Unit 1 Introduction to Security Mechanism.pdf
Document Details
Uploaded by ImpeccableLearning
Tags
Full Transcript
NETWORK SECURITY & MANAGEMENT UNIT-1 INTRODUCTION TO SECURITY MECHANISMS 1.1 VARIOUS SECURITY TERMS 1.1.1 Introduction Computer data often travels from one computer to an...
NETWORK SECURITY & MANAGEMENT UNIT-1 INTRODUCTION TO SECURITY MECHANISMS 1.1 VARIOUS SECURITY TERMS 1.1.1 Introduction Computer data often travels from one computer to another, leaving the safety of its protected physical surroundings. Once the data is out of hand, people with bad intentions could modify or forge your data, either for amusement or for their benefit. In many cases information is sensitive so we need to take care that only authorized parties can get that data. For its maintenance, we require some mechanism or physical device which ensures that it is safe. Such a mechanism is known as a Security System. Computer Security: The generic name for the collection of tools designed to protect data and prevent hackers is Computer Security. Network Security: Network Security refers to the measures taken by any enterprise or organization to secure its computer network and data using both hardware and software systems. Network security measures are needed to protect data during their transmission. Internet Security: Internet security refers to security designed to protect systems and the activities of employees and other users while connected to the internet, web browsers, web apps, websites and networks. Internet security solutions protect users and corporate assets from cybersecurity attacks and threats. Threat: A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. Attack: An attack is an information security threat that involves an attempt to obtain, alter, destroy, remove, implant or reveal information without authorized access or permission. Hacker: A hacker is a person who makes use of a computer system to gain unauthorized access to another system for data or who makes another system unavailable. 1.1.2 Virus A virus is a type of code that enters the system along with any file or program and carries out malfunctions in the system. The virus-affected program will be a replica of the existing program. They enter the system through any file and when the file runs, parallelly the virus also runs in the background. There are many ways in which the virus gets into the system. Some of them are through mail attachments, by clicking inappropriate advertisements and by downloading any software or files from unauthorized websites. The main objective of viruses is to spread them along different hosts. They steal the personal data and other credentials of the system. Various types of viruses are explained as follows: NETWORK SECURITY & MANAGEMENT 1) Parasitic Virus: The traditional and still most common form of virus. A parasitic virus attaches itself to executable files and replicates, when the infected program is executed, by finding other executable files to infect. 2) Memory-Resident Virus: Lodges in main memory as part of a resident system program. From that point on, the virus infects every program that executes. 3) Boot Sector Virus: Infects a master boot record or boot record and spreads when a system is booted from the disk containing the virus. 4) Stealth Virus: A form of virus explicitly designed to hide itself from detection by antivirus software. 5) Polymorphic Virus: A virus that mutates with every infection, making detection by the "signature" of the virus impossible. 6) Metamorphic Virus: As with a polymorphic virus, a metamorphic virus mutates with every infection. The difference is that a metamorphic virus rewrites itself completely at each iteration, increasing the difficulty of detection. Metamorphic viruses may change their behavior as well as their appearance. How can a computer be protected from viruses? Install an anti-malware program to stop software from installing without your knowledge. Never download and install software from the Internet unless you are certain it is from a trusted source. Do not open email attachments unless you have scanned them first, even a picture can carry a virus. Do not trust cracked or hacked software as they often contain malware or Trojans. The most suitable way of making your computer virus-free is by installing an Anti-virus software. Such software helps in removing viruses from the device. It should be kept up to date and should regularly run scans. It can be installed on a computer via two means: Online download, Buying an Anti-virus software, and installing it. 1.1.3 Antivirus An anti-virus is software that comprises programs or sets of programs that can detect and remove all harmful and malicious software from your device. This anti-virus software is designed in a manner that they can search through the files in a computer and determine the files that are heavy or mildly infected by a virus. Most antivirus programs nowadays include more than just a virus scanner — they also come with features that add additional protection, like a network firewall, phishing protection, a virtual private network (VPN), a password manager, parental controls, as well as dedicated protections for mobile devices. Following are some of the most commonly used anti-virus software: 1) Norton 2) Bitdefender 3) TotalAV NETWORK SECURITY & MANAGEMENT 4) McAfee 5) Intego 6) Malwarebytes 7) Norton 360 8) Surfshark 9) Avira 10) Trend Micro 1.1.4 Intruder An intruder (also called a hacker) is an individual who performs security attacks on another's domain in a networked computing environment. The intruder may attempt to read privileged data (like password cracking), perform unauthorized modification of data or disrupt normal functioning of data. There are three types of intruders: 1) Masquerader: An individual who is not authorized to use the computer and who penetrates a system's access controls to exploit a legitimate user's account. The masquerader is likely to be an outsider 2) Misfeasor: A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges. Misfeasor is an insider. 3) Clandestine User: An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection. Clandestine users can be either insiders or outsiders. 1.2 SECURITY BASICS 1.2.1 Pillars of Information Security It is necessary to protect information from being stolen, compromised or attacked. The CIA triad is one of the most important models that is designed to guide policies for information security within an organization. CIA stands for Confidentiality, Integrity and Availability. These are considered as three pillars of Information Security. 1) Confidentiality: Confidentiality means that only authorized individuals/systems can view sensitive or classified information. The data being sent over the network should not be accessed by unauthorized individuals. The attacker may try to capture the data using different tools available on the Internet and gain access to your information. For Example: User A sends a message to User B. Another User C gets access to this message which is not desired and therefore defeats the purpose of confidentiality. This type of attack is called Interception and we can say that confidentiality of the message is lost. NETWORK SECURITY & MANAGEMENT (Figure: Loss of Confidentiality) To fight against confidentiality breaches, you can classify and label restricted data, enable access control policies, encrypt data, and use multi-factor authentication (MFA) systems. It is also advisable to ensure that all in the organization have the training and knowledge they need to recognize the dangers and avoid them. 2) Integrity: Integrity makes sure that data has not been modified. For Example, User A wants to send a message to User B. User C somehow manages to access the data of User A changes its contents and sends a changed message to User B. Users A and B have no idea that the contents of the message were changed. This type of attack is called Modification and we can say that the integrity of the message is lost. (Figure: Loss of Integrity) To protect the integrity of your data, you can use hashing, encryption, digital certificates, or digital signatures. For websites, you can employ trustworthy certificate authorities (CAs) that verify the authenticity of your website so visitors know they are getting the site they intended to visit. 3) Availability: Availability means that the network should be readily available to its users. This applies to systems and data. To ensure availability, the network administrator should maintain hardware, make regular upgrades, have a plan for fail-over and prevent bottlenecks in a network. NETWORK SECURITY & MANAGEMENT For Example: Due to the intentional actions of unauthorized User C, an authorized User A may not be able to contact server computer B. This type of attack is called Interruption. Thus, proper measures should be taken to prevent such attacks. (Figure: Loss of Availability) To ensure availability, organizations can use redundant networks, servers and applications. These can be programmed to become available when the primary system has been disrupted or broken. You can also enhance availability by staying on top of upgrades to software packages and security systems. Backups and full disaster recovery plans also help a company regain availability soon after a negative event. 1.2.2 The OSI Security Architecture The OSI (Open Systems Interconnection) security architecture provides a systematic framework for defining security attacks, security mechanisms and security services. As this architecture was developed as an international standard, various vendors have developed security features for their products and services that relate to this structured definition of services and mechanisms. Security Attacks: Any action that compromises the security of information owned by an organization. Security Mechanisms: A process (or a device incorporating such a process) that is designed to detect, prevent or recover from a security attack. Security Services: A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service. Security Attacks: Security Attacks are of two types: 1) Passive Attack 2) Active Attack Passive Attack: In a passive attack, the attacker attempts to learn or make use of information from the system but does not affect system resources. The goal of the opponent/attacker is to obtain information that is transmitted. Passive attacks are of two types: NETWORK SECURITY & MANAGEMENT a) Release of message contents b) Traffic analysis a) Release of Message Contents: A telephone conversation, an electronic mail message and a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions. b) Traffic Analysis: Suppose that we had a way of masking the contents of messages or other information traffic so that opponents, even if they captured the message, could not extract the information from the message. The common technique for masking contents is encryption. If we had encryption protection in place, an opponent might still be able to observe the pattern of these messages. The opponent could determine the location and identity of communicating hosts and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place. NETWORK SECURITY & MANAGEMENT Passive attacks are very difficult to detect because they do not involve any alteration of the data. Typically, the message traffic is sent and received in a normal fashion and neither the sender nor receiver is aware that a third party has read the messages or observed the traffic pattern. However, it is feasible to prevent the success of these attacks, usually using encryption. Thus, the emphasis in dealing with passive attacks is on prevention rather than detection. Active Attack: Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: a) Masquerade b) Replay c) Modification of Messages d) Denial of Service a) Masquerade: A masquerade takes place when one entity pretends to be a different entity. b) Replay: Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. NETWORK SECURITY & MANAGEMENT c) Modification of Message: Modification of messages simply means that some portion of a legitimate message is altered or that messages are delayed or reordered, to produce an unauthorized effect. For example, a message meaning "Allow John Smith to read confidential file accounts" is modified to mean "Allow Fred Brown to read confidential file accounts." d) Denial of Service: The denial of service prevents or inhibits the normal use or management of communications facilities. This attack may have a specific target. For example, an entity may suppress all messages directed to a particular destination (e.g., the security audit service). Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages to degrade performance. It is quite difficult to prevent active attacks because of the wide variety of potential physical, software and network vulnerabilities. Instead, the goal is to detect active attacks and to recover from any disruption or delays caused by them. NETWORK SECURITY & MANAGEMENT Active Attack Passive Attack In an active attack, modification in information In a passive attack, modification in the information takes place. does not take place. Active Attack is a danger to integrity as well Passive Attack is a danger to confidentiality. as availability. In an active attack, attention is on prevention. In a passive attack, attention is on detection. Due to active attacks, the execution system is Due to passive attack, there is no harm to the always damaged. system. In an active attack, the victim gets informed about In a passive attack, the victim does not get informed the attack. about the attack. Active attacks are tough to restrict from entering A passive attack is easy to prohibit in comparison to systems or networks. an active attack. The prevention possibility of active attack is high. The prevention possibility of passive attack is low. The duration of an active attack is short. The duration of a passive attack is long. The purpose of an active attack is to harm the The purpose of a passive attack is to learn the system. system. Security Services: Various security services are explained as follows: 1) Confidentiality: It ensures the protection of data from unauthorized disclosure. 2) Authentication: It is the assurance that the communicating entity is the one that it claims to be. 3) Integrity: It is the assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion or replay). 4) Non-repudiation: It protects against denial by one of the entities involved in a communication of having participated in all or part of the communication. 5) Access Control: The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur and what those accessing the resource are allowed to do). 6) Availability: It states that resources/information should be available to authorized parties at all times. Security Mechanisms: Security Mechanisms are classified into two types: 1) Specific Security Mechanism 2) Pervasive Security Mechanism NETWORK SECURITY & MANAGEMENT Specific Security Mechanism Specific Security Mechanisms may be incorporated into the appropriate protocol layer to provide some of the OSI security services. a) Encipherment: The use of mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys. b) Digital Signature: A digital signature is an authentication mechanism that enables the creator of a message to attach a code that acts as a signature. c) Access Control: A variety of mechanisms that enforce access rights to resources. d) Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of data units. e) Authentication Exchange: A mechanism intended to ensure the identity of an entity by means of information exchange. f) Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. g) Routing Control: Enables selection of particular physically secure routes for certain data and allows routing changes, especially when a breach of security is suspected. h) Notarization: The use of a trusted third party to assure certain properties of a data exchange. Pervasive Security Mechanism Pervasive Security Mechanisms are not specific to any particular OSI security service or protocol layer. a) Trusted Functionality: That which is perceived to be correct with respect to some criteria (e.g., as established by a security policy). b) Security Label: The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. c) Event Detection: Detection of security-relevant events. d) Security Audit Trail: Data collected and potentially used to facilitate a security audit, which is an independent review and examination of system records and activities. e) Security Recovery: Deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions. 1.3 TYPES OF COMPUTER AND NETWORK ATTACKS 1) Eavesdropping Eavesdropping attacks involve the bad actor intercepting traffic as it is sent through the network. In this way, an attacker can collect usernames, passwords, and other confidential information like credit cards. Eavesdropping can be active or passive. With active eavesdropping, the hacker inserts a piece of software within the network traffic path to collect information that the hacker analyses for useful data. Passive eavesdropping attacks are different in that the hacker “listens in,” or eavesdrops, on the transmissions, looking NETWORK SECURITY & MANAGEMENT for useful data they can steal. Both active and passive eavesdropping are types of MITM attacks. One of the best ways of preventing them is by encrypting your data, which prevents it from being used by a hacker, regardless of whether they use active or passive eavesdropping. 2) Distributed Denial of Service A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination. DDoS attacks can be segregated by which layer of the Open Systems Interconnection (OSI) model they attack. They are most common in the Network (layer 3), Transport (Layer 4), Presentation (Layer 6) and Application (Layer 7) Layers. DDoS attacks are carried out with networks of Internet-connected machines. These networks consist of computers and other devices (such as IoT devices) that have been infected with malware, allowing them to be controlled remotely by an attacker. These individual devices are referred to as bots (or zombies), and a group of bots is called a botnet. Once a botnet has been established, the attacker is able to direct an attack by sending remote instructions to each bot. When a victim’s server or network is targeted by the botnet, each bot sends requests to the target’s IP address, potentially causing the server or network to become overwhelmed, resulting in a denial of service to normal traffic. Because each bot is a legitimate Internet device, separating the attack traffic from normal traffic can be difficult. 3) Malware Malware is a general term for malicious software. Malware infects a computer and changes how it functions, destroys data, or spies on the user or network traffic as it passes through. Malware can either spread from one device to another or remain in place, only impacting its host device. NETWORK SECURITY & MANAGEMENT Several of the attack methods can involve forms of malware, including MITM attacks, Phishing, Ransomware, SQL injection, Trojan horses, Drive-by attacks, and XSS attacks. In a malware attack, the software has to be installed on the target device. This requires an action on the part of the user. Therefore, in addition to using firewalls that can detect malware, users should be educated regarding which types of software to avoid, the kinds of links they should verify before clicking, and the emails and attachments they should not engage with. 4) Man-in-the-Middle Attack Man-in-the-middle (MITM) type of cyber-attack refers to breaches in cybersecurity that make it possible for an attacker to eavesdrop on the data sent back and forth between two people, networks, or computers. It is called a “man in the middle” attack because the attacker positions themselves in the “middle” or between the two parties trying to communicate. In effect, the attacker is spying on the interaction between the two parties. In an MITM attack, the two parties involved feel like they are communicating as they normally do. What they do not know is that the person sending the message illicitly modifies or accesses the message before it reaches its destination. Some ways to protect yourself and your organization from MITM attacks are by using strong encryption on access points or by using a virtual private network (VPN). For example, the attacker can re-route a data exchange. When computers are communicating at low levels of the network layer, the computers might not be able to determine with whom they are exchanging data. If an attacker puts himself between a client and a webpage, a Man-in-the-Middle (MITM) attack occurs. This form of assault comes in many different ways. For example: To intercept financial login credentials, a fraudulent banking website can be used. Between the user and the real bank webpage, the fake site lies "in the middle." Typically, these attacks are carried out through a two-step process known as data interception and decryption. Data interception consists of an attacker intercepting a data transfer between a client and a server. The attacker tricks the client and the server into believing that they are exchanging information with each other, while the attacker intercepts the data, creates a connection to the real site, and acts as a proxy to read and insert false information into the communication. The decryption phase is where the intercepted data is unencrypted. This essential step enables the attacker to finally decipher and use the data to their advantage NETWORK SECURITY & MANAGEMENT 5) Phishing Phishing attacks are fraudulent emails, text messages, phone calls, or websites that seem to be coming from trusted, legitimate sources in an attempt to grab sensitive information from the target. Phishing attacks are designed to trick users into actions like the following Downloading malware. Sharing sensitive information or personal data (for example, Social Security and credit card numbers, bank account numbers, login credentials). Other actions that expose themselves or their organizations to cybercrime. Successful phishing attacks often lead to identity theft, credit card fraud, ransomware attacks, data breaches and huge financial losses for individuals and corporations. To execute the attack, the attacker may send a link that brings you to a website that then fools you into downloading malware such as viruses or giving the attacker your private information. In many cases, the target may not realize they have been compromised, which allows the attacker to go after others in the same organization without anyone suspecting malicious activity. You can prevent phishing attacks from achieving their objectives by thinking carefully about the kinds of emails you open and the links you click on. Pay close attention to email headers, and do not click on anything that looks suspicious. Check the parameters for “Reply-to” and “Return-path.” They need to connect to the same domain presented in the email. 6) SQL Injection: SQL injection is a technique used to extract user data by injecting web page inputs as statements through SQL commands. Malicious users can use these instructions to manipulate the application’s web server. SQL NETWORK SECURITY & MANAGEMENT injection is a code injection technique that can compromise your database. SQL injection is one of the most common web hacking techniques. SQL injection is the injection of malicious code into SQL statements via web page input. An SQL injection attack can be done with the following intentions: To dump the whole database of a system, To modify the content of the databases, or To perform different queries that are not allowed by the application. This type of attack works when the applications don’t validate the inputs properly, before passing them to an SQL statement. Injections are normally placed in address bars, search fields, or data fields. The easiest way to detect if a web application is vulnerable to an SQL injection attack is to use the " ‘ " character in a string and see if you get any error. 7) Session Hijacking Session hijacking is one of multiple types of MITM attacks. The attacker takes over a session between a client and the server. The computer being used in the attack substitutes its Internet Protocol (IP) address for that of the client computer, and the server continues the session without suspecting it is communicating with the attacker instead of the client. This kind of attack is effective because the server uses the client's IP address to verify its identity. If the attacker's IP address is inserted partway through the session, the server may not suspect a breach because it is already engaged in a trusted connection. NETWORK SECURITY & MANAGEMENT To prevent session hijacking, use a VPN to access business-critical servers. This way, all communication is encrypted and an attacker cannot gain access to the secure tunnel created by the VPN. 8) Insider Threat Sometimes, the most dangerous actors come from within an organization. People within a company’s doors pose a special danger because they typically have access to a variety of systems and in some cases, admin privileges that enable them to make critical changes to the system or its security policies. In addition, people within the organization often have an in-depth understanding of its cybersecurity architecture, as well as how the business reacts to threats. This knowledge can be used to gain access to restricted areas, make changes to security settings, or deduce the best possible time to conduct an attack. One of the best ways to prevent insider threats in organizations is to limit employees' access to sensitive systems to only those who need them to perform their duties. Also, for the select few who need access, use MFA, which will require them to use at least one thing they know in conjunction with a physical item they have to gain access to a sensitive system. 9) Ransomware With Ransomware, the victim’s system is held hostage until they agree to pay a ransom to the attacker. After the payment has been sent, the attacker then provides instructions regarding how the target can regain control of their computer. The name "ransomware” is appropriate because the malware demands a ransom from the victim. In a ransomware attack, the target downloads ransomware, either from a website or from within an email attachment. The malware is written to exploit vulnerabilities that have not been addressed by either the system’s manufacturer or the IT team. The ransomware then encrypts the target's workstation. At times, ransomware can be used to attack multiple parties by denying access to either several computers or a central server essential to business operations. NETWORK SECURITY & MANAGEMENT Affecting multiple computers is often accomplished by not initiating systems captivation until days or even weeks after the malware's initial penetration. The malware can send AUTORUN files that go from one system to another via the internal network or Universal Serial Bus (USB) drives that connect to multiple computers. Then, when the attacker initiates the encryption, it works on all the infected systems simultaneously. 10) DNS Spoofing DNS Spoofing is a type of computer attack wherein a user is forced to navigate to a fake website disguised to look like a real one, to divert traffic or steal the credentials of the users. Spoofing attacks can go on for a long period without being detected and can cause serious security issues. In a DNS spoofing attack, the attacker takes advantage of the fact that the user thinks the site they are visiting is legitimate. This gives the attacker the ability to commit crimes in the name of an innocent company, at least from the perspective of the visitor. Domain Name Server (DNS) resolves the alphabetical domain names like www.example.com into respective IP addresses that are used for locating and communicating between nodes on the Internet. DNS spoofing is done by replacing the IP addresses stored in the DNS server with the ones under the control of the attacker. Once it is done, whenever users try to go to a particular website, they get directed to the false websites placed by the attacker in the spoofed DNS server. To prevent DNS spoofing, make sure your DNS servers are kept up-to-date. Attackers aim to exploit vulnerabilities in DNS servers, and the most recent software versions often contain fixes that close known vulnerabilities. NETWORK SECURITY & MANAGEMENT 1.4 TYPES OF CRYPTOGRAPHY 1.4.1 Introduction to Cryptography Cryptography is a technique of securing information and communications through the use of codes so that only those people for whom the information is intended can understand and process it. Thus, preventing unauthorized access to information. The prefix “crypt” means “hidden” and the suffix “graphy” means “writing”. In Cryptography, the techniques that are used to protect information are obtained from mathematical concepts and a set of rule-based calculations known as algorithms to convert messages in ways that make it hard to decode them. These algorithms are used for cryptographic key generation, digital signing and verification to protect data privacy, web browsing on the internet and to protect confidential transactions such as credit card and debit card transactions. Cryptographic systems are characterized along three independent dimensions: 1) The type of operations used for transforming plaintext to ciphertext (Substitution and Transposition). 2) The number of keys used (Symmetric Key and Asymmetric Key). 3) The way in which the plaintext is processed (Block Cipher and Stream Cipher). Features of Cryptography: 1) Confidentiality 2) Integrity 3) Non-repudiation 4) Authentication 1.4.2 Symmetric Cipher Model NETWORK SECURITY & MANAGEMENT A symmetric cipher scheme consists of 5 main components: 1) Plain Text: The original message, before being transformed, is called plaintext. 2) Encryption Algorithm: The process of transforming the plaintext into ciphertext is known as enciphering or encryption. It takes plain text and key value as input to produce cipher text. The encryption algorithm performs various substitutions and transformations on the plaintext. 3) Secret Key: The secret key is also input to the encryption algorithm. The key is a value independent of the plaintext and the algorithm. The algorithm will produce a different output depending on the specific key being used at the time. The exact substitutions and transformations performed by the algorithm depend on the key. 4) Cipher Text: The original message after being transformed into a non-readable message is called ciphertext. This is the scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different ciphertexts. 5) Decryption Algorithm: The process of transforming the cipher text back into plain text is known as deciphering or decryption. It takes cipher text and key value as input to produce plain text back. 1.4.3 Cryptanalysis Typically, the objective of attacking an encryption system is to recover the key in use rather than simply to recover the plaintext of a single ciphertext. There are two general approaches to attacking a conventional encryption scheme: 1) Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some sample plaintext ciphertext pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used. 2) Brute-force attack: The attacker tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. On average, half of all possible keys must be tried to achieve success. 1.4.4 Types of Cryptography There are three types of Cryptography: 1) Symmetric Key Cryptography 2) Asymmetric Key Cryptography 3) Hash Function Symmetric Key Cryptography: Symmetric key cryptography is also known as secret-key cryptography, and in this type of cryptography, you can use only a single key. The sender and the receiver can use that single key to encrypt and decrypt a message. Because there is only one key for encryption and decryption, the symmetric key system has one major NETWORK SECURITY & MANAGEMENT disadvantage: the two parties must exchange the key securely. The most popular symmetric key cryptography systems are Data Encryption System (DES), Advanced Encryption System (AES), Blowfish. Asymmetric Key Cryptography: Asymmetric key cryptography is also known as public key cryptography and it employs the use of two keys. This cryptography differs from and is more secure than symmetric key cryptography. In this system, each user encrypts and decrypts using two keys or a pair of keys (private key and public key). Each user keeps the private key secret and the public key is distributed across the network so that anyone can use those public keys to send a message to any other user. You can use any of those keys to encrypt the message and can use the remaining key for decryption. The most popular symmetric key cryptography system is DSA and RSA. Hash Function: It is a type of cryptography in which an algorithm followed by a hash function takes an arbitrary length of the message as input and returns a fixed length of the output. It is also referred to as a mathematical equation because it uses numerical values as input to generate the hash message. This method does not require a key because it operates in a one-way scenario. Each round of hashing operations considers input as an array of the most recent block and generates the last round of activity as output. Commonly used hash algorithms include: Message Digest 5 (MD5), SHA (Secure Hash Algorithm) NETWORK SECURITY & MANAGEMENT