Introduction to Information Security, 21 July 2009

Our second lab section of IT security course is to learn about how three security principles which are confidentiality, integrity, and availability works. During lab section, En. Mohd Zaki has explained to us the difference between FAT and NTFS. Both of FAT and NTFS are file system for Windows but NTFS has provided local file security which does not in FAT. After explanation, we are required to understand lab sheet and follow instructions in lab sheets.

I have used VMware Workstation to perform this lab activity. Before do any changes in virtual machine, I take snapshot so that virtual machine can roll back to saved status after lab activity end. After that, I check C-Drive in virtual machine to ensure that NTFS is installed in order to continue lab activity. This is because without NTFS, local file security cannot occur. First task that I performed is to verify confidentiality of data. For the first task, I have created two users which are user1 and user2 besides create a Confidentiality folder with a User1Folder inside. I changed the security setting of User1Folder to let user1 only has full control on it. As the result, I can see the content of User1Folder if I login as user1 but access is denied if I login as user2. This has proven that data confidentiality occurs because information is accessible to those authorized to have access only.

For second task, I create an Availability folder with user2Folder inside and I changed user2Folder security setting to allow user2 has full control. After that, I try to open user2Folder and the access is successful. Follow by, I login in as Administrator and delete user2 account from local security database and then create a new user which also named as user2. But the access is denied when I try to open user2Folder by login as user2. This is because user2 account that has full control is no longer exists. This showed that data availability occurs by allowing information available for use by its intended users.

For third task, I login as user1 and create a new folder of Integrity with User1Folder inside. Then, I create a text document in User1Folder and save it. After that, I login as user2 and try to modify text document that save by user1. I can modify the contents of file but unexpectedly I couldn’t save the file! From the third task, I understand how data integrity works. Data integrity prevents modification of information by unauthorized user.

As the conclusion, local file security is important to protect information from unauthorized access and allow information available for use or modification of information by its intended users only.

Authentication & basic cryptography, 20 July 2009

My second lecture of IT security course is about authentication & basic cryptography. This is an interesting topic that I ever learn. According to En.Mohd Zaki, authentication is the process by which we can verify that someone is who they claim they are. This usually involves a username and password, but can include any other method of demonstrating identity such as smart card, retina scan, voice recognition or fingerprints. En.Mohd Zaki told us that research has showed gait can also be used to show a person identity.

Due to the importance of password in authentication process, En.Mohd Zaki advice us must choose a good password. A good password characteristics include must at least 6 character, contain various combinations of characters such as combination of lower case, uppercase, numbers and special characters, avoid using words from dictionary, avoid write passwords somewhere such as handphone and must be difficult to guess. Besides that, En.Mohd Zaki also mentioned that login important account such as online banking account at public is not advisable because hacker can hack the password easily. Furthermore, he advise us not to click link to login important user account because some of the web page link are fake which imitate original web page with the purpose of getting username and password. During this lecture, I also learn how to calculate time to break a password by using formula as following:

Password population, N=r^s

Probability of guessing a password= 1/N

Probability of success, P=nt/N

Where r= total number of character that can be use as password

s= number of character require

t= times

n= number of guess/times

After explanation of authentication concept, En.Mohd Zaki proceeds to cryptography concept. Cryptography can be defined as the conversion of data into a scrambled code that can be deciphered and sent across public or private network. Cryptography uses two main style of forms of encrypting data; symmetrical and asymmetrical. Symmetric encryptions also known as private key encryptions use the same key for encryption as they do for decryption. In the other hand, Asymmetric encryption which also known as public key encryption uses different encryption keys for encryption and decryption. In the case of asymmetric encryption, an end user on a network, public or private has a pair of keys; one for encryption and one for decryption. These key are labeled as public key which can be known by anyone and private key which is secret. Plaintext can be encrypted with the receiver’s public key and decrypted with the receiver’s private key where only the intended receiver holds private key for decrypting the ciphertext. However both style of encryption have their disadvantages in the form of symmetric encryption require a secure system in order to work perfectly while asymmetric encryption must guaranteeing the authenticity of each participant’s encryption key.

Symmetric Cryptography

Asymmetric Cryptography

For last section of the second lecture, En.Mohd Zaki explained to us about Caesar Cipher which I found that it is the most interesting and challenging part. Caesar Cipher is one of the earliest substitutions described by Julius Caesar in the Gallic Wars. Caesar used a ‘shift’ of 3 where each of the letters A to W is encrypted by being represented by the letter that occurs three places after it in the alphabet. En.Mohd Zaki taught us the skills to decrypt a message by using Caser Cipher. Before the end of class, En.Mohd Zakia asked us to find out the message behind the following ciphertext:

YMJ KPJQ UWNHJ BNQQ NSHWJFXJ YT WH KTZW GO SJCY BJJP

I have found out the message by using “shift” of 21. My answer is

THE FKEL PRICE WILL INCREASE TO RC FOUR BY NEXT WEEK

Introduction to virtualization & VMware, 14 July 2009

The first lab of IT security course is about introduction to virtualization & VMware and we are using VMware to illustrate the concept of virtualization. During lab session, En.Mohd Zaki explain concept of virtualization and the VMware to us. After that, we are required to understand lab sheet and follow instructions inside to install VMware Worksation, create a disk image on VMware Station and install Window Server 2003 in disk image.

After listen to En. Mohd Zaki explanation, I understand that virtualization is the creation of a virtual rather than actual version of something, such as an operating system, a server, a storage device or network resources. Operating system virtualization is the use of software to allow a piece of hardware to run multiple operating system at the same time. For example, an application such as VMware or Microsoft Virtual PC can let windows run Linux or other applications and vice versa on a virtual PC. Virtualization environment created by such software is called virtual machine which also known as disk image.

Virtual Machine (VM) is a software implementation of a machine that executes programs like a real machine which is created by Virtual Machine Monitor (VMM) which provides a second layer on a machine for another operating system to run on it. The underlying operating system is called host operating system while operating system runs by VMM is called guest operating system. VMM can hold more than one operating system on it. The host operating system and the guest operating system can either be of the same or different type of operating system.



After implement VMware Workstation in the lab, I understand that VMware Workstation enable user to use multiple operating systems concurrently on the same PC by create and run multiple virtual machines. Each virtual machine virtualized a complete set of PC, including memory, HDD, network connections, peripheral ports and processor. There are several advantages of VMware Workstation which are provide mobility to user where disk image created or shares files can be cloned and copy by just drag and drop, provide ability to simulate hardware, configure its network adapter to use Network Address Translation (NAT) through host machine rather than bridging through it and provide test environment. Ability to use snapshot allows user to roll back virtual machine to the saved status at any time without worrying system will crash during testing.

After this lab, I gained interest in virtualization concept. So, I do some information searching on others software virtualization that can be used such as VirtualBox. VirtualBox is a powerful x86 virtualization product developed by Sun Microsystems for enterprise as well as home use. Besides that, it is the only professional solution that is freely available as open source software under the terms of General Public License (GPL). Presently, VirtualBox runs on Windows, Linux, Macintosh and OpenSolaris hosts and supports a large number of guest operating system including not limited to Windows (NT 4.0, 2000, XP, Sever 2003, Vista, Window 7), DOS/Window 3.x, Linux (2.4 and 2.6), Solaris and OpenSolaris, and OpenBSD.

Introduction to information security, 13 July 2009

Our first lecture of IT security start with our lecturer, En.Mohd Zaki introduced himself. Before start lecture, he gave us a quiz which is in puzzle form. This form of quiz is quite interesting compare to normal quiz question. All answer of quiz is related to internet security which will be cover in following lecture with the purpose of testing our general internet security knowledge. In this lecture, I understand about during growing technology era today, information security is highly demand by government and private industry to protect information, hardware and system that are used to store and transmit information from hackers.

Security involves three important areas which are detection, prevention and recovery. Detection can be done by using scanner while prevention can be done by using proxy or firewall. Recovery can be done by using cryptography techniques or proper planning. Security has three important principles which are confidentiality that ensuring information is accessible only to those authorized to have access, integrity which prevent modification of information by unauthorized user and availability which allow information available for use by its intended users.

Besides that, I clearly understand the difference between passive attack and active attack in this lecture after En. Mohd Zaki patiently explains to us. Passive attack occurs when opponent obtain the information that is being transmitted without modification. Example of passive attack is release of message contents and traffic analysis. Passive attack is very difficult to detect because they do not involve any alteration of data. However, it can be prevent by using encryption technique. Thus, prevention is better than detection in dealing with passive attack.

Active attacks involved unauthorized modification of data stream or creation of a false stream. Active attack is divided into four categories which are masquerade, replay, and modification of messages and denial of services. Denial of services has been explained by En.Mohd Zaki more detail by using an example of a hacker disturb services provided by server by sending a lot of spam email to the server causes the server down so that opponent server get advantage from that. Active attacks are quite difficult to prevent because of wide variety of potential physical, software and network vulnerabilities. Thus, detect active attack and then recover from harm is better than prevention.

Furthermore, we have been informed that a treat against system vulnerability can be deal with by prevent it, deter it, deflect it, detect it and recover. Besides that, methods of defense that normally used are encryption, software control such as internal program control and operating system control, hardware control by using smart card, firewalls and intrusion detection system such as SNORT, policies control such as frequent changes of password and lastly are physical control. Important security services include authentication, access control, data confidentiality, data integrity and non-repudiation.

En.Mohd Zaki also introduced two classes of security mechanism to us which are Specific Security Mechanisms and Pervasive Security Mechanisms. The difference between two mechanisms is Specific Security Mechanisms are implemented in a specific protocol layer while Pervasive Security Mechanisms does not specific to any particular protocol layer.