Peter Gyger online

"Gring ache u seckle" (Quelle: A. Weyermann)

NAVIGATION - SEARCH

Internet Security for Beginners - en Detail

Letzter Update: 22. April 2018 Aktuell besuche ich an der OpenHPI den Kurs "Internet Security for Beginners" (MOOC). Da ich die Kurse i.d.R. mit Neugierde und Begeisterung besuche, arbeite ich mich über das notwendige (Minimal-) Mass in das Kursthema ein. Dieser Artikel sind die Notizen zu den Recherchen des Kursthemas. Wer sich mit dem Thema bzw. der Technik im Internet wenig Wissen hat, der kann die folgenden kostenlosen OpenHPI Kurse vorgängig durcharbeiten: Internetworking mit TCP/IP (2012) Internetworking with TCP/IP (2014) Wie funktioniert das Internet? Web-Technologien Sicherheit im Internet Sichere Email   Das Buch das zum Kurs empfohlen wird - Digitale Kommunikation - Vernetzen Multimedia Sicherheit - geschrieben von den Autoren des Kurses selber ist von 2009.  Ein Bezug zum Kurs ist nur im Kapitel 5 - "Digitale Sicherheit" - gegeben. Dort wird didaktisch geschickt und mit durchdachten Beispielen auf die Kryptografie und Verschlüsselung eingegangen. Kapite 3 - "Grundlagen der Kommunikation in Rechernetzen" - rekapituliert die technische Kommunikation in Netzwerken (Pakete, TCP, OSI, etc.). Zirka 2 Jahre vorher wurde der Kurs in deutscher Sprache abgehalten. Der Inhalt ist weitgehend identisch, wie ich feststellen konnte. Die Diskussionen liefern jedoch zusätzliche Informationen. Lesenswert. Wikipeida Artikel werden in seriösen Fachartikeln nicht als Quelle angegeben. Da die Urheberschaft unklar ist und keine Qualitätskontrolle stattfindet (*Model of Trust"). Als Einstieg oder Ergänzung verwende ich siei dennoch, wenn mir der Inhalt nützlich erscheint. Kompromiss und Widerspruch - wie bei so vielen Dingen im Leben.   Der Kursinhalt des MOOC: Course characteristics: Language: English Starting from: February 26, 2018 Course end: April 9, 2018 Duration: 6 weeks (3-6 hours per week) Target group: Anyone who uses the Internet Course requirements: none What are the topics that will be presented during the next 6 weeks? During the next 6 weeks we will cover the following topics: Internet and Cybercrime Digital Identities and Passwords Malware from the Internet: Viruses, Trojans, Botnets Open Internet - Unsafe Transport Routes Information Security through Cryptography Private Sphere and Data Privacy Lernmaterial   Week 1: We will explain the basic terms vulnerability, attack, and incident in the first week. Furthermore, we will elaborate on attackers, their motives and their origins. Week 2: In week 2, we will explain the idea and the concept of digital Identities and passwords. We will discuss the digital footprint, the feasibility to (easily) crack passwords and guidelines to chose a secure password. Week 3 In this week we will discuss several issues about malware. We will cover different types, such as, viruses, worms, and trojans, talk about botnets and mention some countermeasures. Week 4 In week 4, we will talk about dangers and risks that arise through the usage of open routes in the Internet. Therefore, we will discuss how attacks can capture messages and eavesdrop or even manipulate and compromise connections. Furthermore, some security mechanisms for those open communication channels, such as firewalls and encryption are illustrated. Week 5 In the 5th week, we will take a closer look at the general topic encryption. Therefore, we explain different cryptographic algorithms and how they can be used for various purposes. Week 6 In this week we will talk about several topics related to data privacy and private sphere in the digital world. Starting at the Internet as one big eco-system we will also cover privacy in the context of smartphones and wearables, the Internet-of-things or cloud computing, for example.   Woche 2 Folge1:  "Digital Identities and Passwords" What is Digital Identity? Access Control. Authentication by Username - Password. Strong Authentication. Multi-Factor Authentication. Folge2:  "Identity Theft" Target: Digital Identity Data. Digital Identity Data Theft. HPI Identity Leak Checker. Motivation for Identity Theft.  Folge3:  "Password-Based Login Process" Log-in Procedure with Passwords. Weak Spot: Plaintext Passwords. Safe Storage of Passwords. Validation of a Password. Safe Hashes with Salt. Sekundärliteratur: Wikipedia: Rainbow Table Folge4:  "Dilemma of Weak Passwords" Weak Passwords. Choose Safe Passwords Folge5:  "Attacks on Passwords" Attacks on Passwords. Passwort Guessing. Password Cracking. Interception of Passowrds - Sniffing. Spying for Passwords. Major Password Violation Incidents. Major Password Violation Incidents. Folge6:  "Protection: Good Passwords" Choosing "Good" i.e. Safe Passwords. Use of Password Safes.  Folge7:  "Identity Theft by Social Engineering" What is Social Engineering? Social Engineering: Phishing. Social Engineering: Widespread Phishing Attacks. Social Engineering: Personalized Phishing. Social Engineering: Other Techniques. Social Engineering: Notable Past Cases. Social Engineering: Precautions.  Folge8:  " Secure Authentication" Secure Public Key Authentication. Secure Public Key Authentication. Secure Authentication with Smartcards. Sekundärliteratur: Wikipedia: Public-Key-Authentifizierung Ergänzung1:  "Password Length" Ergänzung2:  "Hash Functions" Woche 3  Folge1:  "Introduction - Malware form the Internet"  Malicious Software - a Major Threat on the Internet. Overview of the Week's Program on Malware. Overview of the Week's Program on Malware - Excursion.  Folge2:  "Malware from the Internet: Viruses, Trojans, Botnets" Malware - Malicious Software. Malware: Viruses. Malware: Worms. Malware: Trojan or Trojan Horse. Malware: Keylogger. Malware: Botnets. Malware: Rootkit and Backdoor. Malware: Adware. Malware: Spyware. Malware: Scareware. Malware: Rogueware / Rogue Antivirus. Malware: Ransomware. Malware Today.  Folge3:  "Botnets" "Botnets". Botnets - Basic Principle. Botnets - Attack Scenarios. Botnets - Well-Known Examples. Example of Botnet Attack: Bitcoin Mining. "Storm" Botnet. "Storm" Botnet: Stormfucker. Zeus. Zeus - Gameover ZeuS.  Sekundärliteratur: Elektro Kompendium: Botnetze Swisscom: Sicherheit im Smart Home Krebs on Security: Botnet Folge4:  "Malware: Spectacular Examples"  Malware - Some Spectacular Examples. Malware - Some Spectacular Examples. Cookie Monster. ILOVEYOU. Conficker. Stuxnet. Regin. "Kampagnen" Malvertising. Ransom32. WannaCry.   Folge5: ""Malware: Protective Measures" Regular Backup. Programm Updates. Virus Scanners - Antivirus Software. Firewalls. Healthy Mistrust.  Sekundärliteratur: O'Reilly Open Book: "Linux-Firewalls - Ein praktischer Einstieg, 2. Auflage " Folge6: "Mobile Apps and Malware" Mobile Platforms. Basic Concepts. Alternative App Stores. Mobile Malware. Mobile Malware Examples: Dendroid. Mobile Malware Examples: ExpensiveWall. Vulnerabilities in Mobile Operating Systems. Common Vulnerabilities in Android. Protective Measures.   Woche 4 Folge1:  "Open Internet" Components of a Network. Infrastructure Components. Adressing in Networks. Packet Switching. Vulnerabilities in Networks.  Sekundärliteratur: Wikipedia: Packetvermittlung Wikipedia: Eavesdropping Folge2:  "Wireless Networks" WLAN - IEEE 802.11 Wireless LAN Basic Components of a WLAN Well-Known Security Mechanisms Well-Known Security Mechanisms: WLAN encryption Well-Known Security Mechanisms: MAC Address Filtering Well-Known Security Mechanisms: Hiding the Network Name (ESSID) Caution When Surfing Well-Known Security Mechanisms: Virtual Private Networks Recommended Safety Precautions.     Sekundärliteratur:   Elektronik Kompendium: WLAN-Übertragungstechnik Folge3:  "Eavesdropping on the internet"  Evasdropping on the Internet. Sniffers. Various Attack Scenarios. Protection against Eavesdropping on the Internet.  Folge4:  "Faking Adresses on the Internet - Spoofing" Faking Adresses on the Internet - Spoofing. IP Adress Spoofing. DNS Spoofing. E-Mail Spoofing.  Folge5:  "Man in the Middle Attacks" Man-in-the-Middle Attacks. DNS Man in the Middle. Man-in-the-Browser. SSL/TLS Man-in-the-Middle. Protection.   Folge6:  "Attacks on Service" Attacks on Service. Denial of Service Attacks. Attack on E-Mail Systems. Remote Code Execution. Well-Known Case: Hearbleed.   Folge7:  "Attacks on the World Wide Web - Via Web Browsers" Introduction: Attacks on the Web. Introduction: Attacks via Web Browser. Web Browser Attacks - Vulnerabilities in Plugins. Web Browser Attacks - Vulnerabilities in Script Interpreters. Web Browser Attacks - Information Leaks in the Browser.  Folge8:  "Attacks on the World Wide Web - Via Web Servers" Introduction: Attacks on the Web. Introduction: Web Server Attack. Web Server Attacks: Top 10 Vulnerabilities on the Web (OWSAP). Web Server Attacks: Injections. Attacks on Web Servers: Cross-Site-Scripting.   Folge9:  "Secure Internet - Protective Measures" Secure Internet - Protective Measures. Authentication. Encryption. Firewalls. Regular Updates. Sandboxing and Minimal Authorizations. Data Minimization. Folge10:  "Excursion: Advanced Persistent Threat"  APT - Advanced Persistent Threat. APT - Motivation and Goals. APT - Patterns of Attack. APT - Example 1: Stuxnet. APT - APT 1.    Woche 5 How to Safeguard Communication on the Internet? Folge1:  "Introduction to Encryption Technology" Cryptography - the Science of Encryption. Encryption Techniques Help to Achieve Various Security Objectives. Encryption Methods.  Sekundärliteratur: heise.de: Kryptographie in der IT - Empfehlungen zu Verschlüsselungen und Verfahren Folge2:  "Classical Encryption Methods" Encryption with Monoalphabetic Substitution. Encryption with Substitution Cipher. Encryption with Polyalphabetic Ciphers. Encryption with Vigenère Encryption. Decryption by Cryptoanalysis.  Sekundärliteratur: Wikipedia: Kategorie: "Klassische Kryptografie" Folge3:  "Encryption Methods" Working Principle of Symimetric 1-Key Encryption Methods 1-Key Encryption Methods Well-Known Examples of 1-Key Encryption Key Exchange Problem with 1-Key Encryption Working Principle of Asymmetric 2-Key Encryption 2-Key Procedure Methods - Encryption and Decryption Well-Known Examples of 2-Key Encryption Methods Hybrid Encryption Hybrid Encryption - Working Principle Hybrid Encryption - Application on the Internet Sekundärliteratur: Elektronik-Kompendium: Asymetrische Kryptografie  Folge4:  "Secure HTTP: HTTPS and TLS/SSL" HTTPS - Hyper Text Transfer Protocol Secure HTTPS - Working Principle HTTPS - Involved Encryption Methods HTTPS - Pros and Cons HTTPS - Development of TLS/SSL HTTPS - Implementation of TLS/SSL HTTPS - Attacks on TLS/SSL Sekundärliteratur: Off-the-Record Messaging  Wikipedia: Kategorie: Digitale Zertifikate Wikipedia: Kategorie:Transport Layer Security Wikipedia: Category:Transport Layer Security     Woche 6 Folge1:  "Privacy - Private Sphere and Data Privacy in the Digital Enviroment" Digitale Traces Private Sphere and Data Protection in the Digital Environment Privacy - Private Sphere and Data Protection in the Digital Environment Privacy in the Digital Environment Folge2:  "Privacy: Payment and Bonus Systems" Cashless Payment Methods Digital Traces Various Card Systems Data Transfer During Payment: VISA / MasterCard Data Transfer During Payment: Electronic Cash / Girocard Data Transfer During Payment: Online Shopping Folge3:  Privacy: Smartphones Smartphones are constantly with us Risk: Online Synchronization Risk: Online Synchronization An Attack Example Risk: Apps - Applications Authorizations for Application Authorizations for Application Internet Access Unavoidable for Users Folge4: "Privacy: Smart Watches and Health Trackers" Smart Watches and Fitness Trackers Risks: Online Synchronization Risks: „Connected Fitness“ Health Data is Confidential Folge5:  "Movement Profiles" Movement Profiles Mobile Phone Tracking with GSM  Mobile Phone Tracking with GPS RFID RFID Motion Profiles Smart Cards and Motion Profiles Surveillance Cameras Motion Profiles on the Internet  Conclusion    Generelle Linkliste Wikipedia: Kategorie Kryptografie Wikipedia: Key Management