Wednesday, May 21, 2008

SEC520 Types To Regard As Security Personnel

You always need to access something pretend you want to print you must switch to partial system administration your software uses the network, its controlled but parts are making use of kernel states that have admin control,

Hackers will break the software right when that’s happening if they do that they can break the shell and have access control of the tat process, and that’s one of escalating privileges and that’s where the loop holes are, its like the cgi programs, it does things that a user cannot do that an escalation of privileges, implementing is really hard because its so hard its always going to flawed the trick is not to have it prefect but now be the low hanging side , the bigger the value of the prize the more stringent you have to be, if they can make 10million they will spend 1 mil,

You come up with policy rationale three things to think of ,


One thing is

1. Due Diligence – your legal obligations, protect it

2. Risk Analysis – Cost of Benefit “How much will it cost and how much am I going to lose” Intelligent guessing

3. Exceed the Standards - Why? Bear chase phenomenon if you in a party of campers you try to be faster then the other people,

History:

In the beginning of computers, their were no passwords wasent an issue originally first computers were batch operators, they do one job at a time, so a computer center, it would be in a basement where the banks of memory the size of a huge cabnit and you would do your punch card, so one job at a time controlled by an operator, one job at a time you couldn’t cross boundaries, “think” MIT came up with the concept of time sharing that not all process is busy all the time, theirs I/O, its split into chunks and they all had a dumb terminal, except for a big centralized machine, what happen that some people were getting access to things they weren’t suppose to, and some errors and data would overwrite because their were not access control stuff, because in the early days they didn’t know so they came with access and password, they didn’t like the idea the machine control what they could do, suddenly the system would dictate to them and was a huge loss of freedom, Richard Stallman, Their was quite a resisted against password, then they broke into the password file and tried to live in access one famous incident, one was setting the login procedure and he look at the login and a password file would come up.

Someone would have a password file like the /etc/passwd in linux when you login program must have access to the file to see if ur their it use to be user name and password what they came up with is a
one way hash(cryptography technique) user puts into a password and given to a hashing algorithm MD5, if you give this the same input it will come out with the same output, so they store the hash of the pass except the password itself whats stored is not the same what is put in,
2 characteristics

1. It cannot be reversed,
if I have this I cant figure out this,

2. Given input always produces same output,
2a. any change to input how ever small produces completely different output

If I change 1 letter the output will be completely different,

Have a good logging system, everything being keyed were being cached in the buffer and waiting to be given to the hash,

Other thing realize in login you shouldn’t log password, which means also logging user names with failed attempts

You want to store them from successful ones, you want ot know who they were and where they came from, something simple become complex,

You remember the CIA if you kick ur users off the system cause their making mistakes you are failing accessibility, once they solved that stuff, what’s the weakest link, the first element the employee, social engineering, they will use passwords that are easy, or they can use social engineering, have educations and user friendly policy easy to understand and educate the user why the policy is important, you can do this well, sec625 is human side of the security,

Issue of sniffing,

Don’t use telnet use ssh, make sure you have ssl happening, any password in the wire should be encrypted before going in the wire

ShoulderSurfing, someone watching u type,
They can be grayed the Astrix

Other types of sniffing, one of the links, think geek, it’s a key sniffer, if going on a pc keyboard it’s a key logger,

Monitor Radiation, Vantek, if you invest something monitoring e


Key board timing attacks – you can decrypt them

Cost benefit analysis

The Trojan login, thinking when you login you see a prompt user name and password, its not hard to duplicate that, here what you can do if you have access, you leave th screen on so write a program so ur program runs inside of the login then you present a error then it passes it to the system,

Ettercap, is an evil program, it makes it easy for man in the middle attacks insert urself in the browser and server, it makes arp poisoning easy, knowing this if your on a lan with strangers you should not do anything that private,

Authentication factors, three factors of authentication,
1. Something you know the most common example is a password
2. Something you have – token key
3. Something you are – bio metrics

First password, they are easy to implement , no need to buy hardware or software, weakness choose weak password, we all know this,

Strangth if someone has it,

Weakness it can be forgotten come to work without ur token you cannot login, stolen, required extra hardware, you have to install a token reader on every machine, if you use a special card or device it can be expensive

4. Bio-metrics – easy to fool, you cant get 100% of the percent the higher percent the more it costs, if I gets easy if can interfere with it you need a huge database something the gnarl public is using it needs a huge database, if you their checking ur finger at the boarder what kinda pipe line would you need, so yo need to think about things like this they can take photos of your eyes,

ATM strategy

Well in today’s world everything is moving fast we are all learning and re-learning new things over and over. Before I start I wanted to ask the class why do they think emerging communication technologies are here? Basically why do we need to communicate them?

Well Uyless Black, a lecturer on communications technologies says

Today emerging technologies are here to overcome the deficiencies of the current technologies. Each new technology must meet the needs of applications

What he’s basically saying is we don’t need faster computers, we don’t need faster applications WE HAVE THEM and they are advancing in a millisecond rate, we need better communications between systems to be more accurate between Wide and Local area networks.

We choose Asynchronous Transfer Mode not because it’s a any protocol it’s the mother of all protocols and you will learn why in just a few minutes.

Just to define some how some of the information is handled before it actually transmits data, PMD synchronizes the transmission and reception of the connection and maintains continuous flow and TC allows devices to locate cells within a stream of bits.

Now I know what you guys are all thinking, How then this information directed…well first in front of the information you want to send there is header which contains all specifications about the load that will come after it, this is similar to an envelope, What do you need for an envelop? A Stamp, Mail Address and an optional Return address, you might even need two stamps!

So when your first going to send out your letter you put the right information on the top then drop it off to the closest mail box, after the header there is the pay load and we can see this similar to the mail carrier that carriers all ur letters and delivers them to the right destination, and like your envelope when they reach their destination the Name on the envelope is the person you want to be reading your message. That is similar to what the payload incorporates.

Now your thinking I got the envelop I wrote the letter but then who’s going to carrier my letter to my friend! Well actually you don’t care, but for ATM and as a Technician you must know which device you’re going to hook up

You basically use Switches/Bridges, they are two devices but are usually now embedded into one and perform functions what is inside the header and payload. Now we know how its directed and how its carried, now how is it handled?

Well inside each header there are bits called the VC and VP each of these are similar to telephone numbers but only regarded to each switch/bridge/router locally and no significance when transmitted except during the process of the switch where it translates that number to the right path in the opposing network.

Sunday, May 18, 2008

INT525 Compile Process

Just some stuff I've been working on.....you know this one actually is good instructions.....Apache Installation

Creating symbolic links to start up Apache, S__ and K__ in init

We download the source tarbal

Untar it with tar –xzvf

Make sure no one can log in if you do this to their account /bin/false

7 fields per user etc passwd

Everydeamon /bin/false

When installing we user

Do not do this as root,

Make
Make test

Make a dedicated directory to deal with your source code

/exp/src

Your configuration needs,

Document Root
Server Root
Extract Binaries
Change Executable Directory
Configuration Files












All command line switches, and easier more quickly with config.layout

# SuSE 6.x layout

prefix: /usr
exec_prefix: ${prefix}
bindir: ${prefix}/bin
sbindir: ${prefix}/sbin
libdir: ${prefix}/lib
libexecdir: ${prefix}/lib/apr
mandir: ${prefix}/share/man
sysconfdir: /etc/httpd
datadir: /usr/local/httpd
installbuilddir: ${datadir}/build
includedir: ${prefix}/include/apr
localstatedir: /var/lib/httpd
runtimedir: /var/run


Buildconf (first time system inspection and change system tree appropriately)
./configure (command line switches –withlayout)
Make
Make Test
Make Install (Don’t Do)
Make Clean

We are done unless we want to statically compile some modules, modify the build dso capabilities, we must compile the mod_so

Run shell script to automate this and make modifications to it and run it