Seminar #5

Date: 24-Mar-2011

Venue: Lecture Room 2, N28

Speaker: Mr. Nizam Kassim

This time seminar was very interesting. To be honest, I think this was the only seminar topic that I gave 100% or maybe more attention! I even jot down almost 7 pages! ;)

Perhaps because of the topic, or perhaps the speaker contributes to this excitement in listening from beginning till end..

The talk was given by Mr. Nizam Kassim, experienced guy from Cyber Security Malaysia (CSM). Topic was about security & hacking.

I guess he got so many things to share, so sometime he jumped from point to point.. so if my writing is behave like that.. it's not my fault ok, I just followed his point. ;)

Ok, he started his talk with password issue. How strong is our password? How many of us sharing the same id & password with many applications? He recommend us to use 'password checker' to check password strength. We may use online software by Microsoft. I would never forget what he said.."password is like underwear, do not show. do not share." ;)

many hacking tools could be used to gain others user id & password. Hacker could use key smart, wireless discovery & wireless sniffing. All this tools could provide hackers with user password in clear text.

 

He continued by talking following his slides, started with classification of hackers. Basically there are 3 types of hackers

 1. Black hat - Hacking for negative purpose

 2. White hat - Hacking for positive purpose

 3. Grey hat - Could hack for both positive/negative purpose depends which give advantage to the hacker

There are 2 types of hacker's skill set.

 1. Script kiddies - use free tools from internet --> have limitation

 2. Skilled groups - develop their own tools

How Hacker thinks?

 1. Reconnaissance--> 2. Scanning --> 3. Gaining Access --> 4. Maintaining Access --> 5. Clearing Tracks

 

Then he briefly explained on the following legendary Hackers. 

 1. Kevin Mitnick - expert in exploiting human

 2. Malicious hackers - could be anybody

 3. Reformed hackers - Dark Dante, Captain Crunch, Captain Zap

He said, to be a hacker, one should have DETERMINATION! goals, persistence.

Some hackers hack for good purpose... We may visit some of the website or search for..

- hacker for charity.org

Ethical hacker (security professional)

 - metasploit

 - Kevin Johnson

 - Will hack for sushi

 - Escobies

 - InGuardians

Hacking Principles

 - Technology weaknesses

 - Human weaknesses

Hackers sees vulnerabilities from 4 point of views

 - Platform

 - Applications

 - Human

 - Access

Hackers may stealing info from victim or launching attack platform.

He then talk about available trainings that recommended to be an ethical hackers.

He stressed about wireless security issues. Especially free wifi. He briefly explained on wifi network environment, possible attacks & most target application. He suggested all of us to purchase commercial anti virus instead using free software as it is only have limited features, thus less protection.

He continue his talk with malware revolutions, starts from stand alone virus -> worms -> Zombies/trojan -> targeted attacks.

Jumped to Human based attacks & the scenarios which categorized as follow

 1. Internet banking

 2. Credit card scamp

 3. Cyber scamp

Webcam could also turn on remotely, as such he recommended us to cover the webcam if not in use.

Before breaks, as summary, he recommended us to update knowledge about security issue and take action towards it to avoid being a victim.

After the breaks, he explained further details on Wireless frequency. The topics included    

 1. Wireless standard & organization

 2. Physical layer transmission technology

 3. RF Fundamentals

 4. Wireless Threats

 5. Wire vs wireless threats

 6. Wireless attacks

He also talk about wireless discovery, sniffing & mapping. He advised us if to become hacker, we must learn Linux.

As we are all now doing our mini project in wireless security, many of us familiar wit netstumber. He informed us that we could locate/map our location in netstumbler to google  earth using software named Knsgem. This software will translate location from netstumbler log to google earth location.

Due to limitation of time, he could not show us how its been done. We all very frustrated as we want more from him.. :( 2 hours seems flying away very fast.

Prof. Hannan informed us that we will organize another talk with Mr. Nizam in some other time before study week.. He will keep us informed on the confirmation date & time.

Until we meet again Mr. Nizam. Thanks a lot for all the knowledge shared. It's very interesting & valuable. Thanks again & see you again.. soon... ;)

Seminar #4

Date: 02-Mar-2011 to 03-Mar-2011

Venue: Lecture Room 2, N28

Speaker: Mr. Usama

This time seminar was a talk by Mr. Usama from Egypt. He is doing research in Trusted Computing. He is very passionate on his work.. plus I guess he used to be a very good academician. What I could see, he will tried his best in explaining anything throughout his talk until he satisfied that we got the idea on what is he talking about.

He started his talk with few question on security issues.. How secure is our computer? our data?  We might secure our data with password or encryption.. but what happen if our data or laptop get stolen? Could we be sure that the hackers could not hack our hard disk or etc once they got the laptop/hard disk, with no time limitation?  This is what happen now. Currently system or data only protected using software-based security. There is yet or maybe very few take a look on hardware-based security/protection.

The whole talk is mostly about "Trust". He talked about Trusted Computing Background, Trusted Computing (TC), Trusted Platform (TP), Chain of Trust, Fundamental Features of Trusted Platform, Trusted Computing Group's (TCG) Specifications and Trusted Platform Module (TPM). I could not remember or jot down the details, as again... I was given the impression that the slide will be uploaded to Security Seminar blog.

I did remember that he shown us the mother board which having the Trusted component. With this features, he said, should someone tried to remove the hard disk and hack it using other that it's complete component, all data will be automatically deleted.

That's all I guess as far as I could remember.. for further details, we will have to wait for the slide ok. ;)

Seminar #3

Date: 24-Feb-2011

Venue: Bilik Kuliah 2, N28

Speaker: Mr. Dahliyusmanto Bin Matlan

Mr. Dahliyusmanto, another PHD student, talked about his research in Intrusion Detection System. I could see many interested faces in this class.. perhaps this is the topic that they were looking forward to hear.. good for them.. ;)

Honestly, I did not jot anything in his class, because I was given the information that his slide will be uploaded to the Security Seminar blog.. as such I just sit and listen.. well.. this situation really remind me on the following famous phrase..  "I hear and I forget..."

 

Ok, until i got the slide, that is all I could remember.. I will update this post once I got the slide.. sooo sorry.. ;)

Seminar #2

Date: 17-Feb-2011

Venue: Bestari Room 3

Speaker: Mr. Satria Mandala

Mr. Satria Mandala, another PHD student supervised by Prof. Hannan was the speaker for this time seminar class. An Indonesian guy. He has been doing the research in MANET for his PHD. MANET - Mobile Adhoc Network, is 1 of a popular wireless network. As it is wireless and mobile, many security issue could be found in this network. Continuous research by many researcher is carry out to enhanced the network security and resolve the issues.

 

Security issues in MANET could be divided to 2 types;

     - External attack VS Internal attack
     - Passive attack VS Active attack

 

Mr. Satria research is specifically about "Intrusion Detection Together with Critical Nodes Detection for Securing MANET". Security solution for MANET, in his opinion could be achieved by monitoring the system using Intrusion detection and encrypt the message routing.

He informed us that in order to secure the network, i.e. MANET, we first must know what kind of threat attacking the system. He roughly explained on few types of attacks.

      - Black hole attack --> most popular in MANET

      - Wormhole attack

      - Routing attack

      - Byzantine attack

      - Denial of Service

      - Impersonation

He mentioned about the simulator used in his research, however due to some technical problem, he could not shows us on that day. As such he could not explained further on his research & will be continue in some other session.

 

Prof. Hannan has appointed George to be in-charged for another session with Mr. Satria. Who ever interested in Mr. Satria's research may submit name to George..

I guess I was not that into his research, so I did not send name to George.. Nevertheless, thanks Mr. Satria for the knowledge sharing. Appreciate that! ;)

What is VPN?

Salam & hi all,

Suddenly its already comes to almost end of the semester!!! could you believe it?? huh!
I'll try to complete all the post before end of this semester.. not sure manage to do it or not.. but i'll try my very best.. since a lot more assignments yet to be completed & all need to be submitted by NEXT week!!!!
may Allah bless me.. ;)

After another month i put aside this blog, now let start with VPN..
What is VPN..? wikipedia really helps me a lot here.. ;)

A virtual private network (VPN) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users secure access to their organization's network. It aims to avoid an expensive system of owned or leased lines that can be used by only one organization.

It encapsulates data transfers using a secure cryptographic method between two or more networked devices which are not on the same private network so as to keep the transferred data private from other devices on one or more intervening local or wide area networks. There are many different classifications, implementations, and uses for VPNs.

This is the VPN Connectivity overview

 

VPN is not new to me.. I knew about this before in my previous company, but never tried it due to my job scope not really require me to log to company's system after working hour. So at that time I don't really understand the usage or benefit of VPN especially in security.

Attending the seminar from Mr. Khalid plus reading thru the information from internet has open my mind of the of VPN & it's benefit. I wish him all the best in his research. Thanks Mr. Khalid! ;))