www.learnbash.co.uk/learnbash.html

Final year project completed.

Project tittle : Development of an interactive computer based training that allows students to learn Bourne Again Shell (BASH) scripting language.

Main reason for the project is the lack of such products. Moreover the end product is also to help students undertaking Operating Systems module at University of East London and is expected to be used as a part of a practical sessions of that module, as well as any interested world wide web user

The application has been build using Adobe Flex Builder 4 and Actions Script 3.0.
The session were .ppt files converted into .avi and converted once more into .swf format which has been implemented in Flex.



The scope for this project is excellent and there is still plenty that is planned to achieve in the future. After all the bugs are fixed and application is stable, rest of the sessions are ready to be developed. That includes some interesting sessions such as Network Security or Firewalls where BASH would be used to automate some advanced tasks. Another crucial thing would be to expand console component not only to accepts strings as ‘cd /home/ and then while accessing ‘pwd’ to display that current directory but far more than that. A console that simulates unix text editor and allow user to write scripts and analyses them. At some point console component would have allocated disk space so that it can emulate file system and user can create, copy and move files which would be very useful in the session where the task is to move the users from one volume to another.
Moreover users could register on the website and keep record of the sessions they have completed and maintain the same emulated environment with their files etc. That will require additional disk space depending on the number of users.
Another aspect to enchant is to index the page with Google and do searching optimization tasks to make the web based training popular on the World Wide Web.
Android is gaining popularity and recently released 3.0 Honeycomb software designed especially for tablets. Tables average screen size is 10’inch and they have flash support (except Apple) therefore the application could be optimized towards tables if needed. (Geere, D. 2011)
Moreover Adobe Air package offers a possibility for converting this already made application to Adobe Air , that means that the application could be downloaded as a standalone application and run even without network connection.
New ideas for further enchantments are coming every day. There seem to be no ending.

Personal Reflections

To conclude the project has been successful even though the result is below personal expectation. Based on the users feedback there is still plenty to improve such as console component and other bits and pieces. There is still few bugs that were found during testing that need to be fixed before proceeding towards creating of more advanced sessions. Overall look of the web based training is pleasurable for the eye and attracts new users, therefore there is a big scope for future enchantments listed above. Due to some constrains there was less time for this project than expected and deadlines were really tight nonetheless successful. If there was anything that I would change with the application is better use of Action Script libraries and use classes such as event. COMPLETE rather than to start timers for each session. The attempt was made to make different way to make it work however Flex Builder version 4 has not been that stable. Time is needed for evaluation and sorting out the application component by component, which eventually will become superb.

Personal Development

Throughout the project I have learnt how to work really hard and meet my deadlines and especially how to use my time efficiently. I have learnt Bourne Again Shell scripting language, Flex syntax and ActionScript 3.0 which is a massive progress for me in such a short period of time. I have also developed the ways to think outside the box while quick research on PowerPoint and then conversion to video and then to flash. It was also very good for me to use these tools. Flex Builder 4 has been designed with the same GUI as eclipse did so it’s much easier for me now to write code in Java or PHP using eclipse after knowing all the tricks and being familiar with the interface and functions.

Sample of the code for session component.

protected function session1_clickHandler(event:MouseEvent):void
{
//clear interaction panel
interaction.removeAllElements();
// start timer and listener
var timer:Timer = new Timer(205000,1);
timer.addEventListener(TimerEvent.TIMER, ses1con1);
timer.start();
// add session .swf file to the loader.
interaction.addElement(loader);
loader.source="sessions/session1.swf";
// play mp3 for the session
snd = new Sound(new URLRequest("audio/session1.mp3"));
snd.play();

}

protected function ok1_clickHandler(event:MouseEvent):void
{
// victory mp.3 play for guessing correct answer
victory.play();
// display that correct answer was chosen
Alert.show("Correct answer! Keep it up!","Good",Alert.OK);
// clear interaction panel
interaction.removeAllElements();
interaction.addElement(loader);
// load session, sound and timer
loader.source="sessions/session1_1.swf";
snd = new Sound(new URLRequest("audio/session1_1.mp3"));
var timer2:Timer = new Timer(95000,1);
timer2.addEventListener(TimerEvent.TIMER, ses1con2);
timer2.start();
snd.play();
}


I would like to thank:

Mike Kretsis who is senior lecturer at University of East London and my project supervisor, without whose help and support throughout, this project would not have been possible.

My lovely partner Margareta for all the support and care she gave me.

All the participants who agreed and evaluated this project, even more for those who were critical.

Windows 7 god mode [old but worth to mention!]

shortcut to access various operating system control settings...quick source for navigation win 7

Create new folder and rename it to GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} and here's sample of what you get:

VmWare Server setup guide with IE8, Windows XP/7 installing Backtrack

VmWare Server setup isn't that too difficult however it may be a bit confusing for someone new to virtualization. I have created step by step guide by the end of which you should have your WM up and running.

Step 1:

Go to http://www.vmware.com/products/server/ to download the product.
You need to register and activate your account to receive a free license number.



Step 2:

After download , install VmWare Server (try to find some place to store all the data for new virtual machines, I have dedicated one partition for my testing)

After installation , click on the VmWare Server Home page icon in your 'All programs menu or desktop shortcut'. You will be warned by the browser that connection is insecure as ie can't locate appropriate certificate. Click to continue anyway. You will be prompted for user-name and password - it's your Windows administrator user-name and password.

Step 3:

Click to add virtual machine:



Step 4:

Select the name and continue:




Step 5:

Select Linux, other 32bit.



Step 6:

Allocate memory, recommended 256-512mb unless you have got 4GB+ RAM. (you may wat to run few vm's at the time)
Allocate volume space , if not sure give it around 8-10GB.



Step 7:

Accept default bridged connection.(You can leave it disconnected from the network if you plan to release any warms etc, a little bit of common sense)




Step 8:

I have selected to use my physical device as I have my os on the DVD, select ISO only when you have got ISO image.(You can edit these settings later, don't worry too much)



Step 9:

Select your CD/DVD Drive patch and don't use Floopy disk. (unless you have to?)
You should see this screen now:



You can see newly created Virtual Machine.



Step 10:

Select console tab and install the plug-in, after that restart IE8.
You would notice that you can't run VM due to the fact that browser still thinks that it's insecure.




Go to internet options - security - trusted sites and add your VM console patch as trusted , in my case that would be : https://valkyrie:8333/ui/ , When you restart the browser IE8 will still flag it as insecure however you Vm console should run:




Hope that helped. Feel free to contact me.

ITU X.800 brief overview

ITU X.800 is a security/threat model for end to end communication.
Standard consists of Planes and Layers as well as security dimensions to provide very efficient Architecture and security for end to end communication.
There are eight security dimensions addresses to network vulnerability which are listed below with brief explanation and a way of how can they be implemented:

• Access Control – as it can be understood by its name it controls the access to services such as routers, switches, firewalls etc. Implementation can be done in the configuration of such network element or host and for example linking authentication server with these elements.
• Authentication – request of proving subjects identity by for instance digital certificate.
• Non-repudiation – as far as I understand this section keeps the logs and has abilities to do some actions.
• Data Consistency – Provides for instance encryption based on our organization file classification to make sure that our sensitive data is protected.
• Communication Security – that’s security between point A and B. Uses of non-obscured protocols such as VPN so that sniffing or eavesdropping becomes very unlikely.
• Data integrity – checks that both incoming and outgoing data is correct – means for instance if we request 308kb we should receive the same size file on the destination host.
• Availability – makes sure that legitimate users have got access to all necessary network elements and application according to what they suppose to do (role).
• Privacy – provides again encryption of data as one way of implementation but also for instance Network Address Translation (NAT) to protect internal hosts and redirect all the incoming traffic to the border firewall.


Zachary Zeltsan,. (2005*). ITU/IETF Workshop on NGN

Java IpAddressLookup simple class

import java.net.*;
import java.util.*;
public class IpAddressLookup {

public static void main(String[] args) {
try
{

System.out.print("Please enter the address : ");
Scanner Sc = new Scanner(System.in);
String host= Sc.next();
InetAddress PC = InetAddress.getByName(host);

String hostname = PC.getHostName();
byte[] signed = PC.getAddress();
System.out.println("Hostname is : " + hostname);
System.out.println("Signed address is " + signed);
int unsigned;
System.out.println();
System.out.print("IP Address is : ");

for(int i=0; i {
unsigned = signed[i] < 0 ? signed[i] + 256 : signed[i];

System.out.print(unsigned + ".");
}
System.out.println();
}
catch (UnknownHostException e){
System.out.println("Can't find the IP Address or the hostname");
}}}

E-mail spoofing - brief

How easy is to spoof a e-mail address. All can be achieved by a simple PHP code accessible in many places across the internet. It often contains a html website layouts and signatures therefore it becomes even harder to detect. Most of the times it's being broadcast-ed to thousands at the time. Its a great tool to get some credentials or other personal information. It can also be used as a small clever denial of service attack depends on the target and aims.

$frm = "John@microsoft.com";
$attn1 = "Steve@bbc.co.uk";

$subject = 'Hi Steve';


$message = "
Hello x,

info,
malicious link

John \n
";
$from = "From: $frm\r\n";
mail($attn1, $subject, $message, $from);
?>

ISO 27001 (17799) - brief Overview

Security of information is essential for reliability, and perhaps even the survival of the organisation. Every IT infrastructure uses data clusters for storing the information and they are often being targeted by attackers who want to infiltrate their resources for many different reasons, quite often financial. It’s not as it use to be years ago where we had to deal with individual or group of individuals who where gaining access to classified documents for fun. Nowadays there are organisation having a proper managers and directors who hire programmers and make business by breaking into systems and stealing personal data. The security became even more important as much as complicated to fight as what we call now cybercrime.
ISO 27001/2 helps to manage a valuable resource of information and protects it.
ISO 27001/2 is the international standard that specifies requirements for information security management systems (ISMS) and it has been developed to ensure the selection of adequate and organised security measures are implemented at least at minimum level.
This helps in protecting information and give confidence to users, managers and directors of company that has implemented it. The standard process is based on the method of establishing, implementing, operating, monitoring, testing, maintaining and improving Information systems.
(Calder A., et al. Information Security Risk Management for ISO 27001/ISO 17799 ,2007)

ISO 27001 areas

• Security policy – controls the security structure with law and business requirements, it’s including two parts: information security policy document which shows overall approach and dedication of the organisation to their information security. Second part is the review of information security policy which is based on the first document and shows ongoing progress.

• Organization of information security – is quite detailed and important as it has ability to manage the information security within the company. It’s based on authorisation and accountability – rights are assigned to the job descriptions. Documents the rights for external services like auditors and provides user agreements and risk assessment for both internal and external authorities.

• Asset Classification and Control – is a set of policies which helps with protecting company assets. Provides some classification for the assets so it is obvious which information should be protected more than the other and also policies on which some assets may need to be disposed.

• Personnel Security – addresses a ways to reduce a risk based on human interactivity with the system. As nowadays we refer to code of conduct or terms and conditions of employment that are some of its implementation. It also defines rules in case of violation of its implemented policies.

• Physical and Environmental Security –as it can understood by its name controls the risk based on the premises of the organisation. All sets of health and safety tests, environmental hazards and most importantly it need to be classified so that for instance a payroll officer hasn’t got physical access to Data Centre unless his job description entitles him to. It contains a mechanism which should be triggered in case of a security breach.

• Communication and Operation Management – includes a general ability to control proper functionality of all the assets and operations. Sets of operational procedures, rules to reduce the risk in case of malicious software being detected and network management. It should also contain information about incident management and ways to evaluate the security of current state of the system.

• Access Control – it simply means user and host control. Mechanisms to register and review user accounts, define network routing and segmentation which is also a form of access control for instance you can listen to the network traffic if you are on different subnet. Its host access control is for instance implementation of connection timeouts. One of the most modern sets of policies are set towards mobile computing due to its growth over the years.

• System Development and Maintenance – addresses set of rules to make sure that appropriate security controls are implemented and maintained. Few sub components are cryptography, software integrity and development security all of which are ensuring the integrity and reviewing the development process.

• Business Continuity Management – includes set of policies in case of service interruptions, set of strategies and counteraction in case of that happening.

• Compliance – as it can be understood by its name is a set of policies in place to make sure that everything is up to some sort of standard, it includes things like Data privacy often seen on commercial websites as well as many internal documents such as intellectual property rights.

(audit-is.com.ISO 27002 (ISO 17799), 2006)