By Suresh ChandImportant Questions
We ensure security of our belongings, home, office, locality, city, country and so on, using different mechanism.
You lock your car and bike even you take your helmet with you when you park it, which gives you personal sense of security. Some even install GPS and alarm on bikes and cars as a security measures.
Could you imagine;
Your personal financial data, college works, key personal secrets etcare destroyed , changed or made public.
What are you willing to do to prevent it?
1stStep is Security awareness
Securing your data not only secure your computer hardware, software and data also secure yourself.
Computers being in use at every level–Need of Computer security
- protect the computing system and to protect the data that they store and access.
- Transmission protection; to protect the data during transmission over the network.
This field of research and study has been linearly growing as new tech emerges. Term computer Security; address both Computer security and network security.
Computer security focus:
- Security Attacks: are the reasons for breach of security. Security attacks comprise of all actions that breaches the computer security.
- Security Mechanisms: tools that include the algorithms, protocols or devices, that are designed to detect, prevent, or recover from a security attack.
- Security services:provided by a system for a specific kind of protection to the system resources.
Security Threat And Security Attack
Point of Computer security is to eliminate or protect against threats.
A threat is anything that can cause harm.
By itself its not harmful unless it exploits an existing vulnerability.
A Vulnerability is a weakness-anything that has been left unprotected and left it open to harm, easy on security attacks
- Passive Attack
- Active Attack
|BASIS FOR COMPARISON||ACTIVE ATTACK||PASSIVE ATTACK|
|Basic||Active attack tries to change the system resources or affect their operation.||Passive attack tries to read or make use of information from the system but does not influence system resources|
|Modification in the information||Occurs||does not take place|
|Harm to the system||Always causes damage to the system.||Do not cause any harm|
|Threat to||Integrity and availability||Confidentiality|
|Attack awareness||The entity (victim) gets informed about the attack.||The entity is unaware of the attack|
|Task performed by the attacker||The transmission is captured by physically controlling the portion of a link.||Just need to observe the transmission|
|Emphasis is on||Detection||Prevention|
Attacks on users : identity of user and to the privacy of user.
Attacks on computer hardware could be due to a natural calamity like floods or earthquakes
Software attacks harm the data stored in the computer. Software attacks may be due tomalicious software, or, due to hacking
1. Malicious Software
Malicious users use different methods to break into the systems
The software that is intentionally included into a system with the intention to harm the system is called malicious software.
These types of programs/ software are able to self-replicate and can spread copies of themselves, which might even be modified copies.
Malware, viruses, worms, Trojan horses, ransomware, spyware, adware, and scareware.
Ransomware is a type of malicious software that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.
While some simple ransomware may lock the system in a way that is not difficult for a knowledgeable person to reverse.
More advanced uses a technique called cryptoviral extortion, which encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.
Cryptography derived its name from a Greek word called “krypto’s” which means “Hidden Secrets”.
Cryptography is the practice and study of hiding information. It is the Art or Science of converting a plain intelligible data into an unintelligible data and again retransforming that message into its original form.
It uses the mathematics to encrypt and decrypt the information.
It provides Confidentiality, Integrity, and Accuracy.
cryptography provides security and makes only the aimed recipient to read the data.
Cryptology includes both the cryptography and cryptanalyst; cryptanalyst is called as attackers
Some terms commonly used in cryptography:
- Plaintext: i.e. unencrypted data.
- Cipher and Code: Cipher is a bit-by-bit or character-by-character transformation without regard to the meaning of the message. Code replaces one word with another word or symbol. Codes are not used any more.
- Cipher text:
Purpose Of Cryptography
- Authentication: The process of proving one’s identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.)
- Privacy/confidentiality:Ensuring that no one can read the message except the intended receiver.
- Integrity:Assuring the receiver that the received message has not been altered in any way from the original.
- Non-repudiation:A mechanism to prove that the sender really sent this message.
Key is a secret parameter (string of bits) for a specific message exchange context.
Keys are important, as algorithms without keys are not useful. The encrypted data cannot be accessed without the appropriate key.
The size of key is also important. The larger the key, the harder it is to crack a block of encrypted data.
The algorithms differ based on the number of keys that are used for encryption and decryption.
- Secret Key Cryptography (SKC)
- Public Key Cryptography (PKC)
- Hash Functions
Architecture of cryptography
Secret Key Cryptography/symmetric encryption
- Single key used to encrypt and decrypt.
- Key must be known by both parties.
- Assuming we live in a hostile environment (otherwise -why the need for cryptography?), it may be hard to share a secret key.
- Data Encryption Standard (DES) and Advanced Encryption Standard (AES) are some of the secret key cryptography algorithms that are in use nowadays.
Public-Key Cryptographyasymmetric encryption
One of the keys allocated to each person is called the “public key”, and is published in an open directory somewhere where anyone can easily look it up, for example by email address.
Each entity has 2 keys: Private Key (a secret) Public key (well known).
Private keys are used for decrypting. Public keys are used for encrypting
Asymmetric key cryptography overcomes the key management problem by using different encryption and decryption key pairs. Having knowledge of one key, say the encryption key, is not sufficient enough to determine the other key – the decryption key.
The mathematical relationship between the public / private key pair permits a general rule: any message encrypted with one key of the pair can be successfully decrypted only with that key’s counter part.
Hash function (have no key since plain text is not recoverable from cipher text)
Hash functions are one-way encryption algorithms
A mathematical transformation that takes a message of arbitrary length and computes it a fixed-length (short) number.
Hash functions are generally used to ensure that the file has not been altered by an intruder or virus.
Hash functions are commonly employed by many operating systems to encrypt passwords. Message Digest (MD) algorithm and Secure Hash Algorithm (SHA) are some of the common used hash algorithms.
- The system store a hash of the password (not the password itself)
- When a password is supplied, it computes the password’s hash and compares it with the stored value.
Using cryptographic hash functions to generate a MAC
A digital signature is used to sign a computerized document
This is the primary method of identification in use on the Internet
The protocols securing your browsing session when visiting a webpage of HTTPS make heavy use of Digital Certificates (SSL/TLS).
A digital certificate is issued by a Certification Authority (CA)
Digital signatures are easy for a user to produce, but difficult for anyone else to forge
Digital signatures can be permanently tied to the content of the message being signed and then cannot be moved from one document to another, as such an attempt will be detectable.
Inside a digital certificate is a very important piece of information: a Public Key of an Asymmetric Key Pair. This key is used to verify that the entity who presents the certificate is the true owner of the certificate. Much like your picture or signature on your driver’s license.
Digital signature scheme is a type of asymmetric key pair cryptography;
The digital signature scheme typically consists of three algorithms:
- Key generation algorithm —The algorithm outputs private key and a corresponding public key.
- Signing algorithm —It takes, message + private key, as input, and, outputs a digital signature.
- Signature verifying algorithm —It takes, message + public key + digital signature, as input, and, accepts or rejects digital signature.
Digital signature creation and Digital signature verification are two process involved.
A firewall is a security mechanism to protect a local network from the threats it may face while interacting with other networks (Internet).
A firewall can be a hardware component, a software component, or a combination of both.
It prevents computers in one network domain from communicating directly with other network domains.
All communication takes place through the firewall, which examines all incoming data before allowing it to enter the local network.
It Interconnects networks with differing trust
Imposes restrictions on network services; only authorized traffic is allowed
Auditing and controlling access；implement alarms for abnormal behavior
Itself immune to penetration
Working of Firewall
The working of firewall is based on a filtering mechanism.
The filtering mechanism keeps track of source address of data, destination address of data and contents of data.
The filtering mechanism allows information to be passed to the Internet from a local network without any authentication.
It makes sure that the downloading of information from the Internet to a local network happens based only on a request by an authorized user.
Types of Firewall
The type of firewall used varies from network to network
- Packet Filter Firewall
- Circuit Filter Firewall
- Application-Level Gateway/ Proxy server
1. Packet Filter Firewall
- Simplest of components, use in routersImplemented at Physical and Network Layer of OSI Model
- check incoming and outgoing packets
- filtering rules are applied to the data packets for filtering◦If the packet is found valid, then it is allowed to enter or exit the local network
Packet filtering is fast, easy to use, simple and cost effective.
Packet filter firewall alone is not a complete solution
2. Circuit Filter Firewall
More Secure over Packet Filter; “statefulinspection”
Traditional packet filters do not examine transport layer context
- iematching return packets with outgoing flow
Statefulpacket filters address this need
They examine each IP packet in context
- Keep track of client-server sessions
- Check each packet validly belongs to one
Hence are better able to detect bogus packets out of context
3. Application-Level Gateway
An application-level gateway protects all the client applications running on a local network from the Internet by using the firewall itself as the gateway
- Proxy firewall operates on the application layer. direct connection from an external computer to local network never takes place.
- The proxy automatically segregates all the packets depending upon the protocols used for them. A proxy server must support various protocols. It checks each application or service.
- A proxy server is easy to implement on a local network.
- Application level gateways or proxy server tend to be more secure than packet filters.
Instead of checking the TCP, UDP and IP combinations that are to be allowed, it checks the allowable applications.