KS3, GCSE, A-Level Computing Resources
A firewall describes the technique used to protect an organisation's network from unauthorised access by users outside the network.
A firewall can be constructed using hardware, software or a combination of both.
The most secure firewalls:
The firewall is a critical component in network security. It regulates network access based on predefined rules and policies.
Firewalls inspect the source and destination IP addresses in packet headers. If these IP addresses match those recorded on the administrator's “permitted” list, the packets are either accepted or allowed to proceed.
Certain protocols operate on specific ports. For instance, Telnet uses port 23. If Telnet is disallowed (due to security concerns), any packets attempting to connect through port 23 will face two outcomes:
Instead of solely relying on IP addresses, protocols, and port numbers to manage a packet's safe traversal, stateful inspection (also known as dynamic filtering) examines the payload contents of data packets. This approach allows for a more thorough assessment of safety.
Rather than just examining the header information; stateful inspection analyzes the actual data within the packet. By inspecting the payload, it can identify potential threats or anomalies that might not be evident from IP addresses or port numbers alone.
Stateful inspection creates temporary contextual rules based on the history of previous packets in a communication "conversation". For example, if a series of packets indicates an ongoing legitimate exchange (such as a web request and response), the firewall dynamically adjusts its rules to allow further related packets.
Routers and firewalls maintain a connection table (also called a state table or session table). This table dynamically records information about active connections, including source and destination IP addresses, port numbers, and the state of the connection (e.g., established, closed, or waiting). The connection table is continuously updated as packets flow through the network. Administrators create rules that reference this table, allowing the firewall to make informed decisions based on the ongoing context of network conversations.
A proxy server intercepts all packets entering and leaving a network, hiding the true network addresses of the source from the recipient. This enables privacy and anonymous surfing.
A proxy can also maintain a cache of websites commonly visited and return the web page data to the user immediately without the need to reconnect to the Internet and re-request the page from the website server. This speeds up user access to web page data and reduces web traffic.
Proxy servers are often used to filter requests made by users. A common example is a school web-proxy that filters unsafe online content.
By routing through a proxy server there is no direct connection between the computer on the LAN and the Internet.
Encryption is the use of an algorithm and a key to convert message data into a form that is unreadable without the key to decrypt the data.
Decryption is the use of an algorithm and a key to convert encrypted message data into plain text.
Symmetric encryption is any technique where the same key is used to both encrypt and decrypt the data. The Caesar Cipher is one of the simplest symmetric encryption techniques, and of course, one of the easiest to crack.
Here are some symmetric encryption methods:
The Caesar cipher is a substitution cipher where each letter in the plaintext is replaced by a letter a fixed number of positions down the alphabet. It is named after Julius Caesar, who used it in his private correspondence.
How does it work?
Choose a shift value (usually between 1 and 25). Shift each letter of the alphabet by the chosen value. For example, with a left shift of 3, 'D' becomes 'A', 'E' becomes 'B', and so on. Now look at the example below:
To decrypt, perform a right shift by the same value.
Here is another example. Can you work out the cipher key?
Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher: FGHIJKLMNOPQRSTUVWXYZABCDE
RJJY RJ FY YMJ TQI GFWS
“MEET ME AT THE OLD BARN”
Here is a diagram of a Caesar Cipher wheel.
The Vernam Cipher, also known as the “One-Time Pad”, is a powerful and unbreakable encryption technique when used correctly.
The Vernam Cipher falls under the category of symmetric encryption. Both the sender and recipient share the same secret key.
The Vernam Cipher uses a random or pseudorandom stream of data (the keystream). Each character of the plaintext is combined with the corresponding character from the keystream using the Boolean “exclusive or” (XOR) function. The resulting ciphertext is generated.
When used with a truly random and secret key of the same length as the plaintext, the Vernam Cipher is unbreakable. It provides exceptional security because the keystream is unpredictable and used only once (hence the term “one-time pad”).
Example:
Cat = 01000011 01100001 01110100
pop = 01110000 01101111 01110000
You then perform an XOR operation (like binary addition) using the keyword.
Ciphertext = 00111111 00001110 00000100
Ciphertext = 63, 14, 4 (Denary)
Ciphertext = 3F, 0E, 04 (Hex)
Extra:
The Vernam Cipher was devised in 1918 by Gilbert S. Vernam, an engineer at AT&T. It introduced a crucial improvement to the Vigenère cipher, attributed to the 16th-century French cryptographer Blaise de Vigenère.
| A | B | Z |
|---|---|---|
| 0 | 0 | 0 |
| 0 | 1 | 1 |
| 1 | 0 | 1 |
| 1 | 1 | 0 |
Cryptanalysis involves attempting to “break” a cryptographic code without having knowledge of the specific cipher or the secret key. While symmetric encryption relies on a shared secret key between the sender and receiver, modern computers can easily compromise it. Despite efforts to keep the key secret, the vulnerability remains.
A brute force attack is an attempt to crack a password using a trial and error approach and hoping, to guess it correctly. This is a dated attack method, but is still effective and commonly used by hackers. Depending on the strength of a password, cracking it can take anywhere from a few seconds to many years.
Asymmetric encryption is a technique which uses different keys for encryption and decryption, allowing computers over the Internet to securely communicate with each other. Here are a list of steps outlining the public key encryption process:
Example - Computers A and B:
While encryption typically involves using the recipient's public key to secure a message, a malicious third party could encrypt a message using your own public key. This deceptive approach might lead you to believe that the message is legitimate, but in reality, it could be from an unauthorized source.
Digital certificates serve as trusted credentials issued by certification authorities (CAs). These certificates verify the association between a public key and its owner. When you receive a public key, a valid digital certificate enhances confidence in its authenticity.
To ensure the authenticity and integrity of an electronic message, a sender can digitally sign it. Digital signatures use the sender's private key to create a unique cryptographic hash of the message. Recipients can verify this signature using the sender's public key.
A hashing function is a way to turn any length input into a unique fixed length code. This code is called a hash.
It is very difficult to turn a hash back (almost impossible - one way encryption) into the original input, so hashing is often used to protect sensitive data, such as passwords.
Here is an example:
Input: “mypassword”
Hash: “1234567890abcdef1234567890abcdef”
Input: “myPassword”
Hash: “fedcba0987654321fedcba0987654321”
To store a password securely, a website or app will hash the password before storing it in its database.
When you try to log in, the website or app will hash your password again and compare it to the stored hash. If the two hashes match, then you are allowed to log in.
If a hacker steals a password database, they will only see the hashes, not the actual passwords. Hashing is a very important security measure for protecting passwords and other sensitive data.
Popular methods:
Ensuring the security of data on a network is crucial. When networks are compromised, it can lead to various negative consequences:
Authentication is the process that verifies the identities of individuals, applications, or services before granting them access to digital systems and resources.
Why is authentication important?
Encryption is the process of scrambling data so that it can not be understood by individuals without appropriate access rights.
Encryption takes plain text (like a text message or email) and scrambles it into unreadable format called ciphertext. This process ensures that even if hackers or cybercriminals intercept the data, they can't read it. The intended recipient, equipped with a decryption key, can unscramble the information back into plain, readable text.
You should encrypt messages, files, and data containing personal, sensitive, or classified information.
A firewall is like a protective barrier for a network. It allows outgoing traffic but carefully examines incoming traffic. Suspicious packets are blocked, and improper content is rejected. Firewalls also filter unwanted inbound traffic, including blocking specific IP addresses.
MAC address filtering is a network security feature that controls access to a wireless network based on the unique MAC addresses of devices.
Whitelisting (Allowlisting):
Blacklisting (Denylisting):
Acceptable Use Policy (AUP):
An AUP is an agreement between parties within a computer network community. It outlines standards of behavior regarding the proper usage of specific hardware and software services. AUPs are crucial for minimizing legal risks and ensuring that users adhere to approved behavior.
Disaster Recovery Policy:
This policy prepares an organization for data loss due to disasters such as fire, flood, hardware failure, or hacking. It encompasses evaluating risks, implementing preventive actions, training staff, and executing post-disaster recovery tasks such as procuring replacement hardware, reinstalling software, and restoring data from backups.
Archiving Policy:
Archiving involves storing data no longer in frequent use for security, legal, or historical reasons. Policies define how long data should be retained and how to destroy or delete it after that time. Archiving frees up resources and allows faster access to active data.
Failover Policy:
Failover policies determine how network traffic is rerouted in case of adapter failure. It ensures redundancy by including multiple physical NICs in a team. Failover order specifies which NICs to use when an adapter fails.
Security Policy:
A security policy outlines rules and procedures for network access, authentication, authorization, and encryption. It covers areas like acceptable behavior, incident response, and data protection.
Malware, short for malicious software, refers to any intrusive software developed by cybercriminals (often called hackers) to steal data and damage or destroy computers and computer systems. Examples of common malware include viruses, worms, Trojan viruses, spyware, adware, and ransomware.
Here are some telltale signs that you might have malware on your system:
A virus is a type of malware that attaches itself to legitimate programs or files. When these infected files are executed, the virus spreads and replicates, often causing damage to data or system files. Viruses can spread through infected email attachments, removable storage devices, or malicious websites.
Named after the ancient Greek story of the wooden horse used to infiltrate Troy, Trojans are deceptive programs. They appear harmless or useful but hide malicious code. Unlike viruses, Trojans don't self-replicate. Instead, they rely on user actions (such as downloading a fake app) to spread.
Spyware is designed to secretly monitor a user's activities without their knowledge. It can track keystrokes, capture screenshots, record browsing history, and steal sensitive information like passwords or credit card details. Spyware often infiltrates systems through malicious downloads or compromised websites.
Adware is less harmful but annoying. It displays unwanted advertisements (pop-ups, banners, or redirects) to generate revenue for the attacker. While not as destructive as other malware, adware can slow down your system and disrupt your browsing experience.
Ransomware is particularly malicious. It encrypts your files or locks you out of your system, demanding a ransom (usually in cryptocurrency) to restore access The infamous WannaCry attack is an example of ransomware that affected thousands of computers worldwide.
A rootkit is a type of malicious software (malware) designed to gain unauthorized access to a computer system and maintain control over it while remaining hidden from the user or system administrators. A rootkit provides an attacker with a backdoor into an infected machine, granting them access to the computer.
Organizations may have vulnerabilities in the following areas
Software that is used to detect and remove malware.
Passwords are the most common form of authenticating a user. Authentication is checking that the user is allowed to access content. Some applications use a pin pattern instead of a username and password
To set a secure password you must
Example of strong password: Brdu8#Jw4g
Biometric security is a powerful mechanism that leverages unique biological measurements or physical characteristics to verify an individual's identity and grant access to a facility or system. Unlike traditional passwords, which can be vulnerable, biometrics link proof of identity to our bodies and behavior patterns. Examples of biometric technology include fingerprint mapping, facial recognition, and retina scans.
Encryption is the encoding of data so that it can no longer be easily understood. Only authorised users, or users with the key can decrypt it.
CAPTCHA, an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart, serves as a crucial security mechanism. Its purpose is to differentiate between human users and automated bots, particularly in scenarios like signing up for internet services.
Email confirmation serves as a security measure in several ways:
Large companies like Microsoft often automatically update your software whenever they make changes to it. During software installation, you can set the default option to install automatic updates. Free applications typically do not have automatic update capabilities, so manual updates may be necessary. Software patches are updates designed to improve or fix a program. It may also provide additional protection against malware.
Finding flaws in a system, creating a report and explain how to fix them.
Different types testers or hackers can have different motivations and they are categorized into the groups identified below:
Cybercriminals occasionally employ a clever tactic! They strategically "lose" malware-infected USB sticks in places like company parking lots. Their goal is to trick unsuspecting employees into picking up these USB drives and plugging them into their computers. Thankfully, in some cases, vigilant employees have thwarted these attempts by reporting the suspicious devices to their IT departments. It's a reminder to stay cautious when encountering stray USB drives!
Access rights in network security refer to the permissions and privileges granted to users, devices, or processes within a networked environment. These rights determine what actions an entity can perform and what resources it can access.
Set of rules to follow in an organisation. If the rules are broken the organisation has legal grounds to remove you.
Physical security is used to prevent physical access to devices, and to prevent theft. Steps may include:
