22nd Oct 2009 - Lab Test

Today is the last lab session for Information Technology Security, but today we don’t have any class. This is because we have lab test today.

The lab test is held to test us understand this course or not. More of the question is ask about thing that we learn in lab class. The lab test consist 3 question and we have to answer 2 question. Question 1 is asked about folder permission, question 2 is PGP while question 3 is about IPSec.

Although it had practice before, I still not really sure the answer correct or not? Hope I can score this lab test.

21st Oct 2009 - Lecture 9: IDS; Lecture 10: Legal and Ethical issues in computer security

Today, Mr. Zaki cover 2 lecture; lecture 9: Intrusion Detection System (IDS) and lecture 10: Legal and Ethical issues in computer security. First, Mr. Zaki explains the lecture IDS. Topic that cover in lecture IDS are intruders, security intrusion & detection, types of IDS, IDS techniques, SNORT and Honeypots.

Intruders mean significant issue hostile/unwanted trespass, user trespass or software trespass. While example of intrusion are remote root compromise, web server defacement, guessing or cracking passwords. Security intrusion is a security event, or combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system (or system resource) without having authorization to do so.

Intrusion detection is a security service that monitors and analyzes system events for the purpose of finding, and providing real-time or near real-time warning of attempts to access system resources in an unauthorized manner.

There are 3 types of IDS; host IDS, Network IDS and distributed IDS. Host IDS is a specialized software to monitor system activity to detect suspicious behavior. Two approaches that often used in combination are anomaly detection and signature detection. Anomaly detection defines normal or expected behavior such as threshold detection or profile based; while signature detection is defines proper behavior.

Network IDS is to monitor traffic at selected point on a network. It can detect intrusion patterns and may examine network, transport or application level protocol activity directed toward systems.

After that, Mr. Zaki explains the Intrusion Detection Techniques and Honeypots. Then Mr. Zaki continues the class with lecture 10 Legal and Ethical issues in computer security. Legal also know as law is a rule of conduct or action prescribed or formally recognized as binding or enforced by a controlling authority; while Ethics is a set of moral principles or values. It is an objectively defined standard of right and wrong.

Law also has public law and private law. Private law focuses on individual relationships while public law addresses regulatory agencies. Deterrence can prevent an illegal or unethical activity from occurring. Deterrence requires significant penalties, a high probability of apprehension, and an expectation of expectation of enforcement of penalties.

Legal and Ethical are important in computer security; this is because it can prevent computer crime such as hacking.

This week is the last lecture class for the Information Technology Security. I very appreciate Mr. Zaki teaches us and I also can know more about internet security. Thank you.

15th Oct 2009 - Cracking WEP using Backtrack2

Today lab session, Mr. Zaki explain to us how to cracking WEP using Backtrack2. Backtrack is a tool which makes it ridiculously easy to access any network secured by WEP encryption. WEP stands for Wired Equivalency Privacy; it is a security protocol for Wi-Fi network.

After installed the backtrack2, Mr. Zaki start demo how to crack WEP. Mr. Zaki uses a lot command to crack. Below is the example of command:

• Kismet – a wireless network detector and packet sniffer
  
• iwconfig – to check wireless LAN setting
• aireplay – a tool for forging ARP requests
• airmon – a tool that can help you set your wireless adapter into monitor mode (rfmon)

Monitor mode is an essential to sending fake ARP requests to the target router.

In the end of the class, we still unable to crack the WEP because it required long time and many packet.

14th Oct 2009 - Lecture 7:Wireless Security; Lecture 8: Firewall

This week, Mr. Zaki proceeds to next lecture which is Wireless Security. IEEE ratified wireless LAN 802.11 in 1997. Two pieces of 802.11 components are wireless station and access point. Wireless station is a desktop or laptop PC or PDA with a wireless NIC while Access point is a bridge between wireless and wired networks.
There are 2 types of 802.11 modes: Infrastructure mode and Ad-hoc mode. Infrastructure mode consists of Basic Service Set (BSS) and Extended Service Set. BSS just consist one access point while ESS consist two or more BSSs forming a single subnet. Ad-hoc mode also called peer-to-peer. It is an independent BSS. Below figure show that the Infrastructure mode and Ad-hoc mode.



802.11 have many types, such as 802.11a, 802.11g, 802.11b and 802.11n. Each of the types has its own speed and range. For example, 802.11b maximum specified range to 100 meters and average throughput of 4Mbps; while 802.11g average throughput of 30 Mbps and supports up to 54Mbps in 2.4 GHz range.

Next, Mr. Zaki explains the wireless signal will weakened by walls, floors and interference. This is because wireless LAN uses radio signal. So the access points try to avoid by windows, on external walls or line of sight to outside. Three basic security services defined by IEEE for the WLAN environment are Authentication, Integrity and Confidentiality. For the confidentiality purpose, messages are encrypted uses RC4. RC4 stands for Ron’s Code number 4, it is a symmetric key encryption and use key sizes from 1 bit to 2048 bits. RC4 generates a stream of pseudo random bits which mean it wills XOR with plaintext to create ciphertext.

Then, Mr. Zaki continue with new lecture; Firewall. Firewall could secure workstations and servers. It also can use as perimeter defence. Firewall consists of several types such as packet filtering firewall, stateful inspection firewall, application-level gateway (application proxy) and circuit-level gateway.

Packet filtering firewall is applies rules to packets in/out of firewall. It can base on information in packet header to say if forward or discard packet. It is an easier to manage and use firewall but less secure. This is because packet filter firewall cannot prevent attack on application bugs. It also do not support advanced user authentication.

Stateful inspection firewall is reviews packet header information but also keeps info on TCP connections. This type of firewall only allows incoming traffic to high-numbered ports for packets matching an entry in this directory.

Application-level gateway (application proxy) acts as relay of application-level traffic. It authenticates the users (valid user id & password). Application-level gateways more secure than packet filters but have higher overheads.

Circuit-Level Gateway is a circuit-level gateway does not permit an end to end TCP connection. It sets up two TCP connections, between itself to an inside user and between itself to an outside host.

In the end of the lecture, Mr. Zaki explains what is Firewall Basing and Firewall location.

8th Oct 2009 - Midterm Exam

Today is the midterm exam of Information Technology Security, we have to answer 3 questions out of 4 question. Most of the question is about RSA, transposition, DES and some theory question. Although I managed answer the theory question, the RSA and other practical question make me difficult to score in midterm exam.

7th Oct 2009 - Lecture 6: Security in Network/Application

Today, Mr. Zaki continue explain the Network Security Control

1. Encryption, one of the network security controls consist of 2 types encryption:
   • Link to Link - Decryption occurs just as the communication arrives at and enters the receiving computer
   • End to End - Encryption done by a hardware device between the user and the host or a software running on the host computer.
2. Strong authentication - one entity 'proves' its identity to another by demonstrating knowledge of a secret known to be associated with that entity, without revealing that secret itself during the protocol
3. IPSec - Provide authentication (AH) and encryption (ESP)
4. SSH - Secure remote login (encrypt data send over the network)
5. SSL - provide server authentication, optional client authentication, and an encrypted communications channel between client and server
6. Kerberos - supports authentication in distributed systems
7. Firewall - a network security device designed to restrict access to resources (information or service) according to a security policy
8. IDS - a device or software tools or hardware tools that monitor activity to identify malicious or suspicious events.
9. IPS - network security device that monitors network and/or system activities for malicious or unwanted behavior and can react in real-time to block or prevent those activities.
10. Honeypot - decoy systems that are designed to lure a potential attacker away from critical systems

After explains hacking and its prevention, Mr. Zaki teaches a new topic "Security in Applications". Application such as Email and web has its own security. For example, security in email is SMIME and PGP; while security in web is SSL, SSH, SET, HTTPS and SFTP. Security provided in Email is for confidentiality, data origin authentication, message integrity, non-repudiation of origin and key management; while security in web is to provide secure channel for the communication.

1st Oct 2009 - Lab 6: Security in Network

Today, we are going to learn the Security in Network. Security in Network is an important prevention from nosy people from getting data they are not authorized or worse yet, modify messages intended for other recipients.

Firewall, Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Kerberos and Honeypot is among the application introduce to protect Network services on the network from being attack by malicious people we called hackers.

Today, we have to finish 2 tasks. Task 1 is to capturing File Transfer Protocol (FTP) username and password. Usually, FTP and Telnet send their username and password in clear text. This is not secure because intruder can used Network Monitoring tool such as Wireshark to sniff all the packet transfer during the session especially username and password. Therefore, we are doing the Task 2 to protect the username and password to overcome any unauthorized activity.

Task 2 is using IPSec to secure FTP Transaction. IPSec stand for Internet Protocol Security is one of the solutions to safeguard the transmission of data over FTP from being seen by an unauthorized user. IPSec will encrypt the data send using normal FTP connection, thus only the authorized party can see the content. After we enable the IPSec, we cannot capture username and password anymore using Wireshark.