Вы находитесь на странице: 1из 19

THE UNIVERSITY OF DODOMA

COLLEGE OF INFORMATICS AND VIRTUAL EDUCATION

CS 215: INFORMATION SECURITY TECHNOLOGIES.


Instructor: Leonard Mtembei.

ASSIGNMENT
GROUP MEMBERS:
S/N NAME REG NUMBER COURSE
1 LUKANDA, PETER T/UDOM/2012/00494 BSc.CIS

2 JILALA, BUSH T/UDOM/2012/00032 BSc.CIS

3 MATSAWILY, SHINUNA J T/UDOM/2012/00055 BSc.CIS

4 SIMBA, EVANSI T/UDOM/2012/00028 BSc.CIS


QUESTION 1.
After visiting a popular online electronic commerce (Amazon.com),we were just try to place
several items in the shopping cart such as books, shoes, iPods and clothes and then go to check
out, when we reach the screen that asks for credit card number and right click on the web browser
and then select “properties”, we found that:-
 The cryptosystems used to protect the transaction was TLS 1.0, RC4 with 128 bit
encryption (High); RSA with 2048 bit exchange for connection.

 The protocol used to protect the transaction was HyperText Transfer Protocol with
Privacy.

1
QUESTION 2.
After repeating Exercise 1 on www.ebay.com Web site, we found that the site use same protocols,
through the different cryptosystem for encryption this because was differ for those one that used
in exercise one in such a way that:-
 This site use the different cryptosystem used to protect the transaction, involve TLS 1.0,
AES with 256 bit encryption (High); RSA with 2048 bit exchange.
Through www.ebay.com.After put the shoes item in cart and purchase it we found this,

2
This appeared after sign in and continuing to buy selected items in the cart, through pay with a
credit card.

 The protocol used to protect the transaction was HyperText Transfer Protocol with
Privacy.
Both www.amazon.com and in www.ebay.com use the same protocol as HyperText
Transfer Protocol with Privacy (https).

QUESTION 3.

After searching the Web for steganographic tools, we found different types of steganographic
tools such as steganography studio 1.0.2, Xiao Steganography 2.6.1 , File Mask 1.2_,Xidie
Security Suite , SecureKit 1.7.1.0827, MAXA-Security-Tools V 2.X, Pictricity 1.10,
Steganography v2.0, !Steganography Processor Pro 1.0, Our Secret 2.0.1.0630, and
!Steganography Processor 1.0. But we download the first one which is steganography studio 1.0.2
and after installing it and try to embed the file text with the image , and making comparison side-

3
by-side there was no any different observed interm of size as well as color between the original
image and the image embedded with the file text .

Also we installing Steganography v2.0 among of the versions in steganographic tools, through the
following procedures.

 Installation of the Steganography v2.0, after downloading it.

 Creating SOLUTION text file and embed it within an image called GIFT.

4
 To decrypting the embedded GIFT image were considered after the receiver to get it.

 Side-by-side comparison of the two images

Original image

5
The size is 589 KB.

Image with embedded file

The size is 598 KB.


The difference between the original image and the image with the embedded file is the total
size of contents of these images, embedded file image seems to have larger size than original
one in difference of 9 KB.
But do to its appearance was closely the same for both original and embedded file image.

QUESTION 4.
By using the Internet, the application that are commercially available to enable secure remote
access to a PC, it seems that there are a lot of many application that are commercially available to
enable secure remote to access a PCs, but the following are the top 7 application that are well
known and more applicable in enabling secure of the remote access to a PCs:-
1. GoToMyPc.
This is one of the popular remote access applications. It automatically configures itself to your
computer and you can access your computer from anywhere in the world with a computer running
on Windows, Linux or even Macintosh, you can also control your computer with a Windows
enabled mobile device giving you the freedom of access and control. Data transfer between the

6
computers is encrypted with AES using 128-bit keys and password protection giving you
maximum security. You can even use hardware like printers and other hardware devices to print
documents. To share files and folders between systems, just drag and drop the files or folders
across the screen to share them.

2. LogMeIn
You can try this application if you are looking for a free remote access application to control your
computer or remote desktop viewing. When using this application, you can access your computer
from virtually any browser or from any wireless devices that can access internet. LogMeIn free
version does not support file sharing and hardware sharing or remote printing but LogMeIn Pro
does support all these functions.

3. Team Viewer.
This application allows you to control any computer through web – all you have to do is run the
application on both the systems. You can use this application to give business presentations to your
partners or customers. By drag and drop, you can easily transfer files between computers. In
addition, this application can work to any kind of the firewall.
4. PC now.
This is special for remote control application and online backup service then. This application
works on any Windows and Mac systems and you can also remote access computers through web
from Windows and Mac systems and even from your mobile. You can also invite a friend to assist
you with the computer or to share your desktop remotely. Now you can control your hardware’s
like web cams and printers using this application so that you can see what is happening at your
home or print documents remotely, High security features.
5. Radmin.
This application is completely compatible with Windows Vista. It has high-level security using
2048-bit key size. The data is securely transferred between the computers giving hackers no
chance. It works at high speeds, it automatically adjusts with change in the internet speeds. It
supports text and voice chat so someone can stay in touch with the people on the network.
6. Anyplace Control.
This utility gives the freedom of controlling any computer from virtually anywhere in the world

7
with a computer that has internet access. Someone can view the desktop of the remote computer
on the local computer using this application. It’s very easy to use and install. Supports file transfer
by drag and drop method and you can even print documents using printer on the remote computer.
It works even on the systems running on a dynamic IP address. Using this application.
7. Remote Computer Access.
This software allows you to access and control your computer from any other computer that is
connected to the web or you can control computer on local network. This application supports
multiple connections at a time and you can access remote computers in real time.

QUESTION 5.
By using a Microsoft Windows 7 system, after opening the Internet Explorer and then Click
On Internet Options on the Tools menu. There are different contents of the Security and Privacy
tabs which are explained as:-
--At the security tab we found different contents which are:-
internet
local intranet
Trusted sites
Restricted sites
Followed by other buttons which are labeled as customer level, default level, reset all zones
for default level as well as three buttons which are ok, cancel and apply.
--At the privacy tab we found different contents which are labeled as:-
sites
Import
Advanced
Default
settings
Followed by other by three buttons labeled as ok, cancel and apply.

8
In order to configure the tabs mention above (security and privacy tabs), the following
configuration should be applied for each of:-
(a)Content filtering
We may select the security tab and then select one of the zone for view or change security settings
that may be one of the internet, intranet, trusted sites or restricted sites ,
 Internet zone is the zone that based on the internet websites, on this zone we may found
different security levels such as high, medium-high and medium, but we may select the
medium-high level for the better performance of the contents filtering, this is because it is
appropriate for most websites, it prompts before downloading potential unsafe contents
and because it will not be able to download the unsigned ActiveX .we did not select high
level and medium level because high level does not prompts before downloading
potentially unsafe contents, but in other hand we did not select medium level because it not
appropriate for the most websites.

 Local intranet zone, refer to the zone that is used for all websites that are found to the
intranet. We found different security level such as high, medium-high, medium, medium-
low and low. But it is better to select the medium-high level for the better performance of
the contents filtering, this is because it is appropriate for most websites, it prompts before

9
downloading potential unsafe contents and because it will not be able to download the
unsigned ActiveX, this is because other level tends to allow the contents to run before
prompting you to download them. After setting the level of security you may use the setting
that shown on the figure below:-

 Trusted sites is the zone that contains websites that you trust not to damage your computer
or files, here we found five levels of security which are high, medium-high, medium,
medium-low and low. But it is better to select the medium-high level for the better
performance of the contents filtering, this is because it is appropriate for most websites, it
prompts before downloading potential unsafe contents and because it will not be able to
download the unsigned ActiveX. We did not select other security levels because other level
tends to allow the contents to run before prompting you to allow them to be downloaded,
in addition you may specify the website you want to add as an example for
http://www.youtube.com as shown on the figure below:-

10
 Restricted sites refers to the zones that might harmful your computer or damage your files,
here we found five levels of security which are high, medium-high, medium, medium-low
and low. But it is better to select the medium-high level for the better performance of the
contents filtering, this is because it is appropriate for most websites, it prompts before
downloading potential unsafe contents and because it will not be able to download
unsigned ActiveX and then you may click the site button that allow you to enter the website
that you want to restrict from receiving any kind of contents from it, example you may
restrict any kind of website that you wish that it contains unsafe contents ,example it is
“https:www.facebook.com” you may add this to the zone by clicking the add button at the
Right hand side of the small window.

11
(b) Protection from unwanted items like cookies
Here you may select any level of security level according to what you want to protect those kind
of cookies. Example you may select any kind of security level such as block all cookies, high,
medium high, medium, low or accept all cookies as and then click the apply button and then ok.

12
QUESTION 6.
By using the web and searching for software firewalls, the various alternatives available are
examined and compared in term of their functionality, cost, features and type of protection starting
from simple home firewalls up to the most sophisticated Enterprise firewalls, but some of the
software firewalls that are compared according to the specification above are such as :-
Cisco IOS, Comodo Internet Security Complete, Intego VirusBarrier, IPFilter, IPCop, IPFire,
pfirewall,KasperskyInternetSecurity,LavasoftPersonalFirewall,MicrosoftForefrontThret,
ManagementGateway, Monowall, Netfilter/iptables, Norton 360, NPF, Online Armor,

13
PersonalFirewall, OutpostFirewallPro, PCToolsFirewall Plus, PF, pfsense, Smoothwall,
SophosUTM, SunbeltPersonalFirewall, SygatePersonal Firewall, Untangle, Vyatta, Windows
Firewal, WinGate, Zeroshell and ZoneAlarm.
Therefore after examining and comparing the above mentioned software available interm of cost,
features and type of protection starting from simple home firewalls up to the most sophisticated
Enterprise firewalls it seems that Comodo Internet Security Complete is the most one compared
to other to other kind/types of software which available and more frequently used, this is due to
the specification as well as the features that it contains.

The products ranking for top ten software firewall.


NO. FIREWALL NAME PERFOMANCE(RATING)
1. Comodo Internet Security Complete 9.18
2. Agnitum Outpost Pro Firewall 8.80
3. Kaspersky Internet Security 8.63
4. ZoneAlarm Pro Firewall 3.73
5. Total Defense Internet Security Suite 3.45
6. Norton Internet Security 1.35
7. Bitdefender Internet Security 1.33
8. eScan Internet Security Suite 0.93
9. Norman Security Suite 0.78
10. McAfee Internet Security 0.73

QUESTION 7.
The rule(s) necessary for both the internal and external firewalls to allow a remote user to access
an internal machine from the Internet using the software Timbuktu.
a) Rule necessary for the external firewall to allow a remote user to access an internal

14
machine from the Internet using the software Timbuktu.
Software Timbuktu using port number 407 or 1419, the protocols are TCP and UDP
outbound.
--Rule
Source Source Destination Destination Protocol Action Description
Address Port Address Port
Anywhere Any 10.10.10.1 407 TCP/UDP Allow All Packets from remote user
through port 407 allowed
Anywhere Any 10.10.10.1 1419 TCP/UDP Allow All Packets from remote user
through port 1419 allowed

The snoop shut for firewall configuration.

b) Rule necessary for the internal firewall to allow a remote user to access an internal
machine from the Internet using the software Timbuktu.
Software Timbuktu using port number 407 or 1419, the protocols are TCP and UDP
outbound.

15
--Rule
Source Source Destination Destination Protocol Action Description
Address Port Address Port
Anywhere Any 10.10.10.3 407 TCP/UDP Allow All Packets from remote user
through port 407 allowed
Anywhere Any 10.10.10.3 1419 TCP/UDP Allow All Packets from remote user
through port 1419 allowed

QUESTION 8.
The product specification for the IDPS features of ZoneAlarm after to Visit the product
manufacturer at www.zonelabs.com.
 The product specification for the IDPS features of ZoneAlarm
i. ZoneAlarm Extreme Security.
The most comprehensive security suite on the market for everything you do online.
ii. ZoneAlarm Internet Security Suite.
Multilayered security that keeps your PC safe.
iii. ZoneAlarm PRO Antivirus + Firewall.
Stop the toughest viruses and spyware.
iv. ZoneAlarm PRO Firewall.
Block hackers and intruders from accessing your PC.
v. ZoneAlarm Free Firewall.
A freeware version that includes a web and local network personal firewall with
outbound program control and port stealthing.
vi. ZoneAlam Free Antivirus + Firewall.
A freeware version that includes a Two-Way Firewall, Advanced Firewall,
Advanced Download Protection, and Identity Protection, and antivirus protection.
vii. ZoneAlarm PC Tune-up.
It Speeds up your PC.

16
viii. ZoneAlarm File & Folder Lock.
Involves Locks and password protects important files and folders on your PC.
 The IDPS features for ZoneAlam.
 Antivirus &Anti-spyware engine: to detects and blocks viruses, spyware, Trojan
horses, worms, bots and rootkits.
 Advanced Firewall to monitors programs for suspicious behavior by spotting and
stopping new attacks that bypass traditional ant-virus protection.
 PC Tune-up; for optimizes your device at higher performance.
 To stops data collecting companies from tracking you online.
 Scans your account and alerts to any privacy issues.
 Private browsing; by erases your tracks and allowing you to surf the web in
complete.
 Parental controls; for filters and blocks inappropriate websites and limits time spent
online.
 To prevents identity thieves from seeing your passwords and other keystrokes.
 Identity protection by alerts you if there are unauthorized changes in your credit
files.
 Online backup; to protect your data from hardware malfunction.

 The ZoneAlarm products which offer these features are:


a) ZoneAlarm Extreme Security; It offer all of these features.
b) ZoneAlarm Internet Security Suite; Offer some of the features.
c) ZoneAlarm PRO Antivirus + Firewall; It offer very few features.

QUESTION 9.
A key feature of hybrid IDPS systems is event correlation. After researching event correlation
online, define the following terms as they are used in this process: compression, suppression, and
generalization.

Event correlation refers to the techniques used in hybrid IDPS System for making sense of large
number of events and pinpoints the few events that are really important in that mass of
information.

Compression Event refers to first step of correlation step as well as filtering where by

17
generated by the correlation engine containing individual events it present, event needed to be
delayed for some time to allow compression .

Suppression Event refers to operation of suppressing a certain events depending on the content
of the event correlation engine, the aim of this operation is to remove or hide a certain events if a
specific events pattern occur.

Generalization Event refers to the forwarding a more general event rather than specific event
although no new information is generated, this can be useful to delete a common -root cause for
multiple events.

QUESTION 10.
The Forum of Incident Response and Security Teams (FIRST),
Is the organization with the forum’s mission concerned with the different security incidence occur
in community, commercial and in education organizations, also it providing the sharing of the
information among the membership through having the annual incidence conference response,
provides technical conversation among security experts. Also member are encourage to develop
the quality security products policies & services.

18

Вам также может понравиться