information, but with security - gaining information day at the University of Klagenfurt On Tuesday, 31 March 2009, the Institute of Applied computer science - system security offered (University of Klagenfurt), a series of lectures on the theme of "Information Security". The 4th and 5th classes of network engineering department were accompanied by five professors with it.
After a welcome by Prof. Dr. Horst showed us this in a lecture, as before encryption was used (c. 1500 BC).. He led us through the centuries up to date used cryptographic algorithms.
The second lecture was also Dr. Horster about "attacks on secure systems." He spoke mainly about the security of chip cards. Since we now enforce various attack techniques such as error reading time dependencies, read internal states to manipulate internal states, microprocessor contact directly, etc. at their disposal, the view has changed. Chip cards are no longer considered tamper-proof, they are still influenced by the environment and their information leave the map. The instructor led several Facilities - eg freezing of memory, reverse engineering, micro-probes, analysis of current consumption, fake a fingerprint, attaching a card reader at a teller machines - at, can be cracked by what date (secure) systems.
said the last presentation of the first session Ing Wigoutschnigg on social networks such as StudiVZ or Facebook. He called us students to do more to ensure that we share information on the Internet, go there at sites like Archive.org not this data is lost and thus always available to everyone. After a few fun statistics, we were released as a free lunch.
The first lecture the second session was held in the afternoon by engineer Peter Gruber on "The Network Security Wheel." This process is repetitive describes four phases, which increase the security of a network.
- Secure: In this phase to initialize security measures and implemented. This need to reflect on the subject Firewall (Where and what?) Authentication of users (how?), Encryption (What data? Which algorithm?) And others are made.
- Monitor: This monitors the effectiveness of the measures. For this offer, among other log files, network intrusion detection system Netflow statistics.
- review: The implemented security measures to be tested. It will be using scanners, security tools, security, web sites, etc. looking for weak points of the network.
- Improve: The information obtained in the previous phases will be developed enhanced security measures.
example: Internet access at home via Wi-Fi.
1st Phase: The WEP encryption enabled as
2nd Phase: Monitoring shows that someone else mitbenützt access
Phase 3: Hacking's own APs
4.Phase: WEP is by EPAs will be replaced
1st Phase: WPA is activated
2nd Phase: There are still co-users
.... His previous day ended
have the instructor with the slogan "Security is never done".
The second lecture in the afternoon was then "Writing Secure Code", where DDipl. Ing Rass tried drumming into us that we are not the performance of our software will increase at the expense of safety.
The last lecture was given by Ass Prof. Dr. Schartner on the safety aspects of digital images. He presented a project of students, are provided in which captured photos with EXIF data, verified that each time may be, whether it is the original or a different picture. Each manipulation is documented and can be traced.
We hereby would like to thank you for the interesting presentations and the friendly hospitality at the participating members of the Institute.
