Summaries

If you are not happy with your summary here please edit it as you see fit. If your summary is not here that's because I couldn't find it. Add it if you would like by editing this page. Hopfully this will help us all study for the exam.

Main Page Biometrics Social Engineering Worm Nimda DOS SSL Spyware Trojan Horses Copy Protection PKI Wireless Security Broadband Scanning Code Red Viruses Spoofing Steganography VPN Sniffers Firewalls Encryption Algorithms Smart Cards Carnivore Back Orifice Vulnerability Assessment Legal TEMPEST

1. Biometrics is identifying people by measuring their physical features or behavior
   1. Verifying identities with biometrics is and automated process
   2. 13 biometric areas:
      1. Fingerprinting
      2. DNA
      3. Retinal scan
      4. iris pattern
      5. signature verification
      6. keystroke dynamics
      7. voice pattern
      8. hand geometry
      9. face recognition
      10. ear shape
      11. body odor
      12. vein check
      13. palm prints
2. Biometrics are unique to each person, can’t be forgotten
3. PINs can be lost, stolen, or forgotten
4. Law enforcement started fingerprinting in early 19th century, 1st biometric study
5. The advancement of microprocessors key to biometric study
6. Electronic fingerprinting equipment and software:1997= $3,000.00, 2000= $500.00, 2002= $100.00
7. DNA testing is accurate but time consuming and expensive
8. Human eye operation
9. Retinal scanning considered the most accurate
   1. Require user interface
10. Iris scanning can be done from 1 foot away
    1. eye glasses don’t have to be removed
    2. Amsterdam Airport testing iris scan identification to shorten 10 to 30 minute passport wait to 10 seconds
11. Signature verification is done by Federal Express
12. Voice verification system being tested on 500 plus farmers in Ireland
    1. Used by U.S. Intelligence to pick up Usama Bin Laden’s cell phone conversations
13. Hand geometry future unknown
14. Facial recognition has great potential in curbing anti-terrorism and catching criminals
    1. DARPA aided development
    2. Template stored on 84 byte file called faceprint
15. Identification is one-to-many process
16. Verification is one-to-one process
17. Biometric terms to know
    1. Biometric Engine
    2. Claimant
    3. Degree of Freedom
    4. End User
    5. False Acceptance
    6. False Rejection
    7. Goats
    8. Genetic Penetrance
    9. One to Many
    10. One to One
    11. Response Time
    12. Throughput Rate
    13. Wavelet Transform

The threat of unauthorized access continually escalates as computers are accessed everyday. Technical security measures are used to counteract these threats, but hackers have discovered unethical methods to bypass them. This is called social engineering (SE). SE is the process of manipulating someone (psychologically) to obtain desired information, such as passwords. SE methods are classified into human-based and computer-based attacks. There are many methods of SE including impersonation (by phone or physically), dumpster diving, online, and office snooping to name a few. Dumpster diving simply involves searching through dumpsters for any useful information. Surprisingly, sensitive information such as outdated hardware, organizational charts, company phone books, printer ribbons, security manuals, etc. are known to have been thrown away. A common and well-known method is social engineering by phone. A common technique used is impersonating a new user. Help desks are often targeted this way since they are trained to help people. Sometimes users are attacked online. Attackers will send messages to users offering new software, that when executed, may take control of a user’s PC. Lastly, office snooping gives an attacker opportunity to search open offices for information. This attack method generally relates to insiders who have basic access (i.e. disgruntled employees). An advanced SE method is called reverse social engineering (RSE). Instead of the attacker asking questions from the users to obtain information, the users are asking the attacker questions. RSE normally involves: sabotage, advertising, and assisting. The attacker advertises he/she can correct a problem (i.e. with business cards), then later sabotages the system. The users may contact the attacker to assist them in fixing the problem; all the while the attacker is collecting bits of information. There are three basic measures that can be used to minimize chances of social engineering attacks: training, policies, and awareness. Training can provide orientation and classes to acquaint users about the various methods of SE and how to respond. Policies should clearly address procedures in regards to judgment calls or the proper handling (disposal) of sensitive information. On-going awareness programs such as pens, posters, screensavers, or newsletters can be used to constantly remind users to be aware at all times. An organization is only as good as its security. It defeats the purpose of having the best technical security measure if policies aren’t enforced or users aren’t trained to recognize social engineering attacks.

Worms are one of the biggest threats within the computer industry today. Worms affect the usefulness of computer networks and systems all over the world. A worm is malicious software that creeps its way into a system, infects the system or does what it was there to do and then propels itself onward to another system that is linked to the same network. In other cases a worm may have an executable file built in that causes it to utilize one of the major e-mail software programs to replicate itself to other computer workstations using e-mail.

Worms are one of the hardest vulnerabilities to combat within a network. The reason they are so hard to combat is because they are designed to enter a system undetected, execute their purpose and leave before they can be traced or detected. Usually after they are noticed they have long gone to another system. The damage the worm causes is usually what triggers the alert. Therefore the damage is already done. At this point an administrator would have to jump directly to the reaction and recovery phases.

The Nimda virus was a devastating worm that attacked the computer community on September 18, 2001. It was a flagrant attack on the Microsoft Corporation as well as the world. The document that follows allows you to see into how one computer system was affected. It will define the virus, show you how it attacks, and then give you ways to defend yourself against it. It will show you how this one computer system was fixed, and then lead you down the path to ensure you are not the victim of one of these attacks in the future.

Denials of Service Attack (DoS) are easy to execute. Online resources can be downloaded, to launch a DoS attacks all it takes is a readily available software program and a target network. There are three types of DoS attacks: those that exploit bugs in a TCP/IP implementation; such as the Ping Of Death, those that exploit weaknesses in the TCP/IP protocol; such as Floods and Land attacks, and brute-force attacks that flood a network with useless data such as Smurf attacks.

Based on the need for a secure connection to transfer private information over the internet, Netscape developed Secure Sockets Layer (SSL) as a means of establishing a secure pathway between a client and a server over an internet. Using standard internet protocols such as TCP/IP, information sent from one computer to another can be sniffed out and intercepted or viewed by hackers who are positioned along the path of transmission. SSL prevents such snooping by utilizing Public Key Encryption and Digital Certificates or IDs established by trusted Certificate Authorities (CA) to establish a server’s identity and enable the transfer of information in an encrypted form over the internet. Establishing a SSL connection involves four parts: the SSL request, the SSL Handshake, secure information transfer, and termination of the SSL connection. The request is made from the client computer utilizing port 443, a designated secure port, to the server which then sends its public key and digital certificate to the client. The certificate is validated against established criteria from the CA. Once the certificate is verified, the client and server communicate with each other to establish a mutually supported encryption algorithm and using this and the server’s public and private keys, generate a temporary set of symmetrical keys called session keys that can be used only during the current connection. The session keys will be used during the session to encrypt the message, while the server’s public and private keys will be used to authenticate the sender and the message. Once the session has terminated or the client is directed outside the secure connection, he or she is notified that they are leaving the secure connection. Different versions of SSL support different levels of encryption from 40-bit and 56-bit to 128-bit encryption. Secure Sockets Layer is not without problems and is not completely secure. SSL is the most commonly used secure connection method and 128-bit SSL offers possibly the best means of securing your information.

Topics researched in this report include an explanation of what spyware is, examples of different software containing spyware, how Congress is planning to put a stop to it, and actions a computer user can do to protect themselves from spyware. Explanation of Spyware Software, usually adware, which contains a Trojan horse has been nicknamed spyware, snoopware or malware. Spyware is an “independent, executable program on your computer that collects data about Internet usage without the user of the program knowing that the software is even installed and performing” (Tom-Cat, 2002). The main reason why spyware was started was to collect demographic information for advertising purposes (Counter…(1), 2002). Spyware has the ability to monitor keystrokes, scan files on hard drives, read cookies, change default settings, see what websites users visits and for how long, and is designed to send all this information back to a server owned by the author of the software (Tom-Cat, 2002). How Congress is planning to stop Spyware As of today, “spyware is not an illegal type of software” (Simply…2002). The Spyware Control and Privacy Protect Act (S3180) will require “manufactures of spyware software to give consumers clear and conspicuous notice, at the time of installation that the software contains spyware. Also, users will be aware of what information is being sent and to who, and all information must be sent and stored securely and encrypted, allowing users access to the information collected to correct any errors to ensure accuracy” (Krebs, 2000). Types of Spyware There are many popular software applications on the Internet that contain spyware. A few examples are: Radiate, Comet Cursor by Comet Systems, Cydoor, and Hotbar. How users can protect a computer There are several websites to go to that contain large databases of software names known to contain spyware are: spychecker.com, tom-cat.com surasort.com, spywareinfo.com, and idcide.com. Ad-aware is a free software that works very much like an anti-virus protection program, where it will scan your drives for spyware programs (Tom-Cat, 2002). Firewalls can also alert users of any spyware presence and its activities. Zone Lab is a firewall that monitors all Internet traffic, alerting the user of any software trying to transmit data leaving thought the Internet.

Trojan Horse was the term used by Dan Edwards, working at the National Security Agency, around 1972 to describe apparently benign macro or utility programs with undocumented side effects which have the capacity of violating security or being destructive. He named these programs, Trojan Horses, because of their need to be explicitly run by an unwitting user in order to perform their hidden side effects.

Since then, a Trojan horse has been defined as any malicious logic that is disguised as something innocent, such as a screen saver, game, or utility program. A Trojan horse is different from a virus (another form of malicious logic) in that the Trojan horse doesn't spread itself; thus they must be accepted and executed by the user before it causes damage. Additionally, antiviral programs don't always catch them; therefore, there probably exists a lot of infected users who have no idea their computers are harboring Trojan horses.

To create a Trojan program, all you need is a little knowledge of any programming language and the desire to violate another person's property. Trojan Horses can be written in any programming, macro, or scripting language and for any computer system in use.

Trojan horses can do anything that the owner or user can do. This includes: deleting files; transmitting files to the intruder; installing other programs, such as viruses, worms and other Trojan Horses; and executing attacks to increase the intruder's privileges. And if the intruder can gain administrative privileges and access to the operating system, then he or the Trojan Horse is able to do anything that the system administrator can do.

Trojan Horses are spread are through download bulletin boards or web sites, arrive as file attachments by e-mail, internet chat rooms, instant messaging, and copies of pirated software. Other forms of installing Trojan Horses are tricking users or system administrators into installing or running the Trojan Horse, as copies of legitimate software that have been altered, by tricking users to connecting to their site by exploiting the Domain Name System, by collections of malicious software toolkits, Trojan Horse compiler programs, and any web content such as Java applets, JavaScript, and ActiveX controls.

Preventive actions that you can use against Trojan horse attacks begin with being certain of both the source and content of each file you download. You shouldn't blindly download from people or sites which you are not completely sure about. Also unhide file extensions and never use features that automatically get or preview files. Additionally, never type commands that others tell you to type or run programs or scripts, and avoid downloading executable programs just to check them out.

Further precautions or rules to follow are: don't execute anything sent by unsolicited e-mail; use caution when executing Java applets, JavaScript, or ActiveX controls from web pages; use firewall and virus scanning products that include scanning for known Trojan Horses. System administrators should verify every piece of software that is installed is from a trusted source and arrived unmodified, apply the principle of least privilege in daily activities, and review the source code to any open source products. Additionally, administrators should test new software on safely conditioned computers and keep several generations of backups.

Everyone should stay current with vendor security patches for all installed software, from office applications to firewalls. To further reduce their risk, home users with DSL or cable connections should turn them off when not actively in use. Possibly the single most important thing you can do avoid becoming victim to Trojan Horses is to educate yourself about them.

Since the beginning of time, history has been recorded and passed down by word of mouth, engraved on stone tablets, and carved onto cave walls. However, as time progressed, new forms of recording evolved through technology and innovation. The creation of the printing press, videocassette recorders (VCR), tape recorders, copy machines, and now, digital recording is accessible to almost everyone. Today, much controversy and heated debate has plagued companies with many new technological issues. An issue that has since received much attention is the piracy of DVD movies, musical CDs, and the downloading of free music from the Internet. Piracy has ignited an ethical controversy that has opened the eyes and ears of people all over the world. Within this summary, I plan to define piracy and list some copy protection methods.

According to the American Heritage College Dictionary, piracy is the unauthorized use of reproduction of copyrighted or patented material. With piracy on the rise, numerous companies have invested heavily in digital watermarks, Content Scrambling System (CSS), holograms, BMG’s Anti-Copying Technology, and Microsoft’s Four-Pronged Approach to Fighting Piracy. Every time a new copy protection method is developed, hackers and pirates find ways of bypassing the copy protections. All in all, it’s a constant tug-of-war match between the pirates and copy protectors.

PKI is the long-term solution for Internet requirements for information integrity and digital signature to certify legal, commercial, official, and confidential transactions. PKI ensures confidentiality, data integrity, authentication, and non-repudiation. PKI uses digital certificates that contain both a public and a private key. Public keys are available to everyone, while private keys need to be securely maintained. Companies called Certification Authorities (CA’s) issue digital certificates. The digital certificates are encrypted into long prime numbers referred to as keys. Two keys are involved – a private key, which only you have access to, and a public key, which can be accessed by anyone. The keys are generated using a mathematical algorithm to encrypt and decrypt the data. You can generate you own keys, but CAs have better resources and tighter controls that can generate higher-quality key pairs in a central system and can perform the backup and archiving of key pairs. The X.509 is the most widely recognized standard certificate format. Certificates have a start and expiration date that is part of the CA’s policy, yet certain circumstances can cause the CA to revoke the certificate prematurely. When a certificate is revoked, the CA published this information on a Certificate Revocation Listing (CRL). These CRLs are normally published periodically at regular intervals, but can be published as needed (off-cycle) or can be maintained on-line.

NTT DoCoMo’s cell phone Internet system named “I-mode” adopted public key infrastructure. Public key encryption is more secure than previous symmetric encryption. In symmetric encryption, a sender and a receiver use the same key. In public key encryption, a sender and a receiver use different keys. Therefore, it can maintain better security. Wireless network is being largely spread instead of wired local area networks. One of the major technologies for wireless network is Bluetooth. Bluetooth adopted key management with private link key, private encryption key, and PIN code. Link keys are unit key, combination key, master key and initialization key that are 128-bit random numbers. Encryption key is separated from authentication key for shorter encryption without weakening the strength of authentication procedure. PIN is a user selected or fixed number, normally 4 digits in length. Bluetooth adopted device authentication and packet encryption, too.

Broadband is defined as Internet access with speeds capable of transmitting at speeds over two megabytes per second. Current broadband connection available for public use is Cable and DSL. These are considered “always on” connections. This feature is a major security concern because it increases the time online for hackers to locate your system and less time they need to do their intended damage.

Cable Internet connection is very similar to a local area network and must incorporate similar security precautions. Cable users are stuck with the same IP address unless their Internet service provider has the DOCSIS technology to change IP addresses when the computer is turned on. DSL connection using existing phone lines but converts some or all of the information to digital rather than analog. This technology automatically changes IP addresses every time it connects to the Internet, but keeps the same address while the computer system is connected. This is a high area of concern of security for broadband users in general.

Knowing the level of protection provided by your Internet service provider will assist you in determining the provider that best suits your needs for security. Using profiles and limiting access on small business and home computers is one step in protecting your system from hackers. Firewalls, routers, antivirus software are protection methods available for purchase. Knowing how to adjust your security levels on software installed will increase security. Updating virus definitions is critical to the maintenance phase of broadband security. Combining all these precautionary measures will deter hackers and protect your system from unwanted attacks.

Scanning is a powerful technique that often favors the crackers because they only have to find one way in order to accomplish their goal. The use of unsecured modems is one of the easiest ways for a cracker to get into a network. To find such a modem a cracker would use a war dialer or daemon dialer, a technique that dials telephone number after telephone number. The THC scan is one of the most popular war dialer used by crackers, it can dial any range of telephone numbers with the ability to provide cracker numerous options. Defenses against war and daemon dialers are to simply change or check all modem dial-in settings before installation.

Port scanners are used to determine which ports active or listening on the target system. One of the most featured port scanners is Nmap. Nmap provides basic IP packet fragmentation which allows the cracker to evade some system IDS. The Intrusion Detection System is a program that monitors and captures all the data on a network. Nmap offers a variety of different scan packets that when activated could cause the targeted system to become flooded or even crash. Firwewalk is a tool that allows a cracker to determine which packets are allowed through a packet filtering device, such as a router or firewall. One way to defend against Firewalk attacks is to strengthen your firewall configuring it with a minimum set of ports allowed through it. Legion is a NetBIOS scanner that is used to show file shares across a large ranges of IP addresses.

Once the cracker connects to the system, Legion displays all the shared files and devices of that system, leaving the cracker with total access. Before a cracker can hack into any system he must know how to get in. A vulnerability scanning tool knows what many systems vulnerabilities look like, and by having this information it goes out across the network checking to see if any of these vulnerabilities are present on the targeted system. Many crackers choose Nessus because it is a free, open source vulnerability scanner that allows you to write your own vulnerability plug-ins.

• www.worm.com! Hacked by Chinese! will appear on your screen.
• A worm is a program or code that propagates itself and moves to different Operating Systems by means of networking. Code Red(II)Targed window systems, 2000, NT, servers running IIS.
• The average worm will do 3 basic functions to a system; it will search for a home (a system), establish some type of interface with that system, and finally it will begin to transfer its program or code to it's new home
• Code Red's a worm that took computers by storm in the year 2001. And then after the initial Code Red was created Code RedII was created
• It is a worm that travels from one computer to another not as a file, but as a running process. Code Red tried to deny the United States White House and the Pentagon service to connect to the outside world.
• wild "The measurement of the number of independent sites infected, the number of computers infected, the geographic distribution of infection, the ability of current technology to combat the threat, and the complexity of the virus" (http://www.symantec.com/avcenter/blended_threat)
• Code Red would send a code as an HTTP request. The HTTP request would open a buffer-overflow vulnerability. By doing this, the worm can run on your computer. It would save not as a file, but it would be inserted into your computer and then ran directly from memory.
• Code RedII was said to be even more dangerous than the first Code Red.
• "The Code RedII worm code will be successfully executed only on a Win2000 system running a vulnerable IIS server, WinNT- based IIS servers will simply crash when attempting to execute the worm code".
• The most damaging property of this new worm is that the worm creates a back door on an infected server, leaving the system wide open to any attacker.
• How aggressively the worm attempts to propagate itself depends on whether or not Chinese is the language installed on the system. If Chinese, the worm creates 600 threads and attempts to spread for 48 hours. If non-Chinese, the worm creates 300 threads and attempts to spread for 24 hours. (http://grc.com/codered/coderedii.htm)

According to Jeffrey Kephardt from Scientific Journal, “ Computer viruses replicate by attaching themselves to a host (a program or computer instead of a biological cell) and co-opting the host’s resources to make copies of themselves” (www.sciam.com, Nov 97). Viruses can infect over 1 million computers in a short period of time because of the ease of transport. In 1987, a DOS virus, called "The Brain", infected the boot sectors of floppy diskettes. It became obsolete when the PC industry invented systems that booted from hard disks. In 1989, "The Stone Virus", which infected the boot sector of the hard disks, surfaced. Several other viruses surfaced and underwent the birth rate and death rate cycle. The birth rate refers to the creation and spread of the virus and the death rate refers to the decline and curtailment of the virus.

There are 3 classes of PC viruses: file infectors, boot-sector infectors, and macro viruses. 85 percent of all known viruses are file infectors, according Gregory Sorkin from Scientific American. Once the application is run, the virus executes and attaches to the computer's memory so it can infect other applications. Boot sector infectors account for 5 percent of all known viruses. The viruses execute when the computer boots because memory reads them from the hard disks or diskettes. Macro viruses are the most rapidly spread viruses because they attach themselves to the scripts embedded in a document.

Gordon from IBM identifies 4 categories of virus writers: the adolescent, the college student, the adult, and the ex-virus writer. He explained that the college student and the adolescent are morally and ethically sound; however, they see no correlation between their virus and its effects. The adult, though small in comparison, does not value ethics and will only stop writing viruses if the punishment is severe. The ex-virus writer, bored and preoccupied with other hobbies, no longer writes viruses but was uncertain whether virus writing should be illegal.

McAfee, an anti-virus company, advises users to verify and authenticate the sender of e-mails and not to open any attachments if they do not recognize the identity of the source. They also advise to disregard and delete junk e-mails and to virus check any files prior to downloading them.

Antivirus technology fall into two categories: generic and scanning. Generic programs were designed to monitor and detect behavior consistent with a virus; however, it could not differentiate an actual virus from file behaving like a virus. Scanning programs monitor and curtail the effect of viruses because it understood the difference between an actual virus and a file behaving like a virus. It also searched files, boot records, and memory for any pattern indicative of a virus. Antivirus technology is now automated and more effective. Programmers have developed more sophisticated means of detecting viruses. Among them is the use of DNA of viruses as well as the extraction of high-quality signatures through the measurement of the frequencies of the short byte sequences. Programmers are also exploring how they can strengthen the use of cryptography to render systems impenetrable.

Spoofing definition: Spoofing is a person or a program that assumes the identity of another person or program. This false identity is used to either convince the victim to grant services were permissions that she should not have, or to implicate someone other than the attacker. Spoofs are not limited to computer systems. Any systems or processes that does not verify identity could become the victim of a spoof. (Pipken)

Three different ways to spoof:

IP spoofing

to gain access, intruders create packets with spoofed source IP addresses. This exploits application that use authentication based on IP addresses and leads to unauthorized user and possibly root access on the targeted system

Physical spoofing

Things like false ATM machines.

URL spoofing

The attackers first trick is to rewrite all of the URL’s on some web page so that they point to the attacker server rather than the real server. Assuming the attackers server is on the machine www.attacker.org, the attacker rewrites a URL by adding http://www.attacker.org to the front of the URL. For example, http://home.netscape.com becomes http://www.attacker.org//home.netscape.com

Ways to protect yourself:

IP spoofing

The IP address attack is one of the hardest to protect against because if you use a filter you might be filtering out legitimate customers and as of yet, there is no solution to the hijacking problem. However you can limit the damage of these attacks. The key is detection: “you can monitor packets using a network-monitoring software such as netlog”

Physical spoofing

If you put your ATM card into a machine and you do exactly what you have done a hundred times before but this time the ATM does something funny like malfunction or keep your card or anything else out of the ordinary report it immediately.

URL spoofing

URL rewriting can be blocked by using certain software and by setting up your systems configuration properly.

Steganography is a covert form of communication. It is an attempt to shroud messages by hiding their very existence. Steganography is not necessarily a new form of secret communication. In fact it has been around longer than codes and ciphers. Several examples of steganography include hidden inks and microdots.

What does steganography have to do with twenty-first century information systems? Recently, steganography has been used to refer to a process used to hide secret digital information inside of seemingly innocent digital files. Steganography takes advantage of unused or insignificant areas of data, replacing them with information such as a PGP signed and encrypted message. The files can then be exchanged without anyone knowing what really lies inside of them. An image of a person on his or her web page might contain a private letter to a friend. A recording of a company's jingle might contain the company's plans for world domination. Steganography can also be used to place a hidden "trademark" in images, music, and software; a technique referred to as watermarking.

Because steganography is often overlooked, it is rarely protected against and frequently goes undetected. Steganography is a channel in which an organization's valuable information assets can simply stream out of a secure network without detection. Organizations with firm security policies in place to protect information might subject their employees, working with secret information, to communications screening. However, these individuals certainly have non-secret communications that probably pass freely in and out of their protected realm. The communications are screened but because they contain no sensitive material they are not blocked or filtered. From outward appearance they do not contain private information but what if an employee had been embedding company secrets in these files? A security breach has occurred.

How this covert information is hidden in these innocent files is quite interesting. One of the most common forms of steganography is hiding text information inside of an image file. The easiest and most common method of doing this is called least significant bit insertion (LSB). Any given pixel in a typical image file has three values associated with it. These values are the red, green, and blue light intensities for that pixel. LSB takes the last bit of information from each of the values and modifies it. The change is extremely subtle and often cannot be detected by the human eye. Later the last bit of each value is extracted and assembled to create the hidden message.

A virtual private network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. A VPN enables you to send data between two computers across a shared or public internetwork in a manner that emulates the properties of a point-to-point private link.

VPNs have proven popular because they offer operational savings while maintaining the security associated with private network infrastructure. Using a VPN, a traveling worker or branch office can be connected to the corporate network with a local phone call, providing significant savings over using long distance, 800 numbers, or leased lines. Security is maintained because the VPN uses a secure tunneled connection, allowing only authenticated users access to the corporate Intranet.

VPN solutions offer 128-bit encryption within the United States, with 40-bit encryption supported overseas where permitted by law. A Virtual Private Network can be described as the ability to tunnel through the Internet or other public network in a manner that provides the same security and other features formerly only available on private networks. With tunneling, a message packet is encapsulated within an IP packet for transmission across the public network, with the encapsulating information being stripped off upon arrival at the target network, such as the corporate local area network (LAN).

Security Issues: PPTP- The Point-to-Point Tunneling Protocol (PPTP) was designed to provide the lowest Total Cost of Ownership. PPTP runs well on a wide variety of hardware, supports password authentication, and does not require implementation of a certificate infrastructure. L2TP and IPSEC- Layer 2 Tunneling Protocol (L2TP) and Internet Protocol Security (IPSEC) are designed to provide the highest possible security. Consequently, these VPN solutions require deployment of a Public Key Infrastructure, and require a Pentium-class processor. VPN allows organizations to take advantage of the convenience and cost savings of tunneling through public networks, without opening the door to unauthorized access.

The basic principle of firewalls is that it keeps everything outside from getting inside, and it allows users on the inside to get outside easily. Three different types of firewalls are packet filters, circuit level, and application level (or proxies). Packet filters either authorizes or blocks packets based on a specific policy. They are the simplest, yet least secure type of firewall, and many routers offer this function. Packet filters are useful, but it is also easy to make mistakes and they are hard to manage. In a circuit level type, the network programmer makes the necessary code that the computer carries out for all connections, and it validates connections before allowing data to be exchanged. Some connections are passed or not passed depending on the specific addresses of the destination or source, or specific time of day. The circuit level type is more secure than packet filters, but not as secure as application level ones, and an advantage is that they can understand what is in a packet. In the application level, or also called proxies, a security region is formed between the Internet and the internal network. This type of firewall acts like a server to a client, and a client to a destination server. Advantages include the fact that details of the internal network may be kept hidden from the external network details such as host names and IP addresses.

1. Q. What is the main difference between block and stream ciphers?
   A. Block ciphers encrypt data in fixed block sizes usually 64 or 128-bits at a time. Stream ciphers encrypt data one bit at a time.
2. Q. What is a one-way function?
   A. An algorithm that is easy to perform in the forward direction and difficult to perform in the reverse direction.
3. Q. What principle are public-key encryption systems based on?
   A. A difficult mathematical problem where the public and private keys are linked.
4. Q. What are hash-functions most frequently used for?
   A. Digital signature.
5. Q. What is the most common asymmetric encryption algorithm?
   A. RSA
6. Q. What block sizes does DES use?
   A. 64-bit for data and 56-bit for key length.
7. Q. Which encryption method is best suited for disk and file encryption?
   A. Symmetric (private-key)
8. Q. Which Algorithm includes compression
   A. PGP

A smart card is a credit-card sized plastic card that is embedded with a computer chip. The two primary types of smart cards are contact cards and contactless cards. Contact cards X have an embedded micromodule on the plastic of the card. These cards have to be inserted into a reader with direct contact of the micromodule for transmission of data to take place. Contactless cards have the micromodule sandwich in between two plastic cards. It uses antennas to communicate with the reader. A contactless card only has to come into close proximity of the reader for transmission to occur. There are two other types of cards that are derived from the contact and contactless card: the hybrid card and combi card. The hybrid card has both the contact and contactless interface but the two chips are not connected. The combi card has a single chip with a contact and contactless interface. There are two types of chips used in smart cards: memory chips and microprocessor chips. Memory chip cards are non-rechargeable stored value cards; they can be viewed as removable read/write disks with optional security. Microprocessor chips are similar to those chips found inside all personal computers and when implemented in a smart card manages data via a card operating system. The key to having a completely secure smart card is to have security procedures followed all the way through the life cycle of the card. This starts with the manufacture and ends with the user. The fewer individuals involved with the development and handling of the smart card the less likely the data will be tampered with and the less likely bugs will occur. There are prevention measures put in place to help protect the smart card from attacks, such as the card is implemented with strong cryptographic protocols to increase tamper-resistance. Another prevention measure that should be put into place is to limit the number of times a person can enter an invalid PIN before denial of service occurs. A more aggressive measure would be to program the card to store the history of the use of the card and detect any pattern change. A flag of some sort can be raised if unusual usage is detected, such as requiring the user to notify the issuer before additional use is allowed. Attacks on smart cards take place for many different reasons but mainly for financial gain. Attackers of smart cars have a slight disadvantage to attackers of PC's because they have to gain physical access to the card. Even after the attacker gains access to the card they still do not have access to any secret information required to activate the card. Another disadvantage is the attacker is on a tight time constraint. It will not take long for the card holder to realize the card is gone.

Define a packet sniffer: A packet sniffer is a wire-tap device that plugs into computer networks and eavesdrops on the network traffic Who has access to commercial sniffing programs: network managers to aid in network maintenance and by hackers What is the best defense against sniffing: implementation of a strong encryption tool

BO2K is a remote administration tool developed by the hacker group called, “Cult of the Dead Cow.E BO2K is a “backdoorEprogram that consists of a client and server. This tool works on all current windows platforms and can be either rewarding or harmful to you computer system depending on how it is being used. BO2K has been classified as a Trojan Horse program because people commonly use this program to crack into other people’s systems. BO2K is an open source program and is constantly being modified with plug-ins to make this program one of the most powerful back door programs in the industry. BO2K is relatively small file of about 100K and is easy to download which makes this program very dangerous to internet users who are not cautious of what they download.

The Freenet is a means to perpetuate the free flow of information while maintaining anonymity on the Internet. It is a computer system or environment that removes the control of that system by any one server i.e. Internet service provider or government agency. It uses a peer to peer network system and it turns the users personal computers into mini information servers that serve information requested by other users Providing anonymous use of information and no-one individual or group could know exactly where the information at any one time. The system will maintain its solidarity by systematically adding this information to every computer within the freenet that the information passes through. The user downloads the program, installs it, and allocates a portion of his or her hard drive to the use of the Freenet. It then encrypts that portion of the hard drive and they are ready to use the freenet. Some of the security issues involve governments, business and private sectors of information security. The government and business issue entails having secret information or intellectual property posted to the freenet that cannot be removed easily if at all from the freenet. The private sector issues are that of what the PC user is actually responsible for on his computer even if they have no idea what is store there. Also whether or not the information stored on a PC is actually untraceable over the network. There of course is probably many more security issues that could be exploited if put into the capable malicious hands of the Ueber hacker.

As computer technology has developed, network technology has also advanced remarkably. The fact brings us convenient lives so far. We are enable to get cash any time by using the ATM, and we use credit cards almost anywhere, thanks to the development of an on-line network system. Our lives tend to be computerized. At the same time, computer crime, such as stealing a company’s valuable information, or breaking into a system to manipulate an account, is increasing. Therefore, network security is considered as one of the most important issues today. SATAN is one of the tools for uncovering networks’ security holes and available free over the Internet. Satan might help a lot for network security administrators who worry about invasion of networks by unscrupulous parties. However, I don’t think this kind of product should be available free to anyone. It should be under control of some authorities, because some bad people could possibly use Satan as well.

In doing this paper I have researched what TEMPEST is, How it started as a Top-Secret Government Program to spy on the U.S. enemies abroad, and our own citizens! I also discovered how TEMPEST attacks are made, and what types of equipment are used in an attack. Finally, I will talk about how businesses and families can protect themselves from "Computer Espionage".

TEMPEST is the acronym for Telecommunications Electronics Material Protected from Emanating Spurious Transmissions The History of TEMPEST is over 50 years old I will discuss how ex-government spies were able to listen in to the emanations created from computer hardware and electronic devices. I will discuss what type of simple hardware is used to make the surveillance equipment, and show its ease of fabrication. Lastly, I will cover how we can protect ourselves, and business, from people recreating our sensitive information from these emanations.