|
 |
| Slide 1:
Alex Kodat
|
|
 |
| Slide 2:
Purpose of Security
|
|
 |
| Slide 3:
Security Exposures - People
|
|
 |
| Slide 4:
Security Exposures - Technical
|
|
 |
| Slide 5:
The Completely Secure System
|
|
 |
| Slide 6:
Costs of security
|
|
 |
| Slide 7:
Physical Security
|
|
 |
| Slide 8:
Software Security
|
|
 |
| Slide 9:
Limited Access Shells
|
|
 |
| Slide 10:
Network Security
|
|
 |
| Slide 11:
Why VTAM is more secure than TCP/IP
|
|
 |
| Slide 12:
Why VTAM is more secure than TCP/IP
|
|
 |
| Slide 13:
Why TCP/IP will bury VTAM
|
|
 |
| Slide 14:
Why TCP/IP will bury VTAM
|
|
 |
| Slide 15:
Security exposures with TCP/IP
|
|
 |
| Slide 16:
Snooping
|
|
 |
| Slide 17:
Snooping
|
|
 |
| Slide 18:
Spoofing
|
|
 |
| Slide 19:
Spoofing variation - man in the middle
|
|
 |
| Slide 20:
Spoofing
|
|
 |
| Slide 21:
Agents
|
|
 |
| Slide 22:
Agents
|
|
 |
| Slide 23:
Security Weapons
|
|
 |
| Slide 24:
Security Software Requirements
|
|
 |
| Slide 25:
Secure Socket Layer
|
|
 |
| Slide 26:
The SSL Layer
|
|
 |
| Slide 27:
The SSL Layer
|
|
 |
| Slide 28:
SSL Data Encryption
|
|
 |
| Slide 29:
SSL Data Encryption
|
|
 |
| Slide 30:
How to break RC4
|
|
 |
| Slide 31:
How to make RC4 secure
|
|
 |
| Slide 32:
Encrypting RC4 keys in SSL
|
|
 |
| Slide 33:
Public Key/Private Key
|
|
 |
| Slide 34:
Cannot Derive Private Key from Public Key
|
|
 |
| Slide 35:
What is a Public Key ?
|
|
 |
| Slide 36:
What is a Private Key ?
|
|
 |
| Slide 37:
More Facts about Keys
|
|
 |
| Slide 38:
More facts about Keys
|
|
 |
| Slide 39:
How to encrypt with Public Key
|
|
 |
| Slide 40:
How to decrypt with Private Key
|
|
 |
| Slide 41:
More About Public Key/Private key technology
|
|
 |
| Slide 42:
Using RSA to exchange RC4 key
|
|
 |
| Slide 43:
Certificates
|
|
 |
| Slide 44:
Certifying Authority
|
|
 |
| Slide 45:
Signing a certificate
|
|
 |
| Slide 46:
Validating a signed certificate
|
|
 |
| Slide 47:
Signed Certificates
|
|
 |
| Slide 48:
Getting a Signed Cerificate
|
|
 |
| Slide 49:
Getting a Signed Cerificate
|
|
 |
| Slide 50:
Being Your Own CA
|
|
 |
| Slide 51:
Being Your Own CA - Advantages
|
|
 |
| Slide 52:
Being Your Own CA - Disadvantages
|
|
 |
| Slide 53:
Self-signed Certificates
|
|
 |
| Slide 54:
Using RSA to exchange RC4 Key and Validate Server
|
|
 |
| Slide 55:
SSL Session Key Caching
|
|
 |
| Slide 56:
SSL - Initial connection
|
|
 |
| Slide 57:
SSL - Subsequent connections
|
|
 |
| Slide 58:
SSL Session Key Caching
|
|
 |
| Slide 59:
SSL
|
|
 |
| Slide 60:
How SSL Prevents Snooping
|
|
 |
| Slide 61:
How SSL Prevents Spoofing
|
|
 |
| Slide 62:
Ways to Defeat SSL
|
|
 |
| Slide 63:
Example Certificate/Private Key
|
|
 |
| Slide 64:
Janus SSL Support - Details
|
|
 |
| Slide 65:
Janus SSL Support Certificate Management Application
|
|
 |
| Slide 66:
Client Certificates
|
|
 |
| Slide 67:
Client Certificates
|
|
 |
| Slide 68:
A Janus Web/SSL Security Strategy
|
|
 |
| Slide 69:
Janus SSL
|
|
