!!!Selamat Datang Ke Laman Blog buzz-networksecurity!!!.
WELCOME TO MY BLOG

Thursday, October 29, 2009

WIRELESS SECURITY

Definition

Wireless security is the prevention of unauthorized access or damage to computers using wireless networks.

Wireless networks are very common, both for organizations and individuals. Many laptop computers have wireless cards pre-installed. The ability to enter a network while mobile has great benefits. However, wireless networking has many security issues. Hackers have found wireless networks relatively easy to break into, and even use wireless technology to crack into wired networks[citation needed]. As a result, it's very important that enterprises define effective wireless security policies that guard against unauthorized access to important resources. Wireless Intrusion Prevention Systems are commonly used to enforce wireless security policies.

The risks to users of wireless technology have increased as the service has become more popular. There were relatively few dangers when wireless technology was first introduced. Crackers had not yet had time to latch on to the new technology and wireless was not commonly found in the work place. However, there are a great number of security risks associated with the current wireless protocols and encryption methods, and in the carelessness and ignorance that exists at the user and corporate IT level.

Cracking methods have become much more sophisticated and innovative with wireless. Cracking has also become much easier and more accessible with easy-to-use Windows or Linux-based tools being made available on the web at no charge.

Roaming & channel
roaming = walk/change away from initial AP network to another AP network

802.11a
54Mbps in 5Ghz range
not compatible

802.11g
54Mbps in 2.4GHz range
compatible

802.11b
11Mbps in 2.4GHz range
compatible

Open system authentication
*Service Set Identifier (SSID)
*Station must specify SSID to connect to the AP

Interception
signal week by 3 factor:

1. Wall
2. floor
3. interference


802.11
3 basic security service:

1. Authentication
2. Integrity - data will be encrypt by using WEP & WPA technique.
3. Confidential


* Some say WPA is much more secure than WEP but its actually depends on what type of shared key that actually base on ots library. the it use a simple library so it would be easy to crack and hack the network
*Passive attack
*Attacker collect all trafic
*Attacker collect two message

1. encrypted with same key and IV
2. Statistical attack to reveal plain text
3. Plaintext X0R chipertext = keystream

Tool to crack the wireless AP
*Backtrack



Intrusion Detection System

INTRUSION DETECTION SYSTEM (IDS)

An Intrusion detection system (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling computer systems, mainly through a network, such as the Internet. These attempts may take the form of attacks, as examples, by crackers, malware and/or disgruntled employees. An IDS cannot directly detect attacks within properly encrypted traffic.


An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).

Types of Intrusion-Detection systems

There are three main types of systems in which IDS can be used :                                           network, applications and hosts

Network intrusion detection system (NIDS)


It is an independent platform which identifies intrusions by examining network traffic and monitors multiple hosts. Network Intrusion Detection Systems gain access to network traffic by connecting to a hub, network switch configured for port mirroring, or network tap. An example of a NIDS is Snort.

Application protocol-based intrusion detection system (APIDS)


It consists of a system or agent that would typically sit within a group of servers, monitoring and analyzing the communication on application specific protocols. For example, in a web server with a database this would monitor the SQL protocol specific to the middleware/business logic as it transacts with the database.

Host-based intrusion detection system (HIDS)


It consists of an agent on a host which identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state. An example of a HIDS is OSSEC.

Wednesday, October 28, 2009

Security in Applications

What is email? 

E-mail was one of the first uses of the Internet and is still the most popular use Email based on the Simple Mail Transfer Protocol (SMTP), first published as Internet Standard 10 (RFC 821) in 1982. E-mail can also be exchanged between online service provider users and in networks other than the Internet, both public and private.

Security provided in Email

  • key management
  • non-repudiation

MIME

MIME = Multipurpose Internet Mail Extensions

PGP


*PGP=“Pretty Good Privacy”
*First released in 1991, developed by Phil Zimmerman, provoked export control and patent        infringement controversy.
*Freeware: OpenPGP and variants: www.openpgp.org, www.gnupg.org 
*Commercial: formerly Network Associates International, now PGP Corporation at    www.pgp.com




FIREWALL

If you have been using the Internet for any length of time, and especially if you work at a larger company and browse the Web while you are at work, you have probably heard the term firewall used. For example, you often hear people in companies say things like, "I can't use that site because they won't let it through the firewall." 


If you have a fast Internet connection into your home (either a DSL connection or a cable modem), you may have found yourself hearing about firewalls for your home network as well. It turns out that a small home network has many of the same security issues that a large corporate network does. You can use a firewall to protect your home network and family from offensive Web sites and potential hackers. 
Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, that's why its called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next. As you read through this article, you will learn more about firewalls, how they work and what kinds of threats they can protect you from.


NETWORK IN SECURITY

Definition

The specialist area of network security consists of the provisions made in an underlying computer network infrastructure, policies adopted by the network administrator to protect the network and the network-accessible resources from unauthorized access, and consistent and continuous monitoring and measurement of its effectiveness (or lack) combined together.

Network architecture

Network architecture is the design of a communications network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation.

Basic Terminology

  • Topology
  • Host 
  • Link 
  • Node

Network Security Control

     • Encryption

     • Strong Authentication

     • IPSec, VPN, SSH

     • Kerberos

     • Firewall

     • Intrusion Detection System (IDS)

     • Intrusion Prevention System (IDS)

     • Honeypot


Sunday, October 25, 2009

Week 4: Authentication & Access Control

Authentication


Authentication is any process by which you verify that someone is who they claim they are. This usually involves a username and a password, but can include any other method of demonstrating identity, such as a smart card, retina scan, voice recognition, or fingerprints. Authentication is equivalent to showing your drivers license at the ticket counter at the airport.


Access Control

Access control is a much more general way of talking about controlling access to a web resource. Access can be granted or denied based on a wide variety of criteria, such as the network address of the client, the time of day, the phase of the moon, or the browser which the visitor is using. Access control is analogous to locking the gate at closing time, or only letting people onto the ride who are more than 48 inches tall - it's controlling entrance by some arbitrary condition which may or may not have anything to do with the attributes of the particular visitor.

How basic authentication works


When a particular resource has been protected using basic authentication, Apache sends a 401 Authentication Required header with the response to the request, in order to notify the client that user credentials must be supplied in order for the resource to be returned as requested.

Upon receiving a 401 response header, the client's browser, if it supports basic authentication, will ask the user to supply a username and password to be sent to the server. If you are using a graphical browser, such as Netscape or Internet Explorer, what you will see is a box which pops up and gives you a place to type in your username and password, to be sent back to the server. If the username is in the approved list, and if the password supplied is correct, the resource will be returned to the client.

Because the HTTP protocol is stateless, each request will be treated in the same way, even though they are from the same client. That is, every resource which is requested from the server will have to supply authentication credentials over again in order to receive the resource.

Fortunately, the browser takes care of the details here, so that you only have to type in your username and password one time per browser session - that is, you might have to type it in again the next time you open up your browser and visit the same web site.

Along with the 401 response, certain other information will be passed back to the client. In particular, it sends a name which is associated with the protected area of the web site. This is called the realm, or just the authentication name. The client browser caches the username and password that you supplied, and stores it along with the authentication realm, so that if other resources are requested from the same realm, the same username and password can be returned to authenticate that request without requiring the user to type them in again. This caching is usually just for the current browser session, but some browsers allow you to store them permanently, so that you never have to type in your password again.

The authentication name, or realm, will appear in the pop-up box, in order to identify what the username and password are being requested for.


There are two configuration steps which you must complete in order to protect a resource using basic authentication. Or three, depending on what you are trying to do.
Create a password file
Set the configuration to use this password file
Optionally, create a group file

Access Control List

An access control list (ACL) is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed to be performed on given objects. 


File Permission

There are three specific permissions on Unix-like systems that apply to each class:

* The read permission


which grants the ability to read a file. When set for a directory, this permission grants the ability to read the names of files in the directory (but not to find out any further information about them, including file type, size, ownership, permissions.)

* The write permission

which grants the ability to modify a file. When set for a directory, this permission grants the ability to modify entries in the directory. This includes creating files, deleting files, and renaming files.

* The execute permission

which grants the ability to execute a file. This permission must be set for executable binaries (for example, a compiled c++ program) or shell scripts (for example, a Perl program) in order to allow the operating system to run them. When set for a directory, this permission grants the ability to traverse its tree in order to access files or subdirectories, but not see files inside the directory (unless read is set).


Sunday, October 18, 2009

Week 2: Introduction to Cryptography

Basics of Cryptography

     What is cryptography?
Cryptography is the science of using mathematics to encrypt and decrypt data.
Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone exceptthe intended recipient.
Cryptanalysts are also called attackers.
Cryptology embraces both cryptography and cryptanalysis.


     Conventional cryptography

       In conventional cryptography, also called secret-key or symmetric-keyencryption, one key is used both for encryption and decryption. The DataEncryption Standard (DES) is an example of a conventional cryptosystem thatis widely employed by the Federal Government.

    

                 plaintext    encryption       ciphertext         decryption      plaintext


   
  Caesar’s Cipher

 An extremely simple example of conventional cryptography is a substitutioncipher. A substitution cipher substitutes one piece of information for another.This is most frequently done by offsetting letters of the alphabet. Two examplesare Captain Midnight’s SecretDecoder Ring,which youmay have ownedwhen you were a kid, and Julius Caesar’s cipher. In both cases, the algorithm is to offset the alphabet and the key is the number of characters to offset it.
For example, if we encode the word “SECRET” using Caesar’s key value of 3,we offset the alphabet so that the 3rd letter down (D) begins the alphabet.
So starting withABCDEFGHIJKLMNOPQRSTUVWXYZ
and sliding everything up by 3, you get DEFGHIJKLMNOPQRSTUVWXYZABC
where D=A, E=B, F=C, and so on.

Using this scheme, the plaintext, “SECRET” encrypts as “VHFUHW.” Toallow someone else to read the ciphertext, you tell them that the key is 3.
Obviously, this is exceedingly weak cryptography by today’s standards, buthey, it worked for Caesar, and it illustrates how conventional cryptographyworks.

Vigenère cipher

The Vigenère cipher is a method of encrypting alphabetic text by using a series of different Caesar ciphers based on the letters of a keyword. It is a simple form of polyalphabetic substitution.


This cipher is well known because while it is easy to understand and implement, it often appears to beginners to be unbreakable; this earned it the description le chiffre indéchiffrable (French for 'the unbreakable cipher'). Consequently, many people have tried to implement encryption schemes that are essentially Vigenère ciphers, only to have them broken.




 

blogger BUZZ templates | Make Money Online