E-Business 28th May 2008

Question 1:

What is intrusion detection? (Intrusion = how the system detect when something come to the system)

With the exponential growth of internet and network computers, cybercrime has become one of the most pertinent problems in the computer world. All over the world, companies and governments are increasingly dependent on their computer networks and communications, hence the need to protect the system from attack. From online credit card, compromise computer server and other primary enormities have created a crowd of distrust among online customers. There is a need to find the best way possible to protect our information system.

A single intrusion of a computer network can result is lost, unauthorized utilization or modification of large amount of data and caused the paralyses of normal usage of the network communications. Intrusive behaviors can be categorized by different attack types. Intrusion Detection System (IDS) can deal with the compucational intelligence involved in realizing that some attacks are underway, alert the system administrator of its form and severity and perhaps take preprogram or adaptively learnt measures to prevent the intrusion.

Intrusion detection is identifying unauthorized users in a computer system. It is also define as a problem of protecting computer network systems from being compromise. In the early days of computing security was not considered a big concern for system and software design. The security problem which appeared in 1970 was mainly unauthorized users breaking into users account with the intention of stealing important information. Starting from the exponential growth of the internet from a network system and devices has make securities a major concern. Over the years, the network security community have developed several specialize system to secured network infrastructure that include network scanners, vulnerability analyzer, firewall and IDS.

Every system focuses on different aspects of providing protection with different functionality. Individually, the systems do not provide complete security, but on the other hand if a few of the system properties are combining and deployed throughout the network, they might provide robust security services.

Question 2:

What are the current threats on the network infrastructure?

The issues related to network security has been lingering for a long time now, specifically on the numerous potential threats to information on a network. Threats to network security range from harmless trend, demonstrating crime of destruction and theft. This threat can come from sources that are either internal or external to the network.

Internal threats to a network are a major source of strain on the level of security attained by that network. This threat generally comes from unethical employees in the organization.

External threats to network securities generally referred to as hackers, can be equally or view sensitive information, hackers must use password sniffers, IP flooping and e-mail attacks. Regardless of the method used to gain entry on through a network or view communication data. Hackers can fully jeopardize the network security and potentially to strongly damaged to the data and system within. The virus is potentially one of the most dangerous threats to network securities. Viruses can corrupt or destroy data, alter files and possibly bring a network to a grinding halt. (Halt = Stop)

Additional forms of malicious software such as Trojan Horse, Worms and Logic Bombs exist as threats to network securities. Recent threat for the network users us huge DDOS attacks. A denial of service can be launch in many different ways. This is to denial a victim (host, router or entire network) providing or receiving normal services in the internet.

Question 3:

What are the existing protection measures for network?

As the network growths faster, threats to the network also rise together. Unfortunately, the preventive measures of preventive techniques are not hardened and are unable to handle the issue raise by the threats.

The first method of protection is to address the actual physical layer of the network to assure that it is properly equipped. Physical security is an initial concern when designing a secured network. The easiest and best way of protecting important machines like servers is to secure them under lock and key. However, this is not a complete solution instead it should be use in parallel with other crimitive measures.

Additionally, firewalls and encryptions should be incorporated into a network to heighten the security. A firewall is a gateway to which information enter and exit. On one side of the feet side on the information needed from the outside world combine with the undesirable threats if external networks.

Encryption is a method to which network security is heightened and encrypted document cannot be raid by anyone who does not posses the key or formula that is used to translate the original text into chipper text. Use properly and in combination of this techniques to provide a concrete foundation for a secured network.

Question 4:

What are the desirable characteristics of any Intrusion Detection System (IDS)?

There are a few desirable characteristics based on (Sundaram 1996, Gross 1997, Jackson 1999, Base 2000) and most of the currently available IDS satisfied few conditions:

i) It must run continuously with minimum human supervision

ii) It must be fault tolerant. The system must be able to recover from system crashes

iii) It must resist subversion that must be significant difficulty for an attacker to disable or modify IDS. The IDS must be able to monitor itself and detect if an attacker had modified it

iv) It must be host only a minimal overhead on the system where it runs to avoid interfering with their normal operations

v) It must be configurable to accurately implement to security policies of the system that are being monitored

vi) It must be easy to be deployed. This can be achieve to portability to different architectures and operating system through simple installation mechanism

vii) It must be adaptable to changes in system and uses behavior overtime

viii) It must not flat any legitimate activity as an attack and must not be failed in any attack

Technically it is not feasible to build a system with the entire above characteristic as the hardware industry has not come of age to take this burden. Further processing of network packets need resources that there are more delegated. Also, the normal user profile might change from time to time as new network techniques come into the market. Consequently, any IDS must have constant updates about the normal user behaviors. Although IDS without human intervention is highly impossible at this moment, yet it is possible with minimum supervision.

E-Business Law 21st May 2008

Question 1:

What is Cyberlaw?

It is the law, governing the use of computers and the internet and focuses on a combination of a statutory decisions and administrative law arising out of the use of the internet as any other law. Cyberlaw can be in the category of criminal or civil, because crime and civil wrongs can take place in the cyber space. Cyberlaw has no traditional safeguards. Therefore, those who pioneer the new world of online commerce need to understand both the existing laws and those elements of the new environment.

Question 2:

Why is there a need for Cyberlaw?

In the current transition into the new virtual internet world of unseen parties and machine interactions, old laws are loosing their effectiveness to ensure that the innocent are protected and the guilty paralyzed. This happens when e-commerce becomes part of our daily life and the involvement in business or e-commerce is increasing from day to day. Old laws will not be sufficient to do justice in parallel with social and economic developments, naturally progressing with IT environment on the new economic front.

The laws we have today are based on environments and economist that existed decades ago. Much of these, legislations will no longer be relevant in the new economy. In the new, borderless world, contracts are concluded within seconds with machines making deals with other machines while playing the intermediary role for humans. The need for machine centric law is the internet has also created new areas that married governs. We need cyber laws that define how machines can co-operate better for our betterment.

Question 3:

What is the Cyberlaw legislative trend in Malaysia?

The emergence of cyber laws in Malaysia is at a fast phase. Malaysia, whose e-commerce market is still at its initial state, it is actually looking at us, UK and some other Europeans country laws as a basis of information in “enacting” the cyberlaws and as a possible role-model for the national approach and few legislations have been enacted in Malaysia concerning cyberlaws since 1997. They are:

i) The Digital Signature Act 1997

ii) The Telemedicine Act 1997

iii) The Copyright (amended) Act 1997

iv) The Computer Act 1997

v) The Communication and Multimedia Act 1998

In addition, the government has passed the data production of 1999. This act is intended to provide for protection or individual personal data rather than regeneration of industry.

Question 4:

What are computer crimes?

Computer crimes have been defined as an illegal act that involves the computers, its systems or its applications. It is an intentional act associated in any way with a computer where a victim suffered or could had suffered a lost and the “perpetrator” make or could have made again. Computer crime in other words is any illegal act for which knowledge of computer technology is essential for its perpetration, investigation or prosecution.

Computer crime may include,

i) Intrusion

ii) Password Sniffing

iii) Cyber stalking

iv) Computer sabotage

v) Mail bombs or identity theft

Password sniffers are program that monitor and record the name and password of network users as they login, “jeopardizing” security. On the other hand, cyber stalking is a computer crime of sending harassing or threatening email to others. These includes e-mail threats, e-mail bombs, sending unwanted message forged e-mail source address and in appropriate posting on message box. Cyber stalking usually targets woman and children.

Many agree that cyber criminals have to be prosecuted. However, securing a conviction is not that easy. Main obstacles are the trans-jurisdictional, nature of computer crime. Extra jurisdictional nature of computer crimes always gives rise to difficult jurisdictional issues. Example of case: R against Governs or Brixton Exparte Levin.

Question 5:

What is Internet Service Provider (ISP)?

ISP’s are organizations that have permanent connection with the internet and sell temporary connection to others for a fee. Such local ISP’s connect to regional host computers operated by national service providers. The ISP’s may be vulnerable for providing avenue for breaching copyright hosting pornographic material and defamation act 1988.

In Malaysia the ISP’s may be remediable under Section 211 and 233 of the Communication and Multimedia Act 1998 Prohibits Communication. However, do not give explanations as to whether an ISP liability depends on its function as a publisher.

Question 6:

Is pornographic materials posted by foreign ISP is a crime in Malaysia?

Under the Malaysian Penal Court, distributing pornographic materials is a crime. Section 292 and 293 of the Penal Court prohibits selling litany, distributing or circulating pornographic materials. The Communication and Multimedia Act 1998 prohibits communication of pornographic materials over the internet under Section 211 and 213. Under these two sections not only the content provider but also the service provider can be held liable for allowing transmitting and accessing off scene materials.

Question 7:

How the Malaysian courts, got jurisdiction to hear cyber law case?

The Malaysia court, has assigned by the Federal Constitution under Article 128 can hear civil cases if the course of action arose in Malaysia. The Malaysian Courts may have jurisdiction over non-resident defended if punitive co of action falls within the scope of OPER II (I) or RULE 2, of the rule of high court 1980. In addition the Malaysian courts under Section 121 of the criminal procedure court will have criminal jurisdiction of every offense that was committed within the local limits – REJONG NAM SENG (because of retired).

Question 8:

What is the future trend for cyber law?

There far too many technical features in cyber space that will certainly call for legal response. Therefore, there is a need to have sufficient comprehensive law to settle the misconduct civil breaches and criminal act. In enacting cyber law, one of the pain problems is the failure of the legislators to understand the nature of the internet how it is used in the online environment. Due to this failure law may be challenged in Malaysia as in the US and UK. Therefore, cyber laws have to be drafted with knowledge of the nature of internet even if it means a considerable burden. Since cyber activities involve trans-border and borderless activities, international efforts in this regards should be welcome.

IPv4 and IPv6

What is Internet Protocol?

What is Internet Protocol? Internet Protocol is a set of technical rules that defines how computers communicate over a network. There are currently two versions:IP version 4 (IPv4) and IP version 6 (IPv6).

What is IPv4?

IPv4 was the first version of Internet Protocol to be widely used, and still accounts for most of today’s Internet traffic. There are just over 4 billion IPv4 addresses. While that is a lot of IP ad-dresses, it is not enough to last forever.

What is IPv6?

IPv6 is a replacement for IPv4. It was deployed in 1999 and provides far more IP addresses, which should meet the need well into the future.

What are the major difference?

IPv6 is the number of IP addresses. There are just over 4 billion IPv4 ad-dresses. In contrast, there are over 16 billion-billion IPv6 addresses.The technical functioning of the Internet remains the same in both versions and it is likely that both versions will continue to operate simultaneously on networks well into the future. To date, most net-works that use IPv6 support both IPv4 and IPv6 addresses in their networks.

Who invented the Internet Protocol?

Vinton Cert
In a research paper published in 1974, Vinton Cerf and Robert Kahn proposed a protocol they called "TCP". Cerf and Kahn didn't realize it at the time, but the protocol they invented would later become IP, the official network-layer protocol of the Internet.







Robert Kahn
In May, 1974, the Institute of Electrical and Electronic Engineers (IEEE) published a paper titled "A Protocol for Packet Network Interconnection." The paper's authors -- Vinton Cerf and Robert Kahn -- described a protocol called "TCP" that incorporated both connection-oriented and datagram services.
.It soon became apparent to the two men that this design should be subdivided into two separate protocols. Session management was not easy to do in an application-independent way. In practice, an application could sometimes run more efficiently or be implemented more easily when it managed network connections itself. "TCP" became Internet Protocol (IP) that supported datagrams and Transmission Control Protocol (TCP/IP) that added connection semantics as a layer on top of IP.

Workgroup and Domain in Windows

Workgroup and Domain in Windows

Workgroup
A collection of computers that share resources, advised not more than 10 PCs.
Each computer has its own database located locally, maintains its own accounts, administration and security policies and shares resources with all other computers. In essence, all computers are of equal status.

Within a company, different departments may be workgroups and each may have a unique name to identify the workgroup.


Domain
A domain is a logical collection of computers that share resources. Somehow you need a SERVER that is responsible for managing security and other user-related information for the domain. This server allows login validation, by which a user logs into the domain and not into a single computer.

TCP/IP, Subnet Mask and Default Gateway

TCP/IP, Subnet Mask and Default Gateway

What is TCP/IP for?
Computers have a common "language" that they use to talk to each other on the Net, which is called Transmission Control Protocol/Internet Protocol(TCP/IP). its ability to connect together different sizes networks and different type of networking operating system.

When you are connected directly to the Internet, your computer accesses a copy of the TCP/IP language, as does every other connected computer regardless of their particular operating system. When your computer utilizes this language it can communicate with other computers.

TCP/IP
In OSI Model, TCP at Transport Layer manages the assembling of a message or file into smaller "packets" that are transmitted over the Internet and received by a TCP layer on the receiving computer that reassembles the packets into the original message.

The Internet Protocol (IP) handles the address of each packet so that it gets to the right destination.

Three important components to a TCP/IP address: IP address, subnet mask, and default gateway.

IP Address
Ip Address looks like: 172.16.52.63

There are classes for IP address; Class A, B, C, D, E.
Class A, B, C allocated by the InterNIC (http://www.internic.net/(http://www.internic.net)), the organization that administers the Internet. each of which can be divided into smaller subnetworks by system administrators.

How to identify the class of an IP address?
• Class A networks use a default subnet mask of 255.0.0.0 and have 0-127 as their first octet. The address 10.52.36.11 is a class A address. Its first octet is 10, which is between 1 and 126.

• Class B networks use a default subnet mask of 255.255.0.0 and have 128-191 as their first octet. The address 172.16.52.63 is a class B address. Its first octet is 172, which is between 128 and 191, inclusive.

• Class C networks use a default subnet mask of 255.255.255.0 and have 192-223 as their first octet. The address 192.168.123.132 is a class C address. Its first octet is 192, which is between 192 and 223.

• Class D & E for future use.

Subnet Mask
A subnet mask is used to divide an IP address into two parts.
One part identifies the host (computer), the other part identifies the network to which it belongs.

For example:
A subnet Mask: 255.255.0.0

The numbers that make up the subnet mask indicate which portion of the IP address is the network number and which portion is the computer number. The four numbers of the subnet mask correspond directly to the four numbers in the IP address.

if you had a computer with an IP address of 147.100.100.25 and a subnet mask of 255.255.0.0, the first two numbers in the subnet mask (both are 255) indicate that the first two numbers of the IP address are the network number. The second two numbers (both are 0) indicate that the second two numbers of the IP address are the computer number. Therefore, in the IP address 147.100.100.25, the 147.100 portion denotes which network the computer is located on, and the 100.25 portion represents a particular computer on that network.

Default Gateway
For computers on your network to talk to computers on another network, you need a default gateway. The default gateway is a computer to which other local computers send data that is destined for a non-local computer.

When computers attempt to communicate with other computers that are not local to the IP address range they belong to (the subnet they belong to), the local computers must send their data to the default gateway to be forwarded.

For Example:
Suppose you have a network with a node called Host 100 and a node called Host 200. Note that Host 100 is located on Network 1 and Host 200 is located on Network 2. Assume that Host 100 addresses and sends a packet to Host 200. After Host 100 checks its local routing tables and is unable to resolve the “path” to Host 200, it forwards the packet to the default gateway.

Windows Internet Name Service (WINS)

Windows Internet Name Service (WINS)

For clients who use the latest technology of Windows system, their PCs communicate with other Host on an Internet Protocol (IP) by using Domain Name System (DNS). However, clients that use older versions of Windows, such as Windows 95, 98, ME, NT 4.0, use network basic I/O system (NetBIOS) names for network communication.

So, in order for these PCs communicate properly nowadays, all these NetBIOS need to resolve into IP address. The Hosts(Servers) must have WINS installed to resolve NetBIOS to IP address for PCs which are still running the old version of Windows system and Unix boxes running Samba.

WINS features
WINS Server:
A computer that processes name registration requests from WINS clients, registers the client's name and IP addresses, and responds to NetBIOS name queries that clients submit. The WINS server then returns the IP address of a queried name, if the name is listed in the server database.

WINS database:
the WINS database stores and replicate the NetBIOS name to IP address mappings for a network.

WINS Client:
Computers that are directly pointing to a WINS server to register their NetBIOS name and to communicate with other computers registered with same WINS server on that network.

WINS proxy agents:
A computer that monitors broadcast for name query and give responds for all those names which are not located on the local subnet. WINS server communicates with the proxy for resolving names and then it caches the names for a particular time period.


How does WINS works?
As soon as a WINS client obtains the IP configuration from the DHCP server (or on bootup if the WINS server’s IP address was statically assigned), the WINS client issues a NameRegistrationRequest message to the WINS server. Unlike standard NetBIOS behavior, this message isn’t a broadcast. It is a message sent only to the primary WINS server and includes the client’s computer name and IP address.

The WINS server checks to see whether the computer name is listed in its database. If it isn’t listed, the WINS server assumes that it’s unique on the network and responds with a positive WINS name registration response.

The registration response includes a period called the time-to-live (TTL) during which the registration is valid. If the name isn’t unique, a negative response is sent to the client, and the WINS server sends a challenge to the name’s current owner. Typically, the computer that currently owns the name acknowledges that it is alive on the network and the negative response message informs the new computer that there is a conflict.