Wednesday, October 28, 2009

Lab 10 : Lab Test

Held in System Lab.
Question 1 about File Permission on windows server 2003.
Question 2 about PGP (Pretty Good Privacy) how encrypt content messages.
Question 3 about IPSec.

I had answer all question.

Lecture 10 : Legal and Ethical Issues in Computer Security


- a rule of conduct or action by authority that need to recognized first.


- a set of moral principles or values
- standard about something right or wrong
- principle that conduct governing an individual or a group.

::Protecting Program or Data

a) copyright - the right of developer of the system or the application.
b) patent - a kind of the program or types of data.
c) trade secret - the owner must protect the secret of the content, such as by storing it and by making employees sign a statement that they will not disclose the secret.Slide 16

Lab 9 : Backtrack 2

:: What is Backtracking ?

- Backtracking is a general algorithm for finding all or some solutions to some computational problem.
- Currently Backtrack 4 has released.
- Backtrack 3 interface

Backtrack as far as i know is to crack WEP wireless key.

Command line for backtrack.

a) iwconfig [name of device] - configure wireless device
b) ifconfig [name of device] up - start service
c) kismet- scan the area
d) air0dump -ng --ivs - to capture packet
e) air0dump -ng --ivs -w [folder name] --channel 1 [name of device] - to scan all channel and dump into folder
f)airplay -ng --interactive -b [MAC address connected to SSID] -h [client to ID destination] -x 512 [name of device] - fasten up capture packets

Lecture 9 : Intrusion Detection System

::Security Intrusion

- access to a system w
ithout authorization, attempt to cracking.

::Intrusion Detection

- security service that monitors and analyzes system events for the purpose to finding & providing real-time or near real-time warning of attempts to access system resources.

a)Host-based IDS: monitor single host activity
b)Network-based IDS: monitor net
work traffic

:: 3 Types Of IDS

a) Host IDS - specialized software to monitor system activity to
detect suspicious behavior
- anomaly detection - defines normal/expected behavior
- signature detection - defines proper behavior

b)Network IDS - monitor traffic at selected points on a network
in (near) real time to detect intrusion patterns; may examine network, transport and/or application level prot
ocol activity directed toward systems. it comprises a number of sensors

3) Distributed IDS

- the monIDS monitoring module was developed. It collects and publishes the information generated by a local instrusion detection engine
- specialized IDS Agent is running on the MonALISA service and in case of an alert it takes custom reactive actions & also broadcasts the alert in its communication group.
- the attacking hosts are dynamically moved in a black-list based on the attacks level and the frequencies of them.
- A periodical report containing the intrusion alerts is generated and sent to the farm administrator.

Lecture 8 : Firewall

:: What is Firewall?

Slide 5
- a choke point of control and monitoring
- interconnects networks with differing trust
- imposes restrictions on network services : only authorized traffic is allowed
- auditing and controlling access
- can implement alarms for abnormal behavior :provide NAT & usage monitoring
- implement VPNs using IPSec
- must be immune to penetration

:: Firewall Limitations ?

- cannot protect from attacks bypassing it
- cannot protect against internal threat
- cannot protect against transfer of all virus infected programs or files

::3 Common types of firewall

a) packet filters
- simple,fast and transparent
- foundation of any firewall system
- examine each IP packet (no context) and permit or deny according to rules
- hence restricted access to services (ports)
- possibles defaults policies

b) Application Level Gateway (Proxy)
- have application specific gateway/proxy
-has full access of protocol
- need separate proxies for each services

c) Circuit Level Gateway
- relays 2 TCP connections
- imposes security by limiting which such connection are allowed
- one created usually relay traffic without examining contents
- used when trust internal users'
- SOCKS commonly used

Slide 6
Slide 6

Lab 7 : Identify vulnerabilities of FTP

  1. Two workstation with platform windows server 2003 - as server and client
  2. Install wireshark application on server
  3. Assign static IP addresses : server - & client -
  4. Test the connection by using PING.
  5. Start Telnet & FTP services for both platforms.
  6. Test FTP connection : client logon to server using username & password
  7. Server should be capturing the packets using wireshark
  8. Wireshark will show username and password
  9. FTP somehow is not secured.

Lecture 7 : Wireless Security

:: Wireless LANs

Standard :802.11 - Wi-Fi (Wireless Fidelity)
Speed - 1Mbps & 2Mbps
Focus on layer 1 & 2 OSI model - Physical Layer & Data Link Layer

::802.11 Components

a) Worskstation - notebook or PDA
b) Access Point (AP)

::802.11 Modes

a) Basic Service Station (BSS) - One AP
b) Extend Services Set- 2 or more BSSs
c) Coporates in LANs modes

Ad Hoc Modes

a) Peer to peer. One way.
b) Independent BAsic Service Set
c) Directly communicate without AP

:: Secutity 8 Threat in Wireless

Have 2 security services - authentication & WEP (Wired Equivalence Key)

::Cracking WEP key

a) WepCrack
b) Airsnort
c) Using backtrack 3 (latest 4)

WPA (Wi -Fi Protected Access )

- difficult to crack the key