In the chapter 7 we learn about security application. In this chapter we must know about electronic mail security and what it is and how it works. In security provided in email is confidentiality , data origin authentication, message integrity, non-repudiation of origin and key management. We must to know how emails transported in when user used email. Mostly in this chapter about email security and threats. We must know how to secure the web. In HTTPS we must know access control.Nowadays, the
world is become expand especially in term of technology. For example, biometric technology and fingerprint recognition. At the same time, it also came with
advantage and disadvantage.
Tuesday, September 29, 2009
Wednesday, September 23, 2009
lab 6 Database security
In the Lab we learn about database security. In this lab we must to understand about the importance of security in database system and integrated potential implement of security in database.In this lab too, we should menage the record
Lec 6: Security In Network
In this chapter, we learn about the security in the network. Security is a very difficult topic.The sub topic important this chapter is Introduction to Network Who, cause security problem, Network security issues, Network security controls. Everyone has a different idea of what "security" is,and what levels of risk are acceptable. The key for building a secure network is to define what security means to your organization . Once that has been defined, everything that goes on with the network can be evaluated with respect to that policy. Projects and systems can then be broken down into their components, and it becomes much simpler to decide whether what is proposed will conflict with security policies and practices.
It's important to build systems and networks in such a way that the user is not constantly reminded of the security system around him. Users who find security policies and systems too restrictive will find ways around them. It's important to get their feedback to understand what can be improved, and it's important to let them know why what's been done has been, the sorts of risks that are deemed unacceptable, and what has been done to minimize the organization's exposure to them.
It's important to build systems and networks in such a way that the user is not constantly reminded of the security system around him. Users who find security policies and systems too restrictive will find ways around them. It's important to get their feedback to understand what can be improved, and it's important to let them know why what's been done has been, the sorts of risks that are deemed unacceptable, and what has been done to minimize the organization's exposure to them.
Monday, September 21, 2009
Lec 5 : Database Security
Database security is the system, processes, and procedures that protect a database from unintended activity. Unintended activity can be categorized as authenticated misuse, malicious attacks or inadvertent mistakes made by authorized individuals or processes. Database security is also a specialty within the broader discipline of computer security.
Traditionally databases have been protected from external connections by firewalls or routers on the network perimeter with the database environment existing on the internal network opposed to being located within a demilitarized zone. Additional network security devices that detect and alert on malicious database protocol traffic include network intrusion detection systems along with host-based intrusion detection systems.
Database security is more critical as networks have become more open.
Databases provide many layers and types of information security, typically specified in the data dictionary, including:
* Access control
* Auditing
* Authentication
* Encryption
* Integrity controls
Database security can begin with the process of creation and publishing of appropriate security standards for the database environment. The standards may include specific controls for the various relevant database platforms; a set of best practices that cross over the platforms; and linkages of the standards to higher level polices and governmental regulations.
Traditionally databases have been protected from external connections by firewalls or routers on the network perimeter with the database environment existing on the internal network opposed to being located within a demilitarized zone. Additional network security devices that detect and alert on malicious database protocol traffic include network intrusion detection systems along with host-based intrusion detection systems.
Database security is more critical as networks have become more open.
Databases provide many layers and types of information security, typically specified in the data dictionary, including:
* Access control
* Auditing
* Authentication
* Encryption
* Integrity controls
Database security can begin with the process of creation and publishing of appropriate security standards for the database environment. The standards may include specific controls for the various relevant database platforms; a set of best practices that cross over the platforms; and linkages of the standards to higher level polices and governmental regulations.
Monday, September 7, 2009
Lab 5 Web Application Security
1. Make Sure You Have Java
2. Web Application Hacking simulation using WebGoat and WebScarab, if u want download this sofware, click the link above :
http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Command Prompt opens and vanishes instantly, and another Command Prompt window opens titled "Tomcat". The Tomcat window fills with text and stays open, as shown below. This is the Apache Tomcat Web server listening on the localhost, port 80.
2. Web Application Hacking simulation using WebGoat and WebScarab, if u want download this sofware, click the link above :
http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Command Prompt opens and vanishes instantly, and another Command Prompt window opens titled "Tomcat". The Tomcat window fills with text and stays open, as shown below. This is the Apache Tomcat Web server listening on the localhost, port 80.
Open Firefox, go to http://localhost/WebGoat/attack. A box pops up asking for a name and password. Use guest for both the name and the password. The main WebGoat page opens. Click the "Start WebGoat" button. The "How to work with WebGoat" page opens, as shown belo
Installing WebScarabYou need WebScarab to complete the lessons. Go to this link. On the left side, click the Download link. In the first sentence in the Download section, click the word "here". Save the webscarab-current.zip file. Extract it. A folder named webscarab-current appears. Double-click the subfolder named webscarab-20090222-2217. Double-click the webscarab.jar file. Webscarab opens. This is the Lite Interface. From the menu bar, click Tools, Use Full-Featured Interface. Close WebScarab and restart it. Now you should see many more options, as shpwn below.
Sunday, August 16, 2009
Lab 4 : Cryptography Extended
Caesar Cipher
A cipher or cryptosystem is a method for message concealment.
The key provides the means for efficient encipherment (encryption).
Plaintext – message in readable form
Ciphertext – encrypted message
A cipher or cryptosystem is a method for message concealment.
The key provides the means for efficient encipherment (encryption).
Plaintext – message in readable form
Ciphertext – encrypted message
example the plaintext encrypted to get the cipher text in
The term steganography is applied to the activity of hiding the existence of a
message.
message.
Cryptanalysis gets extended to other contexts where the messages are hidden (or suspected to e hidden) in text, pictures, music, etc.
Symmetric (or classic secret-key) cryptology relies on the correspondents agreeing on key information over the key (secure) channel.
Asymmetric (public-key) requires two key steps
- one key for encipherment
- A second key for decipherment
- one key for encipherment
- A second key for decipherment
Vigenere Cipher
Explanation
EACH column of this table forms a dictionary of symbols representing thealphabet: thus, in the A column, the symbol is the same as the letterrepresented; in the B column, A is represented by B, B by C, and so on.
EACH column of this table forms a dictionary of symbols representing thealphabet: thus, in the A column, the symbol is the same as the letterrepresented; in the B column, A is represented by B, B by C, and so on.
To use the table, some word or sentence should be agreed on by twocorrespondents. This may be called the `key-word', or `key-sentence',and should be carried in the memory only.
In sending a message, write the key-word over it, letter for letter,repeating it as often as may be necessary: the letters of the key-wordwill indicate which column is to be used in translating each letter ofthe message, the symbols for which should be written underneath: thencopy out the symbols only, and destroy the first paper. It will now beimpossible for any one, ignorant of the key-word, to decipher the message,even with the help of the table.
RSA algorithm
The RSA algorithm is one of the earliest, yet most versatile public key algorithm
The original intent for this algorithm is for keyestablishment/transfer, signing/verification, data integrity, and encryption/decryption
To honour them, the method was referred to as the RSA Scheme. The system uses a private and a public key. To start two large prime numbers are selected and then multiplied together; n=p*q.
RSA takes advantage of the fact that prime numbers are easy to compute and factoring them is reasonably difficult
Friday, August 14, 2009
Lec 4: Operating System Security
In this chapter learn about operating system security. First the concept of a protection defines that the system component that enforces the access control in an operations system. A protection system consists of a protection state which describes the operations that are permitted in a system protection state operations which describe how the protection state may be changed. from this, we can determine the operations that individual processes perform
second, we identify that the today commercial operating system use protection systems that fail so truly enforce security goals. we defined a mandatory protection system which will enforce security in the face of attack
third, we outline the architecture of an access enforcement mechanism that would be implemented by a protection system. Such enforcement mechanisms can enforce a mandatory protection state correctly if they satisfy the guarantee required of the reference monitoring concept
Finally, we defined requirements for a secure operating system based on a reference monitor and mandatory protection style.
second, we identify that the today commercial operating system use protection systems that fail so truly enforce security goals. we defined a mandatory protection system which will enforce security in the face of attack
third, we outline the architecture of an access enforcement mechanism that would be implemented by a protection system. Such enforcement mechanisms can enforce a mandatory protection state correctly if they satisfy the guarantee required of the reference monitoring concept
Finally, we defined requirements for a secure operating system based on a reference monitor and mandatory protection style.
Subscribe to:
Posts (Atom)