A5 Software and Hardware Security Measures Part 2 PDF

A5 - SOFTWARE AND HARDWARE SECURITY MEASURES PART 2 BY ALEKS, SERGEY, EDVIN PURPOSES AND USES OF ENCRYPTION SAFE PASSWORD STORAGE Safe password storage involves securely savings password so that they cannot be easily accessed or misused if stolen. Hashing – passwords are converted in a unique, fixed length code using a hashing algorithm. it is a one-way process, so passwords won't be converted back to the original form. When a user logs ins, the password they enter is hashed and the system checks if it matches the stored hash. Salting – a salt in security is a string added to each password before hashing to make the hash unique for each user. This prevents attackers from using precomputed lists to crack passwords, as the same passwords will hash differently with different salts. Key stretching – strengthens passwords by repeatedly hashing them to slow down brute-force attacks. It runs the FILE, FOLDER, AND DISC ENCRYPTION File encryption - this encryption involves securing individual files which allows the user to protect specific documents, images or other files. For example, If you encrypt a document, only users with the key can open or view its contents. Folder encryption - this encrypts all files within a folder, offering a way to secure grouped data like project files and personal records. For example, encrypting a folder with team project files keeps all contents secure but is easily accessible for authorized users. Disk encryption - this encrypts the entire drive or storage device so that all data is protected without now needing to individually secure each file. This often requires a password when the device boots up or when the drive is accessed. For example, with disk encryption even if someone steals the device, they cannot access any of the data without the decryption key. DIGITAL RIGHTS MANAGEMENT (DRM) Digital Rights Management refers to a set of tools and technologies designed to control and protect digital content from unauthorized access, use, modification and distribution DRM is designed for: Encryption: the content is encrypted and only authorized users with a license or decryption key can access it. Access Controls: this limits how users can use content (e.g., only on certain devices or for a limited time). Watermarking: it embeds invisible marks to trace the source of unauthorized copies. Protects Intellectual Property: this helps creators and companies maintain control over their content. Prevents Unauthorized Sharing: this reduces piracy by restricting how content is distributed and accessed. ENCRYPTION OF DATA IN TRANSIT – P1 Data in transit is data that is being transmitted between two devices over a network. Data in transit is usually encrypted. There are many different technologies we use when encrypting data over a network. Built into devices. Many devices, like smartphones or tablets, come with built-in encryption. This security feature encrypts our data on our mobile devices, including messages we send. This is crucial for safeguarding privacy in calls, texts, emails, and app data, especially against hackers and authorized access. The Onion Router (TOR) is a network designed to improve online privacy and security by routing traffic through multiple encrypted layers(nodes). The Onion Roter hides a user's location and browsing activity by passing through at least 3 randomly selected nodes. A VPN (Virtual Private Network) establishes a digital connection between your computer and a remote server owned by a VPN provider, creating a point-to-point tunnel that encrypts your personal data, masks your IP address, and lets you sidestep website blocks and firewalls on the internet. ENCRYPTION OF DATA IN TRANSIT - P2 A digital certificate is an electronic document that verifies the identity of the sender of a message over the Internet. It also provides the recipient with credentials to decrypt the response. A certification authority issues electronic certificates to businesses. When a browser receives a digital certificate, it queries the CA that issued the certificate to verify that the information being transmitted is going where it should. Hypertext Transfer Protocol Secure (HTTPS) - is a communication protocol that uses TLS and SSL encryption to securely transmit data through a web page. The data transmitted online will be encrypted. If somebody intercepted the data while it is transmitting to the web server, it would be completely unreadable. Public and private keys are cryptographic tools used in encryption to secure communication. A message gets encrypted by a public key, which is available to everyone, and can only be decrypted with its unique private key, which is only available to its owner. PRECAUTIONS THAT CAN BE TAKEN TO PROTECT A WIRELESS LOCAL AREA NETWORK (WLAN) FROM UNAUTHORISED ACCESS SECURING ROUTER CONFIGURATION Enable strong encryption - Set the Wi-Fi security protocol to WPA3 or WPA2 for better encryption of wireless traffic. Avoid outdated protocols like WEP, which are easily compromised. Changing default admin credentials – default usernames and passwords can be found online easily which makes your router vulnerable. you can be more secure by changing the default admin credentials. Update firmware - Regularly update firmware to patch security vulnerabilities and improve performance Disable remote management - By turning off remote management it prevents unauthorized access to your router from the internet Enable network firewall – some routers come with a built-in firewall feature so if you enable it, you can add an extra layer of protection against unwanted traffic. MAC ADDRESS FILTERING AND HIDING THE SERVICE SET IDENTIFIER MAC address filtering How It Works: This feature restricts network access based on device MAC addresses (unique identifiers assigned to network hardware). Only approved devices can connect, adding a layer of control over network access. To Setup: You can manually allow or deny devices by listing their MAC addresses in the router settings. Hiding the SSID How It Works: This hides the network name from appearing in the list of available networks, making it less visible to casual users. Reduces visibility, making it less likely that unauthorized users will try to connect. To Setup: In your router’s settings, you can have the option to turn off SSID broadcasting. WIRELESS ENCRYPTION Wireless Encryption is a method used to protect data transmitted over Wi-Fi networks, making it unreadable to unauthorized users. Wired equivalent privacy (WEP) - Developed in the 1990s, WEP provides basic encryption but is outdated and vulnerable to attacks. Wi-fi Protected access2 ( WPA2) - Replaced WEP, providing stronger encryption with TKIP (Temporal Key Integrity Protocol). Wi-fi Protected access3 (WPA3) - Strongest encryption currently available, with improvements over WPA2, like SAE to prevent offline password attacks. Key strategies for wireless network protection: Regular Firmware Updates Enable Network Segmentation MAC Address Filtering Monitor Network Activity Use Strong, Unique Passwords TAKING CONSIDERATION OF SECURITY ISSUES DURING NETWORK AND SYSTEM DESIGN TO ENSURE SECURITY IS BUILT IN FROM THE DEVELOPMENT STAGE CONSIDERATION OF SECURITY ISSUES DURING NETWORK AND SYSTEM DESIGN 1. Threat Modeling - Identify potential attackers, vulnerabilities, and risks. Assess the impact of threats on confidentiality, integrity, and availability. 2. Secure Access Control - Define and implement strict user roles and permissions. Limit access to only what is needed. 3. Encryption - Use strong encryption protocols for securing data in transit and at rest. Consider key management strategies to protect encryption keys. 4. Authentication and Authorization - Implement mechanisms like multi-factor authentication and token-based access. 5. Patch Management - Design systems to allow for easy updates and patching to fix vulnerabilities promptly Use automated tools to ensure consistent updates. 6. Secure Communication - Encrypt communication channels with SSL/TLS. Use protocols like IPsec for securing network-level data transfers. THE END Storage and software Components: Level 3 IT Unit 11 Cyber Security and Incident M anagement

A5 Software and Hardware Security Measures Part 2 PDF

Document Details

Tags

Related

Summary

Full Transcript