C1 : CRYPTOGRAPHY AND NETWORK SECURITY

BSIT - 3A SUMMER CLASS | INFORMATION ASSURANCE AND SECURITY 2

COMPUTER DATA
- often travels from one computer to another, leaving the safety of its
protected physical surroundings.

CRYPTOGRAPHY
- can reformat and transform our data, making it safer on its trip between
computers.
- The technology is based on the essentials of secret codes, augmented by
modern mathematics that protects our data in powerful ways.

DIFFERENCE AMONG COMPUTER, NETWORK , AND INTERNET SECURITY

1. COMPUTER SECURITY - designed to protect data and to thwart hackers.

2. NETWORK SECURITY - measures to protect data during their transmission.
3. INTERNET SECURITY - measures to protect data during their transmission
over a collection of interconnected networks.

THREE ASPECT OF INFORMATION SECURITY

1. SECURITY ATTACKS – Any action that compromises the security of

information owned by an organization.
2. SECURITY MECHANISM – A mechanism that is designed to detect, prevent
or recover from a security attack.
3. SECURITY SERVICE – A service that enhances the security of the data
processing systems and the information transfers of an organization.

BASIC CONCEPT

Cryptography - The art or science encompasses the principles and methods of

transforming an intelligible message into one that is unintelligible.

A. PLAINTEXT - The original intelligible message

B. CIPHERTEXT - The transformed message

1
 C. CIPHER - An algorithm for transforming an intelligible message into one
that is unintelligible by transposition and/or substitution methods.
D. KEY - Some critical information used by the cipher, known only to the
sender & receiver.
E. ENCIPHER (encode) - The process of converting plaintext to cipher text
using a cipher and a key.
F. DECIPHER (decode) - the process of converting ciphertext back into
plaintext using a cipher and a key.

CRYPTANALYSIS
- The study of principles and methods of transforming an unintelligible message
back into an intelligible message without knowledge of the key. Also called
code breaking.

1. Cryptology - Both cryptography and cryptanalysis

2. Code - An algorithm for transforming an intelligible message into an
unintelligible one using a code-book

THREE INDEPENDENT DIMENSIONS

A. Encryption algorithm are based on two general principle:

1. SUBSTITUTION
- in which each element in the plaintext is mapped into
another element, and
2. TRANSPOSITION
- in which elements in the plaintext are rearranged.

B. Number of key
1. Symmetric key
2. Public Key

C. Way in which the plaintext is processed

1. BLOCK CIPHER
- processes the input and block of elements at a time,
producing output block for each input block.
2. STREAM CIPHER
- processes the input elements continuously, producing
output element one at a time, as it goes along.

2
Cryptanalysis
- The process of attempting to discover X or K or both is known as cryptanalysis.
The strategy used by the cryptanalysis depends on the nature of the encryption
scheme and the information available to the cryptanalyst.
There are various types of cryptanalytic attacks based on the amount of information
known to the cryptanalyst:

A. Ciphertext only – A copy of cipher text alone is known to the cryptanalyst.

B. Known plaintext – The cryptanalyst has a copy of the cipher text and the
corresponding plaintext.
C. Chosen plaintext – The cryptanalysts gains temporary access to the encryption
machine.
D. Chosen ciphertext – The cryptanalyst obtains temporary access to the
decryption machine, uses it to decrypt several string of symbols, and tries to
use the results to deduce the key.

SECURITY SERVICES

1. CONFIDENTIALITY
- Ensures that the information in a computer system and transmitted
information are accessible only for reading by authorized parties. E.g.
Printing, displaying and other forms of disclosure.
2. AUTHENTICATION
- Ensures that the origin of a message or electronic document is correctly
identified, with an assurance that the identity is not false.
3. INTEGRITY
- Ensures that only authorized parties are able to modify computer system
assets and transmitted information. Modification includes writing,
changing status, deleting, creating and delaying or replaying of
transmitted messages.
4. NON REPUDIATION
- Requires that neither the sender nor the receiver of a message be able to
deny the transmission.
5. ACCESS CONTROL
- Requires that access to information resources may be controlled by or the
target system.
6. AVAILABILITY
- Requires that computer system assets be available to authorized parties
when needed.

3
Security Mechanisms
- One of the most specific security mechanisms in use is cryptographic
techniques. Encryption or encryption-like transformations of information are
the most common means of providing security.

- Some of the mechanisms are

1. Encipherment
2. Digital Signature
3. Access Control

SECURITY ATTACKS

four general categories of attack which are listed below

1. INTERRUPTION
- An asset of the system is destroyed or becomes unavailable or unusable.
- This is an attack on availability

2. INTERCEPTION
- An unauthorized party gains access to an asset.
- This is an attack on confidentiality.

3. MODIFICATION
- An unauthorized party not only gains access to but tampers with an
asset.
- This is an attack on integrity.

4. FABRICATION
- An unauthorized party inserts counterfeit objects into the system.
- This is an attack on authenticity.

INTERCEPTION MODIFICATION FABRICATION

4
 SYMMETRIC KET AND PUBLIC KEY ALGORITHM

1. SYMMETRIC KEY (Same)

- encryption and decryption keys are known both to sender and receiver.

2. PUBLIC KEY (Open for all)

- Cryptography, encryption key is made public, but it is computationally
infeasible to find the decryption key without the information known to
the receiver.

MODEL FOR NETWORK ACCESS SECURITY

CONVENTIONAL ENCRYPTION
● Referred conventional / private-key / single-key.
● Sender and recipient share a common key

5
1970 - All classical encryption algorithms are private-key only type prior to invention of
the public key.

Two requirements for secure use of symmetric encryption:

1. A strong encryption algorithm

2. A secret key known only to sender / receiver

● Y = EK(X)
● X = DK(Y)

➔ assume encryption algorithm is known

➔ implies a secure channel to distribute key

ENTERPRISE SECURITY
- dealing with providing confidentiality, integrity, authentication, authorization
and non-repudiation related to the entire organization‟s computing resources.
CYBER SECURITY
- it encompasses everything that pertains to protecting our sensitive data.

CYBER SECURITY RISK

- driven by global connectivity and usage of cloud services, like Amazon Web
Services, to store sensitive data and personal information.
CYBER THREATS
- Come from any level of your organization.

GDPR (General Data Protection Regulation)

- It has increased the reputational damage of data breaches by forcing all
organizations that operate in the EU to:

6
 ● Communicate data breaches
● Appoint a data-protection officer
● Require user consent to process information
● Anonymize data for privacy

INFORMATION THEFT
- The most expensive and fastest growing segment of cybercrime.

CYBERCRIMINALS
- are becoming more sophisticated, changing what they target, how they affect
organizations and their methods of attack for different security systems.

SOCIAL ENGINEERING
- remains the easiest form of cyber-attack with ransomware and phishing being
the easiest form of entry.
Data branches can involve financial information like:
1. Credit card number / bank account details
2. Protected health information (PHI)
3. Personally identifiable information (PII)
4. Trade secrets
5. Intellectual property
6. And other targets of industrial espionage.

lack of focus on cyber security can damage your business in range of ways including:

1. Economic costs
- Theft of intellectual property, corporate information, disruption in trading
and the cost of repairing damaged systems
2. Reputational costs
- Loss of consumer trust, loss of current and future customers to
competitors and poor media coverage
3. Regulatory costs
- GDPR and other data breach laws mean that your organization could
suffer from regulatory fines or sanctions as a result of cybercrimes.

Laundry list of Companies who are household names that have been affected:
1. EQUIFAX
- cybercrime identity theft (approximately 145.4 M usd)

7
 2. EBAY
- victim of breach of encrypted password, which resulted in asking all of its
145M users (february to march 2014)
3. ADULT FRIEND FINDER
- Hackers collected 20 years of data on its six databases
4. YAHOO
- Group of hackers had compromised 1B accounts (August 2013)

CYBERDEFENSE

CYBERDEFENSE
- Computer network defense mechanism w/c includes response to action and
critical infrastructure protection.
- Focuses on preventing, detecting, and providing timely response.
- Essential for most entities in order to protect sensitive info.

ADVANCED PERSISTENT THREATS (APT)

- Malicious insider

business to protect itself against attack and respond to a rapidly evolving threat
landscape. This will include:
● Cyber prevention
● Preventative controls
● Attack detection
● Reaction and response

ENTERPRISE SECURITY ARCHITECT

- structure of organizational, conceptual, logical, and physical components.
- also a driver and enabler of secure, resilient, and reliable behavior

❖ TOGAF - The Open Group Architecture Framework

❖ ISM - information security management
❖ ERM - enterprise risk management

8
C2 : BRIEF OVERVIEW OF COMMERCIAL ISSUES ON SECURITY
BSIT - 3A SUMMER CLASS | INFORMATION ASSURANCE AND SECURITY 2

Cryptography - greek word “krypto” - Hidden and “Graphene” - Writing.

- About constructing and analyzing protocols.

MODERN CRYPTOGRAPHY

1. Confidentiality - Information cannot be understood by anyone.

2. Integrity - Information cannot be altered.
3. Non-repudiation - Sender cannot deny his/her intentions in the transmission of
the information at a later stage.
4. Authentication - Sender and receiver can confirm each.

3 TYPES OF CRYPTOGRAPHIC TECHNIQUE

1. Symmetric-key cryptography
- Both the sender and receiver share a single key.
2. Hash functions
- No key is used in this algorithm
3. Public-key cryptography
- two related keys (public and private key) are used.

WEB SECURITY
- Known as “Cyber Security”
- Basically means protecting a website.

Available Technology (technical solution for testing, building, and preventing threts)

Likelihood of Threats:
1. Black box tools
2. Fuzzing tool
3. White box tool
4. Web application firewall (WAF)
5. Security or vulnerability scanner
6. Password cracking tool

9
 Top Vulnerabilities for all web-based services:
1. SQL injection
2. Password breach
3. Cross-site scripting
4. Data breach
5. Remote file inclusion
6. Code injection

Two big defense strategies that a developer can use to protect their website:

1. Resource Assignment - assigning all necessary resources.

2. Web Scanning - This method can protect against many breaches.

Web Security also protects the visitors:

1. Stolen Data
- cyber-criminals frequently hack visitor’s data.
2. Phishing Schemes
- not just related to email but design a layout that looks exactly like
the website.
3. Session Hijacking
- Cyber attackers can take over a user’s session and compel
4. Malicious Redirect
- Attacks can redirect visitors from the site.
5. SEO Spam
- Unusual links, pages, and comments can be displayed on a site by
the hackers.

PUBLIC KEY INFRASTRUCTURE (PKI)

- Set of roles, policies, hardware, software and procedures needed to create,
manage, distribute.
- Technology for authenticating users and devices

_________

C3 : SECURING PRIVATE NETWORKS

BSIT - 3A SUMMER CLASS | INFORMATION ASSURANCE AND SECURITY 2

10
FIREWALL SECURITY
● Minimize external access to LAN
● Done by means of firewall and proxy server
● Firewall provide a secure interface b/w an inner and outer
● Requires hardware and software to implement

FIREWALL FEATURES

● General Firewall Features:

1. Port Control
2. Network Address Translation
3. Application Monitoring

● Additional Feature:
1. Data Encryption
2. Authentication
3. Connection relay (hide internal network)

● Use One or Both Methods:

1. Packet Filtering
2. Proxy service

● It protects from:
1. Remote logins
2. Ip spoofing

11
 3. Source addressing
4. SMTP session hijacking
5. Spam
6. Denial of Service
7. E-mail bombs

FIREWALL - inserted b/w the premise network and internet.

4 Techniques that firewall use to control access:

1. Service control
- determines the type of internet services that can be accessed,
inbound or outbound.
2. Direction control
- determines the direction in which particular service request may
be initiated and allowed to flow through the firewall.
3. User control
- Controls access to a service according to w/c users are attempting
to access.
4. Behavior Control
- Controls how particular services are used.

3 COMMON TYPES OF FIREWALL

1. Packet Filtering Firewalls/Router

- Set of rules to each incoming IP packet.

Filtering rules are based on info:

1. Source IP Address
- originated the Ip packet (eg. 192.178.1.1)
2. Destination IP Address
- IP packet is trying to reach (192.168.1.2)
3. Source and destination port address
- Transport level (eg, TCP or UDP)
4. IP protocol field

12
 - Defines the transport protocol

5. Interface
- Router w/c 3 or more ports.

Advantage:
● Simple Transparent to user
● Very Fast

Weakness:
● Do not examine upper layer data
● Limited info available to the firewall
● Not support advance user authentication
● Generally vulnerable to attacks

The appropriate countermeasures are the following:

A. IP address spoofing
- The intruders transmit packets from the outside with a
source IP address field containing an address of an internal
host.

B. Source routing attacks

- The source station specifies the route that a packet should
take as it crosses the internet.
C. Tiny fragment attacks
- The intruder creates extremely small fragments and force
the TCP header information into a separate packet
fragment.

13
 2. Application-Level Gateway / Proxy Server Firewall
- called a proxy server, acts as a relay of application level traffic.
Advantage:
● More secure than packet filter
● Easy to log and audit

Disadvantage:
● Additional overhead on each connection

3. Circuit-Level Gateway
- stand-alone system or it can be a specified function.
- Don’t allow end to end TCP connection

BASTION HOST - special purpose computer on a network specifically designed and

configured to withstand attacks.
- Serves as a platform for an app level and circuit level gateway.

14
 3 COMMON FIREWALL CONFIGURATION

1. Screened host firewall, single-homed Bastion Configuration

- The firewall consists of two systems: a packet filtering router and a
bastion host.

2. Screened host firewall, dual homed Bastion Configuration

- packet filtering router is compromised, traffic could flow directly through
the router between the internet and the other hosts on the private
network.

3. Screened subnet firewall configuration

- Two packet filtering routes are used.

15