IT1914

Typical Domains of IT Infrastructure

User, LAN, and WAN Domain
In the context of networking, domain refers to any group of users, workstations, devices, printers, computers, and
database servers that share different types of data via network resources. There are also many types of subdomains.

A domain has a domain controller that governs all basic domain functions and manages network security. Thus, a domain
is used to manage all user functions, including username, password, and shared system resource authentication and
access. It is also used to assign specific resource privileges, such as user accounts.

In a simple network domain, many computers and workgroups are directly connected. A domain comprises combined
systems, servers, and workgroups. Multiple server types may exist in one (1) domain such as Web, database, and print
that depend on network requirement.

DOMAIN
User Domain – This covers all the users that
have access to the other domains.
Workstation Domain – It is a computer of an
individual user where the production takes
place.
LAN Domain – This contains all of the
workstation, hubs, switches, and routers. This is
also a trusted zone.
WAN Domain – It consists of the Internet and
semi-private lines.
LAN/WAN Domain – It is the boundary
between the trusted and untrusted zones. The
zones are filtered with a firewall.
System/Application Storage Domain – This
domain is made up of user-accessed servers
such as e-mail and database.
Remote Access Domain – This is the domain in
which a mobile user can access the local
network usually through a VPN.
Table 1. The typical domains of IT Infrastructure.
RISKS
• User can destroy data in the application (intentionally or
not) and delete all.
• User can use the password to delete his/her file.
• User can insert infected CD or flash drive into the computer.
• The workstation’s operating system can have a known
software vulnerability that allows a hacker to connect
remotely and steal data.
• A workstation’s browser can have a software vulnerability,
which allows unsigned scripts to install malicious software
silently.
• A workstation’s hard drive can fail to cause loss of data.
• A work can spread through the LAN and infect all computers
in it.
• LAN server OS can have a known software vulnerability.
• An unauthorized user can access the organization’s
workstations in a LAN.
• The service provider can have a major network outage.
• Server can receive a Denial of Service (DOS) or Distributed
Denial of Service (DDOS) attack.
• A file transfer protocol (FTP) can allow anonymously
uploaded illegal software.
• A hacker can penetrate an IT infrastructure and gain access
to the internal network.
• A firewall with unnecessary ports open can allow access
from the Internet.
• A fire can destroy primary data.
• A DOS attack can cripple the organization’s e-mail.
• A database server can be attacked by SQL injection,
corrupting the data.
• Communication circuit outage can deny connection.
• Remote communication from the office can be unsecured.

03 Handout 1 *Property of STI

 student.feedback@sti.edu Page 1 of 6
 IT1914

Local Users and Domain Users in Windows

In Windows, a local user is one whose username and encrypted password are stored in the computer itself. When logging
in as a local user, the computer checks its own passwords file to see if the user is allowed to log into the computer. The
computer itself then applies all the permissions and restrictions that are assigned to the user for that computer.
Domain users are those whose username and password are stored on a domain controller rather than the computer and
the user is logging into. When logging in as a domain user, the computer asks the domain controller with privileges are
assigned to the user.
Domain users evolved in response to the challenges administrators face when managing large numbers of computers,
peripherals, services, and users.

LAN Domain
The Local Area Network (LAN) domain is defined as a sub-network that is made up of servers and clients—each of which
is controlled by a centralized database. User approval is obtained through a central server or a domain controller. The
term “domain” can refer to descriptors for Internet sites, which is a site’s Web address, or to LAN subnetworks.

WAN Domain
The Wide Area Network (WAN) is a communications network that spans a large geographic area such as cities, states, or
countries. It can be private to connect parts of a business, or it can be more public to connect smaller networks.

Remote Access Domain

Remote access domain enables remote users to access files and other system resources on any devices or servers that
are connected to the network at any time, increasing employee productivity and enabling them to better collaborate
with colleagues around the world. A remote access strategy also gives organizations the flexibility to hire the best talent
regardless of location, remove silos, and promote collaboration between teams, offices, and locations. Technical support
professionals also use remote access to connect to users’ computers from remote locations to help them resolve issues
with their systems or software.

One common method of providing remote access is via a remote access virtual private network (VPN) connection. A VPN
creates a safe and encrypted connection over a less secure network, such as the Internet. The VPN technology was
developed as a way to enable remote users and branch offices to log into corporate applications and other resources
securely.

METHOD PROS CONS

IP security VPN (IPsec VPN) is a
common remote access
technology in use today is the
IPsec VPN. A piece of software
called “VPN client” is installed in
the end user’s computer and is
configured with details about the
target network, such as the
gateway IP address and a pre-
shared security key.
• When a firewall is purchased, • A software client needs to be
it typically includes plenty of installed and configured on a
licenses for IPsec VPN user’s computer before the
connections. connection can be established.
This can create difficulties for
• There is low processing
the user and IT personnel if a
overhead for the firewall and
worker needs the client
many IPsec VPN connections
installed and configured when
can be active at the same
they are not in the office.
time.
• It is an established
technology that many people
are familiar with.

03 Handout 1 *Property of STI

 student.feedback@sti.edu Page 2 of 6
 IT1914

METHOD PROS CONS

Secure Socket Layer VPN (SSL
VPN) is a common encryption
technology that is widely used to
provide secure communication on
the Internet. When setting up an
SSL VPN, the network
administrator publishes the VPN
client to the firewall, providing it
for download via the firewall’s
public connection.
Microsoft DirectAccess is a
relatively new player to the
remote access arena that was not
developed by a firewall
manufacturer, but rather by
Microsoft. DirectAccess creates
an “always on” secure connection
at the operating system level.
Users do not need to install any
software or launch any programs.
Table 2. Three (3) types of remote access methods and their pros and cons.
• End users can install the VPN
client from a public portal.
• The IT department does not
need to touch each machine
that needs remote access.
• Network administrators can
set up granular security
policies for specific resources
on a corporate network even
down to a single Web-based
application.
• Software clients are available
for mobile devices, such as
iPhones and iPads. This
allows workers to view items
like a corporate intranet
without powering up their
laptop.
• It is a seamless technology
that could change the way
users work remotely.
• There is more configuration
required on the firewall when
setting up the client network
to be published.
• It requires more processing
overhead for the firewall
compared to IPsec VPN. Some
firewalls may not be able to
handle as many SSL VPN client
connections as IPsec VPN
licenses. Thus, SSL VPN
licenses are usually sold as an
add-on to the hardware.
• Elaborate changes are
required on the corporate
network.
• This was designed with IPv6 as
the primary addressing
scheme and IPv4 secondarily.
• Additional pieces of software
are required on the LAN so
that remote users can access
IPv4 addresses.

System/Application Domain
System/Application Domain
This consists of all of a business’ mission-critical systems, applications, and data. It is important to ensure that this domain
is secure at all times. Otherwise, a business could easily lose large amounts of sensitive information as well as face the
threat of having productivity come to a halt. The common targeted systems and applications are operating systems
(desktop, server, and network), e-mail applications and servers, enterprise resource planning (ERP) applications and
systems, and Web browsers. System/Application attacks are generalized into three (3) categories: denial or destruction,
alteration, and disclosure.

Unauthorized Physical Access

This can be defined as “gaining access to a physical entity or area without permission from an administrative figure.” It is
considered a threat because if an individual with malicious intentions were to attain unauthorized physical access to an
area containing sensitive systems, people could steal, alter, or destroy the systems and the data found on those systems.
This threat is especially dangerous when the targets are sensitive areas such as computer rooms, data centers, or wiring

03 Handout 1 *Property of STI

 student.feedback@sti.edu Page 3 of 6
 IT1914

closets because they contain a vast amount of sensitive information. However, it is also important to keep in mind that
physical entities such as important documents can be targets to this threat.

Unauthorized Logical Access

This is nearly identical to unauthorized physical access, except it is not limited to tangible data. It can be considered even
more dangerous than unauthorized physical access because it can be carried out by a staff member as well as an
experienced attacker. An attacker who gains access to a business’ system could destroy, alter, and disclose any
information that they find. This could result in a denial of service (DOS) attack on an important system required for the
business to continue running.

Software Vulnerabilities
This is a flaw that exists in the programming of a software component or system that allows a malicious attacker to gain
unauthorized access to that system through an exploit. These vulnerabilities can be exploited through malicious software
known as “malware” that is accidentally executed on the system by a user or more directly exploited by an attacker.
Weaknesses in software that lead to vulnerabilities can occur in any software that is running on a system, including the
operating system itself. Many common applications, such as Adobe Flash or Internet Explorer, may contain software
vulnerabilities. Even custom built in-house software is not immune to software vulnerabilities.

Server Vulnerabilities
Server software vulnerabilities are similar to software vulnerabilities on non-server systems with the exception that
software vulnerabilities that can exist on servers have the potential to be even more damaging. This can exist in the
software that the server uses to provide services (FTP, SSH, and PHP) or in the operating system of the server itself.

Data Loss
Data includes any information stored digitally on a computing system or network. It can be in the form of an e-mail, a
document or spreadsheet, images, database records, or other formats.

Data loss occurs when any stored data is destroyed. Loss can occur during storage, transmission, or processing. These
losses are considered the greatest risk to the system/application domain because the goal of these systems is to allow
users to create, store, retrieved, and manipulate data.

The most common preventative measure is to perform backups of all data. Complete system images are stored in case a
computer needs to be formatted and brought back to a known good state. Daily backups to an off-site or physically
separated storage medium will allow nearly full data recovery in the event of data loss.

Reducing Risk
In summary, the following suggestions should be taken into consideration to reduce risks associated with the
system/application domain:
• Physically secure areas containing sensitive systems.
• Implement encryption and data handling standards.
• Minimize data access.
• Back up data.
• Be aware of all applications on the network.
• Plan, configure, maintain, and improve network servers.
• Develop and implement standards.
• Read and understand the provided Acceptable Use Policy.
• Report suspected IT policy violations to the supervisor.

03 Handout 1 *Property of STI

 student.feedback@sti.edu Page 4 of 6
 IT1914

Ethics and the Internet

Cyber ethics refers to the code of responsible behavior on the Internet. The basic rule is “Do not do something in
cyberspace that you would consider wrong or illegal in everyday life.”
Considerations when determining responsible behavior
• Do not use rude or offensive language.
• Do not cyberbully.
• Do not plagiarize.
• Do not break into someone else’s computer.
• Do not use someone else’s password.
• Do not attempt to infect or in any way try to make someone else’s computer unusable.
• Adhere to copyright restrictions when downloading material from the Internet, including software, games,
movies, or music.

The Ethics Manifesto by Gerd Leonhard offers a framework for what he calls a global “ethics in technology” manifesto.
He says it is important, in creating this model, to focus on human rights in an era when machines will be taking on more
human-like characteristics.
Leonhard’s proposed manifesto focuses on five (5) specific human rights that he believes could be endangered if people
don’t have an ethical framework to guide them.

Specific Human Rights Description

The right to remain natural
The right to be inefficient if and
where it defines our basic
humanities
The right to disconnect
The right to be anonymous
The right to employ or involve
people instead of machines
We can be employed, use public services, buy things, and function in society
without a requirement to deploy the technology on or inside our bodies.
We must be able to choose to be slower than technology and not make
efficiency more important than humanity.
We must retain the right to switch off connectivity, go dark on the network,
and pause communication, tracking, and monitoring.
We must retain the option of not being identified and tracked, such as when
using a digital application or platform when it doesn’t pose a risk or impose
itself on others.
We should not allow companies or employers to be disadvantaged if they
choose to use people instead of machines even if it’s more expensive and less
efficient.
Table 3. The Ethics Manifesto.

The Code of Ethics for Information Security Professional is derived from the Unified Framework for Information Security
Professionals, which emphasizes these three (3) core ethic values:

Values Descriptions
Integrity • Perform duties under existing laws and exercise the highest moral
principles.
• Refrain from activities that would constitute a conflict of interest.
• Act in the best interests of stakeholders consistent with the public
interest.
• Act honorably, justly, responsibly, and legally in every aspect of your
profession.
Objectivity • Perform all duties in a fair manner and without prejudice.

03 Handout 1 *Property of STI

 student.feedback@sti.edu Page 5 of 6
 IT1914

• Exercise independent professional judgment to provide unbiased

analysis and advice.
• When an opinion is provided, note it as opinion rather than fact.
Professional Competence and • Perform services diligently and professionally.
Due Care • Act with diligence and promptness in rendering service.
• Render only those services which you are fully competent and qualified.
• Ensure that the work performed meets the highest professional
standards.
• Be supportive of colleagues and encourage their professional
development.
• Keep stakeholders informed regarding the progress of your work.
• Refrain from conduct which would damage the reputation of the
profession, or the practice of colleague, clients, and employers.
• Report ethical violations to the appropriate governing body promptly.
Table 4. Three (3) Core Ethic Values.

_________________________________________________________________________________________________
References:
CyberSecurity Malaysia. (2010). Code of Ethics [PDF]. Retrieved from http://www.cybersecurity.my/data/content_files/11/764.pdf on May 2, 2019
Domain. (n.d.). In Techopedia. Retrieved from https://www.techopedia.com/definition/1326/domain-networking on May 1, 2019
Durkin, N. (n.d.). Pros and cons: 3 types of remote access methods [Web log post]. Retrieved from https://www.wearediagram.com/blog/pros-and-
cons-3-types-of-remote-access-methods on May 1, 2019
Eckel, E. (2006, July 19). The importance of a remote access policy. In TechRepublic. Retrieved from https://www.techrepublic.com/article/the-
importance-of-a-remote-access-policy/ on May 2, 2019
Know the rules of cyber ethics. (n.d.). In Center for Internet Security. Retrieved from https://www.cisecurity.org/daily-tip/know-the-rules-of-cyber-
ethics/ on May 2, 2019
Kostopoulus, G.K. (2018). Cyberspace and Cybersecurity (2nd ed.). Boca Raton, FL: Taylor and Francis Group
Local users and domain users in Windows. (n.d.). In Indiana University. Retrieved from https://kb.iu.edu/d/anbn on May 1, 2019
Mitchell, B. (2019). What is a wide area network (WAN)? [Web log post]. Retrieved from https://www.lifewire.com/wide-area-network-816383 on
May 1, 2019
Perlman, A. (2018). Man vs. Machine: The new ethics of cybersecurity. Retrieved from https://www.securityroundtable.org/new-ethics-of-
cybersecurity/ on May 2, 2019
Poczynek, N., Truong, J., When, A. (2013, April 4). System/Application domain. Retrieved from http://www.personal.utulsa.edu/~james-
childress/cs5493/Projects2013/Silver/SystemApplicationDomainTrainingDocument.pdf on May 2, 2019
The seven domain of a typical IT infrastructure. (n.d.). In BINUS University School of Information Systems. Retrieved from
https://sis.binus.ac.id/2018/01/15/the-seven-domain-of-a-typical-it-infrastructure/ on May 1, 2019
What is a LAN domain? (n.d.). In Reference.com. Retrieved from https://www.reference.com/technology/lan-domain-2489f5ad15657539 on May 1,
2019
Why domain names are so important. (n.d). In AllBusiness. Retrieved from https://www.allbusiness.com/why-domain-names-are-so-important-681-
1.html on May 2, 2019

03 Handout 1 *Property of STI

 student.feedback@sti.edu Page 6 of 6
 IT1914

Security Systems Engineering

Policy Development
Security Policy
It is the statement of responsible decision makers about the protection mechanism of a company’s crucial, physical, and
information assets. Overall, it is a document that describes a company’s security controls and activities.
Security policy does not specify a technological solution. Instead, it specifies sets of intentions and conditions that will
aid in protecting assets along with its proficiency to organize a business. In more depth, a security policy is a primary way
in which administration prospects for security are translated into specific, measurable goals, as well as direct users to
build, install, and maintain systems.

Policy Makers
Security policy development is a joint or collective operation of all entity of an organization that is affected by its rules.
In general, security policies should not be developed by the IT team itself as it is a responsibility of everyone that has a
stake in the security policy. During policy creating, the following entities should be involved in its development:
• Board – Company board members must render their advice to some form of a review of policies in response to
the exceptional or abominable running condition of the business.
• IT Team – The members of this team usually are the biggest consumers of the policy information in any company
because they develop standards around the usage of the computer system, especially security controls.
• Legal Team – This team ensures the legal points in the document and guides a particular point of
appropriateness in the company.
• HR Team – This team typically obtains a certified certificate from each employee, in which they have read and
understood the stipulated policy, as it deals with reward- and punishment-related issues of employees to
implement discipline.

Requirement
Publication
Gathering

Proposal
Approval
Definition

Policy
Development
Figure 1. Security policy development approach

Policy Audience
Security policy applies to all senior management, employees, stockholders, consultants, and service providers who use
company assets. Therefore, the security policy must be readable, concise, and illustrated to be effectively understandable
to its audience so that everyone adheres to the policies and fulfill their role.

Audience

IT
Employees Management Legal Stockholders
Department

Figure 2. Security Policy for Audience

04 Handout 1 *Property of STI

 student.feedback@sti.edu Page 1 of 5
 IT1914

Policy Classification
Every organization typically has three (3) policies: first, it is drafted on paper; second, that is in employees’ minds; and
third that it is implemented. The security policy is a part of the hierarchy of management control; it guides its audience
what to do according to the stipulated terms and conditions of a company. The policy generally requires what must be
done, not on how it should be done.
Security policies could be informative, regulative, and advisory in a broad manner. Generally, these are subdivided into
the following categories:
• Physical security – It mandates what protection should be wielded to safeguard the physical asset from both
employees and management and applies to the prevail facilities, including doors, entry point, surveillance, and
alarm.
• Personnel Management – They are supposed to tell their employees how to conduct or operate day-to-day
business activities in a secure manner. For instance, password management and confidential information
security apply to individual employees.
• Hardware and Software – It directs the administrator what type of technology to use and how network control
should be configured and applied to the system and network administrators.

Policy Audit
Security documents are living documents. It needs to be updated at specific intervals in response to changing business
and customer requirements. A successful security audit accomplishes the following:
• It compares the security policy with the actual practice in place.
• It determines the exposure to threats from the inside.
• It also determines the exposure of an organization from an outside attack.

Policy Enforcement
Enforcement of security policies ensures compliance with the principle and practices dictated by the company because
policy procedure does not work if they are violated. Enforcement is arguably the most significant aspect of a company; it
dissuades anyone from deliberately or accidentally violating policies rules.

Policy Awareness
Company employees are often perceived as a “soft” target to be compromised because they are the least predictable
and easiest to exploit. Trusted employees either “disgruntle” or become framed to provide valuable information about a
company. One of the most robust storage to combat this exposure of information by employees is education. A good
security awareness program must be periodically performed and must include all the existing security policies that are
mandated to be complied with by employees. These awareness programs should integrate communication and reminders
to employees about what they should and shouldn’t reveal information to the outsiders. Security policy awareness
training and education mitigate the threat of information leakage.

These are the misconceptions about policy development:

• Without identifying the need
• Without identifying who will take lead
responsibility
• Finalizes the policy without further study
• Does not consult with appropriate
stakeholders
• Does not consider whether procedures are
required
• Does not monitor or review the implemented
policy
• Does not gather information

Process Management
There are eight (8) security processes to protect and manage data:
• Privileged Password Management – This process seeks to protect the most sensitive data. Within a large
organization, which has requirements to keep customer or client data secure, there is often a limited number of
people who have access to the data. This process is geared to provide short-term access to someone who would
normally not have these permissions.

04 Handout 1 *Property of STI

 student.feedback@sti.edu Page 2 of 5
 IT1914

Having a strong privileged password management process in place is a vital part of securing data. This is
important for company performance. Sufficient levels of security can often be required by law depending on the
nature of the data that is stored and the industry an organization operates within.
• Network Administrator Daily Tasks – This checklist aims to list a series of key daily tasks performed by network
administrators and provide space for those tasks to be recorded. As a result, a network administrator would be
able to run the checklist each day and cycle through the different tasks presented to cover the recurring basics.
• Network Security Audit Checklist – The network security audit checklist deals with hardware and software,
training, and procedures. The risks of a system often down to both human and technical errors and particularly
when both errors meet. For this reason, an audit must go beyond looking at a narrow focus or one (1) specific
area; instead, s/he must try to capture the overview of all the risks inherent in the system.
• Firewall Audit Checklist – This process is thorough and covers a series of precautions. In every step, documenting
activities is encouraged. From reviewing existing policies and assessing the physical security of the servers to
deleting redundant rules from the rule-base, it is vital that changes are documented when executing process
management. Positive process documentation results in better work and makes the life of the next person
auditing the firewall significantly easier.
• Virtual Private Network (VPN) Configuration – In this process, a VPN is set up on a staff member’s laptop, which
allows the staff member to connect to the office network remotely. Built into this process are the checks and
balances which come from using a process to manage the setup. For example, as part of security protections,
both the information technology (IT) and human resource (HR) departments would have recorded the
information of who has remote access to office networks. This prevents risk exposure that otherwise could have
been caused by poor communication practices.
• Apache Server Setup – The most popular server in the world is Apache. It caters different methods of setup by
walking through alternative commands.
• E-mail Server Security – E-mail is one of the first ways anyone is going to try to get into a company. Fighting off
phishing attacks and other malicious attempts to compromise security relies on both strong technical resilience
and a high level of professional training.
• Penetration Testing – This involves testing systems security by trying to break into it. It is centered around trying
to find vulnerabilities in a system and then attempting to sneak inside. The penetration testers’ goal is to see
how much damage they have the potential to cause.
Network Compliance
Network compliance management enables the identification and correction of trends that could lead to business
problems such as network instability and service interruption.
Compliance becomes overwhelming for many IT shops because they don’t have a clear understanding of what various
regulations require. Compliance is a moving target, so such tools must be updated with policies and continue to run after
an audit proves successful to prevent compliance drift. At that point, the technologies are used to maintain an
environment in a compliant state and provide documentation of the ongoing compliance.
Network auditing and compliance tools use scanning and monitoring technologies to track access to critical devices and
ensure actions comply with policies. The products collect data and maintain detailed records, sometimes in the format
required by regulatory compliance demands.
Network audit and compliance software, at times packaged in appliances, include components such as audit, compliance,
and database servers. Audit servers run scans, while the compliance service analyzes and processes the scan results, and
the database server stores raw and processed data. Compliance managers typically tap a Web-based console to view
data collected and generate reports.
How Does Network Compliance Protect You?
There are many obstacles to achieving complete network compliance and security, including technology change, staffing,
and skills shortages, and the need to accelerate business responsiveness. Operational network errors are frequently the
consequence of configuration issues, which are a major source of network downtime, degraded performance, and gaps

04 Handout 1 *Property of STI

 student.feedback@sti.edu Page 3 of 5
 IT1914

in the network security. Network compliance and security is imperative for ensuring quality service, meeting
implementation and regulatory requirements, and managing risks.

Cryptography
Cryptography is the science of secret writing to keep the data secret and an important aspect when dealing with network
security. “Crypto” means secret or hidden. Cryptanalysis, on the other hand, is the science or sometimes the art of
breaking cryptosystems. Both terms are a subset of what is called “cryptology.” Cryptology refers to the study of codes,
which involves both writing (cryptography) and solving (cryptanalysis) them. Cryptography is classified into symmetric
cryptography, asymmetric cryptography, and hashing. Below are the description of these types.

• Symmetric key cryptography – It involves usage of one (1) secret key along with encryption and decryption
algorithms which help in securing the contents of the message. The strength of symmetric key cryptography
depends upon the number of key bits. It is relatively faster than asymmetric key cryptography. There arises a
key distribution problem as the key has to be transferred from the sender to the receiver through a secure
channel.

Figure 3. Symmetric key cryptography

Source: https://www.geeksforgeeks.org/cryptography-introduction-to-crypto-terminologies/

• Asymmetric key cryptography – Also known as “public key cryptography,” it involves the usage of a public key
along with the secret key. It solves the problem of key distribution as both parties use different keys for
encryption or decryption. It is not feasible to use for decrypting bulk messages for it is very slow compared to
symmetric key cryptography.

Figure 4. Asymmetric key cryptography

Source: https://www.geeksforgeeks.org/cryptography-introduction-to-crypto-terminologies/

• Hashing – It involves taking the plain-text and converting it to a hash value of fixed size by a hash function. This
process ensures the integrity of the message; the hash value on both the sender’s and the receiver’s side should
match if the message is unaltered.

04 Handout 1 *Property of STI

 student.feedback@sti.edu Page 4 of 5
 IT1914

Figure 5. Hashing
Source: https://www.geeksforgeeks.org/cryptography-introduction-to-crypto-terminologies/

Cryptanalysis is the study of cipher text, ciphers, and cryptosystems to understand how they work as well as find and
improve techniques for defeating or weakening threats. For example, cryptanalysts seek to decrypt cipher texts without
knowledge of the plaintext source, encryption key, or the algorithm used to encrypt it. Cryptanalysts also target secure
hashing, digital signatures, and other cryptographic algorithms.

Figure 6. Cryptanalysis
Source: https://www.geeksforgeeks.org/cryptography-introduction-to-crypto-terminologies/

Types of Attacks in Cryptanalysis

1.Classical Attack – It can be divided into mathematical analysis and brute force attacks. Brute force attacks run the
encryption algorithm for all possible cases of the keys until these find a match. The encryption algorithm is treated
as a black box.
• Analytical attacks are those attacks which focus on breaking the cryptosystem by analyzing the internal
structure of the encryption algorithm.
2. Social Engineering Attack – It is something dependent on the human factor. Tricking someone into revealing their
passwords to the attacker or allowing access to the restricted area comes under this attack. People should be
cautious when revealing their passwords to any third party that is not trusted.
3. Implementation Attacks – A side-channel analysis can be used to obtain a secret key for this kind of attack. They
are relevant in cases where the attacker can obtain physical access to the cryptosystem.
_______________________________________________________________________________________
References:
Alan. (2013, January 25). Why are processes important? [Web log post]. Retrieved from http://www.agiledge.com/process/why-are-processes-important on May 6, 2019 An
Introduction to Cyber Security Policy. (n.d). In Infosec Resources. Retrieved from https://resources.infosecinstitute.com/cyber-security-policy-part-1/#gref on May 3,
2019
Caesar Cipher. (n.d).In Practical Cryptography. Retrieved from http://practicalcryptography.com/ciphers/caesar-cipher/ on May 6, 2019
Cryptography. (n.d). In Geeks for Geeks. Retrieved from https://www.geeksforgeeks.org/cryptography-introduction-to-crypto-terminologies/ on May 5, 2019
Dubie, D. (n.d). Network Auditing and Compliance Requires Education Planning. Guide to Network Auditing and Compliance. PC World. Retrieved from
https://www.pcworld.com/article/144633/guide_network_auditing_compliance.html on May 5, 2019.
Henshall, A. (2017, August 29). 8 IT security processes to protect and manage company data [Web log post]. Retrieved from https://www.process.st/it-security-processes/
on May 5, 2019
Kostopoulus, G.K. (2018). Cyberspace and Cybersecurity (2nd ed.). Boca Raton, FL: Taylor and Francis Group
Network Compliance. (n.d). In Qual Network Society. Retrieved from http://it-network-security.co.uk/our-services/network-compliance/ on May 5, 2019

04 Handout 1 *Property of STI

 student.feedback@sti.edu Page 5 of 5
 IT1914

Security Systems Engineering

Cryptography
Classical Encryption Techniques
• Caesar Cipher – It is one of the earliest known and simplest ciphers. It is a type of substitution cipher in which
each letter in the plaintext is shifted to a certain number of places down the alphabet. For example, with a shift
of 1, A would be replaced by B, B would become C, and so on. This method is named after Julius Caesar who
used to communicate with his generals.
Here is a quick example of the encryption and decryption stems involved with the Caesar cipher. The text to be
encrypted is “defend the east wall of the castle” with a shift of 1:
Plaintext defend the east wall of the castle
Ciphertext efgfoe uif fbtu xbmm pg uif dbtumf

Note that the count on the alphabets will depend on the shift. If you decide to encrypt using Caesar cipher with
a shift of 5, then A would be F, B would become G, and so on. If you want to decrypt the encrypted message,
instead of counting to the right, count the alphabet to the left depending on the given shift.

• Keyword Ciphers – To use this method for constructing the ciphertext alphabet, pick a keyword and write it
down while ignoring the repeated letters. Follow it with the letters of the alphabet that have not yet been used.
For example, find the alphabet pairs for the keyword COLLEGE. Crossing out the letters that are making their
second appearance leaves COLEG. To encipher, use the pair of alphabets.
Top row: Plaintext – This will be the basis for getting the letters from the ciphertext.
Bottom row: Ciphertext – The letters will come from this row to get the answer.
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
C O L E G A B D F H I J K M N P Q R S T U V W X Y Z
Now, to encrypt the word “UNIVERSITY,” the result would be UMFVGRSFTY.
Note that the keyword will always be given. It can be any word.

• Giovanni’s Method – Around 1580, Giovanni Battista Argenti suggested that one can also pick a keyletter and
begin the keyword UNDER that letter of the plaintext. The Argentis, Giovanni, and his nephew Matteo, come
from one of the great cryptology families of the middle ages. After many years of trying, Giovanni finally became
the papal secretary of ciphers in Rome in 1950, only to quickly weaken from the frequency necessary trips to
Germany and France.
To use Giovanni’s method with key letter “P,” start the word “COLEG” under “PQRST” then place the remaining
letters to the right to convert the plaintext to ciphertext.
Top row: Plaintext – This will be the basis for getting the letters from the ciphertext.
Bottom row: Ciphertext – The letters will come from this row to get the answer.
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
J K M N P Q R S T U V W X Y Z C O L E G A B D F H I

If you encrypt UNIVERSITY, the answer based on Giovanni’s method would be AYTBPLETGH.

• Transposition Techniques – A transposition cipher is archived by performing some permutation on the plaintext
letters. The simplest such cipher is the rail fence technique, in which the plaintext is written down as a sequence
of diagonals and then read off as a sequence of rows. An example of this technique is as follows:
Plaintext: MEET ME AFTER THE TOGA PARTY
Solution:

04 Handout 2 *Property of STI

 student.feedback@sti.edu Page 1 of 2
 IT1914

M E M A T R H T G P R Y
E T E F E T E O A A T

Now, concatenate the rows (first row) (second row).

Ciphertext: MEMATRHTGPRYETEFETEOAAT

• Polyalphabetic Ciphers – Another way to improve on the simple monoalphabetic techniques is to use different
monoalphabetic substitutions as on proceeds through the plaintext message. The best-known and the simplest
algorithm is referred to as the Vigenere cipher.
Example of Polyalphabetic Cipher:
Top row - Key: ATMOSPHERE
Bottom row - Plaintext: HELLO WORLD
Using the Vigenere tableau, find the match of the keyword and plaintext. Example, A and H are H, T and E would
result in X and so on.
A T M O S P H E R E
H E L L O W O R L D
Ciphertext: HXXZGLVVCH

Source: https://flylib.com/books/en/3.190.1.30/1/

_________________________________________________________________________________________________
References:
Alan. (2013, January 25). Why are processes important? [Web log post]. Retrieved from http://www.agiledge.com/process/why-are-processes-important on May 6, 2019
An Introduction to Cyber Security Policy. (n.d). In Infosec Resources. Retrieved from https://resources.infosecinstitute.com/cyber-security-policy-part-1/#gref on May 3,
2019
Caesar Cipher. (n.d). In Practical Cryptography. Retrieved from http://practicalcryptography.com/ciphers/caesar-cipher/ on May 6, 2019
Cryptography. (n.d). In Geeks for Geeks. Retrieved from https://www.geeksforgeeks.org/cryptography-introduction-to-crypto-terminologies/ on May 5, 2019
Dubie, D. (n.d). Network Auditing and Compliance Requires Education Planning. Guide to Network Auditing and Compliance. PC World. Retrieved from
https://www.pcworld.com/article/144633/guide_network_auditing_compliance.html on May 5, 2019
Henshall, A. (2017. August 29). 8 IT Security Processes to Protect and Manage Company Data [Web log post]. Retrieved from https://www.process.st/it-security-processes/
on May 5, 2019
Kim, D. & Solomon M. (2018). Fundamentals of information systems security (3rd ed.). Massachusets: Jones & Bartlett Learning
Network Compliance. (n.d). In Qual Network Society. Retrieved from http://it-network-security.co.uk/our-services/network-compliance/ on May 5, 2019

04 Handout 2 *Property of STI

 student.feedback@sti.edu Page 2 of 2