Cryptography and Network Security

NAME – AKASH SINGHAL

SAP ID – 500076111

R177219017

AI & ML BATCH-1

ASSIGNMENT – 1
ANS-1
1. Packet filtering firewall

Packet filtering firewalls operate inline at junction points where devices such as routers and
switches do their work. However, these firewalls don't route packets; rather they compare
each packet received to a set of established criteria, such as the allowed IP addresses, packet
type, port number and other aspects of the packet protocol headers. Packets that are flagged
as troublesome are, generally speaking, unceremoniously dropped -- that is, they are not
forwarded and, thus, cease to exist.

Packet filtering firewall advantages

 A single device can filter traffic for the entire network

 Extremely fast and efficient in scanning traffic

 Inexpensive

 Minimal effect on other resources, network performance and end-user experience

Packet filtering firewall disadvantages

 Because traffic filtering is based entirely on IP address or port information, packet

filtering lacks broader context that informs other types of firewalls

 Doesn't check the payload and can be easily spoofed

 Not an ideal option for every network

 can be difficult to set up and manage

2. Circuit-level gateway
Using another relatively quick way to identify malicious content, circuit-level gateways
monitor handshakes and other network protocol session initiation messages across the
network as they are established between the local and remote hosts to determine whether the
session being initiated is legitimate -- whether the remote system is considered trusted. They
don't inspect the packets themselves, however.

Circuit-level gateway advantages

 Only processes requested transactions; all other traffic is rejected

 Easy to set up and manage

 Low cost and minimal impact on end-user experience

Circuit-level gateway disadvantages

 If they aren't used in conjunction with other security technology, circuit-level gateways
offer no protection against data leakage from devices within the firewall

 No application layer monitoring

 Requires ongoing updates to keep rules current

3. Application-level gateway

This kind of device -- technically a proxy and sometimes referred to as a functions as the
only entry point to and exit point from the network. Application-level gateways filter packets
not only according to the service for which they are intended -- as specified by the destination
port -- but also by other characteristics, such as the HTTP request string.

While gateways that filter at the application layer provide considerable data security, they and
can be challenging to manage.

Application-level gateway advantages

 Examines all communications between outside sources and devices behind the firewall,
checking not just address, port and TCP header information, but the content itself before
it lets any traffic pass through the proxy

 Provides fine-grained security controls that can, for example, allow access to a website
but restrict which pages on that site the user can open

 Protects user anonymity

Application-level gateway disadvantages

 Can inhibit network performance

 Costlier than some other firewall options

 Requires a high degree of effort to derive the maximum benefit from the gateway

 Doesn't work with all network protocols

4. Stateful inspection firewall

State-aware devices not only examine each packet, but also keep track of whether or not that
packet is part of an established TCP or other network session. This offers more security than
either packet filtering or circuit monitoring alone but exacts a greater toll on network
performance.

A further variant of stateful inspection is the multilayer inspection firewall, which considers
the flow of transactions in process across multiple protocol layers of the seven-layer

Stateful inspection firewall advantages

 Monitors the entire session for the state of the connection, while also checking IP
addresses and payloads for more thorough security

 Offers a high degree of control over what content is let in or out of the network

 Does not need to open numerous ports to allow traffic in or out

 Delivers substantive logging capabilities

Stateful inspection firewall disadvantages

 Resource-intensive and interferes with the speed of network communications

 More expensive than other firewall options

 Doesn't provide authentication capabilities to validate traffic sources aren't spoofed

5. Next-generation firewall

A typical combines packet inspection with stateful inspection and also includes some variety
of deep packet inspection as well as other network security systems, such as an IDS/IPS,
malware filtering and antivirus.
While packet inspection in traditional firewalls looks exclusively at the protocol header of the
packet, DPI looks at the actual data the packet is carrying. A DPI firewall tracks the progress
of a web browsing session and can notice whether a packet payload, when assembled with
other packets in an HTTP server reply, constitutes a legitimate HTML-formatted response.

NGFW advantages

 Combines DPI with malware filtering and other controls to provide an optimal level of
filtering

 Tracks all traffic from Layer 2 to the application layer for more accurate insights than
other methods

 Can be automatically updated to provide current context

NGFW disadvantages

 In order to derive the biggest benefit, organizations need to integrate NGFWs with other
security systems, which can be a complex process

 Costlier than other firewall types

ANS-2
SQL Injections

This occurs when an attacker inserts malicious code into a server using server query language
(SQL) forcing the server to deliver protected information. This type of attack usually involves
submitting malicious code into an unprotected website comment or search box. Secure
coding practices such as using prepared statements with parameterized queries is an effective
way to prevent SQL injections.

When a SQL command uses a parameter instead of inserting the values directly, it can allow
the backend to run malicious queries. Moreover, the SQL interpreter uses the parameter only
as data, without executing it as a code. Learn more about how secure coding practices can
prevent SQL injection.

Zero-day Exploit
A Zero-day Exploit refers to exploiting a network vulnerability when it is new and recently
announced — before a patch is released and/or implemented. Zero-day attackers jump at the
disclosed vulnerability in the small window of time where no solution/preventative measures
exist. Thus, preventing zero-day attacks requires constant monitoring, proactive detection,
and agile threat management practices.

Password Attack

Passwords are the most widespread method of authenticating access to a secure information
system, making them an attractive target for cyber attackers. By accessing a person’s
password, an attacker can gain entry to confidential or critical data and systems, including the
ability to manipulate and control said data/systems.

Password attackers use a myriad of methods to identify an individual password, including

using social engineering, gaining access to a password database, testing the network
connection to obtain unencrypted passwords, or simply by guessing.

The last method mentioned is executed in a systematic manner known as a “brute-force

attack.” A brute-force attack employs a program to try all the possible variants and
combinations of information to guess the password.

Another common method is the dictionary attack, when the attacker uses a list of common
passwords to attempt to gain access to a user’s computer and network. Account lockout best
practices and two-factor authentication are very useful at preventing a password attack.
Account lockout features can freeze the account out after a number of invalid password
attempts and two-factor authentication adds an additional layer of security, requiring the user
logging in to enter a secondary code only available on their 2FA device(s).

Cross-site Scripting

A cross-site scripting attack sends malicious scripts into content from reliable websites. The
malicious code joins the dynamic content that is sent to the victim’s browser. Usually, this
malicious code consists of Javascript code executed by the victim’s browser, but can include
Flash, HTML, and XSS.
Rootkits

Rootkits are installed inside legitimate software, where they can gain remote control and
administration-level access over a system. The attacker then uses the rootkit to steal
passwords, keys, credentials, and retrieve critical data.

Since rootkits hide in legitimate software, once you allow the program to make changes in
your OS, the rootkit installs itself in the system (host, computer, server, etc.) and remains
dormant until the attacker activates it or it’s triggered through a persistence mechanism.
Rootkits are commonly spread through email attachments and downloads from insecure
websites.

Internet of Things (IoT) Attacks

While internet connectivity across almost every imaginable device creates convenience and
ease for individuals, it also presents a growing—almost unlimited—number of access points
for attackers to exploit and wreak havoc. The interconnectedness of things makes it possible
for attackers to breach an entry point and use it as a gate to exploit other devices in the
network.

IoT attacks are becoming more popular due to the rapid growth of IoT devices and (in
general) low priority given to embedded security in these devices and their operating systems.
In one IoT attack case, a Vegas casino was attacked and the hacker gained entry via an
internet-connected thermometer inside one of the casino’s fishtanks.

ANS-3
Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses
pairs of keys. Each pair consists of a public key (which may be known to others) and
a private key (which may not be known by anyone except the owner). The generation of such
key pairs depends on which are based on problems termed Effective security requires
keeping the private key private; the public key can be openly distributed without
compromising security.
In such a system, any person can a message using the intended receiver's public key, but that
encrypted message can only be decrypted with the receiver's private key. This allows, for
instance, a server program to generate a cryptographic key intended for a suitable , then to
use a client's openly-shared public key to encrypt that newly generated symmetric key. The
server can then send this encrypted symmetric key over an insecure channel to the client;
only the client can decrypt it using the client's private key (which pairs with the public key
used by the server to encrypt the message). With the client and server both having the same
symmetric key, they can safely use symmetric key encryption (likely much faster) to
communicate over otherwise-insecure channels. This scheme has the advantage of not having
to manually pre-share symmetric keys (a fundamentally difficult problem) while gaining the
higher data throughput advantage.

In common, public key schemes are not used to encrypt bulk data, but to encrypt few bytes of
data.

Asymmetric key cryptography is used to establish a secret key of required size. This shared
secret is many times used for a very short duration, like for a single session. This session key
is a symmetric key generally and it's used to do data encryption during that session.

ANS-4

The Data Encryption Standard (DES) is a symmetric-key block cipher published by the
National Institute of Standards and Technology (NIST).
DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block
size is 64-bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since
8 of the 64 bits of the key are not used by the encryption algorithm (function as check bits
only). General Structure of DES is depicted in the following illustration –
 Round Function - The heart of this cipher is the DES function, f. The DES function
applies a 48-bit key to the rightmost 32 bits to produce a 32-bit output.

 Expansion Permutation Box − Since right input is 32-bit and round key is a 48-bit, we
first need to expand right input to 48 bits.
 XOR (Whitener) − After the expansion permutation, DES does XOR operation on the
expanded right section and the round key. The round key is used only in this
operation.

 Substitution Boxes − The S-boxes carry out the real mixing (confusion). DES uses 8
S-boxes, each with a 6-bit input and a 4-bit output.