IMED BOOK Protection In Cyber World
UNIT 1 Introduction to Cyber Security
1)Need of cyber security 1. Everyb Everybody ody is using using COMPU COMPUTER TERS. S. 2. From From white hite coll collar ar crim crimin inal als s to terr terror oris istt orga organi niza zati tion ons s An And d from from Teenagers Teenagers to Adults Adults 3. Conv Conven enti tion onal al crim crimes es like like Forg Forger ery, y, exto extort rtio ion, n, kidn kidnap appi ping ng etc. etc. Are Are being committed with the help of computers 4. New generation generation is growing growing up up with with computers computers 5. MOST MOST IMPO IMPORT RTAN ANT T - Mone Moneta tary ry tran transac sacti tion ons s are movin moving g on to the the IINTERNET So we use computers for everything from banking and investing to shopping and communicat communicating ing with others through through email or chat programs. programs. Although Although you may not consider your communications "top secret," you probably do not want want strang strangers ers readin reading g your your email, email, using using your your comput computer er to attack attack other other systems, systems, sending forged email email from your computer, computer, or examining examining personal information stored on your computer such as financial statements. All All crim crimes es are are perf perfor orm med or reso resort rted ed by abus abuse e of elec electr tron onic ic media edia or otherw otherwise ise,, with with the purpos purpose e of influen influencin cing g the functio functioning ning of comput computer er or computer system. COMPUTER CRIME is any crime where – • Computer is a target. • Computer is a tool of crime • Computer is incidental to crime Comput Computer er Crime Crimes s are Vul Vulner nerabl able e because because of lack lack of user user aware awarene ness. ss. The vict victim ims s may be the the gull gullib ible le,, despe despera rado dos s and and greed greedy y peop people le,, Unski Unskille lled d & Inexperienced people, unlucky people. And disgruntled employees, teenagers, polit politic ical al hackt hacktiv ivist ist,, profe professi ssion onal al hacke hackers, rs, busi busine ness ss riva rival, l, ex-B ex-Boy oy Frie Friend nd,, divorced husband Etc. may be the cyber criminals Intrud Intruder ers s also referred referred to as hacker hackers, s, attacke attackers, rs, or cracke crackers rs may may not care care about your identity. Often they want to gain control of your computer so they can use it to launch l aunch attacks on other computer systems. Having Having control control of your your comput computer er gives gives them them the ability ability to hide hide their their true true location as they launch attacks; often against high-profile computer systems such such as gove govern rnme ment nt or fina financ ncia iall sy syst stem ems. s. Even Even if you you have have a comp comput uter er
connected to the Internet only to play the latest games or to send email to friends and family, your computer may be a target. Intruders may be able to watch all your actions on the computer, or cause damage to your computer by reformatting your hard drive or changing your data. Unfortunately, intruders are always discovering new vulnerabilities informally called called "secur "security ity holes" holes" to explo exploit it in comput computer er softwar software. e. The comple complexit xity y of softwar software e makes makes it increa increasing singly ly difficu difficult lt to thorou thoroughl ghly y test test the securi security ty of computer systems. When holes are discovered, computer vendors will usually develop patches to address the problem. However, it is up to you, the user, to obtain and install the patches, or correctly configure the software to operate more securely. Also, some software applications have default settings that allow other users to access your computer unless you change the settings to be more secure. Examples include chat programs that let outsiders execute commands on your comp comput uter er or web web brow browse sers rs that that could could allo allow w some someon one e to plac place e harm harmful ful programs on your computer that run when you click on them. Now it seems that everything relies on computers and the Internet now — commu communic nicatio ation n (email, (email, cell cell phones) phones),, entert entertainm ainment ent (digit (digital al cable, cable, mp3s) mp3s),, transp transport ortatio ation n (car (car engine engine system systems, s, airpla airplane ne naviga navigatio tion), n), shoppi shopping ng (onlin (online e stores, credit cards), medicine (equipment, medical records), and the list goes on. on. How How much much of your your dail daily y life life relie relies s on comp compute uters rs? ? How How much much of your your personal information is stored either on your own computer or on someone else else's 's sy syst stem em? ? Cybe Cyberr secu securi rity ty invo involv lves es prot protec ecti ting ng that that info inform rmat atio ion n by preventing, detecting, and responding to attacks. 2)Understanding cyber security
Compute Computer r security security is a bran branch ch of comp compute uterr tech techno nolo logy gy know known n as info inform rmat atio ion n secu securi rity ty as appl applie ied d to com compute puters rs and and netw networ orks ks.. The The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the inform informatio ation n and proper property ty to remain remain access accessibl ible e and produc productiv tive e to its inte intend nded ed us use ers. rs. The The term term com compute puterr sy syst stem em secu securi rity ty means eans the the collective processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collaps collapse e by unauth unauthori orized zed activi activitie ties s or untrus untrustwo tworth rthy y indivi individual duals s and unplanned events respectively. Cyber security is the process of preventing and detecting unauthorized use of your computer and network. Prevention measures help you to stop unauthorized users also known as "intruders" from accessing any part of your computer system. Cyber security helps you to determine
whether or not someone attempted to break into your system, if they were successful, and what they may have done and what may be the further security. 3)Layered approach in cyber security 4)Relevant case studies
Salami attacks In such crime criminal makes insignificant changes in such a manner that such changes would go unnoticed. Criminal makes such program that deducts small amount like Rs. 2.50 per month from the account of all the customer of the Bank and deposit the same in his account. In this case no account holder will approach the bank for such small amount but criminal gains huge amount. E.g. The Ziegler case wherein a logic bomb was introduced in the bank’s system, which deducted 10 cents from every account and deposited it in a particular account.
UNIT 2 Passwords
1) Case studies studies related related with with computer computer passwords. passwords. 2) Use of System System passwor passwords/BIO ds/BIOS S passwords. passwords. A password is a form of secret authentication data that is used to control access to a resource. The password is kept secret from those not allowed access, and those wishing to gain access are tested on whether or not they know know the passw passwor ord d and are gran grante ted d or deni denied ed acce access ss acco accord rdin ingl gly. y. It is a protected word or string of characters which serves as authentication of a person's identity, or which may be used to grant or deny access to private or shared data. passw passwor ords ds are are used used to cont control rol acce access ss to protec protected ted comput computer er operating systems,, mo systems mobile bile pho phones nes,, ca cabl ble e TV decoders, autom automated ated telle tellerr mac machines hines (ATM (ATMs) s),, etc. etc. A typic typical al com computer puter user may may requ require ire passw passwor ords ds for for many many purpos purposes: es: loggin logging g in to comput computer er accoun accounts, ts, retrie retrievin ving g email from servers, servers, accessing files, databases, networks, web sites, and even reading the morning newspaper online.
Types of Password 1. BIOS BIOS Pas Passw swor ord d
2. Syst System em Passw Passwor ord d i. Admini inistrato ator pa passw ssword ii. User password 1. BIOS BIOS Pas Passw swor ord d BIOS is an acronym for basic input/output system. Computers BIOS is the first program that is run when computer starts. You can tell the BIOS to ask for a password when it starts, thus restricting access to your computer. A computer's Basic Input-Output System (BIOS) is embedded software on a motherboard that will control attached hardware. It provides an operating system system with with inform informatio ation n about about hardw hardware are,, and is design designed ed to suppor supportt a specific range of components. The BIOS itself is typically an EEPROM, or Elec Electr tron onic ical ally ly Eras Erasab able le Prog Progra ram mmable able Read Read-O -Onl nly y Mem Memory, ory, that that is programmed with "firmware" and has the ability to save small amounts of information specific to user configurations.
To enter into the BIOS setup program Som Sometim etimes es it is also also call called ed CMOS CMOS setu setup. p. When When the the PC is powe poweri ring ng up, up, immediately initiate execution of the BIOS utility. For most systems, this is done by pressing DEL key on the keyboard within the first 2 - 10 second seconds s of turnin turning g the comput computer er on. Other Other system systems s might might use other other keys keys su such ch as F2, F2, F10, F10, CTR CTRL & ENTE ENTER, R, etc. etc. If you you don' don'tt know know the the keystroke sequence for entering the BIOS utility, watch the monitor to see if the computer displays it. To clear the BIOS settings, look for an option to "Restore Defaults" or "Load Fail-Safe Defaults". This may be on the main page of the BIOS utility or on the last page of a tabbed menu. Use the arrow keys to navigate, and follow the on-screen instructions. When complete, save the settings and exit the BIOS utility. When you hit DEL at the right time you'll see a menu screen something like the following screen:
Fig 1: BIOS or CMOS setting screen As you can see there are two options that relate to passwords, Supervisor Password and User Password, these relate to controlling access to the BIOS Setup Program and the Machine Boot respectively. Note that not all BIOS's have this password feature; your bios may not have it in which case you won't be able to restrict access to your computer in this way. Select USER PASSWORD and you'll be prompted to enter a password: You should now enter a password of up to eight characters; most BIOS's are limited to eight characters unfortunately. unfortunately. Recommend Recommend you use the full eight eight but take care that you choose something you'll not forget. The BIOS will then prompt you to confirm the password, just type the same thing again.
Now navigate navigate back to the main menu menu and select SAVE SAVE & EXIT SETUP. Your machine will then reboot and you'll be prompted for the password. Each and every time you boot you'll be asked for password you chose. If you forget your BIOS password, consult your motherboard manual or if you don't have one, consult the website of the BIOS manufacturer. It's not always the DEL key some BIOS's use F2 or F10 or another key combination, check your motherboard manual.
2.System Password It includes – i. User Password ii. Admini inistrator Pass Passw word i.
User Password They are the passwords passwords assigned to the users on a single machine or a domain domain.. Differ Different ent users users can have have differe different nt permi permissio ssions ns on the same same objects. Permissions may be granted to a single user or to users group.
Create User and Set Password a) Go to Start -> Control panel
b) Click Click on on User User accoun accountt
c) Clicking Clicking on user account account following following window window will will appear where where you can create new user by clicking on create new account link.
d) In following following window window you give give the new new user name name and click click next
e)
In foll follo owing windo indow w you can select the acc account unt type as a administrator or limited and click on create account button.
f) In foll follow owin ing g windo indow w new new us user er has has been been crea create ted. d. By clic clicki king ng on specific user account you can set the password.
g) In foll follow owing ing windo window w clic click k on create create a passw passwor ord d link link for for sett settin ing g a password for that user.
How to assign a Password P assword For e.g. User password or Administrator password Start -> Control panel -> User account -> create password
h) Give Give the the desir desire e passw passwor ord d in give given n box box and and clic click k crea create te passw passwor ord d button.
i) In the the foll follow owin ing g wind window ow new new acco accoun untt has has been been crea create ted d with with the the limited account type and it is now password protected.
j) In this way you can create create other account account and set the password password for that that acco account unt.. Ther There e are are also also othe otherr sett settin ings gs that that you you can can do by clicking on the particular link such as – change the name of account, change change the passwo password, rd, remo remove ve the passwor password, d, change change the picture picture,, change the account type, delete the account.
ii) ii) Admi Admini nist stra rato tor r Pass Passwo word rd Admini Admi nist stra rato torr passw passwor ord d as the name name sugge suggest sts s is assig assigne ned d to the the administrator of the machine who has all the powers to make changes on the machi machine ne and privil privilege eges s to assign assign differ differen entt rights rights to differ different ent users. Note: Setting the user and administrator password is mentioned as above in snapshots.
3) Need of strong strong passwords. passwords. While passwords are a vital component of system security, they can be cracked or broken relatively easily. Password cracking is the process of figur figurin ing g out out or brea breaki king ng passw passwor ords ds in orde orderr to gain gain unau unauth thor oriz ized ed entrance to a system or account. It is much easier than most users would think. Another easy way for potential intruders to nab passwords is throug through h social social engine engineeri ering: ng: physic physically ally nabbing nabbing the passwo password rd off a Post Post-It -It from from unde underr some someon one’ e’s s keyb keyboa oard rd or thro throug ugh h imit imitati ating ng an IT engineer and asking over the phone. Many users create passwords that can be guessed by learning a minimal amount of information about the person whose password is being sought. In order to protect our data it is important that you should have a strong/complete security policy in effect. Passwords are an extremely impo im port rtan antt as aspe pect ct of th that at se secu curi rity ty po polic licy. y. Th They ey are th the e fro front nt li line ne of protection for user accounts; it has been proven that computer hackers are able to guess or gather passwords to accounts, which can enable them to compromise most systems.
So you can enhance the security of your networks by setting strong password policies. Improve your computer's security by creating strong passwords and reducing your risk from online predators, email hoaxes and phishing scams. Strong passwords are important protections to help you have safer online transactions. Your passwords passwords are the keys you use to access access personal personal information information that you've stored on your computer and in your online accounts. If criminals or other malicious users steal this information, they can use your name to open new credit card accounts, apply for a mortgage, or pose as you in online transactions. In many cases you would not notice these attacks until it was too late. Hence it is not hard to create strong passwords and keep them well protected. Obviously, passwords are just one piece of the puzzle. Other pieces are general user education, good physical security, plugging network holes, and and inst instal alli ling ng stro strong ng fire firew walls alls.. Thes These e prov provid ide e much uch more ore glob global al protec protectio tion n in the contro controlle lled d corpor corporate ate enviro environm nment ent than than passwo passwords rds alone, but in areas where the only method of control users have is a PIN or password, the best thing we can do is be aware of security risks and keep up with their password controls.
4) Setting Setting up strong passwords passwords To an attacker, attacker, a strong password password should appear appear to be a random string of characters. The following criteria can help your passwords do so: i.
Mak ake e it leng lengtthy hy.. Eac ach h cha hara rac cte terr th that at you you ad add d to your your passw passwo ord increa inc reases ses the pro protec tectio tion n tha thatt it pro provid vides es ma many ny tim times es ove over. r. You Yourr passwords should be 8 or more characters in length; 14 characters or longer is ideal.
ii.. ii
Many Ma ny syst system ems s also sup suppo port rt use use of the spac space e bar in pass passwo word rds, s, so you can create a phrase made of many words (a "pass phrase"). A pass phrase is often easier to remember than a simple password, as well as longer and harder to guess.
iii. ii i.
Com Co mbi bine ne lette letters rs,, nu num mbe bers rs,, an and d sy sym mbo bols ls.. Th The e gr gre eat ater er varie variety ty of characters that you have in your password, the harder it is to guess. Other important specifics include: •
The fewe fewerr type types s of charac characters ters in your passwo password, rd, the longe longerr it must mu st be be.. A 15 15-ch -charac aracter ter password password co compo mposed sed onl only y of ran random dom letters and numbers is about 33,000 times stronger than an 8charac cha racter ter pas passwo sword rd com compose posed d of cha charac racter ters s fro from m the ent entire ire keyb ke yboa oard rd.. If yo you u ca cann nnot ot cr crea eate te a pa pass sswo word rd th that at co cont ntai ains ns symbols, you need to make it considerably longer to get the same sam e deg degree ree of pro prote tectio ction. n. An ide ideal al pas passwo sword rd co combi mbines nes bot both h length and different types of symbols. s ymbols.
•
•
Use the entire keyboard, not just the most common characters. Symb Sy mbol ols s ty type ped d by ho hold lding ing do down wn th the e "S "Shi hift ft"" ke key y an and d ty typi ping ng a number are very common in passwords. Your password will be muc uch h st stro rong nge er if yo you u cho hoo ose fr fro om al alll the sy sym mbo bolls on the keyboard, including punctuation marks not on the upper row of the keyboard, and any symbols unique to your language. Use words and phrases that are easy for you to remember, but difficult for others to guess. The easiest way to remember your passwords and pass phrases is to write them down. Contrary to popular pop ular bel belief ief,, the there re is not nothin hing g wr wrong ong wit with h wri writin ting g pas passwo swords rds down do wn,, bu butt th they ey ne need ed to be ade adequ quate ately ly pr prot otec ecte ted d in or orde derr to remain secure and effective.
Create a strong, memorable password in 5 steps Use these steps to develop a strong password: i. Think of a sentenc sentence e that you you can remem remember. ber. This This will be the basis basis of yo you ur st stro rong ng pas assw swor ord d or pa pass ss phr hras ase e. Use a memor orab able le sentence, such as "My son Amit is three years old." ii. Che Check ck if the compute computerr or onl online ine system system suppo supports rts the pass phrase phrase dire di rect ctly ly.. If yo you u ca can n us use e a pa pass ss ph phra rase se (w (wit ith h sp spac aces es be betw twee een n characters) on your computer or online system, do so. iii.. If the compute iii computerr or online syste system m does not not support support pass phrase phrases, s, convert it to a password. Take the first letter of each word of the sentence that you've created and create a new, nonsensical word. Using the example above, you'd get: "msaityo".
iv. Add comple complexit xity y by mixing mixing upperca uppercase se and low lowerc ercase ase letter letters s and numbers. It is valuable to use some letter swapping or misspellings as well. For instance, in the pass phrase above, consider misspelling Amit's name, or substituting the word "three" for the number 3. There are many many possible possible substitut substitutions, ions, and the the longer longer the sente sentence, nce, the more complex your password can be. Your pass phrase might become "My SoN Am3T is 3 yeeRs old." If the computer or online system will not support a pass phrase, use the same technique on the shorter password. This might yield a password like "MsAi3yo". v. Fin Finall ally, y, substitut substitute e some special special charact character ers. s. You can use symbols symbols that look like letters, combine words (remove spaces) and other ways to make the password more complex. Using these tricks, we create a pass phrase of "MySoN 8N i$ 3 yeeR$ old" or a password (using the first letter of each word) "M$8ni3y0".
Password strategies to avoid i. Some Some com commo mon n metho methods ds used used to to creat create e passw passwor ords ds are are easy easy to gue guess ss by criminals. To avoid weak, easy-to-guess passwords: ii.. ii Avo void id se sequ que enc nce es or re repe peat ate ed ch char arac acte terrs. "1 "123 234 456 567 78, 8,"" "2 "22 2222 222 2," "abcdefg," or adjacent letters on your keyboard do not help make secure passwords. iii. ii i. Avo void id us usin ing g onl nly y lo loo okk-al alik ike e su subs bsti titu tuti tio ons of nu num mbe berrs or sy sym mbo bols ls.. Criminals and other malicious users who know enough to try and crack your password will not be fooled by common look-alike replacements, such as to replace an 'i' with a '1' or an 'a' with '@' as in "M1cr0$0ft" or "P@ssw0rd". But these substitutions can be effective when combined with other measures, such as length, misspellings, or variations in case, to improve the strength of your password. iv.. iv Avoi Av oid d an any y pa part rt of your your na nam me, birt birthd hday ay,, ca carr nu num mbe berr pl plat ate, e, or simil similar ar information. This is one of the first things criminals will try. v. Av Avoi oid d di dict ctio iona nary ry wo word rds s in an any y la lang ngua uage ge.. Cr Crim imin inal als s us use e so soph phis isti tica cate ted d tool to ols s th that at ca can n ra rapi pidl dly y gu gues ess s pas passw swor ords ds th that at ar are e bas based ed on wo word rds s in multi mu ltiple ple dic dictio tionar naries ies,, inc includ luding ing wo words rds spe spelle lled d bac backwa kwards rds,, com commo mon n misspellings, and substitutions. This includes all sorts of profanity and any word you would not say in front of your children. vi.. vi Use Us e more more than than one one passw passwor ord d ever everyw ywhe here re.. If any one one of the the comp comput uter ers s or online systems using this password is compromised, all of your other info in form rmat atio ion n pr pro ote tect cte ed by tha hatt pa pass ssw wor ord d sh sho oul uld d be cons nsid ide ere red d compromised as well. It is critical to use different passwords for different systems. vii. vi i. Av Avoi oid d us usin ing g on onli line ne st stor orag age. e. If mal alic icio ious us us user ers s fi find nd th thes ese e pa pass sswo word rds s stored online or on a networked computer, they have access to all your information.
Keep your passwords secret Treat your passwords passwords and pass phrases with as much much care as the information information that they protect. i. Don't Don 't reve reveal al them them to othe others. rs. Kee Keep p your your passw password ords s hidden hidden fro from m frien friends ds or family members especially children that could pass them on to other less les s tru trustw stwort orthy hy ind indivi ividua duals. ls. Pas Passwo swords rds tha thatt you nee need d to shar share e wit with h others, such as the password to your online banking account that you might share with your partner, are the only exceptions. ii. Pro rottect any recorded pass ssw words. Be carefu full where you st sto ore the passwords that you record or write down. Do not leave these records of your passwords anywhere that you would not leave the information that they protect. iii.. iii Never Nev er prov provide ide you yourr passwo password rd over over e-m e-mail ail or or based based on an e-m e-mail ail requ request est.. Any e-mail that requests your password or requests that you to go to a Web We b sit site e to ve veri rify fy yo your ur pa passw sswor ord d is al almo most st ce cert rtain ainly ly a fra fraud ud.. Th This is includes requests from a trusted company or individual. E-mail can be intercepted in transit, and e-mail that requests information might not be from the sender it claims. Internet "phishing" scams use fraudulent email ma il me messa ssage ges s to en enti tice ce yo you u int into o re reve veal aling ing yo your ur us user er na name mes s and passwords, steal your identity, and more. iv.. iv Chan Ch ange ge your your pa pass ssw wor ords ds regul regular arly ly.. Th This is can help help keep keep cr crim imin inal als s an and d other malicious users unaware. The strength of your password will help keep ke ep it go good od fo forr a lo long nger er ti tim me. A pa pass ssw wor ord d th that at is sh shor orte terr th than an 8 characters should be considered only good for a week or so, while a password that is 14 characters or longer can be good for several years. v. Do not not type type passw password ords s on com comput puters ers tha thatt you you do not cont control rol.. Comp Compute uters rs such as those in Internet cafes, computer labs, shared systems, kiosk systems, conferences, and airport lounges should be considered unsafe for any personal use other than anonymous Internet browsing. Do not use these computers to check online e-mail, chat rooms, bank balances, busines busi ness s ma mail, il, or any other other acc accoun ountt tha thatt req require uires s a use userr nam name e and password. Criminals can purchase keystroke logging devices for very little money and they take only a few moments to install. These devices let malicious users harvest all the information typed on a computer from across acr oss the Int Intern ernet— et—you yourr pass passwo words rds and pass phr phrase ases s are wo worth rth as much as the information that they protect.
UNIT 3 Physical Security
1) Case studies studies related related with with physical physical securit security. y.
2) Need of of physical physical securit security. y. The first first layer layer of securit security y you need need to take into into account account is the physic physical al security security of your computer systems. Security is the condition of being protected against danger or loss. As security is essential in our day to day life it is also essential in the world of computers too. We have already seen the importance of data stored in computers, its use and the consequences that we have to face if this data is not protected i.e., if it is not secured. Computer Security can be defined as “the measures applied to ensure security and availability of the information processed, stored and transmitted by the com compute puter” r”.. It is prot protec ecti tion on of info inform rmat atio ion n asse assets ts thro throug ugh h the the us use e of technology, processes and training. The security measures applied differ with the differ differing ing levels levels of securi security ty requi requirem rement ents. s. As physic physical al securit security y can be achieved through the use of locks, security guards, closed circuit television, Biome Biometric trics, s, smart smart cards, fingerpr fingerprinti inting, ng, security security tokens tokens etc., etc., the logical logical securi security ty can be achiev achieved ed throug through h the use of variou various s antivi antivirus rus softwar software’s e’s,, firewalls, intrusion detection systems etc.
3) Understan Understanding ding physical physical security. security. physical security is an extremely important part of keeping your computers and data secure-- if an experienced hacker can just walk up to your machine, it can be compromised in a matter of minutes. That may seem like a remote threat, but there are other risks—like theft, data loss, and physical damage— that make it important to check your physical security posture for holes. It deals with such things as personnel, the environment, the facility and its power power supply, supply, fire protection, protection, physical physical access, and even even the protection protection of software, hardware, and data files. Physical security is concerned with physical measures designed to safeguard people, people, to prevent prevent unauthorized unauthorized access to equipment, equipment, facilities, facilities, hardware, hardware, materials and documents, and to safeguard them from damage or loss. The risk associated due to improper physical access maybe
1. 2. 3. 4. 5.
Unaut Unautho hori rize zed d entry entry Damage Damage or theft theft of of equipment equipments s or docum documents. ents. Copying Copying or or viewin viewing g of sensitive sensitive data. Abus Ab use e of of data data.. Illegal Illegal physic physical al acc access ess..
Remember that network security starts at the physical level. All the firewalls in the world won’t stop an intruder who is able to gain physical access to your network and computers, so lock up as well as lock down.
Basic Physical Security Ever Every y gene genera rall comp comput uter er netw networ orkin king g clas class s teac teache hes s the the OSI OSI and/o and/orr DoD DoD networking models, and we all learn that everything begins at the bottom, with with the the phys physic ical al leve level. l. Like Likewi wise se,, when when it come comes s to IT secu securi rity ty,, phys physic ical al secu securit rity y is the the foun founda datio tion n for for our our over overal alll stra strate tegy gy.. Bu Butt some some indi indivi vidu dual al,, organizations, distracted by the more sophisticated features of software-based security products, may overlook the importance of ensuring that the network and its compone components nts have have been been protec protected ted at the physic physical al level level.. There There are simple principles to follow:
Keeping People Away Most large corporations maintain very strict control over who can enter their datacenters. They use card key or keypad systems, log books and human securi security ty to limit limit unauth unauthori orized zed access. access. If you don't don't have have a datace datacente nter, r, this this might might seem seem like overk overkill ill—ve —very ry small small compani companies es often often tend tend to have have their their servers in hallways, reception areas, or other publicly-accessible spaces. Not only only does does this this expo expose se them them to malic malicio ious us attac attacks, ks, it incr increa ease ses s the the risk risk of accidents from spilled coffee, people tripping over cables, and small, curious children. If at all possible, sensitive servers should be kept behind a locked door, not just a door with a lock, and access access should be limited limited to a select select set of trustw trustwort orthy hy admini administr strato ators. rs. Of course course,, you should shouldn't n't let securi security ty conce concerns rns overri override de the enviro environm nment ental al requir requirem ement ents s of your your hardw hardware are.. For instanc instance, e, locking a server in a closet prevents malicious users from accessing it, but if not adequately ventilated, the computer will overheat and fail, rendering your secu securit rity y conc concer erns ns poin pointle tless. ss. Of cour course se,, your your comp comput uter ers s aren't aren't the the only only valuable asset you have: consider the worth of your backup tapes! If you want your backups to be generally useful, you'd better be storing them somewhere that protects them against fire, theft, and spilled diet Coke.
Lock up the server room
Even before you lock down the servers, in fact, before you even turn them on for the first time, you should ensure that there are good locks on the server room door. Of course, the best lock in the world does no good if it isn’t used, so you also need policies requiring that those doors be locked any time the room room is unoc unoccu cupi pied ed,, and the poli polici cies es shoul should d set set out out who who has has the the key key or keycode to get in. The server server room is the heart heart of your physical physical network, network, and someone someone with physical access to the servers, switches, routers, cables and other devices in that room can do enormous damage.
Use rack mount servers Rack mount servers not only take up less server room real estate; they are also easier to secure. Although smaller and arguably lighter than (some) tower systems, they can easily be locked into closed racks that, once loaded with several servers, can then be bolted to the floor, making the entire package almost impossible to move, much less to steal.
Keep Out It's a good idea to restrict physical access, and limit potential damage, but someone's got to be able to use the computers—you can't keep everyone away from them. The next layer of a good physical security plan is to limit what can be done with the computers. Here's a great security feature that costs nothing: lock your computer when you're walking away from it. In Windows NT, Windows 2000, or Windows XP, you only have to quickly hit Ctrl+Alt+Delete, then "k" or windows key+L (the shortcut for the Lock button). A fast-typing attacker can get to your machine and share its disk drives with no passwords in under 10 seconds—but not if the machine's locked!
Action Get in the habit of locking your computer whenever you're away from it. A corollary to the idea of restricting physical access to the areas where your computers are is to restrict people's access to the computers' components. You can do this with the physical security security features features built in to your computers computers.. Practically every desktop, tower, or laptop computer sold in the last 15 years or so has some s ome useful security features that you can apply to make it harder to atta attack ck or stea steall your your comp comput uter er or, or, at wors worst, t, to rende renderr it us usel eles ess s if stole stolen; n; Windows provides a number of useful features too.
•
Lock the CPU case. Most desktop and tower cases have locking lugs that you can use to keep an intruder from opening the case.
•
Use a cable-type security lock to keep someone from stealing the whole computer. This is particularly good advice for laptops or small desktops that can easily be hidden inside a backpack or coat.
•
Configure the BIOS not to boot from the floppy drive. This makes it harder for an intruder to remove passwords and account data from your system's disks.
•
Consider whether it's worth the expense of using a motion-sensor alarm in the room where the computers located.
•
Use the syskey utility (supported in Windows NT 4.0, Windows 2000, and Windows XP) to secure the local accounts database, local copies of EFS encryption keys, and other valuables that you don't want attackers to have.
•
Use the Encrypting File System (EFS) to encrypt sensitive folders on your mach machin ine. e. EFS EFS is avai availa labl ble e for for all all vers versio ions ns of Wind Window ows s 20 2000 00 and for for Windows Windows XP Profession Professional—whe al—whether ther you're using a laptop, laptop, desktop, desktop, or server, EFS adds an extra layer of protection.
Set up surveillance Locking the door to the server room is a good first step, but someone could break in, or someone who has authorized access could misuse that authority. You need need a way to know know who goes goes in and out out and when. when. A log book book for signing signing in and out is the most elemental way to accomplish this, but it has a lot of drawbacks. A person with malicious intent is likely to just bypass it. A better solution than the log book is an authentication system incorporated into the locking devices, so that a smart card, token, or biometric scan is required to unlock the doors, and a record is made of the identity of each person who enters. A video surveillance camera, placed in a location that makes it difficult to tamper with or disable (or even to find) but gives a good view of persons entering and leaving should supplement the log book or electronic access system. Surveillance cams can monitor continuously, or they can use motion
detection technology to record only when someone is moving about. They can even be set up to send e-mail or cell phone notification if motion is detected when it shouldn’t be (such as after hours).
Make sure the most vulnerable devices are in that locked room Remember, it’s not just the servers you have to worry about. A hacker can plug a laptop into a hub and use sniffer software to capture data traveling acro across ss the the netw networ ork. k. Make Make su sure re that that as many many of your your netw networ ork k devi device ces s as possible are in that locked room, or if they need to be in a different area, in a locked closet elsewhere in the building.
Don’t forget the workstations Hackers can use any unsecured computer that’s connected to the network to access or delete information that’s important to your business. Workstations at unoccupied desks or in empty offices (such as those used by employees who are on vacation or have left the company and not yet been replaced) or at locations easily accessible to outsiders, such as the front receptionist’s desk, are particularly vulnerable. Disconnect and/or remove computers that aren’t being used and/or lock the doors of empty offices, including those that are temporarily empty while an employee is at lunch or out sick. Equip computers that must remain in open areas, sometimes out of view of employees, with smart card or biometric readers so that it’s more difficult for unauthorized persons to log on.
Keep intruders from opening the case Both servers and workstations should be protected from thieves who can open the case and grab the hard drive. It’s much easier to make off with a hard disk in your pocket than to carry a full tower off the premises. Many computers come with case locks to prevent opening the case without a key. You can get locking locking kits from a variety variety of sources sources for very low cost, such as the one at Innovative Security Products. Products .
Protect the portables Laptops and handheld computers pose special physical security risks. A thief can easily steal the entire computer, including any data stored on its disk as well as network logon passwords that may be saved. If employees use laptops at their desks, they should take them with them when they leave or secure them to a permanent fixture with a cable lock, such as the one at PC Guardian. Guardian.
Handhelds can be locked in a drawer or safe or just slipped into a pocket and carried on your person when you leave the area. Motion sensing alarms such as the one at SecurityKit.com are also available to alert you if your portable is moved. For portables that contain sensitive information, full disk encryption, biometric readers, and software that “phones home” if the stolen laptop connects to the Internet can supplement physical precautions.
Pack up the backups Backing up important data is an essential element in disaster recovery, but don’t forget that the information on those backup tapes, disks, or discs can be stolen and used by someone outside the company. Many IT administrators keep the backups next to the server in the server room. They should be locked in a drawer or safe at the very least. Ideally, a set of backups should be kept off site, and you must take care to ensure that they are secured in that offsite location. Don’t overlook the fact that some workers may back up their work on floppy disk disks, s, USB keys keys,, or exter xterna nall hard hard disk disks. s. If this this prac practi tice ce is allo allowe wed d or encouraged, be sure to have policies requiring that the backups be locked up at all times.
Disable the drives If you don’t don’t want want emplo employe yees es copyi copying ng company company inform informatio ation n to remov removable able media, you can disable or remove floppy drives, USB ports, and other means of connecting external drives. Simply disconnecting the cables may not deter technically savvy workers. Some organizations go so far as to fill ports with glue or other substances to permanently prevent their use, although there are softw software are mech mechani anism sms s that that disa disallo llow w it. it. Di Disk sk lo lock cks s, such as the one at SecurityKit.com, can be inserted into floppy drives on those computers that still have them to lock out other diskettes.
Protect your printers You might not think about printers printers posing a security risk, but many of today’s printers store document contents in their own on-board memories. If a hacker steals the printer and accesses that memory, he or she may be able to make copies of recently printed documents. Printers, like servers and workstations that store important information, should be located in secure locations and bolted down so nobody can walk off with them. Also think about the physical security of documents that workers print out, especially extra copies or copies that don’t print perfectly and may be just
abandoned at the printer or thrown intact into the trash can where they can be retr retrie ieve ved. d. It’s It’s best best to impl implem emen entt a polic policy y of imme immedia diate tely ly shred shreddi ding ng any unwante unwanted d printe printed d docume documents, nts, even even those those that that don’t don’t contai contain n confid confident ential ial info inform rmat atio ion. n. Thi This estab stabli lish she es a habi habitt and and fre frees the end us use er of the the responsibility for determining whether a document should be shredded.
Protect Your Plumbing Network cabling, hubs and even the external network interface are extremely vulnerable points in a network. An attacker who can attach to your network can steal data in transit or mount attacks against computers on your network —or on other networks! If at all possible, keep hubs and switches behind locked doors or in locked cabinets, run cabling through walls and ceilings to make it harder to tap, and ensure that your external data connection points are kept locked. A few other tips: •
If you're using a DSL connection for your home or office computers, make sure the phone company's interface box is locked—if anything happens to its cabling, your DSL service will go away.
•
If you want to use wireless networking, be sure that you understand the security requirements. In brief, you need to secure your network so that an outside attacker can't intercept your traffic or join your network. The process of setting this up varies according to your wireless hardware vendor, but it's easy to do from Windows XP.
4) Accountab Accountability ility of physical physical security. security. Access Acce ss and us use e must must be speci specific fic to an indi indivi vidu dual al user user at a part partic icul ular ar mome moment nt in time time;; it must must be possi possible ble to trac track k acce access ss and use to that that individual. Throughout the entire protection process, user access must be appropriately controlled and limited to prevent excess privileges and the opport opportuni unity ty for seriou serious s errors errors.. Tracki Tracking ng must must always always be an impor importan tantt dimension of this control. At the conclusion of the entire cycle, violations occurring during access and data manipulation phases must be reported on a regular basis so that these security problems can be solved. Accountability uses such system components as audit trails or records and logs to associate a subject with its actions. The information recorded should
be sufficient to map the subject to a controlling user. Audit trails and logs are important for • •
Detecting security violations Re-creating security incidents
If no one is regularly reviewing your logs and they are not maintained in a secure and consistent manner, they may not be admissible as evidence. Many Many sy syst ste ems can gene genera ratte aut automat omated ed report ports s base based d on certai rtain n predefined criteria or thresholds, known as clipping levels. For example, a clipping level may be set to generate a report for the following: • •
More than three failed logon attempts in a given period Any attempt to use a disabled user account
These reports reports help a system system administrato administratorr or security security administrat administrator or to more easily identify possible break-in attempts. Activity must be tracked to specific individuals to determine accountability. Responsibility for all actions is an integral part of accountability; holding someo someone ne accoun accountabl table e withou withoutt assign assigning ing respon responsib sibilit ility y is meani meaningl ngless ess.. Conv Conver erse sely ly,, to assig assign n resp respon onsi sibi bilit lity y with withou outt acco accoun unta tabi bilit lity y make makes s it impossible to enforce responsibility. Therefore, any method for protecting resou resource rces s requir requires es both both respon responsib sibilit ility y and accoun accountab tabili ility ty for all of the part partie ies s invo involv lved ed in deve develo lopi ping ng,, maint aintai aini ning ng,, and and us usin ing g proc proces essi sing ng resources. An example of providing accountability and responsibility can be found in the way some organizations handle passwords. Users are taught that their passw passwor ords ds are are to be stor stored ed in a secu secure re loca locati tion on and and not not disc disclo lose sed d to anyone. In some organizations, first-time violators are reprimanded; if they continue to expose organizational information, however, penalties may be imposed, including dismissal.
http://www.ccert.edu.cn/education/cissp/hism/675-680.html
5) Securi Security ty equip equipme ments nts (Biom (Biometr etrics ics,, smart smart cards cards,, finge fingerp rprin rintin ting, g, security tokens etc.) Biometrics
Biom Biomet etric ric come come from from the the Gree Greek k words words "bio "bio"" (life (life)) and and "met "metric ric"" (to (to measure). Biometrics is technologies used for measuring and analyzing a pers person on's 's uniq unique ue char charac acte teri rist stic ics. s. Biom Biomet etric ric char charac acte teri rist stic ics s can can be divided in two main classes: Physiological are related to the shape of the body. Examples include, but are not limited to fingerprint, face recognition, DNA, hand hand and and palm palm geom geomet etry ry,, iris iris reco recogn gniti ition on,, whic which h has has larg largel ely y replaced retina, and odor/scent. Behavioral are related to the behavior of a person. Examples includ include, e, but are not limite limited d to typing typing rhythm rhythm,, gait, gait, and voice voice.. Some researchers researchers have coined coined the term behaviome behaviometrics trics for this class of biometrics. •
•
Use of Biometric Security Biometrics is used for identification and verification: •
Identification
Identification is determining who a person is. It involves trying to find a match for a person's biometric data in a database containing records of people people and that that charac character terist istic. ic. This This metho method d requi requires res time time and a large large amount of processing power, especially if the database is very large. •
Verification
Verificatio Verification n is determining determining if a person person is who they say they are. It involves comparing a user's biometric data to the previously recorded data for that person to ensure that this is the same person. This method requires less processing power and time, and is used for access control (to buildings or data).
Need of Biometric Security – Reli Reliabl able e us user er auth authen enti tica cati tion on is esse essent ntia ial. l. The conse consequ quen ence ces s of inse insecu cure re authenticat authentication ion in a banking or corporate corporate environment environment can be catastrophic catastrophic,, with loss of confidential information, money, and compromised data integrity. Many applications in everyday life also require user authentication, including physic physical al access access contr control ol to office offices s or buildi buildings ngs,, e-com e-comme merce rce,, healthc healthcare are,, immigration and border control, etc. Curre Currently ntly,, the prevai prevailin ling g techni technique ques s of user user authen authentic ticatio ation n are linked linked to passwo passwords rds,, user user IDs, identi identific ficatio ation n cards cards and PINs PINs (perso (personal nal identi identific ficatio ation n numbers). These techniques suffer from several limitations like Passwords and PINs can be guessed, stolen or illicitly acquired by covert observation.
In addition, there is no way to positively link the usage of the system or service to the actual user. A password can be shared, and there is no way for the system to know who the actual user is. A credit card transaction can only vali valida date te the the cred credit it card card num number ber and and the the PIN, IN, not not if the the tran transa sact ctio ion n is conducted by the rightful owner of the credit card. •
Is it possible to break password? Yes, it is possible possible to break password using password password breaking breaking tools e.g Backtrack, knoppix. The issue is that many password are easy to guess, and can also be easily forgotten.
•
Is it possible to make duplicate key of car? Yes, Key Key of the car car can anytim anytime e be duplicat duplicated ed if it is lost from from owner owner or if if anybody stolen that original key.
•
Is it possible to crack PIN (Personal Identification Number) of Card? Yes, it can be making making possible. possible.
•
Is it possible to break biometrics techniques? No, it’s impossible to make duplication of biometrics techniques. You cannot lose them, are unique for each individual and are difficult to forge e.g. fingerprint, hand, iris, retina, voice.
Features of Biometrics •
•
•
•
Unique: The various biometrics systems have been developed around unique characteristics of individuals. The probability of 2 people sharing the same biometric data is virtually nil.
Cann Cannot ot be shar shared ed:: Beca Because use a biom biomet etri ric c prop proper erty ty is an intr intrin insic sic property of an individual, it is extremely difficult to duplicate or share (you cannot give a copy of your face or your hand to someone!).
Cannot be copied: Biometric characteristics are nearly impossible to forge forge or sp spoo oof, f, espe especi cial ally ly with with new new tech techno nolo logi gies es ensu ensuri ring ng that that the the biometric being identified is from a live person. Cannot be lost: A biometric property of an individual can be lost only in case of serious accident.
Main types of Physical biometric systems : The main main physical physical biome biometric tric technol technologies ogies include include:: 1. 2. 3. 4. 5. 6.
fin fingerpr rprint iris retina hand palm vein face
There are also a number number of behavioural behavioural biometric biometric technologies technologies such as voice recognition (analyzing a speaker's vocal behavior), keystroke (measuring the time time sp spac acin ing g of type typed d word words), s), gait gait reco recogni gniti tion on (man (manne nerr of walki walking ng), ), or signature (analyzing the way you sign).
Fingerprint biometrics Why we use finger part from Human Body? Human fingerprints are unique to each person and can be regarded as a sort of signature, certifying the person's identity. Because no two fingerprints are exactly alike, the process of identifying a fingerprint involves comparing the ridges and impressions on one fingerprint to those of another.
Principles of fingerprint biometrics A fingerprint is made of a a number of ridges and valleys on the surface of the finger. Ridges are the upper skin layer segments of the finger and valleys are the lower segments. The ridges form so-called minutia points: ridge endings (where a ridge end) and ridge bifurcations (where a ridge splits in two). Many types types of minuti minutiae ae exist, exist, includ including ing dots dots (very (very small small ridges ridges), ), islands islands (ridge (ridges s slightly longer than dots, occupying a middle space between two temporarily diverg divergen entt ridges ridges), ), ponds ponds or lakes lakes (empty (empty spaces spaces betwe between en two two tempor temporari arily ly diverg divergen entt ridges ridges), ), spurs spurs (a notch notch protru protrudin ding g from from a ridge) ridge),, bridge bridges s (small (small ridges joining two longer adjacent ridges), and crossovers (two ridges which cross each other). The uniqueness uniqueness of a fingerprint fingerprint can be determine determined d by the pattern pattern of ridges ridges and furrows as well as the minutiae points. There are five basic fingerprint patterns: arch, tented arch, left loop, right loop and whorl. Loops make up 60% of all fingerprints, whorls account for 30%, and arches for 10%.
Fingerprints are usually considered to be unique, with no two fingers having the exact same dermal ridge characteristics. Figure- Fingerprint Example
How does fingerprint biometrics work The main technolog technologies ies used to capture capture the fingerprint fingerprint image with sufficient sufficient detail are optical, silicon, and ultrasound. There are two two main main algorithm algorithm families families to recognize recognize fingerprint fingerprints: s: •
Minutia matching It compares specific details within the fingerprint ridges. At registration (also called enrollment), the minutia points are located, together with thei theirr rela relativ tive e posit positio ions ns to each each othe otherr and and thei theirr dire direct ctio ions. ns. At the the matching stage, the fingerprint image is processed to extract its minutia points, which are then compared with the registered template.
•
Pattern matching It compar compares es the overal overalll charac character terist istics ics of the fingerp fingerprin rints, ts, not only only individual individual points. points. Fingerprint Fingerprint characteristic characteristics s can include include sub-areas sub-areas of certain interest including ridge thickness, curvature, or density. During enrollment, small sections of the fingerprint and their relative distances are extracted from the fingerprint. Areas of interest are the area around a minutia point, areas with low curvature radius, and areas with unusual combinations of ridges.
Applications of fingerprint biometrics : Fingerprint sensors are best for devices such as cell phones, USB flash drives, notebook computers and other applications where price, size, cost and low
power are key requirements. Fingerprint biometric systems are also used for law enforcement, background searches to screen job applicants, healthcare and welfare.
Benefits of fingerprint biometric systems • • • • • •
Easy to use Cheap Small size Low power Non-intrusive Large database already available
Issues with fingerprint systems : The tip of the finger finger is a small area from which which to take measurem measurements, ents, and ridge patterns can be affected by cuts, dirt, or even wear and tear. Acquiring high high-q -qua uali lity ty imag image es of dist distin inct ctiv ive e fing finger erpr prin intt ridg ridges es and and minut inutia iae e is complicated task. People with no or few minutia points (surgeons as they often wash their hands with strong detergents, builders, people with special skin conditions) cannot enroll or use the system. The number of minutia points can be a limiting factor for security of the algorithm. Results can also be confused by false minutia point points s (are (areas as of obfu obfusc scat atio ion n that that appe appear ar due due to lowlow-qu qual alit ity y enro enrollm llmen ent, t, imaging, or fingerprint ridge detail). Note: Note: There There is some some contro controver versy sy over over the unique uniquenes ness s of fingerp fingerprin rints. ts. The qual qualit ity y of part partia iall print prints s is howe howeve verr the the limi limiti ting ng facto factor. r. As the the numbe numberr of defining points of the fingerprint become smaller, the degree of certainty of identity declines. There have been a few well-documented cases of people being wrongly accused on the basis of partial fingerprints.
Iris biometrics Function: Iris Iris recog recognit nition ion is a metho method d of biome biometri tric c authen authentic ticatio ation n that that uses uses patte patternrnrecognition techniques based on high-resolution images of the irides of an individual's eyes. Principles of iris biometrics The iris iris is the elastic, elastic, pigmente pigmented, d, connective connective tissue that that controls controls the the pupil. pupil. The iris iris is form formed ed in earl early y life life in a proc proces ess s calle called d morph morphog ogen enes esis is.. Once Once full fully y formed, the texture is stable throughout life. It is the only internal human
organ visible from the outside and is protected by the cornea. The iris of the eye has a unique pattern, from eye to eye and person to person.
How does iris biometrics work An iris scan will analyze over 200 points of the iris, such as rings, furrows, freckles, the corona and will compare it it a previously recorded template. Glas Glasse ses, s, conta ontac ct lens lense es, and and even ven eye su surg rger ery y doe does not not chang hange e the characteristics of the iris. To prevent prevent an image image / photo of the iris iris from being being used instead instead of a real "live" "live" eye, iris scanning systems will vary the light and check that the pupil dilates or contracts.
Applications of iris biometrics Applications include: Identity cards and passports, border control and other Gover Governm nment ent program programme mes, s, prison prison securi security, ty, databa database se access access and compute computerr login login,, hospi hospita tall secu securi rity ty,, scho school ols, s, avia aviati tion on secu securi rity ty,, cont contro rolli lling ng acce access ss to restricted areas, buildings and homes.
Benefits of retina biometric systems •
•
Highly accurate: There is no known case of a false acceptance for iris recognition Not intrusive and hygienic - no physical contact required
Weaknesses of retina biometric systems •
The user user must must hold hold still while the scan scan is taking taking place place
Retina biometrics
Function:
The retina retina biometric biometric analyzes analyzes the layer layer of blood vessels vessels located located at the back of the eye. This technique usually uses a low-intensity light source through an optical coupler and scans the unique patterns of the layer of blood vessels known as the retina. Retina scanning is quite accurate and very unique to each individual similar to the iris scan; but unlike the iris scan, it typically requires the user to look into a receptacle and focus on a given point for the user's retina to be scanned. This is not particularly convenient for people who wear glasses or are concerned about close contact with the reading device. This technique is more intrusive intrusive than other biometric biometric techniques; techniques; as a result, result, retina scanning is not the most friendly process even though the technology itself is very accurate for use in identification, verification and authentication.
Principles of retina biometrics biometrics The blood blood vessels vessels at at the back of of the eye eye have have a unique unique patter pattern, n, from eye to to eye and person to person.
How does retina biometrics biometrics work Retina scans require that the person removes their glasses, place their eye close to the scanner, stare at a specific point, and remain still, and focus on a speci specifie fied d loca locati tion on for for appro approxi xima mate tely ly 10 to 15 seco second nds s whil while e the the scan scan is completed. A retinal scan involves the use of a low-intensity coherent light source, which is projected onto the retina to illuminate the blood vessels which are then photographed and analysed. A coupler is used to read the blood vessel patterns. A retina scan cannot be faked as it is currently impossible to forge a human retina. Furthermore, the retina of a deceased person decays too rapidly to be used to deceive a retinal scan. A retinal scan has an error rate of 1 in 10,000,000, compared to fingerprint identification error being sometimes as high as 1 in 500.
Applications of retina biometrics Retina biometrics systems are suited for environments requiring maximum security, such as Government, military and banking. Retina biometric systems have been in use for military applications since the early seventies
Benefits of retina biometric systems •
Highly accurate
Issues with retina systems •
Enrollment and scanning are intrusive and slow.
Face biometrics Function: Face recognition can be an important alternative for selecting and developing an optimal biometric system. Its advantage is that it does not require physical contact with an image capture device (camera). A face identification system does not require any advanced hardware, as it can be used with existing image capture devices (webcams, security cameras etc.). Like fingerprint biometrics, facial recognition technology is widely used various syste sy stems ms,, inclu includi ding ng phys physic ical al acce access ss cont contro roll and and comp comput uter er user user acco accoun unts ts security. Usuall Usually y these these system systems s extra extract ct cetain cetain featur features es from from face images images and then then perform face matching using these features. A face does not have as many uniq unique uely ly measu easura rabl ble e feat featur ures es as fing finger erpr prin ints ts and and eye eye iris irises es,, so faci facial al
recognition reliability is slightly lower than these other biometric recognition methods. However, it is still suitable for many applications, especially when taking into account its convenience for user. Facial recognition can also be used together with fingerprint fingerprint recognition recognition or another another biometric biometric method for developing more security-critical applications.
Principles of face biometrics The dimen dimensions, sions, propor proportions tions and and physical physical attribu attributes tes of of a person's person's face face are unique.
How does face biometrics work Biome Biometric tric facial facial recogn recognitio ition n system systems s will will measu measure re and analyz analyze e the overall overall structure, shape and porportions of the face: Distance between the eyes, nose, mouth, and jaw edges; upper outlines of the eye sockets, the sides of the mouth, uth, the the loc locatio ation n of the nose nose and and eyes, the the are area su surr rro oundi unding ng the the cheekbones. At enrolm enrolment ent,, severa severall pictur pictures es are taken taken of the user's user's face, face, with with slight slightly ly different angles and facial expressions, to allow for more accurate matching. For verification and identification, the user stands in front of the camera for a few seconds, and the scan is i s compared with the template previously recorded. To prevent prevent an image / photo of the face or a mask from being being used, face biometric systems will require the user to smile, blink, or nod their head. Also, facial thermography can be used to record the heat of the face (which won't be affected by a mask). The main facial recognition methods are: feature analysis, neural network, eigenfaces, and automatic face processing.
Applications of face biometrics Access Access to restri restricte cted d areas areas and buildi buildings, ngs, banks, banks, embass embassies, ies, militar military y sites, sites, airports, law enforcement.
Benefits of face biometric systems •
Not intrusive, can be done from a distance, even without the user being aware of it (for instance when scanning the entrance to a bank or a high security area).
Weaknesses of face biometric systems •
•
Face Face biome biometri tric c system systems s are more more suited suited for authen authentic ticati ation on than than for identification purposes, as it is easy to change the proportion of one's face by wearing a mask, a nose extension, etc. User perceptions / civil liberty: Most people are uncomfortable with having their picture taken.
Security token A security token sometimes called an authentication token is a small hardware device that the owner carries to authorize access to a network service. It is used to prove one's identity electronically as in the case of a customer trying to access their bank account. The token is used in addition to or in place of a password to prove that the customer is who they claim to be. The token acts like an electronic key to access something. The device device may be in the form of a smart card or may be embedded embedded in a commonly used object such as a key fob. Security tokens provide an extra level of assurance through a method known as two-factor authentication: the user has a personal identification number (PIN), which authorizes them as the owner owner of that that partic particula ularr device device;; the device device then then dis displa plays ys a number number which which uniq unique uely ly iden identi tifie fies s the the us user er to the serv servic ice, e, allo allowi wing ng them them to log log in. in. The identification number for each user is changed frequently, usually every five minutes or so. Unli Unlike ke a passw passwor ord, d, a secu securi rity ty toke token n is a phys physic ical al obje object ct.. A key key fob, fob, for for example, is practical and easy to carry, and thus, easy for the user to protect. Even if the key fob falls into the wrong hands, however, it can't be used to gain access because the PIN which only the rightful user knows is also needed.
Smart Card A smart card, chip card, or integrated circuit card (ICC), is any pocket-sized card with embedded integrated circuits. The card may embed a hologram to prev preven entt coun counte terf rfei eiti ting ng.. Smar Smartt card cards s may also also prov provid ide e stro strong ng secu securi rity ty authentication for single sign-on within large organizations. Smart cards can be us used ed for for iden identi tific ficat atio ion, n, auth authen enti tica cati tion on,, data data stor storage age and and appl applic icati ation on processing. The most most common common smart smart card card applicatio applications ns are: are: • • • • • • • •
Credit cards Electronic cash Computer security systems Wireless communication Loyalty systems (like frequent flyer points) Banking Satellite TV Government identification
A quickly growing application is in digital identification. In this application, the cards authenticate identity. The most common example employs PKI. The card stores an encrypted digital certificate issued from the PKI provider along with other relevant information. Combined with biometrics, cards can provide twoor three-factor authentication. In 1999 Gujarat was the first Indian state to introduce a smart card license system. To date it has issued 5 million smart card driving licenses to its people. In computer the Mozilla Firefox web browser can use smart cards to store certificates for use in secure web browsing. Some disk encryption systems, such such as FreeO FreeOTFE TFE,, TrueC TrueCryp ryptt and Micros Microsoft oft Windo Windows ws 7 Bit BitLoc Locker ker,, can use smart cards to securely hold encryption keys, and also to add another layer of encryption to critical critical parts of the secured disk. Smart cards are also used for single sign-on to log on to computers
6) Tips to protect your laptop laptop from theft Laptop computer is an essential tool, but it also creates all kinds of security problems. Here is what you need to know to set up basic laptop security.
There Are Two Two Levels Levels of of Laptop Secur Security ity
First, securing your actual laptop hardware against theft. Second, about making sure the information on your laptop is more secure.
Ways to Prevent Your Laptop from Being Stolen
1. Get a cable lock: Almost all laptops come equipped with a Universal Secu Se curi rity ty Sl Slot ot th that at al allo lows ws yo you u to at atta tach ch th the e la lapt ptop op to a he heav avy y or unbreakable object. Cables are not so costly and can be found in any technology supply store. Use it in places like hotel rooms, conference rooms, airport waiting areas, and libraries.
2. Use a docking station: If you have a lot of visitors, contractors, or housekeepi house keeping ng staff coming through your office office,, lockin locking g your laptop into a docking station is a good idea.
3. Lock the laptop in a filing cabinet or other secure, out-of-sight location when you leave the office.
4. When travelling with your laptop, don't carry it in a computer case. This make makes s you an obvio obvious us targe targett for lapto laptop p thiev thieves. es. Get a padde padded d sleev sle eve e an and d ca carr rry y yo your ur la lapt ptop op in a re regu gula larr br brie iefc fcase ase or a bac backp kpac ack k instead. 5. Be especially cautious in airports. Don't put your laptop down or let it out of your sight through security checkpoints.
There are many twotwo-perso person n scam scams s involv involving ing one perso person n creat creating ing a distraction while another calmly walks away with your laptop. Use a budd bu ddy y sy syst stem em whe hene neve verr po poss ssib ible le,, so on one e pe pers rson on ca can n go th thro roug ugh h security, and then receive both laptops while you go through security.
Keys to Prevent Data Theft
Now, let's talk about keeping the data on your laptop secure. Besides the financial cost of getting a laptop stolen, this can be the real blow for many people. Imagine losing all your contacts, your calendar, your Word and Excel documents, years of digital photos -- whatever you value on your computer. And if you have confidential information or trade secrets on yo your ur la lapt ptop op,, th then en yo you u ha hav ve ev even en gr grea eate terr se secu curi rity ty co conc ncer erns ns..
1. The most basic advice is to regularly back up all of the important data on your laptop hard drive. DVD burners make this easy to fit on one disc, so get in the habit of doing it regularly. Use a thumb drive in between for backups.
2. Disable the Guest account in Windows. It's also a good idea to assign it a lo long ng st stri ring ng of ra rand ndom om num numbe bers rs as a pa pass sswo word rd,, ju just st for for go good od measure. 3. Ma Many ny ha hack cker ers s wi will ll tr try y to lo log g in to a Win indo dows ws la lapt ptop op us usin ing g th the e Administrator account. Rename this account with something that does nott lo no look ok ob obvi viou ous. s. So Some me ha have ve ev even en se sett up a du dumm mmy y Ad Admi mini nist stra rato torr account as well.
4. Modify your laptop so that the last username used to log on is not displayed in the logon dialog box.
5. Don't set your laptop to automatically log into websites, and don't save passwords on your laptop to make login easier. Otherwise, a thief who has stolen your laptop can easily log into your accounts.
6. It's possible for someone to access your files even without touching your computer. One way to stop this is to disable the Bluetooth and infrared port on your computer.
7. In addition, addition, be careful about using using Wi-Fi access. access. With unencryp unencrypted ted Wi-Fi, every password, email message, and Web page can be read by any other user on that Wi-Fi network. That means you should only use secu se cure re (e (enc ncry rypt pted ed)) em emai aill an and d sh shou ould ld ne neve verr en ente terr a pa pass ssw wor ord d or confidential information on a webpage over Wi-Fi unless it is a secure connection. If you don't know what that means, then don't use email and don't don 't ent enter er pri privat vate e info inform rmatio ation n fro from m you yourr bro browse wserr wh when en usin using g Wi Wi-Fi. -Fi.
8. Add Spoofstick to your browser. It helps you identify bogus websites.
9. Use data encryption whenever possible. This is for more advanced users.
Getting Your Stolen Laptop Back
If your laptop is stolen, there are simple things you can do to help increase the odds that you get it back. 1. Record your serial number or MAC id in a separate location. You will need ne ed th this is to pr prov ove e ow owne ners rshi hip p of an any y re reco cove vere red d la lapto ptop. p. Thi This s is als also o important if you file an insurance claim.
2. Register your hardware with the manufacturer. You can contact them if your laptop is stolen, so if the thief ever sends it in for repair, you will be notified.
3. Put a tamper resistant metal asset tag on your computer. This will help police track down the legal owner. 4. Use a lapt laptop op tra tracki cking ng and recovery recovery service service.. The There re are a var variet iety y of products produc ts and services services that are design designed ed to eithe eitherr prev prevent ent laptop theft and loss or locate a missing laptop. There are many different recovery services that use GPS to track a lost or stolen laptop when it connects to the internet. Some tracking software can be removed by reformatting the hard drive, but others are embedded into the computer itself and are more difficult for thieves to deactivate. Adeona offers high quality laptop tracking software. You can also use tracker software to for stolen laptop such as- LaptopLocator.
UNIT 4 Windows XP security 1) Case studies related with with WINXP user accounts accounts and service packs
2) Installation of WINXP and need of service service packs.
I.Installation of Windows XP Before you begin the installation process, use this checklist to make sure that you are prepared:
A) Pre-instal Pre-installatio lation n checklist checklist
• •
•
•
•
You have have the Windows Windows XP CD. You have the product product key available. available. The product key is located on your Windows XP CD case and is required to install and activate Windows XP. Your computer computer hardware hardware is set up. At a minimum minimum,, you should should connect connect your keyboard, mouse, monitor, and CD drive. If available, you should connect your computer to a wired network. You have Windows Windows XP drivers drivers available. available. Drivers Drivers are software software that Windows XP uses to communicate with your computer’s hardware. Most new compute computers rs includ include e a CD contai containin ning g drive drivers. rs. If you do not have drive drivers rs availab available, le, Window Windows s XP may may alread already y include include drive drivers rs for your your hard hardwa ware re.. If not, not, you you sh shou ould ld be able able to down downlo load ad them them from from your your hardware manufacturer’s Web site after you set up Windows XP. If you are reinstalling Windows XP on an existing computer, you need a backup backup copy copy of your your files files and settin settings. gs. The instal installat lation ion proce process ss will will delete all of your files. You can use the File and Settings Transfer Wizard to store your files and settings on removable media and then restore them after installation is complete.
B) Installat Installation ion proces process s Installing Windows XP can take up to two hours. To make the process more manageable, it has been broken up into several sections. When you are ready, install Windows XP: Part 1: Begin the installation Part 2: Continue the installation Part 3: Complete the installation
Part 1: Begin the installation
1. Insert the Window Windows s XP CD CD into your computer computer and and restart restart your your computer.
2. If prompted to start from the CD, press SPACEBAR. If you miss the prompt (it only appears for a few seconds), restart your computer to try again.
1. You can press press F6 if you need need to install install additio additional nal SCSI SCSI adapters adapters or other mass-storage devices. If you do you will be asked to supply a floppy disk with the drivers and you CANNOT browse it.
2.
If you want, you can press F2 to run the ASR sequence. For that you need a good backup created by the Windows XP backup program, and the ASR floppy disk. If you plan to install a new copy of XP - don't do anything.
3. Setup will will load all all the neede needed d files and and drivers. drivers.
4.
Windows XP Setup begins. During this portion of setup, your mouse will not work, so you must use the keyboard. On the Welcome to Setup page, press ENTER. If you want, and if you have a previous installation of XP, you can try to fix it by pressing R. If not, just press ENTER.
5.
On the Windows XP Licensing Agreement page, read the licensing agreement. Press the PAGE DOWN key to scroll to the bottom of the agreement. Then press F8 if you accept it.
6. This page page enables enables you to select select the hard disk disk drive on which which Window Windows s XP will be installed. Select or create the partition on which you will install Windows XP Professional. Depending upon your existing disk configuration. Once Once you you comp comple lete te this this step step,, all all data data on your your hard hard disk disk driv drive e will will be removed and cannot be recovered. It is extremely important that you have a recent backup copy of your files before continuing. When you have a backup copy, press D, and then press L when prompted. This deletes your existing data. choose one of the following: •
Press ENTER to select unpartitioned space, which appears by default. If the hard disk is unpartitioned, you can create and size the partition on which you will install Windows XP Professional.
•
•
•
•
7.
If the hard disk is already partitioned, but has enough unpartitioned disk space, you can create an additional partition in the unpartitioned space. If the hard disk already has a partition that is large enough, you can install Windows XP Professional on that partition. If the partition has an existing operating system, you will overwrite that operating system if you accept the default installation path. However, files other than the operating system files, such as program files and data files, will not be overwritten. If the hard disk has an existing partition, you can delete it to create more unpartitioned space. After installation, use Disk Management to partition the remaining space on the hard disk.
Press ENTER again to select Format the partition using the NTFS file system, which appears by default. Select a file system for the installation partition. After you create the partition on which you will install Windows XP Professional, you can use Setup Setup to sele select ct the the file file sy syst stem em with with whic which h to form format at the the part partit itio ion. n. Windows XP Professional supports the NTFS file system in addition to the file allocation table (FAT) and FAT32 file systems. Windows Server 2003, Windows XP Professional, Windows 2000, and Windows NT are the only Microsoft operating systems that you can use to gain access to data on a local hard disk that is formatted with NTFS. If you plan to gain access •
to files that are on a local Windows XP Professional partition with the Micros Microsoft oft Window Windows s 95 or Window Windows s 98 operat operating ing system systems, s, you should should format the partition with a FAT or FAT32 file system. We will use NTFS.
8. Windows Windows XP erases erases your hard disk dri drive ve using a process process called called formatting formatting and then copies the setup files. You can leave your computer and return in 20 to 30 minutes.
9. The computer computer will will restart restart in graphical graphical mode, mode, and the installation installation will continue.
Part 2: Continue the installation The GUI-based portion of the Setup program 1. The setup process reboots and loads a GUI mode phase.
2. It will then begin to load device drivers based upon what it finds on your computer. You don't need to do anything at this stage.
3. Windows XP restarts and then continues with the installation process. From this point forward, you can use your mouse. Eventually, the Regional and Language Options page appears. Click Next to accept the default settings. If you are multilingual or prefer a language other than English, you can change language settings after setup is complete.
4. Click Custom Customize ize to change change regional regional settings, settings, if if necessary. necessary. Curren Currentt System System Locale Locale - Affects Affects how progra programs ms dis displa play y dates, dates, times, times, currency, and numbers. Choose the locale that matches your location, for example, French (Canada). Current Keyboard Layout - Accommodates the special characters and symbols used in different languages. Your keyboard layout determines which characters appear when you press keys on the keyboard. If you don't need to make any change just press Next. •
•
•
5. If you do need to make changes press Customize and add your System Locale etc.
Personalize e Your Software Software page 6. On the Personaliz page,, type type your your name name and your your organization name. Some programs use this information to automatically fill in your name when required. Then, click next.
Product Key page, type your product key as it appears on 7. On the Your Product your Windows XP CD case. The product key is unique for every Windows XP installation. Then, click Next.
8.
Computer r Name Name and Administ Administrato rator r Password Password page, in the On the Compute Computer name box, type a name that uniquely identifies your computer in your house, such as FAMILYROOM or TIGER. You cannot use spaces or punctuation. If you connect your computer to a network, you will use this computer name to find shared files and printers. Type a strong password that you can remember in the Administrator password box, and then retype it in the Confirm password box. Write the password down and store it in a secure place. Click Next.
9. Type Type the the comp comput uter er name name and a passw passwor ord d for for the the loca locall Ad Admi mini nist stra rato torr acco account unt.. The The loca locall Ad Admi mini nist stra rato torr acco accoun untt resid resides es in the the SA SAM M of the the computer, not in Active Directory. If you will be installing in a domain, you need either a pre-assigned computer name for which a domain account has been created, or the right to create a computer account within the domain.
10.
On the Date and Time Settings page, set your computer’s clock. Then, click the Time Zone down arrow, and select your time zone. Click Next.
11.
Windows XP will spend about a minute configuring your computer. On the Networking Settings page, click Next. Setup will now install the networking components.
12.. Afte 12 Afterr a few few seco seconds nds you will will rece receiv ive e the Netwo Network rkin ing g Sett Settin ings gs window window.. BTW, if you have a NIC that is not in the HCL and XP cannot detect it, or if you don' don'tt hav have a NIC NIC at all, all, setu setup p will ill skip skip this this ste step and and you will ill immediately go to the final phase of the th e setup process. •
• • •
Press Next to accept the Typical settings option if you have one of the following situations: You have have a function functional al DHCP DHCP on your your networ network. k. You have have a comput computer er running running Interne Internett Connect Connection ion Sharing Sharing (ICS). (ICS). You're in a workgroup workgroup environm environment ent and do not plan to have any other other servers or Active Directory at all, and all other workgroup members are configured in the same manner.
13.Otherwise select Custom Settings and press Next to customize your network settings.
14.One thing you CAN do it on the Increase Internet Connection Speed in Windows XP page is to uninstall the Qos Packet Scheduler. Click it and press the Uninstall button. If you want to keep it you can simply remove the mark from the QoS check-box. In any way you can later install or uninstall it if you want.
15. 15. Keep Keep the the TCP/ TCP/IP IP,, Clie Client nt for for Micro icroso soft ft Netw Networ orks ks and and the the File File and and Print Sharing options selected.
16.
High Highli ligh ghtt tthe he TCP TCP/IP /IP sele select ctio ion n and and pre press Prope ropert rtie ies. s.
17.In the General tab enter the required information. You must specify the IP address of the computer, and if you don't know what the Subnet Mask entry should be - you can simply place your mouse pointer over the empty area in the Subnet Mask box and click it. The OS will automatically select the value it thinks is good for the IP address you provided.
18.If you don't know what these values mean, or if you don't know what to write in them, press cancel and select the Typical Settings option. You can easily change these values later. 19.In the Workgroup or Domain window enter the name of your workgroup or domain. •
•
•
A workgroup is a small group of computers on a network that enables users to work together and does not support centralized administration. A domain is a logical grouping of computers on a network that has a central security database for storing security information. Centralized security and administration are important for computers in a domain because they enable an administrator to easily manage computers that are geographically distant from each other. A domain is administered as a unit with common rules and procedures. Each domain has a unique name, and each computer within a domain has a unique name. If you're a stand-alone computer, or if you don't know what to enter, or if you don't have the sufficient rights to join a domain - leave the default Workgroup p or Computer Computer entr entry y sele select cted ed and and pres press s Next Next.. On the the Workgrou Domain page, click Next.
20.If 20 .If you you want want to join join a doma domain in (NT (NT 4.0 4.0 doma domain in of W2K/2 W2K/200 003 3 Ac Acti tive ve Direc Director tory y domain) domain) enter the domain' domain's s name name in the "Yes, make make this this computer a member of the following f ollowing domain" box.
21.To successfully join a domain you need the following: •
The person person performin performing g the installation installation must have a user account account in Acti Ac tive ve Dire Direct ctor ory. y. This This acco accoun untt does does not not need need to be the the dom domain ain Administrator account.
And •
The computer computer must have an existing existing computer computer account account in the Active Active Directory database of the domain that the computer is joining, and the computer must be named exactly as its domain account is named.
Or •
•
The person person performi performing ng the installation installation must have appropriate appropriate perm permis issi sion on to crea create te a dom domain ain acco accoun untt for for the the com compute puterr duri during ng installation. Also, you need to have connectivity to the domain's domain controllers (only to the PDC if on an NT 4.0 domain) and a fully functional DNS server (only in AD domains).
•
Enter the Active Directory domain name (in the form of xxx.yyy, for example: DPETRI.NET) or the NetBIOS name of the NT 4.0 domain (in the form of xxx, for example: DPETRI). Press Next.
Note: If you provide a wrong domain name or do not have the correct connectivity to the domain's DNS server you will get an error message. A username/password window will appear. Enter the name and password of the domain's administrator (or your own if you're the administrator on the target domain).
Note: Providing a wrong username or password will cause this phase to fail. 22.Next the setup process will finish copying files and configuring the setup. You do not need need to do do anything anything
23.
Windows XP will spend 20 or 30 minutes configuring your computer and will automatically automatically restart when finished. When the Display Settings dialog appears, click OK .
24.After the copying and configuring phase is finished, if XP finds that you have a badly configured screen resolution it will advise you to change it and ask you if you see the new settings right.
•
When the Monitor Settings dialog box appears, click OK .
• •
BTW, the minimum supported screen resolution in XP is 800X600. Setup finishes and boots Windows XP.
Part 3: Complete the installation 1. A Welco Welcome me screen screen is the first first thing you see. The compute computerr checks checks your your Internet connectivity (required for the mandatory Activation and voluntary Registration processes).
2.
The final final stage stage of setup setup begins. begins. On On the Welcome to Microsoft Windows page, click Next.
3.
On the Help protect your PC page, click Help protect my PC by turning on Automatic Automatic Updates now. Then, click Next.
4. Windows Windows XP will will then check check if you are connec connected ted to the Interne Internet: t:
If you are connected to the Internet, select the choice that describes your network connection on the Will this computer connect to the Internet directly, or through a network? page. If you’re not sure, accept the default selection, and click Next.
If you use dial-up Internet access, or if Windows XP cannot connect to the the Inter Interne net, t, you you can can conne connect ct to the Intern Internet et after after setu setup p is How will will this this comp comput uter er conn connec ectt to the the comp comple lete te.. On the the How Internet? Page, click Skip.
5.
Windows XP Setup displays the Ready to activate Windows? Page, If you are connected to the Internet, click Yes, and then click Next. If you are not yet connected to the Internet, click No, click Next, and then skip to this step. After setup is complete, Windows XP will automatically remind you to activate and register your copy of Windows XP.
6.
On the Ready to register with Microsoft? page, click Yes, and then click Next.
7.
On the Collecting Registration Information page, complete the form. Then, click click Next.
8. XP will ask you for the the default username username that that will log onto onto this computer. computer. You can can enter enter as many many as 5 users, users, but you can can create create more more after after the the installation is finished. 9.
On the Who will use this computer? Page, type the name of each person who will use the computer. You can use first names only, nicknames, or full names. Then click Next. To add users after setup is complete or to specify a password to keep your account private, read Create and customize user accounts.
10.
On the Thank you! Page, click Finish.
11. Cong Congra rattulat ulatio ions ns!! Windo indow ws XP setu setup p is com comple plete. te. You You can log log on by clicking your name on the logon screen. If you’ve installed Windows XP on a new new comp comput uter er or new new hard hard disk disk driv drive, e, you you can can now now use the File File and and Settings Transfer Wizard to copy your important data to your computer or hard disk drive.
II.
Need of service packs
Micr Microso osoft ft occa occasio siona nall lly y rele release ases s serv servic ice e packs packs to Wind Window ows s XP for for its its Windows operating systems to fix problems and add features. Each service pack is a superset of all previous service packs and patches so that only the latest service pack needs to be installed, and also includes new revisions. These updates updates contain contain all the fixes and enhancem enhancements ents which which have been been made made availa available ble in the previo previous us year. year. The update updates s called called Servic Service e Packs Packs provide convenient, all-in-one access to the most up-to-date drivers, tools, security updates, patches, and customer-requested product changes.
There are three three service service pack is released released by Microsoft Microsoft i.e. service service pack 1, service pack 2, service pack 3. If you still have the earliest version of Win XP on Retail CD (without any service packs included), you will need to install SP1a or SP2, before SP3 installation.
III.
Need Need of creat creating ing users users and assign assigning ing acces access s priv privile ilege ges s
Yes, just like your local bank, Windo Windows ws can man manage age accou accounts. nts. User accounts or accounts for the users of your computer are a feature you can choo ch oose se or ig igno nore re.. Bu But, t, pa part rtic icul ularl arly y if mo more re th than an on one e pe perso rson n us uses es yo your ur computer they do offer some advantages. Well, each Windows user account can have its own area to store files, its own programs and many of its own settings - including things like the picture on the desktop - you know you can choose your own picture as the background on the Windows desktop or sounds - you know, like the default "dingy dingy ding, ding ding" sound when you turn on your computer. Anothe Anot herr im impo port rtant ant fe feat atur ure e of use userr ac acco coun unts ts is se secu curit rity. y. Yo You u ca can n ha have ve accounts that 'can do anything' or accounts that have limited privilege like only allowed seeing their own files, not those of other users. Whereas an account set up as a 'can do anything' account are highly privileged and so can see and read and change the files of any user account. This security feature feat ure is use used d ext extens ensive ively ly by com compani panies es tha thatt run Wi Windo ndows ws to ens ensure ure indi in divi vidu dual al em emplo ploye yee e fi file les s ar are e pr prot otec ecte ted d fro from m de deli libe bera rate te or ac acci cide dent ntal al changes and deletions and of course to protect privacy just like in a bank, you wouldn't expect other bank customers to be able to look at the details of yo your ur ac acco coun unt. t. Wi Wind ndow ows s ca calls lls th the e 'c 'can an do an anyt ythi hing ng'' us user er ac acco count unts s 'comp 'co mput uter er ad admi mini nist strat rator or'' ac acco coun unts ts an and d th thos ose e th that at ar are e lim limit ited ed it ca call lls s 'Limited.' In the home, user accounts might be set up for the family members that use the computer for example- Your own computer has user accounts for you and your brother, sister. So we can say that user ser creati ation is needed ded for for Authenti nticati ation. Authentication is the process of verifying the identity of a user, device, or other other entity entity in a comput computer er system system,, often often as a prereq prerequisi uisite te to granti granting ng access to resources in a system. With different user accounts, you are able to personalize settings and data. Every user has his or her documents, favourites, e-mail, address book, Live Messenger, etc.
Create User Accounts User accounts are quite straight forward to create. Here are the things its good to know before you begin - the first is the only thing you need to know:
What name(s) are you going to use for your accounts - For example, my user account is simply called 'Madhu'. Do you want to take advantage of different security restrictions - For example, give other users restricted privilege to read, update or delete other users files - even by accident. Do you want to protect your user accounts with a password or PIN - This would stop someone else accidentally or otherwise using another user's account; if you do, you need to think of at least your own password.
Let's use an example. Perhaps you want three user accounts for members of the ho hous use eho hold ld:: Mad adhu hu,, Amit an and d Sa Sang ngit ita. a. Mad adhu hu wil illl ha hav ve an administrator account, those that can do anything and Amit and Sangita will have a limited privilege accounts. For Madhu and Amit accounts we want to have a password, but we won't create a password for Sangita's account. You should expect to have at least one account with administrator privilege, as this is the only privilege level that allows you to add new accounts for example. A good security oriented decision by-the-way is that that all of the user accounts used for day-day activity are limited and you have a separate account set up for computer administration. Once you have this information you can create new accounts using the 'User Accounts' section of Control Panel. Creating a user accounts is easy: Control Panel, User Accounts, Create a new Account which is mentioned in pre previous chapter. Click the User Accounts Acco unts optio option n and you'l yo u'lll be pr pres esen ente ted d with three main options:
account
Change an
Create a new account Change my picture
User Accounts and Internet Security There is anothe anotherr impo important rtant advantage of user accounts, accounts, that is, the ability to improve your security against internet attacks like viruses. Of course you should have your firewall turned on, have an anti-virus product installed and up-to-date and get updates for Windows itself from Windows Update the three most important things you need to do to protect your computer from those with malicious intent. But, lets imagine for a moment that you computer has been infiltrated by a virus that wants to install a new modem connection on your computer to dial an expensive premium rate service - of course without your knowledge. If you are logged on with administrator privilege and the virus gets to run while you are logged on - it too has administrator privilege -as far as Windows is concerned its running on your behalf and so could indeed go about its malicious work. If you were logged on with limited privilege - it would be unable to add or change a modem connection and you will have foiled its evil little plan. So, all you need to do is giv give e eve everyb rybody ody lim limite ited d pri privil vilege ege acc accoun ounts ts and you you've 've add added ed ano anothe therr level of defence. Windows actually allows multiple user accounts to be used at any one time. Try this this little little experim experiment, ent, we're we're going going to to right right mouse mouse click click a program program on the start menu and examine the menu list that appears:
Open the Start menu (click the Start button) Let go of the mouse button so the menu stays but you have no mouse buttons pressed Move you mouse over a program on the left hand list of the menu, e.g. Windows Media Player or Internet Explorer Hold down a Shift key k ey on the keyboard Press the right mouse button
Look at the right mouse button menu that appears. You should see 'Run as.' as the second menu item. This allows you to run a program under a different user account - like those for other members of your household.
So, why would you want to do this? The most common reason of this is when you are running in a limited privilege user account and need to run a program with elevated privilege - that is with administrator privilege. Often the th e se setu tup p pr prog ogra ram ms th that at in inst stal alll ne new w ap appl plic icat atio ions ns ne need ed to ru run n wi with th administrator privilege for example. In this case 'Run as.' is your friend, allowing you to enter a different user account name and password that will be used to run the program. With the default installation of Windows XP Professional or Windows XP Home there is always at least one user account on your computer, with the name nam e of 'A 'Adm dmini inist strat rator or'' an and d a bl blan ank k pa passw sswor ord d - th that at is is,, no pa passw sswor ord d required. If you have added no user accounts yourself and when you start your computer it simply shows you the Windows desktop with Start button etc. then you are actually logging on using this default account. As you can probably gather from the name of the account, it is a user account with admin adm inist istra rato torr pr priv ivil ileg ege e - so hi high ghly ly pr priv ivile ilege ged d to do any anyth thin ing g on yo your ur computer. Let's go back to our earlier scenario the virus that wants to create a new modem connection. If you are logged on using a limited privilege account, like the 'Madhu' account we created earlier, the virus will not be able to create the modem connection using 'Madhu' but it might try logging on as 'Adm 'A dmini inist stra rato tor' r' wi with th no pa passw sswor ord d - so some meth thin ing g th that at wi will ll wo work rk on mo most st Windows XP computers. This account does have the ability to create the modem account and so the virus can go about its dirty work. You can deal with this proble problem m of a hidde hidden, n, passwo password rd free admi administrat nistrator or accoun acc ountt by eit either her disa disabli bling ng the adm admini inistr strato atorr acc accoun ountt on Win Window dows s XP Professional or by adding a hard to guess password to the account on either Windows XP Professional or Windows XP Home.
Creating a Password for the Administrator Account If yo you u ha have ve ad adde ded d us use er ac acco coun unts ts to Wi Wind ndow ows s XP XP,, wh when en yo you u se see e th the e Welc lcom ome e sc scre ree en as yo your ur tu turn rn on you ourr co com mpu pute terr yo you u wil illl no nott se see e 'Administrator' in the list - by default Windows hides this user account. To make it appear in:
Widows XP Professional - press the three key combination Control (or Ctrl) + Alt + Delete (or Del) all at the same time, twice. Windows will present you with a different way to login to Windows using a dialog box where you can type a user name and a password. At this dialog box enter 'Administrator' as the user, leave the password blank and press 'OK'
Windows XP Home - you will need to re-boot your computer and activate Wind Wi ndow ows s 'S 'Safe afe Mode.' Mode.' Th This is mo mode de is th ther ere e as a pre preca caut utio ion n in in-c -case ase some so meth thing ing go goes es wr wron ong g wi with th yo your ur co comp mput uter er an and d it wo won't n't st start art in it its s regu re gula larr mo mode de.. Fr From om sa safe fe mo mode de yo you u ca can n lo logo gon n to th the e ad admi minis nistr trato atorr account. So, tell your computer to 'Restart' (Start menu, choose 'Turn Off Computer' and then press 'Restart.' As the screen goes black to signify the beginning of the computers start-up processes hold down the F8 ke keyy- on th the e to top p ro row w of yo your ur ke keyb yboa oard rd.. Wi Windo ndows ws wi will ll ev even entu tuall ally y present you will a black screen with options in white text. Use the updow do wn cu curs rsor or ke keys ys to ch choo oose se 'S 'Saf afe e Mo Mode de'' an and d pr pres ess s 'E 'Ent nter er.' .' Whe hen n Window Win dows s sta starts rts you wi will ll pro probab bably ly not notice ice the screen screen tex textt loo looks ks a lot bigger, but you should see 'Administrator' as an option to log-on, choose it.
At this point you should be logged on as administrator. The only thing we need to is go to user accounts (Start, Control Panel, User Accounts), choose 'Change an account', choose 'Administrator', then 'Create a password'. This will give you a window with three places to enter text, asking you to:
Type a new passw password ord Type the new new password password again again to confi confirm rm Type the word word or phrase to use as a password password hint
The screen screenshot shot explain explained ed in previ previous ous chapter chapter So, choose an appropriate password and enter a hint that will help you remember what the password is without allowing someone else to guess the password. You can now press the 'Creat 'Create e passwo password' rd' butto button n and eithe eitherr log-of log-offf if you are running Windows XP Professional or restart in normal mode if you are running Windows XP Home. You may never never want want to use the 'Administr 'Administrator' ator' account, account, but knowing knowing that it has a hard to guess password also significantly reduces the chances of it being used by malicious software.
UNIT 5
Windows XP security
1)Case 1) Case studies related with encryption 2)Understand 2) Understanding ing encryption http://en.wikipedia.org/wiki/E http://en.wikipedia.org/wiki/Encryption ncryption In cryptography, encryption is the process of transforming information refer referred red to as plaint plaintext ext using an algorit algorithm hm called called cipher cipher to make make it unread unreadabl able e to anyone anyone exce except pt those those posses possessin sing g specia speciall knowle knowledge dge,, usually referred to as a key. The result of the process is encrypted information in cryptography, referred to as cipher text.
Computer encryption is based on the science of cryptography, which has been used as long as humans have wanted to keep information secret. Befo Before re the the digi digita tall age, age, the the bigg bigges estt us user ers s of cryp crypto togr grap aphy hy were were governments, particularly for military purposes.
Cryptography During this time when the Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for commerce, security becomes a tremendously important issue to
deal with. There are many aspects to security and many applications, ranging from secure commerce and payments to private commun communica icatio tions ns and protec protecting ting passwo passwords rds.. One essent essential ial aspect aspect for secure communications is that of cryptography. Cryptography derived from greek word where kryptos means "hidden, secr secret et"; "; and grap graphy hy is the the “art “art of writ writin ing” g” Wher Where e cryp crypto tolo logy gy is the the practice and study of hiding information. Cryptography has been used almost since writing was invented. It is the science of writing in secret code and is an ancient art; the first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used nonstandard hieroglyphs in an inscription. Modern cryptography intersects the disciplines of mathematics, computer science, and engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce. When you shop on the Internet, for example to buy a book book at www.a www.ama mazon zon.co .com, m, crypto cryptograp graphy hy is used used to ensure ensure privacy of your credit card number as it travels from you to the shop’s server. Or, in electronic banking, cryptography is used to ensure that your your checks checks cannot cannot be forged forged.. So In data data and teleco telecomm mmunic unicatio ations, ns, crypto cryptograp graphy hy is necess necessary ary when when commun communica icatin ting g over over any untrus untrusted ted mediu medium, m, whic which h incl include udes s just just abou aboutt any any netw networ ork, k, part partic icul ular arly ly the the Internet.
Cryptography Terminology i.
Plaintext: The simple message is called plaintext. •
Also called as clear text
•
Language that we normally use
•
Easily understood by everybody
Example of Plain Text Message
ii.
Encryption: Encoding the contents of the message in such a way that hides its contents from outsiders
iii.
Ciphertext: The encrypted message or coded message. Language that cannot be understood. To achieve security, plain text is transformed into cipher text
iv.
Decryption : The process of retrieving the plaintext from the ciphertext.
v.
Key: Encryp Encryptio tion n and decrypt decryption ion usually usually make make use of a key, key, and the codi coding ng meth method od is su such ch that that decr decryp ypti tion on can can be perfo perform rmed ed only only by knowing the proper key.
Computer encryption systems generally belong in one of two categories: A.
Sym Symmetric ric-ke -key or or pri priv vate ate ke key enc encrrypti yptio on
B.
Asy sym mmetric tric key key or or Pub Publi lic c-ke -key enc encry rypt ptio ion n
Symmetric-key cryptography
It is also called conventional or private-key or single-key or secret key. Sender and recipie recipient nt share share a commo common n key. key. With With secret secret key cryptograp cryptography hy , a single key is used for both encryption and decryption. The sender uses the key (or some set of rules) to encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies the same key (or rule set) to decrypt the message and recover the plaintext. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption. encryption . With this form of cryptography, it is obvious that the key must be known to both the sender and the receiver; that, in fact, is the secret. All classical encryption algorithms are private-key. It was only type prior to invent invention ion of public-k public-key ey in 19 1970 70’s. ’s. The keys, in practic practice, e, repres represent ent a shared secret between two or more parties that can be used to maintain a private information link.
Secret key cryptography algorithms that are in use today include: DES, AES, Twofish, Twofish, Serpent, Serpent, Blowfish, Blowfish, CAST5, CAST5, RC4, RC4, TDES, TDES, IDEA. IDEA. The first major major symmet symmetric ric algorithm algorithm developed developed for computer computers s in the United United Stat States es was was the Data Data Encr Encryp ypti tion on Stan Standa dard rd (DES (DES), ), appr approv oved ed for for us use e in the the 1970 19 70s. s. The The DES DES us uses es a 56 56-b -bit it key key. Bec Because ause com compute puters rs have have beco become me increasingly faster since the '70s, security experts no longer consider DES secu secure re - alth althou ough gh a 56 56-b -bit it key key offe offers rs more more than than 70 quadr quadril illio lion n poss possib ible le combin combinatio ations ns (70,00 (70,000,0 0,000 00,00 ,000,0 0,000, 00,000 000), ), an attack attack of brute brute force force (simply (simply trying every possible combination in order to find the right key) could easily decipher encrypted data in a short while. DES has since been replaced by the Advanced Encryption Standard (AES), which uses 128-, 192- or 256-bit keys. Most people believe that AES will be a sufficient encryption standard for a long
time coming: A 128-bit key, for instance, can have more 300,000,000,000,000,00 300,000,000,000,000,000,000,000,00 0,000,000,000,000,000,00 0,000,000,000 0 key combinations
than
Private Key disadvantages The Key Exchang Exchange e Problem: Problem: The key exchange exchange problem problem arises from from the fact fact that communic communicatin ating g partie parties s must must someho somehow w share share a secret key before any secure communication can be initiated, and both parties must then ensure that the key remains secret. Of course, direct key exchange is not always feasible due to risk, inconvenience, and cost factors. // explain MITM The Trust Problem: Ensuri Ensuring ng the integri integrity ty of receiv received ed data data and verify rifyiing the the ide identit ntity y of the sour sourc ce of that that dat data can be very very important. For example, if the data happens to be a contract or a financi financial al transac transactio tion, n, much much may may be at stake. stake. To varyin varying g degree degrees, s, thes these e issu issues es can can even even be lega legall lly y impo import rtant ant for for ordi ordinar nary y emai emaill correspond correspondence ence,, since criminal criminal investigat investigations ions often center center around around who knew what and when they knew it. A symmetric key can be used to check the identity of the individual who originated a particular set of data, but this authentication scheme can encounter some thorny problems involving trust. a. Key Key mana manage gem ment: ent: One disa disadv dvan anta tage ge of sy sym mmetri etricc-ke key y algorithms is the requirement of a shared secret key, with one copy at each end. In order to ensure secure communications between everyone in a population of n people a total of n (n − 1)/2 keys are need needed ed,, whic which h is the the total total numbe numberr of possi possible ble comm communi unica cati tion on channels and they should be changed regularly and kept secure during distribution and in service. For Example:
•
•
•
When A wants to communicate only with B, we need one lock-andkey pair (A-B). When A wants to communicate with B & C, we need two lock-key pairs (A-B and A-C) If four persons wants to communicate with each other, we need 6 pairs. A-B,A-C,A-D,B-C,B-D, & C-D. In general, for n persons, number of lock and key pair is n*(n-1)/2. For 1000 persons, p ersons, we need 1000*999/2=499,500. 1000*999/2=499,500.
Asymmetric key cryptography To overcom overcome e the drawbacks drawbacks of private private key systems, systems, a number number of mathematicians have invented public key systems. Unknown until about 30 years ago, public key systems were developed from some very subtle insights about the mathematics of large numbers and how they relate to the power of computers. In the 19 1970s 70s Martin Martin Hellm Hellman, an, Whitfi Whitfield eld Diffie Diffie,, and, indepe independe ndently ntly,, Ralph Ralph Merkle invented a beautiful cryptographic idea. Their idea was to solve the key excha exchange nge and trust trust proble problems ms of symme symmetri tric c crypto cryptogra graphy phy by replaci replacing ng the single shared secret key with a pair of mathematically related keys, one of which can be made publicly available and another that must be kept secret by the individual who generated the key pair. The advantages are obvious. obvious. First, First, no key agreement agreement is required required in advance, advance, since the only key that needs to be shared with the other party is a public key that can be safely shared with everyone. Seco Second nd,, wher wherea eas s the the secu securit rity y of a sy symm mmet etri ric c algo algorit rithm hm depe depend nds s on two two parties successfully keeping a key secret, an asymmetric algorithm requires only the party that generated it to keep it secret. This is clearly clearly much much less problematic problematic.. Third, the issue of trusting trusting the other other party disappears in many scenarios, since without knowledge of your secret key, that party cannot do certain evil deeds, such as digitally sign a document with your private key or divulge your secret key to others. Asymmetric Asymmetric cryptography does not n ot replace symmetric cryptography. Rather, it is impor importan tantt to recogn recognize ize the relati relative ve streng strengths ths and weakne weaknesse sses s of both both techniques so that they can be used appropriately and in a complementary manne manner. r. Symme Symmetri tric c algorit algorithm hms s tend tend to be much much faster faster than than asymm asymmetr etric ic algo algori rith thms ms,, espe especi ciall ally y for for bulk bulk data data encr encryp ypti tion on.. They They also also provi provide de much much greater security than asymmetric algorithms for a given key size. On the down side, symmetric key cryptography requires that the secret key be securely exchanged and then remain secret at both ends. In a large network using symmetric encryption many key pairs will proliferate, all of which must be securely managed. Because the secret key is exchanged and stored in more than one place, the symmetric key must be changed frequently, perhaps even on a per-session basis. Finally, although symmetric keys can be used for message authentication in the form of a keyed secure hash, the full functionality of a digital signature requires asymmetric encryption techniques, such as RSA or DSA. As we see later, a symmetric keyed secure hash algorithm can be used to implement a MAC MAC (Mess (Message age Authen Authentic ticatio ation n Code) Code),, which which provid provides es authen authentic ticatio ation n and integrity integrity but not non-repudiat non-repudiation. ion. In contrast, contrast, asymmet asymmetric ric digital digital signature signature
algorithms provide authentication, integrity, and non-repudiation, and enable the services of certificate authorities (CAs).
Comparison of Symmetric and Asymmetric Encryption
In public key systems there is a public key, which may be known to many people and a secret key, which is unique and known only to the sender. Because a different key is used on each side of the process, publ public ic key key sy syst stem ems s are also also known known as 'asym 'asymme metr tric ic sy syst stem ems'. s'. The The distrib distributi ution on of keys keys for public public key system systems s is genera generally lly much much easie easierr because it is not normally necessary to keep the public key secret. The private key, on the other hand, must remain secret or else security is compromised.
•
Key Pairs (Public and Private).
•
Publish one key, keep the other secret.
•
•
Anyone who wants to send you a message encrypts it using your public key. To read read a message message you decryp decryptt it with with the private private key. key.
Matrix of Keys Key Details
A Should Know
B Should Know
A’s Private Key
Yes
No
A’s Public Key
Yes
Yes
B’s Private Key
No
Yes
A’s Public Key
Yes
Yes
Using Asymmetric Cryptography To use asymmet asymmetric ric cryptograp cryptography, hy, Bob randomly randomly generates generates a public/priv public/private ate key pair. He allows everyone access to the public key, including Alice. Then, when Alice has some secret information that she would like to send to Bob, she encrypts the data using an appropriate asymmetric algorithm and the public key generated by Bob. She then sends the resulting ciphertext to Bob. Anyone who does not know the matching secret key will have an enormously difficult time retrieving the plaintext from this ciphertext, but since Bob has the matching secret key (i.e., the trapdoor information), Bob can very easily discover the original plaintext.
The Combination Lock Analogy A traditional symmetric cipher is analogous to a lockbox with a combination lock that has one combination used both to open it and close it. The analogy for an asymmetric cipher is a somewhat stranger device: The single lock has two distinct combinations, one for opening it and another for closing it. By keeping one of these combinations secret and making the other combination public, you can effectively control who can place or remove the contents in the lockbox. This added flexibility supports two useful scenarios: confidentiality without prior key exchange and data integrity enforcement.
Here is the first scenario. If you know the public combination for closing the lock but not the private combination for opening the lock, then once you have plac placed ed some someth thin ing g into into the the box box and and lock locked ed it, it, it beco become mes s impo impossi ssibl ble e for for anybody who does not know the private opening combination6 combination6 to obtain the contents. This demonstrates spontaneous confidentiality (i.e., keeping a secret without prior key exchange). Hence, we have a solution to the key exchange problem described earlier in symmetric key cryptography.
Public-Key Cryptography: Authentication
Enforcing Data Integrity
As stated earlier, encryption is the process of taking all of the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Another process, authentication, is used to veri verify fy that that the the info inform rmat atio ion n com comes from from a trus truste ted d sour source ce.. Basi Basic cally ally,, if information is "authentic," you know who created it and you know that it has not been altered in any way since that person created it. This scenario is if only you know the private combination combination for closing closing the lock, and you place contents into the lockbox and then lock it. Then anyone can open the lock, but nobody else can lock other contents into the lockbox, since nobody else knows the private combination for closing the lock. Therefore, nobody else can tamper with its contents and then close the lock again. You might think that this is easy to defeat, since anyone could easily create his or her own key pair and then lock any data into the lockbox. However, only the newly created public key would then work, and the original public key would fail to unlock the lockbox. Therefore, anyone with knowledge of the original publ public ic key key would ould not not be fool fooled ed by su suc ch an atta attack ck.. Sinc Since e tam tamperi pering ng is detectable, this scenario demonstrates how data integrity can be enforced. These two processes, processes, encryptio encryption n and authenticat authentication, ion, work hand-in-hand hand-in-hand to create a secure s ecure environment. Note Note that we are encrypti encrypting ng with with the public public key and decryp decryptin ting g with with the privat private e key. key. This This achiev achieves es confide confidenti ntialit ality. y. And when when encryp encryptin ting g with with the private key and decrypting with the public key, to achieve authentication and integrity checking is digital signature and digital certificate. Asymmetric Asymmetric key Algorithms includes: RSA, Diffie Hellman, etc
Advantages of the Asymmetric Approach With the asymmetric also known as public key approach, only the private key must be kept secret, and that secret needs to be kept only by one party. This is a big improvement in many situations, especially if the parties have no previous contact with one another. However, for this to work, the authenticity of the corresponding public key must typically be guaranteed somehow by a trusted third party, such as a CA. The certificate authority acts as a middleman that both computers trust. It confirms that each computer is in fact who it says it is, and then provides the public keys of each computer to the other. Because the private key needs to be kept only by one party, it never needs to be transmitted over any potentially compromised networks. Therefore, in many cases an asymmetric key pair may remain unchanged over many sessions or perhaps even over several years. Another benefit of public key schemes is that they generally can be used to implement digital signature schemes that include non-repudiation. Finally, because one key pair is associated with one party, even on a large network, the total number of required keys is much smaller than in the symmetric case.
Before Before the moder modern n era, era, crypto cryptogra graphy phy was concer concerned ned solely solely with with messag message e confid nfide entia ntiallity ity (i.e i.e., encry ncrypt ptio ion) n) — conve nversion sion of messag ssage es fro from a comp compre rehe hens nsib ible le form form into into an inco incomp mpre rehe hens nsib ible le.. Whic Which h is the the proce process ss of converting ordinary information (plaintext) into unintelligible and Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext. Encryption was used to ensure secrecy in communications, such as those of spies, military leaders, and diplomats. In recent decades, the field has expanded beyond confidentiality concerns to include techniques for message integrity checking, sender/receiver identity authentication, digital signatures, and interactive proofs and secure computation, among others.
3)Benefits of encryption http://computer.howstuffworks.com/encryption.htm When When we use the the Inte Intern rnet et,, we're we're not not alway always s just just clic clicki king ng arou around nd and passively taking in information, such as reading news articles or blog posts or mail checking - a great deal of our time online involves sending others our own information. Ordering something over the Internet, whether it's a book, a CD or anything else from an online vendor, or signing up for an online online accoun account, t, requir requires es enter entering ing in a good good deal deal of sensit sensitive ive person personal al information. A typical transaction might include not only our names, e-mail addresses and physical address and phone number, but also passwords and personal identification numbers (PINs). The incredible incredible growth growth of the Internet Internet has excited excited businesses businesses and consumers alike with its promise of changing the way we live and work. It's extremely easy to buy and sell goods all over the world while sitting in front of a laptop. But security is a major concern on the Internet, especially when you're using it to send sensitive information between parties. There is a lot of inform information ation that that we don't want want other other people people to to see, see, such as: • • • • • •
Credit-card information Social Security numbers Private correspondence Personal details Sensitive company information Bank-account information
Cyber security is provided on computers and over the Internet by a variety of methods. A simple but straightforward security method is to only only keep keep sensit sensitive ive inform informati ation on on remova removable ble storag storage e media media like
portable flash memory drives or external hard drives. But the most popul popular ar form forms s of secu securit rity y all all rely rely on encryption, the the proc proces ess s of encoding information in such a way that only the person or computer with the key can decode it. Encr Encryp ypti tion on has has long long been been us used ed by milit militar arie ies s and gove govern rnme ment nts s to facilitate secret communication. Encryption is now commonly used in prote protecti cting ng inform informatio ation n within within many many kinds kinds of civili civilian an system systems. s. For exam exampl ple, e, the Comp Comput uter er Secu Securi rity ty Inst Instit itute ute repo report rted ed that that 71 71% % of compani companies es surve surveyed yed utiliz utilized ed encryp encryptio tion n for some some of their their data data in transit, and 53% utilized encryption for some of their data in storage. Encryption can be used to protect data such as files on computers and storage devices e.g. USB flash drives. In recent years there have been numero numerous us repor reports ts of confide confidenti ntial al data such such as custom customers ers'' perso personal nal record records s being being expose exposed d throug through h loss loss or theft theft of laptops laptops or backup backup driv drives es.. Encr Encryp ypti ting ng such such file files s help helps s prot protec ectt them them sh shou ould ld phys physic ical al securi security ty measur measures es fail. fail. Digita Digitall rights rights manage manageme ment nt system systems s which which prevent unauthorized use or reproduction of copyrighted material and protect software against reverse engineering. Encryption is also used to protect data in transit, for example data being transferred via networks e.g. the Internet, e-commerce, mobile tele telepho phone nes, s, wire wirele less ss micr microp opho hone nes, s, wire wirele less ss inte interc rcom om sy syste stems ms,, Bluetooth Bluetooth devices and bank automatic teller machines. machines. There have been numerous reports of data in transit being intercepted in recent years. Encrypting data in transit also helps to secure it as it is often difficult to physically secure all access to networks. A popul popular ar imple impleme ment ntati ation on of publ public ic-ke -key y encr encryp ypti tion on is the the Secu Secure re Socket Sockets s Layer Layer (SSL). (SSL). Origin Originally ally develope developed d by Netsca Netscape, pe, SSL is an Internet security protocol used by Internet browsers and Web servers to transmit sensitive information. Look for the "s" after "http" in the address whenever you are about to enter sensitive information, such as a credit-card number, into a form on a Web site.
You will notice notice that the "http" "http" in the address address line is replaced replaced with "https," and you should see a small padlock in the status bar at the botto bottom m of the the brow browse serr windo window. w. When When you'r you're e acce accessi ssing ng sens sensit itiv ive e information, such as an online bank account or a payment transfer service like PayPal or Google Checkout, chances are you'll see this type of format change and know your information will most likely pass along securely. securely.
The padlock symbol lets you know that you are using encryption. encryption. SSL make make sig signifi nifican cantt use of certi certifica ficate te author authoritie ities. s. Once Once your your browse browserr requests a secure page and adds the "s" onto "http," the browser sends out the public key and the certificate, checking three things: 1. That the the certificate certificate comes comes from a trusted trusted party; party; 2. That the the certific certificate ate is curren currently tly valid; valid; and and 3. That the certi certifica ficate te has a relatio relationsh nship ip with the site from from which it's it's coming. The browser browser then uses the public key to encrypt encrypt a randomly randomly selected selected symme symmetri tric c key. key. Public Public-ke -key y encry encryptio ption n takes takes a lot of computi computing, ng, so most most system systems s use a combin combinatio ation n of public public-ke -key y and symme symmetri tric c key encr encryp ypti tion on.. When When two two comp comput uter ers s init initia iate te a secu secure re sessi session on,, one one computer creates a symmetric key and sends it to the other computer using public-ke -key encr ncryption. The The two compute uters can then communic communicate ate using symmetric-ke symmetric-key y encryption. encryption. Once the session session is finishe finished, d, each each compute computerr dis discar cards ds the symme symmetri tric c key used used for that that session.
4)Benefits 4) Benefits of Steganography Steganography Encryption may not be enough For example A and B are in jail and wish to hatch an escape plan. All their communications pass through the warden, H, and if H detects any encrypted messages, they can simply stop the communication. So they must find some way of hiding their secret message in an innocuous looking text.
The goal of the cryptograph cryptography y system system is to conceal conceal the content content of the messages, while the goal of information hiding or steganography is to conceal their existence.
Steganography is Gree Greek k Word Words s wher where e STEG STEGAN ANOS OS is – “Covered” Covered” and GRAPHIE is – “Writing” Writing” •
•
•
•
Steganography is the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message. This can be achieving achieving by concealing concealing the existence existence of information information within carr carrie iers rs or cove coverr that that is hidi hiding ng info inform rmati ation on into into pictu picture res s and and othe otherr media. What to hide o Texts Images o Sound o How to hide embed text in text/images/sound files o o embed image in text/image/sound files o embed sound in text/image/sound files
Cryptographic System and Steganographic System i.
Cryptography Cryptography System
ii. Steganog Steganograph raphic ic System System
i. Comparis rison
Steganographic Steganographic Techniques i.
ii.
iii. iv.
v.
vi.
Genome Steganography: Encoding a hidden message in a strand of human DNA Hiding in Text: Information Information hidden in documents by manipulating the positions of lines and words, hiding the data in html files Hiding in the disk space: s pace: Hiding the data in unused or reserved space Hiding data in software and circuitry: Data can be hidden in the layout of the code distributed in a program or the layout of electronic circuits on a board. Informat Information ion Hiding Hiding in Images: Images: Ranges Ranges from from least least sig signif nifica icant nt bit insertion to masking and filtering to applying more sophisticated image processing algorithms Hiding in network packets: Hidden in packets transmitted through the Internet. Software Tools
i.
ii.
iii.
iv.
v.
S-Tools: Includes programs that process GIF and BMP images, process audio files and will even hide information in the unused areas of the floppy diskettes StegoDos: Also Also known known as the the Blac Black k Wolfs Wolfs Pict Pictur ure e Enco Encode derr versi version on 0.90a. It works only for 320* 200 images with 256 colors Camouflage: Allows hiding files by scrambling them and then attaching them to the file of your choice Mp3 Stego: Stego: Hides Hides inform informatio ation n in MP3 MP3 files files during during the compre compressio ssion n process InvisibleSecret: Hide the text or image file into other image or text file by using Blowfish algorithm.