Security and Network Fundamentals

Security and Network Fundamentals

You can use a number of methods to encrypt your data-

HASHING – commonly known as a one way cryptographic algorithm, hashing uses complex mathematical formulae to translate data into numerical values. A hashed numerical value can’t be translated back to its original data form. MD5 is a cryptographic hash function that uses a 128 bit hash value and is widely used in applications. WPA implements a large part of the IEEE 802.11i standard

SYMMETRIC KEY ALGORITHMS – encrypt data by assigning a private key to a sender and receiver. You use this shared key to encrypt and decrypt data you exchange. Examples include Data Encryption Standard and Advanced Encryption Standard.

ASYMMETRIC KEY ALGORITHMS- encrypt data using a public key that is available to everyone. Once you send your data to a receiver, they use a private key that is mathematically related to the public key to decode it. Examples include RSA and Pretty Good privacy.

There are various methods of encryption, including

• Data Encryption Standard or DES – is a symmetric key algorithm that was once used by the US government and uses a 52-bit key to encrypt and decrypt data. However, this key is small and easily broken, making DES insecure for many applications. It has been replaced by AES.
• 3DES – also known as TDES, 3DES implements the DES cipher three times. It provides more security than DES, but is still vulnerable to theoretical attacks.
• Advanced Encryption Standard (AES) – is a symmetric key algorithm used by US government as an encryption standard. AES uses a cipher block of 128 bits to encrypt data and a key of up to 256 bits to decrypt it. AES provides higher security than 3DES
• Pretty Good Privacy (PGP) – is a computer program that uses an asymmetric key algorithm to provide encryption and authentication using standardized operating protocols and data formats. This enables interoperability between PGP and related software, PGP is the precursor to the OpenPGP internet standard.

Classification are based on security labels, which are attached to

SYSTEM OBJECTS – security labels store classification levels for system objects. The classification level determines who is allowed access to the information or resource.

SYSTEM SUBJECTS – such as user accounts, can be assigned a clearance level. Clearance levels control which resources the subject is allowed to access.

Network applications,, protocols, and services are differentiated by the port on which they run. All TCP/IP communication has a port for each endpoint. Ports are assigned a number from 0-65535. Some examples are.
FTP 21 – Telnet 23 – SMTP 25 – DNS 53 – HTTP 80 – POP3 110 – HTTPS 443.

Various methods to dispose of data,

DELETING – when deleting data it only deletes the index entry pointing to the data on a hard disk drive, not the data itself so it can be still accessed. Although you can overwrite stored data and applications, an O/S can still contain temporary or cached files.
REFORMATTING – when you reformat or reinitialize a hard disk you simply create a new indexing system for the operating system, which doesn’t usually affect stored data. This is not a secure method of disposing of data.

DEGAUSSING – uses an external demagnetizer to remove the magnetic charge o the surface of storage medium and thereby destroy the data. Degaussing is effective at disposing of data stored on removable magnetic storage media.

DISASSEMBLING – a hard drive by removing the platters from the spindle. Once platters are removed it is very difficult to read the data without specialist equipment.

OVERWIRTTING – data by replacing stored data on a hard disk drive with a predetermined pattern, for example a string of zero. Once data is overwritten it no longer exists, so overwriting is a highly secure method of disposing of data. However you need to identify the physical parameters of the drive and each sector, manage write command errors, and select the correct software I order to ensure that no data is missed during the overwrite.

Security features and connections
WEP – was the first encryption technology introduced by the IEEE for securing wireless networks, however it was publicly denounced as insecure, you can configure WEP to use 64-bit or 128-bit symmetric encryption cipher. It is best practise to use 128-bit encryption cipher if it’s available.
• Shared key authentication – with shared key authentication the client and the AP must be pre-configured with the same key. The AP sends a challenge message in clear text to the workstation, which then encrypts the message with a 64-bit or 128-bit key and returns the message to the AP. The AP the decrypts the text with the shared key and compares the text to ensure that they match.
• Open System Authentication – no credentials are required from the workstation to authenticate with the AP. Encryption can be used to encrypt data transmissions once the workstation is authenticated with the AP.
WPA – was developed to overcome the weakness in WEP, WPAv1 or WPA1 uses the RC4 symmetric cipher with a 128-bit key. The later version of WPA, WPA2 builds on WPA by adding more features from the 802.11i standard. Notably WPA2 uses the advanced encryption system or AES, cipher for stronger encryption.
WPA2 supports the use of AES – not all wireless equipment supports WPA2 AES. There may be a firmware update available for some equipment though.
The 802.11 standard defines an AP as a device that functions as a transparent bridge between wireless clients and an existing wired network. An AP contains at least one interface, called the WAN port, for connection to the wired network. It also contains transmitting equipment to connect with wireless clients. Aps typically broadcast their SSIDs, which clients can detect. These broadcast usually identify the security mechanisms in place. In a secure environment these broadcasts should be turned off to hide the Aps presence.

In order to configure a wireless network, you need certain information
1. The networks SSID
2. The networks security type
3. A shared key, if one exists
4. The networks encryption type
Unlike firewalls which are designed to prevent unwanted traffic from entering a private network an intrusion detection system known as an IDS, servers to detect and report suspicious incidents that may be attempts to access the network.

The advantages of IDS include:
Identifying external and internal hackers or attacks
Protecting the entire network
Managing the correlation or distributed attacks
Enabling system administrators to record all past attacks

Two types of IDS
• Network-based IDS (N-IDS), you install an N-IDS at a point in the network where it can monitor as much network traffic as possible, when situated in front of a firewall, N-IDS can analyze all incoming traffic, but when situated behind a firewall, it can only analyze traffic that passes through the firewall. You can attach N-ID to a switch or a Hub. Which provide a monitoring port for troubleshooting
• Host-based IDS (H-IDS), is designed to operate as software on a single computer system and can respond only passively to suspicious events. Usually installed on a networked server, an H-IDS monitors the logs, system events, and files, but not the data transmissions to and from the server. However it does simplify recovery after an attack because it keeps checksums on all the files. These checksums revel which files were accessed during the attack.
In an active response, the IDS alerts its active component, the intrusion prevention system or IPS,
• Terminate processes or sessions – you can configure an IPS to terminate all system processes or a session if a flood attack, for instance, is detected. This frees resources so that the system can continue to operate normally.
• Change network configurations – if a particular IP address is repeatedly attempting to access the network, you can configure the IPS to use a border router or firewall to reject traffic from that source. If a certain port is being attacked. You can set IPS to ensure that the firewall blocks that port.
• Take deceptive action – a deceptive active response tricks the attacker into believing that their attack is successful while the IPS redirects it to a safe system set up for this purpose. This process is known as sending threats to the honey pot. The advantage is that while the attack continues you can continue to observe it.
An HIDS introduces two important problems first, if the H-IDS system is compromised, the log files reported by the IDS may become corrupted and this may make fault determination difficult.
Second H-IDS has to be deployed on each computer that needs t, which can be a long and tedious process.
A trusted platform module, more commonly known as a TPM, is a microchip that is built into a computer to store security keys. The TPM management console used in windows computers to manage TPM hardware can be used to provide authentication to ensure that the communicating computer is who it should be. TPM is also commonly used with disk encryption technologies such as Microsoft windows visa Bitlocker drive encryption.

Malicious Software Detection and Prevention
Three main types of malicious code.
1. Viruses – which are the most well=known type, are small malicious software programs designed to infect a system. They’re usually trigged by user actions, such as opening programs or email attachments. Some viruses can destroy O/S or corrupt data on a computer hard disks. Viruses can also be attached to an email.
2. Trojan Horses – masquerade as nonmalicious programs to gain access to a system. For instance, a Trojan horse may be hidden in the installation program for software or be included as an attachment.
3. Worms – are codes that are similar to viruses but are self-contained and can reproduce themselves. They do not need a triggering event to spread, unlike viruses, and are often benign despite causing a lot of network traffic. Typically they spread across networks. It’s important to note that some worms use the entries in a user’s email address book to replicate themselves.
Virtual private networks (VPN) are commonly used to create WAN connections between networks. Enables hosts in different geographical locations to communicate as if they were on the same LAN.
Latency is a measurement of the time delay between communicating hosts. Its most often expressed as the amount of time it takes a packet to make a round trip between the communicating hosts.

A switch has multiple ports, an internal processor, an OS and memory. It can provide a separate communication channel for each device that connects to one of its ports. Switch ports can be grouped into broadcast domains.

Different Ports
HTTP – port 80
FTP – ports 20 and 21
POP3 – port 110
SMTP – port 25
Telnet –port 23
HTTPS – 443

Class A networks which support up to 16 million hosts on 126 networks, the range of IP addresses for class A networks is 0.0.0.0 to 127.255.255.255. Class A networks have a default subnet mask of 255.0.0.0.

Class B which support up to 65,000 hosts on 16,000 networks. The range for class B networks is 128.0.0.0 to 191.255.255.255. Class B networks have a default subnet mask of 255.255.0.0.

Class C which supports up to 254 hosts on 2million networks. The range for Class C networks is 192.0.0.0 to 223.255.255.255. Class C networks have a default subnet mask of 255.255.255.0.

Class D is used for multicast addressing and Class E is used for experimental only.

Network types and Wireless configuration

Two types of satellite internet connections:

Uni-Directional satellite connections receive data via a satellite dish and upload data via a dial-up connection.
Bi-Directional satellite connections transmit and receive data via a satellite dish.

A wireless LAN (WLAN) operates in one of two different modes…
AD-HOC, wireless network is decentralized. Communicating devices can transmit data directly to or receive it from other devices in the wireless network.
INFRASTRUCTURE, a wireless network operating in infrastructure mode uses a central access point to link network devices.