In the chapter 7 we learn about security application. In this chapter we must know about electronic mail security and what it is and how it works. In security provided in email is confidentiality , data origin authentication, message integrity, non-repudiation of origin and key management. We must to know how emails transported in when user used email. Mostly in this chapter about email security and threats. We must know how to secure the web. In HTTPS we must know access control.Nowadays, the
world is become expand especially in term of technology. For example, biometric technology and fingerprint recognition. At the same time, it also came with
advantage and disadvantage.
Tuesday, September 29, 2009
Wednesday, September 23, 2009
lab 6 Database security
In the Lab we learn about database security. In this lab we must to understand about the importance of security in database system and integrated potential implement of security in database.In this lab too, we should menage the record
Lec 6: Security In Network
In this chapter, we learn about the security in the network. Security is a very difficult topic.The sub topic important this chapter is Introduction to Network Who, cause security problem, Network security issues, Network security controls. Everyone has a different idea of what "security" is,and what levels of risk are acceptable. The key for building a secure network is to define what security means to your organization . Once that has been defined, everything that goes on with the network can be evaluated with respect to that policy. Projects and systems can then be broken down into their components, and it becomes much simpler to decide whether what is proposed will conflict with security policies and practices.
It's important to build systems and networks in such a way that the user is not constantly reminded of the security system around him. Users who find security policies and systems too restrictive will find ways around them. It's important to get their feedback to understand what can be improved, and it's important to let them know why what's been done has been, the sorts of risks that are deemed unacceptable, and what has been done to minimize the organization's exposure to them.
It's important to build systems and networks in such a way that the user is not constantly reminded of the security system around him. Users who find security policies and systems too restrictive will find ways around them. It's important to get their feedback to understand what can be improved, and it's important to let them know why what's been done has been, the sorts of risks that are deemed unacceptable, and what has been done to minimize the organization's exposure to them.
Monday, September 21, 2009
Lec 5 : Database Security
Database security is the system, processes, and procedures that protect a database from unintended activity. Unintended activity can be categorized as authenticated misuse, malicious attacks or inadvertent mistakes made by authorized individuals or processes. Database security is also a specialty within the broader discipline of computer security.
Traditionally databases have been protected from external connections by firewalls or routers on the network perimeter with the database environment existing on the internal network opposed to being located within a demilitarized zone. Additional network security devices that detect and alert on malicious database protocol traffic include network intrusion detection systems along with host-based intrusion detection systems.
Database security is more critical as networks have become more open.
Databases provide many layers and types of information security, typically specified in the data dictionary, including:
* Access control
* Auditing
* Authentication
* Encryption
* Integrity controls
Database security can begin with the process of creation and publishing of appropriate security standards for the database environment. The standards may include specific controls for the various relevant database platforms; a set of best practices that cross over the platforms; and linkages of the standards to higher level polices and governmental regulations.
Traditionally databases have been protected from external connections by firewalls or routers on the network perimeter with the database environment existing on the internal network opposed to being located within a demilitarized zone. Additional network security devices that detect and alert on malicious database protocol traffic include network intrusion detection systems along with host-based intrusion detection systems.
Database security is more critical as networks have become more open.
Databases provide many layers and types of information security, typically specified in the data dictionary, including:
* Access control
* Auditing
* Authentication
* Encryption
* Integrity controls
Database security can begin with the process of creation and publishing of appropriate security standards for the database environment. The standards may include specific controls for the various relevant database platforms; a set of best practices that cross over the platforms; and linkages of the standards to higher level polices and governmental regulations.
Monday, September 7, 2009
Lab 5 Web Application Security
1. Make Sure You Have Java
2. Web Application Hacking simulation using WebGoat and WebScarab, if u want download this sofware, click the link above :
http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Command Prompt opens and vanishes instantly, and another Command Prompt window opens titled "Tomcat". The Tomcat window fills with text and stays open, as shown below. This is the Apache Tomcat Web server listening on the localhost, port 80.
2. Web Application Hacking simulation using WebGoat and WebScarab, if u want download this sofware, click the link above :
http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Command Prompt opens and vanishes instantly, and another Command Prompt window opens titled "Tomcat". The Tomcat window fills with text and stays open, as shown below. This is the Apache Tomcat Web server listening on the localhost, port 80.
Open Firefox, go to http://localhost/WebGoat/attack. A box pops up asking for a name and password. Use guest for both the name and the password. The main WebGoat page opens. Click the "Start WebGoat" button. The "How to work with WebGoat" page opens, as shown belo
Installing WebScarabYou need WebScarab to complete the lessons. Go to this link. On the left side, click the Download link. In the first sentence in the Download section, click the word "here". Save the webscarab-current.zip file. Extract it. A folder named webscarab-current appears. Double-click the subfolder named webscarab-20090222-2217. Double-click the webscarab.jar file. Webscarab opens. This is the Lite Interface. From the menu bar, click Tools, Use Full-Featured Interface. Close WebScarab and restart it. Now you should see many more options, as shpwn below.
Subscribe to:
Posts (Atom)