Lab 6: Security In Network

The first task is to capturing File transfer protocol (FTP) username and password. Firstly, we have created 2 Windows Server 2003 virtual machine with one is winserv03_server, IP address of 192.177.1.107 and another one is winserv03_client, with the IP address of 192.177.1.105. Winserv03_server is installed with FTP and Wire Shark in it. On winserv03_client, we login to FTP server on winserv03_server by using command. While on winserv03_server, we login view the Wire Shark interface, I notice that username and password that we use to login to FTP server can clearly seen on the monitor.

The second task is to using IPSec to secure FTP transaction. IPSec is one of the solutions to safeguard the transmission of data over FTP from being seen by an unauthorized user. Even though it is not mandatory to use IPSec in IPv4, it is already available in IPv4 and user has the choice to enable it. IPSec will encrypt the data sent using normal FTP connection, thus only the authorized party can see the content. On winserv03_server, we change several setting of Management Console to implement IP security and change some setting on winserv03_client to enable authentication method. After a few steps of configuration of FTP and Wire Shark, we try to login just like task 1. The result of task 2 is Wire Shark cannot display the username and password.

Lecture 6: Security in Network

A computer network is a group of computer that are connected to each other for the purpose of communication. Networks may be classified according to a wide variety of characteristics. A computing network is a computing environment with more than one independent processors and may be multiple users per system.

What is network can provide?
Network provided logical interface function, sending messages, receiving messages, executing program, obtaining status information and obtaining status information on other network users and their status.

Type of Network
One way to categorize the different types of computer network designs is by their scope or scale. For historical reasons, the networking industry refers to nearly every type of design as some kind of area network. Common examples of area network types are:
LAN - Local Area Network
WLAN - Wireless Local Area Network
WAN - Wide Area Network
MAN - Metropolitan Area Network

Network topologies
There are 4 topology such as Bus Topology, Star topology, Ring Topology and Mesh Topology.

IPSec

§ Authentication & encapsulation

§ Work on layer 3

§ Only can be decrypt on the receiver side

SSL

SSL is the most widely used Internet security protocol supported by all the major web browsers. SSL adds a security layer between application protocols and TCP, so applications explicitly have to ask for security. SSL specification defines a handshake protocol whereby client and server agree on a cipher suite, establish the necessary keying material and authenticate each other. Combining of symmetric (on client host)and asymmetric (on server)algorithm

Kerberos

§ 1 server use to provide control authentication called as Kerberos server

§ Host need to have a ticket before able to send a packet to any server, 1 authentication server use to control the ticket.

§ The ticket characteristic is unique, encrypted and have a life time period, since the life time is over the limit, client should request the new one before able to communicate to other server.

Firewall

A firewall prevent specific types of information from moving between the outside world and the inside world and may be separate computer system. There are four basic types of firewalls which are Packet filter, Circuit-level proxy, Stateful packet filter and Application-level proxy. The challenges in building firewalls are twofold. With respect to functionality, the protection mechanisms in the firewall have to match the customers’ security policies, which often are a mixture of address-based and identity-based policies.

IDS

§ Capture packet and compare with the rule of IDS that installed and stored in database. If detect the malicious packet, an alert will be sent to admin so an admin can go to firewall device to block that particular packet.

§ Based on attitude of admin and rule, admin must update the rule constantly so it would be still relevant.

IPS

Scan the network, and if detect a malicious packet, IPS will send alert to access list on firewall, the firewall will directly block that particular packet.

Hacking involved:

§ Reconnaissance – gain general info on target host

§ Scanning

§ Gaining access

§ Maintaining access

§ Covering track

Lab 5 : Web Application Security

This lab is about Web Application Security and all student should be able to:
* Describe the flaw of web application and how it is exploited.
* Exploit web application vulnerabilities.
* List prevention method that can be taken to overcome web application vulnerabilities.

What is Web Application Security?
Web application can be accessed using a web browser over a network, either the Internet or within the Local Area Network. It is developed using browser-supported language such as HTML, JavaScript, PHP, ASP and etc.Web application let user to access application or system anywhere and at any time provided the user is connected to a network connection. A Web application system should be carefully and safely develop because it is the first line of defense, any fault or flaws in it development stage, the server configuration and even the scripting used in it development can bring a major loop hole that can be manipulated by intruder to be used as the backdoor to the entire network.

The Open Web Application Security Project (OWASP) is an open community that focuses on improving the security of application software.

The top 10 web vulnerabilities based on OWASP top 10 2007 are:
1. Cross site scripting
2. Injection flaws
3. Malicious file execution
4. Insecure direct object reference
5. Cross site request forgery
6. Information leakage and improper error handling
7. Broken authentication and session management
8. Insecure crypto storage
9. Insecure comms
10. Failure to restrict URL access

What is WebGoat and WebScarab?

WebGoat is a simulation toolkit used to demonstrate how we can exploit the vulnerabilities of a poorly design web application. The design of the web application in the WebGoat is deliberately designed with insecure J2EE framework so that user can understand the security issue by applying the security knowledge they have into exploiting a real vulnerability in WebGoat application.

WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented.

p/s : More details, refer to others references.^_^

Lecture 5: Database Security

Database:
People, programs or systems rely on Database management system (DBMS) to manage protection of data. Security of DBMS is an example of how application security can be designed and implemented for a specific task.
Two main security concerns: integrity and confidentiality in the DB context.
Two main security problems: inference & aggregation.

Why securing data is important?
* Information is a critical resource in enterprise
* Securing data has become a billion dollar industry
* People want to secure their confidential information not only from hackers but also from legal &
professional

Basic Database Concepts
DB is a collection of data and a set of rules. Administrator defines the rules and controls who should have access to what part of the data. DB consists of records, which contains one related group of data. Fields/elements within each record are the elementary data item. Rules identify the columns with names, which is called an attribute.

Characteristics for a Good Database Security Management System:
* Data independence
* Shared access
* Minimal redundancy
* Data consistency
* Data integrity

Additional Characteristics for a Good Database Security Management System:
* Privacy: Signifies that an unauthorized user cannot disclose data
* Integrity: Ensures that an unauthorized user cannot modify data
* Availability: Ensures that data be made available to the authorized user unfailingly

Advantages of Using Databases:
* Shared access: Many users can use one common centralized set of data.
* Minimal redundancy: Individual users need not maintain their own set of data.
* Data consistency: Change to a data value affects all users of the data value.
* Data integrity: Data values are protected against accidental or malicious changes.
* Controlled access: Only authorized users allowed to view/modify data values.

Basic Security Requirements
* Physical Database Integrity
* Logical Database Integrity
* Element Integrity
* Access Control
* User Authentication
* Availability

Database Integrity
* Integrity rules are needed to inform the DBMS about certain constraints in the real world.
* Specific integrity rules apply to one specific database. Example: part weights must be greater than zero.
* General integrity rules apply to all databases. Two general rules ( primary keys and foreign keys)

Reliability and Integrity
Three dimensions of Reliability and Integrity:
a) Database Integrity : Concern that the database as a whole is protected from damage.
b) Element Integrity : Concern that the value of a specific element is written or changed only by actions
of authorized users.
c) Element Accuracy : Concern that only correct values are written into the elements of a database.

Various techniques to use:
a) 2-phase update
* phase-1: Intent
: gathering info & resources, no harm in the case of failure, writing of a commit flag to database
* phase-2: Commit
: set commit flag in the database , causing permanent changes, may be repairable in the case of failure

b) Introducing redundancy
* using error detection / correction codes : entire database, records, fields / elements
* shadow fields : duplication of attributes / records

c) Recovery
* one way to achieve this is to have a log file for all recent changes (since last backup)

d) Concurrency/consistency control
* Simultaneous read is not a problem.
* Modification requires one to be locked out.
* Query-update cycle treated as a single uninterrupted operation.

e) Using monitors
* Range Comparison: Tests each new value to ensure value is within acceptable range.
* State Constraints: Describes the condition of the entire database.
* Transition Constraints: Describes conditions necessary before changes can be applied to database.

Sensitive Data
a) Definition : Data that should not be made public
b) Factors that make data sensitive
* Inherently sensitive
* From a sensitive source
* Declared sensitive
* Of a sensitive attribute or record
* Sensitive in relation to previously disclosed information

Access decisions on sensitive data
Factors to be considered when permitting “user x to access data y”
a) Availability of data : Record is blocked from read while it is modified
b) Acceptability of access : No disclosure (even ‘partial’) of sensitive values to unauthorized users
c) Assurance of authenticity of user : Limit access based on other considerations.

Inference
a) Definition: infer or derive sensitive data from non-sensitive or (seemingly) un-related data
b) “Inference” is a subtle vulnerability in database security.
c) Inference problem: Deriving sensitive data from non-sensitive data

Lab 4 : Cryptography Extended

Cryptography is the study of secret (crypto-) writing (-graphy).

Cryptography deals with all aspects of secure messaging, authentication, digital signatures, electronic money, and other applications.

The practitioner of Cryptography is called Cryptographer.

There are two classes of key-based algorithms:
* Symmetric (or secret-key)
* Asymmetric (or public-key) algorithms

The difference is that symmetric algorithms use the same key for encryption and decryption (or the decryption key is easily derived from the encryption key),
whereas asymmetric algorithms use a different key for encryption and decryption, and the decryption key cannot be derived from the encryption key.


Methods use in Cryptography Algorithm
a)Substitution

There are two types:

* Monoalphabetic substitution : It formed by shifting the letters of the original alphabet.

* Polyalphabetic substitution : Extension of monoalphabetic substitution system which use Vigenere Tableau.

b)Transposition

Two types of transposition:

* Unkeyed transposition : Rearrange letters by using matrix

* Keyed transposition : Rearrange letters by using matrix where the size of matrix is determined by the length of the key used.


Caesar Cipher
Caesar used a shift of 3, so that plain-text letter pi was encoded as cipher-text letter ci by the rule:

ci = E(pi) = pi + 3

To encrypt this message: P = TREATY IMPOSSIBLE
we obtain: C = wuhdwb lpsrvvleoh

Characteristics of Caesar Cipher: It is simple, easy to remember in the Caesar era, but not secure enough nowadays.

Let's see some example :

Given the encrypted message

L FDPH L VDZ L FRQTXHUHG

There exist 26 possible keys. It is easily use exhaustive search

which tries all possible keys. The permutation is
A B C D E F G ……… Y Z
d e f g h i j ……… b c

so E(p) = (p + 3) mod 26 and the original plain-text message is

i came i saw i conquered


Vigenere Cipher

A set of mono-alphabetic substitution rules consists of 26 Caesar Cipher, with shifts of 0 to 25. Each Cipher is denoted by a key letter.

For example, a Caesar Cipher with shift 3 is denoted by the key letter d.

Key : d e c e p t i v e d e c e p t i v e d e c e p t i v e

Plaintext : we a r e d i s c o v e r e d s a ve y o u r s e l f

Ciphertext : ZI CV TWQNGR ZG VTWAVZHC Q YGLMGJ


The Vegenere Tableau is a polyalphabetic cipher which maps one letter to many other letters.

The Vegenere Tableau is a collection of 26 permutations, represented in a 26 * 26 matrix.

All 26 letters are shown in each row and each column.

To use the Vigenere Cipher, the plain text letter is located on the top horizontal index alphabet; the key letter is directly below noted and as the vertical index.


Encrypt and decrypt using RSA algorithm

Let's do some exercise :

Perform encryption and decryption using RSA algorithm for the following:

p = 7; q = 11, e = 17; M = 8


Encryption

Ciphertext (C) = Memod n

C = 8^17 mod (p * q)
C = 8^17 mod (7 * 11) = 8^17 mod (77)

C = [ (8^16 mod 77) * (8 ^ 1 mod 77) ] mod 77
C = [ (8^8 mod 77) * (8^8 mod 77) * (8 ^ 1 mod 77) ] mod 77
C = [(8^4 mod 77) * (8^4 mod 77) * (8^4 mod 77) * (8^4 mod 77) (8 ^ 1 mod 77) ] mod 77

C = [4096 mod 77 * 4096 mod 77 * 4096 mod 77 * 4096 mod 77 * 8] mod 77
C = [15 * 15 * 15 * 15 * 8] mod 77
C = [ 405000] mod 77
C = 57

Decryption

Plaintext (M) = Cdmod n

Need to calculate d
e and d are multiplicative inverses mod (n).

(n) = (p – 1) (q – 1)
(n).= (7 -1) (11 – 1) = 6 * 10 = 60

The multiplicative inverse of

e mod 60 = 17 mod 60 = -7
Therefore the positive multiplicative inverse of 17 mod 60 is = 53

So, lets calculate Cdmod n

57 ^ 53 mod (n) = 57 ^ 53 mod (p * q) = 57 ^ 53 mod (77)
[(57^32 mod 77) * (57 ^16 mod 77) * (57 ^4 mod 77) * (57 ^ 1 mod 77)] mod 77
[(57 ^ 16 mod 77) * (57 ^ 16 mod 77) * (57 ^ 16 mod 77) * (57 * 4 mod 77) * (57 ^ 1 mod 77)] mod 77

57 ^ 4 mod 77 = 71
57 ^ 8 mod 77 = [(57 ^ 4 mod 77) * (57 ^ 4 mod 77)] mod 77
57 ^ 16 mod 77 = [ (57 ^8 mod 77) * (57 ^ 8 mod 77)] mod 77

Therefore,

57 ^ 8 mod 77 = [71 * 71] mod 77 = 36

Therefore,

57 ^ 16 mod 77 = [ 36 * 36] mod 77 = 64

So, we have

[64 * 64 * 64 * 71 * 57] mod 77

[262144 * 4047] mod 77 = 8


Therefore a successful decryption gets the original plaintext 8

p/s : I hope everybody will get some knowledges from my page.More details, ask the expert..!!

Lecture 4 : Operating System Security

Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build “secure” operating systems (operating systems whose mechanisms protect the system against a motivated adversary). Recently, the importance of ensuring such security has become a mainstream issue for all operating systems.

Security methods in operating systems
a) Separation
* Keeping one user’s object separate from other users
b) Can occur in several ways (Rushby & Randell):
* Physical separation
* Temporal separation
* Logical separation
* Cryptographic separation

Levels of protection
* No protection
* Isolation
* Share all or share nothing
* Share via access limitation
* Share by capabilities
* Limit use of an object
* Granularity of protection!

Memory Protection
Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build “secure” operating systems — operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems.

Methods use for Memory Protection
a) Fence
* The simplest from of protection
* Prevent a faulty program or user from destroying part of the resident portion of OS or another program
* Software or Hardware implementation
* Static or Dynamic (fence register)

b) Relocation
* OS location in memory is variable size
* Process of changing all addresses to reflect actual address located in memory
* Frequently used with fence register

c) Base/bound registers
* Each program is forced between base & bound registers
* To overcome the problem because of not provide a upper bound:
* Add second register called Bounds register (an upper address limit)

d) Tagged architecture
* Base/bounds assumes contiguous user program space.
- Protecting code or data is an all or nothing deal with the base/bounds technique
* Could add tags to memory units
- Very privileged operation to change tags
- Memory unit could be word or a page
- Used for capability support
- Used by Lisp machines to encode types
* RWX bits on pages for Intel architecture

e) Segmentation
* Segmentation
- Dividing program into separate pieces i.e. program,constant, array data, etc
* Benefits
- Each address reference can be checked
- Assignment of different level of protection
- Control access right i.e. >1 user

f) Paging
* Simpler alternative to segmentation
* Program is divided into equal-sized pieces called pages & memory is divided into equal-sized unit called page frames.

g) Paging combined with segmentation
* To solve problems by paging method
* Break each segment into equal sized pages
* Gain advantage of segment permissions coupled with reduction in fragmentation offered by paging.

Protecting General Objects
* Memory
* File or data set on an auxiliary storage device
* Program executing in the memory
* A directory of files
* A hardware device
* A data structure or an operating system table
* Instructions
* Passwords and user authentication mechanism
* The protection mechanism itself

Goals of protection of objects :
a) Check every access
b) Allow least privilege
c) Verify acceptable usage

Access Control to General Objects
Protecting memory is a specific case of the general problem of protecting objects
Objects to protect :
* A file or data on auxiliary storage device
* An executing program in memory
* A directory of files
* A data structure i.e. stack, array
* OS
* Instructions, especially privileged instructions
* Passwords and user authentication
* Protection mechanism itself

Mechanism: Kerberos
* Authentication and access authorization
* Two component:
- Authentication server is used to authenticate user credential
- and provide encrypted ticket to authenticated user
- Ticket-granting server is used to authenticate ticket and grant access to resources
* Implements single sign-on

File protection
a) Basic forms
* All-none protection
- Assumption : all users can be trusted
- You have the password : you have complete access
* Group protection

b) Single permissions
* Password or other token
* Temporary acquired permission

Lab 3 : Authentication and Basic Cryptography

This lab is about Authentication and Basic Cryptography and all student should be able to:
* Explain What is Authentication and Cryptography
* Implementing Data encryption.
* Implementing Local password policy on windows 2003
* Implementing Asymmetric cryptography by using Pretty Good Privacy (PGP)

What is authentication?
Authentication is any process by which you verify that someone is who they claim they are. Authentication services provide a means to prove that whatever the subject claims is true.

Identity verification can be classified by:
* The claimant demonstrates knowledge of something, e.g.password.
* The claimant demonstrates possession of something, e.g. a physical key or card
* The claimant exhibits some required immutable characteristics, e.g. a finger print.
* Evidence is presented that the claimant is at some particular place or time.
* The verifier accepts that some other party, who is trusted, has already established authentication.

What is cryptography?
The idea of a cipher system is to disguise information in such a way that its meaning is unintelligible to an unauthorized person.
Cryptography algorithms is a type of operations used for transforming plaintext (original message) to ciphertext (coded message).
The number of keys used is symmetric (single key or private-key encryption) and asymmetric (two-keys, or public-key encryption).

Now, i would like to share some knowleges about using NTFS for data encryption.

1. Log on to the Windows 2000 server as Administrator.
2. Open My Computer, then double-click the D drive.
3. Create a new folder called Encryption.
4. Double-click the Encryption folder and create a new folder called User2Folder.
5. Double-click the User2Folder folder.
6. Create a new text document and edit the contents to say: “This document is for my eyes only.”
7. Save the document as Private Document.txt and close the document.
8. Right-click on the document.
9. Select [Properties].
10. Click the [Advanced] button.
11. Check the [Encrypt contents to secure data] box.
12. Click [OK].
13. Click [OK] a second time, and you will receive some message.
14. Click the radio button that says [Encrypt the file only].
15. Click [OK].
16. Log off as Administrator and log on as User1.
17. Try to access the New Text Document in d:\Encryption\User2Folder. Access should be denied, even though the NTFS permissions are Everyone, Full Control.
18. Log off User1.

So, how interesting hehehe ;-)

Okay, review question time :p

1.Why are complex passwords important?

Complex passwords important because complex passwords are very difficult to guess or even crack using commonly available code breaking software.
The complex passwords usually take hours and sometimes days. Enforcing longer and more complex passwords thus improves security.
Password complexity is often built on the length of the word and the difficulty one has in guessing it. The more complex a password you create, the more secure you are making your data.
Passwords that feature uppercase and lowercase letters, numbers, and characters are much more challenging for a hacker to crack.
Integrating numbers and characters into phrases also helps guard against dictionary attacks.

2.Which of the following is considered a complex password? And why?
a. zamrud
b. Pa$$w0rd
c. ncdjszkjdnc
d. Johnwiley

Pa$$w0rd is considered a complex password. It because these substitutions can be effective when combined with other measures, such as length, misspellings, or variations
in case, to improve the strength of your password. Others word not considered as a complex password because “zamrud” is contain from a dictionary word,
then “ncdjszkjdnc” only use lowercase letters, and “Johnwiley” maybe is a usernames.

3.If you implement an account lockout and reset counter policy, how can you monitor the failed attempts?

Failed attempts are logged in event logs. Any number of event log monitoring tools can alert off of them.


p/s : More details, refer to the expert! ^_^

Lecture 3 : Program Security

Our lecture 3 of Information Technology Security course is about Program Security.
Security implies some degree of trust that the program enforces expected confidentiality, integrity, and availability. While program security is our first step on how to apply security to computing.
Program errors are generally divided into two types which are malicious and nonmalicious program error.

Nonmalicious Program Errors
Nonmalicious program errors are unintentional error which causes by mistakes made by programmers and developer.
Nonmalicious program errors causes program malfunction but do not lead to serious security vulnerabilities.
Attack associated to programs error:
* Cross site scripting
* Injection flaws
* Malicious file execution
* Insecure direct object reference
* Cross site request forgery
* Information leakage and improper error handling
* Broken authentication and session management
* Insecure crypto storage
* Insecure comms
* Failure to restrict URL access


Viruses and Other Malicious Code
Malicious Code has been "officially" defined by Cohen in 1984 but the virus behaviour known since at least 1970.
Malicious code exploit the weaknesses in computer software and is intended to cause undesired effects, security breaches or damage to a system.
Damage could be in form of :
* Modification/destruction
* Stolen data
* Unauthorized access
* Damage on system
* or other forms not intended by users

Examples of malicious codes:
* Trojan Horse : contain unexpected, additional functionalities.
* Virus :attach itself to program and infect other programs.
* Worm :a program which replicates itself and causes execution of the new copy.
* Bacteria : replicates until it fills all disk space, or CPU cycles
* Logic Bomb :malicious code that activates on an event
* Trap door : allow unauthorized access to functionality.
* Spyware : Can steal your information, can steal your email addresses, can see what Web sites you visit, slow down your computer and etc.


Preventing Virus Infection
a) Protection against viruses
* detection tools
* identification tools
* removal tools
b) Scanners and disinfectors are the most popular classes of anti-virus software.
c) Personal and administrative practices and
d) Ways to prevent Virus infections:
* Use only commercial software acquired from reliable, well established vendors.
* Test all new software on an isolated computer.
* Do not put a floppy disk in the machine unless it has been scanned first.
* Do not open attachments to email unless they have been scanned. Including turn of the auto open of attachments in mail readers.
* Scan any downloaded files before they are run.
* At least once a week update the virus signature data files.
e) Make a bootable disk with a virus scan program on it and write protected.
f) Make and retain backup copies of executable system files.

There is no real way to measure the amount of damage that malicious code can do. All one can do is estimate, and that is only for the discovered programs, what about the ones that haven't been discovered or haven't been executed, or worst the ones that haven't been written yet.

Lab 2 : The Goals of Information Technology Security

“Security” is use to describe the quality or state of being secure that is to be free from danger or to be protected from those who would do harm, intentionally or otherwise.
Information security involves the security in an organization regarding the application security, policies involves and Information Technology infrastructure to create a secure and protected computing environment for an organization.
The goals of an Information security are confidentiality, integrity and availability.
In contemporary computer network environments, another goal to be achieved is to provide legitimate use of resources which ensuring that resources are from the original source.
In creating a secure computing environment, one must know how to balance these three elements.
If one of the element is more or less it will affect the functionality of the system, for instance if you concentrate on providing the total confidentiality of the information
then the availability of the data is less. Thus the balance between the elements is very important and this is the challenge a security administrator has to face.


By the end of this lab, student should be able to:
* Understand What is Information Technology Security goals
* Determine if partition is NTFS or FAT32
* Implementing confidentiality in Windows Server 2003
* Implementing integrity in Windows Server 2003
* Implementing availibility in Windows Server 2003

The first task is Using NTFS to Secure Local Resources and second task is Data Confidentiality follow by the third and fourth tasks which are Data Availability and Data Integrity.



Okay, now time to do some review question :p

1.What is the default permission when a partition is formatted with NTFS?
Default permission when a partition is formatted with NTFS is Full Control.

2.Who has access to the volume when a partition is formatted with NTFS?
NTFS is better security because you can use permissions and encryption to restrict access to specific files to approved users. The Everyone group has access to the volume when a partition is formatted with NTFS. The everyone group with the Full Control permission for the shared folder. If all users are members of the everyone group, so they all have access.

3.What is the best way to secure files and folders that you share on NTFS partitions?
The best way to secure files and folders that you share on NTFS partitions is put the files that you want to share in a shared folder, and keep the default shared folder permission (the everyone group with the Full Control permission for the shared folder). Then, assign NTFS permissions to users and groups to control access to all contents in the shared folder or to individual files.

4.Data integrity can also be threatened by environmental hazards such as dust, surges
and excessive heat. True or False?
It True because data integrity refers to the validity of data, meaning data is consistent and correct. Data integrity can also be threatened by environmental hazards such as heat, dust, and electrical surges.

p/s : This lab very interesting i like it hehehe. ^_^