securitatea informatiei
DESCRIPTION
Viruși. Spam. Malware. Botnets. Phishing. Rootkits. Ce au toate în comun? Cum ne putem proteja? O detaliere a tendințelor din domeniu, cu soluții practice.TRANSCRIPT
![Page 1: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/1.jpg)
![Page 2: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/2.jpg)
despre mine
![Page 3: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/3.jpg)
Tudor DamianIT Solutions Specialist
tudy.tel
![Page 4: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/4.jpg)
despre seminar
![Page 5: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/5.jpg)
![Page 6: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/6.jpg)
![Page 7: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/7.jpg)
activități de zi cu zi
![Page 8: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/8.jpg)
”dă-mi un link la blogul ăla...”
![Page 9: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/9.jpg)
”trimite-mi pe mail...”
![Page 10: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/10.jpg)
”uite ce-am găsit pe google...”
![Page 11: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/11.jpg)
”dacă ai id de mess, îți trimit acolo fișierul...”
![Page 12: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/12.jpg)
”pot să-mi verific mail-ul?...”
![Page 13: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/13.jpg)
”îl am pe memory stick, îl poți copia de acolo...”
![Page 14: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/14.jpg)
tendințe
![Page 15: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/15.jpg)
![Page 16: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/16.jpg)
16
cu
rio
sit
ycrim
e
1986 2008
Virus Destructive Virus Macro Virus
Vulnerabilities Openly Discussed
Mass Mailing Worms
Network Worms
Spam Tracking Cookies
Spam Explodes
Bots & Botnets
DDoSAttacks
Bots Explode
Paid Vulnerability
Research
Adware SpywareRootkits
On the RiseSpyware &
Adware Explode
Phishing CrimewarePhishing Explodes
Zero Day Exploits
& Threats
![Page 17: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/17.jpg)
că tot vorbim de $$$ ...
![Page 18: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/18.jpg)
Produs Preț
Instalare adware 30 cenţi in US, până la 2 cenţi in alte ţări
Pachet malware, versiunea basic 1.000$ – 2.000$
Add-ons pentru pachete malware Preţuri variabile pornind de la 20$
Închiriere de “exploit” - o oră De la 0,99$ la 1$
Închiriere de “exploit” - 2,5 ore De la 1,60$ la 2$
Închiriere de “exploit” - 5 ore 4$
Troian nedetectabil 80$
Atac DDOS 100$ pe zi
Acces la 10.000 de PC-uri compromise 1.000$
Informaţii despre conturi bancare Preţuri variabile pornind de la 50$
Un milion de mesaje e-mail De la 8$ în sus
o listă de prețuri
Informațiile se refera la anul 2007, sursa: TrendMicro
![Page 19: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/19.jpg)
pe câmpul de luptă
![Page 20: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/20.jpg)
trojan / rootkit / worm / spyware
![Page 21: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/21.jpg)
AV-Test.org estimează că există peste 11 milioane de exemplare de malware
![Page 22: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/22.jpg)
![Page 23: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/23.jpg)
![Page 24: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/24.jpg)
![Page 25: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/25.jpg)
![Page 26: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/26.jpg)
scopul poate fi extrem de diferit, de la caz la caz
![Page 27: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/27.jpg)
spre exemplu, Win32.Worm.Delf.NFW (locul 9 în topul BitDefender pe luna iulie)
![Page 28: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/28.jpg)
șterge fișiere mp3 care conțin numele unor cântareți români "populari"
![Page 29: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/29.jpg)
Adrian MinuneAdi de la Valcea
Florin SalamFrații de AurLaura VassLiviu PuștiuLiviu Guță
![Page 30: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/30.jpg)
DDoS / botnets
![Page 31: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/31.jpg)
Network C
Network B
Network A
Attacker
Computer
ComputerComputer
Workstation Workstation Workstation
LaptopComputer
Computer Workstation
Broadcast Address
Broadcast Address
Broadcast Address
ICMP Echo
ICMP Echo
ICMP Echo
ICMP Echo
ICMP Echo
ICMP Echo
Target system
Replies from every terminal in the
Network
Replies from every terminal in the
Network
Replies from every terminal in the
Network
Smurf
![Page 32: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/32.jpg)
Attacker
Server
Legitimate userr
Half Open Connection
Half Open Conenction
Half Open Conenction
Half Open Conenction
Legitimate Connection
SynFlood Attack SynFlood
![Page 33: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/33.jpg)
Attack
erDNS 2
DNS 3
DNS 4
Target
Query with spoofed IP
Query with spoofed IP
Query with spoofed IP
Query with spoofed IP
Results from attackers query
Results from attackers query
Results from attackers query
Results from attackers query
DNS 1
DNS DoS
![Page 34: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/34.jpg)
DDoS
Server Software
(Zombie)
Server Software
(Zombie)
Server Software
(Zombie)Server Software
(Zombie)
Server Software
(Zombie)
Client Software
Command
CommandCommand
Target Host
Packets
Packets
Packets
PacketsPackets
Attacker
Client
Attacker’s CommandsAttacker’s Coomand
![Page 35: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/35.jpg)
exemplele nu sunt la scară reală :)
![Page 36: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/36.jpg)
SQLi / XSS / CSRF / RFI
![Page 37: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/37.jpg)
![Page 38: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/38.jpg)
SQL injection
![Page 39: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/39.jpg)
XSS
![Page 40: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/40.jpg)
XSS
![Page 41: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/41.jpg)
XSS
![Page 42: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/42.jpg)
Open Web Application Security Project (OWASP) top 10 list
www.owasp.org/index.php/Top_10_2007
![Page 43: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/43.jpg)
OWASP Top 10 List 2007
1. Cross Site Scripting (XSS)
2. Injection Flaws
3. Malicious File Execution
4. Insecure Direct Object Reference
5. Cross Site Request Forgery (CSRF)
6. Information Leakage and Improper Error Handling
7. Broken Authentication and Session Management
8. Insecure Cryptographic Storage
9. Insecure Communications
10. Failure to Restrict URL Access
![Page 44: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/44.jpg)
spam
![Page 45: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/45.jpg)
conform Sophos, 96.5% din business email este spam
![Page 46: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/46.jpg)
![Page 47: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/47.jpg)
phishing / crimeware / scareware
![Page 48: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/48.jpg)
![Page 49: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/49.jpg)
![Page 50: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/50.jpg)
crimeware
![Page 51: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/51.jpg)
categorie de malware concepută pentru automatizarea activităților
criminale de natură financiară
![Page 52: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/52.jpg)
scareware, o variantă de social engineering
![Page 53: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/53.jpg)
![Page 54: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/54.jpg)
![Page 55: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/55.jpg)
![Page 56: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/56.jpg)
![Page 57: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/57.jpg)
![Page 58: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/58.jpg)
![Page 59: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/59.jpg)
botnet on demand
![Page 60: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/60.jpg)
BotnetNumărul de boți
estimatCapacitatea de generare de
spam
Kraken 400.000 100 miliarde mesaje pe zi
Srizbi 315.000 60 miliarde mesaje pe zi
Rustock 150.000 30 miliarde mesaje pe zi
Cutwail 125.000 16 miliarde mesaje pe zi
Storm 85.000 3 miliarde mesaje pe zi
top 5 botnets in 2008
Surse: SecureWorks, Damballa
![Page 61: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/61.jpg)
furt de identitate
![Page 62: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/62.jpg)
așteptările societății legat de confidențialitate scad vizibil
![Page 63: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/63.jpg)
![Page 64: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/64.jpg)
![Page 65: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/65.jpg)
![Page 66: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/66.jpg)
![Page 67: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/67.jpg)
$40 pe an, 30.000 americani s-au înscris
![Page 68: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/68.jpg)
You have no privacy, get
over it!
Scott McNealyCEO, Sun Microsystems
![Page 69: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/69.jpg)
![Page 70: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/70.jpg)
incidente soldate cu pierderi de date1 ianuarie 2005 – 4 august 2009
http://www.privacyrights.org/ar/ChronDataBreaches.htm
![Page 71: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/71.jpg)
263 247 398 !
![Page 72: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/72.jpg)
costul mediu al recuperării datelor pierdute/furate/compromise
![Page 73: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/73.jpg)
![Page 74: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/74.jpg)
$ 197.50 / data record !
![Page 75: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/75.jpg)
![Page 76: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/76.jpg)
sau aproximativ 20% din PIB-ul României pe 2008
![Page 77: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/77.jpg)
cele 10 legi alesecurității rețelelor
![Page 78: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/78.jpg)
#1dacă un atacator te convinge să rulezi programul lui pe calculatorul tău, nu
mai e calculatorul tău
![Page 79: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/79.jpg)
#2dacă un atacator poate modifica
sistemul de operare de pe calculatorul tău, nu mai e calculatorul tău
![Page 80: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/80.jpg)
#3dacă un atacator are acces fizic la
calculatorul tău, nu mai e calculatorul tău
![Page 81: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/81.jpg)
#4dacă lași un atacator să upload-eze
programe pe site-ul tău, nu mai e site-ul tău
![Page 82: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/82.jpg)
#5parolele slabe anulează orice altă
formă de securitate
![Page 83: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/83.jpg)
#6un sistem e atât de sigur pe cât de
multă încredere poți avea în persoana care îl administrează
![Page 84: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/84.jpg)
#7datele criptate sunt atât de sigure pe
cât de sigură e cheia de decriptare
![Page 85: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/85.jpg)
#8un antivirus fără definiții la zi e cu
puțin mai bun decât unul inexistent
![Page 86: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/86.jpg)
#9anonimitatea absolută nu e practică,
nici în viața reală, nici pe web
![Page 87: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/87.jpg)
#10tehnologia nu e un panaceu
![Page 88: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/88.jpg)
abordarea securității
![Page 89: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/89.jpg)
un singur punct de acces fizic
![Page 90: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/90.jpg)
un singur punct de acces electronic
![Page 91: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/91.jpg)
disciplină, disciplină, disciplină
![Page 92: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/92.jpg)
tot ce vine e malițios, până la proba contrarie
![Page 93: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/93.jpg)
arhitectura veche
![Page 94: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/94.jpg)
la început, internetul era izolat, rețelele corporate la fel
![Page 95: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/95.jpg)
internet
corporate network
![Page 96: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/96.jpg)
persoanele din CORP și-a dat seama că pe Internet se găsesc treburi
interesante, și au solicitat acces
![Page 97: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/97.jpg)
internet
firewall
corporate network
![Page 98: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/98.jpg)
și accesul outbound era suficient
![Page 99: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/99.jpg)
între timp a apărut HTML / HTTP
![Page 100: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/100.jpg)
iar când e vorba de culori, imagini și sunete, persoanele de la marketing
devin interesate
![Page 101: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/101.jpg)
și au început să solicite să pună ”broșuri” pe Internet
![Page 102: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/102.jpg)
internet
firewall
web server
corporate network
![Page 103: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/103.jpg)
iar când s-a dorit și comunicarea cu cei din afară, a apărut DMZ
![Page 104: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/104.jpg)
internet
firewall
web server (DMZ)database (DMZ)
corporate network
![Page 105: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/105.jpg)
treptat, DMZ-ul a devenit o înșiruire de firewall-uri
![Page 106: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/106.jpg)
soluțiile noi au devenit din ce în ce mai complexe, deoarece se bazau pe
soluțiile deja existente
![Page 107: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/107.jpg)
engineers, architects and contractors
![Page 108: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/108.jpg)
engineers begin knowing a little bit about a lot
they learn less and less about more and more
until they know nothing about everything
![Page 109: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/109.jpg)
architects begin knowing a lot about a little
they learn more and more about less and less
until they know everything about nothing
![Page 110: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/110.jpg)
contractors begin knowingeverything about everything
but end up knowing nothing about anything
because of their associationwith architects and engineers
![Page 111: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/111.jpg)
pe cine cunoaștem?
![Page 112: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/112.jpg)
PC-ul, sau persoana?
![Page 113: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/113.jpg)
PC persoană
![Page 114: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/114.jpg)
PC persoană
managed
unmanaged
![Page 115: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/115.jpg)
arhitectura nouă
![Page 116: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/116.jpg)
internet
corporate network
![Page 117: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/117.jpg)
folosim împărțireamanaged / unmanaged
![Page 118: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/118.jpg)
internet
unmanaged managed
corporate network
![Page 119: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/119.jpg)
astfel, avem nevoie denetwork edge protection
pentru secțiunea unmanaged
![Page 120: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/120.jpg)
dar ce facem cu partea managed?
![Page 121: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/121.jpg)
știm PC-ul, știm persoana
![Page 122: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/122.jpg)
dar până acum, acestea erau în interiorul rețelei, după firewall
![Page 123: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/123.jpg)
acum, sistemele sunt în afară
![Page 124: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/124.jpg)
două aspecte esențiale
![Page 125: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/125.jpg)
ambele se asigură că informația ajunge doar la persoanele autorizate
![Page 126: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/126.jpg)
1. confidențialitate
![Page 127: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/127.jpg)
mecanism principal: criptare
![Page 128: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/128.jpg)
criptarea nu poate preveni intercepția
![Page 129: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/129.jpg)
2. posesie
![Page 130: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/130.jpg)
mecanism principal: access control
![Page 131: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/131.jpg)
posesia nu poate oferi secretizare
![Page 132: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/132.jpg)
de reținut!
![Page 133: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/133.jpg)
confidențialitate (criptare)
și
posesie (access control)
![Page 134: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/134.jpg)
lucrul cu informația
ce se colectează?cum circulă?
unde e stocată, și pentru cât timp?cine o acesează și de ce?
ce se întâmplă în afara sistemului?când e distrusă?
![Page 135: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/135.jpg)
soluții
![Page 136: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/136.jpg)
non-admin login, NAP, Group Policy,autentificare cu certificate (X.509),
IPSec, IPv6 (Teredo), DNSv6, Firewall,soluții gen TrueCrypt/BitLocker, code security best practices, penetration testing, web security platforms, etc.
![Page 137: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/137.jpg)
...și user awareness!
![Page 138: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/138.jpg)
resurse online
![Page 139: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/139.jpg)
oricine le poate găsi :)
![Page 140: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/140.jpg)
feedback :)
![Page 141: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/141.jpg)
http://infoeducatie.tudy.ro/
![Page 142: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/142.jpg)
întrebări
![Page 143: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/143.jpg)
mulțumesc.
![Page 144: Securitatea Informatiei](https://reader035.vdocumente.com/reader035/viewer/2022081716/5478d323b37959932b8b45a2/html5/thumbnails/144.jpg)
Tudor DamianIT Solutions Specialist
tudy.tel