Today is the last lecture of this subject, i wish this subject will never end because it is much more interesting than any other subjects. Sigh….. :<
We have covered 2 topics today, which are Intrusion Detection System & Legal And Ethical Issues In Computer Security.

In IDS, the examples of intruders are significant issue hostile / unwanted trespass, user trespass and software trespass. The examples of intrusion are:

• remote root compromise
• web server defacement
• guessing / cracking passwords
• copying viewing sensitive data / databases
• running a packet sniffer
• distributing pirated software
• using an unsecured modem to access net
• impersonating a user to reset password
• using an unattended workstation

Intrusion Detection can be classified as Host-based and Network-based. Host-based IDS is to monitor single host activity; whereas Network-based IDS is to monitor the network traffic. The requirements of IDS are:

• run continually
• be fault tolerant
• resist subversion
• impose a minimal overhead on system
• configured according to system security policies
• adapt to changes in systems and users
• scale to monitor large numbers of systems
• provide graceful degradation of service
• allow dynamic reconfiguration

There are three types of Intrusion Detection Techniques, they are signature detection, anomaly detection and when potential detected sensor sends an alert and logs information. Then, we know the SNORT is the lightweight IDS that is used for real time packet capture and rule analysis. Lastly is Honeypot which is the decoy system that emulates the entire networks.

Next, we proceed to the last chapter: Legal and Ethical Issues in Computer Security. The differences of law and ethic are as below:

1. Law

• Formal, documented
• Interpreted by courts
• Established by legislature representing everyone
• Applicable to everyone
• Enforceable by police and courts

2. Ethic

• Described by unwritten principles
• Interpreted by individuals
• Presented by philosophers, religions, professional group
• Personal choice
• Priority determined by individual if two principles conflict
• Self-practice

Some examples for the ethics concept in Information Security are ethical differences across cultures, software license infringement, illicit use, misuse of corporate resources, ethics and education and deterrence to unethical and illegal behaviour (ignorance, accident and intent). The three ways protecting programs and data are trade secret, copyrights and patents. Although open-source software are free, they are protected by copyright protection also somehow. For example, one will be sued if he or she sells the copy of the open software.
The issues related to Information are information commerce, electronic publishing and database. On the other hand, employee and employers should know their rights in order to avoid the law problems. Some of the rights are ownership of a patent, ownership of a copyright, work for hire, licenses, trade secret protection and employment contracts. To examine a case for ethical issues, we can use the following methods:

• Understand the situation. Determine the issues involved.
• Know several theories of ethical reasoning
• List the ethical principles involved
• Determine which principles outweigh others.

Lab Test (22 Oct 09)

Today is our lab test of this subject, there are 3 questions and we have to answer 2 out of this 3 questions. The question 2 I totally no idea how to answer it. So, i have no choice, i must answer question 1 & 3. Luckily all this i have learn during lab session, so it is not too difficult. Hopefully my kind lecturer can give me a good result. Hehehe….^^

Today is my coursemate + housemate + roomate = Wong Yen Ping’s birthday. Happy Birthday ya~^^

Ok, now we continue on our lecture….hehe….sounds like I’m the one giving lecture. Today’s topic is Wireless Security. The first part of the lecture was basically some sort of revision which we have studied in networking subjects in the previous few semesters. There are two types of wireless mode; they are infrastructure mode and ad-hoc mode. There are two categories of infrastructure mode:

1. Basic Service Set (BSS) – All workstations are connected to one access point.
2. Extended Service Set – Two or more BSSs connect together to form a single subnet.

For ad-hoc mode or sometimes known as peer-to-peer, are independent BSS. It means that the wireless workstations are connected together without connecting to the access point first. And then we continue the lecture which is more to the security part of the wireless network. There are three basic security services defined by IEEE for WLAN:

1. Authentication – to provide a security service for verification the identity of communicating client stations.
2. Integrity – to ensure that messages are not modified in transit between the wireless clients and the access point in an active attack.
3. Confidentiality – to provide “privacy achieved by a wired network”

Wireless network can be categorised into four types, they are 802.11a, 802.11b, 802.11g and 802.11n. The two security services provided in 802.11b are Authentication (Shared Key Authentication) and Encryption (Wired Equivalence Privacy). Based on what I have understood, the encryption is done by a mechanism called RC4. It is a symmetric key encryption which applying RSA encryption algorithm. The three processes for WEP sending are:

1. Compute Integrity Check Vector (ICV)
2. Encrypt plaintext via RC4
3. Transmit the ciphertext

The processes are reversed when the ciphertext in order to get the plaintext. There are several WEP safeguards such as shared secret key required, messages are encrypted and messages have checksum. The passive attack happens when attacker collects all traffic or attacker collect two messages (Encrypted with same key and same IV and statistical attack to reveal plaintext). On the other hand, active attack could happen if attacker knows the pair of complement plaintext and ciphertext or through bitflipping method. Although some vendors limited WEP keys, it also can be brute forced in several minutes. The ways to do brute force key attack are:

• Capture ciphertext.
• Search all 240 possible secret keys.
• Find which key decrypts ciphertext to plaintext.

The 802.11 safeguards are as follow:

• Security Policy and Architecture Design
• Treat it as untrusted LAN
• Discover unauthorized use
• Access point audits
• Station protection
• Access point location
• Antenna design

The problem of WEP has been fixed with the replacement of Wi-Fi Protected Access (WPA). No matter how good it was fixed, it still has its weaknesses. The two practical attacks of WPA are dictionary attack on pre-shared key mode and denial of attack.
The lecture then continued with a new chapter called firewall. The capabilities of firewall are:

• defines a single choke point that keeps unauthorized users out of the protected network
• provides a location for monitoring security events
• convenient platform for some Internet functions such as NAT, usage monitoring, IPSEC VPNs

Basically, there are four types of firewall; they are packet filtering firewall, stateful inspection firewall, application-level gateway (application proxy) and circuit-level gateway. Besides that, throughout the lecture I have learnt about the firewall basing. The three types of firewall basing are bastion host, host-based firewall and personal firewall. The last topic for today lecture was about firewall locations.

Lab session (15 Oct 09)

Title of this lab is the password cracking for WEP. The tools needed for this lab were one wireless router which was accessed by several workstations. The workstations should be installed with Backtrack2. Backtrack2 is a very useful OS for hacking use. It was developed from Linux. It needs a lot of times for the cracking process. The more workstations we use, the fastest the cracking time. As the number of packets sent are directly proportional to the number of workstations available for the WLAN. I have learn some commands from for example, “-airmon-ng”, “-airodunm-ng”, “-aireplay-ng” and so on to perform this cracking. But finally we still couldn’t get the result due to limited time. 

Topis: Security in Networks

The summary of this topic as below:

1. Encryption

- Link to link

• Cover layer 1 and layer 2 of OSI model
• Decryption occurs just as the communication arrives at and receiving computer

- End to end

• Provide security from one end of a transmission to the other layer 6 or 7
• Protect data on every layer

2. Strong authentication

- one entity proves its identity to another by demonstrating knowledge of a secret known to be associated with that entity
- also called ‘challenge-response’ authentication
- use cryptographic mechanisms to protect message in protocol like integrity mechanism and digital signature.

3. IPSec, SSH,SSL

- IpSec

• Optional for IPv4 but mandatory for IPv6
• Implemented in IP layer so affect all layer above it.
• Provide authentication(AH) and encryption (ESP)

- SSH

• Secure remote login

- SSL

• Encrypt data over the transport layer

4. Kerberos
- Based on the idea that a central server provides authentication tokens (tickets) to request application.
- A ticket is an unforgeable and nonreplayable.

5. Firewall
- A network security device designed to restrict access to resources (information) according to security policy.
- Installed between organization’s network and the internet.
- Can filter traffic.

6. Intrusion Detection System
- A device or software tools or hardware tools that monitor activity to identify malicious or suspicious events.
- Two types of IDS which are signature based and anamoly based.

7. Honeypot
- Decoy systems that are designed to lure a potential attacker away from critical systems.

After that, Mr. Zaki continue taught us the new topic known as “Security in Applications”. To understand this chapter, we have to know the securities in Email and Web. The securities in Email are SMIME and PGP; while the securities in Web are SSL, SSH, SET, HTTPS and SFTP.

1. SSL
- Widely used in e-commerce.
- Provide secure channel for sending credit card information, personal information.

2. SSH
- Secure remote administration
- Provide security at application layer

3. SET
- Open encryption and security specification designed to protect credit card transaction on the internet.
- Use SSL to secure communication links

4. HTTPS
- A communications protocol designed to transfer encrypted information between computers over the World Wide Web.
- Used to enable online purchasing.

5. SFTP
- Performs all operations over an encrypted SSH transport.

At last, Mr.Zaki reminded us tomorrow is mid term exam….T___T

Lab Session (8 Oct 09)

Today, we have our mid term exam during lab session. There are 4 question in this midterm exam and we are requested to answer 3 out of this 4 questions. Although this exam not really hard, but i knew i can do better if i spend more time to study….haha!!

After came back from raya holiday, I’m so lazy to attend classes..haha! But at last i have to wake up and appear at BK 7 @ FTMK. Today’s topic is……AUTHENTICATION & ACCESS CONTROL.

Authentication: Verification of identity of someone who generated some data and related to identity verification. Authentication divided to 2 parts, i.e. password & biometric.

There are many ways to protect our password, such as don’t keep your password to anybody, don’t write or login your password at everywhere, Choose a good password and so on. Below are techniques for guessing passwords

• Try default passwords.
• Try all short words, 1 to 3 characters long.
• Try all the words in an electronic dictionary(60,000).
• Collect information about the user’s hobbies, family names, birthday, etc.
• Try user’s phone number, social security number, street address, etc.
• Try all license plate numbers
• Use a Trojan horse
• Tap the line between a remote user and the host system.

Biometric is the measurement and statistical analysis of biological data. It identify by human’s Universality, Uniqueness, Stability, Collectability, Performance, Acceptability, Forge resistance. There are 2 types of biometric: Static and Dynamic.

Static

• Signature recognition
• Speaker recognition
• Keystroke dynamics

Access Control: The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner. Access control have some requirement like reliable input, fine and coarse specification, least privilege etc. Access control can divide into three group which is access control matrix, access control list and Unix access control.  Access control list is a list of permission attached to an object. The list specifies who or what is allowed to access the object. Unix access control list is modern Unix support ACL. It can specify any number of additional users / groups and associated rwx permission.

At the end of lecture, En. Zaki told us next week will be our midterm exam during lab session….T___T…

Lab (1 Oct 09)

The topic of this lab is Security of Network. During lecture session, we knew that FTP and Telnet are not a secure way to remote or share files. The purpose of this lab is to prove that IPSec can protect our password, prevent to hack by hackers.

At the beginning, I am still blurring and “facebooking”, and then i caught by Mr. Zaki, haha!! He recommended me to go through the lab manual. After that, i start doing the task. Firstly, i clone the Window server 2003 at VMWare to create 2 windows, one as server and another one as client. Next, i set the IP address so that both server and client are in the same LAN. Then, i start telnet to server and remote login by using FTP. Before that, i have start the WireShark to capture the packet have been sent while I’m telnet and doing FTP remote login. I can capture the username and password which i had enter to do telnet and FTP. The next task is to configure the IPSec at both sever and client. After the configuration, i couldn’t capture the username and password anymore. The protocol captured at Wireshark no longer is FTP, it became ESP.

Lecture time again….

Finally we are in chapter 4 now…topic of this chapter is Program Security. It is about the vulnerability and VIRUSES….haha!! Those want to know more about viruses please read my blog…wakakaka!! I know most of the computer users hate viruses!! So do i…

From this chapter, we learn vulnerability, means a software weakness that can be exploited by an attacker. Bugs and flows collectively form the basis of the most software vulnerability. most commonly known tracking faults from developers are requirements, design and code inspections. Vulnerability and flaws do not map to faults and failures.

Types of flaws

• validation error
• domain error
• serialization and aliasing
• inadequate identification and authentication
• boundary condition violation
• other exploitable logic errors

Nonmalicious Program Errors

• Buffer Overflows
• Incomplete mediation – data exposed or uncontrolled
• Time of check to Time of used

Virus and other malicious code

Malicious code can do harm.  The damage can be in the form of modification/destruction, stolen data, unauthorized access, damage on system or other forms not intended by users.  Malicious program has 2 types: need host program and independent. Examples of malicious codes are trojan horse, virus, worm, bacteria, logic bomb, spyware and trapdoor.

Next, we learn about the differences of viruses, worms and trapdoors & salami attack.

Pillar of software security

• Risk management
• touchpoints
• knowledge.

Lab (10-09-09)

During this lab, we learned to use the OWASP.  The Open Web Application Security Project (OWASP) is an open community that focuses on improving the security of
application software. At last, we failed to complete this lab exercise due to some unknown problem…hahaha…maybe is my own problem. Although we failed it, but it is still quite interesting lab ^o^

Continue of chapter 3 modern Cryptography…..

After DES, AES and so on, this time we know about hash Functions, Digital Signature, Certificate Authority (CA), Public Key Infrastructure (PKI), RSA & method of attack.

Below are some details about each modern cryptography….u can go through it only if u don’t feel sleepy…hehe ^o^

-Hash Function-

• a well-defined procedures or mathematical function that converts any size of data into a fixed-length output.
• Simple Hash Function: It is used in message authentication and digital signatures.  All hash functions process input a block at a time in an iterative fashion.  One of the simplest Hash Functions is bit-by-bit exclusive-OR (XOR) of each block.
• MD5: produces 128-bit of output.  But, people discovered that there are weaknesses of using this algorithm.  So, SHA-1 was recommended.
• SHA-1: this algorithm was designed to be used with the Digital Signature Standard (DSS).  It produces a 160-bit MAC.
• For SHA-1 and SHA-256, each message blocks has 512 bits, which are represented as a sequence of 16 32-bit words. SHA-256 uses 6 logical functions where each function operates on 32-bit words.

-Digital Signature-

• It is the provision of a means of settling disputes between sender and receiver that distinguishes the digital signature mechanism from the MACing process.
• A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery and tampering.
• Reasons of applying Digital Signature : authentication and integrity.

-Certificate Authority (CA)-

• to guarantee the authenticity of public keys.
• Method: signing a cert. containing user’s identity and public key with its secret keys.
• Requirement: all users must have an authentic copy of the CA’s public key.
• Example of CA in Malaysia: Digicert.

-Public Key Infrastructure (PKI)-

• It is introduced to facilitate the public key cryptography.
• Players in PKI system: certificate owner, CA, relying party, Registration Authority (RA), Validation Authority (VA)

-Methods of attack-

• General attacks that can be performed against encrypted info: ciphertext-only attack, known plaintext, chosen-plaintext, chosen-ciphertext attack
• Specific attacks against encryption systems: Brute-Force attack, Replay attacks, man-in-the-middle attacks, fault in cryptosystem.

Lab (27-8-09)

We practiced how complex of the DES during this lab session. DES works by encrypting groups of 64 message bits, which is the same as 16 hexadecimal numbers. To do the encryption, DES uses “keys” where are also 64 bits long. However, every 8th key bit is ignored in the DES algorithm, so that the effective key size is 56. The Plaintext and the Key will undergo 16 rounds of expansion, substitution, key mixing and permutation process.

After all, we end this lab with spinning head….-faint-

BUT…

Huraay~~!!!!

Here come the chapter 3 for this lecture time…that is Modern Cryptography. Sounds like very interesting right?? Ya, you’re right!! It’s really interesting and extremely difficult (for me)…haha!! i just hope that i could catch up all things that been teach by En. Zaki.

First,we know that most of the modern cipher use bits, i.e. 0s & 1s, to represent the plain text which will be encrypted into cipher text (in bits). Commonly, modern cryptography algorithm can categorize to 2 types:

a) Stream cipher – convert 1 symbol of plain text immediately into a symbol of cipher text.

b) Block cipher – encrypt a group of plain text as a block.

After that, we learn about Data Encryption Standard (DES) which is super duper complicated processes. Yet, with today’s high technology, this DES was break by Brute Force Attack. Therefore, an improvement was introduced, that is triple DES.

At this time, we all are spinning with the DES super hard processes. Then En. Zaki show us the PDF file of DES, it made all of us felt like our brains are going to explode. Luckily En.Zaki could understand our feeling and explain the Advanced Encryption Standard (AES) by using flash. This made us easier to understand AES. Maybe we can ask BITM students to make some flash for us…wahahaha!!

Lab session (13 Aug 2009)

During this lab, En. Zaki teach us about Digital Signature, Hash Function and RSA.  Then, we do some exercises about RSA algorithm.  RSA algorithm can be used to implement private and public key.

Lecture (29 July 2009)

Instead of shift the alphabet, shuffle the alphabet arbitrarily is more secure. It means each plain text letter maps to a different random cipher text letter.For a Simple Substitution Ciphers (Monoalphabetic ciphers), we write alphabet in a randomly chosen order underneath the alphabet written in strict alphabetic order. The number keys for a Simple Substitution Cipher is equal to the number of ways in which the 26 letters of alphabet can be arranged, i.e. 26 factorial (26!). Having large number of keys is certainly no guarantee that the cipher system is strong enough.

Human language are REDUNDANT. The letters are not equally used. In English, E is the most common letter then followed by T, R, N, I, O, A, S.

English Letter Frequencies

The Vigenère Cipher (the best known of the manual polyalphabetic cipher) uses a Vigenère Square to perform encryption. This cipher was secure from about 1553 till 1854. The primary weakness of the Vigenère Cipher is the repeating if its key.

Lab (30 july 2009)

During lab session, we practiced how to encrypt and decrypt Caesar cipher & Vigenère cipher.