.bLog taDe naMa.

by Mr Dahliyusmanto on 02/24/2011

Intrusion means any set of activities that attempts to compromise the integrity, confidentiality and availability of a resource. For example,

• DoS: attempts to starve a host of resources needed to function correctly.
• Compromises: obtain privilege access to a host by known vulnerabilities.

Intrusion Detection can be describe as the process of identifying and responding to intrusion activities.

• System activities are observable
• Normal and intrusive activities have distinct evidence

• From an algorithmic perspective:
•  Features – capture intrusion evidence
• Models – piece evidence together
• From a system architecture perspective:
• Various components: audit data processor, knowledge base, decision engine, alarm generation and responses.

• Accuracy

• False Positive:  occurs when an activity is reported as an attack, while in reality it isn't an attack.
• False Negative: occurs when an attack occurs without being reported.

• Host-based:

• Definition: is an intrusion detection system that monitors and analyzes the internals of a computing system rather than the network packets on its external interfaces (as a network-based intrusion detection system (NIDS) would do).
• Using OS auditing mechanism
• Monitoring user activities
• Monitoring executions of system programs
• Detect and examine malicious activity
• Optimize for monitoring individual ghosts
• Monitoring system network activity, file system, log files, user actions

• Network-based

• Definition: is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by monitoring network traffic.
• Deploying sensors at strategic locations
• Inspecting network traffic
• Monitoring user activities
• May be easily defeated by encryption

• Application-based

• Definition: is an intrusion detection system that focuses its monitoring and analysis on a specific application protocol or protocols in use by the computing system.
• monitor the dynamic behavior and state of the protocol
• consist of a system or agent that would typically sit between a process, or group of servers, monitoring and analyzing the application protocol between two connected devices.

• Misuse Detection

• the IDS analyzes the information it gathers and compares it to large databases of attack signatures.

• Anomaly Based

• the system administrator defines the baseline, or normal, state of the networks traffic load, breakdown, protocol, and typical packet size.

• Hybrid

• Is a combination of host-based and network-based

• Run-time limitation
• Specification of detection signatures
• Dependency or environment

• Data mining
• Machine learning technique
• Co-simulation mechanism

by Usama Tharwat Elhagari from Cyber Security Malaysia [May, 2]

Introduction:
Today's system are very vulnerable to a range of attacks.
- Computer Security is mostly concerned with security aspects of software.
- No physical security is provided for the PC hardware. eg: HDD
- Protecting IT system through software-only mechanisms cannot solve alone all the security problems.
  (i) OS and application software are very complex, and removing all software vulnerabilities is almost an impossible task.
  (ii) almost one security vulnerability/1000 lines of source code
  (iii) attack on software, OS and application, are higher as compared with attacks on hardware.
- Users become more mobile, physical theft become more concern.
- Some security problems are unsolvable without a bootstrap to protected hardware.
- Software-only security application can not protect the hardware platform against attacks on its integrity or modification of the security software.
- A trusted and tamperproof security basis can't implemented using software-based solution alone.

Hardware-based embedded security solution approach
- Trusted Computing (TC): refers to the addition of the hardware functionality to a computer system that enables entities with which the computer interacts to have some level of trust in what the system is doing.
- So, TC is so great significance for building secure computing system based on new architecture in both hardware and software.
- TC is an industry initiatives intended to protect data in computer platforms from software attack and include protecting servers, desktops and so on.

Fundamental Features of Trusted Platform
- A trusted platform module (TPM) is a specialized chip that can be installed on the motherboard of a personal computer for the purpose of hardware authentication.
- authenticates the computer in question rather than the user.
- TPM stores information specific to the host system, such as encryption keys, digital certificates and passwords.
- minimizes the risk that data on the computer will be compromised by physical theft or an attack by an external hacker.
- Hardware protection is inherently less vulnerable to software-based attacks and authentication processes are conducted through a secure subsystem.
- The device also enhances the security of Web browsers, email programs and other important applications.
- Components: (non-volatile storage, random number generator, platform configuration register (PCR), Program Code, SHA-i Engine, Key Generation, Opt In, RSA Engine).

Hi everyone! just to share some info about what we have learned....


Yesterday, 04/16/2011, i joined the Google-Fu Class with Mr Mohammad Nizam Kassim from CyberSecurity. What can i said about this class..??? It's really interested! I really have fun joining this class......

This class actually teach us about the "hidden" function in Google. Most of the time, i noticed that before this i NEVER know and never use all the functions.

First of all, he told us that Google have a lot of language to search in. For example Google Japan, Google Australia, Google Thailand and so on.

Then he showed us what is the use of I'm Feeling Lucky button. I'm Feeling Lucky button is a function to direct search link. Meaning you will get the exactly answer of what you searching for. For example, if you type "apple" and click search button, the page will show you the results of apple. But with I'm Feeling Lucky button, if you type "apple", then you will skip the search results and directly go to Apple Computer's Company.

In Google also have some applications like Google Fight, Google Funny, and etc to just making fun and making interest to the users.

Google Fight

Google Funny

After that, we also learned about power search techniques. This techniques taught us about how to search using title and also the format. 

Assalamualaikum wbt to every people who follow this entry....

First of all.. may i ask something..?? Does anybody love examination..???? Hmmmmm i should say you are NOT! Rite..?? so do i hahahha.. but today.. on 7/3/11.. we (Info Sec students) started our 1st mid-term exam as a post-graduate students.. it was sooo soooo horrible.. demmit! we started with Information Security Management by Prof. Jai. Honestly, i wasn't difficult but it's too T.R.I.C.K.Y! too much careless i think i had made.. :(( so leave it.. hopefully i'll get better marks for that..

The next coming exam is Secure Software Development by Dr. Imran Ghani... one of my frightened paper.. now we need to cover up 3 chapters for the examination.. how bad!! u cant kill us Sir.. hey why not..?? on the same week, i get 2 more presentations.. alas! :((

So suka ataupun tidak... study tetap kena study.. Gud Luck!

Info Sec. students before this do n did our own stuff.. local n international students never unite.. not knowing others and so on... you did yours and we did ours.. but after a meeting with half of the students.. we UNITED! sharing all the things, all the news, all the happiness.. me myself felt so wonderful knowing all of them! thanks a lot to saeed the Arsenal man for trying hard to unite us.

p/s: can't wait for our 1st outdoor activities together! :)

camane nk start nih...