IW2001-B2 1 Internet Week 2001 ( ) Copyright 2001 All Rights Reserved, by Seiji Kumagai IW2001-B2 2 CodeRed Copyright 2001 All Rights

1 Internet Week 2001 ( ) kuma@isid.co.jp 2 CodeRed 1

3 (EXCEED ) se cu ri ty? 4? 2

5 Web IP Web MP3 6 3

7 1.5Mbps8Mbps 500 MP3 CM VoD 8 4

ADSL (Asymmetric Digital Subscriber Line) () CATV FWA (Fixed Wireless Access) FTTH (Fiber To The Home) Ethernet 9 10 ISP ISP ISP 5

() 11 ISP ISP ADSL FTTH ADSL FTTH CATV LAN 12 6

1/22/3 13 14 IDF IDF IDF IDF MDF 7

1.5Mbps128kbps 100Mbps300 15 16 8

17 VLAN 18 LAN?? 9

LAN 19 2.4GHz(IMS) 11Mbps PCMCIA USB» RC4» http://airsnort.sourceforge.net/ 20 10

21 2000 1 Web 2001 7Sircam PC 2001 8CodeRed 2001 9Nimda 22 Web 11

23 http://www.ipa.go.jp/security/txt/2001_11.html Sircam 24 Sircam http://www.ipa.go.jp/security/topics/sircam.html 10 16 C MS-Word MS-Excel» Outlook, Outlook Express Web 12

25 26 ISP PC 13

CodeRed 27 2001 7 19CERT/CC» http://www.cert.org/advisories/ca-2001-19.html 26 IIS Index Server CERT/CC 2001 6 19» http://www.cert.org/advisories/ca-2001-13.html 2001 6 18» http://www.microsoft.com/japan/technet/security/prekb.asp?s ec_cd=ms01-033 CodeRed 28 IP IP CodeRed IIIP LAN 14

CodeRed 29 URL=http://www.security.nl/misc/codered-stats/ 30 CodeRedPC IIS Windows 2000 Professional IIS PC 15

LAN PC PC LAN 31 CodeRed 32 16

Nimda 33 Nimda» http://www.ipa.go.jp/security/topics/newvirus/nimda.html + InternetExplorer OutLook IIS Web CodeRed II CodeRed Microsoft? 34!?!? 17

1? 35 vs. 36 18

37»»» 38 19

39 40 20

PCLAN? OK? PC?? PC? 41 Web IP 42 21

43 SPAM 44» ID» 22

Web 45 2000 1 46 Q2 23

47 48 SPAM SPAM!! 24

49? 50? 25

??!!? 51 52 26

() 53 M () 54 27

? 55 56 28

57 CGI(Common Gateway Interface) 58 29

59»»»? 60 LAN () 30

61 62 31

63 PC PC PC PC PC PC PC PC PC PC 2.5HD50Mbps? 64 32

65 CodeRed IIS» 66?? 33

67 5 2 1 4 6 3 Denial of Service 68 DoS DDoS Distributed DoS DoS 34

?? ISP ISP LAN 69» DES, TripleDES, ISEA, RC2, RC4, MISTY, FEAL, CAST» RSA, Diffie-Hellman, ElGamal» SHA-1,MD5 70 35

»» 71 72 36

73 () ()() 1024 2048 4096 74 37

75 Virtual Private Network»»» 76 38

Virtual Private Network() VPN 77 VPN ISP 155Mbps172G(1.7TB/ )» 78 39

? 79 128 160 80 X Y 40

81 Public Key Infrastructure PKI CA (Certificate Authority) 82 41

PKI Web VPN 83? ( ) 1,500 / /!! 84 42

»?? 85 86 43

87 88 WWW (DB) DB WWW 44

SSL 89 Secure Sockets Layer»» SSL? 90 SSL»» DB»?» 45

91 92 46

PC X PC Y ISP A ISP B ISP C ISP D ISP H IX: Internet exchange ISP: Internet Service Provider ISP E ISP F ISP G Web Z ISP K ISP J 93 PC 94 2. 3. ISP ISP 1. PC PC 4. 47

95 2. 3. ISP ISP PC PC 1. 4. PGP(Pretty Good Privacy) S/MIME(Secure/MIME)» MIME Multipurpose Internet Mail Extensions 96 48

49 97 98

Unsolicited Commercial Email SPAM SPAM? FAXDM? 99 Cookie Web?»? Cookie IP 100 50

101 102 51

IP 103 IP JPNIC?»» 104? Web» 52

105 SSGS 106 53

107 108 http://www.jipdec.or.jp/security/privacy/»»»» 54

IDN International Domain Name.jp.com URL Web IDN IDN?? 109 110 55

111 112 56

!? 113 FD OK NTT?? 114 57

115 Web 116 IP PC 58

117 118 59

119 ID URL 120 http://www.ipa.go.jp/security/index.html JPCERT/CC http://www.jpcert.or.jp/ http://www.kantei.go.jp/jp/it/security/index.html http://www.meti.go.jp/kohosys/topics/10000098/ The SANS (System Administration, Networking, and Security) Institute http://www.sans.org/ 60