13 October 2009

Lab 9 of IT Security course is an interesting task because it is about how to hack a wireless password of a modem. In order to perform this hacking task, lecture set up a wireless network using DLink and ask us to search for the wireless network and then connect to it by using password of ‘1a2b3c4d”. The tools required in this lab are wireless NIC (USB) and a software called backtrack either backtrack 2, 3 or 4. En. Mohd Zaki has given us links which is www.remote-exploit.org/backtrack.html and ask us to download backtrack from the website. Besides, we are required to login using command prompt by username “root” and password “toor”. Then, we need to get to know whether the wireless card has been switched on by type ‘ipconfig’ to know whether the network card can be used and type ‘iwconfig’ to know whether the wireless network card be used.

In addition, En.Mohd Zaki told us that real key is set on wireless AP (access point) where 24 key is given by the IV and 40 key is given by ourselves. To switch on the rausb 0, type “ipconfig rausb0 up' in the command prompt. To ensure rausb 0 is switch on, type “ipconfig”. Then, type “iwconfig rausb0 mode monitor' follow by type 'iwconfig', the results of ‘Mode: Monitor’ will be seen. After that start backtrack and plugin usb.

En. Mohd Zaki told us that there are lots of backtrack tool can get to hack computer. En. Mohd Zaki had shown us an example using type ‘kismet’. ‘Kismet’ is typed to scan the wireless and the result is DLink was seen and all information of DLink is displayed. En. Mohd Zaki told us that ‘s’ is for sorting and ‘b’ is to sort according the BBSD. We need an encryption key here. Then we press 'q' to reach to Network List screen. Use airodump to cache the packet and save it in some path. Then, 'airodump-ng --ivs -w output-abg rausb0' is typed where the 'output' is the filename and rausb0 is the wireless network card. Follow by, 'aireplay-ng -3 -b 00:1E:58:FB:57:ED -h 00:22:6B:A9:59:AF -x 1024 rausb0' is typed where the first address is the MAC address, while the second address is local MAC address. After send a lot of packet, it will send back response.

In order to know how many IDs have cached, 'aircrack-ng -0 -n 64 -f 4 output-06.ivs' is typed where output is the file name. This command is used to get the password.

As the conclusion, I feel that I really have gained previous knowledge in hacking.

Legal and Ethical issues in Computer Security, 12 October 2009

Lecture 9 of IT Security course is about legal and ethical issues in computer security. Lecture start with En.Mohd Zaki discuss about law and ethical. Law is a rule of conduct or action prescribed or formally recognized as binding or enforced by a controlling authority. Ethics is a set of moral principles or values and the principles of conduct governing an individual or a group.

According to En.Mohd Zaki, laws are divided to several categories which are civil law, criminal law, tort law. Civil law represents a wide variety of laws that govern a nation or state while criminal law addresses violations harmful to society and is actively enforced through prosecution by the state. Tort law enables individuals to seek recourse against others in the event of personal, physical or financial injury.

Law	Ethic
Formal, documented	Described by unwritten principles
Interpreted by courts	Interpreted by individuals
Established by legislature representing everyone	Presented by philosophers, religions, professional, group
Applicable to everyone	Personal choice
Priority determined by courts if two laws conflict	Priority determined by individual if two principles conflict
Enforceable by police and courts

There are several ethics concept in information security such as ethical difference across cultures, software license infringement, illicit use, and misuse of corporate resources, ethics and education, deterrence to unethical and illegal behavior. Three general categories of unethical and illegal behavior include ignorance, accident and intent. Deterrence is the best method for preventing an illegal or unethical activity. In order to protect programs and data, copyright which designed to protect the expression of ideas such as story and song, patents which applies to the result of science, technology and engineering, trade secret used by owner to protect secret by storing it in a safe and encrypting it and by making employees sign a statement that they will not disclose the secret can be implemented.

In addition, En. Mohd Zaki told us some ethical issues in computer security which includes ethics and religion, ethics is not universal, ethics does not provide answer and ethical reasoning. Ethics & Religion distinguish ethics from religion, analyze a situation from an ethical perspective and reach ethical conclusions without appealing to any particular religion. Ethics is not universal but varies by society within a society such as may be they have different view on privacy. Ethical pluralism is recognizing or admitting that more than one position may be ethically justifiable. Ethics helps to justify our choice and help to identify the issues involves.

At the end of lecture, En. Mohd Zaki remind us to prepare for our assignment presentation.

Wireless LANs, 5 October 2009

Lecture 8 of IT security course is about Wireless LAN. Lecture start with En.Mohd Zaki briefly explained on what is wireless LANs. After listened to En.Mohd Zaki, I know that a wireless LAN or WLAN allows user connect to a local area network through a wireless connection. The IEEE 802.11 group of standards specifies the technologies for wireless LANs. 802.11 focuses on layer 1 and layer 2 of OSI layer which are physical layer and data link layer.

802.11 components defined two pieces of equipment which include wireless station and access point. Wireless station is a desktop or laptop PC or PDA with a wireless NIC. Access point is a bridge between wireless and wired networks and composed of radio, wired network interface and bridging software. 802.11 modes include infrastructure mode and ad hoc mode.

Infrastructure mode is Wireless network consists of at least one access point (AP) connected to the wired network infrastructure and a set of wireless end stations. An access point controls encryption on the network and may bridge or route the wireless traffic to a wired Ethernet network (or the Internet). Access points that act as routers can also assign an IP address to PC's using DHCP services. AP's can be compared with a base station used in cellular networks. This configuration is called a Basic Service Set (BSS). An Extended Service Set (ESS) consists of two or more BSSs forming a single sub network. Ad hoc mode is An Extended Service Set (ESS) consists of two or more BSSs forming a single sub network. Ad-Hoc mode is a set of 802.11 wireless stations that communicate directly with each other without using an access point or any connection to a wired network. This basic topology is useful in order to quickly and easily set up a wireless network anywhere. Ad-Hoc Mode is also called peer-to-peer mode or an Independent Basic Service Set (IBSS).

Besides, En. Mohd Zaki also explained about RTS/CTS. Request to Send (RTS) frame is sent by a potential transmitter to the receiver and a Clear to Send (CTS) frame is sent from the receiver in response to the received RTS frame. All other stations hear this and delay any transmission. If the CTS frame is not received within a certain time interval, RTS frame is retransmitted by executing a backoff algorithm.

Follow by, En.Mohd Zaki explained WLAN standards which includes to us. The differences are:

802.11a	With data transfer rates up to 54Mbps, it is faster than 802.11b and can support more simultaneous connections. Because it operates in a more regulated frequency, it gets less signal interference from other devices and is considered to be better at maintaining connections. In areas with major radio interference (e.g., airports, business call centers), 802.11a will outperform 802.11b. It has the shortest range of the three standards (generally around 60 to 100 feet), broadcasts in the 5GHz frequency, and is less able to penetrate physical barriers, such as walls.
802.11b	It supports data transfer speeds up to 11Mbps. It's better than 802.11a at penetrating physical barriers, but doesn't support as many simultaneous connections. It has better range than 802.11a (up to 300 feet in ideal circumstances). It's more susceptible to interference, because it operates on the same frequency (2.4GHz) as many cordless phones and other appliances. Therefore, it's not considered a good technology for applications that require absolutely reliable connections, such as live video streaming.
802.11g	It's faster than 802.11b, supporting data transfer rates up to 54Mbps. It has a slightly shorter range than 802.11b, but still better than 802.11a. It is backward-compatible with 802.11b products, but will run only at 802.11b speeds when operating with them. It uses the 2.4GHz frequency, so it has the same problems with interference as 802.11b.

There are three basic security services defined by IEEE for the WLAN environment such as authentication, integrity, and confidentiality. Authentication provides a security services to verify the identity of communicating parties, integrity to ensure message are not modified and confidentiality to provide privacy achieved by a wired network. WEP is the encryption algorithm built into 802.11 standards. WEP (Wired Equivalent Privacy) encryption uses RC4 stream cipher with 40 or 104 bit keys and a 24 bit initialization vector. Most 802.11 devices allow WEP keys to be entered using an ASCII passphrase or in hexadecimal format. The conversion between these two formats is an industry standard which is shared by almost all vendors of 802.11 equipment. There are two WEP security tools describes by En.Mohd Zaki which are AirSnort and WEPCrack. AirSnort is a WLAN tool which crack encryption keys on 802.11 WEP network. AirSnort operates by passively monitoring transmissions and computing the WEP encryption key when enough packets have been gathered. WEP Crack is a tool that cracks 802.11 WEP encryption keys by exploiting the weaknesses of RC4 key scheduling.

At the end of the lecture, En. Mohd Zaki told us that he will show us how to hack wireless network at lab section.

Security in Applications, 29 September 2009

Lecture 7 of IT security course is about Security in Application which concentrates on Electronic Mail Security. Lecture start with En.Mohd Zaki explained on what is an email. According to him, an email (Electronic mail) is the exchange of computer-stored message by telecommunication. An email message is usually encoded in ASCII text and consists of two parts which are header and body separated by blank line. The header consists of sender, recipient, date, and subject and delivery path while body consists of actual message content.

Besides that, En.Mohd Zaki told us that there are security provided in E-mail which is confidentiality, data origin authentication, message integrity, non-repudiation of origin and key management. Data origin authentication and non repudiation of origin can be provided by digital signature which has been register at Verisign. Confidentiality can be provided by login function while message integrity can be provided by message encryption.

However, email also exposed to some threats which is generally divided into two main group such as threats to the security of email itself and threats to an organization that are enabled by the use of an email. Loss of confidentiality, loss of integrity, lack of data origin authentication, lack of non-repudiation and lack of notification of receipt are email security threats. All these threats will causes disclosure of sensitive information either deliberate or unintentional, exposure of systems to malicious code where view email through html is vulnerable to virus attack, exposure of systems to denial of service attacks and spamming.

En.Mohd Zaki told us that in order to secure email, S/MIME and PGP can be used. S/MIME allows flexible client-client security through encryption and signatures. PGP is similar to S/MIME by using encryption for confidentiality and signature for non-repudiation or authenticity. However, PGP is not secure if public key and private key is not register.

Besides, En.Mohd Zaki also explained to us about web security which includes security of server, security of client, and network traffic security between a browser and a server. Web security can be implement using SSL/TLS, SSH and SET. SSL/TLS are widely used in web browsers and servers to support secure e-commerce over HTTP by providing secure channel for sending credit card information and personal details. However, it only secures to customer side but not secure at receiving side. SSH is designed to replace secure rsh and telnet utilizes to support secure file transfer and email. SSH provides security at Application layer and install at server side. SET is an open encryption and security specification designed to protect credit card transactions on the Internet. It uses SSL to secure communication links.

Lastly, En. Mohd Zaki proceeds to biometric topic. Biometric refer to authentication techniques that rely on measurable physical characteristic that can be automatically checked.

Physiological (Static) biometric method
Biometric Identification	Description
Fingerprint recognition	Analysis of an individual’s unique fingerprints.
Retinal scan	Analysis of the capillary vessels located at the back of the eye.
Iris scan	Analysis of the colored ring that surrounds the eye’s pupil.
Hand geometry	Analysis of the shape of the hand and the length of the fingers.
Face	Analysis of facial characteristics using visible and infrared light.

Behavioral (dynamic) biometric methods
Biometric Identification	Description
Signature recognition	Analysis of the way a person signs his name.
Speaker recognition	Analysis of the tone, pitch, cadence and frequency of a person’s voice.
keystroke dynamics	Analysis of the coloured ring that surrounds the eye’s pupil.