Fajrina Blog Spot

Email use to transmit data or information into other receiver. It’s operated by divide each email by two part (header and body). It uses MIME protocol. Email can easily expose to threats same as threats can easily exposed by email. The most theats that enabled by email is spamming, it dissipate memory and bandwidth of our computer.

PGP is Pretty Good Privacy, glamour as plug-in emails clients and also used as stand-alone software. It will sign a detached and stored separately.

Web security techniques that popular use by people in network. I think everybody is familiar with SSL, SSH, https, and SET.

1. SSL which provides two layers architecture can help to secure the used of web browser and servers. It popular use in electronic banking.

2. tSSH used to provide a security in application layer which built on TCP in transport layer.

3. SET specially designed to secure communication link and to protect credit card but it need confidentially pament and information, card holder authentication and merchant authentication.

4. Https used to secure communication between computers and www.

Nowadays, biometric technology is exposed in fingerprint(example shape is arch, loop and whorl), eye, face, hand geometry, signature and voice. It also had been found in body odour, palm print, earshape and DNA. Biometric is an identifier of person through physiological or behavioral. How biometric function is if there is unique, acceptability, stability and universality. It function with using storage, data collection, signal processing, matching, and transmission. Examples of device that apply all the function are Optical fingerprint sensor, electro-optical sensor, e-field sensor, thermal sensor, and capacitive sensor. But we must alert with threats that usually attack biometric sensor, example is replay attack of eavesdropped biometric data and manipulation of stored biometric reference data. Because over than 50% of email is now spam. Other protocol that is used is S/MIME that allows a good client security through signature also encryption.

When we talk about the security in networks, we actually need to know what network definition to make we more deeply understand. Network for me is something can make multiple user connect in same time to each other. Connection happend when there are seven layer in network connect each other and each layer do their task. Seven layer is Application, Presentation, Session, Transport, Network, Data Link and Physical. (click to get a detail about the layer).

Network Security problem area discuss on authentication, secrecy, non-repudiation and integrity control.Example of authentication is commonly done through the use of passwords when user login. So knowledge of the password important to assumed to guarantee that the user is authentic. While non-repudiation problem is exchange something on network without a trusted third party. For me, integrity control means certificate of access control which can be solved by employing one way hash functions.

The bigger problem in securing the network is to prevent our network from the hacker or attacker. Hacker is a bad people which try to attack our computer, resources or files.
Hacking can be divided into 5 :

1. Reconnaisance - by initial planning study detecting enemy before attack example by using googling or dumpster diving
2. Scanning - Attacker learn network using structure traceroute or ping.
3. Gaining Access - issuing the access to the enemy resources
4. Maintaining Access - such as troubleshoot identity and access solutions
5. Covering Track - contruction phase or cover the data

Database Security makes me undertand the most important of security issue especially in database systems and the problems related to information protection. Beside that we investigate thepotential implementation of security mechanism in the database management system and operating system. I learned that how to create the new database and make sure the user can read their own account and a certain person which have priority can access the data to see, write and edit data. The task that we do is create a new records, read all fields and update data and so on.

To set the access right to any person , we need to set the acess control which enables us an authority to access data or resource. This is a one part of physical security and second layer in computer security achitecture. So the application will call the access control functions to set who can access specific resources provided by that application. When we create a access control, we must consider the decision is suitable for the problem. Such as make sure does the operating system respect the data or record. We must consider all of the factor and the pros and cons of our design decision.

Some people do not care on their user privileged. As a good in securing database, we must have policy and defines the privileges various user on organizational network, specify a group of users and so on. The policy is use to create a access and control the user and data.

Database Security is the most important especially when we use a server. It is to secure the database from unathorized users because we usually store the important data such as clients information, financial details, human resource details and all the data that need to be secure and secretly. The benefit of apply the database security is to monitor activity or proces , improved security database, ensures all the resourse is secure and most important is for integrity and availability to user. So the hacker do not have an authority to attack the data.

Concept of database divide by three (Database, Database Administrator(DBA), Database Management System (DBMS)). There is a few way to make sure that the database is under a good database such as there are good in

In this lab, i learned about the flaw of web application and how it is exploited. Beside that, we learn exploit web application vulnerabilities and prevention method that can be taken to overcome web
application vulnerabilities. Vulnerabilities is intersection of three elements.That is a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.
Many application employ a tiered architecture and a failure to different tiers properly often leaves an application vulnerable. So it enable the attacker who has found a defect in one component to quickly compromises the entire. When threats arises in shared hosting environment, defects and malicious code in one application can sometimes be exploited to compromise the environment itself and other applications running within it.

Sometimes this vulnerabilities always target the web server that running. This vulnerabilities in web server are broadly composed of defects in their configuration and security flaws within the web server software.

A few reason why vulnerabilities occured is complex systems so the probability of flaws increase, peopele like using common, well-known code, software, operating systems, and/or hardware increases the probability an attacker has or can find the knowledge and tools to exploit the flaw
, more physical connections, privileges, ports, protocols, and services and time each of those are accessible increase vulnerability, weak password, the fundamental operating system design flaws, internet Website Browsing, Software bugs, Unchecked user input and so on. (wikipedia website)

This lab had been covered with this topic :
• Explain What is Symmetric and Asymmetric Cryptography
• Implementing Caesar Cipher for Symmetric Cryptography.
• Implementing Vigeneré Cipher for Symmetric Cryptography.
• Implementing RSA algorithm for Asymmetric Cryptography



For me, Symmetric crptography is the both paties involved in the communication use same key but secretly between them. That why we can called is as shared secret system or private key systems. The operation of this symmetric separated into strem ciphers and block ciphers. But the huge problem of this cyptography is key exchange. Different to assymmetric, means public key cyprography. This asymmetric works when people that has private key will keep it secretly then anyone is told the public key will enable them to unlock the private key and read the data that had been sent.



The comparison between symmetric and assymetric is symmetric key usually faster to use in electronically than asymmetric. But assymetric usually more computationally. Both of this key is related to each other and especially in mathematically related.There are a few example of symmetric ciphers such as Data Encyption Standard (DES), RSA and AES. While the popular example of assymetric is PGP(Pretty Good Privacy).



Caesar ciphers is the action of replace each plaintext letter with one a fixed number of places down the alphabet.






(Source from: http://www.wikipedia.com/)

Example of SHIFT 3 in Caesar Cipher :
Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC

Example how to solve the problem :
Plaintext: the quick brown fox jumps over the lazy dog
Ciphertext: WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ

Vigenere ciphers is polyalphabetic cipher based on using successively shifted aphabets, means a different shifted alphabetic and the step is based on the tableau and use the keyword. It use a series of different caesar cipher. This cipher is well known because we easy to understand and use it.

Here is the simple step of implementing RSA algorithm for Asymmetric Cryptography :

1. value for p, q had been given
2. n = p x q
3.φ(n) = (p – 1) (q – 1).
4.d= e -1 mod φ(n)

A few propose of this operating system security such as multiprogramming had been introduced for the protection need..Some of purpose is for memory protection, means that prevents from corrupting the memory of another process running on the same computer and same time but we must allert with the method protection of memory.
There are seven of method :

• Fence
• Relocation
• Paging
• Segmentation
• Base/bound register
• tagged architecture
• paging combined with segmentation

Besides that, we must protecting general object by using file protection, group protection, access control limitation,permission, authentication and so on. Below is general object protection :

1. Memory
2. File/Data set on an auxiliary storage device
3. Program Executing in memory
4. A directory file
5. Hardware device

Security??Something that support our life and make our life easy to handle. So some organization provide program security for us because of attack such as brute force attack, replay attack, man in the midle attack and fault in cryptosystem. Program security is important part that teach us how the malicious proram will effect our computer and how to manage it.Malicious program is something that corrupt our computer from running as usually.

We can detect it is virus if we don't see raw data, it can do harm and can also be confidential. There are a few type of viruses such as parasitic virus, memory-resident virus, boot sector virus, stealth virus,macro virus, directory virus,false virus, FAT virus and polymorphic virus. Resident is new for me, it means type of virus that hides permanently in RAM memory and it can control and intercept all of the operations carried out by the system. It can corrupt our file and program we opened, closed, copied, renamed and so on. Virus phase can be divided into 4phase.1st, Dormant Phase.2nd,Propagation Phase.3rd, triggering phase and 4th is execution phase.There are a few type of malicious attack such as :

1. Logic bomb - activates on an event
2. Trap door - undocumented/piece of code for debugging and we do not delete when write a code
3. Virus
4. Bacteria/rabbit
5. Trojen Horse
6. Worm
7. Spyware
8. Macro
9. Overwrite

I'll explain how to install PGP and the function of that particular software in network security...PGP is from a word Pretty Good Privacy, it is a public key enryption program originally written by Phil Zimmermann in 1991.Why PGP?For me, it is to secure email on internet because email is personal and it's private, beside that we don't want our private email or confidential documents read by anyone else. The advantages of PGP are language support and is available for many different platforms including Windows, Unix, MS DOS, OS/2, Macintosh and so on. After I do a research, the latest version of international freeware versions of PGP os 6.5.1i for Windows 95/98/NT and MacOS only while 5.0i for other platform.PGP works by combines some of the best features of both conventional and public key cryptography.PGP will compresses the plaintext that had been encrypt by user and creates a session key(secret key). Then after data is encrypted, the session key is then encrypted to the recipient's public key and transmitted along with the ciphertext to the recipient.

There are two type of crptography -> substitution and transportation. Substitution is use by use one letter to refer to another letter. This substitution divided by two type, monoalphabetic(use same letter for the whole message) and polyalphabetic(use different letter in whole message).While transportation is use by change the arragement of text and letter. This method can be divided by key and unkeyed..

example what i learn in class is:
1 2 3 4 5 6 7 8 9 10
1 T H E R E I S N O S
2 E C U R I T Y O N T
3 H I S E A R T H T H
4 E R E I S O N L Y O
5 P P O R T U N I T Y
Conclusion: for unkeyed single transportation can be develop into a matrix of 10(vertical) by 5(horizontal). This step can be try on keyed single transportation just by using matrix 10 but do not in sorting.

this is some terms that need to memorize such as :

1. Vigenere Ciphers - we must know the manual polyalphabetic cipher to perform encryption
2. Simple substitution ciphers (random) - is use for random aphabet tp improve caesar ciphers.

Other thing that i learn today is about MAC, Message Authentication Codes is key-dependent one way hash function.It accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs.MAC protects both a message's data integrity as well as its authenticity.While digital signiture is use for message from particular sender and cryptography value that depends on message and sender.A digital guarantee that information has not been modified, as if it were protected by a proof seal that is broken if the content were altered.

RSA is the algorithm was publicly described in 1978 by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT.The letters RSA are the initials of their surnames, listed in the same order as on the paperis an algorithm for public-key cryptography. It is the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in public key cryptography (taken from wikipedia website).

What i'm understand about IT security goals is to provide strong network logon authentication and at the same time reduce the and help desk costs that are associated with supporting users who forget their passwords or who let their passwords expire.Besides that, to preventing users from downloading or from using nontrusted and nonsigned content from the Internet. Sometimes, IT security use to provide availability, integrity,confidentiality and nonrepudiation for general business e-mail messages. I will explain about availability, integrity and confidentiality after this. Let me explain about the different between NTFS and Fat32.

Fat 32 is old file system that is simple, but if need to access from DOS or win9x, this Fat32 is suitable. Is also well-documented, readable from a large number of OSs, and supported by a wide range of tools while a newer file system that is faster, safer, space efficient, feature-rich, proprietary, undocumented at the raw bytes level, and subject to change - even within Service Packs of the same OS version. To get detail, refer to this website http://cquirke.mvps.org/ntfs.htm.

The differentiate between availability, integrity,confidentiality :

CONFIDENTIALLY -
Means that, computer or asset cannot being used by other unauthorized person because it is privacy and secrecy.
Example : there are two user had been created. User1 do not have authority to see,modified or do anything to User2 folder or file.Only User2 have authority can do anything to their computer or assets.

AVAILABILITY -
Means that, user can access their own file or information anytime they want without a failure and it remains available or secure.
Example : User1 can access their own information anytime they want but User2 cannot do anything eventhough User1 had been removed or delete by administrator.

INTEGRITY -
Means that, only own user can do any changes to their data.
Example : User1 can added, deleted or updated their data. User1 can only do the task that been set by administrator.

Let me explain how to convert from FAT disk into NTFS.There are a few step :

1. Log on Windows 2003 Server as Administrator.
2. Click [Start] and after that Click [Run]
3. Type cmd to open command line at type chkntfs d: Notes : You will get a message "D: is not dirty"
4. Then type convert d: /fs:ntfs. If the drive has a volume label, enter it when prompted.
5. Type chkntfs d : to verify that drive is now NTFS.
6. Finish.

Some of people is very familiar with authentication, as you know it is something that verification of our identity as security to some data...Such as login for some application which we need to insert our username and password..Besides, we use smart card, passport, biometrics system, signature, retina or use voice to verification. All this kind of technique only for one purpose, protection from atacker.
Below is an example that we need to protect our password..

1. 1st thing, do not show password to anybody. Example : cannot write password anywhere and login the password only at a secure places.
2. Important to find a password that is easy for us to remember but difficult to guess by others.
3. Create password more that six character(especially using combination of number and alphabets)
4. Do not use familiar information such as names, birthday,phone number, plate numbers or family names
5. Others

What best part of lecture today, we learned how to guess other passwords.

• Use default passwords to guess.
• Use short word and easy character to guess
• Use all the words in an electronic dictionary(60,000).
• Hm how about collect information about the user name, family names, birthday, so on.
• Guess user’s phone number, social security number, street address.
• Guess license plate numbers
• Use a Key Looger or Trojan horse so we can keep track what had been type by users.
• Lastly, tap the line between a remote user and the host system.

• Download VMware Workstation from http://www.vmware .com/download/ws/
• Double click on VMware launcher to start the installation wizards
• Click on [Next]
• Choose Typical setup type
• Choose location for VMware Workstation installation.Click on [Next].
• Configure the shortcuts for VMware Workstation and Click on [Next].
• Click on [Install]
• Enter serial number of VMware Workstation.
• Click [Finish] and restart the Computer.