Monday, October 26, 2009

Lecture 9 -12102009-

Lecture 9 is covered in today’s lecture which is about Legal and Ethical Issues In Computer Security.  This lecture is going to discuss about information security law and ethic.

 

First and foremost, law is a rule of conduct or action prescribed or formally recognized as binding or enforced by a controlling authority while ethics is a set of moral principles. The difference between laws and ethics is that laws carry the sanctions of a governing authority while ethics in turn are based on cultural mores.

 

Law can be categorized in several types which are civil law, criminal law, tort law and etc. In a wider range, law can be classified into private law and public law. Private law regulates the relationship between the individual and the organization, and encompasses family law, commercial law, and labor law while public law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments, providing careful checks and balances. Examples of public law include criminal, administrative, and constitutional law.

 

There are few ethics concept in information system. For instance, Asians culture is different from western culture where software piracy issues are popular among Asians. Next, software license infringement is also a popular issue. The lack of disincentives and punitive measures, this issue is increasingly extended. The illicit use and misuse of corporate resources also ethics issues in information security. To solve these problems, deterrence to unethical and illegal behavior should be done. It is the responsibility of information security personnel to do everything in their power to deter these acts and to use policy, education and training, and technology to protect information and system.

 

To protect programs and data, several methods can be used. The first is copyrights. Copyrights is designed to protect the expression of ideas applies to a creative work such as a story and song. Its primary intent was to allow regular and free exchange of ideas. Next, patents can be used. Patents is a set of exclusive rights granted by a state (national government) to an inventor or their assignee for a limited period of time in exchange for a public disclosure of an invention. The third method is trade secret. A trade secret is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known or reasonably ascertainable, by which a business can obtain an economic advantage over competitors or customers. In some jurisdictions, such secrets are referred to as "confidential information" or "classified information".

 

The next section covered in this lecture is about computer crime. Computer crime can broadly be defined as criminal activity involving an information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from or within a computer system), data interference (unauthorized damaging, deletion, deterioration, alteration or suppression of computer data), systems interference (interfering with the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud. Computer crimes must be taken serious as it is becoming serious nowadays.

 

 

 

Lecture 8 -05102009-

Today, we have covered lecture 8 which is about wireless security.

 

Wireless LAN is increasingly popular.  The IEEE 802.11 group of standards specifies the technologies for wireless LANs. 802.11 standards use the Ethernet protocol and CSMA/CA (carrier sense multiple access with collision avoidance) for path sharing and include an encryption method, the Wired Equivalent Privacy algorithm. The 802.11 include four subsets of Ethernet-based protocol standards which is 802.11, 802.11a, 802.11b and 802.11g. 802.11 operated in the 2.4 GHz range and was the original specification of the 802.11 IEEEstandard. This specification delivered 1 to 2 Mbps using a technology known as phase-shift keying (PSK) modulation. This specification is no longer used and has largely been replaced by other forms of the 802.11 standard. 802.11a operates in the 5 - 6 GHz range with data rates commonly in the 6 Mbps, 12 Mbps, or 24 Mbps range. Because 802.11a uses the orthogonal frequency division multiplexing (OFDM) standard, data transfer rates can be as high as 54 Mbps. OFDM breaks up fast serial information signals into several slower sub-signals that are transferred at the same time via different frequencies, providing more resistance to radio frequency interference. The 802.11a specification is also known as Wi-Fi5, and though regionally deployed, it is not a global standard like 802.11b. The 802.11b standard (also known as Wi-Fi) operates in the 2.4 GHz range with up to 11 Mbps data rates and is backward compatible with the 802.11 standard. 802.11b uses a technology known as complementary code keying (CCK) modulation, which allows for higher data rates with less chance of multi-path propagation interference (duplicate signals bouncing off walls). 802.11g is the most recent IEEE 802.11 draft standard and operates in the 2.4 GHz range with data rates as high as 54 Mbps over a limited distance. It is also backward compatible with 802.11b and will work with both 11 and 22 Mbps U.S. Robotics wireless networking products. 802.11g offers the best features of both 802.11a and 802.11b.

 

 

Open System Authentication (OSA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol. With OSA, a computer equipped with a wireless modem can access any WEP network and receive files that are not encrypted.For OSA to work; the service set identifier (SSID) of the computer should match the SSID of the wireless access point. The SSID is a sequence of characters that uniquely names a wireless local area network (WLAN). The process occurs in three steps. First, the computer sends a request for authentication to the access point. Then the access point generates an authentication code, usually at random, intended for use only during that session. Finally, the computer accepts the authentication code and becomes part of the network as long as the session continues and the computer remains within range of the original access point. The process of WEP Open System Authentication is illustrated below.

http://documentation.netgear.com/reference/sve/wireless/images/WEPauthenticationOpen.jpg

1.      The station sends an authentication request to the access point.

2.      The access point authenticates the station.

3.      The station associates with the access point and joins the network.

 

The three basic security services defined by IEEE for the WLAN in WEP are authentication for access control, confidentiality or privacy of information and data integrity. Authentication provides a security service to verify the identity of communicating client station while confidentiality is to provide privacy. Integrity is to ensure that messages are not modified in transit between the wireless clients.

 

Consequently, web attacks are discussed. Basically, there are 2 types of web attack which is active attack and passive attack. In passive attack, the attacker will collects all traffic and collect two messages. It is encrypted with same key and same IV. The attacker will make statistical attacks to reveal the plaintext. On the other hand, active attack is done if attacker knows plaintext and ciphertext pair. The keystream is known and attacker can create correctly encrypted messages.

 

Then, we move on to the 802.11 safeguards. There are 7 seven safeguard that is discussed include security policy and architecture design, treat as untrusted LAN, discover unauthorised use, access point audits, station protection, access point location, access point location, antenna design.

 

WPA is the abbreviation for Wi-Fi Protected Access. It works with 802.11a, 802.11b and 802.11g. It is is a certification program created by the Wi-Fi Alliance to indicate compliance with the security protocol created by the Wi-Fi Alliance to secure wireless computer networks. This protocol was created in response to several serious weaknesses researchers had found in the previous system, WEP (Wired Equivalent Privacy).

 

Saturday, October 17, 2009

Lecture 7 -29092009-

Today’s lecture will be cover Lecture 7 which is about Security in Applications. This lecture will focus on Electronic Mail Security, security provided in email, web security and biometric.

 

First of all, what is email? Email is an abbreviation of Electronic mail, is a method of exchanging digital messages, designed primarily for human use. Normally, email contains 2 parts, the header and the body. Header include sender, recipient, date, subject and delivery path while body consists of the message content. Originally a text-only communications medium, email was extended to carry multi-media content attachments, which were standardized in Multipurpose Internet Mail Extensions (MIME).

 

Security provided in email includes confidentiality, data origin authentication, message integrity, non-repudiation of origin and key management. Contemporarily, e-mail is the main vector by which computer viruses spread. Virus can be self-replicating code that embedded in email, exploits feature or vulnerabilities of email client. Spamming could be occurring in email. Spam has frustrated, confused, and annoyed e-mail users.   

 

Next, web security is discussed. Web security can be provided in several form include SSL/TLS, SSH and SET. SSL is the predecessor of TLS, where both SSL and TLS are cryptographic protocols that provide security for communications over networks. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. In application, SSL secure e-commerce and electronic banking such as amazon.com, airlines and etc. SSH is an abbreviation of Secure Shell which is initially designed to replace insecure RSH, telnet utilities. SSH provides security in application layer. SSH application include Anonymous FTP for software updates, Secure FTP, Secure Remote Administration and Guerilla Virtual Private Network. SET is an open encryption and security specification designed to protect credit card transactions on the internet.  SET requires two pairs of PKs per entity. One is for signing and another is for exchanging keys.

 

Then, we move on to HTTPS which is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to provide encryption and secure identification of the server. HTTPS connections are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems.

 

S/FTP is an abbreviation for Secure File Transfer Protocol which is an interactive file transfer program. It is a terminal program that encrypts the files that you send and recieve to a remote system. SFTP is a secure form of the ftp command. The benefit of SFTP against FTP is that when using ssh's sftp instead of the ftp, the entire login sesion, including transmission of password, is encrypted.It is therefore much more difficult for an outsider to observe and collect passwords from a system using ssh/sftp sessions.

 

The last sub-chapter is about biometric. The word biometric can be defined as "life - measure." It is used in security and access control applications to mean measurable physical characteristics of a person that can be checked on an automated basis. Biometric identification systems can be grouped based on the main physical characteristic that lends itself to biometric identification:

  • Fingerprint identification
    Fingerprint ridges are formed in the womb; you have fingerprints by the fourth month of fetal development. Once formed, fingerprint ridges are like a picture on the surface of a balloon. As the person ages, the fingers get do get larger. However, the relationship between the ridges stays the same, just like the picture on a balloon is still recognizable as the balloon is inflated.
  • Hand geometry
    Hand geometry is the measurement and comparison of the different physical characteristics of the hand. Although hand geometry does not have the same degree of permanence or individuality as some other characteristics, it is still a popular means of biometric authentication.
  • Palm Vein Authentication
    This system uses an infrared beam to penetrate the users hand as it is waved over the system; the veins within the palm of the user are returned as black lines. Palm vein authentication has a high level of authentication accuracy due to the complexity of vein patterns of the palm. Because the palm vein patterns are internal to the body, this would be a difficult system to counterfeit. Also, the system is contactless and therefore hygienic for use in public areas.
  • Retina scan
    A retina scan provides an analysis of the capillary blood vessels located in the back of the eye; the pattern remains the same throughout life. A scan uses a low-intensity light to take an image of the pattern formed by the blood vessels. Retina scans were first suggested in the 1930's.
  • Iris scan
    An iris scan provides an analysis of the rings, furrows and freckles in the colored ring that surrounds the pupil of the eye. More than 200 points are used for comparison. Iris scans were proposed in 1936, but it was not until the early 1990's that algorithms for iris recognition were created (and patented). All current iris recognition systems use these basic patents, held by Iridian Technologies.
  • Face recognition
    Facial characteristics (the size and shape of facial characteristics, and their relationship to each other). Although this method is the one that human beings have always used with each other, it is not easy to automate it. Typically, this method uses relative distances between common landmarks on the face to generate a unique "faceprint."
  • Signature
    Although the way you sign your name does change over time, and can be consciously changed to some extent, it provides a basic means of identification.
  • Voice analysis
    The analysis of the pitch, tone, cadence and frequency of a person's voice.

There are numbers of advantages in the biometric technology include:

  • Provide extremely accurate, secured access to information; fingerprints, retinal and iris scans produce absolutely unique data sets when done properly
  • Current methods like password verification have many problems (people write them down, they forget them, they make up easy-to-hack passwords)
  • Automated biometric identification can be done very rapidly and uniformly, with a minimum of training
  • Identity can be verified without resort to documents that may be stolen, lost or altered.

 

 

Lab 7 -15092009-

Today’s lab is about security in network. This lab is focuses on FTP which is File Transfer Protocol and IPSec which is Internet Protocol Security.


Network security can be defined as prevention from nosy people from getting data they are not authorized. Most network security problem aroused by malicious people who intentionally trying to gain benefit or brings harm to someone else.


IPSec is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used to protect data flows between a pair of hosts (e.g. computer users or servers), between a pair of security gateways (e.g. routers or firewalls), or between a security gateway and a host. For IPsec to work, the sending and receiving devices must share a public key. This is accomplished through a protocol known asInternet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates.


Our first task is to capture FTP username and password. First, virtual machine containing winserv03_server and winserv03_client is started. Then, login as adminidtrator. In client site, type the command “ftp” in order to secure FTP. Then the ftp> will appear in the next line. Type “open:” to 192.168.1.106. Then, open the Wireshark that has been installed early. Next, choose network interface and capture interface.


The next task is to secure FTP transaction using IPSec. At the end of the task, the FTP transaction will be secured.

Lecture 6 -14092009-

This lecture is all about security in networks.

 

The network security issues concern with few areas which is resource sharing, complexity, unknown perimeter, many points of attack, unknown path, anonymity and etc. A network may combine two or more systems with dissimilar operating systems and different mechanisms for interhost connection. Complexity of this nature makes the certification process difficult. Besides, access controls on one machine preserves the secrecy of data on that processor but files stored in a remote network host may pass through many host machines to get to the user.

 

The hacking phase in network is reconnaissance, scanning, gaining access, maintaining access and covering tracks.

 

It is hard to ensure security in networks. This is due to the complexity nature of network. Thus, threats in network are greatly increase nowadays. With many unknown users on a network, concealing sensitive data becomes more difficult and this makes privacy hard to be exercised.  Besides, authenticity is also hard to maintain as it is difficult to assure identity of user on a remote system. Impersonating and eavesdropping in often occurs, too. Cracker can configures a system to masquerade as another system, thus gaining unauthorized access to resources or information on system that ‘trust’ the system being mimicked.  Besides, cracker can eavesdropping using wiretapping, radio, auxiliary ports on terminals and suing software that monitors packets sent over the network. Denials of service, packet replay, packet modification are also threats in networks. In denial of service, a user can render the system unusable for legitimates users by ‘hogging’ a resource or damaging or destroying resources. Packet replay refers to capturing and then resending packets on a network, with or without packet modification.

 

To control network security, there are several means include encryption, strong authentication and Kerberos. Firewall is also one of the means. Encryption can be divided into link encryption and end-to-end encryption.  Link encryption is applied between 2 hosts while end-to-end encryption can be applied between 2 applications. On the other hand, strong authentication is a form of computer security in which the identities of networked users, clients and servers are verified without transmitting passwords over the network. In order to support authentication in distributed system, Kerberos is appearing. It is the network authentication program that Fermilab uses to implement strong authentication. In addition to establishing identity (authentication), it supports encrypted network connections, thereby providing confidentiality.

 

Next, firewall is an important network security device. It is a system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

There are several types of firewall techniques:

·         ·Packet filters: Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.

·         ·Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose performance degradation.

·         ·Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

·         ·Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

That’s all for our lecture today.

 

 

 

 

Lab 6 -25082009-

Today’s lab is about database security.


First of all, MySQL Front and server is installed. After it is successfully installed, sql command is need in order to connect to MySQL server.


In order to change password, use this command: SET PASSWORD FOR root@localhost = OLD_PASSWORD (‘123456’); when the password is successfully changed, OK message will be displayed.


After that, we are asked to create table in the database. All attribute and data type is created in the table. Then, we need to secure the database by protecting information in statistical database and examine the potential interaction between security mechanisms in the database management system. Besides, we also need to define the access right for each row of the table.

Lecture 5 -24082009-

Today’s lecture is about Database Security.

 

What is database security? Database security is the system, processes, and procedures that protect a database from unintended activity. Unintended activity can be categorized as authenticated misuse, malicious attacks or inadvertent mistakes made by authorized individuals or processes. Characteristic for a good Database Security Management System include privacy, integrity and availability. Privacy signifies that an unauthorized user cannot disclose the data. Integrity ensures unauthorized user cannot modify the data while availability ensures that data is available to authorized user unfailingly.

 

There are four levels of database security which is physical security, operating system security, DBMS security and data encryption. The first three levels (physical security, operating system security, DBMS security) cannot provide sufficient security because it is hard to control the disclosure of raw data and also hard to control the disclosure of confidential data in as distributed database system. Therefore, encryption is a means to enforce database security. Data is encrypted into ciphertext which only can be decrypted with decryption key.

 

The basic security requirements in database are physical database integrity, logical database integrity, element integrity, access control, user authentication and availability. DBMS runs on top of operating system and there’s no trusted path. Thus, user must be suspicious of information received. Availability means that when two users is requesting the same record at the same time, the record must be available. Besides, it also means to withholiding some non protected data to avoid revealing the protected data.

 

On the other hand, reliability and integrity are important element in database management system. Database integrity concern that the database as a whole is protected from damage. Element integrity concern with the value of element is written or changed only by authorized users. Recovery is equally vital in database management system and can be exercised through backup and change log.

 

In database, there’s sensitive data. Sensitive data is data that should not be made public. The factors that make data sensitive are the data is inherently sensitive, the data is from sensitive source, the data is declared to be sensitive and the data is sensitive in relation to previously disclosed information. To secure sensitive data, access decision is essential. Assurance of authenticity could be done in way of DBA permit user to access database during certain hours. The difference between secrecy and precision is database is that secrecy allow only disclosure to data that is not sensitive while precision protect all sensitive data while revealing as much non sensitive data as possible.

 

There are several attacks that can be performed on database. Inference attack is one of them. An Inference Attack is a data mining technique performed by analyzing data in order to illegitimately gain knowledge about a database. A subject's sensitive information can be considered as leaked if an adversary can infer its real value with a high confidence. An Inference attack occurs when a user is able to infer from trivial information more robust information about a database without directly accessing it. The attack can be direct or indirect. In direct attack, one tries determine values of sensitive fields by seeking them directly with queries that yield few records. On the other hand, indirect attack is an attack by sum tries to infer a value from a reported sum.

 

Multilevel database enhance security of database. Multilevel database provides granular security for data depending on the sensitivity of the data field and clearance of the user for both writing and reading data. It is a Column based table with different security and view layers. The first layer corresponds to a model for a non-protected database. The second layer corresponds to a model for a multilevel database. In this second layer, a list of theorems that must be respected in order to build a secure multilevel database is proposed. The third layer corresponds to a model for a MultiView database, that is, a database that provides at each security level a consistent view of the multilevel database.