- 1 TRC PowerPoint
- 2 Encryption
- 3 Firewall
- 4 Digital Signatures & Certificates
- 5 Viruses / Worms / Trojans / Vulnerabilites
- 6 What Can Be Done
Applying an algorithm or process (and normally a key) to data so that the output can no longer be understood. However this process can be reversed to return to the original data, this again may involve the use of a key.
The original data you want to encrypt.
The specific algorithm or process used on the plain text.
The output from running a cipher with the plain text.
The practice and study of techniques used in encryption.
The art or process of deciphering coded messages without being told the key
Cipher text can be decrypted using an encryption algorithm and the encryption key. Symmetric means using the same key to encrypt and decrypt so it is often difficult to distribute a symmetric key without being intercepted. The key must be passed separately and obviously can’t be sent with the message. It is easy to decrypt the message with the key.
Asymmetric refers to the fact that a separate encryption key and separate decryption key are used it is also called public key encryption e.g. RSA. You need a pair of keys – public and private. The private key is kept secret and secure but the encryption algorithm and public keys are freely available so:
- Message encrypted with A’s private key can only be decrypted with A’s public key
- Message encrypted with A’s public key can only be decrypted by A with it’s private key
A piece of software designed to prevent the flow of network traffic, typically a specific sort of traffic or from/to a certain location. Firewalls are built in to many operating systems, such as Windows, and some are designed to be installed on a physical device to filter traffic for the whole network.
A firewall uses 3 concepts:
- Packet Filtering
- Stateful Inspection
- Proxy Server
Examining the contents of a packet and it will be rejected if they fail to conform to certain rules. This could be done by examining the packet header information. You could Could block based on the Protocol, Port or socket, Unknown / Untrusted source, Unknown process, or Could contain malware.
Examining contents of a packet and it will be rejected if it is not part of a recognised communication. The firewall will keep a track of all open channels and transmissions. So it will know the context of each packet, i.e. which transmission and channel it is linked to. Any unknown source or port may be rejected.
Proxy means on behalf of. A proxy server is on the edge of your private network and the proxy server is the only connection on the public internet. All of the devices behind the proxy server are essentially hidden from the internet.
All requests requiring public internet are routed through proxy server. The Proxy server can evaluate the source of the request and can filter specific website and locations. This will prevent all users on the network from accessing web content, it will also prevent access from certain devices.
Digital Signatures & Certificates
To prove that an electronic message is genuine, a sender can digitally sign the message. Just like an actual signature written by hand. This means it can detect if the message has been tampered with and the signature is proof that it has been sent by the correct person. Digital signatures use asymmetric encryption.
Generating the Digital Signature
- A digest (also known as a hash) is produced from the message using a hash function. The digest is a much reduced version of the original message (it is not possible to change a message digest back into the original message from which it was created).
- The digest is then encrypted using the sender’s private key. The sender’s private key must be used instead of the receiver’s public key to prove it has been encrypted by the sender. The encrypted digest result is the digital signature.
- The encrypted digest (digital signature) is then appended to the original message.
- The message and digital signature are then encrypted using the receiver’s public key. The receiver’s public key must be used here so that only the receiver can decrypt the message with the private key.
- The encrypted message is then sent by electronic mail.
Verifying The Message
- The message and signature are decrypted using the receiver’s private key.
- The decrypted message is then separated into the original message and digital signature.
- The digital signature is then decrypted using the sender’s public key. This proves it has been sent by the person who owns the private key.
- A new digest is produced from the original message using the same hash function as the original digest.
- The decrypted digest is then compared to the new digest. If the decrypted digest is the same as the new digest then the message has not been tampered with.
A digital certificate is issued by a certification authority.
It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real.
Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.
Viruses / Worms / Trojans / Vulnerabilites
A small program that attacks computers and replicates itself by attaching itself to other programs or files.
Malware type that replicates itself and spreads around a system, its a small program that attacks computers by exploiting network security weaknesses and replicates itself through computer networks. A worm doesn’t need to be attached to another file unlike a virus.
Malware hidden within another file, it doesn’t replicate itself and it can remain undetected for a long time. Often they could be dormant and waiting to be activated. Once activated, a trojan could silently gather data and steal it by transferring off your network or could alternatively cause damage to the data or the computer.
Malware will often target vulnerabilities in a system or application. These can be errors or bugs in a package that have not been fixed or patched, they can exist for long periods of time before they are found. Ideally they will be found by the security community in the course of research, demonstrations, or as a proof of concept. Most vulnerabilities are discovered and fixed before they are used in an attack.
These vulnerabilities can produce unpredictable consequences, because they can put the program or system into a state which hasn’t been tested. Quite often this makes the system vulnerable and could bypass security methods implemented.
Exploits target specific vulnerabilities, they can be known or unknown. Zero Day Exploits are unknown exploits which are found and on day zero no fix is available. The software provider will often work quickly to fix a zero day exploit because nobody is protected from the exploit.
What Can Be Done
What can Individuals do
- Use anti-malware software
- Ensure devices are fully up to date
- Use encryption
- Ensure sites use HTTPS
- Use passwords & PIN’s on programs and files
What can Programmers do
- Use a language with built in security features
- Use encryption for data stored
- Set access rights to appropriate parts of the system
- Only use internet services if required
- Thoroughly test your code, and test for known issues
- Keep knowledge up to date for threats and method to combat
- Never trust the user, often accidental or deliberate misuse
What can System Admins do
- Ensure requests come from known sources
- Use firewall
- Use anti-malware
- Keep systems fully up to date