1 / 19

ITEC 5321 Information Systems Security Spring ‘07

ITEC 5321 Information Systems Security Spring ‘07. Slax KillBill Edition v5.1.8.1. Deepanwita Bagchi 03-03-2007. Agenda. Why is Security important? Role of NIST Different Technical Controls suggested by NIST What is a Live CD? SLAX KillBill Edition v 5.1.8.1

macha
Download Presentation

ITEC 5321 Information Systems Security Spring ‘07

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITEC 5321Information Systems SecuritySpring ‘07 Slax KillBill Edition v5.1.8.1 Deepanwita Bagchi03-03-2007

  2. Agenda • Why is Security important? • Role of NIST • Different Technical Controls suggested by NIST • What is a Live CD? • SLAX KillBill Edition v 5.1.8.1 • How to implement a technical control with SLAX KillBill live CD? • Q/A Deepanwita Bagchi

  3. "If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology." - Bruce Schneier Deepanwita Bagchi

  4. National Institute of Standards and Technology • Non Regulatory agency of the US Department of Commerce’s Technology administration • Suggests control categories to prevent, detect and recover IT systems from security threats. Categories are: technical, managerial and operational • Technical control are subdivided into three categories: Supportive, Preventive and Detective/Recovery Deepanwita Bagchi

  5. National Institute of Standards and Technology Technical Security Controls: • Support: • Identification • Cryptographic Key Management • Security Administration • System Protections • Preventive • Authentication • Authorization • Access Control Enforcement • Nonrepudiation • Protected Communications • Transaction Privacy • Detection / Recovery • Audit • Intrusion Detection & Containment • Proof of Wholeness • Restore Secure State • Virus Detection and Eradication Deepanwita Bagchi

  6. National Institute of Standards and Technology Technical Security Controls Deepanwita Bagchi Source: http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf

  7. Live CD? • Bootable CD with pre-configured software • Easy way to try out multiple operating systems without having to install them • Read-only CD, hard to tamper with • Wide range of distros to choose from while implementing a technical security control Deepanwita Bagchi

  8. My Choice? • Slax KilBill Edition v5.1.8.1 • Slackware Linux based liveCD • Pocket operating system, merely 204MB • Uses Unification File System (also known as unionfs), allowing read-only filesystem to behave as a writable one, saving all changes to memory. Why Slax KB? • Modularity • Speed • Easy CD/ USB creation Deepanwita Bagchi

  9. Default Features in SLAX KB v5.1.8.1 CD • Linux kernel 2.6 offering excellent hardware support • The newest ALSA sound drivers • Ndiswrapper for loading Windows drivers for WIFI cards • Madwifi drivers for native support for WIFI cards (Multiband Atheros) • KDE 3.5 desktop • Webconfig allowing you to save your session data to slax‘ web Deepanwita Bagchi

  10. Easy CD creation with MySLAX Deepanwita Bagchi

  11. Demo of Easy LiveCD Creation Deepanwita Bagchi

  12. Security Modules available in SLAX KB • 87 Security Modules available to choose from Source: http://www.slax.org/modules.php?category=security Deepanwita Bagchi

  13. Security Modules I Installed • BCrypt 1.1 • Ccrypt 1.7.7 • Ethereal 0.10.11 • Snort 2.6.0.2 • TrueCrypt 4.2a Deepanwita Bagchi

  14. Technical Control Implemented Protected Communications: Truecrypt & Ccrypt Deepanwita Bagchi

  15. Protected Communications (Contd…): Keyfile created Deepanwita Bagchi

  16. Protected Communications (Contd…): File to be encrypted Encryption command Deepanwita Bagchi

  17. Protected Communications (Contd…): Encrypted File Decryption Command Deepanwita Bagchi

  18. Protected Communications (Contd…): Back to original file Deepanwita Bagchi

  19. Questions / Comments? Deepanwita Bagchi

More Related