Saturday, July 25, 2009

Lab 2: The Goals of Information Technology

This Lab discusses resource security using NTFS permissions. It specifically discusses security on files and folders within the NT File System (NFTS). The Lab covers NTFS file and folder permissions, access control lists, using NTFS permissions,

Step 1 : Click on the Start button, then select the "Run" command. This will open a small box with a text field. In this field, type 'cmd' without the quotes and press enter.

Step 2 : At the resulting prompt, type in: chkntfs /d: [Enter]
If the message show “D: is not dirty”. This means that there is no corruption on the drive.

Step 3 : Now that we're in the command console, you'll need to enter in the command that will convert the drives. Make sure you type in the command exactly as it's shown (replace 'X:' with the drive letter you need to convert: CONVERT X: /FS:NTFS [Enter]

Step 4 : Close all Windows and log off


Data Confidentiality.

Use NTFS permissions to specify which users and groups can gain access to files and folders, and what they can do with the contents of the file or folder. NTFS permissions are only available on NTFS volumes. The permissions you assign for folders are different from the permissions you assign for files.
You assign folder permissions to control the access that users have to folders and to the files and subfolders that are contained within the folder.

Step 1 : Select Start >>Programs>>Administrative Tools >> Computer Managment
Step 2 : Choose >>Local User and Groups and double clickon the "user" folder.

Step 3 : Create the New User account by selecting User>>New User. The New User dialog box appears.
Step 4 : Complete these fields in the New User dialog box:
a. In the Username field, enter OpenView.
b. In the Full Name field, enter OpenView Administration.
c. In the Description field, enter Permit operation from OpenView services.
d. In the Password field, enter your password.
e. In the Confirm Password field, re-enter your password
f. Click button [Create]

_______________________________________________________________________

Creating data Confidentiality between 2 user accounts.
Step 1 : Log on to the Windows 2003 server as Administrator.
Step 2 : Create a new folder called Confidentiality.
Step 3 : In F0lder Confidentiality, crate another new folder called User1Folder
Step 4 : Right-click User1Folder >>[Properties] >> open the User1Folder Properties
Step 5 :Right-click the file or folder for which you want to assign permissions, In the Security tab

Step 6: Click on the Advanced Button

Step 7 : To add permissions to user accounts or groups for the folder, click Add

Step 9 : Uncheck the box “Allow inheritable permissions from parent to propagate to this object”.

Step 10 : Click [Copy] to retain the permissions.

Step 11 : Click [Add] and the Select Users, Computers, or Groups.Step

Step 12 :Type User1 and then click [Checks Names] and click OK


Step 13 : click the Allow Full Control box and then click OK for Permission Entry windows, .
Step 14: Remove the other username except Administrator, System and User1 by clicking the username

Step 15 : Click OK and Double-click User1Folder and you should see the content of the folder
Step 16 : All windows and log off close
Step 17 : Log on as User2 and navigate to the User1Folder, try to open this folder
Step 18 : Close all windows and log off.

Assigning Special Permissions
The standard NTFS permissions generally provide all of the access control that you need to secure your resources. However, there are instances in which the standard NTFS permissions do not provide the specific level of access that you may want to assign to users. To create a specific level of access, you can assign NTFS special permissions. This lesson introduces the NTFS special permissions. It then outlines the requirements and procedures for taking ownership of a folder or file.

Special permissions are set on the Permission Entry For dialog box for the file or folder. This dialog box is accessed by selecting Advanced on the Security tab of the Properties dialog box for the file or folder, and then selecting View/Edit for a Permission Entry on the Access Control Setting For dialog box for the file or folder.

Friday, July 24, 2009

Lec 2: Authentication & Basic Cryptography

All people must have authentication for identification allows one party (the verifier) to gain
assurances that the identity of another (the claimant) is as declared, thereby preventing impersonation. The most common technique is by the verifier checking the correctness of a message (possibly in response to an earlier message) which demonstrates that the claimant is in possession of a secret associated by design with the genuine party. Techniques which provide both entity authentication and key establishment are often integrated, Other names: entity authentication, identity verification



Cryptography to increase privacy:

There are two basic methods for data encryption:
- Symmetric key cryptographydata is encrypted and decrypted with the same key. the strength of encryption depends on the size of the key: a key with less than 40 bits is to be considered insecure, while a key with more than 128 bits is fairly unbreakable.the problem is: how get both parties the secret key in the first place


-Public key cryptographypublic key cryptography requires two keys, a secret ("private") key and a well known ("public") key. there are two different scenarios where public key cryptography may be used:
1. Send a secret message that only a particular receiver shall be able to read:the sender encrypt the message with the receiver's public key, only the holder of the corresponding private key can decrypt an read the message.
2. Digital signatures:the author of a document encrypts the text with his private key. anyone who knows the authors public key can decrypt and read the message, this reliably authenticates the author.

Saturday, July 18, 2009

Lab 1: Introduction to Virtualization & VMware

Today i would like tho share information about VIRTUALIZATION & VMware. Firtly you should be to know what is the virtualiztion? Virtualization is a proven software technology that is rapidly transforming the IT landscape and fundamentally changing the way that people compute. Virtualization lets you run multiple virtual machines on a single physica machine, sharing the resources of that single computer across multiple environments. Different virtual machines can run different operating systems and multiple applications on the same physical computer


WHAT IS VIRTUAL MACHINE?
A virtual machine (VM) is an environment usually a program or operting system, which does not physically exist but is created within another environment. In this context, a VM is called a "guest" while the environment it runs within is called a "host" while the environment it runs within is called a "host." Virtual machines are often created to execute an instruction set different than that of the host environment


VMware Workstation Installation.

VMware Workstation Can be Downloaded from
http://www.vmware.com/download/ws/

1. Double Click on the VMware launcher to start the installation Wizards

2. Click on [Next].

3. Choose Typical setup type
4. Choose the location for VMware Workstation installation, example: C:\Program

Files\WMware\VMware Workstation\, Click on [Next].

5. Configure the shortcuts for the VMware Workstation and click [Next].
6. Click on [Install], this will take several minutes to finish


7. Enter the Serial Number for the VMware workstation.


8. Click [Finish], and restart the Computer.



VMware

VMware Workstation makes it possible for PC user to use Multiple Operating Systems. Concurrently on the Same PC. User can create and run multiple virtual machine on desktop or laptop computer. VMware Workstation let you create a virtual machine that can be installed with different kinds of Operating System. Each virtual machine virtualized a complete set of PC, including Memory, HDD, network connections, peripheral ports and processor.



Creating Disk Image

1. From the home tab click on [New Virtual Machine], to open the virtual machine wizard

2. Click [Next] to continue.
3. Choose the typical configuration, click [Next]
4. Choose the type of OS to be installed on the virtual machine. As the next task the virtual machine
will be installed with Windows Server 2003, select [Microsoft Windows] as the guest. In the version list, select Windows Server 2003 Standard Edition. Click [Next]. Refer figure 1.10.

5. Name the virtual machine and specify the location where the disk image for the virtual machine
will be stored in the hard disk. Name the virtual machine as winserv03.

6. For the network type select [Use host-only Networking], this selection will create LAN between
the other virtual machine.In order to make the virtual machine connected to the real network select [Use bridged networking]. This setting can be changed once the virtual machine is created. Click[Next]. Refer figure 1.12.


7. Specify the disk capacity of the virtual machine. This option will let user to specify the maximum
storage capacity of the virtual machine. In this task set the storage capacity between 2GB to 4GB (Depends on the size of your PC). Select [Allocate disk space now] and click [Finish] to start creating your virtual



8. Once your disk image that holds you virtual machine is created you will see figure 1.14. Click [Close]


Get to know the virtual machine console.

Once the virtual machine is created, the tab will contain the home and summary view of winserv03 virtual machine
configuration. Refer figure1.15
.

Installing Windows Server 2003 on virtual machine.
1. Place the Windows Server 2003 installer CD in your cdrom drive
2. From the command menu click on [start the virtual machine] or you can click on the start button on the toolbar, your virtual machine is starting and will be booting from your cdrom drive. Refer figure 1.16 (a)



3. Once the winserv03 booting you will see the familiar windows server 2003 installatio page
from this point onward you can follow the windows server 2003 installation step.
4. After the installation process is finish, you will see the windows server 2003 login page.

5. Click on the console to start using the windows server 2003, to get the mouse pointer back to your host desktop, type CTRL + ALT on the keyboard.
6. You can try taking the snapshot of your OS by clicking on the [snapshot] button on the toolbar.If anything happened to your OS you can simply click the [Revert] button and choose your previous state.
7. You can also manage the size of your console screen by click on the [Quick switch] and [Full Screen] view option button on the toolbar.

Lec 1: Introduction to information security

Today we learn about why we must be learn a computer security, introduction to information in this topic we must know what is security, security architecture, Security Principles, Security Policy, SecurityAttacks / Threats, Methods of Defense, Security Service and Security Mechanisms

First we must know the meaning of IT security? The concept of IT security is of quality or state of being secure that is to be free from danger and to be protected from adversaries from those who would do harm, intentionally or otherwise. Besides, we must know the the type of security area, the type of security area is security architecture, security principles, security policy, and security attacks/ threats.


Example of Active Attacks





Example Of Passive Attacks



In the security area it consist a detection, prevention and recovery, each one have a own thier tools, for the security architecture, we must know defined by ITU-T Recommendation X.800 that called OSI Security Architecture, and we should be focus on security attacks, security mechanisms and security services.

In security principles its have confidentiality, integrity and availability, each part have a thier own function. Then we shoud be too know the security policy, security policy is set of rules to apply to security relevant activities in a security domain. There are two type of security attack, passive attack and active attack. In passive attack, it just monitor the transmission without modify. And the active attack, involve some modification of the data stream or the creation of a false stream.

Method of defense devided 6 part, it is Controls, Software Controls, Hardware Controls, Policies & Procedure Controls, Encryption Controls, Effectiveness of Controls, for to security services have 2 part, Defined by X.800 and Defined by RFC 2828. We too learn about the Categories Security Services, in the security services devided a data integrity, data confidentiality, access control, authentication, and nonrepudiation

And the last topic is Security Mechanisms. What is the Security Mechanisms? Security Mechanisms any process (or a device incorporating such a process) that is designed to detect, prevent or recover from a security attack and the specific of the security mechanisms is ExcAuthentication, Data Integrity, Encipherment, Digital Signature, Notarization, Routing Control, Trusted Functionality