Q/A, Programming & Web Designing Tutorials

Simplified Answers and Tutorials - Search Easy and Learn Easy

Tuesday, January 24, 2017

What is Digital Logic?

Digital logic is the representation of signals and sequences of the digital circuit through numbers.

It is the basis for digital computing and provides a fundamental understanding of how circuits and hardware communicate with a computer.

Digital logic is typically embedded into most electronic devices including a computer, video games, calculators etc.

Digital logic involves the study of digital electronics in a logical way. It is of two positive logics and negative logic.

What is Digital Signal?

Digital signals are discrete time signals generated by digital modulation. It is a signal where amplitude can have only given values between defined limit.

Simply, it is a signal that changes amplitude is discrete steps.

Digital Signals are obtained where discrete time signals are quantized and then coded.

Generally, digital signals are less subjected to deterioration during transmission.

Digital signals are denoted by a square wave. The output of the digital computer is an example of the digital signal. 

Tuesday, October 11, 2016

Create Simple Navigation Using HTML and CSS

Create Simple Navigation Using HTML and CSS

Create Simple Navigation Using HTML and CSS

HTML CODE


<html>

<head>
 <meta charset='utf-8'/>
 <title>Title</title>
 <link rel="stylesheet" type="text/css" href="menu.css">
</head>
<body>
 <div id='top_nav'>
  <ul>
   <li><a href="#">Home</a></li>
   <li><a href="#">C</a>
    <ul>
     <li><a href="#">Web Development</a></li>
     <li><a href="#">C Programming</a></li>
     <li><a href="#">Java Tutorials</a></li>
    </ul>
   </li> 

   <li><a href="#">Java</a>
    <ul>
     <li><a href="#">Web Development</a></li>
     <li><a href="#">C Programming</a></li>
     <li><a href="#">Java Tutorials</a></li>
    </ul>
   </li> 

   <li><a href="#">PHP</a>
    <ul>
     <li><a href="#">Web Development</a></li>
     <li><a href="#">C Programming</a></li>
     <li><a href="#">Java Tutorials</a></li>
    </ul>
   </li> 
   <li><a href="#">About</a></li>
   <li><a href="#">Contact</a></li>
   <li><a href="#">Privay</a></li>
   <li><a href="#">Terms</a></li>

  </ul>

 </div>
</body>
</html>

CSS CODE

Create New Text File and Copy this code and save it as menu.css and keep both the HTML file and css file in same folder.  

#top_nav li:hover ul{
 display: block;
}

#top_nav{
 display: block;
 position: relative;
 background: #067;
 border: 1px solid rgb(200,140,0);
 font: bold 14px ubuntu;
 width: 1000px;
 height: 40px;
 margin: 0px auto;
}

#top_nav ul{
 margin: 0px;
 padding: 0px;
}

#top_nav li{
 position: relative;
 float: left;
 list-style-type: none;
}

#top_nav ul:after{
 content: *.*;
 display: block;
 height: 0px;
 clear: both;
 visibility: hidden;
}

#top_nav ul ul{
 position: absolute;
 display: none;
 left: 0px;
 width: 0px;
}

#top_nav li a{
 text-decoration: none;
 display: block;
 color: #fff;
 padding: 10px;
}

#top_nav ul ul li{ 
background: #fff;
}

#top_nav ul ul li a{ 
 color: #000;
 width: 100%; 
}

Saturday, September 24, 2016

What Malicious Code?

Malicious code refers to a broad category of software threats to our network and systems. Perhaps the most sophisticated types of threats to computer systems are presented by malicious codes that exploit vulnerabilities in computer systems. Any code which modifies or destroys data, steals data , allows unauthorized access, exploits or damage a system, and does something that user did not intend to do, is called malicious code. There are various types of malicious code we will encounter, including Viruses, Trojan horses, Logic bombs, and Worms.

A computer program is a sequence of symbols that are caused to achieve a desired functionality; the program is termed malicious when their sequences of instructions are used to intentionally cause adverse affects to the system. In the other words we can’t call any “bug” as a Malicious Code. Malicious codes are also called programmed threats. The following figure provides an overall taxonomy of Malicious Code.

What is Intruders? explain it's classes.

Intruders:

One of the two most publicized threats to security is the intruder (the other is viruses), generally referred to as a hacker or cracker. There are three classes of intruders found:

Masquerader: An individual who is not authorized to use the computer and who penetrates a system's access controls to exploit a legitimate user's account. The masquerader is likely to be an outsider.
Misfeasor: A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges. The misfeasor generally is an insider.
Clandestine user: An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection. The clandestine user can be either an outsider or an insider.
Intruder attacks range from the benign to the serious. At the benign end of the scale, there are many people who simply wish to explore internets and see what is out there. At the serious end are individuals who are attempting to read privileged data, perform unauthorized modifications to data, or disrupt the system.

Friday, September 9, 2016

Define the Concept of Trusted System?

A trusted system is a system that is relied upon to a specified extent to enforce a specified security policy. As such, a trusted system is one whose failure may break a specified security policy.

Trusted systems in the context of national or homeland security, law enforcement, or social control policy are systems in which some conditional prediction about the behavior of people or objects within the system has been determined prior to authorize access to system resources.

For example, trusted systems include the use of "security envelopes" in national security and counterterrorism applications, "trusted computing" initiatives in technical systems security, and the use of credit or identity scoring systems in financial and anti-fraud applications; in general, they include any system (i) in which probabilistic threat or risk analysisis used to assess "trust" for decision-making before authorizing access or for allocating resources against likely threats (including their use in the design of systems constraints to control behavior within the system), or (ii) in which deviation analysis or systems surveillance is used to ensure that behavior within systems complies with expected or authorized parameters.

How Does Block Cipher Differs from Stream Cipher?

Stream Cipher

  • A stream cipher is an encryption algorithm that encrypts 1 bit or byte of plaintext at a time. It uses an infinite stream of pseudorandom bits as the key.
  • Examples of Stream Cipher
    One-time pad.
    Block Cipher in OFB OR CRT MODE. 
  • A stream cipher is synchronous if its key sequence does not depend on the plain- and ciphertexts but only on the previous elements of the key sequence and the initial key.

Block Cipher

  • Partition the text into relatively large (e.g. 128 bits) blocks and encode each block separately. The encoding of each block generally depends on at most one of the previous blocks.
    the same “key” is used at each block.
  • A block cipher is a method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to a block of data (for example, 64 contiguous bits) at once as a group rather than to one bit at a time. The main alternative method, used much less frequently, is called the stream cipher.

What is Originator Controlled Access Control (ORCON)?

An originator controlled access control (ORCON or ORGCON) bases access on the creator of an object (or the information it contains). Information is controlled by originator or creator of information not owner. Sometimes creator may be owner too. The goal of this control is to allow the originator of the file (or of the information it contains) to control the dissemination of the information. ORCON is the combination of MAC and DAC and the basic rules are:
  • The owner of an object cannot change the access controls of the object. 
  • When an object is copied, the access control restrictions of that source are copied and bound to the target of the copy. 
  • The creator (originator) can alter the access control restrictions on a per-subject and per-object basis.

What is The Biba Integrity Model?

Integrity refers to the trustworthiness of data or resources. Integrity is usually defined in terms of preventing improper or authorized change to data. There are three main goals of integrity:

- Preventing unauthorized users from making modifications to data or programs.
- Preventing authorized users from making improper or unauthorized modifications.
- Maintaining internal and external consistency of data and programs.

The Biba integrity model was published in 1977 at the Mitre Corporation; one year after the Bell La-Padula model was published. 

The primary motivation for creating this model is the inability of the Bell-LaPadula model to deal with integrity of data. 

The Biba model addresses the problem with the star property of the Bell-LaPadula model, which does not restrict a subject from writing to a more trusted object.

What is The Bell-LaPadula Model?

A confidentiality policy, also called an information flow policy, prevents the unauthorized disclosure of information. Unauthorized alteration of information is secondary. 

For example, the navy must keep confidential the date on which a troop ship will sail. If the date is changed, the redundancy in the systems and paperwork should catch that change. But if the enemy knows the date of sailing, the ship could be sunk. 

Because of extensive redundancy in military communications channels, availability is also less of a problem.

The Bell-LaPadula Model corresponds to military-style classifications. It has influenced the development of many other models and indeed much of the development of computer security technologies. 

The simplest type of confidentiality classification is a set of security clearances arranged in a linear (total) ordering. These clearances represent sensitivity levels. The higher the security clearance, the more sensitive the information and the greater the need to keep it confidential.  

A subject has a security clearance levels like C (for CONFIDENTIAL), TS (for TOP SECRET). An object has a security classification levels like S (for SECRET), UC (for UNCLASSIFIED). When we refer to both subject clearances and object classifications, we use the term "classification". 

The goal of the Bell-LaPadula security model is to prevent read access to objects at a security classification higher than the subject's clearance.

The properties of the Bell-LaPadula model are:
  • -          The simple security property which is “no read up”.
  • -          The star property which is “no write down”.

A problem with this model is it does not deal with the integrity of data.

ORCON - Originator Controlled Access Control

An originator controlled access control (ORCON or ORGCON) bases access on the creator of an object (or the information it contains). Information is controlled by originator or creator of information not owner. Sometimes creator may be owner too. The goal of this control is to allow the originator of the file (or of the information it contains) to control the dissemination of the information. ORCON is the combination of MAC and DAC and the basic rules are:
  • -          The owner of an object cannot change the access controls of the object.
  • -          When an object is copied, the access control restrictions of that source are copied and bound to the target of the copy.
  • -          The creator (originator) can alter the access control restrictions on a per-subject and per-object basis.

EXAMPLE: For protecting Audio/Video CD access is controlled to control piracy. Master CD is allowed to copy for selling and once copied CD is prevented to copy.

MAC - Mandatory Access Control

It is also termed as Rule Based Access Control. When a system mechanism controls access to an object and an individual user cannot alter that access, the control is a mandatory access control (MAC), occasionally called a rule-based access control. 

System mechanism controls access to object, and individual cannot alter that access. The operating system controls access, and the owner cannot override the controls. 

Neither the subject nor the owner of the object can determine whether access is granted. Typically, the system mechanism will check information associated with both the subject and the object to determine whether the subject should access the object. 
Rules describe the conditions under which access is allowed. Subjects cannot pass the rights and subjects programs cannot pass the right to access.             System controls all accesses, and no one may alter the rules governing access to those objects. 

EXAMPLE: The law allows a court to access driving records without the owners' permission. This is a mandatory control, because the owner of the record has no control over the court's accessing the information.

DAC - Discretionary Access Control

It is also known as Identity Based Access Control(IBAC). Individual user sets access control mechanism to allow or deny access to an object. Access control is left to the discretion of the owner. 

Discretionary access controls base access rights on the identity of the subject and the identity of the object involved. Identity is the key; the owner of the object constrains who can access it by allowing only particular subjects to have access. 

The owner states the constraint in terms of the identity of the subject, or the owner of the subject. The owner can pass rights onto other subjects (discretion). 

Also their programs can pass their rights and the owner has  power to determine who can access.


EXAMPLE: Suppose a child keeps a diary. The child controls access to the diary, because she can allow someone to read it (grant read access) or not allow someone to read it (deny read access). The child allows her mother to read it, but no one else. This is a discretionary access control because access to the diary is based on the identity of the subject (mom) requesting read access to the object (the diary).

What is the Goal of Computer Security?

Goals of Security:


Prevention is to prevent the attackers from violating security policy. Prevention means that an attack will fail. Typically, prevention involves implementation of mechanisms that users can not override and that are trusted to be implemented in a correct ways so that the attacker can't defeat the mechanism by changing it.

Detection is to detect attackers’ violation of security policy. So it occurs after someone violates the policy. The mechanism determines that a violation of the policy has occurred (or is underway) due to attack, and reports it. The system must then respond appropriately. Detection is most useful when an attack can't be prevented.

Recovery is to stop attack and to assess and repair any damage caused by attack. With recovery, it should be such that the system continues to function correctly, possibly after
a period during which it fails to function correctly, due to attacks.
For example if the attacker deletes a file, one recovery mechanism is to restore the file from backup tapes.

Protection State:

The state of a system at any instance is defined by the collection of the current values of all memory locations, all secondary storage, and all registers and other components of the system. The subset of this collection that deals with protection defines the protection state of the system. Access control matrix model is the most precise model used to describe a protection state.

Consider a set of possible protection states P. Suppose there is a subset Q of P consists exactly those states in which system is authorized to reside. So, whenever the system state is in Q, the system is supposed to be secure. When the system state is in P-Q, the system is not secure. So enforcing security means that the system state is always from the subset Q.  Any operations like reading, writing, altering and execution of data or instruction cause the change in state of the system i.e., state transition occurs. We are concerned with only those state transitions that will lead to the authorized states.


Security Mechanism

Security Mechanism is a method, tool, or procedure for enforcing a security. A security mechanism is an entity or procedure that enforces some part of the security policy. 

If there is a conflict in policies, discrepancies may create security vulnerabilities. A security mechanism is an entity or procedure that enforces some part of the security policy. Mechanisms may be

- Technical mechanism enforces the policy inside the system. For example, the mechanism that enables a password to authenticate the user before using the computer.


- Procedural mechanism enforces the policy outside the system. For example, the mechanism that sensor's a disk containing a game program obtained from an unreliable source. 

What Makes a Good Security Policy?

What Makes a Good Security Policy?

The characteristics of a good security policy are:

1. It must be implementable through system administration procedures, publishing of
    acceptable use guidelines or other appropriate methods.

2. It must be enforceable with security tools, where appropriate, and with sanctions,
    where actual prevention is not technically feasible.

3. It must clearly define the areas of responsibility for the users, administrators, and
    management.


Basic Properties of Security (Basic Principles of Security):

Confidentiality: Let X be a set of entities and let I be some information. Then I has the property of confidentiality with respect to X if no member of X can obtain information about I. Confidentiality implies that information must not be disclosed to some set of entities. It may be disclosed to others. The membership of set X is often implicit – for example, when we speak of a document that is confidential. Some entity has access to the document. All entities not authorized to have such access make up the set X.

Integrity: Let X be a set of entities and let I be some information or a resource. Then I has the property of integrity with respect to X if all members of X trust I. In addition to trusting the information itself, the members of X also trust that the conveyance and storage of I do not change the information or its trustworthiness (this aspect is sometimes called data integrity). If I is information about the origin of something, or about an identity, the members of X trust that the information is correct and unchanged (this aspect
is sometimes called origin integrity or, more commonly, authentication). Also, I may be a resource rather than information. In that case, integrity means that the resource functions correctly (meeting its specifications). This aspect is called assurance. As with confidentiality, the membership of X is often implicit.

 Availability: Let X be a set of entities and let I be a resource. Then I has the property of availability with respect to X if all members of X can access I. The exact definition of "access" varies upon the needs of the members of X, the nature of the resource, and the use of the resource. If a book-selling server takes up to 1 hour to service a purchase request, that may meet the client's requirements for "availability." If a server of medical information takes up to 1 hour to service an anesthetic allergy information request, that will not meet an emergency room's requirements for "availability."

Policy can be expressed in:

- Natural language, which is usually imprecise but easy to understand;
- Mathematics, which is usually precise but hard to understand;

- Policy languages, which look like some form of programming language and try to    balance precision with ease of understanding.

Security Policy

Policy is a set of mechanisms by means of which your information security objectives can be defined and attained. Security policy governs a set of rules and objectives need by an organization.

The purpose of the information security policy is:

  • To prescribe mechanisms that help identify and prevent the compromise of information security and the misuse of data, applications, networks and computer systems.
  • To define mechanisms that protect the reputation of the organization and allow the organization to satisfy its legal and ethical responsibilities with regard to its networks' and computer systems' connectivity to worldwide networks.
  • To prescribe an effective mechanism for responding to external complaints and queries about real or perceived non-compliance with this policy.

List any Four E-Government Delivery Models

Within every of those interaction domains, four sorts of activities take place, Pushing data over the internet, e.g.: regulative services, general holidays, public hearing schedules, issue briefs, notifications, etc. 

Two-way communications between one governmental department and another, users will interact in dialogue with agencies and post issues, comments, or requests to the agency. 

Conducting transactions, e.g.: Lodging tax returns, applying for services and grants. Governance, e.g.: To alter the national transition from passive info access to individual participation by:
  • Informing the individual
  • Representing an individual
  • Consulting an individual
  • Involving the individual

Thursday, September 8, 2016

What is Sandbox in Computer Security?

In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system.

A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. 

Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.

In the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. 

Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.

Define Security Policy

A security policy is a statement that partitions the states of a system into a set of authorized, or secure, states and a set of unauthorized, or non-secure states .

žA secure system is a system that starts in an authorized state and cannot enter an unauthorized state.
žA breach of security occurs when a system enters an unauthorized state.


žLet X be a set of entities and let I be some information. Then I has the property of confidentiality with respect to X if no member of X can obtain information about I. 

žLet X be a set of entities and let I be some information or a resource. Then I has the property of integrity with respect to X if all members of X trust I. 

žLet X be a set of entities and let I be a resource. Then I has the property of availability with respect to X if all members of X can access I. 

žA security mechanism is an entity or procedure that enforces some part of the security policy.
žA security model is a model that represents a particular policy or set of policies.

Types of Security Policy

  • ›Military Security policy 
  • ›Commercial security policy 

Featured Tutorials

HTML

View more

JavaScript

View more

C Programming

View more

Java

View more

CSS

View more

PHP

View more