Seminar 4: Talk by Mr. Usama Tharwat Elhagari on security seminar class (2nd & 3rd March 2011)

On this date, Prof Dr.Hanan was continued our seminar by invited Mr Usama to deliver his talk. This time his talk is about Trusted Computing.

What is trusted computing he asked? did you all know what is trusted computing? after no body was answered that question he start begun to explain what is all about the trusted computing.

Trusted computing is a broad term that refers to technologies and proposals for resolving computer security problems through hardware enhancements and associated software modifications. Several major hardware manufacturers and software vendors, collectively known as the Trusted Computing Group (TCG), are cooperating in this venture and have come up with specific plans. The TCG develops and promotes specifications for the protection of computer resources from threats posed by malicious entities without infringing on the rights of end users.

Microsoft defines trusted computing by breaking it down into four technologies, all of which require the use of new or improved hardware at the personal computer (PC) level:

• Memory curtaining -- prevents programs from inappropriately reading from or writing to each other's memory.
• Secure input/output (I?O) -- addresses threats from spyware such as keyloggers and programs that capture the contents of a display.
• Sealed storage -- allows computers to securely store encryption keys and other critical data.
• Remote attestation -- detects unauthorized changes to software by generating encrypted certificates for all applications on a PC.

In order to be effective, these measures must be supported by advances and refinements in the software and operating systems (OSs) that PCs use.

Within the larger realm of trusted computing, the trusted computing base (TCB) encompasses everything in a computing system that provides a secure environment. This includes the OS and its standard security mechanisms, computer hardware, physical locations, network resources and prescribed procedures.

The term trusted PC refers to the industry ideal of a PC with built-in security mechanisms that place minimal reliance on the end user to keep the machine and its peripheral devices secure. The intent is that, once effective mechanisms are built into hardware, computer security will be less dependent on the vigilance of individual users and network administrators than it has historically been. Concerns have arisen, however, about possible loss of user privacy and autonomy as a result of such changes. 

Seminar 3 : Talk by Mr. Dahliyusmanto on security seminar class (24 Feb 2011)

On this date, Prof. Dr. Abdul Hanan Bin Abdullah was invited the other his PhD student's which is Mr. Dahliyusmanto. He delivering talk regarding the Intrusion Detection System. First of all he introduce him self then he start with giving the definition of Intrusion Detection System (IDS) the definition of IDS are as follow:

• Intrusion: any set of activities that attempt to compromise the integrity,confidentiality and availability of a resource.
• Example: 
• DoS: attempt to starve a host of resources needed to function correctly.
• Compromises: obtain privilege access to a host by known vulnerabilities.
• Intrusion Detection: the process of identifying and responding to intrusion activities.

 

After that he telling focus more deeper in IDS which is Elements of IDS, component of IDS and the IDS classification 

Element of IDS

• Primary Assumptions:
• system activities are observable
• normal and intrusive activities have distinct evidence

Components of IDS

• From an algorithmic perspective :
• features - capture intrusion evidences
• models - piece evidences together
• From a system architecture perspective:
• various components - audit data processor, knowledge base, decision engine, alarm generation and responses.

IDS Classification

• Source
• Host-based : detect and examine malicious activity, optimize for monitoring individual hosts, monitor system network activity (e.g. file systems, log files, user actions), integrate the finding several host-based intrusion detection provide unified view of multiple.
• Network-based : deploying sensors at strategic locations (e.g. packet sniffing via tcpdump at routers), inspecting network traffic (watch for violations of protocols and unusual connection patterns), monitoring user activities (look into the data portions of the packets for malicious command sequences).

Next, he jump into the detection mechanism, challenge of IDS and the other potential solution in adding to the IDS to make it more protected.

Detection Mechanisms

• Misuse Detection : it looks for attack signatures in the user's behavior, accuracy is more higher - normal @ intrusive, can't detect new attack.
• Anomaly Detection : it statically analysis user's current sessions, compares then to the profile describing user's normal behavior and report significant deviation to security officer, can detect new attacks.

Challenges of IDS's

• runtime limitations
• specification of detection signatures
• dependency on environment

Potential Solutions

• Data mining : example sequential mining and episode rules
• Machine Learning Techniques : supervised learning and unsupervised learning
• Co-simulation mechanism : integrating the misuse & anomaly techniques, applying a co-simulation mechanism

Seminar 2: Talk by Mr. Satria Mandala on security seminar class ( 17 Feb 2011 )

On this date, Prof Hanan was invited another his PhD's student, Mr. Satria Mandala from Indonesia. Mr. Satria deliver his talk on 'Intrusion Detection Together with Critical Nodes Detection for Securing MANET'.

A MANET is an autonomous collection of mobile users that communicate over relatively bandwidth constrained wireless links. Since the nodes are mobile, the network topology may change rapidly and unpredictably over time. The network is decentralized, where all network activity including discovering the topology and delivering messages must be executed by the nodes themselves, i.e., routing functionality will be incorporated into mobile nodes.

Description of Working Group

The purpose of the MANET working group is to standardize IP routing
protocol functionality suitable for wireless routing application within
both static and dynamic topologies with increased dynamics due to node
motion or other factors.
Approaches are intended to be relatively lightweight in nature,
suitable
for multiple hardware and wireless environments, and address scenarios
where MANETs are deployed at the edges of an IP infrastructure. Hybrid
mesh infrastructures (e.g., a mixture of fixed and mobile routers)
should also be supported by MANET specifications and management
features.
Using mature components from previous work on experimental reactive and
proactive protocols, the WG will develop two Standards track routing
protocol specifications:
- Reactive MANET Protocol (RMP)
- Proactive MANET Protocol (PMP)
If significant commonality between RMRP and PMRP protocol modules is
observed, the WG may decide to go with a converged approach. Both IPv4
and IPv6 will be supported. Routing security requirements and issues
will also be addressed.
The MANET WG will also develop a scoped forwarding protocol that can
efficiently flood data packets to all participating MANET nodes. The
primary purpose of this mechanism is a simplified best effort multicast
forwarding function. The use of this protocol is intended to be applied
ONLY within MANET routing areas and the WG effort will be limited to
routing layer design issues.

Types of MANET

• Vehicular ad-hoc network (VANETs) are used for communication among vehicles and between vehicles and roadside equipment.
• Intelligent vehicular ad-hoc network (InVANETs) are a kind of artificial intelligence that helps vehicles to behave in intelligent manners during vehicle-to-vehicle collisions, accidents, drunken driving etc.
• Internet Based Mobile Ad hoc Networks (iMANET) are ad hoc networks that link mobile nodes and fixed Internet-gateway nodes. In such type of networks normal ad hoc routing algorithm don't apply directly.

Seminar 1: Talk by Mr. Khalid, on seminar security class ( 10 Feb 2011)

On this date, this is our first talk that deliver Mr.Khalid. This talk was organized by Prof. Dr. Abdul Hanan Bin Abdullah who was invited Mr.Khalid which is also his PhD student. Mr.Khalid's is a Paskitani and have a lot experiences in network security field. He start by telling about him self and also talk about remedy of IS (information security), and telling us that he was a vice president of research and development on his company in Pakistan.
After that he start his lecture with intro of hacking and regarding the security and also the antivirus. He also gave a lecture on VPN. What is all about VPN? so lets see..

The virtual private network (VPN) technology included in Windows Server 2003 helps enable cost-effective, secure remote access to private networks. VPN allows administrators to take advantage of the Internet to help provide the functionality and security of private WAN connections at a lower cost. In Windows Server 2003, VPN is enabled using the Routing and Remote Access service. VPN is part of a comprehensive network access solution that includes support for authentication and authorization services, and advanced network security technologies.

VPN connections

VPN connections use either Point-to-Point Tunneling Protocol (PPTP) or Layer Two Tunneling Protocol/Internet Protocol security (L2TP/IPSec) over an intermediate network, such as the Internet. By using the Internet as a connection medium, VPN saves the cost of long-distance phone service and hardware costs associated with using dial-up or leased line connections. A VPN solution includes advanced security technologies such as data encryption, authentication, authorization, and Network Access Quarantine Control.

A VPN Connection

There are two types of VPN connections:

• Remote access VPN
  
• Site-to-site VPN