CONTENTS

• Access Control & OS
  1. Tutorial Overview
  2. Windows Lab Procedures
  3. Unix 's File System
  5. SOLARIS
  6. SOLARIS Lab Procedures
• Apache SSL
  1. Tutorial Overview
  2. Installing Components
  3. Creating a Certificate
  4. Configuring Apache SSL
• Authenticode
  1. Tutorial Overview
  2. Installing .NET Framework SDK
  3. Signing a File
  4. Verifying a Signature
• Common Criteria Methodology
  1. Tutorial Overview
  2. General Evaluation Guidelines
  3. Evaluation of Functional Requirements TOE
  4. Questions
  5. References
• Cryptography with C#
  1. Tutorial Overview
  2. C# .NET Framework Examples
  3. Message Authentication
  4. Digital Signatures
  5. Exercises
  6. Resources
• Cryptographic Libraries
  1. Tutorial Overview
  2. OpnelSSL's Toolkit
  3. Java Cryptography Extension
  4. Exercises
  5. Resources
• Firewall Access Control Lists
  1. Tutorial Overview
  2. Technical Details
  3. Telnet and FTP
  4. Lab Report
• Firewall Configurations & Attacks
  1. Tutorial Overview
  2. Attacking Without a Firewall
  3. Filter an IP Address
  4. Filter TCP Traffic
  5. Misconfigured Firewall Examples
  6. Exercises
• Forensics
  1. Tutorial Overview
  2. Exercises
  3. Hidden Data
  4. Steganography
  5. Viewing IE Cache
  6. Installation Instructions
• IIS & Server 2003
  1. Tutorial Overview
  2. Installing Components
  3. Create a Certificate Request
  4. Submit a Certificate Request
  5. Installing a Certificate
  6. Secure Certificate Services
  7. Secure the Server
  8. Secure IIS
• IPSec and VPN Tunnel
  1. Tutorial Overview
  2. Technical Details
  3. VPN Tunnel Parameters
  4. Lab Report
• Java Code Signing
  1. Tutorial Overview
  2. Installing Java & Signing a File
  3. Verifying a Signature
• Network Protocol Analyzers
  1. Tutorial Overview
  2. TCPDump
  3. Ethereal
  4. Sniffer Distributed System
  5. Telnet Session
• PKI
  1. Tutorial Overview
  2. Installing Thunderbird
  3. Installing GPG and Enigmail
  4. Create and Use Key Pairs
• Secure Cookies
  1. Tutorial Overview
  2. Installing Components
  3. Creating a Secure Cookie
• Three Tier

Lab Overview.  This tutorial will introduce you to The Common Criteria (CC), which comprises two parts.  The first part is a structure and language for expressing product/system IT security requirements (Part 1).  The second part is a catalog of standardized IT security requirement components and packages (Parts 2 and 3).  In this tutorial you will evaluate a Protection Profile (PP), Security Target (ST), and Target of Evaluation (TOE), which require you to use CC Part 1.  After evaluating a product you will have to generate your own ST for a product. 

This tutorial is divided into five sections.  The first goes over what resources is required to complete this tutorial and asks some preliminary questions.  The second describes general evaluation guidelines, that include PP, ST, and TOE.  The third section covers the evaluation of functional requirements of TOE.  The final two sections are the tutorial questions and references.  This lab is used in IS2820/TELECOM2813 Security Management. 

Resources for Tutorial.  To complete this tutorial you will need the following:

PC running on the Windows 2000 operating system with Administrator privileges. 
Access to the Internet is also required to view resources.  

Preliminary Questions. 

1. What is the difference between Protection Profile (PP) and Security Target (ST)?   CC provides a common ground on which products may be evaluated. The PP and ST play major roles in determining the functional as well as assurance requirements. What purposes do PP an ST serve?

2. How is the Evaluation Assurance Level (EAL) of a product determined? Products may be evaluated for various levels of assurance depending upon the capability of the product. What are the factors that help determine the appropriate EAL level for which any product should be evaluated?

3. What is the process of validating a product? CC follows a rigorous methodology in validating a product called the CEM. How is the methodology used to ensure that the validation is correct and complete?

4. How is the TOE Security Function (TSF) for a product evaluated?
The activities involved in validating a product comprises of evaluating whether or not the product satisfies the TSFs. What are the work units that are performed in this process?

Lab objectives. 

Part A: Evaluation of PP, ST, and TOE.

1. Evaluate a given PP from [1]. (refer to Part IV, section A for evaluation guidelines)

2. Evaluate a given ST from [2]. (refer to Part IV, section A for evaluation guidelines)

3. Evaluate the TSF of Windows 2000 operating system using the ST given in [2]. (refer to Part IV, section B for TSF evaluation guidelines)

Part B: Generation of ST.

1. Generate ST for the product: Cisco PIX 501 Firewall, given PP from [1].  (refer to CC documentation – also discussed in class)
 

Browse Pages << | < | 1 2 3 4 5 | > | >>