WEEK 3 (IT SECURITY)

LECTURE 3 (27 July 2009)

This week I learn about Cryptography Concept. Before that I must know what is Cryptography. Cryptography is the art and science of keeping data secure. Cryptographic services help ensure data privacy, maintain data integrity, authenticate communicating parties, and prevent repudiation (when a party refutes having sent a message).

Basic encryption allows you to store information or to communicate with other parties while preventing non-involved parties from understanding the stored information or understanding the communication. Encryption transforms understandable text (plaintext) into an unintelligible piece of data (ciphertext). Decryption restores the understandable text from the unintelligible data. Both functions involve a mathematical formula (the algorithm) and secret data (the key).

Cryptographic algorithms

There are two types of cryptographic algorithms:

1. With a secret or symmetric key algorithm, the key is a shared secret between two communicating parties. Encryption and decryption both use the same key. The Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) are examples of symmetric key algorithms.

There are two types of symmetric key algorithms:

Block ciphers In a block cipher, the actual encryption code works on a fixed-size block of data. Normally, the user's interface to the encrypt/decrypt operation will handle data longer than the block size by repeatedly calling the low-level encryption function. If the length of data is not on a block size boundary, it must be padded.

Stream ciphers Stream ciphers do not work on a block basis, but convert 1 bit (or 1 byte) of data at a time.

2. With a public key (PKA) or asymmetric key algorithm, a pair of keys is used. One of the keys, the private key, is kept secret and not shared with anyone. The other key, the public key, is not secret and can be shared with anyone. When data is encrypted by one of the keys, it can only be decrypted and recovered by using the other key. The two keys are mathematically related, but it is virtually impossible to derive the private key from the public key. The RSA algorithm is an example of a public key algorithm.

Public key algorithms are slower than symmetric key algorithms. Applications typically use public key algorithms to encrypt symmetric keys (for key distribution) and to encrypt hashes (in digital signature generation).

Together, the key and the cryptographic algorithm transform the data. All of the supported algorithms are in the public domain. Therefore it is the key that controls access to the data. You must safeguard the keys to protect the data.


LAB 3 (28 July 2009)

The topic of this lab is Authentication and Basic Cryptography. End of this section I must know what is Authentication and Cryptography, know to implementing Data encryption. Also know to implementing Local password policy on windows 2003 and to implementing Asymmetric cryptography by using Pretty Good Privacy (PGP).

Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks (including the Internet), authentication is commonly done through the use of logon passwords.

Cryptography is the art and science of keeping data secure. Cryptographic services help ensure data privacy, maintain data integrity, authenticate communicating parties, and prevent repudiation (when a party refutes having sent a message). Within the context of any application-to-application communication, there are some specific security requirements, including:
• Authentication: The process of proving one's identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.)
• Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver.
• Integrity: Assuring the receiver that the received message has not been altered in any way from the original.
• Non-repudiation: A mechanism to prove that the sender really sent this message.

Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so it can be understood. The use of encryption/decryption is as old as the art of communication. In wartime, a cipher, often incorrectly called a code, can be employed to keep the enemy from obtaining the contents of transmissions.

Encryption and Decryption operation.

WEEK 2 (IT SECURITY)

LECTURE 2 (20 July 2009)

The topic of this lecture is Authentication and Basic Cryptography. This week I only learn about Authentication. Authentication is related to identity verification. Identity verification is classifications by something known (password), by something possessed (smart card), by physical characteristics (biometrics) like finger print and by a result of involuntary action like signature. Authentication also is a process for identifying and verifying who is sending a request. This is a general process of authentication.

(1) The sender obtains the necessary credential.

(2) The sender sends a request with the credential to the recipient.
(3) The recipient uses the credential to verify the sender truly sent the request.
(4) If yes, the recipient processes the request. If no, the recipient rejects the request and responds accordingly

In this topic I also learn how to choosing a good password and techniques for guessing passwords. Criteria to choose password is the password must hard to guess but easy o remember. The characteristics of good password are not shorter than six characters and mix all of the character. There are many techniques for guessing passwords which is you try default password, you also can all short words, 1 to 3 characters long, you also can collect all information about the user like date of birth, hobbies, family name, plat number and so on. You also can use a Trojan horse to guessing passwords.

LAB 2 (21 July 2009)

The topic of this lab is The Goal of Information Technology Security. End of this section i must know what is information tecnology security goals. I also must know how to determine if partition is NTFS or FAT32. I must implementing confidentiality, integrity and availability in Windows Server 2003.

Information technology security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. The goals of information technology security are Confidentiality, Integrity and Availability. Confidentiality provides protection to computer related assets from being used by unauthorized user. Integrity ensures data can be modified by authorized parties and by authorized mechanism only. Availability makes sure authorized user can access information at any time without any failure.

The relationship between the three goals.

WEEK 1 (IT SECURITY)

LECTURE 1 (13 July 2009)

In this lecture i learn about the introduction to information security. This lecture cover about what is the information security, security area, the architecture of security, security principle, security policy, security attacks/threats, methods of defense, security services and about security mechanisms.

As we know information security is the protection of data against unauthorized access. Programs and data can be secured by issuing passwords and digital certificates to authorized users. That has three security areas which is detection (tool that use such as internet scanner), prevention (tool that use for example proxy or firewall) and recovery (tool that use is cryptography techniques). I also learn about principles of security. Four principle of security are confidentiality, integrity, availability and non repudiation. In security attacks/threats that have two type of attacks which is passive attacks and active attacks. A passive attack means it just can monitor and can’t change any data. An active attack means it involve some modification of the data.

In the security services that has five categories and 14 specific services that provided. The five categories are authentication, access control, data confidentiality, data integrity and non-repudiation. In last part of this lecture i learn about the security mechanisms. Security mechanisms divided into two classes which is specific security mechanisms and pervasive security mechanisms. As the conclusion of this lecture information security is very important for our computer sake.

LAB 1 (14 July 2009)

This lab cover about VMware means virtual machine software. The name given to various programming language interpreters. VMware allows multiple copies of the same operating system or several different operating systems to run in the same x86-based machine. Each virtual machine is like a "machine within the machine" and functions as if it owned the entire computer. All virtual machines run simultaneously.

VMware is program which runs under Linux (or NT) and emulates the hardware of a standard PC to provide one or more virtual machines. Many operating systems can be installed on these virtual machines so that it is possible to run, for example, Windows 95 inside a standard X Window under Linux. It is even possible to run a complete Linux installation (maybe a different version) inside another window, at the same time.

It is some of the advantages of using VMware which is a normal installation of a Microsoft operating system require a long manual process to configure the system to the specific hardware of the machine. This means that the same installation cannot be used for another machine which usually has different hardware. Since VMware emulates the same set of virtual devices on any machine, a single operating system image can be used.