Title: Powerpoint template for scientific posters (Swarthmore College)
1ITEC 5321 Process of Information Systems Security
and Application of LiveCD
Ming ChenDepartment of Information Logistics
Technology, College of Technology, University of
Houston
Conclusions
Abstract
Knoppix STD is a security tools version of the
popular Knoppix Live Linux CD.
The course ITEC 5321 Introduction to Information
Systems Security introduces the principle of
enterprise information systems security. These
principles are examined within operational,
technical, and administrative contexts. The
National Institute of Standards and Technology
(NIST) provides technical measurement and
standards infrastructure for securing information
technology systems and risk management
guide. LiveCD and Open Source Tools are the
based security toolkits used for the course.
The LiveCD Project applies security principles
and practices.
The essentials of risk assessment and analysis
and risk management process defined by the NIST
SP 800-30 and the eight principles and fourteen
practices of NIST SP 800-14 are the instruction
to set up the processes for securing information
technology system in an organization. LiveCDs
with security tools are effective in applying the
security principles and practices and risk
management in information technology system.
There are many distributions of LiveCDs. Those
LiveCDs have common functions and their own
specific contributions to the information
technology security system. An appropriate
protection system which can ensure the security
of all information of value, account for likely
risks and address them with countermeasures is
needed by an organization.
Figure 2 Technical Security Control in the
Information System
Table 1 Comparing and Contrasting of Some LiveCDs
PCLinux OSSLAX Knoppix
Focus Desktop, OS replacement Desktop, OS replacement Desktop, Education, Security and Network management
Audience Brand new Linux users who want to test Live CD and Linux. Desktop Server Users, especially who would like cute desktop and small-size USB flash memory stick to boot on systems. Wide users including blind people with few computer skills.
Software Tools PCLinuxOS uses the Advanced Packaging Tool (or APT), a package management system (originally from the Debian distribution), together with Synaptic Package Manager, a GUI frontend to APT, in order to add, remove or update packages. Slax has a suite of modules with different functions graphics, multimedia, games, office, education, network, security, drivers and so on. X multimedia system MPEvideo,MP3,Og Vorbis Audio player and xine. Utilities for data recovery and system repairs, even for other operating systems. Network and security analysis tools for network admini- strators. OpenOffice for office using.
Last Update PCLOS Gnome 2.21.2December, 2007 SLAX 6 Feb., 2008 Knoppix 5.25.1.1 Aug., 2007
Windows Manager OpenOffice, Mozilla Firefox KDE/FLUXBOX KDE Window Manager
Available Support www.pclnuxos.com www.slax.org www.knoppix.org
The NIST special publication 800-14 explains the
generally accepted principles and practices for
securing information technology systems, which
need technical methods to implement.
NIST and Information Technology Security System
The National Institute of Standards and
Technology (NIST) provides technical leadership
for the nations measurement and standards
infrastructure. The Special Publication 800-30
(SP 800-30) of NIST is a Risk Management Guide
for Information Technology Systems,
LiveCD and Information Technology Security System
A LiveCD is a computer operating system executed
upon boot, without installation to a hard drive.
Live CD will not infect the computer with virus
and malicious software Live CD operation systems
can also pretend the data from accessing by
hackers when using the public computers.
Acknowledgments I thank the instructor of this
course, Prof. Crowley for his help with the
project, post design and lab instruction.
Some liveCDs have security tools (eg.
Authentication Authentication Cracker
Encryption Forensics Firewall Honeypots IDS
Network Utilities Passwords Tools Servers
Packet Sniffers tcp tools tunnels
Vulnerability Assessment Wireless tools,etc.)
which facilitate risks assessment, migrations and
controls and the principles and practices for
Securing Information Technology Systems.
For information Please contact mchen6_at_uh..edu.
More information on this and related projects
can be obtained at my website http//flowing6.free
hostia.com/
Figure 1 The Process View of Risk Analysis and
Risk Management Areas