My Lecture 2

Today lecture, 20^th July 2009 talked about the authentication and basic cryptography. What is authentication? Authentication is verification of identity of someone who generated some data that relates to identity verification. In general, the process of identifying an individual usually based on a username and password. In security systems, authentication is distinct from authorization which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. So usually I would put my password more than 6 characters and I won’t wrote or login my password at everywhere.

Besides that, Mr. Zaki also asked us whether we know what phishing is or not. But our class seems like do not answer his question. He explained that typically, fraudsters will try to trick you into providing your user name and password so that they can gain access to an online account. Once they steal your password, they can use your personal information to commit identity theft, charge your credit cards, empty your bank accounts, read your email, and lock you out of your online account by changing your password.

Next, Mr Zaki talked about cryptography concept. A cryptographer will use cryptography to convert plaintext into ciphertext and a cryptanalyst will use cryptanalysis to attempt to turn that ciphertext back into plaintext. During lecture time, Mr Zaki gave us one question and he wants us to figure it out .That question is “YMJ KPJQ UWNHJ BNQQ NSHWJFXJ YT WH KTZW GD SJCY BJJP”.

My Lab 2

My IT Security Lab 2 on 21th July was quite interesting. Through this lab, I had been learning about the goals of Information Technology. In information security, it is refer to the protection of information and the systems and hardware that use, store, and transmit that information. After I was attend this lab, I found that although all of the operating systems such as Windows 9x version of Microsoft Windows, Windows Server 2003, or XP are compatible with FAT but local file security will be enabled ONLY IF you have NTFS installed. When doing my lab, I was following the instructions in the slides. Firstly, I was choosing to use the virtual machine to do my lab activity. Before start to do this lab, I need to be ensured that the Window Server 2003 is in NTFS format.

In Task 2, that was test the data confidentiality which provides protection to computer related assets from being used by unauthorized user. Its mean only the right person who has the authority can read, view, print, or even knowing the existing of the object. So, I was creating 2 user account s, User1 and User2 with password protected and a folder named “Confidentiality” and created a folder named UserFolder1 again inside “Confidentiality” for my User1. After that, I changed the UserFolder1 folder properties and security settings. When I logged on as User2, I found that it was denied access to see the content in folder UserFolder1.Next; I done my task 2 in lab 2 which is testing the data availability. In this task, I created a folder named “Availability” and the folder User2Folder and changed the properties and the security settings again just same like the task 1. Thus, I logged off the Administrator and logged on as User2.Wao~ I can access the folder! After finished, I logged off User2 and logged on as administrator and delete the User2 from local security database. Then, I created a new user again that also named User2 then logged off. When I logged on as User2, I cannot access to the folder User2Folder.You know why? Because the old User2 account is no longer listed. So, availability makes sure authorized user can access information at any time without any failure. Information that is not available to the authorized user is useless.

Finally, I was doing the last task to test the data integrity. What means by Data Integrity? Integrity ensures data can be modified by authorized parties and by authorized mechanism only. Information can be added, updated or deleted; hence it must be done in a correct ways and by the right person to ensure the correctness and validity of the information. So, I logged on to the Windows 2003 Server as User1. Same with the task 1 and task 2, the new folder called “Integrity” was created. Inside User1Folder folder, I also created a “New Text Document” with wrote some sentences. After I saved it then logged off. I was log on as User2 and navigate to the User1Folder folder and remove or add some words from the New Text Document and try to save it. Do you think could I save it? The answer is NO! Conclusions, I know how important the security is.

My Lab 1

My lab 1 is about the introduction to Virtualization and VMware.VMware Workstation can be downloaded from http://www.vmware.com/download/ws/. Virtualization is a proven software technology that is rapidly transforming the IT landscape and fundamentally changing the way that people compute. Virtualization lets users run multiple virtual machines on a single physical machine, sharing the resources of that single computer across multiple environments. Different virtual machines can run different operating systems and multiple applications on the same physical computer. I knew the steps to install the VMware through this lab. VMware Workstation makes it possible for PC user to use Multiple Operating Systems Concurrently on the Same PC. User can create and run multiple virtual machine on desktop or laptop computer. VMware Workstation let you create a virtual machine that can be installed with different kinds of Operating System. Each virtual machine visualized a complete set of PC, including Memory, HDD, network connections, peripheral ports and processor. In this Lab 1, my course mate and I were installing Window Server 2003 on virtual machine. We were followed the steps in Lab 1 slides and Window Server 2003 was installed successfully. After the installation process was finished, I saw the windows server 2003 login page. To get the mouse pointer back to host desktop, I was type CTRL + ALT on the keyboard. After finished the installation, we had to do our review questions.

My First Lecture

Mr Mohd Zaki bin Mas’ud is my IT Security lecturer. My first lecture is about the introduction to information security. Mr Zaki had explained that security is the quality or state of being secure that is to be free from danger and to be protected from adversaries or from those who would do harm, intentionally. Besides that, he said that Information Security is the protection of information and the systems and hardware that use, store, and transmit that information. The security areas are detection, prevention, and recovery. Mr Zaki also explained some security architecture, security principles, security policy, security attacks/ threats. The security attacks have classified into 2 that are passive attacks and active attacks. Moreover, the methods of defense, controls are explained in the slides. Those are encryption controls, software controls, hardware controls, policy, physical controls and effectiveness controls. In the other hands, security services are include authentication, access control, data confidentiality, data integrity and non- repudiation. Mr Zaki said security services are very important so we need to remember these services. Mr Zaki also talks about the security mechanisms. Due to the technology era today, information security is made more importance implemented in most of organization. Studying information security is also importance due to the demand career in this area.