SlideShare uma empresa Scribd logo

Rothke Info Security Canada 2007 Final

Transferir como PPT, PDF
Ben Rothke
Ben Rothke

Presentation from Infosecurity Canada by Ben Rothke on Everything an Audit Professional needs to know about encryption in 50 minutes

Tecnologia
1 de 57
Everything an Audit Professional needs to know about encryption in 50 minutes ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
About me ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Full disclosure ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Key Points ,[object Object],[object Object],[object Object],[object Object]
Topics to be discussed ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What is cryptography? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Why is cryptography so important? ,[object Object],[object Object],[object Object],[object Object]
Uses of cryptography ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Four objectives of cryptography ,[object Object],[object Object],[object Object],[object Object]
Objectives of cryptography Confidentiality Integrity Authentication Interception Modification Fabrication Are my communications private? Has my communication been altered? Who am I dealing with?
History of cryptography ,[object Object],[object Object],[object Object],[object Object],[object Object]
History of cryptography ,[object Object],[object Object],[object Object],[object Object],[object Object]
PGP History ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
History of cryptography ,[object Object],[object Object],[object Object],[object Object]
Everything You Need to Know about Cryptography
Six fundamental cryptography terms ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Advanced cryptography terms (that you don’t need to know) RSA Factoring Challenge PKCS Discrete logarithms Root CA block cipher One-time pad Factoring methods Covert channel Blind signature scheme chosen ciphertext attack key escrow Pollard Rho method discrete logarithm Kerberos CP & CPS Capstone meet-in-the-middle attack linear cryptanalysis Adaptive-chosen-ciphertext attach Operational policy and procedures One-way function tamper resistant Exclusive-OR multiple polynomial quadratic sieve differential cryptanalysis Diffie-Hellman key exchange Iterated block cipher Factoring methods Key Management General purpose factoring algorithm CAPI Dictionary attack Random numbers SKPI Private exponent chosen plaintext attack Elliptic curve discrete logarithm problem NSA General purpose factoring algorithm Brute force attack CRL Session key Prime numbers Quantum cryptography Fields and rings Vector spaces and lattices Boolean expressions Number field sieve Provably secure Threshold cryptography key recovery Modular arithmetic Galois field Goppa code Random number generation Cryptographic tokens X.509v3 ANSI X9.24 ICV PRNG ASN.1 FIPS EAL BSAFE IDEA
Paper based trust ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Paper vs. Electronic trust
Symmetric Cryptography ,[object Object],[object Object]
Symmetric Cryptography Q4 sales well below forecast “ BxWv;5df~TmWe#4^,sdgfMwir3:dkJeTsY@!q3” Q4 sales well below forecast Same Key (Secret) Encrypt Decrypt
Asymmetric (Public-Key Cryptography) ,[object Object],[object Object],[object Object]
PKC concepts ,[object Object],[object Object],[object Object],[object Object],[object Object]
PKC Benefits ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
PKC history ,[object Object],[object Object],[object Object],[object Object],[object Object]
PKC Process ,[object Object],[object Object],[object Object]
Symmetric vs. Asymmetric Secret-key (symmetric) encryption Public-key (asymmetric) encryption
Public-key Cryptography CFO to resign next week “ BxWv;5df~TmWe#4^,sdgfMwir3:dkJeTsY@!q3” Encrypt Decrypt CFO to resign next week Public Key of recipient Private Key of recipient
Portrait of a Public Key
The n 2 Problem ,[object Object],[object Object],[object Object],[object Object]
The n 2 Problem
Symmetric vs. Asymmetric ,[object Object],[object Object],[object Object],[object Object],[object Object]
Keys & key sizes ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Keys & key sizes ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How secure is good cryptography? ,[object Object],[object Object],[object Object],[object Object]
Cryptographic Algorithms ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Symmetric Algorithms ,[object Object],[object Object],[object Object]
DES ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Asymmetric Algorithms ,[object Object],[object Object],[object Object],[object Object],[object Object]
Digital Signatures & Certificates ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Digital Signatures & Certificates
What’s in the digital certificate? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Advanced Encryption Standard (AES) ,[object Object],[object Object],[object Object]
AES technical details ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
PGP (Pretty Good Privacy) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Using PGP ,[object Object],[object Object],[object Object]
PGP keyring of public keys
PGP encryption/decryption
Digital signing
Digital signature verification
Additional References
For further information ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
For further information ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusions
Conclusions ,[object Object],[object Object],[object Object]
Thanks for attending ,[object Object],[object Object]
Ben Rothke CISSP CISM Security Consultant NY Metro | BT INS [email_address]

Recomendados

Basic concept of pki
Basic concept of pkiBasic concept of pki
Basic concept of pkiPrabhat Goel
 
Summer report crypto
Summer report cryptoSummer report crypto
Summer report cryptoGaurav Shukla
 
Cryptography
CryptographyCryptography
CryptographyJasim Jas
 
Cryptography
CryptographyCryptography
CryptographyAskme.com
 
Cryptography Presentation
Cryptography PresentationCryptography Presentation
Cryptography PresentationDonte Francis
 
cryptography
cryptographycryptography
cryptographyBalaji Ravi
 
Cryptography, a science of secure writing
Cryptography, a science of secure writingCryptography, a science of secure writing
Cryptography, a science of secure writingtahirilyas92
 
Cryptographysecurity 1222867498937700-9
Cryptographysecurity 1222867498937700-9Cryptographysecurity 1222867498937700-9
Cryptographysecurity 1222867498937700-9muthulx
 

Recomendados

Basic concept of pki
Basic concept of pkiBasic concept of pki
Basic concept of pkiPrabhat Goel
 
Summer report crypto
Summer report cryptoSummer report crypto
Summer report cryptoGaurav Shukla
 
Cryptography
CryptographyCryptography
CryptographyJasim Jas
 
Cryptography
CryptographyCryptography
CryptographyAskme.com
 
Cryptography Presentation
Cryptography PresentationCryptography Presentation
Cryptography PresentationDonte Francis
 
cryptography
cryptographycryptography
cryptographyBalaji Ravi
 
Cryptography, a science of secure writing
Cryptography, a science of secure writingCryptography, a science of secure writing
Cryptography, a science of secure writingtahirilyas92
 
Cryptographysecurity 1222867498937700-9
Cryptographysecurity 1222867498937700-9Cryptographysecurity 1222867498937700-9
Cryptographysecurity 1222867498937700-9muthulx
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewInformation Security Awareness Group
 
Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic toolsCAS
 
Cryptography and E-Commerce
Cryptography and E-CommerceCryptography and E-Commerce
Cryptography and E-CommerceHiep Luong
 
Cryptography
CryptographyCryptography
CryptographyKural Amudhan
 
Evolution of Cryptography and Cryptographic techniques
Evolution of Cryptography and Cryptographic techniquesEvolution of Cryptography and Cryptographic techniques
Evolution of Cryptography and Cryptographic techniquesMona Rajput
 
Cryptographic Algorithms For Secure Data Communication
Cryptographic Algorithms For Secure Data CommunicationCryptographic Algorithms For Secure Data Communication
Cryptographic Algorithms For Secure Data CommunicationCSCJournals
 
Seminar report on symmetric key
Seminar report on symmetric keySeminar report on symmetric key
Seminar report on symmetric keyRajat Tripathi
 
Analysis of Cryptography Techniques
Analysis of Cryptography TechniquesAnalysis of Cryptography Techniques
Analysis of Cryptography Techniqueseditor1knowledgecuddle
 
Cryptography
CryptographyCryptography
CryptographyBirmingham City University
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 
Making Sense Of Cryptography
Making Sense Of CryptographyMaking Sense Of Cryptography
Making Sense Of Cryptographymarkjhouse
 
Crytography
CrytographyCrytography
CrytographyAnchal Kumar
 
Encryption
EncryptionEncryption
Encryptionvasanthimuniasamy
 
My cryptography
My cryptographyMy cryptography
My cryptographyNAVYA RAO
 
Crytography
CrytographyCrytography
CrytographySubesh Kumar Yadav
 
Ccc brochure
Ccc brochureCcc brochure
Ccc brochureEhab El Barbary
 
Cryptography saurabh
Cryptography saurabhCryptography saurabh
Cryptography saurabhSaurabhChakraverty1
 
Advanced cryptography and implementation
Advanced cryptography and implementationAdvanced cryptography and implementation
Advanced cryptography and implementationAkash Jadhav
 
Networksecurity1 1
Networksecurity1 1 Networksecurity1 1
Networksecurity1 1 lakshmansoft7
 
Cryptography
CryptographyCryptography
CryptographyVicky Kamboj
 
Class 5: Procedure Practice
Class 5: Procedure PracticeClass 5: Procedure Practice
Class 5: Procedure PracticeDavid Evans
 
Cryptography
CryptographyCryptography
CryptographyPradeep Balasubramanian
 

Mais conteúdo relacionado

Mais procurados

Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic toolsCAS
 
Cryptography and E-Commerce
Cryptography and E-CommerceCryptography and E-Commerce
Cryptography and E-CommerceHiep Luong
 
Evolution of Cryptography and Cryptographic techniques
Evolution of Cryptography and Cryptographic techniquesEvolution of Cryptography and Cryptographic techniques
Evolution of Cryptography and Cryptographic techniquesMona Rajput
 
Cryptographic Algorithms For Secure Data Communication
Cryptographic Algorithms For Secure Data CommunicationCryptographic Algorithms For Secure Data Communication
Cryptographic Algorithms For Secure Data CommunicationCSCJournals
 
Seminar report on symmetric key
Seminar report on symmetric keySeminar report on symmetric key
Seminar report on symmetric keyRajat Tripathi
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 
Making Sense Of Cryptography
Making Sense Of CryptographyMaking Sense Of Cryptography
Making Sense Of Cryptographymarkjhouse
 
My cryptography
My cryptographyMy cryptography
My cryptographyNAVYA RAO
 
Advanced cryptography and implementation
Advanced cryptography and implementationAdvanced cryptography and implementation
Advanced cryptography and implementationAkash Jadhav
 

Mais procurados (20)

Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overview
 
Cryptographic tools
Cryptographic toolsCryptographic tools
Cryptographic tools
 
Cryptography and E-Commerce
Cryptography and E-CommerceCryptography and E-Commerce
Cryptography and E-Commerce
 
Cryptography
CryptographyCryptography
Cryptography
 
Evolution of Cryptography and Cryptographic techniques
Evolution of Cryptography and Cryptographic techniquesEvolution of Cryptography and Cryptographic techniques
Evolution of Cryptography and Cryptographic techniques
 
Cryptographic Algorithms For Secure Data Communication
Cryptographic Algorithms For Secure Data CommunicationCryptographic Algorithms For Secure Data Communication
Cryptographic Algorithms For Secure Data Communication
 
Seminar report on symmetric key
Seminar report on symmetric keySeminar report on symmetric key
Seminar report on symmetric key
 
Analysis of Cryptography Techniques
Analysis of Cryptography TechniquesAnalysis of Cryptography Techniques
Analysis of Cryptography Techniques
 
Cryptography
CryptographyCryptography
Cryptography
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
Making Sense Of Cryptography
Making Sense Of CryptographyMaking Sense Of Cryptography
Making Sense Of Cryptography
 
Crytography
CrytographyCrytography
Crytography
 
Encryption
EncryptionEncryption
Encryption
 
My cryptography
My cryptographyMy cryptography
My cryptography
 
Crytography
CrytographyCrytography
Crytography
 
Ccc brochure
Ccc brochureCcc brochure
Ccc brochure
 
Cryptography saurabh
Cryptography saurabhCryptography saurabh
Cryptography saurabh
 
Advanced cryptography and implementation
Advanced cryptography and implementationAdvanced cryptography and implementation
Advanced cryptography and implementation
 
Networksecurity1 1
Networksecurity1 1 Networksecurity1 1
Networksecurity1 1
 
Cryptography
CryptographyCryptography
Cryptography
 

Destaque

Class 5: Procedure Practice
Class 5: Procedure PracticeClass 5: Procedure Practice
Class 5: Procedure PracticeDavid Evans
 
PBU-Intro_to_PGP
PBU-Intro_to_PGPPBU-Intro_to_PGP
PBU-Intro_to_PGPauremoser
 
Security Training: #2 Cryptography Basics
Security Training: #2 Cryptography BasicsSecurity Training: #2 Cryptography Basics
Security Training: #2 Cryptography BasicsYulian Slobodyan
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 

Destaque (7)

Class 5: Procedure Practice
Class 5: Procedure PracticeClass 5: Procedure Practice
Class 5: Procedure Practice
 
Cryptography
CryptographyCryptography
Cryptography
 
PBU-Intro_to_PGP
PBU-Intro_to_PGPPBU-Intro_to_PGP
PBU-Intro_to_PGP
 
PGP for Humans
PGP for HumansPGP for Humans
PGP for Humans
 
Security Training: #2 Cryptography Basics
Security Training: #2 Cryptography BasicsSecurity Training: #2 Cryptography Basics
Security Training: #2 Cryptography Basics
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
PGP for Smarties
PGP for SmartiesPGP for Smarties
PGP for Smarties
 

Semelhante a Rothke Info Security Canada 2007 Final

Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...Petar Radanliev
 
Cryptography - A Brief History
Cryptography - A Brief HistoryCryptography - A Brief History
Cryptography - A Brief Historyprasenjeetd
 
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...Petar Radanliev
 
Cryptoandnetworksecuritylitreview
CryptoandnetworksecuritylitreviewCryptoandnetworksecuritylitreview
CryptoandnetworksecuritylitreviewFaith Nweke
 
Ao318992
Ao318992Ao318992
Ao318992IJMER
 
5 Cryptography Part1
5 Cryptography Part15 Cryptography Part1
5 Cryptography Part1Alfred Ouyang
 
How encryption works
How encryption worksHow encryption works
How encryption worksMariko Saitoh
 
Cryptography & Network Security.pptx
Cryptography & Network Security.pptxCryptography & Network Security.pptx
Cryptography & Network Security.pptxsunil sharma
 
CyberGhost VPN Encryption Guide
CyberGhost VPN Encryption GuideCyberGhost VPN Encryption Guide
CyberGhost VPN Encryption GuideCyberGhost VPN
 
Cryptography
CryptographyCryptography
CryptographyAnandKaGe
 

Semelhante a Rothke Info Security Canada 2007 Final (20)

Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
 
Cryptography - A Brief History
Cryptography - A Brief HistoryCryptography - A Brief History
Cryptography - A Brief History
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
 
Cryptoandnetworksecuritylitreview
CryptoandnetworksecuritylitreviewCryptoandnetworksecuritylitreview
Cryptoandnetworksecuritylitreview
 
Ao318992
Ao318992Ao318992
Ao318992
 
5 Cryptography Part1
5 Cryptography Part15 Cryptography Part1
5 Cryptography Part1
 
How encryption works
How encryption worksHow encryption works
How encryption works
 
Data encryption
Data encryptionData encryption
Data encryption
 
Fundamentals of cryptography
Fundamentals of cryptographyFundamentals of cryptography
Fundamentals of cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding informationCryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding information
 
Sw2
Sw2Sw2
Sw2
 
Cryptography & Network Security.pptx
Cryptography & Network Security.pptxCryptography & Network Security.pptx
Cryptography & Network Security.pptx
 
F16 cs61 cryptography
F16 cs61 cryptographyF16 cs61 cryptography
F16 cs61 cryptography
 
CyberGhost VPN Encryption Guide
CyberGhost VPN Encryption GuideCyberGhost VPN Encryption Guide
CyberGhost VPN Encryption Guide
 
Unit 1 QB.docx
Unit 1 QB.docxUnit 1 QB.docx
Unit 1 QB.docx
 
Em24873876
Em24873876Em24873876
Em24873876
 
Encryption in Cryptography
Encryption in CryptographyEncryption in Cryptography
Encryption in Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 

Mais de Ben Rothke

Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...Ben Rothke
 
Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsRothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsBen Rothke
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionBen Rothke
 
E5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryptionE5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryptionBen Rothke
 
Locking down server and workstation operating systems
Locking down server and workstation operating systemsLocking down server and workstation operating systems
Locking down server and workstation operating systemsBen Rothke
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about themBen Rothke
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
Lessons from ligatt from national cyber security nationalcybersecurity com
Lessons from ligatt from national cyber security nationalcybersecurity comLessons from ligatt from national cyber security nationalcybersecurity com
Lessons from ligatt from national cyber security nationalcybersecurity comBen Rothke
 
Lessons from ligatt
Lessons from ligattLessons from ligatt
Lessons from ligattBen Rothke
 
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeInterop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeBen Rothke
 
Infosecurity Needs Its T.J. Hooper
Infosecurity Needs Its T.J. HooperInfosecurity Needs Its T.J. Hooper
Infosecurity Needs Its T.J. HooperBen Rothke
 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practicesBen Rothke
 
Rothke computer forensics show 2010
Rothke computer forensics show 2010Rothke computer forensics show 2010
Rothke computer forensics show 2010Ben Rothke
 
The Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeThe Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeBen Rothke
 
Webinar - Getting a handle on wireless security for PCI DSS Compliance
Webinar - Getting a handle on wireless security for PCI DSS ComplianceWebinar - Getting a handle on wireless security for PCI DSS Compliance
Webinar - Getting a handle on wireless security for PCI DSS ComplianceBen Rothke
 
La nécessité de la dlp aujourd’hui un livre blanc clearswift
La nécessité de la dlp aujourd’hui un livre blanc clearswiftLa nécessité de la dlp aujourd’hui un livre blanc clearswift
La nécessité de la dlp aujourd’hui un livre blanc clearswiftBen Rothke
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperBen Rothke
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 

Mais de Ben Rothke (20)

Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
 
Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsRothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizations
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryption
 
E5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryptionE5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryption
 
Locking down server and workstation operating systems
Locking down server and workstation operating systemsLocking down server and workstation operating systems
Locking down server and workstation operating systems
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about them
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
 
Lessons from ligatt from national cyber security nationalcybersecurity com
Lessons from ligatt from national cyber security nationalcybersecurity comLessons from ligatt from national cyber security nationalcybersecurity com
Lessons from ligatt from national cyber security nationalcybersecurity com
 
Lessons from ligatt
Lessons from ligattLessons from ligatt
Lessons from ligatt
 
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeInterop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothke
 
Infosecurity Needs Its T.J. Hooper
Infosecurity Needs Its T.J. HooperInfosecurity Needs Its T.J. Hooper
Infosecurity Needs Its T.J. Hooper
 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practices
 
Rothke computer forensics show 2010
Rothke computer forensics show 2010Rothke computer forensics show 2010
Rothke computer forensics show 2010
 
The Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - RothkeThe Cloud is in the details webinar - Rothke
The Cloud is in the details webinar - Rothke
 
Webinar - Getting a handle on wireless security for PCI DSS Compliance
Webinar - Getting a handle on wireless security for PCI DSS ComplianceWebinar - Getting a handle on wireless security for PCI DSS Compliance
Webinar - Getting a handle on wireless security for PCI DSS Compliance
 
La nécessité de la dlp aujourd’hui un livre blanc clearswift
La nécessité de la dlp aujourd’hui un livre blanc clearswiftLa nécessité de la dlp aujourd’hui un livre blanc clearswift
La nécessité de la dlp aujourd’hui un livre blanc clearswift
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White Paper
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 

Último

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Último (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Rothke Info Security Canada 2007 Final

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10. Objectives of cryptography Confidentiality Integrity Authentication Interception Modification Fabrication Are my communications private? Has my communication been altered? Who am I dealing with?
  • 11.
  • 12.
  • 13.
  • 14.
  • 15. Everything You Need to Know about Cryptography
  • 16.
  • 17. Advanced cryptography terms (that you don’t need to know) RSA Factoring Challenge PKCS Discrete logarithms Root CA block cipher One-time pad Factoring methods Covert channel Blind signature scheme chosen ciphertext attack key escrow Pollard Rho method discrete logarithm Kerberos CP & CPS Capstone meet-in-the-middle attack linear cryptanalysis Adaptive-chosen-ciphertext attach Operational policy and procedures One-way function tamper resistant Exclusive-OR multiple polynomial quadratic sieve differential cryptanalysis Diffie-Hellman key exchange Iterated block cipher Factoring methods Key Management General purpose factoring algorithm CAPI Dictionary attack Random numbers SKPI Private exponent chosen plaintext attack Elliptic curve discrete logarithm problem NSA General purpose factoring algorithm Brute force attack CRL Session key Prime numbers Quantum cryptography Fields and rings Vector spaces and lattices Boolean expressions Number field sieve Provably secure Threshold cryptography key recovery Modular arithmetic Galois field Goppa code Random number generation Cryptographic tokens X.509v3 ANSI X9.24 ICV PRNG ASN.1 FIPS EAL BSAFE IDEA
  • 18.
  • 20.
  • 21. Symmetric Cryptography Q4 sales well below forecast “ BxWv;5df~TmWe#4^,sdgfMwir3:dkJeTsY@!q3” Q4 sales well below forecast Same Key (Secret) Encrypt Decrypt
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27. Symmetric vs. Asymmetric Secret-key (symmetric) encryption Public-key (asymmetric) encryption
  • 28. Public-key Cryptography CFO to resign next week “ BxWv;5df~TmWe#4^,sdgfMwir3:dkJeTsY@!q3” Encrypt Decrypt CFO to resign next week Public Key of recipient Private Key of recipient
  • 29. Portrait of a Public Key
  • 30.
  • 31. The n 2 Problem
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41. Digital Signatures & Certificates
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47. PGP keyring of public keys
  • 52.
  • 53.
  • 55.
  • 56.
  • 57. Ben Rothke CISSP CISM Security Consultant NY Metro | BT INS [email_address]