22nd Oct 2009 - Lab Test

Today is the last lab session for Information Technology Security, but today we don’t have any class. This is because we have lab test today.

The lab test is held to test us understand this course or not. More of the question is ask about thing that we learn in lab class. The lab test consist 3 question and we have to answer 2 question. Question 1 is asked about folder permission, question 2 is PGP while question 3 is about IPSec.

Although it had practice before, I still not really sure the answer correct or not? Hope I can score this lab test.

21st Oct 2009 - Lecture 9: IDS; Lecture 10: Legal and Ethical issues in computer security

Today, Mr. Zaki cover 2 lecture; lecture 9: Intrusion Detection System (IDS) and lecture 10: Legal and Ethical issues in computer security. First, Mr. Zaki explains the lecture IDS. Topic that cover in lecture IDS are intruders, security intrusion & detection, types of IDS, IDS techniques, SNORT and Honeypots.

Intruders mean significant issue hostile/unwanted trespass, user trespass or software trespass. While example of intrusion are remote root compromise, web server defacement, guessing or cracking passwords. Security intrusion is a security event, or combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system (or system resource) without having authorization to do so.

Intrusion detection is a security service that monitors and analyzes system events for the purpose of finding, and providing real-time or near real-time warning of attempts to access system resources in an unauthorized manner.

There are 3 types of IDS; host IDS, Network IDS and distributed IDS. Host IDS is a specialized software to monitor system activity to detect suspicious behavior. Two approaches that often used in combination are anomaly detection and signature detection. Anomaly detection defines normal or expected behavior such as threshold detection or profile based; while signature detection is defines proper behavior.

Network IDS is to monitor traffic at selected point on a network. It can detect intrusion patterns and may examine network, transport or application level protocol activity directed toward systems.

After that, Mr. Zaki explains the Intrusion Detection Techniques and Honeypots. Then Mr. Zaki continues the class with lecture 10 Legal and Ethical issues in computer security. Legal also know as law is a rule of conduct or action prescribed or formally recognized as binding or enforced by a controlling authority; while Ethics is a set of moral principles or values. It is an objectively defined standard of right and wrong.

Law also has public law and private law. Private law focuses on individual relationships while public law addresses regulatory agencies. Deterrence can prevent an illegal or unethical activity from occurring. Deterrence requires significant penalties, a high probability of apprehension, and an expectation of expectation of enforcement of penalties.

Legal and Ethical are important in computer security; this is because it can prevent computer crime such as hacking.

This week is the last lecture class for the Information Technology Security. I very appreciate Mr. Zaki teaches us and I also can know more about internet security. Thank you.

15th Oct 2009 - Cracking WEP using Backtrack2

Today lab session, Mr. Zaki explain to us how to cracking WEP using Backtrack2. Backtrack is a tool which makes it ridiculously easy to access any network secured by WEP encryption. WEP stands for Wired Equivalency Privacy; it is a security protocol for Wi-Fi network.

After installed the backtrack2, Mr. Zaki start demo how to crack WEP. Mr. Zaki uses a lot command to crack. Below is the example of command:

• Kismet – a wireless network detector and packet sniffer
  
• iwconfig – to check wireless LAN setting
• aireplay – a tool for forging ARP requests
• airmon – a tool that can help you set your wireless adapter into monitor mode (rfmon)

Monitor mode is an essential to sending fake ARP requests to the target router.

In the end of the class, we still unable to crack the WEP because it required long time and many packet.

14th Oct 2009 - Lecture 7:Wireless Security; Lecture 8: Firewall

This week, Mr. Zaki proceeds to next lecture which is Wireless Security. IEEE ratified wireless LAN 802.11 in 1997. Two pieces of 802.11 components are wireless station and access point. Wireless station is a desktop or laptop PC or PDA with a wireless NIC while Access point is a bridge between wireless and wired networks.
There are 2 types of 802.11 modes: Infrastructure mode and Ad-hoc mode. Infrastructure mode consists of Basic Service Set (BSS) and Extended Service Set. BSS just consist one access point while ESS consist two or more BSSs forming a single subnet. Ad-hoc mode also called peer-to-peer. It is an independent BSS. Below figure show that the Infrastructure mode and Ad-hoc mode.



802.11 have many types, such as 802.11a, 802.11g, 802.11b and 802.11n. Each of the types has its own speed and range. For example, 802.11b maximum specified range to 100 meters and average throughput of 4Mbps; while 802.11g average throughput of 30 Mbps and supports up to 54Mbps in 2.4 GHz range.

Next, Mr. Zaki explains the wireless signal will weakened by walls, floors and interference. This is because wireless LAN uses radio signal. So the access points try to avoid by windows, on external walls or line of sight to outside. Three basic security services defined by IEEE for the WLAN environment are Authentication, Integrity and Confidentiality. For the confidentiality purpose, messages are encrypted uses RC4. RC4 stands for Ron’s Code number 4, it is a symmetric key encryption and use key sizes from 1 bit to 2048 bits. RC4 generates a stream of pseudo random bits which mean it wills XOR with plaintext to create ciphertext.

Then, Mr. Zaki continue with new lecture; Firewall. Firewall could secure workstations and servers. It also can use as perimeter defence. Firewall consists of several types such as packet filtering firewall, stateful inspection firewall, application-level gateway (application proxy) and circuit-level gateway.

Packet filtering firewall is applies rules to packets in/out of firewall. It can base on information in packet header to say if forward or discard packet. It is an easier to manage and use firewall but less secure. This is because packet filter firewall cannot prevent attack on application bugs. It also do not support advanced user authentication.

Stateful inspection firewall is reviews packet header information but also keeps info on TCP connections. This type of firewall only allows incoming traffic to high-numbered ports for packets matching an entry in this directory.

Application-level gateway (application proxy) acts as relay of application-level traffic. It authenticates the users (valid user id & password). Application-level gateways more secure than packet filters but have higher overheads.

Circuit-Level Gateway is a circuit-level gateway does not permit an end to end TCP connection. It sets up two TCP connections, between itself to an inside user and between itself to an outside host.

In the end of the lecture, Mr. Zaki explains what is Firewall Basing and Firewall location.

8th Oct 2009 - Midterm Exam

Today is the midterm exam of Information Technology Security, we have to answer 3 questions out of 4 question. Most of the question is about RSA, transposition, DES and some theory question. Although I managed answer the theory question, the RSA and other practical question make me difficult to score in midterm exam.

7th Oct 2009 - Lecture 6: Security in Network/Application

Today, Mr. Zaki continue explain the Network Security Control

1. Encryption, one of the network security controls consist of 2 types encryption:
   • Link to Link - Decryption occurs just as the communication arrives at and enters the receiving computer
   • End to End - Encryption done by a hardware device between the user and the host or a software running on the host computer.
2. Strong authentication - one entity 'proves' its identity to another by demonstrating knowledge of a secret known to be associated with that entity, without revealing that secret itself during the protocol
3. IPSec - Provide authentication (AH) and encryption (ESP)
4. SSH - Secure remote login (encrypt data send over the network)
5. SSL - provide server authentication, optional client authentication, and an encrypted communications channel between client and server
6. Kerberos - supports authentication in distributed systems
7. Firewall - a network security device designed to restrict access to resources (information or service) according to a security policy
8. IDS - a device or software tools or hardware tools that monitor activity to identify malicious or suspicious events.
9. IPS - network security device that monitors network and/or system activities for malicious or unwanted behavior and can react in real-time to block or prevent those activities.
10. Honeypot - decoy systems that are designed to lure a potential attacker away from critical systems

After explains hacking and its prevention, Mr. Zaki teaches a new topic "Security in Applications". Application such as Email and web has its own security. For example, security in email is SMIME and PGP; while security in web is SSL, SSH, SET, HTTPS and SFTP. Security provided in Email is for confidentiality, data origin authentication, message integrity, non-repudiation of origin and key management; while security in web is to provide secure channel for the communication.

1st Oct 2009 - Lab 6: Security in Network

Today, we are going to learn the Security in Network. Security in Network is an important prevention from nosy people from getting data they are not authorized or worse yet, modify messages intended for other recipients.

Firewall, Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Kerberos and Honeypot is among the application introduce to protect Network services on the network from being attack by malicious people we called hackers.

Today, we have to finish 2 tasks. Task 1 is to capturing File Transfer Protocol (FTP) username and password. Usually, FTP and Telnet send their username and password in clear text. This is not secure because intruder can used Network Monitoring tool such as Wireshark to sniff all the packet transfer during the session especially username and password. Therefore, we are doing the Task 2 to protect the username and password to overcome any unauthorized activity.

Task 2 is using IPSec to secure FTP Transaction. IPSec stand for Internet Protocol Security is one of the solutions to safeguard the transmission of data over FTP from being seen by an unauthorized user. IPSec will encrypt the data send using normal FTP connection, thus only the authorized party can see the content. After we enable the IPSec, we cannot capture username and password anymore using Wireshark.

30th Sept 2009 - Lecture 5:Authentication & Access Control;Lecture 6: Security in Network

Today, Mr. Zaki teaches new lecture that is Authentication & Access Control. What is authentication? Authentication is verification of identity of someone who generated some data. Authentication must be able to verify that message came from apparent source or author, contents have not been altered and sometimes it was sent at a certain time or sequence. Besides that, authentication also is a protection against active attack (falsification of data and transactions).

Next, Mr. Zaki explains what is Biometric? Biometrics is the measurement and statistical analysis of biological data. There are two types of biometrics methods; static and dynamic. Examples of static biometrics are fingerprint recognition, retinal scan, iris scan and hand geometry; while dynamic biometric are signature recognition, speaker recognition and keystroke dynamics.

Below figure show that the Biometric System Mode:
Then, Mr. Zaki explains what Access Control is? Access Control is the prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner.

Access Control Metric and Access Control List used to control access level pertaining to object and file. Files usually have 2 owners, user and a group. Each with its own set of permissions. Permissions are to read/write/execute in order user/group/other.

• Read = list contents
• Write = create or delete files in directory
• Execute = use anything in or change working directory to this directory

After that, Mr. Zaki explains about lecture 6: Security in network. Mr. Zaki skipped the topic introduction to network because it is learn in other subject before. Mr. Zaki explain network security control.

Example of network security control are encryption, strong authentication, IPSec, VPN, SSH, Kerberos, Firewall, Intrusion Detection System (IDS), Intrusion Prevention System (IPS) or Honeypot.

Each of the network security control is important in order to secure the network for unauthorized user.

In the end of the lecture, Mr. Zaki inform us next week have mid-term exam.

10th Sept 2009 - Lab 5: Web Application Security

The top 10 web application vulnerabilities are:

• Cross site scripting
• Injection flaws
• Malicious file execution
• Insecure direct object reference
• Cross site request forgery
• Information leakage and improper error handling
• Broken authentication and session management
• Insecure crypto storage
• Insecure comms
• Failure to restrict URL access

Today, in this lab session, we are going to see, learn and perform real attacks against a web application. That mean we are going to hack to the web browser by using above method. Simulation toolkit that used for today is WebGoat and WebScarab.

WebGoat is toolkit that can create a de-facto interactive teaching environment for web application security. WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented.

WebGoat and WebScarab provided by OWASP community and be can be downloaded from http://www.owasp.org

After complete setup the WebGoat and WebScarab, first, we were using the Cross site scripting (XSS) attack to phishing attack. XSS is a vulnerability that can happen when a web application accept any input and sends it to a web browser without validate or encoding the content. When it is not validate, attacker can execute script in the victim's browser and can cause web defacement.

Next, we were trying in the Injections flaw. Injection flaw like SQL injection will cause web application to run an SQL code that was not intended by the application. For an example a web application might have a query statement as below:

The attacker can manipulate this statement by adding

In which it returns all the data from the table user.

In the end of the lab, we are trying the Malicious File execution. It is another web application vulnerabilities caused by failing to control application input. In this attack, attacker will manipulate the web application to become the attacker remote terminal to execute command line instructions such as directory list, dir or displaying network configuration, ipconfig. It will become more dangerous if the attacker manipulate this vulnerability by executing command that can create a backdoor to your server.

In order to prevent such vulnerability, the web application must strongly validate user input, strong output encoding, do not use "blacklist" validation and etc.

9th Sept 2009 - Lecture 4: Program Security

Today, Mr. Zaki is going to teach the new lecture. It is lecture 4: Program Security. This lecture is all about how to secure program and type of malicious code. Malicious code is an unanticipated or undesired effect in programs that generated for the intended of damage. Damage could be in form of modification/destruction, stolen data, unauthorized access, damage on system, or other forms not intended by users.

There are many type of malicious code such as virus, Trojan or worm. Below table show that the type of malicious code and it characteristics:

Next, Mr. Zaki is explaining about the type of viruses. Virus can have many types such as parasitic virus, memory-resident virus, boot sector virus, stealth virus and polymorphic virus. Each of the viruses has it own harm. For example, boot sector virus is a virus that can infect the boot sector of a disk, and spreads when the OS boots up.

Then, Mr. Zaki is explaining what are trapdoors and the Salami Attack. Trapdoors are often caused by programmers leaving debug routines in the code. Or failure to check array bounds which lets code overrun the array bounds and gets placed on the stack. While Salami Attack refer to the simple fact, that when dealing with real numbers the computer has a fixed size and will perform rounding or truncation. There will always be those programmers that will try to conceal the small amounts on the hope that humans will not notice.

In the end of the lecture, Mr. Zaki explains the way to prevent virus infection. For example:

• Use only commercial software acquired from reliable, well established vendors
• Test all new software on an isolated computer
• Do not put a floppy disk in the machine unless it has been scanned first
• Scan any downloaded files before they are run
  

27th Aug 2009 - Lab 4: Modern Cryptography(extended version)

Today lab session, Mr. Zaki continue teaches the modern cryptography. It is the extended version of the modern cryptography.

First, Mr. Zaki is explaining how the DES works? DES works by encrypting group of 64 message bits, which is the same as 16 hexadecimal numbers. To do the encryption, DES uses "keys" where are also 64 bits long. However, every 8th key bit is ignored in the DES algorithm, so that the effective key size is 56. The plaintext and the Key will undergo 16 rounds of expansion, substitution, key mixing and permutatio process. Figure below show the detail operation undertaken in each round.

Next, Mr. Zaki demonstrates how to do the encryption by using DES. Mr. Zaki step by step taught us the process of the DES algorithm. However, Mr. Zaki just managed to show us the first round of the DES algorithm, the rest of the round (15round) we have to finish our self.

26th Aug 2009 - Lecture 3: Modern Cryptography Part 2

In the last lecture, Mr. Zaki teaches about the stream ciphters, block ciphers and DES. Today, Mr. Zaki is going to teach us about MAC; stands for Message Authentication Code. MAC is one of the modern cryptography. It is used to protect against active attacks. It also used to verify received messages is authentic which mean the contents are unaltered, from the authentic source and also timely and in correct sequence. Below figure show that the way of encryption and decryption messages by using MAC.

Next, Mr. Zaki teaches about the Hash function. Hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string. Below figure show that the processes of hash function:

There are 2 prominent algorithms in Hashing functions that are MD-5 and SHA-1. MD-5 algorithm produces a 128-bit output. While SHA-1 can produces a 160-bit MAC. So this longer output is considered to be more secure than MD-5.

After that, Mr. Zaki is teaches the Digital signature. Digital signature is the provision of a means of setting disputes between sender and receiver that distinguishes the digital signature mechanism from the MACing process.

In the end of the lecture, Mr. Zaki is teaches the Certification Authority (CA), RSA that learn in last lab session and methods of attack. There are four general attacks that can be performing against encrypted information:

• Ciphertext - only attack guessing the plaintext or using frequency analysis
• Know Plaintext guess using known plaintext
• Chosen-plaintext
• Chosen-ciphertext attack

Besides that, there are also specific attacks that can be launched against encryption systems.

• Brute-Force attack
• Replay attacks
• Man-in-the-middle attacks
• Fault in Cryptosystem
  

13rd Aug 2009 - Lab 4: Modern Cryptography

Today in the lab session, Mr. Zaki going to teaches us how to find the private and public key using the RSA algorithm. What is public and private key? Public key and private key is the unique pair of key that widely use in asymmetric encryption.

Usually the private key is kept secret while the public key may be widely distributed. Messages are encrypted with the recipient's public key and can only be decrypted with the corresponding private key. The keys are related mathematically. However, even you know the public key; you also cannot derive the private key from the public key. So it can prove the authenticity.

How using RSA algorithm to calculate private key and public key? Below is the steps to calculate private and public key:

1. Select primes: p=17 & q=11
2. Compute n = pq = 17*11=187
3. Compute node n = (p-1)(q-1) = 16*10 = 160
4. Select e: gcd(e,160)=1
5. Determine d: d*e = 1 mod 160. So value d=23

After the 5 steps, publish key PU={e,n}; PU = {7, 187} and secret private key is PR={d,n}; PR = {23, 187}.

12nd Aug 2009 - Lecture 3: Modern Cryptography

Today, Mr. Zaki teaches about the modern cryptography. Modern cryptography is different from classic cryptography that taught last lecture. This is because modern cryptography is use a sequence of binary digits (bits) that is, zeros and ones such as ASCII. This bit sequence representing the plain text is then encrypted to give the cipher text as a bit sequence.

Modern cryptography algorithms consist of various types such as stream ciphers and block ciphers. Stream ciphers where the sequence is encrypted bit-by-bit. While block ciphers where the sequence is divided into blocks of a predetermined size. ASCII requires 8 bits to represent one character, and so for a block cipher that has 64-bit blocks, the encryption algorithms acts on eight characters at once.

Since most modern algorithms operate on binary string so we need to be familiar with a method of combining two bits called Exclusive OR and ofter written as XOR. Table below show that the way of doing the XOR. When 0 XOR with 0 will get 0 while 0 XOR with 1 will get 1.

How we encrypt using the modern cryptography? If the plain text is 1100101 and the key stream is 1000110 then by applying the XOR gives 0100011 as the cipher text.

Above table show that the ASCII table and description. How this ASCII table can help in modern cryptography? First, select a plain text and key stream. In this case, I select APPLE as my plain text while my key stream is KEY. Both of the plain text and key stream change to the binary sequence in order to use the XOR.

From the above ASCII table, A uppercase is decimal number 65 while P uppercase is decimal number 80. Follow the ASCII table; we can get the information as below:


Next, we can do the encryption. XOR with plain text and key stream then we can get the cipher text.

Next, Mr. Zaki teaches us about the DES. DES stands for Data Encryption Standards. It is a widely used encryption scheme. The plain text is divided into 64 bit blocks with a key of 56 bits (with 8 bit parity). DES must process through 16 round of Expansion, substitution, key mixing and permutation process. Figure below show that the process of DES.

In the end of the class, Mr. Zaki shows us the process of DES by using flash. However, I still don't know how to do the DES. Maybe it is because I just learn the theory. not yet do it myself.

30th Jul 2009 - Lab 3: Classic Cryptography

Today is the 3rd lab session of Information Technology Security. Before that, Mr. Zaki already taught us about the Caesar cipher and Vigenere cipher in lecture class. In this lab, we had to complete 2 tasks that are deciphering simple substitution cipher text and encrypt and decrypt using vigenere cipher. These 2 tasks are done in order to strengthen our cryptography theory. In the end of the lab, Mr. Zaki asks us to do the review question and pass up the lab report (lab1-lab3) to him. In the lab 3 review question 3, we have to use kasiski method to decrypt the vigenere cipher text as below:

To decrypt the above Vigener cipher text, we have to find out the key letter that use for encrypt. First, find out the repeated cipher text string. Then, we have to find the different spacing between the repeated strings. After that, we have to find the factors based to the number of the different spacing. For example, QLTJSU string first time appear at position 65, then it appear again at position 165, between this two strings is 100 so we find the factor of 100. Below table shown the result:

After find all the factors, the most factors repeated are 2 and 4. This number represent the key length for the key letter; either 2 or 4. In this case, we try number 4 first.

Divide the cipher text into 4 letters as shown below:

LIOM WGFE GGDV WGHH CQUC RHRW AGWI OWQL KGZE TKKM EVLW PCZV GTHV TSGX QOVG CSVE TQLT JSUM VWVE UVLX EWSL GFZM VVWL GYHC USWX OHKV GSHE EVFL CFDG VSUM PHKI RZDM PHHB VWVW JWIX GFWL TSHG JOUE EHHV UCFV GOWI CQLT JSUX GLW

Then we take out every first letter of the cipher text:

LWGWCRAOKTEPGTQCTJVUEGVGUOGECVPRPVJGTJEUGCJG

After that, we calculate the frequency of the character

From the above table, the highest frequency is G. In English language, the highest frequency is E. So we set the G into E and get the table as below:

So, we can know that the first letter of the key letter is C.

Next, we continue to find the second letter and third letter of the key. The method is just same like the method to find the first letter.

Then we can find the key letter is COD.

However, when want to find the fourth key. I face some problems. List down the every fourth letter of the cipher text:

MEVHCWILEMWVVXGETMEXLMLCXVELGMIMBWXLGEVVITX

After that, we calculate the frequency of the character:

From the above table, the highest frequency is V, E and M. In English language, the highest frequency is E. So we set the V, E and M into E:

From the above table, we still can't find the key letter. This is because CODR, CODA or CODI is not an exist word in English. So, we have to try the second highest frequency or third highest frequency.

By using try and error method, we finally find the key letter which is CODE and use it to decrypt the Vigenere cipher text. Below is the plain text:

JULIUS CAESAR USED A CRYPTO SYSTEM IN HIS WAR WHICH IS NOW REFERRED TO AS CAESAR CIPHER IT IS A SHIT CIPHER WITH THE KEY SETTM THREE EACH CHARACTER IN THE PLAINTEXT IS SHIFTER THREE CHARACTER SO CREATE A CIPHERTEXT

29th Jul 2009 - Lecture 2: Basic Cryptography Part 2

Today, before start lecture, Mr. Zaki gave us the answer the of cipher text that given last lectures. The answer is:

THE FUEL PRICE WILL INCREASE TO RM FOUR BY NEXT WEEK

Although my answer is a bit difference from the answer, I still feel happy because I manage to decrypt it. Next, Mr. Zaki teaches us the correct way to find the cipher text. First, find a word to decrypt it. This time the word that selects to decrypt is BNQQ. After select the word, draw a table as below:


From the table above, when the enciphering key is 0; the assumed message is BNQQ. While the enciphering key is 25; the assumed message is CORR. How can find the CORR? By using total alphabet 26 minus the enciphering key (25 in this case) then we get 1. So shift the entire message one more alphabet. That why we get CORR when the enciphering key 25 and get DPSS when the enciphering key is 24. Follow the steps and find all the possible assumed messages. After complete the table, we can know that the plain text of BNQQ is WILL. Substitute B = W, C = X, D = Y until we get the table as below. By follow this table then we can decrypt the cipher text.


Next, Mr. Zaki teaches us about the vigenere ciphers. Vigenere ciphers are the best known of the manual poly alphabetic cipher. It is uses a vigenere square to perform encryption.


Above figure shown that the vigenere tableau. The left-hand (key) column of this square contains the English alphabet and for each letter, the row determined by that letter contains a rotation of the alphabet with that letter as the leading character. How to use this vigenere tableau? First, determine an original text and encryption key. For example: original text is the answer: THE FUEL PRICE WILL INCREASE TO RM FOUR BY NEXT WEEK while the encryption key is APPLE. Now, we can do the encryption as below:


From the above table, the cipher text that produce are: TWTQYEALTPLXCNVEPHPXOGBQSUGOYIXILPIK. This type of encryption is different from previous one; this is because vigenere cipher can't break with shifting the alphabet or by try and error. In order to decrypt it, someone must know the encryption key. Encryption key can single words or a sentence. So it is more secure and hard to break compare with Caesar cipher.

23rd Jul 2009 - Lab 2: The Goals of Information Technology Security

Today is the 2nd lab session of Information Technology Security;however, Mr. Zaki had canceled the lab session because some reasons.

Although the class is canceled, Mr.Zaki asks us to study the lab at home and do the review question. Lab 2 is about the goal of information technology security. We study information technology security because of confidentiality, availability and integrity.

Confidentiality mean provides protection to computer related assets from being used by unauthorized user. Its mean only the right person who has the authority can read, view, print or even knowing the existing of the object. Confidentiality also called as privacy or secrecy. While availability makes sure authorized user can access information at any time without any failure. The last goals; integrity ensures data can be modified by authorized parties and by authorized mechanism only. Information can be added, updated or deleted; hence it must be done in a correct ways and by the right person to ensure the correctness and validity of the information.

In order to create a secure computing environment, the balance between the goals is very important. This is because if one of the goals is more or less it will affect the functionality of the system. For example, if we concentrate on providing the total confidentiality of the information then the availability of the data is less.

Relationship between confidentiality, integrity and availability.

22nd Jul 2009 - Lecture 2: Basic Cryptography

Today I learn cryptography from Mr. Zaki. Cryptography is to disguise information in such a way that its meaning is unintelligible to an unauthorized person. That mean although an unauthorized people gaining access to the information also don’t understand what they see. For example, HSPPW is a word that after encryption (process of converting ordinary information into unintelligible information), we do not know what the word meaning. But if we decrypt (process that moving from unintelligible information to ordinary information) it, it can mean DOLLS or WHEEL.

When the word in unintelligible form, we called it as cipher text while if the word in ordinary form, it is known as plain text. At the end of the lecturer, Mr. Zaki asks us to find the message behind the cipher text:

YMJ KPJQ UWNHJ BNQQ NSHWJFXJ YT WH KTZW GD SJCY BJJP

From the above cipher text, I take the BJJP as my first word to decrypt it. In my mind, if the cipher text is using substitution (one of the techniques of cryptography: replace original alphabet to other alphabet to make it unintelligible) then it is quite impossible is A. This is because it is hard to find xAAx word in English. After some try n error, I think the J is E, follow by K is F, L is G…….until I is D. Then the whole sentence is decrypt as:

THE FKEL PRICE WILL INCREASE TO RC FOUR BY NEXT WEEK

Although I able to decrypt it, it still got 2 words which do not mean anything and I don’t know why?? =.=”

16th Jul 2009 - Lab 1: Introduction to Virtualization & VMware

Today 10am until 12pm is the lab session for Information Technology Security. Mr. Zaki teaches about the Virtualization & VMware. Virtualization is a method which can create a virtual storage and run different operating systems in one pc. That mena if our pc operating system is windows XP, we can run windos vista at the same time by using the VMware workstation.

After explain the concept of Virtualization and VMware, Mr. Zaki want us to experience it by install the VMware workstation in the pc. After the installation of VMware workstation, we have to create a disk image and save the disk image in C drive(C:\). Next, we have to install the windows server 2003 on the virtual machine. Place the installer CD to the cdrom drive and start the virtual machine. The virtual machine will booting the cdrom drive and we will see the familiar windows server 2003 installation page. After finish the windows server 2003 installation, we can see the login page of the windows server. The windows server is running just like in the real pc which also has the HDD, network connections or memory.

Today I learn how to use multiple operating systems in one pc without delete the existed operating systems.

15th Jul 2009 - Introduction

Today is my first day study subject Information Technology Security. Our lecturer is Mr. Mohd Zaki bin Mas'ud. When Mr.Zaki comes in the class, he directly gives us a quiz. The quiz is about the general knowledge of the security. However, I just manage to answer 8 questions out of the 12 question. After quiz, he briefly tells us what we are going to learn in this semester. This subject covered 14 topics such as introduction to Information Security, introduction to cryptography, firewall and so on. Besides that, he also tell us about the important of the computer security. We study computer security because growing importance of the IT security and new career opportunities.

Mr. Zaki also taught us some new term such as cryptography, distributed denial of service (DDoS), CISSP, GIAC, CEH and ECSA. CISSP stand for Certified Information Systems Security Professional which is an independent information security certification governed by International Information Systems Security Certification Consortium (ISC). The CISSP examination covered variety of Information Security topics and candidattes have to answer 250 multiple choice questions in 6 hours.