Cyber Warfare

Cyber warfare is a term used to describe the use of the Internet to wage war in the virtual world, often with real effects in the physical world. Although generally cyber warfare refers to attacks from one sovereign state on another in cyberspace, it may also be used to describe attacks between corporations, from terrorist organizations, or simply attacks by individuals called hackers, who are perceived as being warlike in their intent. In recent years, cyber warfare has become an issue of much concern among the major nations on the planet, and virtually every national military now has a branch dedicated to both conducting and defending against cyber warfare.
As the world becomes more networked, more crucial systems become susceptible to attacks in cyberspace. Although certain military systems remain accessible only by being present at a terminal on site, the vast majority of critical systems that control modern nations are now tied into the Internet in some way or another. While these systems are defended by high levels of security, they are nonetheless breakable, and cyber warfare concerns itself with finding weaknesses and exploiting them.
Cyberwarfare has been defined by government security expert Richard A. Clarke, in his book Cyber War (May 2010), as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption . The Economist describes cyber warfare as "the fifth domain of warfare, and William J. Lynn, U.S. Deputy Secretary of Defense, states that "as a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain in warfare which has become just as critical to military operations as land, sea, air, and space.

Al-Qaeda prepares new cyber attacks on national infrastructure of the USA.

As is well known "Abu-Nafsa Brigade", a unit of Al-Qaeda terrorism network, admitted its responsibility for the most scaled in the USA energetic disaster. It was stated that "Quick Flash" operation was performed by order of Osama bin Laden on purpose to undermine American economy. Cascade electricity supply cessation in the US was Usama's present to Iraqi people.

American intelligence says that new cyber attacks are prepared aiming critical and vulnerable elements of national infrastructure of the USA, and also it is considering opportunity of "Electronic jihad" reanimation.

Ethical Hacking

Ethical hacking, often performed by white hats or skilled computer experts, is the use of programming skills to determine vulnerabilities in computer systems. While the non-ethical hacker or black hat exploits these vulnerabilities for mischief, personal gain or other reasons, the ethical hacker evaluates them, points them out, and may suggest changes to systems that make them less likely to be penetrated by black hats. White hats can work in a variety of ways. Many companies utilize ethical hacking services from consultants or full-time employees to keep their systems and information as secure as possible.
The work of ethical hacking is still considered hacking because it uses knowledge of computer systems in an attempt to in some way penetrate them or crash them. This work is ethical because it is performed to increase the safety of the computer systems. It’s reasoned that if a white hat can somehow break the security protocols of a system, so can a black hat. Thus, the goal of ethical hacking is to determine how to break in or create mischief with the present programs running, but only at the request of the company that owns the system and specifically to prevent others from attacking it.

10thFeb2011

 Virtual Private Network VPN

This  seminar was  about how the company manage a problem that occur during system development. What should the person in charge should do if something unexpected happen to the software or the system regarding to security concerns. VPN is one of the countermeasures for protecting systems from this . some organizations do some intentional attacks through their system in order to determine how much vulnerability the systems have. There are some organizations in the world to do  such tests.

A 'virtual private network (VPN) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users secure access to their organization's network. It aims to avoid an expensive system of owned or leased lines that can be used by only one organization .

It encapsulates data transfers using a secure cryptographic method between two or more networked devices which are not on the same private network so as to keep the transferred data private from other devices on one or more intervening local or wide area networks. There are many different classifications, implementations, and uses for VPNs.

17^th Feb by Mr.Satria Mandala

IDS with critical nodes detection for security MANET

Mobile Ad-Hoc Network (MANET) is a peer to peer network. It is self-configuring infra structure less network of mobile devices connected by wireless links.  In MANET the host and topology is moving frequently because it is a mobile network. It has no cellular infrastructure and was multi-hop wireless links. Data must be routed using intermediate nodes.

 A MANET is a type of ad hoc network that can change locations and configure itself on the fly. Because MANETS are mobile, they use wireless connections to connect to various networks. This can be a standard Wi-Fi connection, or another medium, such as a cellular or satellite transmission.

 Some MANETs are restricted to a local area of wireless devices (such as a group of laptop computers), while others may be connected to the Internet. For example, A VANET (Vehicular Ad Hoc Network), is a type of MANET that allows vehicles to communicate with roadside equipment. While the vehicles may not have a direct Internet connection, the wireless roadside equipment may be connected to the Internet, allowing data from the vehicles to be sent over the Internet. The vehicle data may be used to measure traffic conditions or keep track of trucking fleets. Because of the dynamic nature of MANETs, they are typically not very secure, so it is important to be cautious what data is sent over a MANET.

AODV routing algorithm is a routing protocol designed for ad hoc mobile networks. It maintains the routes as long as they are needed by the sources. AODV also maintains routes for as long as the route is active.

The security issue in MANET is classification that is External Attack vs Internal Attack and Passive Attack vs Active Attack.

Internal Attack – Attack from the inside of the network (e.g employer of the company)

External Attack – Attack outside of the network or organization. These attacks are typically performed by a malicious experienced individual, a group of experienced individuals. (e.g hackers)

Passive Attack – It cannot detect the past attack.

Active Attack – Can detect very fast (e.g black hole)

The attack start from early stage of communication building (e.g routing). The routing attack is :

-          Modification

-          Wormhole Attack (tunneling)

Colluding attackers use “tunnel” between them to forward packets. The attackers place in the very powerful position. The attacker take control of the route by claiming the shorter path.

-          Blackhole Attack

Malicious node does faksification on the hop count.

-          Denial Of Service (DoS)

-          Invisible Node Attack

-          The Sybil Attack

-          Rushing Attack

-          Non-Cooperation.

The solution for these attack is using Intrusion Detection System (IDS) and encrypt the massage routing.

24^th Feb 2011 by Mr. Dahliyusmanto

IDS

Intrusion detection system (IDS) monitors network traffic and it monitors  suspicious activity and alerts the system or network administrator. In some cases the IDS may also respond to malicious traffic by taking action such as blocking the user from accessing the network. Therefore, the attack will be blocked from entering the system.

There are two types of IDS, that is network based Intrusion Detection System (NIDS) and host based Intrusion Detection System (HIDS). In a network based system, the individual packets flowing through a network are analyzed. The NIDS can detect malicious packets that are designed to be overlooked by a firewall’s filtering rules. Meanwhile, in a host based system (HIDS), the IDS examines at the activity on each individual computer or host. A host based (HIDS) monitors the inbound and outbound packets from the device only and will alert the user or administrator of suspicious activity is detected.

The IDS detection technique can be grouped into two. The first one is an anomaly detection. The system administrator defines the baseline, or normal, state of the network’s traffic load, breakdown, protocol, and typical packet size. The anomaly detector monitors network segments to compare their state to the normal baseline and look for anomalies. The other technique is misuse detection. In misuse detection, the IDS analyzes the information it gathers and compares it to large databases of attack signatures. Essentially, the IDS looks for a specific attack that has already been documented which is often learned as signature. Like a virus detection system, misuse detection software is only as good as the database of attack signatures that it uses to compare packets against.

3^rd March 2011 by Mr. Usama Tharwat Elhagari

Trusted Computing

A Windows PC used to have a really horrendous security hole. The password needed to access a password-protected PC was held in clear text. It wasn’t encrypted. Now, because Microsoft and PC manufacturers are members of the TCG, the Trusted Computing Group, its passwords can be stored in an encrypted state inside a special chip, the trusted platform module or TPM.

This module cannot be accessed by users, or hackers, and its contents cannot be read. Toshiba notebooks and other desktop systems using the TPM now come with a range of extra supplier software that can be used to enable the user to provide an encrypted environment such that were the PC lost or stolen then its secured contents cannot be read. The sensitive data is safe.

The idea is to hold identity management data in encrypted form and have it validated by special hardware and software. This can only be done by spcial hardware as software alone can be cracked.

PwC uses Trusted Platform Module for strong authentication

With the TPM, files that are encrypted using a key will have the key stored in the TPM. When a user wants to decrypt or encrypt information he or she has to enter the key. Windows sends it to the TPM which validates it and, if valid, lets the user carry out the required operation.

If the computer is stolen then the encrypted file can be accessed but its contents are nonsense because the key needed to decrypt it cn’t be obtained.

Dell, HP, IBM, Toshiba, and Fujitsu, Gateway and Acer have annouced products that have the TPM security hardware inside them. Various softare houses, such as Wave, build software applications that run on these systems to do things such as bulk encryption, single sign-on, and TPM management.

Introduction

Hello

This weblog consists of some seminars about information security topics:

• VPN(virtual private network 10 feb)
• IDS with critical nodes detection for security manet 17 feb
• IDS 24 feb
• Trusted Computing 3 march
• Ethical Hacking 24 march
• Cyber Warfare

and other intresting subjecs in near future...

Thank you