Tuesday, August 25, 2009
Database Security makes me undertand the most important of security issue especially in database systems and the problems related to information protection. Beside that we investigate thepotential implementation of security mechanism in the database management system and operating system. I learned that how to create the new database and make sure the user can read their own account and a certain person which have priority can access the data to see, write and edit data. The task that we do is create a new records, read all fields and update data and so on.
To set the access right to any person , we need to set the acess control which enables us an authority to access data or resource. This is a one part of physical security and second layer in computer security achitecture. So the application will call the access control functions to set who can access specific resources provided by that application. When we create a access control, we must consider the decision is suitable for the problem. Such as make sure does the operating system respect the data or record. We must consider all of the factor and the pros and cons of our design decision.
Some people do not care on their user privileged. As a good in securing database, we must have policy and defines the privileges various user on organizational network, specify a group of users and so on. The policy is use to create a access and control the user and data.
Database Security is the most important especially when we use a server. It is to secure the database from unathorized users because we usually store the important data such as clients information, financial details, human resource details and all the data that need to be secure and secretly. The benefit of apply the database security is to monitor activity or proces , improved security database, ensures all the resourse is secure and most important is for integrity and availability to user. So the hacker do not have an authority to attack the data.
Concept of database divide by three (Database, Database Administrator(DBA), Database Management System (DBMS)). There is a few way to make sure that the database is under a good database such as there are good in
Tuesday, August 18, 2009
In this lab, i learned about the flaw of web application and how it is exploited. Beside that, we learn exploit web application vulnerabilities and prevention method that can be taken to overcome web
application vulnerabilities. Vulnerabilities is intersection of three elements.That is a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.
Many application employ a tiered architecture and a failure to different tiers properly often leaves an application vulnerable. So it enable the attacker who has found a defect in one component to quickly compromises the entire. When threats arises in shared hosting environment, defects and malicious code in one application can sometimes be exploited to compromise the environment itself and other applications running within it.
Sometimes this vulnerabilities always target the web server that running. This vulnerabilities in web server are broadly composed of defects in their configuration and security flaws within the web server software.
A few reason why vulnerabilities occured is complex systems so the probability of flaws increase, peopele like using common, well-known code, software, operating systems, and/or hardware increases the probability an attacker has or can find the knowledge and tools to exploit the flaw
, more physical connections, privileges, ports, protocols, and services and time each of those are accessible increase vulnerability, weak password, the fundamental operating system design flaws, internet Website Browsing, Software bugs, Unchecked user input and so on. (wikipedia website)
This lab had been covered with this topic :
• Explain What is Symmetric and Asymmetric Cryptography
• Implementing Caesar Cipher for Symmetric Cryptography.
• Implementing Vigeneré Cipher for Symmetric Cryptography.
• Implementing RSA algorithm for Asymmetric Cryptography
For me, Symmetric crptography is the both paties involved in the communication use same key but secretly between them. That why we can called is as shared secret system or private key systems. The operation of this symmetric separated into strem ciphers and block ciphers. But the huge problem of this cyptography is key exchange. Different to assymmetric, means public key cyprography. This asymmetric works when people that has private key will keep it secretly then anyone is told the public key will enable them to unlock the private key and read the data that had been sent.
The comparison between symmetric and assymetric is symmetric key usually faster to use in electronically than asymmetric. But assymetric usually more computationally. Both of this key is related to each other and especially in mathematically related.There are a few example of symmetric ciphers such as Data Encyption Standard (DES), RSA and AES. While the popular example of assymetric is PGP(Pretty Good Privacy).
Caesar ciphers is the action of replace each plaintext letter with one a fixed number of places down the alphabet.
(Source from: http://www.wikipedia.com/)
Example of SHIFT 3 in Caesar Cipher :
Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC
Example how to solve the problem :
Plaintext: the quick brown fox jumps over the lazy dog
Ciphertext: WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ
Vigenere ciphers is polyalphabetic cipher based on using successively shifted aphabets, means a different shifted alphabetic and the step is based on the tableau and use the keyword. It use a series of different caesar cipher. This cipher is well known because we easy to understand and use it.
Here is the simple step of implementing RSA algorithm for Asymmetric Cryptography :
1. value for p, q had been given
2. n = p x q
3.φ(n) = (p – 1) (q – 1).
4.d= e -1 mod φ(n)
Sunday, August 16, 2009
A few propose of this operating system security such as multiprogramming had been introduced for the protection need..Some of purpose is for memory protection, means that prevents from corrupting the memory of another process running on the same computer and same time but we must allert with the method protection of memory.
There are seven of method :
- Fence
- Relocation
- Paging
- Segmentation
- Base/bound register
- tagged architecture
- paging combined with segmentation
Besides that, we must protecting general object by using file protection, group protection, access control limitation,permission, authentication and so on. Below is general object protection :
- Memory
- File/Data set on an auxiliary storage device
- Program Executing in memory
- A directory file
- Hardware device
Monday, August 10, 2009
Security??Something that support our life and make our life easy to handle. So some organization provide program security for us because of attack such as brute force attack, replay attack, man in the midle attack and fault in cryptosystem. Program security is important part that teach us how the malicious proram will effect our computer and how to manage it.Malicious program is something that corrupt our computer from running as usually.
We can detect it is virus if we don't see raw data, it can do harm and can also be confidential. There are a few type of viruses such as parasitic virus, memory-resident virus, boot sector virus, stealth virus,macro virus, directory virus,false virus, FAT virus and polymorphic virus. Resident is new for me, it means type of virus that hides permanently in RAM memory and it can control and intercept all of the operations carried out by the system. It can corrupt our file and program we opened, closed, copied, renamed and so on. Virus phase can be divided into 4phase.1st, Dormant Phase.2nd,Propagation Phase.3rd, triggering phase and 4th is execution phase.There are a few type of malicious attack such as :
