Cryptographic Algorithms - 3DES and Diffie-Hellman

3DES

• 3DES (Triple Data Encryption Algorithm) is an encryption algorithm
• It has three phases: encryption, decryption, and decryption

Diffie-Hellman Key Exchange

• The Diffie-Hellman algorithm is used for key exchange
• It is commonly used in IPsec VPN, SSL/TLS, and SSH
• It is not an encryption mechanism and is not used for bulk encryption
• It is used to create keys for symmetric algorithms

Symmetric vs Asymmetric Key Algorithms

• Symmetric key algorithms use the same key for encryption and decryption
• Asymmetric key algorithms use a public key for encryption and a private key for decryption
• Asymmetric algorithms provide confidentiality and authentication

Limitations of Firewalls

• Firewalls cannot protect against attacks bypassing the firewall
• Firewalls may not protect against internal threats
• Improperly secured wireless LANs can be accessed from outside the organization
• Infected laptops or devices can be used internally

Bastion Hosts

• A bastion host is a secure system that serves as a platform for application-level or circuit-level gateways
• Characteristics of bastion hosts include:
  • Runs a secure operating system with only essential services
  • Requires user authentication to access the proxy or host
  • Proxies can restrict features and hosts accessed
  • Each proxy is small, simple, and checked for security
  • Each proxy is independent and non-privileged
  • Limited disk use, with read-only code

Zero-Day Attacks

• A zero-day attack is a computer attack that exploits software vulnerabilities
• Worms and viruses can spread rapidly across the world
• Zero-hour describes the moment when the exploit is discovered

IDS (Intrusion Detection System)

• IDS monitors traffic offline and generates an alert when malicious traffic is detected
• Advantages of IDS include:
  • Works passively
  • Requires traffic to be mirrored
  • Does not slow network traffic
  • Allows some malicious traffic into the network

Viruses, Worms, and Trojan Horses

• A virus is malicious software attached to another program to execute unwanted functions
• A worm executes arbitrary code and installs copies of itself in the infected computer's memory
• A Trojan horse is a malicious program disguised as a legitimate application
• Viruses, worms, and Trojan horses can be mitigated by:
  • Installing antivirus software
  • Keeping software up-to-date
  • Avoiding suspicious emails and attachments

Buffer Overflows

• A buffer is an allocated area of memory used to store data temporarily
• A buffer overflow occurs when a process attempts to store data beyond the buffer's capacity
• Buffer overflows can result in data overwriting adjacent memory locations and causing unexpected behaviors
• Buffer overflows are a primary conduit for viruses, worms, and Trojan horses

Worm Mitigation

• Worm attack mitigation requires diligence from system and network administration staff
• A four-phase process is used to mitigate an active worm attack:
  • Containment Phase: Limits the spread of the worm infection to already affected areas
  • Inoculation Phase: Runs parallel to or subsequent to the containment phase