范錚強 1 chapter 12 e-commerce security 范錚強 2 大綱 基本觀念 安全的重要性 取捨...
Post on 20-Dec-2015
238 views
TRANSCRIPT
1范錚強
Chapter 12
E-Commerce Security
2范錚強
大綱
基本觀念安全的重要性取捨
一些安全防護技術和制度的基本原理你只需要知道原理你自己要有因應的措施
3范錚強
安全威脅有多大?
2002 年電腦犯罪及安全調查
90% 電腦受過各種安全破壞40% 偵測到系統外部入侵 (2000 年為 25%)
85% 電腦偵測到病毒
環境惡劣,企業如何自保?
來源: Computer Secrity Institute (CSI), Computer Crime and Security Survey 2002
4范錚強
安全的迷思
防止駭客入侵防止病毒入侵隔離外來者…
5范錚強
安全故事: Brute Force Credit Card Attack Story
The ProblemSpitfire Novelties usually generates between 5 and 30 transactions per day
On September 12, 2002 in a “brute force” credit card attack, Spitfire’s credit card transaction processor processed 140,000 fake credit card charges worth $5.07 each (62,000 were approved)
6范錚強
Brute Force Credit Card Attack (cont.)
The total value of the approved charges was around $300,000
Spitfire found out about the transactions only when they were called by one of the credit card owners who had been checking his statement online and had noticed the $5.07 charge
7范錚強
Brute Force Credit Card Attack (cont.)
Brute force credit card attacks require minimal skill
Hackers run thousands of small charges through merchant accounts, picking numbers at random
When the perpetrator finds a valid credit card number it can then be sold on the black market
Some modern-day black markets are actually member-only Web sites like carderplanet.com, shadowcrew.com, and counterfeitlibrary.com
8范錚強
Brute Force Credit Card Attack (cont.)
Relies on a perpetrator’s ability to pose as a merchant requesting authorization for a credit card purchase requiring
A merchant ID
A password
Both
9范錚強
Brute Force Credit Card Attack (cont.)
Online Data’s credit card processing services, all a perpetrator needed was a merchant’s password in order to request authorization
Online Data is a reseller of VeriSign Inc. credit card gateway services
VeriSign blamed Online Data for the incident
Online Data blamed Spitfire for not changing their initial starter password
10范錚強
Brute Force Credit Card Attack Story (cont.)
In April 2002 hackers got into the Authorize.Net card processing system (largest gateway payment system on the Internet)
Executed 13,000 credit card transactions, of which 7,000 succeeded
Entry into the Authorize.Net system required only a log-on name, not a password
11范錚強
Brute Force Solution
Online Data should assign strong passwords at the start
Customers should modify those passwords frequently
Authorization services such as VeriSign and Authorize.Net should have built-in safeguards that recognize brute force attacks
12范錚強
Brute Force Credit Card Solution (cont.)
Signals that something is amiss:A merchant issues an extraordinary number of requests
Repeated requests for small amounts emanating from the same merchants
13范錚強
Brute Force Credit Card Attack (cont.)
The ResultsVeriSign halted the transactions before they were settled, saving Spitfire $316,000 in charges Authorize.Net merchants were charged $0.35 for each transactionThe criminals acquired thousands of valid credit card numbers to sell on the black market
14范錚強
Brute Force Credit Card Attack (cont.)
What we can learn…Any type of EC involves a number of players who use a variety of network and application services that provide access to a variety of data sources
A perpetrator needs only a single weakness in order to attack a system
15范錚強
Brute Force What We Can Learn
Some attacks require sophisticated techniques and technologies
Most attacks are not sophisticated; standard security risk management procedures can be used to minimize their probability and impact
16范錚強
Accelerating Need forE-Commerce Security
Annual survey conducted by the Computer Security Institute and the FBI
Organizations continue to experience cyber attacks from inside and outside of the organization
17范錚強
Accelerating Need forE-Commerce Security (cont.)
The types of cyber attacks that organizations experience were varied
The financial losses from a cyber attack can be substantial
It takes more than one type of technology to defend against cyber attacks
18范錚強
Accelerating Need forE-Commerce Security (cont.)
According to the statistics reported to CERT/CC over the past year (CERT/CC 2002)
The number of cyber attacks skyrocketed from approximately 22,000 in 2000 to over 82,000 in 2002
First quarter of 2003 the number was already over 43,000
Computer Emergency Response Team (CERT): Group of three teams at Carnegie Mellon University that monitors incidence of cyber attacks, analyze vulnerabilities, and provide guidance on protecting against attacks
19范錚強
Security Is Everyone’s Business
Security practices of organizations of various sizes
Small organizations (10 to 100 computers)The “haves” are centrally organized, devote a sizeable percentage of their IT budgets to security
The “have-nots” are basically clueless when it comes to IT security
20范錚強
Security Is Everyone’s Business (cont.)
Medium organizations (100 to 1,000 computers)
Rarely rely on managerial policies in making security decisions, and they have little managerial support for their IT policiesThe staff they do have is poorly educated and poorly trained—overall exposure to cyber attacks and intrusion is substantially greater than in smaller organizations
21范錚強
Security Is Everyone’s Business (cont.)
Large organizations (1,000 to 10,000 computers)Complex infrastructures and substantial exposure on the Internet
While aggregate IT security expenditures are fairly large, their security expenditures per employee are low
IT security is part-time and undertrained—sizeable percentage of the large organizations suffer loss or damage due to incidents
Base their security decisions on organizational policies
22范錚強
Security Is Everyone’s Business (cont.)
Very large organizations (more than 10,000 computers)
extremely complex environments that are difficult to manage even with a larger staff
rely on managerial policies in making IT security decisions
only a small percentage have a well-coordinated incident response plan
23范錚強
Security Issues
From the user’s perspective:Is the Web server owned and operated by a legitimate company?
Does the Web page and form contain some malicious or dangerous code or content?
Will the Web server distribute unauthorized information the user provides to some other party?
24范錚強
Security Issues (cont.)
From the company’s perspective:Will the user not attempt to break into the Web server or alter the pages and content at the site?
Will the user will try to disrupt the server so that it isn’t available to others?
25范錚強
Security Issues (cont.)
From both parties’ perspectives:Is the network connection free from eavesdropping by a third party “listening” on the line?
Has the information sent back and forth between the server and the user’s browser been altered?
26范錚強
Security Requirements
Authentication 身份確認The process by which one entity verifies that another entity is who they claim to be
Authorization 授權The process that ensures that a person has the right to access certain resources
Auditing 稽核The process of collecting information about attempts to access particular resources, use particular privileges, or perform other security actions
27范錚強
Security Requirements (cont.)
Confidentiality 保密Keeping private or sensitive information from being disclosed to unauthorized individuals, entities, or processes
Integrity 完整性As applied to data, the ability to protect data from being altered or destroyed in an unauthorized or accidental manner
28范錚強
Security Issues (cont.)
Nonrepudiation 不可否認The ability to limit parties from refuting that a legitimate transaction took place, usually by means of a signature
29范錚強
資訊安全的威脅
惡意 非人為、無意
硬體破壞 竊盜、搗毀 自然災害、儲存媒體損毀
資料破壞 資料竄改、資料增刪、系統性更動資料
程式師無能、不小心、遺漏
資料外洩 資料複製、網路截取、詐騙
不小心
網路入侵 竊取資料、破壞、將受侵電腦作為犯罪工具
──
30范錚強
資訊安全的確保
評估風險和損失針對可能的威脅加以防護以技術加上來制度(或習慣)來防範
瞭解技術的特性以制度來確保
鏈條的強度,是最弱一環的強度
31范錚強
安全的基本基本觀念
安全不是絕對的安全和易用性的兩難
安全是有價的你願意付出什麼樣的代價?你的安全風險 exposure 有多高?
資訊安全有技術面和人性面破壞安全者,都是「人」
主要是內部的人人性!!
32范錚強
安全和易用性
想一想,你回家和出門時…進門需要開十個鎖出門需要鎖十道門…
你會做什麼?
風險和安全措施的平衡
33范錚強
最常聽到的安全管制
密碼加解密
Triple DES, RSA, …SSL, SET
KPI, CA
防火牆VPN
防止 DoS—denial of service
……
34范錚強
想想看…
花旗銀行的網路信用卡資料洩密案進入網頁使用循序碼程式撰寫不當
金資中心的大批密碼外洩案人員管理不當
ATM 大批盜領案側錄密碼
35范錚強
另外一些實例
你休假、出差,主管和你要你的密碼…你該給嗎?你能不給嗎?你憑什麼能不給?
你管理電腦機房,總經理要求進入你該讓嗎?你能不讓嗎?你憑什麼能不讓?
你的電腦安裝了趨勢科技的 PC-cillin ,你就安心了嗎?
你上一次更新病毒碼是什麼時候?
36范錚強
企業環境
法律環境
保險
安全方案
國際標準
企業體
流程管制
人事管制
文件管制
使用者管制復原計畫
安全政策
應用軟體
輸入輸出管制
程式管制
稽核軌跡
進出管控
隔離
操作管制
安全的「洋蔥」
硬體資料
通訊管制
37范錚強
一些安全技術的簡單原理
防毒加解密PKI/CA
身份確認備份
38范錚強
防止病毒
電腦程式
電子檔案
分析檔案比對病毒碼
防毒軟體
病毒碼
修補或隔離 通過檢驗
39范錚強
加密解密──一般觀念
例子:我的電話 0916059841簡單的加密, 乘積
乘上 13—011908777933
我送給你,你除以 13 就有答案了更簡單的方法,猜猜看如何解密?
980779711866420145509898894141142697598077971186642014550989889414114269759807797118664201455098988941411426975
關鍵:我們對加解密的方法需要保密──這世界有絕對機密嗎?
40范錚強
對稱式金鑰
信息明文
信息密文
加密
信息密文
信息明文
解密
S
R
41范錚強
網際網路
我要付款 $$$
請出示身分證明
電子交易的安全需求
防止機密或敏感性資料外洩鑑別對方的身分防止資料被竄改或偽造防止事後否認
42范錚強
兩把鑰匙的觀念
你到銀行開個保險箱開戶
身份確認取得鑰匙──私鑰
使用身份確認、使用登錄行員持公鑰,和你的私鑰一同開啟
你安全嗎?為何?
43范錚強
非對稱金鑰
又稱 RSA 加密由 R/S/A三位學者發明,由數學方式產生一對不相同的金鑰兩者之間無法經由任何數學運算獲得,必須同時產生其中之一由私人保存,另一個則公開經由私鑰加密者,只能由公鑰解密,反過來也一樣
44范錚強
非對稱式金鑰,防止外洩
信息明文
信息密文
R 公鑰加密
信息密文
信息明文
S
RR 私鑰解密
45范錚強
非對稱式金鑰,防止否認
信息明文
信息密文
R 公鑰加密
信息密文
信息明文
S
RR 私鑰解密
S 公鑰解密
S 私鑰加密
46范錚強
PKI/CA
PKI – Public Key Infrastructure公開金鑰架構利用非對稱金鑰來進行的加解密機制
CA – Certificate Authority憑證中心:公鑰憑證發行單位需要有公信力有層級性的發行單位
47范錚強
事前向有公信力的憑證機構註冊,由其簽發公鑰憑證。
發證者名稱有效日期持有人姓名持有人公鑰
CA簽章
公開供鑑別簽署者身分
范錚強
X509
XXXX契約
電子文件
110111001數位簽章
( 類似印鑑登記 )
公鑰憑證
一對一配對關係
簽章私鑰 簽章公鑰
非對稱金鑰的發行
48范錚強
憑證中心
申請電子印鑑
電子證書
提供服務的企業
其他企業顧客
核發
0101010101
附上電子簽章
接受各界查詢並確認電子印鑑使用者的身分
電子文件
電子文件
0101010101
向認證中心查證電子印鑑之真偽
線上申請
線上處理
范錚強
15
網際服務網─提供線上申辦服務
1 2
3
4
5
電子認證
范錚強
范錚強
49范錚強
一些常用的安全機制
SSL: Secure Socket Layer利用使用者不需知覺的情況之下,在網路傳輸兩點之間,進行非對稱加密的傳輸安全機制的協定
SET: Secure Electronic Transaction安全電子交易消費者的資料經由電子商店傳遞給發卡銀行,由銀行解密,授權商店接受。電子商店無法讀取顧客的信用卡資料。
為什麼 SET 不被使用者廣為接受?
50范錚強
個人身份確認
密碼實體鑰匙加上密碼生物辨識
指紋、聲音、眼珠、面貌等身份確認的意義
資訊存取稽核軌跡──法律證據
51范錚強
個人身份確認 2
很多人將密碼寫在容易取得的地方以防忘記甚至不設定密碼
有很多人將密碼交給主管萬一有法律訴訟,請問法院認定誰做了那些行為?誰負責?
52范錚強
技術掛帥的環境
重視實體安全、通訊安全忽略管理面、人性面幸好…
資訊安全防護在 1999/2000 年,出現國際標準: BS7799/ISO17799
53范錚強
BS7799/ISO17799
英國的資訊安全標準被國際標準組織接受內容:資訊安全的管控從政策、程序、存取、復原等
完整的資訊安全考量
54范錚強
BS7799 的安全十大項目
安全政策:提供管理面的指導性原則安全組織資產分類與管理依風險和損害對資產採取分級分類
人事管制減少人為錯誤、偷竊、欺詐或濫用設施的風險
實體和環境安全
55范錚強
BS7799 的主要內容 2
通訊與操作管制存取管制安全體系的建立和維持復原計畫
防止商業活動的中斷,並保護關鍵的業務過程免受重大故障或災難的影響
符合法律和規章
56范錚強
安全管理重點
Process life cycle control全程的管理和安全確保,而非侷限於技術面
SOP做你說你要做的事,但你要做什麼?為何?
Check and balance權責分離、制衡
Recovery萬一出事,如何處理?
57范錚強
結論
安全非常重要,但並非絕對必須瞭解風險和替代方案
安全不一定「最」重要必須瞭解安全計畫的目的
技術面只是「必要條件」所有技術方案都可能有管理面的破解方法
配套的「制度」或「個人習慣」