Mister Disagree

CHAPTER 5 (cont.)

* Who cause sequrity problem - Hacker, spy, student, businessman, ex - employee, terrorist

Network security problem area:
1. Authentication - hacker want to be an autheriza user, so they am this first.
2. Secracy - In the midle between sender and receiver.
3. Non- repudiation - deal with digital signature.
4. Integrity - Ensure that only authorize user allow to change the data.

Disadvantages of computing network
1. Sharing.
2. Complexity.
3. Unknown paramenter - alot of point on the network that possible to exploite to capture packet.
4. Ananomity - For a big network,we dont even know who at the other point. eg: some one may hack the DNS server before take over the website.
5. Sequrity exposure - Privacy, data integrity, authenticity, convert channel, impersonaty and evesdropping.

Theaten Network
1. Denial Of Service - DOS, DDOS
2. Packet replay - Capture packet that being sent to the AP that using WEP, but it use a lot of time so we use packet replay to dacoy the AP while sniffing the packet without change that packet's content.
3. Packet notification - capture and change the packet's content.

Network security control
1. Encryption
2. Strong authentication
3. IPSec, VPN, SSH
4. Karberos
5. Firewall (act as a roadbloack)
6. IDS (act as speedtrap)
7. IPS (act as grill)
8. Honeypot

Encryption
1. link to link
- cover layer 1 & 2 attack
- use switch layer 3 to prevent it
2. end to end
- Use application to encrypt send packet


IPSec
- Authentication & encapsulation
- Work on layer 3
- Only can be decrypt on the receiver side

SSL
- Combining of symmetric (on client host)and asymmetric (on server)algorithm

Karberos
- 1 server use to provide control authentication called as Karberos server
- Host need to have a ticket before able to send a packet to any server, 1 authentication server use to control the ticket.
-The ticket characteristic is unique, encrypted and have a life time period, since the life time is over the limit, client should request the new one before able to communicate to other server.

Firewall
- Differentiate the user whether it inside or outside the network.
- Basically hacker use the alternative way or tunneling to pass the firewall.
- Once the hacker already inside the network, firewall cant do anything.

IDS
- Capture packet and compare with the rule of IDS that installed and stored in database. If detect the malicious packet, an alert will be sent to admin so an admin can go to firewall device to block that particular packet.
- Based on attitude of admin and rule, admin must update the rule constantly so it would be still relevant.

IPS
- Scan the network, and if detect a malicious packet, IPS will send alert to access list on firewall, the firewall will directly block that particular packet.

Hacking involve:
1. Reconnaissance – gain general info on target host
2. Scanning
3. Gaining access
4. Maintaining access
5. Covering track


Chepter 6

Email
- 2 part:
- Header
- Body
- Send as text file format.
- Use MIME that allow us to an email that contain image file, attachment file or whatever.
- Non-encrypted because it just a plain text

S/MIME
- Encrypted content
- We can choose whether just want to send the email as plaintext or being encrypted.

Web security
- To secure our web/http
- Use SSL/TLS,SSH,SET

SSH
- Transfer data securely (encrypted)