Held in System Lab.
Question 1 about File Permission on windows server 2003.
Question 2 about PGP (Pretty Good Privacy) how encrypt content messages.
Question 3 about IPSec.
I had answer all question.
Wednesday, October 28, 2009
Lecture 10 : Legal and Ethical Issues in Computer Security
::Law
- a rule of conduct or action by authority that need to recognized first.
::Ethics
- a set of moral principles or values
- standard about something right or wrong
- principle that conduct governing an individual or a group.
::Protecting Program or Data
a) copyright - the right of developer of the system or the application.
b) patent - a kind of the program or types of data.
c) trade secret - the owner must protect the secret of the content, such as by storing it and by making employees sign a statement that they will not disclose the secret.Slide 16
- a rule of conduct or action by authority that need to recognized first.
::Ethics
- a set of moral principles or values
- standard about something right or wrong
- principle that conduct governing an individual or a group.
::Protecting Program or Data
a) copyright - the right of developer of the system or the application.
b) patent - a kind of the program or types of data.
c) trade secret - the owner must protect the secret of the content, such as by storing it and by making employees sign a statement that they will not disclose the secret.
¡
Lab 9 : Backtrack 2
:: What is Backtracking ?
- Backtracking is a general algorithm for finding all or some solutions to some computational problem.
- Currently Backtrack 4 has released.
- Backtrack 3 interface
Backtrack as far as i know is to crack WEP wireless key.
Command line for backtrack.
a) iwconfig [name of device] - configure wireless device
b) ifconfig [name of device] up - start service
c) kismet- scan the area
d) air0dump -ng --ivs - to capture packet
e) air0dump -ng --ivs -w [folder name] --channel 1 [name of device] - to scan all channel and dump into folder
f)airplay -ng --interactive -b [MAC address connected to SSID] -h [client to ID destination] -x 512 [name of device] - fasten up capture packets
- Backtracking is a general algorithm for finding all or some solutions to some computational problem.
- Currently Backtrack 4 has released.
- Backtrack 3 interface
Backtrack as far as i know is to crack WEP wireless key.
Command line for backtrack.
a) iwconfig [name of device] - configure wireless device
b) ifconfig [name of device] up - start service
c) kismet- scan the area
d) air0dump -ng --ivs - to capture packet
e) air0dump -ng --ivs -w [folder name] --channel 1 [name of device] - to scan all channel and dump into folder
f)airplay -ng --interactive -b [MAC address connected to SSID] -h [client to ID destination] -x 512 [name of device] - fasten up capture packets
Lecture 9 : Intrusion Detection System
::Security Intrusion
- access to a system without authorization, attempt to cracking.
::Intrusion Detection
- security service that monitors and analyzes system events for the purpose to finding & providing real-time or near real-time warning of attempts to access system resources.
a)Host-based IDS: monitor single host activity
b)Network-based IDS: monitor network traffic
:: 3 Types Of IDS
a) Host IDS - specialized software to monitor system activity to
detect suspicious behavior
- anomaly detection - defines normal/expected behavior
- signature detection - defines proper behavior
b)Network IDS - monitor traffic at selected points on a network
in (near) real time to detect intrusion patterns; may examine network, transport and/or application level protocol activity directed toward systems. it comprises a number of sensors
3) Distributed IDS
- the monIDS monitoring module was developed. It collects and publishes the information generated by a local instrusion detection engine
- specialized IDS Agent is running on the MonALISA service and in case of an alert it takes custom reactive actions & also broadcasts the alert in its communication group.
- the attacking hosts are dynamically moved in a black-list based on the attacks level and the frequencies of them.
- A periodical report containing the intrusion alerts is generated and sent to the farm administrator.
- access to a system without authorization, attempt to cracking.
::Intrusion Detection
- security service that monitors and analyzes system events for the purpose to finding & providing real-time or near real-time warning of attempts to access system resources.
a)Host-based IDS: monitor single host activity
b)Network-based IDS: monitor network traffic
:: 3 Types Of IDS
a) Host IDS - specialized software to monitor system activity to
detect suspicious behavior
- anomaly detection - defines normal/expected behavior
- signature detection - defines proper behavior
b)Network IDS - monitor traffic at selected points on a network
in (near) real time to detect intrusion patterns; may examine network, transport and/or application level protocol activity directed toward systems. it comprises a number of sensors
3) Distributed IDS
- the monIDS monitoring module was developed. It collects and publishes the information generated by a local instrusion detection engine
- specialized IDS Agent is running on the MonALISA service and in case of an alert it takes custom reactive actions & also broadcasts the alert in its communication group.
- the attacking hosts are dynamically moved in a black-list based on the attacks level and the frequencies of them.
- A periodical report containing the intrusion alerts is generated and sent to the farm administrator.
Lecture 8 : Firewall
:: What is Firewall?
Slide 5
- interconnects networks with differing trust
- imposes restrictions on network services : only authorized traffic is allowed
- auditing and controlling access
- implement VPNs using IPSec
- must be immune to penetration
:: Firewall Limitations ?
- cannot protect from attacks bypassing it
- cannot protect against internal threat
- cannot protect against transfer of all virus infected programs or files
::3 Common types of firewall
a) packet filters
- simple,fast and transparent
- foundation of any firewall system
- examine each IP packet (no context) and permit or deny according to rules
- hence restricted access to services (ports)
- possibles defaults policies
b) Application Level Gateway (Proxy)
- have application specific gateway/proxy
-has full access of protocol
- need separate proxies for each services
c) Circuit Level Gateway
- relays 2 TCP connections
- imposes security by limiting which such connection are allowed
- one created usually relay traffic without examining contents
- used when trust internal users'
- SOCKS commonly used
Slide 6 Slide 6
n
- a choke point of control and monitoring
- interconnects networks with differing trust
- imposes restrictions on network services : only authorized traffic is allowed
- auditing and controlling access
n
- can implement alarms for abnormal behavior :provide NAT & usage monitoring
- implement VPNs using IPSec
- must be immune to penetration
:: Firewall Limitations ?
- cannot protect from attacks bypassing it
- cannot protect against internal threat
- cannot protect against transfer of all virus infected programs or files
::3 Common types of firewall
a) packet filters
- simple,fast and transparent
- foundation of any firewall system
- examine each IP packet (no context) and permit or deny according to rules
- hence restricted access to services (ports)
- possibles defaults policies
b) Application Level Gateway (Proxy)
- have application specific gateway/proxy
-has full access of protocol
- need separate proxies for each services
c) Circuit Level Gateway
- relays 2 TCP connections
- imposes security by limiting which such connection are allowed
- one created usually relay traffic without examining contents
- used when trust internal users'
- SOCKS commonly used
Lab 7 : Identify vulnerabilities of FTP
- Two workstation with platform windows server 2003 - as server and client
- Install wireshark application on server
- Assign static IP addresses : server - 192.168.1.2 & client -192.168.1.3
- Test the connection by using PING.
- Start Telnet & FTP services for both platforms.
- Test FTP connection : client logon to server using username & password
- Server should be capturing the packets using wireshark
- Wireshark will show username and password
- FTP somehow is not secured.
Lecture 7 : Wireless Security
:: Wireless LANs
Standard :802.11 - Wi-Fi (Wireless Fidelity)
Speed - 1Mbps & 2Mbps
Focus on layer 1 & 2 OSI model - Physical Layer & Data Link Layer
::802.11 Components
a) Worskstation - notebook or PDA
b) Access Point (AP)
::802.11 Modes
a) Basic Service Station (BSS) - One AP
b) Extend Services Set- 2 or more BSSs
c) Coporates in LANs modes
Ad Hoc Modes
a) Peer to peer. One way.
b) Independent BAsic Service Set
c) Directly communicate without AP
:: Secutity 8 Threat in Wireless
Have 2 security services - authentication & WEP (Wired Equivalence Key)
::Cracking WEP key
a) WepCrack
b) Airsnort
c) Using backtrack 3 (latest 4)
WPA (Wi -Fi Protected Access )
- difficult to crack the key
Standard :802.11 - Wi-Fi (Wireless Fidelity)
Speed - 1Mbps & 2Mbps
Focus on layer 1 & 2 OSI model - Physical Layer & Data Link Layer
::802.11 Components
a) Worskstation - notebook or PDA
b) Access Point (AP)
::802.11 Modes
a) Basic Service Station (BSS) - One AP
b) Extend Services Set- 2 or more BSSs
c) Coporates in LANs modes
Ad Hoc Modes
a) Peer to peer. One way.
b) Independent BAsic Service Set
c) Directly communicate without AP
:: Secutity 8 Threat in Wireless
Have 2 security services - authentication & WEP (Wired Equivalence Key)
::Cracking WEP key
a) WepCrack
b) Airsnort
c) Using backtrack 3 (latest 4)
WPA (Wi -Fi Protected Access )
- difficult to crack the key
Subscribe to:
Posts (Atom)