10thFeb2011
Virtual Private Network VPN
This seminar was about how the company manage a problem that occur during system development. What should the person in charge should do if something unexpected happen to the software or the system regarding to security concerns. VPN is one of the countermeasures for protecting systems from this . some organizations do some intentional attacks through their system in order to determine how much vulnerability the systems have. There are some organizations in the world to do such tests.
This seminar was about how the company manage a problem that occur during system development. What should the person in charge should do if something unexpected happen to the software or the system regarding to security concerns. VPN is one of the countermeasures for protecting systems from this . some organizations do some intentional attacks through their system in order to determine how much vulnerability the systems have. There are some organizations in the world to do such tests.
A 'virtual private network (VPN) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users secure access to their organization's network. It aims to avoid an expensive system of owned or leased lines that can be used by only one organization .
It encapsulates data transfers using a secure cryptographic method between two or more networked devices which are not on the same private network so as to keep the transferred data private from other devices on one or more intervening local or wide area networks. There are many different classifications, implementations, and uses for VPNs.
17th Feb by Mr.Satria Mandala
IDS with critical nodes detection for security MANET
Mobile Ad-Hoc Network (MANET) is a peer to peer network. It is self-configuring infra structure less network of mobile devices connected by wireless links. In MANET the host and topology is moving frequently because it is a mobile network. It has no cellular infrastructure and was multi-hop wireless links. Data must be routed using intermediate nodes.
A MANET is a type of ad hoc network that can change locations and configure itself on the fly. Because MANETS are mobile, they use wireless connections to connect to various networks. This can be a standard Wi-Fi connection, or another medium, such as a cellular or satellite transmission.
Some MANETs are restricted to a local area of wireless devices (such as a group of laptop computers), while others may be connected to the Internet. For example, A VANET (Vehicular Ad Hoc Network), is a type of MANET that allows vehicles to communicate with roadside equipment. While the vehicles may not have a direct Internet connection, the wireless roadside equipment may be connected to the Internet, allowing data from the vehicles to be sent over the Internet. The vehicle data may be used to measure traffic conditions or keep track of trucking fleets. Because of the dynamic nature of MANETs, they are typically not very secure, so it is important to be cautious what data is sent over a MANET.
AODV routing algorithm is a routing protocol designed for ad hoc mobile networks. It maintains the routes as long as they are needed by the sources. AODV also maintains routes for as long as the route is active.
The security issue in MANET is classification that is External Attack vs Internal Attack and Passive Attack vs Active Attack.
Internal Attack – Attack from the inside of the network (e.g employer of the company)
External Attack – Attack outside of the network or organization. These attacks are typically performed by a malicious experienced individual, a group of experienced individuals. (e.g hackers)
Passive Attack – It cannot detect the past attack.
Active Attack – Can detect very fast (e.g black hole)
The attack start from early stage of communication building (e.g routing). The routing attack is :
- Modification
- Wormhole Attack (tunneling)
Colluding attackers use “tunnel” between them to forward packets. The attackers place in the very powerful position. The attacker take control of the route by claiming the shorter path.
- Blackhole Attack
Malicious node does faksification on the hop count.
- Denial Of Service (DoS)
- Invisible Node Attack
- The Sybil Attack
- Rushing Attack
- Non-Cooperation.
The solution for these attack is using Intrusion Detection System (IDS) and encrypt the massage routing.
24th Feb 2011 by Mr. Dahliyusmanto
IDS
Intrusion detection system (IDS) monitors network traffic and it monitors suspicious activity and alerts the system or network administrator. In some cases the IDS may also respond to malicious traffic by taking action such as blocking the user from accessing the network. Therefore, the attack will be blocked from entering the system.
There are two types of IDS, that is network based Intrusion Detection System (NIDS) and host based Intrusion Detection System (HIDS). In a network based system, the individual packets flowing through a network are analyzed. The NIDS can detect malicious packets that are designed to be overlooked by a firewall’s filtering rules. Meanwhile, in a host based system (HIDS), the IDS examines at the activity on each individual computer or host. A host based (HIDS) monitors the inbound and outbound packets from the device only and will alert the user or administrator of suspicious activity is detected.
The IDS detection technique can be grouped into two. The first one is an anomaly detection. The system administrator defines the baseline, or normal, state of the network’s traffic load, breakdown, protocol, and typical packet size. The anomaly detector monitors network segments to compare their state to the normal baseline and look for anomalies. The other technique is misuse detection. In misuse detection, the IDS analyzes the information it gathers and compares it to large databases of attack signatures. Essentially, the IDS looks for a specific attack that has already been documented which is often learned as signature. Like a virus detection system, misuse detection software is only as good as the database of attack signatures that it uses to compare packets against.
3rd March 2011 by Mr. Usama Tharwat Elhagari
Trusted Computing
A Windows PC used to have a really horrendous security hole. The password needed to access a password-protected PC was held in clear text. It wasn’t encrypted. Now, because Microsoft and PC manufacturers are members of the TCG, the Trusted Computing Group, its passwords can be stored in an encrypted state inside a special chip, the trusted platform module or TPM.
This module cannot be accessed by users, or hackers, and its contents cannot be read. Toshiba notebooks and other desktop systems using the TPM now come with a range of extra supplier software that can be used to enable the user to provide an encrypted environment such that were the PC lost or stolen then its secured contents cannot be read. The sensitive data is safe.
The idea is to hold identity management data in encrypted form and have it validated by special hardware and software. This can only be done by spcial hardware as software alone can be cracked.
With the TPM, files that are encrypted using a key will have the key stored in the TPM. When a user wants to decrypt or encrypt information he or she has to enter the key. Windows sends it to the TPM which validates it and, if valid, lets the user carry out the required operation.
If the computer is stolen then the encrypted file can be accessed but its contents are nonsense because the key needed to decrypt it cn’t be obtained.
Dell, HP, IBM, Toshiba, and Fujitsu, Gateway and Acer have annouced products that have the TPM security hardware inside them. Various softare houses, such as Wave, build software applications that run on these systems to do things such as bulk encryption, single sign-on, and TPM management.
No comments:
Post a Comment