abstract: acknowledgments i thank the instructor of this course, prof. crowley for his help with the...
TRANSCRIPT
Abstract:
AcknowledgmentsI thank the instructor of this course, Prof. Crowley for his help with the project, post design and lab instruction.
Conclusions
Ming ChenDepartment of Information & Logistics Technology, College of Technology, University of Houston
For information:Please contact [email protected]. More information on this and related projects can be obtained at my website http://flowing6.freehostia.com/
ITEC 5321 Process of Information Systems Security and Application of LiveCD
PCLinux OSSLAX Knoppix
Focus Desktop, OS replacement
Desktop, OS replacement
Desktop, Education, Security and Network management
Audience Brand new Linux users who want to test Live CD and Linux.
Desktop & Server Users, especially who would like cute desktop and small-size USB flash memory stick to boot on systems.
Wide users including blind people with few computer skills.
Software & Tools
PCLinuxOS uses the Advanced Packaging Tool (or APT), a package management system (originally from the Debian distribution), together with Synaptic Package Manager, a GUI frontend to APT, in order to add, remove or update packages.
Slax has a suite of modules with different functions: graphics, multimedia, games, office, education, network, security, drivers and so on.
X multimedia system:
MPEvideo,MP3,Og
Vorbis Audio player
and xine. Utilities for
data recovery and
system repairs, even
for other operating
systems. Network and
security analysis tools
for network admini-
strators. OpenOffice
for office using.
Last Update
PCLOS Gnome 2.21.2December, 2007
SLAX 6 Feb., 2008
Knoppix 5.25.1.1 Aug., 2007
Windows Manager
OpenOffice, Mozilla Firefox
KDE/FLUXBOX KDE Window Manager
Available Support
www.pclnuxos.com www.slax.org www.knoppix.org
The National Institute of Standards and Technology (NIST) provides technical leadership for the nation’s measurement and standards infrastructure.
The Special Publication 800-30 (SP 800-30) of NIST is a “Risk Management Guide for Information Technology Systems“,
Table 1: Comparing and Contrasting of Some LiveCDs
A LiveCD is a computer operating system executed upon boot, without installation to a hard drive.
Knoppix STD is a security tools version of the popular Knoppix Live Linux CD.
Some liveCDs have security tools (eg. Authentication; Authentication; Cracker; Encryption; Forensics; Firewall; Honeypots; IDS; Network Utilities; Passwords Tools; Servers; Packet Sniffers; tcp tools; tunnels; Vulnerability Assessment; Wireless tools,etc.) which facilitate risks assessment, migrations and controls and the principles and practices for Securing Information Technology Systems.
Figure 2: Technical Security Control in the Information System
The NIST special publication 800-14 explains the generally accepted principles and practices for securing information technology systems, which need technical methods to implement.
NIST and Information Technology Security System
Figure 1: The Process View of Risk Analysis and Risk Management Areas
LiveCD and Information Technology Security System
Live CD will not infect the computer with virus and malicious software; Live CD operation systems can also pretend the data from accessing by hackers when using the public computers.
References:Schou and Shoemaker, Information Assurance for the
Enterprise: A Roadmap to Information Security ,, McGraw-Hill Irwin, 2007
http://www.knoppix-std.org/ http://csrc.nist.gov
The course ITEC 5321 Introduction to Information Systems Security introduces the principle of enterprise information systems security. These principles are examined within operational, technical, and administrative contexts.
The National Institute of Standards and Technology (NIST) provides technical measurement and standards infrastructure for securing information technology systems and risk management guide.
LiveCD and Open Source Tools are the based security toolkits used for the course.
The LiveCD Project applies security principles and practices.
The essentials of risk assessment and analysis and risk management process defined by the NIST SP 800-30 and the eight principles and fourteen practices of NIST SP 800-14 are the instruction to set up the processes for securing information technology system in an organization.
LiveCDs with security tools are effective in applying the security principles and practices and risk management in information technology system. There are many distributions of LiveCDs. Those LiveCDs have common functions and their own specific contributions to the information technology security system.
An appropriate protection system which can ensure the security of all information of value, account for likely risks and address them with countermeasures is needed by an organization.