Archive for August, 2008

 

Java object deep copy..

Aug 29, 2008 in Java

This is the equivalent of C++ ‘memcpy’ for Java..

http://javatechniques.com/blog/low-memory-deep-copy-technique-for-java-objects/

And also, a faster variant:

http://javatechniques.com/public/java/docs/basics/faster-deep-copy.html

Software development methodologies notes..

Aug 26, 2008 in Engineering, Software

From http://en.wikipedia.org/wiki/Software_development_methodology

  • 3.1 Waterfall model
    .. is a sequential development process, in which development is seen as flowing steadily downwards (like a waterfall) through the phases of requirements analysis, design, implementation, testing (validation), integration, and maintenance.
  • 3.2 Prototyping
    .. is the framework of activities during software development of creating prototypes, i.e., incomplete versions of the software program being developed.
    .. Not a standalone, complete development methodology, but rather an approach to handling selected portions of a larger, more traditional development methodology (i.e. Incremental, Spiral, or Rapid Application Development (RAD)).
  • 3.3 Incremental
  • 3.4 Spiral
  • 3.5 Rapid Application Development (RAD)
    .. is a software development methodology, which involves iterative development and the construction of prototypes.
    .. Key emphasis is on fulfilling the business need, while technological or engineering excellence is of lesser importance.

Setting the MAC address..

Aug 15, 2008 in Embedded, Linux, Network

On an embedded board (TS7260) I was testing, it turned out
that the MAC address of the network adapter was all FFs.

As a result, I was not able to network to the board at all.

Here is how to set the MAC address:


$ ifconfig eth0 down
$ ifconfig eth0 hw ether 00:80:48:BA:d1:20
$ ifconfig eth0 up

From http://linuxhelp.blogspot.com/2005/09/how-to-change-mac-address-of-your.html

Generating ssh host keys ..

Aug 15, 2008 in Linux

$ cd /etc/ssh
$ ssh-keygen -d -f ssh_host_dsa_key -N ""
$ ssh-keygen -t rsa -b 1024 -f ssh_host_rsa_key -N ""

CISSP TOC Part 1 ..

Aug 15, 2008 in CISSP, Security

Domain 1: Access Control Systems and Methodology 25
Domain 2: Network and Telecommunications 26
Domain 3: Security Management and Practices 28
Domain 4: Applications and Systems Development 28
Domain 5: Cryptography 29
Domain 6: Security and Architecture Models 29
Domain 7: Operations Security 29
Domain 8: Business Continuity and Disaster Recovery Planning 30
Domain 9: Law, Investigation, and Ethics 31
Domain 10: Physical Security 31

Chapter 1. Access Control Systems and Methodology 33
..Discretionary Access Control 40
..Mandatory Access Control 40
..Lattice-Based Access Control 41
..Rule-Based Access Control 44
..Role-Based Access Control 45

..Access Control Models 49
….Bell-LaPadula 49
….Simple Security 49
….Star Property 50
….Biba 50

..Identification and Authentication Techniques 53
….Passwords 53
….One-Time Passwords 54
….Challenge Response 54
….Biometrics 54
….Tickets 54
….Single Sign-On 55

..Access Control Methodologies 56
….Centralized/Remote Authentication Access Controls 56
….Decentralized Access Control 56
….Domains 57
….Trust 57

..Methods of Attacks 59
….Brute-Force 59
….Denial-of-Service 59
….Spoofing 60
….Sniffing 60
….Monitoring 61

..Intrusion Detection 61
….Types of Intrusions 61
……Host Versus Network 61
……Passive Versus Active 62

..How Intrusion Detection Works 63
….Signature Matching 63
….Anomaly Detection 63

..Penetration Testing 65
….Penetration Testing Versus Security Assessments 65
….Ethical Issues 66
….Performing a Penetration Test 66

..Common Tools 67

Chapter 2. Telecommunications and Network Security 87

..The Open Systems Interconnection Model 95
….The OSI Layers 96
….Figure 2.1. The OSI model. 97
….Application Layer 98
….Presentation Layer 98
….Session Layer 99
….Transport Layer 99
….Network Layer 99
….Data Link Layer 100
….Physical Layer 101

..Coax 104
..10BASE-2 Specifications 105
..Figure 2.3. 10BASE-2 connectors. 105
..10BASE-5 Specifications 105
..Unshielded Twisted Pair 106

..Network Topologies 112
….Linear Bus Topology 112
….Star Topology 114
….Ring Topology 115
….Tree Topology 116
….Mesh Topology 117

….LAN and WAN Technologies 117
….Ethernet 118
….Token-Ring and FDDI 120
….Attached Resource Computer Network 121

….LAN Devices 122
….Hubs and Repeaters 122
….Switches and Bridges 122
….VLANs 123
….Routers 125
….Firewalls 125
….Figure 2.13. Packet-filtering firewall. 128
….Figure 2.14. Screened-host firewall. 128
….Figure 2.15. Screened-subnet firewall (with DMZ). 129
….Figure 2.16. Dual homed host firewall. 129

..Gateways and Proxies 130
..WAN Technologies 131
..Dedicated Connections 131
..Circuit-Switched Connections 132
..Packet-Switched Connections 132
..Cell-Switched Connections 132
..WAN Services 133
..Point-to-Point Protocol and Serial Line Internet Protocol 133
..High-Level Data-Link Control 133
..X.25 134
..Link Access Procedure Balanced 134
..Frame Relay 134
..Synchronous Data-Link Control 134
..Integrated Services Data Network 134
..Digital Subscriber Line 135
..Switched Multimegabit Data Service 135
..High Speed Serial Interface 135
..WAN Devices 136

..Providing Remote Access Capabilities 137
..Client-Based Dial-in Remote Access 137
..Using Tunneling As a Security Method 138
..Virtual Private Networks 138
..Client-Based VPNs 138
..Site-to-Site VPNs 139
..VPN Protocols 140
..Remote Access Authentication 141
..Networking Protocols 142
..Transmission Control Protocol/Internet Protocol 142

..Figure 2.19. The DoD model versus the OSI model. 142
..Application Layer Protocols 143
..Transport Layer Protocols 143

..The CIA Triad 146
….Security Boundaries and Translating Security Policy to Controls 146
….Trusted Network Interpretation 147
….Network Layer Security Protocols 148
….Transport Layer Security Protocols 149
….Application Layer Security Protocols 149
….Network Monitoring and Packet Sniffers 150
….Intrusion Detection 151
….Intrusion Response 153
….Network Address Translation 153
….Transparency 155
….Hash Totals 155
….Email Security 155
….Facsimile and Printer Security 156
….Common Attacks and Countermeasures 156
….Class A Abuses 156
….Class B Abuses 157
….Class C Abuses 158
….Class D Abuses 158
….Class E Abuses 159
….Class F Abuses 161

..Fault Tolerance and Data Restoration 162
….Managing Network Single Points of Failure 163
….Cable Failures 163
….Topology Failures 164

Chapter 3. Security Management and Practices 191

..Defining Security Principles 197
….CIA: Information Security’s Fundamental Principles 197
….Confidentiality 197
….Integrity 198
….Availability 199

..Privacy 199
….Identification and Authentication 200
….Passwords 201
….Figure 3.2. Authentication using an asynchronous token device. 202
….Nonrepudiation 202
….Accountability and Auditing 203
….Keystroke Monitoring 203
….Protecting Audit Data 204
….Documentation 205
….Security Management Planning 206
….Risk Management and Analysis 207
….Risk Analysis 208
….Table 3.1. Basic Risk Analysis on a $10,000 Asset 208
….Identifying Threats and Vulnerabilities 209
….Asset Valuation 210
….Table 3.2. A Sample Calculation for ALE 214
….Qualitative Risk Analysis 215
….Countermeasure Selection and Evaluation 215

..Policies, Standards, Guidelines, and Procedures 218
….Information Security Policies 218
….How Policies Should Be Developed 219
….Define What Policies Need to Be Written 219
….Table 3.3. Sample List of Potential Policies 220
….Identify What Is to Be Protected 220
….Identify from Whom It Is Being Protected 221
….Setting Standards 221
….Creating Baselines 221
….Guidelines 222
….Setting and Implementing Procedures 222
….Examining Roles and Responsibility 224
….Management Responsibility 224
….User Information Security Responsibilities 224

..IT Roles and Responsibilities 225
….Other Roles and Responsibilities 225
….Understanding Protection Mechanisms 227
….Layering 227
….Figure 3.5. The layered zones of the Bell-LaPadula protection module. 227
….Abstraction 228
….Data Hiding 228
….Encryption 228

..Classifying Data 230
….Commercial Classification 230
….Table 3.4. Commercial Data Classifications from Highest to Lowest 230
….Government Classification 231
….Table 3.5. Government Data Classifications from Highest to Lowest 231
….Criteria 232
….Creating Procedures for Classifying Data 232

..Managing Change Control 233
….Hardware Change Control 233
….Software Change Control 234
….Security Awareness Training 235

Chapter 4. Applications and Systems Development Security 249

..Software Applications and Issues 254
….Challenges of Distributed and Nondistributed Environments 254
….Nondistributed Systems 254
….Distributed Systems 257
….Examples of Distributed Systems 257
….Massively Distributed Systems 257
….Malware for Distributed Systems 258
….Managing Malware 259

..Database and Data Warehousing Issues 260
….Data Models 262
….Database Issues 263
….Figure 4.3. Creating a view-access to information can be controlled. 265
….Special Considerations for Data Warehouses and Data Marts 265
….Storage and Storage Systems 266

..Storage Area Networks 269
….Figure 4.5. Creating SANs zones allows the maintenance of access rights when new SANS are added and therefore can assist in securing data. 270

..Knowledge-Based Systems 270
….Developing Expert Systems 271
….Techniques for Determining Answers in Rule-Based Expert Systems 271

..Web Services and Other Examples of Edge Computing 272
….Grid Computing 272
….Web Services 273
….Attacking Software 276
….Attacks Against Password Databases 276
….Denial-of-Service and Distributed Denial-of-Service Attacks 277
….Figure 4.6. The classic smurf attack. 278
….Figure 4.7. Distributed denial-of-service attack. In the diagram, the attacker is controlling multiple PCs or zombies to attack another PC, the victim. 279
….Spoofing 280

..Miscellaneous Attacks 280
….Illegitimate Use of Legitimate Software 281
….Network Software 282
….Understanding Malicious Code 284
….So, Who’s a Hacker? What’s Malicious Code? 284
….Hackers, Crackers, and Phreakers 284
….Real Problems and Pseudo Attacks 285
….What Protection Does Antivirus Software Provide? 285
….Implementing System Development Controls 287
….System Development Lifecycle 287
….Waterfall 287

Figure 4.9. Pseudocode. 289
Spiral Lifecycle Model 290
Figure 4.10. The spiral lifecycle model. 290
Rapid Application Development 291
Security Control Architecture 292
Best Practices 293
Using Coding Practices That Reduce System Vulnerability 294
Software Development Methodologies 294
Structured Programming 294

Computer-Aided Software Engineering 300
Impacting Security Through Good Software Design and Coding Practices 300

Case Study: Trustworthy Computing 304

Simple popup display widget ..

Aug 11, 2008 in Java, JavaUsage

import javax.swing.JOptionPane;
import javax.swing.JFrame;

public class JPopup extends JFrame {

    public JPopup(String msg) {
        JOptionPane.showMessageDialog(this, msg);
        System.exit(0);
    }

    public static void main(String[] args) {
        if (args.length == 0) {
            System.out.println("usage: JPopup message");
            System.exit(1);
        }
        new JPopup(args[0]);
    }

}

Setting date and time ..

Aug 11, 2008 in Linux

$ cd /etc
$ mv localtime localtime.0
$ ln -s /usr/share/zoneinfo/America/Los_Angeles ./localtime
$ /usr/sbin/ntpdate -b pool.ntp.org
11 Aug 10:06:43 ntpdate[3429]: step time server 128.10.19.24 offset -0.016644 sec
$ date
Mon Aug 11 10:06:46 PDT 2008

See page for setting the hardware clock with ‘hwclock’.

Info from http://www.hypexr.org/linux_date_time_help.php

Linux USB drivers ..

Aug 07, 2008 in Linux

An intro to developing a USB driver for Linux

http://www.linuxjournal.com/article/4786

Setting up a shared directory in Linux ..

Aug 05, 2008 in Linux

1. Add users a common group

2. Change ownership of directory to the common group

chown -R common:common /xyz/abc/

3. Set the group sticky bit

chmod -R g+s /xyz/abc/

See http://www.cyberciti.biz/faq/linux-setup-shared-directory for more details.