LiveCD - University of Houston

Download Report

Transcript LiveCD - University of Houston

ITEC 5321 Process of Information Systems Security and
Application of LiveCD
Ming Chen
Department of Information & Logistics Technology, College of Technology, University of Houston
Knoppix STD is a security tools version of the popular
Knoppix Live Linux CD.
Abstract:
The course ITEC 5321 Introduction to Information
Systems Security introduces the principle of enterprise
information systems security. These principles are
examined within operational, technical, and
administrative contexts.
The essentials of risk assessment and analysis and risk
management process defined by the NIST SP 800-30
and the eight principles and fourteen practices of NIST
SP 800-14 are the instruction to set up the processes for
securing information technology system in an
organization.
The National Institute of Standards and Technology
(NIST) provides technical measurement and standards
infrastructure for securing information technology
systems and risk management guide.
LiveCDs with security tools are effective in applying the
security principles and practices and risk management in
information technology system. There are many
distributions of LiveCDs. Those LiveCDs have common
functions and their own specific contributions to the
information technology security system.
LiveCD and Open Source Tools are the based security
toolkits used for the course.
An appropriate protection system which can ensure the
security of all information of value, account for likely risks
and address them with countermeasures is needed by
an organization.
The LiveCD Project applies security principles and
practices.
Figure 2: Technical Security Control in the Information System
NIST and Information
Technology Security
System
The National Institute of Standards and Technology
(NIST) provides technical leadership for the nation’s
measurement and standards infrastructure.
The Special Publication 800-30 (SP 800-30) of NIST
is a “Risk Management Guide for Information
Technology Systems“,
The NIST special publication 800-14 explains the
generally accepted principles and practices for
securing information technology systems, which need
technical methods to implement.
Table 1: Comparing and Contrasting of Some LiveCDs
Focus
Some liveCDs have security tools (eg. Authentication;
Authentication; Cracker; Encryption; Forensics; Firewall;
Honeypots; IDS; Network Utilities; Passwords Tools;
Servers; Packet Sniffers; tcp tools; tunnels; Vulnerability
Assessment; Wireless tools,etc.) which facilitate risks
assessment, migrations and controls and the principles and
practices for Securing Information Technology Systems.
OSSLAX
Knoppix
Desktop, OS
replacement
Desktop, OS
replacement
Desktop, Education,
Security and Network
management
Brand new Linux
users who want to
test Live CD and
Linux.
Software
& Tools
PCLinuxOS uses the
Advanced Packaging
Tool (or APT), a
package
management system
(originally from the
Debian distribution),
together with
Synaptic Package
Manager, a GUI
frontend to APT, in
order to add, remove
or update packages.
LiveCD and Information Technology
Security System
A LiveCD is a computer operating
system executed upon boot, without
installation to a hard drive.
PCLinux
Audience
Live CD will not infect the computer with
virus and malicious software; Live CD
operation systems can also pretend the
data from accessing by hackers when
using the public computers.
Figure 1: The Process View of Risk Analysis and Risk
Management Areas
Conclusions
Last
Update
PCLOS Gnome
2.21.2December,
2007
Desktop & Server
Users, especially
who would like
cute desktop and
small-size USB
flash memory
stick to boot on
systems.
Slax has a suite of
modules with
different functions:
graphics,
multimedia,
games, office,
education,
network, security,
drivers and so on.
SLAX 6 Feb.,
2008
Wide users including
blind people with few
computer skills.
X multimedia system:
MPEvideo,MP3,Og
Vorbis Audio player
and xine. Utilities for
data recovery and
system repairs, even
for other operating
systems. Network and
security analysis tools
for network administrators. OpenOffice
for office using.
Knoppix 5.25.1.1
Aug., 2007
Windows
Manager
OpenOffice, Mozilla KDE/FLUXBOX KDE Window
Firefox
Manager
Available
Support
www.pclnuxos.com
www.slax.org
www.knoppix.org
References:
Schou and Shoemaker, Information Assurance for the
Enterprise: A Roadmap to Information Security ,, McGrawHill Irwin, 2007
http://www.knoppix-std.org/
http://csrc.nist.gov
Acknowledgments
I thank the instructor of this course, Prof. Crowley for his
help with the project, post design and lab instruction.
For information:
Please contact [email protected].
More information on this and related projects can be
obtained at my website http://flowing6.freehostia.com/