Best IT Documents.com Blog


Security Guide for Wireless Communications

Posted in Networking (340) by Guest on the June 30th, 2010

The next time you pick up that car phone to conduct last-minute business on the way to the airport, take a second to consider whether it would matter if your conversation were overheard by an AT&T executive, or some other third party. Unless both parties are using encryption or scrambling devices, wireless communications are not secure. They may be intercepted and listened to, either intentionally or accidentally. 

Although it is illegal to intercept, publish or use a cellular or other wireless communication without the consent of either one or both parties to the communication (depending on state law), there now are many well-publicized episodes of “personal” communications creating fertile fodder for the supermarket tabloids or being used to the detriment of the unknowing participants to the conversation.  

From our perspective, there are at least two major areas of concern with the security of wireless communications. First, as a general business matter, we need to ensure that any sensitive corporate information is not shared with the outside world unintentionally. Also, as a legal matter, it is likely that because they are susceptible to easy interception, wireless communications that otherwise would be shielded from disclosure by the attorney-client privilege would not be accorded this protection.  

While the contents of your business calls might not be juicy enough to merit headlines on the front page of the National Enquirer, unintentional disclosure could prove damaging to your competitive position in the marketplace. Likewise, unintentional disclosure could compromise your position in critical potential litigation.   

By incorporating simple measures into your routine, you can reduce potential risks to Corporate:

Make a conscious effort to limit your use of wireless communications devices to discussion of issues that are not sensitive;

At the beginning of your wireless calls, advise the other party that you are using a wireless device and that he or she should appropriately limit the discussion; and

When in doubt about the sensitivity of the information you may be discussing, err on the side of caution and do not discuss it over wireless devices.  Don’t let the ease and convenience of your wireless communications devices lure you into the trap of needlessly compromising the integrity of sensitive corporate information.

http://www.bestitdocuments.com/Services.html

Comments Off on Security Guide for Wireless Communications

Guiding Principles for Software Security

Posted in Application by Guest on the June 29th, 2010

Behind every attack & security problem is – bad software

A major concern is that security professionals are often un-aware the problem is – bad software

Encrypt your data lines?

The riskiest category of software today is Internet-enabled apps

“Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench.”

The Most Effective Technique Is Simple

To protect yourself you must

Begin early to think about security,

Know your threats,

Design for security

Test your design thoroughly

Security is not an add-on, but a fundamental property of software

Never completely secure

You must recognize security is one concern among many

Cost

Reusability

Usability

Robustness

Software is not only bad, but attractive

Hackers/crackers want to make your software misbehave

Are they malicious or altruistic?

Full disclosure

Script kiddie

Cracker

Why is software insecure?

Systems are complex, hard to analyze, & hard to secure

Extensible

Ubiquitous

Interdependent [apps, networking, & OS]

Avoid Attack then Patch Approach to Security

Patches are only for Known problems

Patches often create new problems

Patches often go unapplied

Patches fix symptoms

It is cheaper both ways

Bugs are much less expensive to find and fix during development

You avoid the potential attacks and user dissatisfaction

Comments Off on Guiding Principles for Software Security

Principles of Software Security

Posted in Application by Guest on the June 29th, 2010

Secure the weakest link

Low-hanging fruit is picked first, I.e. Attack end points, not encrypted links

Risk analysis ID’s the weakest link

Apportion resources according to risk

Practice defense in depth

One layer is never enough

Overlapping & redundant

  

Fail securely

Failure is unavoidable

Allow least privilege

Only the minimum access is allowed

For the minimum time

  

i.e. – Temporary root privilege

Compartmentalize

Break system into encapsulated units

Keep it simple

Complexity increases risk

Harder to fix

  

Choke points approach

Promote privacy

Not necessarily security, but desirable

Give out only minimum data, ‘need to know’

Remember that hiding secrets is hard

Binaries can be reverse engineered

  

Insider attacks are the most common attack

Be reluctant to trust

Don’t assume shrink-wrap software is secure

Beware of customer support

Don’t trust trusted software too far

  

Use your community resources

Open trusted sourcing

Comments Off on Principles of Software Security

Assurance of trustworthiness

Posted in Security (1500) by Guest on the June 29th, 2010

It’s all a “confidence” game.

Providing adequate confidence that …

… Data will not be altered or misused.

… Only authorized access is allowed.

… Customers’ wishes are being honored.

Recent surveys of online consumers

70% said privacy was important to them, but only 40% read privacy statements

53% use the same usernames and passwords on multiple sites

91% would be more likely to do business with a company that verified its privacy practices with a third party

84% think that third party verification should be a requirement

Comments Off on Assurance of trustworthiness

Loose Unix Technical Security Notes

Posted in Security (1500) by Guest on the June 22nd, 2010
When you start talking about lots of bytes, you get into prefixes like kilo, mega and giga, as in kilobyte, megabyte and gigabyte (also shortened to K, M and G, as in Kbytes, Mbytes and Gbytes or KB, MB and GB). The following table shows the multipliers: 
Basic UNIX commands
Note: UNIX is case sensitive. The commands below are lower case. If you try them in upper or mixed case they will not work. Any file names that are created are case sensitive as well. Files testfile1 and TESTFILE1 are 2 different files. 
man manual page – man cp will display a “manual page” for the cp command. All UNIX commands have manual pages. You can get more information on the commands below by using the man command 
manual page – will display a “manual page” for the command. All UNIX commands have manual pages. You can get more information on the commands below by using the man command
man command-name  
cat list contents of a file – cat file1 will display the contents of file1 on the screen.  
list contents of a file – will display the contents of file1 on the screen.
cd change directory – cd testdir will take you from the current directory that you are in, to the subdirectory testdir. If you want to go to a directory that is not a subdirectory of the directory that your are currently in, you must qualify the entire path name, such as:
  change directory – will take you from the current directory that you are in, to the subdirectory testdir. If you want to go to a directory that is not a subdirectory of the directory that your are currently in, you must qualify the entire path name, such as:
cd /sei/testdir/documents will take you to that directory (if it exists).  
cp copy command – cp file1 file2 will copy file1 to file2. It will create file2 if it does not already exist, and it will rewrite file2 if it does exist. (Note: permissions for the file will not be copied unless you use the -p option. The permissions will be set to the default for any new file when you do a copy. See the permissions section for more info on permissions.) 
copy command – will copy file1 to file2. It will create file2 if it does not already exist, and it will rewrite file2 if it does exist. (Note: permissions for the file will not be copied unless you use the option. The permissions will be set to the default for any new file when you do a copy. See the permissions section for more info on permissions.)  
diff difference command – diff file1 file2 will compare file1 with file2 and display the differences.
difference command – will compare file1 with file2 and display the differences.  
echo echo command – echo $PATH will display the value of the variable PATH on the screen. You can echo any environment variable command to see what value it contains. For more information on PATH or any other environment variable, see the environment variables section.
echo command – will display the value of the variable PATH on the screen. You can echo any environment variable command to see what value it contains. For more information on PATH or any other environment variable, see the section. 
find find command – find testdir -print will find files in the testdir directory and print them. find is usually used with an argument which specifies the type of file or directory you wish to find. find testdir -ctime 2 -print will find all files within the testdir directory which have changed in the last 2 days. (-ctime is the argument for specifying the check for date/time, and the 2 means 2 days.) For a list of the arguments available, see man find for the manual page on the find command. 
find command – will find files in the testdir directory and print them. is usually used with an argument which specifies the type of file or directory you wish to find. will find all files within the testdir directory which have changed in the last 2 days. (-ctime is the argument for specifying the check for date/time, and the 2 means 2 days.) For a list of the arguments available, see for the manual page on the command.  
grep search command – grep Mark file1 will search through file1 for the character string “Mark”, and will display all lines within the file that contain “Barb”. To search for a string (that includes spaces) use quotes as follows: grep “this is a test” file1 will search file1 for the string “this is a test”. You can use the wildcard character “*” to search several files for a string. For example: grep DR112898 *.txt will search all files in the current directory that end with “.txt” for the string DR112898, and will display the filename where this string is found, as well as the line that the string was found on. 
search command – will search through file1 for the character string “Mark”, and will display all lines within the file that contain “Barb”. To search for a string (that includes spaces) use quotes as follows: will search file1 for the string “this is a test”. You can use the wildcard character “*” to search several files for a string. For example: will search all files in the current directory that end with “.txt” for the string DR112898, and will display the filename where this string is found, as well as the line that the string was found on. 
Below is an example of the grep command using a wildcard character. In this example, the current directory is being searched for the string “name”, and all files in the directory are to be searched. The command entered and the output generated are listed below:
/home/user-name/testdir >grep name *
test.file.1:This is a test file. The name of this file is test.file.1
test.file.2:This is a test file. The name of this file is test.file.2
test.file.3:This is a test file. The name of this file is test.file.3
test.file.haha:This is a test file. The name of this file is test.file.haha 
Four files within the current directory contained the string “name”, and are listed along with the line within the file that contains that string. 
ls list command – ls will create a list of all of the files and directories that are in the “current” directory. If your are currently in the /home/userid directory, saying ls will list only those files and subdirectories that are in /home/userid. If you have a subdirectory of testdir within this directory, and you wish to list those files, type: ls testdir and the contents of the testdir directory will be listed. (See the example in the Permissions section for an example of output from the ls command and an explanation of each piece of information.) 
list command – will create a list of all of the files and directories that are in the “current” directory. If your are currently in the /home/userid directory, saying will list only those files and subdirectories that are in /home/userid. If you have a subdirectory of within this directory, and you wish to list those files, type: and the contents of the testdir directory will be listed. (See the example in the Permissions section for an example of output from the command and an explanation of each piece of information.)  
mkdir make directory – mkdir testdir will create a directory called testdir. It will be a subdirectory of whatever directory you happen to be in when you issue the command.
make directory – will create a directory called testdir. It will be a subdirectory of whatever directory you happen to be in when you issue the command.
more more command – more file1 will display the contents of file1 on the screen, but unlike the cat command, it will only show you a screen at a time (rather than scrolling by all at once) and let you scroll through it by pressing the space bar.  
more command – will display the contents of file1 on the screen, but unlike the command, it will only show you a screen at a time (rather than scrolling by all at once) and let you scroll through it by pressing the space bar.  
mv move command – mv file1 file1.1 will move or rename file1 to file1.1
move command – will move or rename file1 to file1.1
pwd print working directory command – pwd will display the current directory that you are in.
print working directory command – will display the current directory that you are in.  
rm remove command – rm file1 will remove file1. This works for files only, not directories (unless you use the -r option à see command options below). You can remove more than one file at a time by saying: rm file1 file2 file3 which will remove all three files.
remove command – will remove file1. This works for files only, not directories (unless you use the -r option see command options below). You can remove more than one file at a time by saying: which will remove all three files.
rmdir remove directory – rmdir dir1 will remove the directory named dir1. This will only work if directory dir1 is empty.
remove directory – will remove the directory named dir1. This will only work if directory dir1 is empty.  
touch touch command – touch file1 will update the change date/time for the file. It will not change the contents of the file in any way, but there are times when you may want to do a find or list files based on the last time they were updated, and if you want a specific file to be included in that list, you can “touch” it to update the date/time attribute for the file. 
touch command – will update the change date/time for the file. It will not change the contents of the file in any way, but there are times when you may want to do a find or list files based on the last time they were updated, and if you want a specific file to be included in that list, you can “touch” it to update the date/time attribute for the file. 
whence whence command finds executeable files – whence emacs will display the directory where the emacs executeable resides. This command can be used with any executeable. If you try whence cp the output of the command will tell you that the cp command can be found in the /usr/bin directory.
whence command finds executeable files – will display the directory where the emacs executeable resides. This command can be used with any executeable. If you try the output of the command will tell you that the command can be found in the /usr/bin directory. 
navigating between directories – If you are copying a file from one directory to another, and both directories are subdirectories of the same directory, you can short cut as the following examples show:
If you are copying a file from one directory to another, and both directories are subdirectories of the same directory, you can short cut as the following examples show:  
To copy file1 from /home/user-name/testdir to /home/user-name, and if the current directory is /home/user-name/testdir, do the following:
cp file1 ../ The “../” will back you up one subdirectory.
The “” will back you up one subdirectory. 
To copy file2 from /home/user-name/testdir to /home/user-name/srcdir, and if the current directory is /home/user-name/testdir, do the following:
cp file2 ../srcdir This will back up one directory, and then go forward one directory
This will back up one directory, and then go forward one directory to the srcdir directory and copy the file there. 
To print files.
* pr filename 
You can, as a user, create or destroy directories on the tree beneath you. This means that root can kill everything but root, and you can kill any that are below you. These are the
mkdir pathname
rmdir pathname 
Once again, you are not alone on the system…
who
To see what other users are logged in to the system at the time. If you want to talk to them:
write username 
Will allow you to chat at the same time, without having to worry about the parser. To send mail to a user, say
mail
And enter the mail sub-system. To send a message to all the users on the system, say  
wall
Which stands for ‘write all’. By the way, on a few systems, all you have to do is hit the <return> key to end the message, but on others you must hit the cntrl-d key.
To send a single message to a user, say
write username 
This is very handy again! If you send the sequence of characters discussed at the very beginning of this article, you can have the super-user terminal do tricks for you again.
A little about Unix architecture: The root directory, called root, is where the system core files and utilities resides. After this come a few ‘sub’ root directories, usually to group things (stats here, privileged stuff here, the user log here…). On a Unix system is the root prompt is a # (pound sound or superuser prompt). 
Under this comes the superuser (the operator of the system), and then finally the normal users directories and files. 
The way the Unix system was written, everything, users included, are just programs belonging to the root directory.
pwd 
This shows your account. separated by a slash with another pathname (account.), possibly many times. 
To connect through to another path, or many paths, you would type:
path1/path2/path3 
And then you are connected all the way from path1 to path3. You can run the programs on all the paths you are connected to. If it does not allow you to connect to a path, then you have insufficient privileges, or the path is closed and archived onto tape. You can run programs this way: 
path1/path2/path3/program-name
To see what you have access to in the end path type:
ls
For a list of files and programs you can run in the current directory. You can connect to the root directory and run it’s programs with:
/root 
The wildcard character in unix, if you want to search down a path for
a game or such, is the *.
ls /*
. (the dot) current directory – the dot can be used as sort of an abbreviation for the current directory. For example: cp /home/user-name/test.file.1 . Will copy the file test.file.1 from the /home/user-name directory, to the directory that you are in. The long way to write this would have been cp /home/user-name/test.file.1 /home/myuserid
current directory – the dot can be used as sort of an abbreviation for the current directory. For example: Will copy the file test.file.1 from the /home/user-name directory, to the directory that you are in. The long way to write this would have been 
COMMAND OPTIONS
Most UNIX commands have options that you can use with them, and they all follow this format: command -x argument 
where command is the name of the UNIX command, -x is the option (can be -l, -r, -p etc.) and argument is whatever you’re sending the command.
An example: rm -r dir2 
Using the -r option with the rm command will allow you to remove the dir2 even though it is a directory -not a file- and even though it has subdirectories and files within it. The -r command will remove any files and subdirectories under dir2, and then remove dir2 itself.
An example: ls -l 
Using the -l option with the ls command will list all files and directories, and will also display their attributes – date and time last updated, owner of the file, permissions (see below for an explanation of permissions), size of the file.
An example: ls -l *.C 
The wild card character * (asterisk) can be used to display files with a similar naming convention. This example will list all files whose name ends in .C
Note: when using the wild card character to list files, using just * to list ALL files will not list those that begin
with . (dot). To list files that begin with . you must say:
ls -l .* or ls -l .abc*. The first example will list all files whose name begins with a dot, and the second will list all files that begin with .abc.
or . The first example will list all files whose name begins with a dot, and the second will list all files that begin with . 
Permissions
If you want superuser privs, you can either log in as root, or edit your account. so it can say
suThis now gives you the # prompt, and allows you to completely by-pass the protection. The wonderful security conscious developers at bell made it very difficult to do much without privileges, but once you have them, there is absolutely nothing stopping you from doing anything you want to.
UNIX has modes or “permissions” on files and directories which say who has read and/or write access to them. The following line is a line of output from an ls -l command which listed the files in a directory.
-rw-r–r– 1 user-name IRSTSUPT 127 Jun 16 16:20 test.file.3
|———-| These permissions show that the owner of the file, has read and write access, and those in the same “group” (IRSTSUPT) have read access and all others have read access.
| the “1” is a level number. All files within this directory have a “1”, and subdirectories within this directory have a “2”.
 
|——-| user-name is the “owner” of the file. It was created by userid user-name and also resides in a file owned by user-name.
 |——–| IRSTSUPT is a “group” name. Users are defined within a group, and permissions can be defined at the group level.
|—-| 127 is the size of the file (in bytes). 
|———| date and time are the next piece of information from the ls display. This is the date/time the file was last updated. 
|———–| test.file.3 is the file name
-rw-r–r– 1 user-name IRSTSUPT 127 Jun 16 16:20 test.file.3
drwxr-xr-x 2 user-name IRSTSUPT 8192 Jun 17 12:44 testdir/
The above 2 lines are taken from the output of an ls -l command, and the permissions can be read as follows: 
The first character tells you if it is a file or a directory. The first line shows a “-” and is a filename, the second line shows a “d” and is a directory. 
The remaining characters are split out into 3 groups of 3 for a total of 9 characters. The first group of 3 characters, are the permissions for the owner of the file. The second group of 3 characters are the permissions for the group, and the third group of 3 characters are the permissions for any user on the system that is not the owner, or part of the “group”. 
For the first group, describing the owner’s permission, the first line (for test.file.3) shows “rw-” which means that the owner, has read and write access. The “-” in the third position shows that this is not an executable file. The second line (for testdir) shows “rwx” which means that the owner of this directory has read and write access, as well as the permission to execute files from this directory.
For the second group, describing the group’s permissions, the first line (for test.file.3) shows “r–” and specify what permissions anyone in the “IRSTSUPT” group have. In this case, they have read only access to this file. The second line (for testdir) shows “r-x” which means that anyone in the group has read access, and executable access. 
For the third group, describing “other users” permissions, the first line (for test.file.3) all users outside of the owner and the group have read only access. For testdir, all users outside of the owner and the group have read access and executable access. 
Generally, only the OWNER of a file has write access, but everyone else has read access.
The chmod command (change modes) allows you to change the permissions of a file. (If you don’t have write access to a file, then you don’t have the authority to change the permissions of a file.) There are several ways to use the chmod command, and these can be viewed by doing a man chmod to get the manual page for chmod. One method is listed below: 
You can use the values listed below and add them together to come up with the mode you want to give a file. If you are creating a file that you want to have read and write access to, and everyone else needs read only access, your “mode” would be 644. This is derived by adding 0400 (permits read by owner) and 0200 (permits write by owner), and 0040 (permits read by group) and 0004 (permits read by others). The total is 644. The command to change a file to this mode would be: chmod 644 file1  
When you create a new file, this mode is the default. If you want to give others in your group write access, the command would be chmod 664 file1
mode values
** values for owner **
0400
Permits read by owner.
0200
Permits write by owner.
0100
Permits execute or search by owner.
** values for group **
0040
Permits read by group.
0020
Permits write by group.
0010
Permits execute or search by group.
** values for other users **
0004
Permits read by others.
0002
Permits write by others.
0001
Permits execute or search by others.  
Input, Output, Redirection and Piping
UNIX commands will always write their output to the “standard output file” which for us is the screen. You can redirect the output to a file if you wish.
For example: diff file1 file2 > diff.out
 The differences between file1 and file2 will be written to diff.out rather than the screen. This is very useful when you know that the output will be large and will take up more than one screen. diff.out will be created when this command is issued, and you can then browse the file using vi or emacs.
There are times when you want to feed the output from one command into another file. This is called piping. Lets say for example that you wanted to compare 2 files, and check to see if the difference between the two files happened to be a character string “AAAA”. You can accomplish this by doing the following:
 
diff file1 file2 | grep AAAA
The output from the diff command will be “piped” (using the “|” symbol) to the grep command, which will read diff’s output and search for the string “AAAA”. The output from the grep will be written to the screen (standard out).
 
The more command is one that is “piped” to quite a bit. If you are going to execute a command that you know will have a large output, and you don’t necessarily want to redirect the output to another file, you can “pipe it to more”. For example:
 
diff file1 file2 | more will compare file1 and file2, and send the output to the more command which will only display the output one screen at a time. If you don’t pipe to more, and you have output that is larger than one screen, the output will scroll by on your screen and you’ll miss all but the last screenfull.
will compare file1 and file2, and send the output to the command which will only display the output one screen at a time. If you don’t pipe to more, and you have output that is larger than one screen, the output will scroll by on your screen and you’ll miss all but the last screenfull.
 
Control Characters
CNTRL-d On the Unix system is the abort key. Watch how many times that you hit this, since it also a way to log off the system!
On the Unix system is the abort key. Watch how many times that you hit this, since it also a way to log off the system!
 
CTL-c (The Control key and the character c) can be
used to break out of a process.
(The Control key and the character c) can be used to break out of a process.
ESC-k (The Escape key and the character k) can be used to recall the last command entered on the command line. If you continue to press the k key, you can recall previous commands entered.
(The Escape key and the character k) can be used to recall the last command entered on the command line. If you continue to press the k key, you can recall previous commands entered.
 
Profile files and Environment variables
There are files which can be created in your home directory which will set up default values for your UNIX environment which will apply to your logon only. These files are called .profile and .kshrc .
.profile
Your .profile file gets executed every time you log on. The following is a sample of a .profile file:
# Profile Example
export PATH=/sample/testdir:/testsample/tools/bin:.
export PS1=’$PWD >’
. sample.script
sample.script
#end of profile example
 
The .profile can set environment variables by using the export command. In the example above, the PATH variable and the PS1 variable are being set. When a variable is “exported” it is available as long as you are logged on. Each time you log on, your .profile is executed, and these variables are set and “exported” so that they are accessible while you are logged on. A few of the system variables are described below.
 
The line in the sample profile which reads . sample.script is an example of how to execute a script file from your .profile. A script file is a type of executable file, and if you wish for a certain script file to be executed at logon time, you can accomplish this by adding a “. (dot) followed by a space and the script file name.
environment variables 
PATH – The PATH variable contains the list of directories which will be searched anytime you enter a command. When you enter a UNIX command, such as cp to copy a file, this will be executed out of the /usr/bin file. If you enter a command, which is not recognized as a “UNIX” system command (such as cp), your PATH will be searched to find the executable file you are trying to run. When your PATH is searched, the first time that the executable file is located in a directory, that copy of the executable file will be run. In the .profile example above, there are 2 directories listed in the PATH. The first is /sample/testdir and the second is /testsample/tools/bin. If you were trying to run a program (issue a command) named report_oscirs and there was a copy of this in both directories, the one that would be executed would be the one found in /sample/testdir since it is the first directory listed in your PATH. You can display the list of directories in your PATH by using the echo command: echo $PATH will display the contents of the PATH variable. Whenever you wish to reference the content of an environment variable, you must preface the variable name with $. 
The variable contains the list of directories which will be searched anytime you enter a command. When you enter a UNIX command, such as to copy a file, this will be executed out of the /usr/bin file. If you enter a command, which is not recognized as a “UNIX” system command (such as cp), your PATH will be searched to find the executable file you are trying to run. When your PATH is searched, the first time that the executable file is located in a directory, that copy of the executable file will be run. In the example above, there are 2 directories listed in the PATH. The first is /sample/testdir and the second is /testsample/tools/bin. If you were trying to run a program (issue a command) named report_oscirs and there was a copy of this in both directories, the one that would be executed would be the one found in /sample/testdir since it is the first directory listed in your PATH. You can display the list of directories in your PATH by using the echo command: will display the contents of the PATH variable. Whenever you wish to reference the of an environment variable, you must preface the variable name with. 
PS1 – The PS1 variable contains what is displayed as your UNIX prompt. When you logon to UNIX, the default prompt is $. The prompt is where you enter your commands. You can set your PS1 variable to any value you wish to have displayed on your command line. Some choose to have the name of the machine that they are working on displayed (hostname) and some prefer to display the name of the current directory. 
– The variable contains what is displayed as your UNIX prompt. When you logon to UNIX, the default prompt is. The prompt is where you enter your commands. You can set your variable to any value you wish to have displayed on your command line. Some choose to have the name of the machine that they are working on displayed (hostname) and some prefer to display the name of the current directory.
To display the contents of the current directory, you can reference the PWD variable. (See below.) The example in the .profile sets the PS1 variable equal to the contents of the PWD variable by setting it to $PWD. 
PWD – The PWD variable contains the name of the current directory. The current directory is the directory you are in at the moment.
The variable contains the name of the current directory. The current directory is the directory you are in at the moment.
.kshrc 
Your .kshrc file gets executed every time you log on. It can also perform exports on environment variables like the .profile does. However, this file can also set aliases which the .profile file can not do. (If you put an alias in your .profile, you won’t receive any errors, but the alias won’t work.) The following is an example of a .kshrc file:
# sample .kshrc file
export PCIPADDR=x.x.x.x
export DISPLAY=$PCIPADDR:0
alias dir=”ls -l” 
aliases
An alias is a name that you can set, that represents a command or any character string. For example, you could set up an alias called dir that would execute the ls command:
alias dir=”ls -l” 
This may be handy for commands you use a lot, and have trouble remembering the name of, or you just want a short cut. An alias can be set by typing in the above command on the UNIX command line, or it can be entered into your .kshrc file. If you want the alias to always be around, you should enter it into your .kshrc file. 

http://www.bestitdocuments.com/Services.html

Comments Off on Loose Unix Technical Security Notes

FIPS 196

Posted in Security (1500) by Guest on the June 9th, 2010

Entity authentication using public key cryptography

  

Extends and clarifies ISO 9798 entity authentication standard

Signed challenge/response protocol:

Server sends server nonce SN

  

Client generates client nonce CN

  

Client signs SN and CN and returns to server

  

Server verifies signature on the data

Mutual authentication uses a three-pass protocol

Server sends client signed SC as final step

  

Inclusion of CN prevents the previous chosen-protocol attacks

  

Vulnerable to other attacks unless special precautions are taken

http://bestitdocuments.com/Services.html

Comments Off on FIPS 196
Next Page »