LAB TEST

Today is our lab test of this subject, there were 3 questions and we only have to answer 2 out of these 3 questions. I had no idea on how to answer question 2.  So, I had no choice.  I had to answer question 1 and question 3.  Question 3 is easier than Question 1. I couldnn’t answer question 1 well.  Hopefully my merciful lecturer can give me a good mark. Haha!!

INTRUSION DETECTION SYSTEM (IDS), LEGAL AND ETHICAL ISSUES IN COMPUTER SECURITY

YES!!It’s the last lesson for the subject BITS3413.  But, I quite interested in this subject.

Today, Mr Zaki taught us about IDS and Legal and Ethical Issues in Computer Security.

The lecture begins with the topic “Intruders”.  So, who are the intruders??Me??Hope so…haha…

Examples of intruders:

• significant issue hostile / unwanted trespass
• user trespass
• software trespass

Examples of intrusion:

• remote root compromise
• web server defacement
• guessing / cracking passwords
• copying viewing sensitive data / databases
• running a packet sniffer
• distributing pirated software
• using an unsecured modem to access net
• impersonating a user to reset password
• using an unattended workstation

Intrusion Detection can be classified as Host-based and Network-based. Host-based IDS is to monitor single host activity; whereas Network-based IDS is to monitor the network traffic.

Requirements of IDS:

• run continually
• be fault tolerant
• resist subversion
• impose a minimal overhead on system
• configured according to system security policies
• adapt to changes in systems and users
• scale to monitor large numbers of systems
• provide graceful degradation of service
• allow dynamic reconfiguration

3 types of Intrusion Detection Techniques:

• signature detection
• anomaly detection
• when potential detected sensor sends an alert and logs information

SNORT is the lightweight IDS that is used for real time packet capture and rule analysis.

The last chapter of this subject is Legal and Ethical Issues in Computer Security.  This chapter focuses on relevant legislation and regulation concerning the management of information in an organization. It presents ethical issues for information security as well as a summary of professional organizations with established ethical codes too.

The differences of law and ethic are as below:

1. Law

• Formal, documented
• Interpreted by courts
• Established by legislature representing everyone
• Applicable to everyone
• Enforceable by police and courts

2. Ethic

• Described by unwritten principles
• Interpreted by individuals
• Presented by philosophers, religions, professional group
• Personal choice
• Priority determined by individual if two principles conflict
• Self-practice

The three ways protecting programs and data are trade secret, copyrights and patents. Although open-source software are free, they are also protected by copyright protection.  The issues related to Information are information commerce, electronic publishing and database.

Methods for examining a case of ethical issues:

• Understand the situation. Determine the issues involved.
• Know several theories of ethical reasoning
• List the ethical principles involved
• Determine which principles outweigh others.

WEP PASSWORD CRACKING

During this lab session, we learn how to use Backtrack 2 to crack WEP.  To do this lab, 1 wireless router that is accessed by several workstations is needed.  Backtrack 2 is an OS that completed with cracking and hacking tools.  It was developed by Linux.  The more workstations accessed to wireless router, the time taken to crack the WEP will be shorter.  This is because the number of packets sent are directly proportional to the number of workstations available for the WLAN.

Several commands learned in this lab in order to crack WEP:

• iwconfig –>to check wireless lan setting
• ifconfig [name of device] up –>to start the service
• iwconfig [name] mode monitor
• -airmon-ng
• -airodunm-ng
• -aireplay-ng

This lab is really fun.  But, we can’t get the result yet because the time is not enough for us to do so.

WIRELESS SECURITY, FIREWALL

Equipments:

• Wireless station – with a wireless NIC
• Access point – bridge between wireless and wired networks; composed of Radio,Wired network interface (usually 802.3),Bridging software
• Aggregates access for multiple wireless stations to wired network

Wireless mode:

• Infrastructure mode / Basic Service Set (BSS): All workstations are connected to access point
• Extended Service Set: Two or more BSSs connect together to form a single subnet.
• Ad hoc / peer-to-peer: independent BSS, Set of 802.11 wireless stations that communicate directly without an access point.  It is useful for quick & easy wireless networks.

Basic security services defined by IEEE for WLAN:

• Authentication – to provide a security service for verification the identity of communicating client stations.
• Integrity – to ensure that messages are not modified in transit between the wireless clients and the access point in an active attack.
• Confidentiality – to provide “privacy achieved by a wired network”

Each wireless access point have their service set identifier (SSID) and AP broadcast their SSID. Wireless AP also have Access Control List that list the mac address of client to restric other pc connected to it. Wireless signal is weakened by walls, floors and interference.

Two security services provided by 802.11b are authentication(Shared Key Authentication) and encryption (Wired Equivalence Privacy). There are two encrytion method which are WEP and WPA. WEP use RC4 for encryption.  It is a symmetric key encryption which applying RSA encryption algorithm.

3 processes for WEP sending:

• Compute Integrity Check Vector (ICV)
• Encrypt plaintext via RC4
• Transmit the ciphertext

802.11 safeguards:

• Security Policy and Architecture Design
• Treat it as untrusted LAN
• Discover unauthorized use
• Access point audits
• Station protection
• Access point location
• Antenna design

Nowadays, WEP is not secure because there are many tools out there such as airsnort and wepcrack are used to attack WEP encryption. Wi-Fi Protected Access (WPA) is used to overcome the weakness of WEP.  But, there is no proper way to prevent the hackers out there.  The two practical attacks of WPA are dictionary attack on pre-shared key mode and denial of attack.

After chapter of WIRELESS SECURITY, we took a 5 minutes break.  After took 5, the lecture continue with the chapter entitled “FIREWALL”.

Firewall is use to protecting LAN, secure workstation and servers.

Capabilities of Firewall:

• keep unauthorized user out of the protected network.
• provide a location for monitoring security events.
• convenient platform for some internet function like NAT.

Limitations of Firewall:

• cannot protect against attack by passing firewall.
• may not protect fully against internal threats.
• improperly secure wireless LAN may be accessed from outside the organization.

Types of firewall:

• Packet Filtering Firewall: Applies rules to packets in/out of firewall, easy to manage but less secure
• Stateful Inspection Firewall: Reviews packet header information but also keeps info on TCP connections,  stateful inspection packet firewall tightens rules for TCP traffic using a directory of TCP connections, only allow incoming traffic to high numbered ports for packets matching an entry in directory.
• Application-level Gateway: Act as a relay of application-level traffic, must have proxy code for each application, more secure than packet filters, have higher overheads
• Circuit- level Gateway: Does not permit an end to end TCP connection, set up two connections which is between itself to internal network user and between itself to outside network host, determining which connections will be allowed

Firewall bashing:

• bastian host
• host-based
• personal

No lab today.  But, we were having BITS 3413 mid term exam during lab session.

There are Part A and Part B.  1 question in Part A.  3 questions in Part B (Answer 2 questions only).

The question in Part A is about cryptography.  I like this part more than Part B because Part B questions are mainly theory questions.  The questions of the mid term exam are not so easy…T.T

LECTURE 6 – SECURITY IN NETWORKS, HACKING AND PREVENTION, SECURITY IN APPLICATIONS

It’s another hectic week…All of us are busy with assignment, projects, and WORKSHOP 2.  Although we are busy, we still attend the lecture because attendance is very important.

Summary of today lecture:

Encryption

> Link to link

• Cover layer 1 and layer 2 of OSI model
• Decryption occurs just as the communication arrives at and receiving computer

> End to end

• Provide security from one end of a transmission to the other layer 6 or 7
• Protect data on every layer

Strong Authentication

> one entity proves its identity to another by demonstrating knowledge of a secret known to be associated with that entity
> also called ‘challenge-response’ authentication
> use cryptographic mechanisms to protect message in protocol like integrity mechanism and digital signature.

IPSec, SSH, SSL

> IPSec

• Optional for IPv4 but mandatory for IPv6
• Implemented in IP layer so affect all layer above it.
• Provide authentication(AH) and encryption (ESP)

> SSH

• Secure remote login

> SSL

• Encrypt data over the transport layer

Kerberos

> Based on the idea that a central server provides authentication tokens (tickets) to request application.
> A ticket is an unforgeable and nonreplayable.

Firewall

> A network security device designed to restrict access to resources (information) according to security policy.
> Installed between organization’s network and the internet.
> Can filter traffic.

Intrusion Detection System

> A device or software tools or hardware tools that monitor activity to identify malicious or suspicious events.
> Two types of IDS which are signature based and anamoly based.

Honeypot
> Decoy systems that are designed to lure a potential attacker away from critical systems.

After that, Mr Zaki continued his lecture with the topic “HACKING AND PREVENTION”.

Examples of 5 hacking phases:

• reconaisance
• scanning
• gaining access
• maintaining access
• covering track

The examples of hacking behaviors are:

• select target using IP lookup tools
• map network for accessible services
• identify potentially vulnerable services
• brute force (guess) passwords
• install remote administration tool
• wait for admin to log on and capture password
• use password to access remainder of network

Another topic of the day is  “SECURITY IN APPLICATIONS”.  In this chapter, we had gained some knowledge about securities in Email and Web. The securities in Email are SMIME and PGP; while the securities in Web are SSL, SSH, SET, HTTPS and SFTP. The diagram below shows the way Email works:

At the end of the lecture, Mr. Zaki did not forget to remind us again about the mid term exam tomorrow.  Hope that we can get a good result…GOOD LUCK, EVERYONE!!

LAB 6 – SECURITY IN NETWORK

Network security can been said as a prevention from nosy people from getting data they are not authorized or worse yet, modify messages intended for other recipients. It is concerned with people trying to access remote services that are not authorized to use. Most problems are intentionally caused by malicious people trying to gain some benefit or bring harm to someone else.

Firewall, Intrusion detection system (IDS), Intrusion Prevention system (IPS), Kerberos and Honeypot is among the
application introduce to protect Network services on the network from being attack by malicious people we called hackers.

IPSec is available in IPv4, yet it is not mandatory to use it, user can choose to enable IPSec or not. This protocol suite is not only providing authentication and encryption on each IP packet of a data stream but also providing an establishment of mutual authentication between the parties involves at the beginning of the session and negotiation of cryptographic keys to be used during the session. As it is implemented at the IP layer, IPsec provide protection for all the layer above it, in particular TCP and UDP.

IPSec protocol suites contain various protocols for performing various functions:-

• Internet key exchange (IKE and IKEv2) to set up a security association (SA) by handling negotiation of protocols and algorithms and to generate the encryption and authentication keys to be used by IPsec.

• Authentication Header (AH) to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replay attacks.

• Encapsulating Security Payload (ESP) to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality.

Task 1:

In task one, we need to configure FTP service.  Then, capture the packets using Wireshark.

Task 2:

In task two, we configure IPSec.  Then, transfer file using FTP we had configured in task 1.  Capture the packets using Wireshark as well.

Differences between Task 1 and Task 2 from the result get from Wireshark:

• Task 1: One of the protocols captured by Wireshark is FTP protocol.  From the packets captured, we can easily get the password of username and password of FTP server.
• Task 2: No FTP protocol being captured by Wireshark but ESP protocol was captured.  The username and password of FTP server have been encrypted.  Thus, we can’t get to know about the username and password of the FTP server.

LECTURE 5 – AUTHENTICATION AND ACCESS CONTROL

Authentication

Authentication is related to identity verification.

Classifications of identity verification:

• by something known such as password
• by something possessed such as smart card, passport
• by physical characteristics (biometrics)
• signature

Password

Protection of password

• Don’t keep your password to anybody
• Don’t ever write the password everywhere
• etc

Good password characteristics

• more than 6 characters
• Not patterns from the keyboard
• etc

Calculations on password

• password population, N = r^s
• Probability of guessing a password = 1/N
• Probability of success, P = (nt)/N

Mr. Zaki did show us some examples about the calculations on passwords.

Techniques of guessing passwords

• try default passwords
• try all short words, 1 – 3 characters long
• collect user’s information
• try all license plate numbers
• use trojan horse and etc.

Password selecting strategies

• user education
• computer-generated passwords
• reactive password checking
• proactive password checking

Biometrics

Biometrics – the measurement and statistical analysis of biological data.

In IT, biometrics refer to technologies for measuring and analyzing human body characteristics for authentication purposes.

Biometrics identifiers

• universality
• uniqueness
• stability
• collectability
• performance
• acceptability
• forge resistance

Static biometric methods (Physiological)

• Authentication based on a feature that is always present
• Classifications: fingerprint recognition, retinal scan, iris scan, hand geometry

Dynamic biometric methods (Behavioral)

• Authentication based on a certain behavior pattern
• Classifications: signature recognition, speaker recognition, keystrokes dynamics

Major components of biometric system

• data collection
• signal processing
• matching
• decision
• storage
• transmission

Access Control

The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner.

Requirements:

• reliable input
• fine and coarse specifications
• least privilege
• separation of duty
• open and closed policies
• policy combination, conflict resolution
• administrative policies

Elements: subject, object and access right

LECTURE 4 – PROGRAM SECURITY

The date of the day (9/9/9) was very wonderful.  ^^
Actually, Mr Zaki wanna give us the message and key of our assignment.  But, he formatted his laptop without back-up his documents. What a good news to us!!haha…

Lecture 4 is all about program security.  Vulnerability is a software weakness that can be exploited by an attacker. Bugs and flaws collectively form the basis of most software vulnerabilities.  Most commonly known tracking faults from developers are requirements, design and code inspections.  Vulnerability and flaws do not map to faults and failures.

“Bugs” means different things, depending on context.

Bugs are software problems that exist only in code.  A bug that exists in code may or may not ever be executed or exploitable.  Therefore, a bug may or may not represent a vulnerability in the underlying software.  Bugs are used to describe minor implementation errors that are typically easy to fix.

Types of flaws:

• validation error
• domain error
• serialization and aliasing
• inadequate identification and authentication
• boundary condition violation
• other exploitable logic errors

Nonmalicious Program Errors:

• Buffer Overflows
• Incomplete mediation – data exposed or uncontrolled
• Time of check to Time of used

Virus and other malicious code:

I think this is an interesting part of this lecture.  Malicious code can do harm.  The damage can be in the form of modification /  destruction, stolen data, unauthorized access, damage on system or other forms not intended by users.  Examples of malicious codes are trojan horse, virus, worm, bacteria, logic bomb, spyware and trapdoor.

Mr. Zaki explained to us about viruses, worms and trapdoors and salami attack.

Besides, ways to prevent virus infection and web application attack also being taught in this lecture.  To prevent virus infection, there are several tools need to be used.

Pillar of software security: Risk management, touchpoints and knowledge.

10/09/09

LAB 5

Another interesting lab of this course.  In this lab, Mr. Zaki told us that there are 2 kinds of hackers – black hackers and white hackers.  Can I be grey hacker??haha…

We learned to use the OWASP.  The Open Web Application Security Project (OWASP) is an open community that focuses on improving the security of
application software.  We try the lab but we failed to finish it because we don’t know how to do…^^