Wednesday, October 28, 2009

Lab 10 : Lab Test

Held in System Lab.
Question 1 about File Permission on windows server 2003.
Question 2 about PGP (Pretty Good Privacy) how encrypt content messages.
Question 3 about IPSec.

I had answer all question.

Lecture 10 : Legal and Ethical Issues in Computer Security


- a rule of conduct or action by authority that need to recognized first.


- a set of moral principles or values
- standard about something right or wrong
- principle that conduct governing an individual or a group.

::Protecting Program or Data

a) copyright - the right of developer of the system or the application.
b) patent - a kind of the program or types of data.
c) trade secret - the owner must protect the secret of the content, such as by storing it and by making employees sign a statement that they will not disclose the secret.Slide 16

Lab 9 : Backtrack 2

:: What is Backtracking ?

- Backtracking is a general algorithm for finding all or some solutions to some computational problem.
- Currently Backtrack 4 has released.
- Backtrack 3 interface

Backtrack as far as i know is to crack WEP wireless key.

Command line for backtrack.

a) iwconfig [name of device] - configure wireless device
b) ifconfig [name of device] up - start service
c) kismet- scan the area
d) air0dump -ng --ivs - to capture packet
e) air0dump -ng --ivs -w [folder name] --channel 1 [name of device] - to scan all channel and dump into folder
f)airplay -ng --interactive -b [MAC address connected to SSID] -h [client to ID destination] -x 512 [name of device] - fasten up capture packets

Lecture 9 : Intrusion Detection System

::Security Intrusion

- access to a system w
ithout authorization, attempt to cracking.

::Intrusion Detection

- security service that monitors and analyzes system events for the purpose to finding & providing real-time or near real-time warning of attempts to access system resources.

a)Host-based IDS: monitor single host activity
b)Network-based IDS: monitor net
work traffic

:: 3 Types Of IDS

a) Host IDS - specialized software to monitor system activity to
detect suspicious behavior
- anomaly detection - defines normal/expected behavior
- signature detection - defines proper behavior

b)Network IDS - monitor traffic at selected points on a network
in (near) real time to detect intrusion patterns; may examine network, transport and/or application level prot
ocol activity directed toward systems. it comprises a number of sensors

3) Distributed IDS

- the monIDS monitoring module was developed. It collects and publishes the information generated by a local instrusion detection engine
- specialized IDS Agent is running on the MonALISA service and in case of an alert it takes custom reactive actions & also broadcasts the alert in its communication group.
- the attacking hosts are dynamically moved in a black-list based on the attacks level and the frequencies of them.
- A periodical report containing the intrusion alerts is generated and sent to the farm administrator.

Lecture 8 : Firewall

:: What is Firewall?

Slide 5
- a choke point of control and monitoring
- interconnects networks with differing trust
- imposes restrictions on network services : only authorized traffic is allowed
- auditing and controlling access
- can implement alarms for abnormal behavior :provide NAT & usage monitoring
- implement VPNs using IPSec
- must be immune to penetration

:: Firewall Limitations ?

- cannot protect from attacks bypassing it
- cannot protect against internal threat
- cannot protect against transfer of all virus infected programs or files

::3 Common types of firewall

a) packet filters
- simple,fast and transparent
- foundation of any firewall system
- examine each IP packet (no context) and permit or deny according to rules
- hence restricted access to services (ports)
- possibles defaults policies

b) Application Level Gateway (Proxy)
- have application specific gateway/proxy
-has full access of protocol
- need separate proxies for each services

c) Circuit Level Gateway
- relays 2 TCP connections
- imposes security by limiting which such connection are allowed
- one created usually relay traffic without examining contents
- used when trust internal users'
- SOCKS commonly used

Slide 6
Slide 6

Lab 7 : Identify vulnerabilities of FTP

  1. Two workstation with platform windows server 2003 - as server and client
  2. Install wireshark application on server
  3. Assign static IP addresses : server - & client -
  4. Test the connection by using PING.
  5. Start Telnet & FTP services for both platforms.
  6. Test FTP connection : client logon to server using username & password
  7. Server should be capturing the packets using wireshark
  8. Wireshark will show username and password
  9. FTP somehow is not secured.

Lecture 7 : Wireless Security

:: Wireless LANs

Standard :802.11 - Wi-Fi (Wireless Fidelity)
Speed - 1Mbps & 2Mbps
Focus on layer 1 & 2 OSI model - Physical Layer & Data Link Layer

::802.11 Components

a) Worskstation - notebook or PDA
b) Access Point (AP)

::802.11 Modes

a) Basic Service Station (BSS) - One AP
b) Extend Services Set- 2 or more BSSs
c) Coporates in LANs modes

Ad Hoc Modes

a) Peer to peer. One way.
b) Independent BAsic Service Set
c) Directly communicate without AP

:: Secutity 8 Threat in Wireless

Have 2 security services - authentication & WEP (Wired Equivalence Key)

::Cracking WEP key

a) WepCrack
b) Airsnort
c) Using backtrack 3 (latest 4)

WPA (Wi -Fi Protected Access )

- difficult to crack the key

Lab 6 : Security in Network

1. Discuss the potential perpetrators that can threaten Network security and it goal for attacking network services.

In general network security can been said as a prevention from nosy people from getting data they are not authorized or worse yet, modify messages intended for other recipients. It is concerned with people trying to access remote services that are not authorized to use. Most problems are intentionally caused by malicious people trying to gain some benefit or bring harm to someone else.

2. Network security problems can be divided roughly into FOUR (4) intertwined areas, List and explain in details each area.

Secrecy - also called confidentiality, has to do with keeping information out of the hands of unauthorized users. It protects against disclosure of information to entities not authorized to have that information. Entities might be people or organization.

Authentication - deals with determining whom you are talking to before revealing sensitive information or entering into a business deal.

Non-Repudiation - deals with signatures. It protects user against the threat that the value or existence of the data might be changed in a way inconsistent with the recognized security policy.

Integrity control how - can you be sure that a message you received was really the one sent and not something that a malicious adversary modified in transit.

3. What is the significance difference between the wireshark output in Task 1 and Task 2; explain in detail the function of IPSec in Task 2?

During Task 1, wireshark successful captured both username and password in File Transfer Protocol (FTP). Username = ‘administrator’ and Password = ‘abc123’. But all these things not happen in Task 2, this is because both username and password are already encrypted even the data are captured. This is because in the Task 2, we using IPSec to secure FTP Transaction. IPSec is one of the solutions to safeguard the transmission of data over FTP from being seen by an unauthorized user. It will protect the information from being manipulated.

4. What is the benefit of using IPSec?

IPSec is typically used to attain confidentiality, integrity, and authentication in the transport of data across insecure channels. Though it's original purpose was to secure traffic across public networks, it's implementations are often used to increase the security of private networks as well, since organizations cannot always be sure if weaknesses in their own private networks are susceptible to exploitation. If implemented properly, IPSec provides a private channel for sending and exchanging vulnerable data whether the data is email, ftp traffic, news feeds, partner and supply chain data, medical records, or any other type of TCP/IP based data.

5. Explain what are AH and ESP in IPSec protocol suite?

Authentication Header (AH): ties data in each packet to a verifiable signature (similar to PGP email signatures) that allows you to verify both the identity of the person sending the data and that the data has not been altered. · Encapsulation Payload (ESP): scrambles the data (and even certain sensitive IP addresses) in each packet using hard core encryption. So a sniffer somewhere on the network doesn’t get anything usable.

6. Explain in detail how to enable IPSec option in a linux environment.

Enable-dpd: enables dead peer detection (DPD). DPD is a method for detecting wether any of the hosts for which security associations are set up is unreachable. When this is the case the security associations to that host can be removed. enable-natt: enables NAT traversal (NAT-T). Since NAT alters the IP headers, this causes problems for guaranteeing authenticity of a packet. NAT-T is a method that helps overcoming this problem.

7. Are there any other methods to secure FTP connection other than using IPSec? (list at least 3 methods).

i. SQL Server Integration Services)
ii. SFTP (secure FTP with SSH2 protocol)
iii. FTPS (FTP over SSL) site

Lecture 6 : Security in Networks & Applications

:: Who cause security problem ?

- Hacker, spy, student, businesman, ex - employee, stockrbroker, terrorist, programmer.

:: Network security area :

- authentication, secrecy, non-repudiation, integrity control.

:: Network security issues:

- Sharing, complexity, unknown parameter, many point of attack, unknown path, label format differences, anonymity

:: Threat in Networks

- Privacy, data integrity,authenticity,covert channels, impersonating,eavesdropping,denial of service, packet replay and packet modification.

::Network Security Control

- Encryption, firewall, VPN (Virtual Private Network), SSH Encryption, SSL Encryption , IPSec, kerberos.

Lab 5 : Web Application Security

1.Discuss the differences between GET and POST method in submitting variable in web application. Which method is vulnerable to attack? ·

Post - method can use for sending large amount of data.
There is no limitation on the number of Variables passed from the form.
This is a transparent way of transmitting variables to the webserver where hidden variable are always hidden ·

Get - method can use small scale of data.

2. List 2 configuration that can be made to the configuration file of an apache web server so that it become more secure

- Permission on server directory

3 List 3 configuration setting than can be made to PHP so that it become more secure ·

- Disable register globals and use E_STRICT to find uninitialized variables. ·
- Ensure that all file and streams functions (stream_*) are carefully vetted ·
- Disable allow_url_fopen and allow_url_include in php.ini

4. List 3 prevention measure that can be taken to overcome the Insecure direct object reference and Cross site request forgery vulnerabilities.

The prevention that can be taken to overcome the insecure direct object reference and Cross site request forgery vulnerabilities are input validation. Every input supplied to a system must be validated before it sends to be processed by server. Besides that, we must ensure that all user-supplied data is appropriately entity encoded before rendering. Next, we must use an index, indirect reference map or another indirect method to avoid direct references. This is to prevent exposure of direct object references.

5. Do the exercise under Improper Error Handling | Fail open Authentication Scheme, What is the vulnerability found in this exercise and can you prevent it from happening?

In this exercise, user can login without any password. There is no validation if the user left the password field blank (Due to the deletion by WebScarab). It will send directly to server. In order to prevent from this happening, the java code must be validated and enhances in security particularly on the authentication part.

Lecture 5 : Authentication & Access Control

::What is authentication ?

Verification of someone, that may have generated some data such as password, passport, signature or biometric.

::Tips of protection password :-

a) Do not let somebody have your password
b) Do not write your password anywhere, example in a piece of small paper.

::Tips of choosing good password :-

a) Use password hard to guess and easy to remember.
b) Not shorten from 6 characters and not in pattern of keyboard.
c) Using character and number.

Slide 4
::Calculations on password

- Password population, N =rs
- Probability of guessing a password = 1/N
- Probability of success, P=nt/N

::Tips of guessing password

a) Try default password. (123456, abc123,tmadmin)
b) Try all short word. 1 -3 character
c) Use Dictionary word.
d) Collect information about user's.
e) Try phone number, NRIC number.

::What is Biometrics ?

Biometrics is a measurement of statistical analysis of biological data (unique)
Slide 23

::List of biometric method :-

a) Vein recognition
b) Palm print
c) Gait Reconition (Gaya berjalan)
d) Body odour
e) Ear shape
f) DNA
g) Keystroke dynamic
Slide 29
:: Static VS Dynamic Biometric Method

Static - authentication based on feature that is always present. (retina, fingerprint)
Dynamic - Authentication based on a certain behaviour pattern.(keystroke.signature)

Lab 4 : Modern Cryptography

Lecture 4 : Program Security

Slide 7::Viruses and ”Malicious Programs”

a) Computer viruses has ability to replicate them self i
nto large number of computer. Spread by floppy disk and USB drive or nowadays is through internet.

b) Malicious programs may be installed by ha
nd on a single machine. But may built into software packages. It likes Trojan Horse, Traps Doors and Logic Bombs.

Slide 8Malicious Programs ::

Malicious program split into two:

* Need host program - Trap doors, Logic Bombs, Trojan Horses, Viruses.
*Independent - Bacteria, Worms.

:: Examples of malicious code

1) Trojan Horse - Slide 9 a program which performs a useful function, but also performs an unexpected action.

2) Virus - code segment that replicates and attach to existing programs.
Slide 9Transient - executes when the program that it is attached to runs.
Resident - stay in program when execute, stay till it trigger again.

3) Worm - program that replicates and copy the file/folder it locates.
4) Bacteria - program that replicates itself until fills up all spaces or CPU cycles.
5) Logic Bomb/ Time Bomb - malicious code that activates on an event.
6) Trap Door - written entry point, that cause unwanted users.
7) Spyware - Steal info, see web sites visited, see contents of files, popUp ads, slow down computer and crash the computer too.

Lab 3 : Classic Cryptography

1. What is the difference between monoalphabetic and polyalphabetic encipherment? Monoalphabetic cipher: Here a single cipher alphabet is used. Polyalphabetic cipher: Here a set of related mono alphabetic substitution rules is used.
2. Decrypt the following Caesar cipher text


3. Decrypt the following Vigeneré cipher text

By using Google search kasiski method to help you in solving this problem


Lecture 3 : Modern Cryptography

::Stream ciphers

- a symmetric key cipher where plaintext bits are combined with a pseudorandom cipher bit stream (keystream).
- typically by an exclusive-or (xor) operation.
-In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption. An alternative name is a state cipher, as the encryption of each digit is dependent on the current state

::Block ciphers

- a block cipher is a symmetric key cipher operating on fixed-length groups of bits, termed blocks, with an unvarying transformation.
- A block cipher encryption algorithm might take (for example) a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext.

::Data Encryption Standards (DES)

-The plaintext is divided into 64 bit blocks with a key of 56 bits(with 8 bit parity)
-through 16 round of Expansion, substitution, key mixing and permutation process
-Triple DES has been introduced