Computer Networking and Security Module

Introduction to Computer Security

• The practice of assuring information and managing risks related to the use, processing, storage, and transmission of information or data.
• Includes protection of the integrity, availability, authenticity, non-repudiation, and confidentiality of user data.

Information Assurance (IA)

• Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.
• A superset of information security, strongly related to the field of information security, and also includes business continuity.

Importance of Information Assurance

• To protect information exchanges between interconnected computer systems.
• To add business benefit through the use of IRM (Information Risk Management).
• To minimize risk and ensure business continuity.

Pillars of Information Assurance

• Confidentiality: preserving authorized restrictions on access and disclosure.
• Integrity: protecting against improper information modification or deletion.
• Availability: ensuring timely and reliable access to and use of information.

Security Models

• Information security models: CIA triad (Confidentiality, Integrity, and Availability).
• Other security models: Enterprise security, Cyber defense, and IA.

Threats, Vulnerabilities, and Risk

• Threat: any circumstances or events that can potentially harm an information system.
• Vulnerability: weaknesses or faults in an information system or its components that could be exploited.
• Risk: an expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability.

Controls and Countermeasures

• A control, safeguard, or countermeasure is an action, device, procedure, or technique that reduces a threat, vulnerability, or attack.
• Examples of controls: access controls, encryption, firewalls, and intrusion detection systems.

Types of Attacks

• Active attack: an attempt to alter or affect system resources or their operation.
• Passive attack: an attempt to learn or make use of information from the system without affecting its operation.
• Insider attack: initiated by an entity inside the security perimeter.
• Outsider attack: initiated from outside the perimeter.

Principles of Computer Security

• Principle of Easiest Penetration

• Principle of Adequate Protection

• Principle of Effectiveness

• Principle of Weakest Link

• Principle of Least Privilege

• Defense in Depth

• Minimization

• Compartmentalization

• Keep Things Simple

• Fail Securely

• Balancing Security and Access### Cryptography Fundamentals

• Cryptography concerns: Confidentiality, Integrity, Non-repudiation, and Authentication

• Types of Malicious Attacks:

  • Logic bomb
  • Backdoor/Trapdoor
  • Adware
  • Flooders (DoS client)
  • Key loggers
  • Rootkit
  • Spam/scam, identity theft, e-payment frauds

Cryptography Classifications

• Classical/Conventional Cryptography: Substitution Ciphers and Transposition Ciphers
• Modern Cryptography: Symmetric key cryptography and Public key cryptography

Basic Cryptographic Terms

• Plaintext: The original form of a message
• Ciphertext: The coded/encrypted form of a message
• Cipher: An encryption method or process
• Key: Information used in a cipher known only by the sender/receiver
• Symmetric Algorithm: Uses the same key for encryption and decryption
• Asymmetric Algorithm: Uses different keys for encryption and decryption

Substitution Ciphers

• Monoalphabetic Ciphers: One symbol in the plaintext corresponds to one symbol in the ciphertext
• Polyalphabetic Ciphers: One symbol in the plaintext corresponds to multiple symbols in the ciphertext
• Examples of Substitution Ciphers: Caesar Cipher, Vigenere Cipher, Hill Cipher

Transposition Ciphers

• Reorders the symbols in the plaintext
• Types of Transposition Ciphers:
  • Keyless Transposition Ciphers
  • Keyed Transposition Ciphers
• Examples of Transposition Ciphers: Rail-fence Transposition, Columnar Transposition

Symmetric Key Cryptography

• Uses the same key for encryption and decryption
• Key Distribution Problem: Secure distribution of the secret key
• Symmetric Cipher Model: Alice and Bob use the same key for encryption and decryption
• Examples of Symmetric Key Algorithms: DES, 3DES, AES

Asymmetric Key Cryptography (Public Key Cryptography)

• Uses different keys for encryption and decryption
• Key Pair: A public key and a private key
• Advantages: Simpler and faster, eliminates the key distribution problem
• Examples of Asymmetric Key Algorithms: RSA, Diffie-Hellman (DH)

Diffie-Hellman (DH) Key Agreement

• Used for key exchange
• Key Agreement Process: Alice and Bob agree on a shared symmetric key without actually exchanging the key
• Used in Internet Key Exchange (IKE) protocol and IP Security (IPSEC) architecture

RSA (Rivest, Shamir, Adleman)

• Asymmetric Key Algorithm
• Uses the difficulty of factoring large numbers and discrete logarithm problem
• Key Generation: Alice and Bob generate their own public and private keys### RSA Algorithm
• Developed by Ron Rivest, Adi Shamir, and Len Adleman
• Advantages: more secured, Authentication, and Variable Key Size (512, 1024, or 2048 bits)
• Disadvantages: relatively complex
• Used for the management of public key and distribution of digital certificates
• Authenticates users and devices in the digital world
• Most popular public key algorithm
• Based on the principle that no mathematical method can efficiently find the prime factors of large numbers

How RSA Works

• Key Generation, Encryption & Decryption Procedure:
  • Choose two large prime numbers p and q
  • Compute n=pq and z=(p-1)(q-1)
  • Choose number e, less than n, which has no common factor (other than 1) with z
  • Find number d, such that ed – 1 is exactly divisible by z
  • Keys are generated using n, d, e
  • Public key is (n,e)
  • Private key is (n, d)
• Encryption: c = me mod n
• Decryption: m = cd mod n

Other Asymmetric Key Algorithms

• El Gamal:
  • Developed by Taher ElGamal
  • Variable key size (512 or 1024 bits)
  • Less common than others
• Diffie-Hellman Key Agreement (DH):
  • Key exchange protocol
• Digital Signature Algorithm (DSA):
  • Used for digital signatures
  • Relies on public key cryptography
  • Private key is used for signing, and public key is used for verifying signatures

Hash Functions

• A hash function takes a variable-size message as input and produces a fixed-size output (hash code or message digest)
• No key is used in this algorithm
• Fixed-length hash value is computed as per the plain text
• Used in many operating systems to encrypt passwords
• Creates a unique, fixed-length signature for a specific message or data set

Vulnerability and Penetration Testing

• Vulnerability: a weakness or flaw in the system security that may result in unauthorized access
• Vulnerability Assessment: the process of scanning the system to identify vulnerabilities
• Penetration Testing: an authorized simulated attack on a computer system to evaluate the security of the system
• Types of vulnerability scanners:
  • Host-Based: identifies issues in the host or system
  • Network-Based: detects open ports and identifies unknown services running on these ports
  • Database-Based: identifies security exposure in database systems to prevent SQL Injections

Secure Web Servers and Firewalls

• Secure Web Servers:
  • Adds confidentiality and integrity protection to ordinary e-mail
  • Examples: PGP
• Firewalls:
  • A program or network device that filters access to a protected network from the internet connection
  • Monitors and controls incoming and outgoing network traffic
  • Objectives:
    • Keep intruders, malicious code, and unwanted traffic out
    • Keep private and sensitive information in
  • Categories:
    • Network Firewalls: filter traffic between two or more networks and run on network hardware
    • Host-Based Firewalls: run on host computers and control network traffic in and out of those machines
    • Application-Level Gateway (Application Firewall/Proxy Server): runs special software that acts as a proxy for a service request