A network is composed of sensitive equipment: cables, switches, routers, power supplies etc. Hostile actors can compromise network security by:
- Maintenance threats - sabotaging the equipment and cables.
- Electrical threats - interfering with the power supplies (voltage spikes, power loss).
- Environmental threats - creating temperature anomalies, dust, radiation etc.
- Remote / local access threats - unauthorised login.
- Physical threats - physical damage to the device and theft.
The IP suite means that packets are exchanged from one computer to another via a set of routers. These packets can be inspected with a suitable tools such as WireShark.
Layer 1: The application layer contents => the information
Layer 2: IP ports => the programs that are being used
Layer 3: IP addresses of source and destination => where are the individuals in the exchange?
Start with the data known as the plaintext. An encryption algorithm is applied to create the ciphertext. A decryption scheme is needed to read the data.
The encryption algorithm is a process dependnent on a key. Two options exist:
- Symmetric key: Only the sender and receiver know the key (shared). If the key is stolen, the scheme can be defeated.
- Public/private key pair: Use one key for encryption (public) and use a different key for decryption (private). The sender cannot decrypt data once it was encrypted
Apply the XOR operation with the same key to each character in the cipher text to regenerate the plain text. If a message is intercepted, and the encruyption method is known to be XOR cipher, the cipher could be broken by trying each combination of key.
There is a convention that has developed when discussing cryptography.
A wants to send a secret message to
M is an attacker who wants to intercept the message.
Public key cryptography
Each user has to generate a pair of keys and then publish their public key so that people can send encrypted messages to them.
The simple XOR cipher is fairly easily broken. Methods that are very time consuming or impossible to break are desireable. Advanced pure mathematics proides the tools. (eg, integer factorisation, discrete logarithms, elliptic curves...) Prime numbers play a key role in this.
Tools for network security
A penetration test is an authorised simulated attack on a computer system that looks for security weakesses, potentially gaining access to the system's featuers and data.
White box: which provides background and system information
Black box: which provides only basic or no information
A penetration test should help determine whether a system is vulnerable to attack.
Denial of Service attacks
The primary purpose of a denial of service (DoS) attack is to flood a service or an application with so many unwanted packets that the affected systems are put out of business due to the workload being processed. One of the most common forms of this type of attack is the SYN attack. This is based on the packet used when a TCP connection is established. Some firewalls are now able to sense when this kind of attack is taking place.
DNS fast flux attack
Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies.