190 likes | 324 Views
ITEC 5321 Information Systems Security Spring ‘07. Slax KillBill Edition v5.1.8.1. Deepanwita Bagchi 03-03-2007. Agenda. Why is Security important? Role of NIST Different Technical Controls suggested by NIST What is a Live CD? SLAX KillBill Edition v 5.1.8.1
E N D
ITEC 5321Information Systems SecuritySpring ‘07 Slax KillBill Edition v5.1.8.1 Deepanwita Bagchi03-03-2007
Agenda • Why is Security important? • Role of NIST • Different Technical Controls suggested by NIST • What is a Live CD? • SLAX KillBill Edition v 5.1.8.1 • How to implement a technical control with SLAX KillBill live CD? • Q/A Deepanwita Bagchi
"If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology." - Bruce Schneier Deepanwita Bagchi
National Institute of Standards and Technology • Non Regulatory agency of the US Department of Commerce’s Technology administration • Suggests control categories to prevent, detect and recover IT systems from security threats. Categories are: technical, managerial and operational • Technical control are subdivided into three categories: Supportive, Preventive and Detective/Recovery Deepanwita Bagchi
National Institute of Standards and Technology Technical Security Controls: • Support: • Identification • Cryptographic Key Management • Security Administration • System Protections • Preventive • Authentication • Authorization • Access Control Enforcement • Nonrepudiation • Protected Communications • Transaction Privacy • Detection / Recovery • Audit • Intrusion Detection & Containment • Proof of Wholeness • Restore Secure State • Virus Detection and Eradication Deepanwita Bagchi
National Institute of Standards and Technology Technical Security Controls Deepanwita Bagchi Source: http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
Live CD? • Bootable CD with pre-configured software • Easy way to try out multiple operating systems without having to install them • Read-only CD, hard to tamper with • Wide range of distros to choose from while implementing a technical security control Deepanwita Bagchi
My Choice? • Slax KilBill Edition v5.1.8.1 • Slackware Linux based liveCD • Pocket operating system, merely 204MB • Uses Unification File System (also known as unionfs), allowing read-only filesystem to behave as a writable one, saving all changes to memory. Why Slax KB? • Modularity • Speed • Easy CD/ USB creation Deepanwita Bagchi
Default Features in SLAX KB v5.1.8.1 CD • Linux kernel 2.6 offering excellent hardware support • The newest ALSA sound drivers • Ndiswrapper for loading Windows drivers for WIFI cards • Madwifi drivers for native support for WIFI cards (Multiband Atheros) • KDE 3.5 desktop • Webconfig allowing you to save your session data to slax‘ web Deepanwita Bagchi
Easy CD creation with MySLAX Deepanwita Bagchi
Demo of Easy LiveCD Creation Deepanwita Bagchi
Security Modules available in SLAX KB • 87 Security Modules available to choose from Source: http://www.slax.org/modules.php?category=security Deepanwita Bagchi
Security Modules I Installed • BCrypt 1.1 • Ccrypt 1.7.7 • Ethereal 0.10.11 • Snort 2.6.0.2 • TrueCrypt 4.2a Deepanwita Bagchi
Technical Control Implemented Protected Communications: Truecrypt & Ccrypt Deepanwita Bagchi
Protected Communications (Contd…): Keyfile created Deepanwita Bagchi
Protected Communications (Contd…): File to be encrypted Encryption command Deepanwita Bagchi
Protected Communications (Contd…): Encrypted File Decryption Command Deepanwita Bagchi
Protected Communications (Contd…): Back to original file Deepanwita Bagchi
Questions / Comments? Deepanwita Bagchi