panaimin@icst.pku.edu.cn - PowerPoint PPT Presentation

About This Presentation

Title:

panaimin@icst.pku.edu.cn

Description:

Title: Author: Last modified by: panaimin Created Date: 10/2/1998 5:29:39 AM Document presentation format – PowerPoint PPT presentation

Number of Views:38

Avg rating:3.0/5.0

Slides: 71

Provided by: 6649153

Category:

more less

Transcript and Presenter's Notes

Title: panaimin@icst.pku.edu.cn

1
???????(?)

???,??????????
panaimin_at_icst.pku.edu.cn
http//www.icst.pku.edu.cn/InfoSecCourse

2
??

??????
??????
?????
????
????

3
?????

????????????????
?????,???????????
???

4
??????

???????
????????
????
?????
????
????
????

5
?????????

IT????
??,????????
???????????
????????
??????
??
??
??

6
????????

2000?????????
??????????
????????????
????????????
??????????????????
????????????

7
????????
CERT?????????
8
Information and Network Security

We will demonstrate that 62 of all systems
can be penetrated in less than 30 minutes.
More than half of all attacks will come from
inside your own organization
from TNN.com

9
??????????

??????????,??????????????????????????
??????????,?????????????????????????????????????
????,??????????????????????,??????????????????,?
??????,???????
???????7????
????????lt????gt

10
???????????????

????,???????????,??????????????
????99?1????,????????????????????????????,??????
????????,????????????????????
???,99?7??,????????????
?????2000?5?8?,???????????????
????2001?4??5?,???????????????

11
??????????

???????????,????????????????????????????????
????????????????????
97?20??,98?142?,99?908?,2000????1420??
?????????????????????????????
??????????100????????????

12
????????????

2000?2?????????,?????????????????
99?4?26?,??????CIH??????,?????????????PC????36????
???????????,???????12???
????
1996?4?16?,????????,??Internet????,??????20???????
?????????

13
????????????

?????????????????????????????,????????????????
99?4?,????????BBS,?????????????????????,????????,?
????????,???????
??????,????,???????
????,?????

14
??????

??????????????????????????
2001?2?8?????,???????,??????????18????????????????
?????
????????????
?????????
1997?5?????????????,???????28.2?
?????????????????,????????????????,???????????????
????????????100????,??????54????,???????30??
??????

15
???????????

??????,?????,?????????
(??????????? ???)
?????,?????????????,??????????????
(???????)
???????,???????????????
(?????????????)

16
C4ICommand, Control, Communications, Computers
and Intelligence
17
???????????

?????1999?6???????????????????????????
???????????,???????????,?????????????
????????????????,??????????,????????????
???????????????,???????,??????????????????,???????
?????????????????????????

18
?????????

?????,??????????????,?????????,??????????
?????????,????????????,???????

19
????????

??
????????????????
????
Windows 3.1 300????
Windows 2000 5000????

20
??
21
??????
22
??????????

????????????
??????????????
???????

23
??????

???????

???? ???? ???? ????
sender
receiver

???????????-60??(COMSEC)

24
???????????
???
???
???
??
??
??
25
???????

???????????
??? Confidentiality
??????,??????????,?????
??? Integrity
??????????,??
?????,???????????
?????,????????,????????
??? Availability
?????

26
?????????

?????????
??? authenticity
???????,????????????
Accountability
???????????
Reliability
?????????????

27
??????????

????(COMSEC)60??
?????(COMPUSEC)60-70??
????(INFOSEC)80-90??
????(IA)90??-

28
???????

Information Assurance
??(Protect)
??(Detect)
??(React)
??(Restore)

?? Protect
?? Detect
IA
?? React
?? Restore
29
PDRR

??(Protect)
????????????????????????????????????
??(Detect)
???????????????????????????????????????
??(React)
??????????????????????,????????????,?????????????
??(Restore)
????????,????????,??????????

30
??????

?????????????
??????
??????
??????
????????
????????

31
??????

??
1) ?????
2)?????
3)??????
4)???????????????
5)???????
6) ????????
7) ??????
8) ?????(????,????)
9) ???

32
?????????

??
?????????(??????????TTP)
?????????
???????????40????
?????????128?
??
??????????
2000??????????

33
?????

????????????????????????????
?????????????????,?????????????????,??????(????)?
?????????????????????????????????????????????
????????????????????????????,????????????(1996??
???????????, ???????????)?
????????????????,????????????????????

34
??

1996???,??????????????????? ??????
?????????????????????????????????????????
1996?9?23?,????????????????????R??????R???????
???????????????????????????????????,??????????????
????????????,??????????????????

35
???

?1995???????????????????
??????????????????????????????????????????????,??
?????????????????
????????????????????,?????????????

36
???

????????(SBA)1996?7?11????????????,???????????????
1996?7?15????
??????????????,?????????????,?????????????
??????????????????????,??????,????????????????????
?????????????,?????????????????????????????

37
??????

????????????????
?????????
??????????(1982?8?23? )??????????(1984?3?12?
)??????????????(1988?9?5? )
??????????????(1993?9?2? )

38
??????????????

?????????
???????????????,?1997???????????,?????????????
??????? ??????,?????????????????????????????,?????
?????????
??????? ??????,???????????????????????,???????????
????,?????,?????????????,???????,????????????????,
???????????????????????????????????????,?????,????
????????????????????????,???????????,?????,???????
????
??????? ????????????????????????????????????,?????
????????

39
?????????

?????????(1991?6?4? )
????????????????????(1994?2?18? )
????????(1999?lO?7? )
???????????(2000?9?20? )
???????????(2000?9?25? )
????????????????????? (2000?12?29?)

40
??????????????

1.????????????????????????????
2.??????????????????,????????????,????????????????
3.??????,???????????????,????????????????????

41
?????????????????

1999?10????????????????
???????????????????
????????????
??????????????????????,?????????????????
????????????
????????????????,????????????????,????????????????
???

42
?????????(?)

????????????
??????????????,?????????????????????????,?????????
????
???????????
?????????????????,????????????????????,???????????
?????????,????????????
????????????
????????????????,????????????????????

43
????????

??????????,??????,????????????,???????????
??????????????????(????????)?????????????????????
??????????????????????,??????????????
????????????,????????????????????????????

44
?????????

????????????????
????????????????????(1996? )
?????????????(1997?12?1?)
????????????????????????? (1997?12?12? )
???????????????????(1997?12?30? )

45
?????????(?)

?????????(1998?1?1? )
?????????????????(2000?1?1? )
???????????(2000?4?26? )
??????????? (2000?9?20? )
??????????????????(2000?11?6? )
??????????????????(2000?11?6? )

46
???????????????

????????????????
??????????????
???????????????
????
????
????
????????????????

47
??????

??????
??????????????????????????????????,???????????????
?????
?????????,??????????????????,?????????????????????
???????????????
??????????????????????????????
???????????????,??????????????????????????????????
?????????????
???????????????,?????????????
??????WTO???????????????

48
???????

??????????????????
ISO,NIST
????
DES
AES
NESSIE(New European Schemes for Signature,
Integrity, and Encryption)
140-2 (NIST FIPS PUB ????)
???????????
TCSEC-ITSEC-CC
????
ISO 17799

49
?????????

??????1985???
???????????
Trusted Computer Security Evaluation Criteria
(TCSEC)
???????????????
??????????????

50
?????????

??DoD
DoD85 TESEC
TCSEC????(TNI 1987)
TCSEC?????????(TDI 1991)
????Rainbow series
?? ITSEC
??????????????Common Criteria(CC)

51
TCSEC

???,??????????????????????????????????????????????
??????????????????
?????(TCB- Trusted Computing Base)
?????????????????????????????????????????TCB??????
??????????????????????????TCB?????????????????????
??????,????????????
??????
???????????(no read up no write
down)?????????????

52
???????????
53
TCSEC???

TCSEC??????????,??????????????????????,??????????,
???????????????
NCSC?TNI??TCSEC????????,??????????
Moores Law ????????18??,????????????????????????
???,???????????????????

54
ITSEC (???????)

90???????(???????)???????????????(ITSEC)
????TCSEC??????,????????????????????????,?????????
????????????????????????????????????,?????????????
?????????

55
ITSEC?????????

E6?????
E5?????
E4??????
E3???????
E2?????
E1????
E0?????????

56
??????(CC)

??????????????????,???TCSEC????ITSEC??,???????????
??????????????????????
91?1??????????????(CC)?????????Common Criteria
for IT security Evaluation ?
????????????,????????????????(NIST)??????(NSA),???
???????,???????

57
??????(CC)

????????ITSEC,????? TCSEC ???????????,????
CTCPEC,?? ???????ISO SC27 WG3 ???????
1995???0.9?,1996?1????1.0?? 1997?8???2.0 Beata?,
2.0 ??1998?5????
1998-11-15 ??ISO/IEC 15408????-????-IT??????

58
CC?????????

CC?????????
???(confidentiality)
???(integrity)
???(availability)
CC?????????
???????????
????
???????????????
??????????????
?????????

59
CC???????

????????????,????????????,???????????????
????????????????????????,??????(PP),
??????(ST),??????????????(TOE),???????????,???????
??????????????
????????????????????????,????????(TOE)?????????
?????IT?????????????????????????,????????????????
??????

60
CC???????

???????????
?CC??????????IT?????????????????,??????????????IT?
???????????????
??????????
????????????(TOE)????????????????????????????(comp
onents)??(families)??(classes)
??????????
????????????(TOE)?????????????????????????(PP)????
?(ST)????,?????????(TOE)??????????(EAL)

61
Evaluation Assurance Levels (EALs)
EAL
TCSEC
Name
?????
EAL1
C1
EAL2
?????
EAL3
C2
????????
B1
??????????
EAL4
B2
EAL5
?????????
B3
EAL6
??????,?????
EAL7
A1
??????????
62
????????

??????????????,????????????????????,??????????80??
????,??????????????????????
??,????,??????????????????????????????????,???????
????????????????,?????????,???????????????????

63
????

????????
???
????
????
???????
????????????
????
????
????????????
???????
????

64
??????

??????
?????????????????
???????????
??Internet????

65
??????

???
?????(TCP/IP)
????(UNIX?Windows)
????

66
????

??????????????
??????????????
??????????????
PKI
SSL/TLS
MIME/SET?
??????
Firewall
IDS
?????????

67
????(?)

????
???
?????Web??
??????
?????????
?????
AAA??
IPv6?????

68
????

??50
2?
??50

69
????

William Stallings, Cryptography and network
security principles and practice, Second Edition
Hacking Exposed (2nd or 3rd Edition)
?????????
TCP/IP
OS
Windows NT/2000

70
??

Write a Comment

User Comments (0)