quiz 2 (1).pdf
Document Details
Uploaded by Deleted User
Full Transcript
Introduction to Digital Technologies CHAPTER: 2 COMPUTER NETWORKS AND CYBERSECURITY 2.1 Objectives This chapter will cover the basic concepts of computer networks and discuss the various devices which are used in building the computer networks. After developing...
Introduction to Digital Technologies CHAPTER: 2 COMPUTER NETWORKS AND CYBERSECURITY 2.1 Objectives This chapter will cover the basic concepts of computer networks and discuss the various devices which are used in building the computer networks. After developing the basic understanding of computer networks, the idea of cybersecurity and its importance in computer networks is explained. The topics discussed in this chapter are given below. Basic network terminology Types of Computer Networks Communication Protocols The Internet and Web. What is Cybersecurity? Importance of Cybersecurity. Types of threats and Malware. Best practices 2.2 Communication Networks A communication network consists of several devices that are interconnected and able to communicate with each other. If the devices used in the communication are mainly mobile devices than it’s called a Mobile Network. Similarly, if the devices used in the communication are ATM machines in that case it is called an ATM Network. PYP002 46 Introduction to Digital Technologies 2.2.1 Computer Networks Computer networks are a type of communication networks in which a group of computers can communicate digital data and instructions with each other. Computer networks use packet switching for the exchange of data. The computing devices in Figure 4.1 are interconnected and can communicate with each other through the communication links. The communication links (indicated by lines) can be wired (Ethernet cable, Fiber, etc.) or Wireless (Wi-Fi, Bluetooth, Satellite, etc.) The device that initiates the communication is called the Source and the device that receives the information is called the Destination. A Path is a collection of communication links from Source to Destination. Figure 2. 1 Computer Network 2.3 Types of Computer Networks Computer networks can be classified into various types based on architecture, coverage area and size. 2.3.1 Network Types based on Architecture. The architecture of the network defines how the devices are managed in a network and by what means the data flows throughout the network. There are two main computer network architectures. Client / Server Network: In a client/server network model, one computer, called the server, provides access to the resources on the computer to other computers in the network. A computer making a request to a server for a resource is called a client. Client / Server network model requires the server to be a high-end powerful machine that can handle many requests from clients simultaneously. This model has the advantage that shared resources of the network are centrally administered making it easy to implement security with a high degree of control. Among the disadvantages include the disruption of service for the whole network if server stops working due to malfunctioning, power failure, or a loss of network connectivity. Client-server model provides a Centralized system to manage the resources shared on the network. This model is used in the Internet such that a web server hosts a website accessible to any computer connected to the Internet. PYP002 47 Introduction to Digital Technologies Figure 2. 2 Client /Server Network (Left) and Peer to Peer Network (Right) Peer to Peer Network (P2P): In a peer to peer network, shared resources are distributed over different devices throughout the network. Peer to peer network is a Decentralized system since there is no central control. The main advantage of this type of network is the distribution of resources on different computers, so if one computer is down for maintenance or power failure, the same resource may be available on another computer on the network. A disadvantage is reduced control on the shared resources making it difficult to maintain good security in sharing the resources. P2P model is commonly used in file sharing networks like Kazaa, torrents and more recently in blockchain networks etc. 2.3.2 Network Types based on Coverage Area and Size Computer networks can also be classified based on the network coverage area and size into the following categories. Local Area Network (LAN): This type of network connects a small group of personal computers to form a network that can cover a very small geographic location e.g. House, Lab. Wide Area Network (WAN): This type of network covers large geographical areas and is formed by the interconnection Network Node / Host / Endpoint Devices of many small networks. The best example of a wide area network is the Internet. 2.3.3 Network Node / Host / Endpoint Devices A network may consist of a variety of devices connected through the network. These devices can be computers, printers as well as network specific devices such as routers and modems. The most generic term to refer to any device on the network is a network node. The term host is used for those devices which offer an application or a service to a user. A router, for example, is not considered a host as a user does PYP002 48 Introduction to Digital Technologies not use a router directly for an application. The devices which are used at the end of a network to provide access of the network to a user are called endpoint devices. Examples are desktop computers, laptops, smartphones, tablets, printers. These devices provide a direct interface for the users to interact with the network. The term Host is also used to refer to Endpoint devices. 2.3.4 Network Devices These are the devices that perform a basic role in the formation of a network. These devices are responsible for the interconnection of nodes and the transfer of data between them. Routers, switches, bridges, etc. are some examples of network devices. Router: A router is one of the most important network device in computer networks. It has following major functions and features: The main function of this device is to route the traffic of data packets within a network and hence it is called a router. A router finds the shortest path from a source to a destination computing device. A router is responsible for the interconnection of different networks and allowing the data to ship from one network to another. A router can link the network nodes inside a single network and manage the data transfer between them. Routers have both wired and wireless interfaces for a device connection. Figure below shows a router, and its symbol used in a network diagrams. Figure 2. 3 Router 2.3.5 Network Interface Card (NIC) A network interface card (NIC) is an important hardware component that allows a device to connect to a network. It is a circuit board installed in a computer to connect with another network node. PYP002 49 Introduction to Digital Technologies Wireless NIC Card Wired NIC Card Figure 2. 4 Network Interface Card 2.4 Communication Protocols Communication protocols are set of rules which are used for transmitting and receiving information from one network device to another. There are many protocols which are used in computer networks for different types of communications. The protocols change depending on the type of data that is being transferred. For example, for live video chat, a different protocol is used as compared to transferring web pages on the Internet. Hence, these protocols allow various types of devices to exchange different types of data with each other. http / https protocol: The http:// that is displayed at the start of every web page that is accessed on the Internet represents a protocol named Hyper Text Transfer Protocol. This protocol is used for the transferring of web pages from a web server to a client computer. It has two variants, the normal http and https. The protocol https is a modified version of http with added SSL encryption to make the transmission of data secure over the Internet. ftp / sftp protocol: The File Transfer Protocol (ftp) is used to transfer files between devices on a network. The sftp protocol provides secure transmission of files between the source and the destination. TCP / IP protocol: The Transmission Control Protocol (TCP) / Internet Protocol (IP) is one of the main protocols of the Internet that is used to transmit and receive packets of data from the source to the destination on the Internet. PYP002 50 Introduction to Digital Technologies 2.5 The Internet The Internet is a global wide area network (WAN), which consists of interconnected computer networks around the world. We may consider Internet as a network of networks. Internet uses packet switching for the transfer of data. Internet is not owned or governed by any single organization or government. 2.5.1 Internet Service Provider (ISP) An internet service provider or ISP is an organization that provides Internet access to local users or business organizations. For example, STC, Mobility and Zain, etc. are some of the ISP’s that are operating in the Kingdom. 2.5.2 Network Service Provider (NSP) and Network Access Point (NAP) Network service providers or NSPs are organizations that operate the network infrastructure for the global connectivity of Internet and sell bandwidth and network access to ISPs. An NSP provides to ISPs an access to its Network Access Points (NAP) located within a geographical region, which is a basic element of the network infrastructure providing the global connectivity of Internet. The NSP and NAP are said to form the backbone of the Internet. An ISP connects to the backbone of the Internet through these network access points. Internet backbone consists of the main data transfer routes between the core, large, and interconnected computer networks. It basically interconnects the whole world. The Internet backbone is sometimes also called submarine cable. Part of the Internet backbone infrastructure are the large cables laid on the seabed between land-based stations to carry data to interconnect continents and people all over the world. NSP examples: AT&T, CenturyLink, NTT Communications, Sprint, Tata communications, Telecom Italia Sparkle, Telia Carrier, and Verizon. PYP002 51 Introduction to Digital Technologies Internet IS IS P P Rout er Rout User1 wants er to send a large file to User2. User2 User1 Figure 2. 5 Communication between users over the Internet 2.5.3 What is the Web? The Web (“World Wide Web”) is a system of providing access to documents and information services globally. HTTP is the communication protocol of the Web. A website is a collection of documents (often called web pages) and interactive services to provide information about a specific topic, company, organization, person, event, or place. Main web page is referred to as a home page. A web server is a computer accessible through the Internet which hosts a website and gives access to the website over the Internet based on HTTP. A web page is the product or output of one or more web-based files stored in a website, which is displayed on a user’s computer who requested the web page using a web browser. PYP002 52 Introduction to Digital Technologies Figure 2. 6 A sample web page Web Pages & Files Internet Web Server User Computer Figure 2. 7 Web Server A URL (Uniform Resource Locator) serves as an address to uniquely identify a web page. A complete URL usually starts with http:// or https://. The part of a URL that appears after the dot, such as.com,.edu,.sa,.uk indicates the top-level domain. Path includes folder name(s) and file name locating a web page on a website. Parameters are used to provide additional information for a URL. Figure 2. 8 Example of a URL PYP002 53 Introduction to Digital Technologies 2.5.4 How the Internet works The Internet is a global network that uses the Transmission Control Protocol and Internet Protocol i.e. (TCP / IP) to transfer data from one device to another. The TCP/IP protocol uses IP Addresses and Port Numbers to send data from a source computer to a destination computer. IP Address: The IP address is a unique sequence of numbers assigned to each device connected to the Internet to uniquely identify a device. There are two versions of IP address used. The IPv4 and IPv6. IPv4 o IPv4 is an old version of IP address that used 32 bits for creating a unique address for every device on the Internet. IPv6 is the latest version that uses 128 bits for addressing devices. o IPv4 uses 32 bits to represent the address for each device on the network. The use of 32 bits limits IP4 system to have a maximum of 232 unique addressees which can be assigned to a device on the Internet. o These 32 bits are divided into four parts separated by a dot. The size of each part is 8-bits and is converted to a decimal number for representation. _______._______._______._______ 8-bits 8-bits 8-bits 8-bits The maximum decimal number in each block ranges from 0-(28-1) = 0-255 0-255.0-255.0-255.0-255 For example 12.54.76.98 is a valid IPv4 address while 156.325.54.126 is an invalid IP address because the number 325 in the second block exceeds the maximum limit of 255. IPv6 o IPv6 is a next generation IP address system which uses 128 bits to represent an address for a device. The use of 128 bits allows a much larger space of 2 128 uniquely identifiable addresses. IPv6 is to replace IPv4 (gradually), as IPv4 is running out of addresses. IPv6 improves performance, handles packets more efficiently and increase security. PYP002 54 Introduction to Digital Technologies o An IPv6 address is divided by colons into eight segments and uses a hexadecimal system. For example, 2001:0db8:85a3:0000:0000:8a2e:0370:7334 Hexadecimal system contains numbers from 0-9 and letters from a-f. The format of IPv6 allows that consecutive all zero parts of an IPv6 address be replaced with colon symbol. For example, the IPv6 address given in the example above can be represented as 2001:db8:85a3::8a2e:370:7334 You can check the IP address of your device by entering the following command on a Windows command prompt. ipconfig /all Private and Public IP Private networks such as an intranet often use the same IP address system as used with the Internet. There are certain ranges of IP address in IPv4 which are dedicated for use within private networks and are called private IPs. Each device within a private network should have a unique IP address. However, the same private IP can be used in different private networks. Public IPs are globally unique IP addresses that are assigned to devices as they connect to and communicate over the Internet. There are three dedicated IPv4 address ranges for small, medium and large private networks as follows: 10.0-255.0-255.0-255 (Large Private Network) 172.16-31.0-255.0-255 (Medium Private Network) 192.168.0-255.0-255 (Small Private Network) The above address ranges used in the private networks cannot be used in public networks such as Internet to avoid conflict. However, IP addresses from the above ranges can be repeated between different private networks. A benefit we have is the ability to reuse same IP address with multiple devices thus having a way to manage within the limited address space of IPv4. Consider the figure given below to understand the communication between public and private networks. A private network, such as the internal network of KFUPM, uses private IP addresses to manage device connectivity within the network. The same range of private IP addresses can be used within the private network of a different university. A private network connects to the Internet through a router such that the router connects with a public IP address to the Internet. Whenever a device within the University network accesses a server on the Internet (e.g. accessing websites like google, Instagram etc.), the request PYP002 55 Introduction to Digital Technologies goes through the router connected to the Internet and the request reaches to the target server with the public IP address of the router. The router manages the communication between a device within the private network and a device on the Internet using a technique called Network Address Translation (NAT). Figure 2. 9 How the private and public IP addresses work The IP address returned by ipconfig /all command is the private IP of a computer and the one returned by searching “My IP address” in Google is the public IP of the router through which the computer connects to the Internet. PYP002 56 Introduction to Digital Technologies Figure 2. 10 Checking Private and Public IP Domain Name is a text-based name used for the devices of a network which may be accessible through the Internet. For example. www.google.com In the above text “google.com” is the domain name and “.com” is the top-level domain of the website. The table below lists some of the commonly used top-level domains. Table 2-4 Top Level Domains Top level Uses Restricted/ Unrestricted domain gov Government organizations Restricted to US edu Educational institutions Restricted to US net Internet administration organizations Unrestricted com Commercial businesses Unrestricted org Professional and nonprofit organizations Unrestricted Domain Name System (DNS) consists of a group of servers called DNS servers that are responsible for the translation of domain names of a server to their corresponding IP addresses. One can run the nslookup command on Windows command prompt to get the IP address of any domain Name. For example, the IP address of google domain can be obtained as follows: nslookup www.google.com PYP002 57 Introduction to Digital Technologies Figure 2. 11 Communication over the Internet The figure above shows how a request from a host computer inside the KFUPM Network to access the domain www.google.com is accomplished on the Internet. The request goes from the HOST to the KFUPM network Private DNS Server which finds the IP Address of the Domain name in its record. If the IP Address is not found in its record than the request is sent to the Public DNS servers to get the IP Address of google. Once the IP address is acquired, the request is forwarded to the nearest router. The router looks at the destination IP address and finds the shortest path to the destination. A packet on its path passes through different networks before reaching the destination google network. Once a request reaches to the destination server, port numbers are used to identify which application or process to communicate with. The same procedure is followed on the return path to the source. The IP addresses of the networks encountered on the path from source to destination can be seen using the command tracert in command prompt. PYP002 58 Introduction to Digital Technologies 2.6 Network Commands Activity ipconfig/all User can check the IP address of a computer by running the command “ipconfig/all” in a Windows command prompt. Figure 2.10 Output of ipconfig/all nslookup “website address” User can check the IP address of a domain name by using the command “nslookup website address” in a Windows command prompt. For example: nslookup google.com Figure 2.11 Output of nslookup PYP002 59 Introduction to Digital Technologies tracert Tracert command is used to trace the path of a packet from source to destination. For example, we may enter the following command on the Windows command prompt. tracert www.gmail.com Figure 2.12 Output of tracert 2.7 Cybersecurity The phrase cybersecurity refers to all the processes, technologies and practices that have been designed to protect networks, systems and data from damage, attacks and unauthorized access. 2.7.1 The CIA Triad The CIA is the most fundamental principle in Cybersecurity, which is Confidentiality, Integrity, and Availability. It provides the main goal for information security to protect organizations and individuals. Confidentiality is about ensuring access to data to only authorized parties. As is expected, the more sensitive the information is, the stricter the security measures should be. Password and Encryption are the main measures to keep information confidential. Integrity refers to protecting the data from being modified by unauthorized parties or accidentally by authorized parties. In other words, integrity is about keeping the data accurate, and complete. The main measures to maintain the integrity are Hashing and User Access Controls. Availability refers to making the data available to the authorized parties. The main measures to maintain the availability are Off-site backups and Disaster recovery. PYP002 60 Introduction to Digital Technologies Figure 2.13 The CIA Triad 2.7.2 Cybersecurity importance Today, people live in a connected world. Everyone needs advanced cyber defense programs to be protected from cyber-attacks. These attacks can lead to the loss of sensitive data, identity theft, and extortion attempts. Thus, all critical infrastructure starting from hospitals to financial companies must be protected to keep society functioning. 2.7.3 Fundamental concepts of security The three fundamental concepts of security are vulnerabilities, threats, and risk. These terms are frequently used together, but they do explain three separate components of cybersecurity. In short: Vulnerability is the weakness in the system (infrastructure, database, or software) or process. Threat is anything that could exploit a vulnerability, which leads to a negative effect on confidentiality, integrity, or availability of data, people, system, and more. Risk is the probability of a harmful event occurring and the potential consequence of that harm. In other words, the risk is the consequence X likelihood. To sum up, the vulnerability that is exploited by the potential threat can provide an estimate of the risk involved. Risk = threat x vulnerability PYP002 61 Introduction to Digital Technologies Example 1, Information Technology Company does not remove the terminated employee’s ID from the system. Identify the Vulnerability, Threat and Risk. Vulnerability: terminated employee’s ID not removed from the system. Threat: Dialing into the company’s network and accessing the company’s information. Risk: Unauthorized disclosure of sensitive business information. Example 2, Organization X does not provide proper maintenance of firefighting equipment. Identify the Vulnerability, Threat, and Risk. Vulnerability: Improper maintenance of firefighting equipment. Threat: fire. Risk: loss of life, data, and infrastructure. 2.8 Cyber Threats Cybersecurity professionals work hard to protect the Cyber world. However, attackers are always trying to find new techniques to escape IT notice and exploit the gaps. The most common threats include: 2.8.1 Phishing / social engineering Hackers can use social engineering techniques to trick people into revealing their personal information under false pretenses. Fake websites and email links can be used to trick people into filling out forms providing personal information. For example, consider the following figure. Figure 2.14 Example of phishing email A recent Google doc’s phishing attack also took place that invited users to view a shared google doc’s document and asked the users to login to their account and the ID and password was captured in this process. PYP002 62 Introduction to Digital Technologies Figure 2.15 Google Doc's Phishing Attack 2.8.2 Insider threats Former or current employees, contractors, business partners, or anyone who abuses their access to systems, can be considered as an insider threat. 2.8.3 Malware / Malicious Code Malware or malicious code is defined as any independent program, or a set of instructions attached to a program that is designed to sneakily enter a computer and disrupt or change its normal behavior. Malware can affect computers in different ways, for example, delete files, corrupt data, give remote access to hackers, display irritating messages and are able to lurk in a computer for days. 2.8.4 Blended Threats Sometimes a combination of different types of malwares to attack a certain destination can be utilized. These kinds of threats are called blended threats. For example, a hacker can get remote access to your computer system and plant a virus in your file system which the user can open later to infect his computer system. WannaCry Ransomware attack Several people around the world got infected with WannaCry ransomware computer worm targeting Microsoft Windows operating systems, which according to preliminary investigations was found to be a Wanna Decryptor. It encrypts the files of the infected device and then shows a message that you have to pay a certain amount of money in an electronic currency (Bitcoin). The attack affected the systems of a PYP002 63 Introduction to Digital Technologies number of sensitive institutions such as hospitals, government agencies, universities and telecommunications companies worldwide. Figure 2.16 WannaCry Attack 2.9 Types of malwares The most common types of malwares are: Viruses Trojan Horses Worm 2.9.1 Virus A computer virus is a set of instructions that are attached to an executable file and are designed to affect a computer in different ways. A computer virus can corrupt files, display irritating messages, and delete data. The following are some of the important properties of a computer virus. It is a set of instructions that are attached to an executable file, so it is not an independent program. The program that a virus attaches to is called a host and is said to be infected by virus. A computer virus requires user interaction. i.e. a user must run the virus infected file in order for a computer to be affected. Once executed on a computer, a computer virus is able to make copies of itself infecting other programs of the computer. PYP002 64 Introduction to Digital Technologies Shamoon Virus Shamoon Virus attacked the computers of a number of major organizations in Saudi Arabia in the year 2012 for cyber espionage. Once a computer gets infected, the virus compiles a list of files from a certain location on the computer, removes them from the hard drive and uploads them to the attacker. Once the files are uploaded, the virus overwrites the master boot record of the infected computer and renders it unbootable. 2.9.2 Trojan Horse A Trojan horse is a computer program that seems to perform one task while actually doing something else. Trojan horses are commonly found in pirated content on the Internet. Following are some of the properties of a Trojan horse. Trojan horse is a type of malicious software, which tricks the users by appearing as a legitimate program and thus deceiving the user to run the program. Trojan horse requires the user to interact and open the executable file. The executable file on front end performs a certain task (e.g. in case of pirated games or software’s it will run the required application) but in the background it maybe stealing passwords, use extra CPU and RAM than the required amount to do some data mining, delete files or giving remote hackers access to a computer. Unlike a virus, a Trojan horse does not make copies of itself. It spreads through email attachments or downloading programs from the Internet. Some practical examples of Trojan horses can be seen easily around the Internet. For example, a site that offers a free download to the pirated version of a software or game may be a Trojan horse. Social media may also be used to spread a Trojan horse. For example, fake social media posts about a legitimate program may lead a user to download and run a Trojan horse on a computer. 2.9.3 Worm A worm is a different type of malware since it does not require any user interaction. A worm spreads from one computer to others through the network. Worms are usually responsible for network attacks on different websites. Following are some of the properties of a computer worm: A worm spreads from one computer to another through the network. A requirement for a worm to spread to a computer is that the source and target computers must be connected to the same network (Local network or the Internet). PYP002 65 Introduction to Digital Technologies A worm does not require any user interaction and cannot make copies of itself. Unlike a virus, a worm is an independent program and does not attach to a host. There are different types of worms that are regularly used on the Internet to attack various websites. Some of these attacks are mentioned below: Denial of Service (DOS) Attack: In a DOS attack, the remote hacker starts sending millions of connection initiation requests to the server of a website. This results in the web service being completely utilized by the hacker and the service to the actual users is denied. This basic level of DOS attack is easy to prevent by blocking remote hackers IP address when the number of connection requests exceed a certain limit. Distributed Denial of Service (DDOS) Attack: In a DDOS attack, the remote hacker before attacking a certain web server, first finds a computer on the Internet whose security is compromised. The hackers get remote access to these devices and use them to attack the actual destination server. The website which is being attacked gets the millions of connection requests from computers that are distributed throughout the network. The original source of the DDOS attack is very difficult to identify on the server being attacked since the requests are distributed. 2.10 Cybersecurity in Saudi Arabia In addition to the Kingdom's increasing dependence on digital technology, rapid adoption of smart infrastructure, and the extensive Vision 2030 plan, cybersecurity is emerging as a top priority in Saudi Arabia. The Kingdom has made significant progress in creating a strong cybersecurity framework as it has realized how important it is to defend its digital assets, financial systems, and vital infrastructure against a growing number of cyberattacks. Figure 2.17 Saudi Arabia ranked second in Cybersecurity PYP002 66 Introduction to Digital Technologies 2.10.1 Key Developments in Saudi Arabia's Cybersecurity Landscape National Cybersecurity Authority (NCA): The NCA was founded in 2017 with the purpose of regulating and arranging national initiatives to improve cybersecurity. It oversees creating rules, regulations, and standards that safeguard the country's digital environment. The NCA is crucial for ensuring the security of networks in the public and commercial sectors, increasing awareness of cybersecurity issues, and developing the cybersecurity sector in the Kingdom. Vision 2030 and Cybersecurity: Digital transformation is emphasized as being vital for Saudi Arabia's Vision 2030 plan's achievement of its social and economic objectives. A secure digital economy has been emphasized as being significantly made possible by cybersecurity. Initiatives to enhance data protection, develop a cybersecurity culture in all industries, and boost cybersecurity capabilities are all part of the plan. Cybersecurity Initiatives and Collaborations: To further develop its cybersecurity infrastructure, the Kingdom has started a number of measures. This includes collaborating with international organizations, forming alliances with multinational cybersecurity companies, and creating cybersecurity centers. Saudi Arabia is making significant investments in education and training initiatives since it understands the value of human capital in cybersecurity. Specialized degrees and certificates in cybersecurity are offered by universities and other organizations. Organizations in Saudi Arabia's public and commercial sectors are placing more of an emphasis on developing a culture that values cybersecurity. To prepare employees and other stakeholders for potential risks, periodic training sessions, awareness campaigns, and simulated cyberattacks (penetration testing) are carried out. Challenges and Future Outlook: Although the advancements, Saudi Arabia remains to have a long way farther to go in terms of cybersecurity. These include the constantly changing threat landscape, the necessity of ongoing workforce development, and the integration of cutting-edge technology like artificial intelligence and the internet of things into cybersecurity strategies. In conclusion, as part of its broader digital transformation objectives under Vision 2030, Saudi Arabia has invested significantly in cybersecurity. By emphasizing workforce development, global collaboration, and legal frameworks, the Kingdom is establishing itself as a cybersecurity leader in the Middle East as well as internationally. PYP002 67 Introduction to Digital Technologies 2.11 Security Technologies 2.11.1 Antivirus Software Antivirus software are computer programs that are designed by different companies that are responsible for finding and removing various types of malwares from a computer. There are many antivirus software’s which are available these days e.g. McAfee Antivirus, Symantec Norton Antivirus, Bitdefender Antivirus, Kaspersky Antivirus, Avast Antivirus etc. 2.11.2 Firewall Software Firewall software is responsible for the security of network traffic going in and out of a computer. It is responsible for the following major tasks: Firewall software can analyze the flow of traffic going in and out of the network. Monthly or daily based reports can be generated based on the information that was requested by the users through the network. Firewall software can check if the incoming information was requested by a certain computer system inside the network and prevent any unauthorized access. Based on this information, the firewall can trigger intrusion attempt alarms and apply appropriate actions. The software can block requests from certain IP’s on the Internet that are known to be suspicious. Similarly, it can add IP addresses to these block lists based on the intrusion attempts. One of the most important aspect of Firewall software for network administrators is that it can limit the flow of data. This helps the network administrators to regulate and distribute the bandwidth equally among the users. E.g. Although the KFUPM network bandwidth is in Gbps but each user in the student housing gets around 8-10 Mbps because the bandwidth is controlled using the firewall software. It also gives the administrators control over the monthly upload and download quotas per subscriber, user / password-based authentication, and time-based network access. PYP002 68 Introduction to Digital Technologies Figure 2.18 Network Firewall 2.11.3 Data Encryption Encryption is the process of converting data into a different form called encrypted text which cannot be easily understood by any unauthorized person. It is commonly used in securing wireless networks and for data before it is sent on the network. Consider the diagram shown below. Figure 3. 1 Encryption If we want to send some information e.g. “PYP Computer Networks” from a source to a destination through the internet (using wired or wireless channel) we encrypt the data first. In encryption we replace the characters of the text “PYP Computer Networks” with different characters from the character set. For example, “P” is replaced with “S”, “Y” with “B”, and so on. This results in a text that is called encrypted text. PYP002 69 Introduction to Digital Technologies Figure 2.19 Generating Encrypted text The conversion is performed through an encryption key which is required to decrypt the data back to its original format at the receiver end. There are different types of encryption techniques depending on how strong the encryption key is and how the encryption key is shared between the source and destination. Data is the information which is to be secured. Key is the information used to secure / encrypt the data. Function is the process which is used to encrypt the key. Encrypted Text is the resulting encrypted information. 2.11.4 Symmetric Encryption In symmetric encryption, a single key is used for both encryption and decryption. The same key must be shared securely between the communicating parties. It's like having a shared secret between two individuals who want to exchange private messages. Ceaser cipher is a symmetric encryption technique in which we rotate the information in the left or right direction by a certain number of positions. The resulting encrypted text is called the cipher text. For example, the left rotation of two position will generate the following cipher text. Table 2-5 Ceaser Cipher (Left rotate by two positions) Plain A B C D E F G H I J K L MN O P Q R S T U VW X Y Z Cipher Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Consider another example with the following key and function. Data: “PYP Computer Networks” Key: Right rotation of three places (Add three characters) Function: Change each letter of the data to a new letter according to the key Encrypted/Cipher Text: “SBS Frpsxwhu Qhwzrunv” PYP002 70 Introduction to Digital Technologies As an alternative we can also get the original data given the key, function and the cypher text. Data: _____________ Key: Right rotation of three places (Add three characters) Function: Change each letter of the data to a new letter according to the key Encrypted/Cipher Text: “SBS Frpsxwhu Qhwzrunv” In this scenario, since the cipher text was generated by right rotating three characters to the original text, we shall left rotate three characters from the cipher text to get the original data which is “PYP Computer Networks”. 2.11.5 Asymmetric Encryption Asymmetric encryption involves a pair of keys: a public key and a private key. Every user has his public and private key pairs. The public key is shared openly, while the private key is kept confidential. Anyone who wants to send information to a person can use his public key to encrypt the message. The encrypted message can only be reversed using the private key of the receiver. Figure 2.20 Asymmetric Encryption RSA Encryption: RSA (Rivest–Shamir–Adleman) is a widely used asymmetric encryption algorithm. It uses prime numbers to create public and private keys for users during encryption and decryption. Key Generation: A user generates a public-private key pair using prime numbers. Public key is represented by (e,n) and private key as (d,n). Here e and d are prime numbers. The public key is shared openly, often through a key exchange mechanism. The private key is kept secure and known only to the key owner. PYP002 71 Introduction to Digital Technologies Encryption in RSA: If Ali wants to send a secure message to Omar, he will use Omar's public key to encrypt the message. The encrypted message can only be decrypted by Omar using his private key. The message is first converted into number format (m). The ciphertext is generated using the following equation: 𝑐𝑖𝑝ℎ𝑒𝑟𝑡𝑒𝑥𝑡 (𝑐) = 𝑚𝑒 𝑚𝑜𝑑 𝑛 Decryption in RSA: When Omar receives the encrypted message, he uses his private key to decrypt it and reveal the original content. Even if the encrypted message is intercepted during transmission, only Omar, with the corresponding private key, can decrypt it. The decryption is done using the following equation on the received coded message. 𝑚𝑒𝑠𝑠𝑎𝑔𝑒 (𝑚) = 𝑐𝑑 𝑚𝑜𝑑 𝑛 Consider the following example where Ali wants to send a confidential message to Omar using RSA encryption. Ali will need the public key of Omar to encrypt the message. Figure 2. 21 Omar’s Public and Private Key Message that Ali wants to send : Hi (convert to number e.g., 2) Omar’s Public Key: (5,14) Encryption: Convert message into number format e.g., Hi → 2 Calculate 25 𝑚𝑜𝑑 14 32 mod 14 4 Ciphertext / Encoded message 4 Decryption: Omar uses his private key to get the original message. Calculate 411 𝑚𝑜𝑑 14 4194304 mod 14 PYP002 72 Introduction to Digital Technologies 2 (Original message code) 2.11.6 Cryptographic Hash / Hashing: Hashing is a one-way process that generates a fixed length coded message that is unique to the input data. The process is irreversible i.e., the coded message cannot be used to generate the original data back (e.g., encryption is a two-way technique while hashing is one-way). The smallest change in the input data (even pressing space key) will completely change the hash value and generate a completely new hash. In the figure below, an input text “PYP002” is passed through SHA256 hashing algorithm. Figure 2.22 Hashing 2.12 Best Practices 2.12.1 Protection from Identity Theft Identity theft in computer networks occurs when someone obtains your personal information without your knowledge and uses this information to commit a crime or perform other tasks. Information can be stolen without your knowledge. For example, sending personal information on an unencrypted communication link or downloading pirated software that may contain a Trojan horse inside which give remote access to hacker who can get your personal information. To avoid identity thefts, make sure you are well informed and careful when providing information online. Some basic steps to follow are listed below but the best practice is still caution. Do not provide personal information on unencrypted websites. Destroy your information when accessing public computers. Use strong passwords for your accounts. PYP002 73 Introduction to Digital Technologies Use private browsing when accessing computers on a public network. Keep your passwords secret. Do not reveal e-mail address unless you want correspondence from a person. Do not reply to spamming emails. Be wary about sharing information about your family and friends. Use an alias for chat rooms; do not provide actual personal information. Be cautious about the photos you post online. Keep track of your privacy settings for social networking sites like Facebook, Instagram etc. Do not open email attachments without scanning them first. 2.12.2 Protection from Malware Keep your operating system and software up to date and backup data frequently. Update the antivirus software as frequently as you can. Scan any removable media that you attach to your computer system before opening its content, Set up weekly or daily computer scans for malware using antivirus software. PYP002 74