Introduction to Cybersecurity fundamentals.pdf

Cybersecurity Fundamentals
Ravindra Kumar Singh

Introduction to Computer Security

Objectives
◼Identify the top threats to a network: security
breaches, denial of service attacks, and malware
◼Understand essential security concepts
◼Assess the likelihood of an attack on your
network
◼Define key terms such as cracker, penetration
tester, firewall, and authentication
◼Compare and contrast perimeter and layered
approaches to network security
◼Use online resources to secure your network
3

Introduction
Computer systems and networks around us:
❑E-commerce via websites
❑Internet-connected cars
❑Smart phones and watches
❑Internet of Things (IoT)
❑Smart homes
❑Smart medical devices
4

Introduction (cont.)
Important questions:
❑How is information safeguarded?
❑What are the vulnerabilities to these systems?
❑What steps are taken to ensure that these
systems and data are safe?
❑Who can access my information?
❑How is that information used?
❑Who is this information shared with?
Third parties?
5

How Seriously Should You Take
Threats to Network Security?
Formulas for quantifying risk:
Single Loss Expectancy (SLE) =
Asset Value (AV) ×Exposure Factor (EF)
Annualized Loss Expectancy (ALE) =
Single Loss Expectancy (SLE) ×Annual Rate
of Occurrence (ARO)
6

After Identification we have Four
Choices
❑Acceptance
❑Avoidance
❑Transference
❑Mitigation
7

Identifying Types of Threats
◼Malware: MALicioussoftWARE
◼Security breaches
◼DoS: Denial of Service attacks
◼Web attacks
◼Session hijacking
◼Insider threats
◼DNS poisoning
◼New attacks: Doxing
8

Malware
Software with a malicious purpose
❑Viruses
❑Trojan horses
❑Spyware
❑Logic bombs
9

Malware (cont.)
Viruses
❑One of the two most common types of
malware
❑Designed to replicate and spread
❑Usually spreads through email
❑Uses system resources, causing network
slowdowns or stoppage
10

Malware (cont.)
Trojan Horses
❑The other most
common type of
malware
❑Named after the
wooden horse of
ancient history
❑Appears benign but
secretly downloads
malware onto a
computer from within
11

Malware (cont.)
◼Spyware
❑A rapidly growing type of malware
◼Cookies
◼Key loggers
◼Logic Bombs
❑Lay dormant until some logical condition is
met, often a specific date
12

Compromising System Security
Attacks that breach a
system’s security
❑Hacking
❑Cracking
❑Social engineering
❑War-driving
❑War-dialing
13

Denial of Service (DoS) Attacks
◼The attacker does not
access the system
◼The attacker blocks
access to authorized
users
◼Distributed DoS (DDoS)
uses multiple machines
to attack the target
14

Web Attacks
◼In a web attack, the attacker attempts to
breach a web application
◼Common attacks of this type include:
❑SQL injection
❑Cross-site scripting
15

Session Hijacking
◼Session hijacking is a complex form of
attack
◼The attack involves the attacker taking over
an authenticated session between the client
machine and the server
◼Not a common form of attack
16

Insider Threats
◼A type of security breach
◼An insider threat occurs when someone
inside an organization:
❑Misuses his access to data, or
❑Accesses data he is not authorized to
access
17

DNS Poisoning
◼This type of attack involves altering Domain
Name System (DNS) records on a DNS
server to redirect client traffic to malicious
websites
◼This attack is typically used for identity theft
18

New Attacks: Doxing
◼Doxing refers to the process of locating
personal information on an individual and
broadcasting it, often via the Internet
◼This can include any personal information
about any person; most often used against
public figures
◼This type of attack is becoming more
prevalent
19

Basic Security Terminology
People:
❑Hackers
◼White hat
◼Black hat
◼Gray hat
❑Script kiddies
❑Penetration testers
❑Ethical hackers
20

Basic Security Terminology (cont.)
Devices:
❑Firewall
◼Filters network traffic
❑Proxy server
◼Disguises IP address of internal host
❑Intrusion Detection System (IDS)
◼Monitors traffic, looking for attempted attacks
Activities:
❑Authentication
❑Auditing
21

Concepts and Approaches
How will you protect your network?
❑CIA Triangle
❑Least privileges
❑Perimeter security approach
❑Layered security approach
❑Proactive versus reactive
❑Hybrid security approach
22

Network and the Internet

24
Objectives
◼Identify each of the major protocols used in
network communication (for example, FTP and
Telnet) and what use you make of each of them
◼Understand the various connection methods and
speeds used on networks
◼Compare and contrast various network devices
◼Identify and explain various network protocols
◼Understand how data is transmitted over a
network

25
Objectives (cont.)
◼Explain how the Internet works and the use of
IP addresses and URLs
◼Recount a brief history of the Internet
◼Use network utilities such as ping, IPConfig,
and tracert
◼Describe the OSI model of network
communication and the use of MAC
addresses

26
Network Basics
◼A network is two or more computers
connected via a Network Interface Card (NIC)
◼Networks use radio signals to transmit to a
nearby wireless router or hub
◼A wireless router, hub, or NIC must have an
antenna to transmit and receive signals

27
The Physical Connection:
Local Networks
◼Traditional (wired) NICs use an RJ-45 connection
◼Most networks use Cat 5 cable or Cat 6 cable

28
◼The hub is the simplest connection device
❑Creates a simple network
❑Sends traffic out all ports (no routing or switching)
◼The repeater is a device that boosts signal
❑Used when cables exceed the maximum length
◼The switch is an intelligent hub
❑Sends packets only to the intended host
◼The router is more sophisticated
❑Limits traffic to the intended network
The Physical Connection:
Local Networks (cont.)

29
Faster Connection Speeds
Internet Connection Types and Speeds:

30
Wireless and Bluetooth
◼Wireless
❑The Institute of Electrical and Electronics Engineers
(IEEE) standard 802.11 provides guidelines for
wireless networking
❑Various letter designations denote different wireless
speeds, such as 802.11n
◼Bluetooth
❑Bluetooth is short-distance radio that uses the 2.4GHz
to 2.485GHz frequency
❑This standard enables devices to discover other
Bluetooth devices that are within range

31
Data Transmission
◼Networks transmit binary information in packets
using certain protocols and ports
◼Protocols are rules that control network and Internet
communication
❑Transmission Control Protocol (TCP) is connection-
oriented
❑Internet Protocol (IP) is connectionless
◼Ports are handles or connection points
❑Ports use a numeric designation for a pathway of
communications
❑The combination of your computer’s IP address and port
number is referred to as a socket

32
How the Internet Works
◼To connect to the Internet, you log on to your
Internet service provider (ISP)
◼The ISP connects to another ISP or a
backbone provider
◼One backbone provider connects to another
at a network access point (NAP)

33
IP Addresses
IP (Internet Protocol) Addresses
❑Necessary to navigate the Internet
❑A unique identifier, like a Social Security
number
❑Usually in binary form
❑Consists of four octets separated by decimals
❑First octet defines the class to which the IP
belongs

34
IP Addresses (cont.)
Availability of IP Addresses
❑IP addresses are not infinite
❑An IP address can be IPv4 or IPv6
❑A subnet is a portion of a network that shares the
same subnet address
❑Subnet masks describe what subnet the address
belongs to
❑Classless interdomain routing (CIDR) is a way to
describe the subnet with the IP address

35
Uniform Resource Locators
Uniform Resource Locators (URLs)
❑The easy way to remember a website
❑Translated by the Domain Name System
(DNS) to an IP address
❑Error messages can be sent
by the web server

36
Uniform Resource Locators (cont.)
Error Messages
❑100 series: informational
❑200 series: usually not seenbecause they
indicate success
❑300 series: redirectional
❑400 series: client errors
❑500 series: server errors

37
History of the Internet
◼The Internet traces its roots to the Cold War
◼In 1957, the U.S. government formed the Advanced
Research Projects Agency (ARPA) within the Defense
Department
◼In 1968, ARPA commissioned the construction of
ARPANET, a simple Internet web of four points/nodes
◼In 1979, Usenet newsgroups became available
◼In 1990, Tim Berners-Lee developed Hypertext Transfer
Protocol (HTTP)
◼In 1993, the first graphical web browser, named Mosaic,
was invented

38
Basic Network Utilities
You can execute network utilities from a command
prompt (Windows) or shell (UNIX/Linux):
❑IPConfig
❑Ping
❑Tracert
❑Netstat
❑NSLookup
❑ARP
❑Route
❑PathPing

39
IPConfig
◼The IPConfigutility displays information about
your system
❑Type cmdin the search bar and press Enter
❑At the command prompt, type ipconfigand press
Enter
◼IPConfigshows your system’s IP address,
subnet mask, and default gateway
◼Type ipconfig -? to see other options, such as
ipconfig /all

40
Ping and Tracert
◼Ping tests if a system is connected to the
network
❑Tells how long it takes for an “echo request”
packet to arrive at the destination host
❑Type ping -?at the command prompt to find
various ways you can refine your ping request
◼Tracertis a deluxe version of ping
❑Shows every “hop” between the host and
destination address
❑A useful tool for technicians and hackers

41
Netstat and NSLookup
◼Netstat
❑Network status
❑Shows active network connections
◼NSLookup
❑Name server lookup
❑Verifies whether the DNS server is running
❑Executes DNS related commands

42
ARP, Route, and PathPing
◼ARP
❑Address Resolution Protocol
❑Maps IP addresses to MAC addresses
◼Route
❑Displays the IP routing table
◼PathPing
❑Similar to tracert/traceroute and ping
❑Provides detailed information regarding network
latency at hops between source and destination

43
Other Network Devices
◼Firewalls
❑Hardware or software
❑Filter packets as they enter the network
❑Deny unacceptable packets
◼Proxy servers
❑Disguise the network
❑Substitute their IP address for that of hosts
accessing the Internet

44
The OSI Model
Open Systems Interconnect (OSI) Model
❑Seven-layer model created to describe how
networks communicate
❑Diagnostic and troubleshooting tool
❑Each layer supports the layer above and performs
a specific function
❑Layer names (from top to bottom):
Application, Presentation, Session, Transport,
Network, Data link, and Physical

45
The TCP/IPModel
Transmission Control Protocol/Internet Protocol
(TCP/IP) Model
❑Four-layer model that performs the same activities
as the OSI model, compressed into fewer layers
❑Describes how networks communicate
❑Diagnostic and troubleshooting tool
❑Layer names:
Application, Transport, Internet, and Network
Access

46
MAC Addresses
Media Access Control (MAC) Addresses
❑A unique address for a NIC
❑A sublayer of the data link layer of the OSI model
❑Physical address, as opposed to the IP address
❑Represented by a 6-byte hexadecimal number
❑ARP converts IP addresses to MAC addresses

47
Cloud Computing
◼Cloud computing enables network access to a
shared pool of resources
◼Three primary classifications are public, private,
and community
❑Public clouds offer their infrastructure or services to
the general public or a large industry group
❑Private clouds are used by a single organization
without offering services to outside parties
❑Community clouds provide services for several
organizations for community needs

Cyber Stalking, Fraud, and Abuse

49
Objectives
◼Know the various types of Internet investment
scams and auction frauds
◼Know specific steps you can take to avoid
fraud on the Internet
◼Have an understanding of what identity theft
is and how it is done
◼Know specific steps that can be taken to
avoid identity theft

50
Objectives (cont.)
◼Understand what cyber stalking is, and be
familiar with relevant laws
◼Know how to configure a web browser’s
privacy settings
◼Know what laws apply to these computer
crimes

51
How Internet Fraud Works
◼Investment Offers
❑Common schemes
◼Nigerian fraud
❑Investment advice
◼Pump and dump scam
◼Auction Fraud
❑Shill bidding
❑Bid shielding
❑Bid siphoning

52
Identity Theft
◼One person takes on the identity of another for
economic gain (also known as identity fraud)
◼Phishing is a common way to accomplish
identity theft
◼Forms of phishing include:
❑Cross-site scripting
❑Spear phishing
❑Whaling

53
Cyber Stalking
◼Using the Internet to harass someone
◼Real-world cyber stalking cases
◼Criteria for evaluating cyber stalking:
❑Credibility
❑Frequency
❑Specificity
❑Intensity
◼Internet fraud laws established in the U.S. and
other countries

54
Protecting Against Investment
Fraud
◼Only invest with well-known, reputable brokers
◼Avoid the investment if a deal sounds too good
to be true
◼Ask yourself why someone is informing you of a
great investment deal
◼Even legitimate investments involve risk
◼Never invest money that you cannot afford to
lose

55
Protecting Against Identity Theft
◼Do not provide personal information unless
absolutely necessary
◼Destroy documents that include personal
information
◼Check your credit frequently
◼If your state has online driving records, check
yours once per year

56
Secure Browser Settings
◼Microsoft Edge
❑Medium High level of protection recommended
◼Firefox
❑Privacy & Security settings
◼Google Chrome
◼VPN service encrypts web traffic

57
Protecting Against Auction Fraud
◼Only use reputable auction sites
◼If it sounds too good to be true, don’t bid
◼Read feedback from other buyers
◼Work only with reputable sellers
◼Use a separate credit card (one with a low
limit) for online auctions

58
Protecting Against Online Harassment
◼Do not use your real name in chat rooms or
discussion boards
◼Set up a separate email account with an
anonymous service
◼Keep harassment emails in digital and printed
formats
◼Do not ignore cyberstalking
❑19% of cyber stalking cases escalate to stalking in
the real world
◼Report to local law enforcement

59
Summary
◼Fraud and identity theft are real and growing
problems
◼Everyone must take steps to protect
themselves online
◼Cyber stalking is often new to civilians and
law enforcement
◼Cyber stalking cases can escalate into
real-world violence

Denial of Service Attacks

61
Objectives
◼Understand how DoS attacks are
accomplished
◼Know how certain DoS attacks work, such as
SYN flood, Smurf, and distributed DoS
attacks
◼Take specific measures to protect against
DoS attacks
◼Know how to defend against specific DoS
attacks

62
DoS Attacks
◼One of the most common types of attacks
◼Aims to prevent users from accessing system
◼Requires a minimum of technical skill
◼Effective because computers and other systems
have physical limitations
❑Number of simultaneous users
❑Size of files
❑Speed of data transmission
❑Amount of data stored

An Example

64
Common Tools Used for DoS Attacks
Low Orbit Ion Cannon (LOIC)

65
Common Tools Used for DoS Attacks
(cont.)
XOIC (similar to LOIC)

66
Common Tools Used for DoS Attacks
(cont.)
◼Tribal Flood Network (TFN) and TFN2K
❑Can perform various flood attacks
❑Communications are encrypted and can be hidden
❑Master can spoof its IP address
◼Stacheldraht
❑German for “barbed wire”
❑DDoS attack tool
❑Can perform various flood and Smurf attacks

67
Specific DoS Attacks
◼TCP SYN Flood Attacks
❑Hacker sends out a SYN packet
❑Receiver must allocate space in buffer
❑Client responds with the ACK flag set
◼Defensive Techniques for TCP SYN Flood
❑Micro blocks
❑SYN cookies
❑RST cookies
❑Upstream filtering
❑SPI firewalls

68
Specific DoS Attacks (cont.)
◼Smurf IP Attacks (see next slide)
❑Hacker sends ICMP broadcast with spoofed IP
❑Intermediaries respond with replies
❑ICMP echo replies will flood victim
❑The network performs a DDoS on itself
◼Protection against Smurf IP attacks
❑Guard against Trojan horses
❑Use adequate virus scanners and proxy servers
❑Block all inbound broadcast packets at the firewall

69
Specific DoS Attacks (cont.)
Smurf Attack

70
Specific DoS Attacks (cont.)
◼UDP Flood Attacks
❑Hacker sends UDP packets to a random port
❑Generates illegitimate UDP packets
❑Causes system to tie up resources sending back
packets
◼ICMP Flood Attacks
❑Floods –Broadcasts of pings or UDP packets
❑Nukes –Exploit known bugs in operating systems

71
Specific DoS Attacks (cont.)
◼The Ping of Death (PoD)
❑Sends a single large packet
❑Most operating systems today avoid this vulnerability
❑Keep patches updated on all systems
◼Teardrop Attacks
❑Attacker sends a fragmented message
❑Victim system attempts to reconstruct message
❑Causes target system to halt or crash
❑Variations include TearDrop2, Boink, Nestea Boink,
targa, NewTear, and SYNdrop

72
Specific DoS Attacks (cont.)
◼Land Attacks
❑Simplest DoS attack in concept
❑Attacker sends forged packet with the same source
and destination IP
❑System “hangs” attempting to send/receive message
◼Distributed Denial of Service (DDoS) Attacks
❑Hacker tricks routers into attacking target
❑Routers initiate flood of connections with target
❑Target system becomes unreachable

73
Specific DoS Attacks (cont.)
Other types of DoS attacks include:
❑DHCP starvation
❑HTTP POST DoS attack (Slow message transmission)
❑PDoS(permanent denial of service) attack
❑Registration DoS attack
❑Login DoS attack
❑Yo-Yo attack (Scale up and Down)
❑CLDAP reflection (Assigns IP address)
❑Challenge collapsar (CC) attack

74
Real-World Examples of DoS Attacks
◼Google Attack
◼AWS (Amazon Web Services) Attack
◼Boston Globe Attack
◼MemcacheAttacks (Database caching)
◼DDoS Blackmail
◼Mirai (Linux machine in to botnets)

75
How to Defend Against DoS Attacks
In addition to previously mentioned methods…
❑Configure your firewall to
◼Filter out incoming ICMP packets
◼Disallow any incoming traffic
❑Use tools such as NetStatand others
❑Disallow traffic not originating within the network
❑Disable all IP broadcasts
❑Filter for external and internal IP addresses
❑Keep AV signatures, OS, and software patches current
❑Have an Acceptable Use Policy

76
Summary
◼DoS attacks are among the most common
attacks on the Internet
◼DoS attacks are unsophisticated
◼DoS attacks can have devastating effects
◼Your task is constant vigilance and protection
strategy

Malware

78
Objectives
◼Understand viruses (worms) and how they
propagate, including famous viruses like
WannaCry, Pegasus, and Titanium
◼Have a working knowledge of several specific
virus outbreaks
◼Understand the dynamics of virus scanners
◼Understand what a Trojan horse is and how it
operates
◼Have a working knowledge of several specific
Trojan horse attacks

79
Objectives (cont.)
◼Understand ransomware and the latest trends in
ransomware
◼Grasp the concept of the buffer-overflow attack
◼Have a better understanding of spyware and
how it enters a system
◼Defend against various attacks using sound
practices, antivirus software, and antispyware
software

80
Introduction
◼Virus outbreaks
❑How they work
❑Why they work
❑How they are deployed
◼Buffer-overflow attacks
◼Spyware
◼Other forms of malware

81
Viruses
A Computer Virus
❑Self-replicates
❑Spreads rapidly
❑Can reduce the functionality and
responsiveness of a network
❑May or may not have a malicious payload

82
Viruses (cont.)
How a Virus Spreads
❑Finds a network connection; copies itself to
other hosts on the network
◼Requires programming skill
OR
❑Mails itself to everyone in host’s address book
◼Requires less programming skill
◼Most common method

83
Viruses (cont.)
Types of Viruses
❑Macro
❑Boot sector
❑Multi-partite
❑Memory resident
❑Armored
❑Sparse infector
❑Polymorphic
❑Metamorphic (Completely rewrites periodically)

Viruses (cont.)
Virus Examples
❑Black Basta
❑Titanium
❑WannaCry
❑Petya
❑Shamoon
❑Rombertik
❑GameoverZeuS
❑CryptoLockerand
CryptoWall
❑IoT Malware
❑Mindware
❑Thanatos
❑Clop (or CL0p)
❑FakeAV
❑MacDefender
❑KediRAT
❑Sobig
❑Shlayer
❑Mimail
❑Flame
84

85
Viruses (cont.)
Rules for Avoiding Viruses
❑Use a virus scanner
❑DO NOT open questionable attachments
◼Use a code word for safe attachments from friends and
colleagues
❑Do not believe “security alerts” sent to you

86
Trojan Horses
◼Programs that look benign, but are malicious
◼A Trojan horse can
❑Download harmful software
❑Install a key logger or other spyware
❑Delete files
❑Open a backdoor for hackers
❑Be crafted for an individual
◼Company policy should prohibit unauthorized
downloads

87
eLiTeWrap

88
The Buffer-Overflow Attack
◼Occurs when someone tries to put more data in a
buffer than it was designed to hold
◼Programmers can write applications to ensure that
overflow is truncated or rejected
◼Harder to execute than DoS attacks or simple
Microsoft Outlook script viruses
◼Attacker needs good working knowledge of
programming language, such as C or C++
◼Modern operating systems and web servers are not
generally susceptible to buffer-overflow attacks

89
Spyware
◼Requires more technical knowledge
◼Usually used for targets of choice
◼Must be tailored to specific circumstances and
then deployed
◼Forms of spyware
❑Web cookies
❑Key loggers
◼Some spyware uses are legal
❑Employers monitoring employees
❑Parents monitoring their children on the Internet

90
Other Forms of Malware
Rootkits
❑A rootkit is a collection of tools that a hacker uses
to mask intrusion and obtain administrator-level
access to a computer or computer network
❑May consist of utilities that also can
◼Monitor traffic and keystrokes
◼Create a backdoor into a system
◼Alter log files
◼Attack other machines on the network
◼Alter existing system tools to circumvent detection

91
Other Forms of Malware (cont.)
Malicious Web-Based Code
❑Also known as web-based mobile code
❑Code that is portable to all operating systems or
platforms, such as HTTP and Java
❑Multimedia rushed to market results in poorly
scripted code
❑Spreads quickly on the Web

Other Forms of Malware (cont.)
◼Logic Bombs
❑Execute malicious purpose when a specific
criterion is met
❑Often linked to a specific date/time
❑Can be other criteria
◼Spam
❑Unwanted and unsolicited email sent out to
multiple parties
❑Often used for marketing purposes
92

Other Forms of Malware (cont.)
◼Advanced Persistent Threats (APTs)
❑Advanced techniques, not script kiddies
❑Ongoing over a significant period of time
◼Deep Fakes
❑Newer technology
❑Videos that look so authentic that they can be
mistaken for being real
❑Won’t harm computer but can cause disruption
93

94
Detecting and Eliminating Viruses
and Spyware
◼Antivirus software operates in two ways:
❑Scans for virus signatures
◼Keeps the signature file updated
❑Watches the behavior of executables
◼Attempts to copy itself
◼Attempts to access email address book
◼Attempts to change Registry settings in Windows
◼Examples include Norton and McAfee

95
Detecting and Eliminating Viruses
and Spyware (cont.)
Anti-Malware and Machine Learning
❑Machine learning helps defend against malware
❑Antivirus products that use machine learning:
◼Cylance Smart Antivirus
◼Deep Instinct D-Client
◼Avast Antivirus

96
Summary
◼There is a wide variety of malware attacks
◼Computer security is essential to the
protection of personal information and your
company’s intellectual property
◼Many attacks are preventable
◼Defend against attacks with sound practices
plus antivirus and antispyware software

Techniques Used by Hackers

Objectives
◼Understand the basic methodology used by
hackers
◼Be familiar with some of the basic hacking
tools
◼Understand the hacking mentality
◼Be able to explain specific attack methods
98

Introduction
◼A hacker wants to understand a system, often by
learning its weaknesses
◼Many hackers are not criminals
◼Hackers who test their organizations’ system
security are called penetration testers
◼Certifications for penetration testing include:
❑Offensive Security
❑SANS Institute
❑EC-Council’s Certified Ethical Hacker
99

Basic Terminology
◼Types of hackers:
❑White hat –ethical hackers
❑Black hat –hackers with malicious intent (also called
crackers)
❑Gray hat –former black hat hacker turned white hat
❑Script kiddies –inexperienced hackers
◼Phreaking refers to hacking into phones
◼Penetration testing
❑Red team –emulates an adversary
❑Blue team –defensive team
100

The Reconnaissance Phase
Passive Scanning Techniques
❑Check the target organization’s websites
❑Scan bulletin boards, chat rooms, and discussion
groups
❑View a company’s security-related job ads
❑View websites (see the next two slides)
◼Server-related information, such as Netcraft.com
◼Archived older versions of websites, such as Archive.org
101

Netcraft.com
https://news.netcraft.com/archives/category/most-reliable-hosters/
102

Archive.org
103

The Reconnaissance Phase (cont.)
Active Scanning Techniques
❑More reliable but may be detected by target system
❑Port scanning –attempting to contact each network
port on the target system to see which ones are open
❑The most popular port scanner in the hacking and
security community is the free tool Nmap
❑The most common Nmap scan types are:
◼Ping scan
◼Connect scan
◼SYN scan
◼FIN scan
104

The Reconnaissance Phase (cont.)
◼Other scans
❑FIN probe
❑FTP bounce scan
❑SNMP scan
◼Vulnerability assessment –checking a system to
see if it is vulnerable to specific attacks
◼Enumeration –the process of finding out what is on
the target system
❑Popular enumeration tools include Cain and Abel,
Sid2User, Cheops (Linux), UserInfo, UserDump, DumpSec,
Netcat, and NBTDump
105

The Reconnaissance Phase (cont.)
Shodan
❑A tool used by attackers and penetration testers
❑Search engine for vulnerabilities
❑Search options include:
◼Search for default passwords
◼Find Apache servers
◼Find webcams
❑Useful for searching the company domain when
performing a penetration test
106

Actual Attacks
SQL Script Injection
❑One of the most common attacks
❑Depends on knowledge of SQL and relational
databases
❑Versatile and can do a lot more than many realize
❑Defense against this type of attack is to filter all
user input before processing it (input validation)
❑Many sites do not filter user input and are still
vulnerable to SQL injection attacks
107

Actual Attacks (cont.)
Cross-Site Scripting
❑Attacker injects client-side script into web pages
viewed by other users
❑The attacker enters scripts into an area other
users interact with
❑When users go to that part of the site, the
attacker’s script, rather than the intended website
functionality, is executed
❑Cross-site request forgery attacks the website,
based on the site’s trust of a user
108

Actual Attacks (cont.)
◼Directory traversal –allows attackers to access
restricted directories
◼Cookie poisoning –an attack that modifies
unencrypted cookies
◼URL hijacking –involves creating a fake URL that is
similar to a real one
◼Command injection –designed to inject and execute
commands in a vulnerable application
◼Cell phone attacks –include bluesnarfing, blue
jacking, bluebugging, and pod slurping
109

Actual Attacks (cont.)
◼Password cracking methods include:
❑Dictionary attacks
❑Hybrid attacks
❑Rainbow table
❑Brute-force attacks
◼A popular tool for cracking Windows passwords
is called ophcrack
◼Other password cracking tools include Brutus,
John the Ripper, WebCracker, THC-Hydra, and
Crack Station
110

Malware Creation
◼Malware creation utilities include:
❑TeraBITVirus Maker (see the next slide)
❑Sam’s Virus Generator
❑Internet Worm Maker Thing
❑JPS Virus Maker
❑Deadlines Virus Maker
❑Sonic Bat Virus Creator
◼Windows hacking techniques include:
❑Pass the Hash
❑Net User Script
❑Login as System
111

TeraBITVirus Maker
112

Penetration Testing
◼Penetration testing is the methodical probing
of a target network to identify weaknesses in
the network
◼Penetration testing standards include:
❑NIST 800-115
❑National Security Agency (NSA) Information
Assessment Methodology
❑PCI Penetration Testing Standard
113

The Dark Web
◼The Dark Web is an area of the Internet that is
accessible only via the onion routing process
◼Onion routing routes packets worldwide, bouncing
through proxy servers (see the next slide)
❑Each proxy server can only decrypt one layer and send the
packet to the next proxy server
❑If someone intercepts a packet between proxies, they can
only determine the previous and next proxy
❑They cannot determine the actual origin or destination
◼Remember that surfing the Dark Web can be
dangerous; many sites contain malware
114

The Dark Web (cont.)
Onion Routing
115

Summary
◼A variety of security measures are needed to
thwart hackers
◼Scanning techniques demonstrate the need for
blocking certain traffic at the firewall and for
running an IDS
◼To delve deeper into hacking and penetration
testing, refer to the title Penetration Testing
Fundamentals: A Hands-On Guide to Reliable
Security Audits
116

Industrial Espionage in Cyberspace

Objectives
◼Understand what is meant by industrial
espionage
◼Explain the dangers of industrial espionage
◼Understand the low-technology methods
used to attempt industrial espionage
◼Understand how spyware is used in
espionage
◼Know how to protect a system from
espionage
118

Introduction
Espionage
❑Is NOT:
◼Sophisticated glamour
◼Exciting adventure
❑Its ultimate goal:
◼Collecting information
◼Without fanfare or unwanted attention
◼Without detection by target organization
119

Introduction (cont.)
Espionage
❑NOT done only by governments, intelligence
agencies, or terrorists
◼Spies for political and military goals
❑Also done by private companies
◼Industrial espionage
◼Billions of dollars at stake
◼Companies do not want to reveal they are
perpetrators or targets
120

What Is Industrial Espionage?
Industrial Espionage
❑Spying to find out valuable information
◼Competitor’s projects
◼Client list
◼Research data
❑While the goal is different than military espionage,
the means are the same
◼Electronic monitoring
◼Photocopying files
121

Information as an Asset
◼Information can be a real asset
◼Companies spend billions annually on
research and development
◼How to value your information:
VI (Value of Information) =
C (Cost to Produce) + VG (Value Gained)
◼Information is often worth more than the
hardware and software that houses it
122

Information as an Asset (cont.)
◼Data has value for two reasons:
❑Time and effort spent to create and analyze it
❑Data often has intrinsic value
◼A proprietary process, invention, or algorithm
◼A competitive edge
◼Asset identification
❑Listing the organization’s assets
◼Items that impact day-to-day operations
◼Items tied to company’s services or products
123

Real-World Examples of
Industrial Espionage
◼Hacker Group
◼Fiat Versus General Motors
◼Nuclear Secrets
◼Uber against Waymo
◼Foreign Governments and Economic Espionage
124

Real-World Examples of Industrial
Espionage (cont.)
◼Most companies deny involvement in
espionage and decline to discuss the issue
◼Larry Ellison, CEO of Oracle Corporation,
openly defended his hiring of a private
detective to dumpster-dive at Microsoft to
obtain information
125

How Does Espionage Occur?
Espionage can occur in two ways:
❑Easy low-tech way
◼Employees take the data
◼Social engineering
❑Technology-oriented method
◼Spyware
❑Cookies
❑Key loggers
126

How Does Espionage Occur? (cont.)
◼Low-tech industrial espionage
❑Employees divulge sensitive data
◼Information is portable –CDs, flash drives
◼Social engineering, email
❑Disgruntled employees
❑Motives vary
◼Spyware used in industrial espionage
❑Any monitoring software can be used
❑Spyware, key loggers, screen captures
127

How Does Espionage Occur? (cont.)
◼Steganography used in industrial espionage
❑A way of keeping messages secret
❑Protects communications by obscuring them
◼Phone taps and bugs
❑Involves tying into a phone line and intercepting calls
❑Often done at a utility location inside the building
◼Spies for hire
❑Experienced investigators
❑Former employees of intelligence agencies
128

Protecting Against Industrial
Espionage
◼Cannot make system totally secure
❑Employ antispyware software
❑Use firewalls and intrusion detection software
❑Implement organizational security policies
❑Encrypt all transmissions
◼These techniques cannot guard against
internal sabotage
129

Protecting Against Industrial
Espionage (cont.)
How to lessen the risk of internal espionage:
❑Give out data access on a “need-to-know” basis
❑Separation of duties for critical data
❑Limit portable storage media and cell phones
❑No documents or media leave the building
❑Perform employee background checks
❑Scan PCs of departing employees
❑Lock up tape backups, documents, and other media
❑Encrypt hard drives of portable computers
130

Spear Phishing
◼Uses the same technology as phishing but in a
targeted manner
❑Emails sent to individuals or subgroup of people
❑Acquire personal details of individuals to target
◼Purpose is to steal the target’s identity or
compromise the target’s system
◼Whaling –a form of phishing in which an
attacker tries to compromise information about a
valuable employee
131

Summary
◼Industrial espionage exists and will grow into
an even larger problem
◼There are a variety of methods by which
espionage can take place
◼An employee revealing information is the
most common method
◼Compromising information systems is an
increasingly popular method of espionage
132

Encryption

CIA Triad

135
Objectives
◼Explain the basics of encryption
◼Discuss modern cryptography methods
◼Select appropriate cryptography for your
organization

136
Introduction
◼Encryption
❑The process of scrambling information
❑One critical part to the security puzzle
❑Without it, all security measures are inadequate
◼Cryptography
❑The art of writing in or deciphering secret code
❑Some concepts can be difficult to grasp

137
Cryptography Basics
◼Encryption
❑Algorithm scrambles plain text
❑Sender and receiver agree on algorithm
❑Message difficult to re-create without protocol
◼Decryption
❑Reversal of the scrambling protocol
❑Symmetric and asymmetric cryptography methods

138
History of Encryption
◼As old as written communication
◼Messages should not be easily read by an enemy

139
History of Encryption (cont.)
Caesar Cipher
❑One of the oldest encryption methods
❑Letter/word frequency cracks this simple cipher
❑Brute-force attack –trying all keys/letters
❑Substitution alphabet
◼Substitutes one letter in the alphabet for another
◼Caesar cypher is a mono-alphabetic substitution
method

140
History of Encryption (cont.)
◼Atbash
❑Reverse the order of the letters of the alphabet
◼Multi-Alphabet Substitution
❑Select multiple numbers by which to shift letters
◼Rail Fence
❑Transposition cipher
◼Scytale
❑Used a cylinder with a strip of parchment

141
History of Encryption (cont.)
◼Polybius Cipher
❑Uses a grid with numbers and letters
❑The x and y coordinates used to encrypt message
◼Enigma
❑A family of machines
❑Invented by a German engineer
❑Used by several different militaries

142
Binary Operations
◼Binary numbers (only 0s and 1s)
◼Three operations not found in normal math
❑AND, OR, and XOR
◼Example of AND operation:
1101
1001
1001

143
Binary Operations (cont.)
◼Example of OR operation:
◼Example of XOR operation:
1101
1001
1101

144
Modern Cryptography Methods
Basic Definitions
❑Key: The bits that are combined with the plain text
to encrypt it
◼Random numbers
◼Result of some mathematical operation
❑Plain text: The unencrypted text
❑Cipher text: The encrypted text
❑Algorithm: A mathematical process for doing
something

Who uses it?
◼Almost every one
who uses web

Types of Encryption
▪Symmetric or Single Key Encryption
▪Asymmetric or Public-Private Key Encryption

Symmetric Encryption

148
Modern Cryptography Methods
(cont.)
Single-Key (Symmetric) Encryption
❑Same key used to encrypt and decrypt
❑Examples include:
◼Data Encryption Standard (DES)
◼Triple DES (3DES)
◼Advanced Encryption Standard (AES)
◼AES Math
◼Blowfish
◼RC4
◼Serpent

149
Modern Cryptography Methods
(cont.)
Modification of Symmetric Methods
❑How are ciphers implemented?
❑Common encryption modes include:
◼Electronic codebook (ECB)
◼Cipher block chaining (CBC)
◼Propagating cipher-block chaining (PCBC)
◼Cipher Feedback (CFB)
◼Galois/Counter Mode (GCM)

Issue
❑Every person receiving the document must
possess the key
❑How do you transfer the key to the recipients?
❑What is an unauthorized person obtains the key?
❑What is you must send that document to
hundreds or thousands of people?

151
Public Key (Asymmetric) Encryption
◼The opposite of single-key encryption
❑One key (public key) used to encrypt
❑Another key (private key) used to decrypt
◼Only the holder of a private key can decrypt
messages
◼Many public key algorithms are dependent on
large prime numbers, factoring, and number
theory

Asymmetric Encryption

How it Works During Web
Browsing?

154
Public Key (Asymmetric) Encryption
(cont.)

155
Public Key (Asymmetric) Encryption
(cont.)
Encryption Algorithms
❑RSA
❑Elliptic curve cryptography (ECC)
❑Diffie-Hellman (shown below)

Hashing
◼A hash is a type of cryptographic algorithm
with specific characteristics
❑One way –you cannot "unhash" something
❑Fixed-length output no matter what input is given
❑It should have few or no collisions (two different
inputs that provide the same output)
◼Windows uses hashing to store passwords
◼Used in computer forensics
◼Hashing algorithms: MD5, SHA, RIPEMD
156

Hashing

MAC and HMAC
◼Message authentication code (MAC)
❑One way to detect intentional alterations in a
message
❑Often called a keyed cryptographic hash function
◼Hashing message authentication code
(HMAC)
❑Hashing method of detecting message alterations
◼Rainbow tables
❑Time saving cryptanalytic technique
158

Digital Signatures
◼Not used to ensure the confidentiality of a message
◼Guarantees who sent the message (nonrepudiation)
159

Passwords

Importance of Password Safety
◼We secure our accounts using a username and
password.
◼Account vary in the types of information stored:
❑Store accounts
❑Game accounts
❑School accounts
❑Bank accounts
◼Most Students three to four passwords for all their
accounts
❑Difficult to remember them all
❑Don’t care

Ideally
◼If you have 300 accounts
◼Each account should be having a strong,
unique password
◼You need to remember a SINGLE password

Password Manager
◼There are many, some free.
◼Can install in any web browser, and your smart
phone
◼Can generate complex passwords.
◼Remembers all your password so you don’t have
to.
◼All you must do is remember your password
manager password!

Password Storage

Lastpass

Good Password Habits
◼There are many, some free.
◼Generate and use strong and UNIQUE
passwords
◼Generate and use a passphrase
◼Use a password manager
◼Use two-factor authentication

Social Engineering

Messages

What is Social Engineering?
◼“Social engineering is a manipulation technique that
exploits human error(i.e., behavior to gain private
information, access, or valuables.”
◼Bad actors attempt to manipulate unsuspecting users into
exposing data, spreading malware infections, or giving
access to restricted systems.
◼Attacks can be via smart phone, through voice message
or texts, through regular mail , or even in person.

“Amateurs hack systems.
Professionals hack people.”

Why do Social Engineering
Scams Work?
◼Social engineering scams are built around human
psychology–how humans think and behave
◼Consistencies about the things that motivate human
behavior allow the bad actor to manipulate behavior.

What do Bad Actors Want?
◼They want your information.
❑Personally identifying information (PII)
❑Full name
❑Aadhaar number
❑Driver’s license
❑Mailing address
❑Financial information

What Can they do with this
Information?
◼There are many, some free.
◼Use your credit card to buy thing, that’s the worst right!?
◼Get a loan in your name!
❑They use your PII but have mail/email sent to different
address.
❑This goes on your credit report
❑Once you realize after several month, your credit takes a
hit
❑Getting your credit and fraudulent loans straightened out
is not easy .

Phycological Motivations Used
◼Greed
◼Fear
◼Anger
◼Curiosity
◼Sympathy

How do I protect myself?
◼Only one rule for today: It’s GOOD to be skeptical and
paranoid!

Be a Little Paranoid
◼Verify the sender; is it a correct email address? Phone
number?
◼Does the massage promote an emotion?
◼Financial/banking/health care institutions will not ask for
personal information either over the Internet or over the
phone
◼Never click on links in any email or messages
◼Use multi factor authentication
◼Never reuse passwords

Be a Little Paranoid
◼Avoid sharing names of your schools, pets, place of birth, or
other personal details
◼Freeze your credit

Virtual Private Networks

What is VPN?
◼We can think of VPN as a tool or service that provides users
with online privacy and anonymity by creating a private
network from a public internet connection
◼VPN hide your internet protocol (IP) address so your online
actions are (virtually) untraceable
◼VPN services establish secure connections using encryption
to provide increased privacy than even a secured Wi-Fi
hotspot.

Where should I use a VPN?
◼Anywhere!
◼Most likely places you probably should use a VPN
❑Coffee shop Wi-Fi
❑Doctor/dentist office Wi-Fi
❑Mall Wi-Fi
❑Airport
◼Particularly important if you are accessing a website with
sensitive information (bank account, health records, etc.)

Steganography
◼The art and science of writing hidden messages
such that no outsider suspects the existence of the
message
◼Message often hidden inside another file
❑Digital picture
❑Audio file
◼Basic steganography terms
❑Payload –data to be covertly communicated
❑Carrier –signal, stream, or file that hides the payload
❑Channel –medium used (photos, video, sound files)
184

Steganography (cont.)
Tools for implementing stenography include:
❑QuickStego
❑Invisible Secrets
❑MP3Stego
❑Stealth Files 4
❑Snow
❑StegVideo
185

Cryptanalysis
◼Cryptanalysis involves using any method to
decrypt a message
◼More efficient than brute-force attempts that try
every possible key
◼Types of cryptographic success:
❑Total break
❑Global deduction
❑Instance (local) deduction
❑Information deduction
❑Distinguishing algorithm
186

Cryptanalysis (cont.)
◼Frequency analysis –a basic tool for
breaking most classical ciphers
❑Not useful against modern symmetric or
asymmetric cryptography
◼Modern cryptanalysis methods:
❑Known plain text attack
❑Chosen plain text attack
❑Cipher text only Attack
❑Related-key attack
187

188
Summary
◼Encryption is a basic element of security
◼Encrypting data when transmitting is an
integral part of any security plan

Computer Security Technology

190
Objectives
◼Evaluate the effectiveness of a scanner
based on how it works
◼Choose the best type of firewall for a given
organization
◼Understand antispyware methods
◼Employ intrusion detection systems to detect
problems on a system
◼Understand honey pots

191
Virus Scanners
◼Software that tries to prevent a virus from
infecting a system
◼Virus scanners work in two ways:
❑Signature matching
◼List of all known virus definitions
◼Kept in a small .datfile
◼Updating consists of replacing this file
❑Behavior matching
◼Attempts to write to the boot sector
◼Change system files
◼Automate email software

192
Virus Scanners (cont.)
◼Virus scanners search for terminate and stay
resident (TSR) programs
◼Use algorithms to check for possible viruses
◼Ongoing virus scanner runs in the background
❑Constantly checks PC for any sign of a virus
◼On-demand virus scanner
❑Runs only when you launch them
◼Modern virus scanners offer both options

193
Virus Scanners (cont.)
Virus-Scanning Techniques
❑Email and attachment scanning
❑Download scanning
❑File scanning
❑Heuristic scanning
❑Sandbox
❑Machine learning

194
Virus Scanners (cont.)
◼Commercial antivirus software
❑AVG Antivirus
❑McAfee
❑Norton
❑Kaspersky
❑Malwarebytes
◼Include spam filters and personal firewalls
◼Most vendors offer free versions for home use

195
Firewalls
◼Barrier between two computers or computer
systems; can be hardware or software
◼A tool to block certain types of traffic
◼Filters incoming packets based on
❑Packet size
❑Source IP address
❑Protocol
❑Destination port
◼Linux and Windows ship with basic firewall

196
Firewalls (cont.)
◼Firewall types and components
❑Packet filtering
❑Stateful packet inspection
❑Application gateway (Proxy Servers)
◼Firewall configurations
❑Network host-based firewall
❑Dual-homed host
❑Router-based firewall
❑Screened host

197
Firewalls (cont.)
Commercial and Free Firewall Products
❑Zone Labs
◼ZoneAlarmSecurity Suite
◼Also offers free version
❑Windows Defender Firewall
◼Included with Windows
❑Cisco Systems

198
Firewalls (cont.)
Firewall Logs
❑Almost all firewalls log activity
❑Logs can provide valuable information
❑Can determine source of an attack
❑Can help prevent a future attack
❑Network administrators regularly check for data

199
Antispyware
◼Scans a computer for spyware
◼Checks for known spyware files
◼Maintain a subscription service to keep
spyware file definitions up to date
◼As essential as running antivirus software
◼Be cautious about attachments and
downloads

200
IDSs
◼Intrusion detection systems (IDSs)
❑Inspect all inbound and outbound port activity
❑Scan for patterns that might indicate an attempted
break-in
◼IDS categorization
❑Passive IDSs
◼Monitor and log suspicious activity
◼May notify the administrator
❑Active IDSs
◼Shut down the suspect communication
◼False positives are possible

201
IDSs (cont.)
Identifying an Intrusion
❑Signature based
◼Similar to antivirus signatures
◼Analyzes information it gathers and compares it to
known attack signatures
❑Statistical anomaly
◼Looks for activity outside normal parameters
◼Triggers include:
❑Sudden increase in bandwidth utilization
❑User accounts accessing different resources than usual

202
IDSs (cont.)
IDS Elements Common to All IDSs:
❑Sensor –collects data and passes it to the analyzer
❑Analyzer –analyzes the data collected by the sensor
❑Manager –software component used for management
❑Operator –person primarily responsible for IDS
❑Notification –process for dealing with alerts
❑Activity –element of interest to the operator
❑Event –activity deemed suspicious; possible attack
❑Alert –message indicating an event has occurred
❑Data source –raw information used for analysis

203
IDSs (cont.)
◼Many vendors supply IDSs
◼Determine best choice for business environment
◼Snort is a popular open-source IDS
❑Register (for free) at www.snort.org
❑Commands for starting Snort:

204
IDSs (cont.)
◼Honey Pots
❑Servers with fake data
❑Lures attackers away from data you want to protect
◼Database Activity Monitoring (DAM)
❑Monitors and analyzes database activity that operates
independently of the database management system
◼SIEM(security information and event management)
◼Other Preemptive Techniques:
❑Intrusion deflection
❑Intrusion deterrence

IDSs (cont.)
Authentication
❑PAP (Password Authentication Protocol) –simplest form of
authentication and the least secure
❑SPAP (Shiva Password Authentication Protocol) –an
extension to PAP that encrypts the username and
password that is sent over the Internet
❑CHAP (Challenge Handshake Authentication Protocol) –
calculates a hash after the user has logged in
❑EAP (Extensible Authentication Protocol) –framework
frequently used in wireless networks and point-to-point
connections
❑Kerberos –used widely, often with Microsoft OSs; basic
process is illustrated on the next slide
205

Kerberos
206

Digital Certificates
◼Provide a means for authenticating that the holder of
the certificate is who they claim to be
◼Basic items in an X.509 certificate:
❑Version
❑Certificate holder’s public key
❑Serial number
❑Certificate holder’s distinguished name
❑Certificate’s validity period
❑Unique name of certificate issuer
❑Digital signature of issuer
❑Signature algorithm identifier
207

SSL/TLS
◼Secure Sockets Layer/Transport Layer Security
◼Asymmetric encryption systems
208

209
Virtual Private Networks
◼VPNs provide a way to create virtual
connection through the Internet
❑Between remote user or site and a central location
❑Packets are encrypted
◼Protocols used to create VPNs:
❑PPTP
❑L2TP
❑IPSec

210
Virtual Private Networks (cont.)
Point-to-Point Tunneling Protocol (PPTP)
❑Secure extension to PPP
❑Authenticates users
◼Extensible Authentication Protocol (EAP)
◼Challenge Handshake Authentication Protocol
(CHAP)
❑Encrypts packets
◼Microsoft Point-to-Point Encryption (MPPE)

211
Virtual Private Networks (cont.)
(cont.)
Layer 2 Tunneling Protocol (L2TP)
❑Designed as an enhancement to PPTP
❑Five user authentication methods:
◼EAP and CHAP plus:
◼PAP –Password Authentication Protocol
◼SPAP –Shiva Password Authentication Protocol
◼MS-CHAP –Microsoft-specific extension of CHAP
❑Uses IPSecfor encryption

212
Virtual Private Networks (cont.)
Internet Protocol Security (IPSec)
❑Used by L2TP for encryption
❑Encrypts packet data and header information
❑Prevents unauthorized retransmission of packets
❑Operates in one of two modes:
◼Transport mode –only the payload is encrypted
◼Tunnel mode –both data and IP headers are encrypted

213
Wi-Fi Security
◼Wired Equivalent Privacy (WEP)
❑Uses the stream cipher RC4 to secure data and a CRC-32
checksum for error checking
◼Wi-Fi Protected Access (WPA)
❑Improvement over WEP; uses AES for encryption and TKIP
◼WPA2
❑The most widely used Wi-Fi security today
❑Very strong encryption based on the IEEE 802.11i standard
◼WPA3
❑All traffic to/from wireless access point (WAP) is encrypted
❑Brute-force attacks less likely to be successful

214
Summary
◼Every network needs a firewall and proxy
server between the network and the outside
world
◼All servers and workstations should have
updated virus protection
◼Also consider IDS and antispyware

Applied Cryptography

Objectives
◼Define digital certificates
◼List the various types of digital certificates and
how they are used
◼Describe the components of Public Key
Infrastructure (PKI)
◼List the tasks associated with key
management
◼Describe the different cryptographic transport
protocols

Digital Certificates

Weakness of Digital Signatures
◼Digital signatures require a reliable way to get
public keys
◼A forged public key could be used to forge a
digital signature

Digital Certificates
◼Digital certificate
❑Can be used to associate or “bind” a user’s identity to
a public key
❑The user’s public key that has itself been “digitally
signed” by a reputable source entrusted to sign it
◼Digital certificates make it possible for Alice to
verify Bob’s claim that the key belongs to him
◼When Bob sends a message to Alice he does
not ask her to retrieve his public key from a
central site
❑Instead, Bob attaches the digital certificate to the
message

Digital Certificates
◼A digital certificate typically contains the
following information:
❑Owner’s name or alias
❑Owner’s public key
❑Name of the issuer
❑Digital signature of the issuer
❑Serial number of the digital certificate
❑Expiration date of the public key

Authorizing, Storing, and
Revoking Digital Certificates
◼Certificate Authority (CA)
❑An entity that issues digital certificates for others
❑A user provides information to a CA that verifies
her identity
❑The user generates public and private keys and
sends the public key to the CA
❑The CA inserts this public key into the certificate
◼Registration Authority (RA)
❑Handles some CA tasks such as processing
certificate requests and authenticating users

Authorizing, Storing, and Revoking
Digital Certificates (continued)
◼Certificate Revocation List (CRL)
❑Lists revoked certificates
❑Can be accessed to check the certificate status of
other users
❑Most CRLs can either be viewed or downloaded
directly into the user’s Web browser
◼Certificate Repository (CR)
❑A publicly accessible directory that contains the
certificates and CRLs published by a CA
❑CRs are often available to all users through a Web
browser interface

Certificate Repository

Uses of Digital Certificates
◼Bind a user's identity to a public key
◼Encrypt channels to provide secure
communication between clients and servers
◼Encrypt messages for secureInternet e-mail
communication
◼Verify the identity of clients and servers on
the Web
◼Verify the source and integrity of signed
executable code

Types of Digital Certificates
◼Personal digital certificates
❑Used to send email from one person to another
❑Free from Thawte
◼Server digital certificates
❑Used by Web servers to make HTTPS connections
❑$250 / year from Thawte
◼Software publisher digital certificates
❑$300 / year from Thawte

Extended Validation SSL
◼Company must be audited and follow EV
standards
◼Company can't be "located in a country or be
part of an industry identified on a government
prohibited list"
❑$900 / year,

Types of Digital Certificates
(continued)
◼Single-sided certificate
❑Contains both the signature and the encryption
information
◼Dual-sided certificates
❑Certificates in which the functionality is split
between two certificates
◼Signing certificate
◼Encryption certificate

Types of Digital Certificates
(continued)
◼Dual-sided certificate advantages:
❑Reduce the need for storing multiple copies of the
signing certificate
❑Facilitate certificate handling in organizations
◼X.509 Digital Certificates
❑The most widely accepted format for digital
certificates

X.509 Structure

Public Key Infrastructure (PKI)

Managing Digital Certificates
For Alice and Bob to use asymmetric cryptography:
◼Alice and Bob must generate public and private
keys
◼A Certificate Authority (CA) or Registration
Authority (RA) must verify the identities of Alice
and Bob
◼The certificates must be placed in a Certificate
Repository (CR)
◼When they expire, they must be placed on a
Certificate Revocation List (CRL)
All these things are done by Public key infrastructure
(PKI)

Public Key Infrastructure (PKI)
◼Public key infrastructure involves
❑Public-key cryptography standards
❑Trust models
❑Key management

Public Key Infrastructure (PKI)
◼A framework for all of the entities involved in
digital certificates to create, store, distribute,
and revoke digital certificates
❑Includes hardware, software, people, policies and
procedures
◼PKI is digital certificate management

Public-Key Cryptographic
Standards (PKCS)
◼A numbered set of PKI standards that have
been defined by the RSA Corporation
◼These standards are based on the RSA
public-key algorithm

◼In Windows 7 Beta:
◼Start
◼Internet Options
◼Content Tab
◼Certificates
◼Select a Cerrtificate
◼Export

Trust Models
◼Trust may be defined as confidence in or
reliance on another person or entity
◼Trust model
❑Refers to the type of trusting relationship that can
exist between individuals or entities
◼Direct trust
❑A relationship exists between two individuals
because one person knows the other person
◼Third party trust
❑Refers to a situation in which two individuals trust
each other because each trusts a third party

Web of Trust
◼Direct trust is not easily scaled to multiple
users who each have digital certificates
◼PGP uses a "Web of Trust" in which people
trust "friends of friends"
❑Not very secure or scalable (comic from xkcd.org)

Trust Models
◼Three PKI trust models that use a CA
❑Hierarchical trust model
❑Distributed trust model
❑Bridge trust model

Hierarchical Trust Model
◼One master "root" CA signs all digital certificates with a
single key
◼Single point of failure

Distributed Trust Model
◼Used on the Internet

Trusted Root Certification
Authorities
◼In Windows 7
Beta:
◼Start
◼Internet Options
◼Content Tab
◼Publishers

Bridge Trust
Model
◼Used to link
federal and
state
governments
◼Links military
and civilian
ID cards

Managing PKI
◼Certificate policy (CP)
❑A published set of rules that govern the operation
of a PKI
❑Provides recommended baseline security
requirements for the use and operation of CA, RA,
and other PKI components
◼Certificate practice statement (CPS)
❑Describes in detail how the CA uses and
manages certificates
❑A more technical document than a CP

Certificate Life Cycle
◼Creation
◼Suspension
❑Certificate cannot be used while suspended
❑When an employee goes on leave
◼Revocation
❑Certificate goes on Certificate Revocation List
(CRL)
❑When a private key is lost
◼Expiration

Key Management

Key Storage
◼Public keys can be stored by embedding
them within digital certificates
❑While private keys can be stored on the user’s
local system
◼The drawback to software-based storage is
that it may leave keys open to attacks
◼Storing keys in hardware is an alternative to
software-based storage
◼Private keys can be stored on smart cards or
in tokens

Key Handling Procedures
◼Escrow
❑Private key is split in halves and stored by two
separate trusted parties
❑Some people want the government to have
everyone's keys in escrow so they can read all
encrypted documents
◼Expiration
◼Renewal

Key Handling Procedures
◼Revocation
◼Recovery
❑Key recovery agent (KRA)
◼A highly trusted person authorized to recover others'
keys
❑M-of-N control
◼A certain number of people need to agree to recover a
key
◼Suspension
◼Destruction

QUESTIONS?

Introduction to Cybersecurity fundamentals.pdf

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Introduction to Cybersecurity fundamentals.pdf

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Slide 39

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58

Slide 59

Slide 60

Slide 61

Slide 62

Slide 63

Slide 64

Slide 65

Slide 66

Slide 67

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

Slide 73

Slide 74

Slide 75

Slide 76

Slide 77