Don't use WEP!
SLIDE 6
HTTP network capture
SLIDE 7
Enc ncryp ypt Decrypt
Encryption
SLIDE 8
Internet %#$ %#$ a a b b c c %#$ a a b b c c ???!!!
Encrypted channel
SLIDE 9
HTTPS Capture
SLIDE 10
- 1. requ
quest
- 2. certificate
- 3. keys
- 4. da
data Client Server
HTTPS (TLS/SSL)
SLIDE 11
AV: Phishing
my-bank.com my-bamk.com %#$ % % # # $ $
SLIDE 12
AV: DNS
my-bank.com my-bank.com % % # # $ $ Root NS NS
- 1. where is “m-b”
Resolver where? Other NS there! where? there! where? NS there!
SLIDE 13
- 1. requ
quest
- 2. certificate
- 4. keys
- 5. da
data
- 3. verify
delegate s s i i g g n n Client Server CA CA
SSL / Certificates
SLIDE 14
SSL in action (1)
SLIDE 15
SSL in action (2)
SLIDE 16
SSL in action (3)
SLIDE 17
SSL in action (4)
SLIDE 18
SSL missing in action ???!!!
SLIDE 19
??? Huh ???
SLIDE 20
Check “SHA1 Fingerprint”!!! Don't rely on “MD5 Fingerprint”!!!
SLIDE 21
The explanation!
SLIDE 22
Email security
Browser Outlook HTTPS IMAPS My-Mail Extra-Mail ??? ;)
Use GnuPG!
SLIDE 23