Abstract:

AcknowledgmentsI thank the instructor of this course, Prof. Crowley for his help with the project, post design and lab instruction.

Conclusions

Ming ChenDepartment of Information & Logistics Technology, College of Technology, University of Houston

For information:Please contact mchen6@uh..edu. More information on this and related projects can be obtained at my website http://flowing6.freehostia.com/

ITEC 5321 Process of Information Systems Security and Application of LiveCD

PCLinux OSSLAX Knoppix

Focus Desktop, OS replacement

Desktop, OS replacement

Desktop, Education, Security and Network management

Audience Brand new Linux users who want to test Live CD and Linux.

Desktop & Server Users, especially who would like cute desktop and small-size USB flash memory stick to boot on systems.

Wide users including blind people with few computer skills.

Software & Tools

PCLinuxOS uses the Advanced Packaging Tool (or APT), a package management system (originally from the Debian distribution), together with Synaptic Package Manager, a GUI frontend to APT, in order to add, remove or update packages.

Slax has a suite of modules with different functions: graphics, multimedia, games, office, education, network, security, drivers and so on.

X multimedia system:

MPEvideo,MP3,Og

Vorbis Audio player

and xine. Utilities for

data recovery and

system repairs, even

for other operating

systems. Network and

security analysis tools

for network admini-

strators. OpenOffice

for office using.

Last Update

PCLOS Gnome 2.21.2December, 2007

SLAX 6 Feb., 2008

Knoppix 5.25.1.1 Aug., 2007

Windows Manager

OpenOffice, Mozilla Firefox

KDE/FLUXBOX KDE Window Manager

Available Support

www.pclnuxos.com www.slax.org www.knoppix.org

The National Institute of Standards and Technology (NIST) provides technical leadership for the nation’s measurement and standards infrastructure.

The Special Publication 800-30 (SP 800-30) of NIST is a “Risk Management Guide for Information Technology Systems“,

Table 1: Comparing and Contrasting of Some LiveCDs

A LiveCD is a computer operating system executed upon boot, without installation to a hard drive.

Knoppix STD is a security tools version of the popular Knoppix Live Linux CD.

Some liveCDs have security tools (eg. Authentication; Authentication; Cracker; Encryption; Forensics; Firewall; Honeypots; IDS; Network Utilities; Passwords Tools; Servers; Packet Sniffers; tcp tools; tunnels; Vulnerability Assessment; Wireless tools,etc.) which facilitate risks assessment, migrations and controls and the principles and practices for Securing Information Technology Systems.

Figure 2: Technical Security Control in the Information System

The NIST special publication 800-14 explains the generally accepted principles and practices for securing information technology systems, which need technical methods to implement.

NIST and Information Technology Security System

Figure 1: The Process View of Risk Analysis and Risk Management Areas

LiveCD and Information Technology Security System

Live CD will not infect the computer with virus and malicious software; Live CD operation systems can also pretend the data from accessing by hackers when using the public computers.

References:Schou and Shoemaker, Information Assurance for the

Enterprise: A Roadmap to Information Security ,, McGraw-Hill Irwin, 2007

http://www.knoppix-std.org/ http://csrc.nist.gov

The course ITEC 5321 Introduction to Information Systems Security introduces the principle of enterprise information systems security. These principles are examined within operational, technical, and administrative contexts.

The National Institute of Standards and Technology (NIST) provides technical measurement and standards infrastructure for securing information technology systems and risk management guide.

LiveCD and Open Source Tools are the based security toolkits used for the course.

The LiveCD Project applies security principles and practices.

The essentials of risk assessment and analysis and risk management process defined by the NIST SP 800-30 and the eight principles and fourteen practices of NIST SP 800-14 are the instruction to set up the processes for securing information technology system in an organization.

LiveCDs with security tools are effective in applying the security principles and practices and risk management in information technology system. There are many distributions of LiveCDs. Those LiveCDs have common functions and their own specific contributions to the information technology security system.

An appropriate protection system which can ensure the security of all information of value, account for likely risks and address them with countermeasures is needed by an organization.