Chapter four

4. Review of Shared Key Cryptography and Hash Functions

4.1. Basic Public Key Cryptography (DH, RSA, CAs, PKI)
4.2. Introduction to the TCP/IP Stack
4.3. Network Security (ports and protocols)
4.4. Firewalls and Firewall Rules
Review of Shared Key Cryptography and Hash
Functions
A cryptographic hash function is a hash function that takes an
arbitrary block of data and returns a fixed-size bit string, the
cryptographic hash value, such that any (accidental or intentional)
change to the data will (with very high probability) change the hash
value.
The data to be encoded are often called the message, and
The hash value is sometimes called the message digest or simply
digest.
HF-is a function that has a huge role in making a System Secure
as it converts normal data given to it as an irregular value of fixed
length.
When we put data into this function it outputs an irregular value.
The Irregular value it outputs is known as “Hash Value”.
Hash Values are simply numbers but are often written in
Hexadecimal.
 Computers manage values as Binary.
The hash value is also data and is often managed in Binary.
Features of hash functions in system security:
One-way function: it is easy to compute the hash value for a
given input, but difficult to compute the input for a given hash value.
 Hash functions useful for verifying the integrity of data, as any
changes to the data will result in a different hash value.
Deterministic: Hash functions are given the same input, the
output will always be the same.
 Hash functions useful for verifying the authenticity/validity of
data, as any changes to the data will result in a different hash value.
Fixed-size output: Hash functions produce a fixed-size output,
regardless of the size of the input.
 Hash functions useful for storing and transmitting data, as the hash
value can be stored or transmitted more efficiently than the original
data.
Collision Resistance: Hash functions is difficult to find
two different inputs that produce the same hash value.
This property ensures that attackers cannot create a false
message that has the same hash value as a legitimate
message.
Non-reversible: Hash functions is difficult or impossible
to reverse the process of generating a hash value to recover
the original input.
This property makes hash functions useful for storing
passwords or other sensitive information, as the original
input cannot be recovered from the hash value.
 The ideal cryptographic hash function has
four main properties:
 It is easy to compute the hash value for any
given message.
 It is infeasible to generate a message that has a
given hash.
 It is infeasible to modify a message without
changing the hash.
 It is infeasible to find two different messages
with the same hash.
 Basic Public Key Cryptography (DH, RSA, CAs, PKI)

In Encryption, the Diffie-Hellman(DH) Key Exchange

is a method for two parties who have never met before to
establish a shared secret key that only the two of them
know, without compromising their individual security.
DH was one of the first algorithms. Two parties use
symmetric cryptography to encrypt and decrypt their
messages.
Rivest-Shamir-Adleman (RSA) short form as RSA
falls under the Asymmetric Encryption category.
Thus, in RSA the sender and the recipient of the data use
a different key for encryption and decryption.
Certificate Authorities (CAs)- is a trusted organization
that issues digital certificates for websites and other entities.
CAs validate a website domain and, depending on the type of
certificate, the ownership of the website that are trusted by web
browsers like Chrome, Safari and Firefox.
Certificate Authorities (CAs) are the cornerstone of PKI, acting as
trusted entities that promise for the authenticity of digital
certificates.
CAs are responsible for:
•Verifying the identity of certificate applicants.
•Digitally signing issued certificates.
•Maintaining and publishing the certificate revocation list
(CRL).
CAs operate in a hierarchical structure, with root CAs at the top,
intermediate CAs in the middle, and end-entity CAs at the bottom.
The root CA's public key is generally pre-installed in user
PKI is public key cryptography, also known as asymmetric
encryption.
Asymmetric encryption is used to create a public key, pair it with a
private key, and create an association between the two.
Plain text is encrypted and converted to cipher text by an
encryption key.
Once the data is delivered to the recipient, the decryption key is
used to decrypt the cipher text back to plain text so they can read the
original message, confident that it hasn’t been compromised.
PKI benefits
The goal of PKI is confidential and secure communications, by
allowing two communicating parties to send and receive sensitive
data privately.
The benefits of PKI to individuals and enterprises
include:
Protecting customers data privacy.
Securing an enterprise’s intellectual property.
Improving technology compliance.
Preventing compromised data.
Securing remote and distributed workloads.
Protecting large numbers of IoT devices.
 TCP/IP Stack

The Transmission Control Protocol/Internet Protocol (TCP/IP)

stack is a set of protocols that enables communication between
devices over the Internet.
It consists of four layers:
1. Network Interface Layer: This layer deals with the physical
connection between devices and the network.
 It handles tasks such as data transmission and error detection.
2. Internet Layer: The Internet Layer is responsible for addressing
and routing packets across different networks.
 It uses IP (Internet Protocol) to assign unique addresses to
devices and ensures the delivery of packets to the correct
destination
3. Transport Layer: provides reliable and ordered delivery of data
between devices.
 It uses protocols like TCP (Transmission Control Protocol) and
UDP (User Datagram Protocol) for establishing connections,
managing data flow, and error recovery.
4. Application Layer: Encompasses various protocols that enable
specific applications to communicate over the Internet.
 Examples include HTTP (Hypertext Transfer Protocol) for web
browsing, SMTP (Simple Mail Transfer Protocol) for email, and
FTP (File Transfer Protocol) for file transfer.
 Network Security (ports and protocols)
 Network Security - protocols are network protocols that ensure
the integrity and security of data transmitted across network
connections.
The specific network security protocol used depends on the type of
protected data and network connection.
Each protocol defines the techniques and procedures required to
protect the network data from unauthorized or malicious attempts to
read or ex filtrate information.
 Firewalls and Firewall Rules
Firewall rules are instructions that control how a
firewall device handles incoming and outgoing traffic.
 They are access control mechanisms that enforce
security in networks by blocking or allowing
communication based on predetermined criteria.
These criteria include source or destination IP
addresses, ports, protocols, and services.
Depending on the sort of security system in place,
numerous varieties of firewall rules may be applicable.
Among the most prevalent firewall rules are as follows:
Access Rules: These rules allow, block, or reject specific
categories of traffic based on the source and destination addresses,
protocol, and port number.
State ful Packet Filtering Rules
compares the packet's information to the current connection state
and either permits or rejects the packet based on the results.
Circuit-level gateways: These firewalls operate at the session
layer 5 of the open systems interconnection (OSI) network
model, where connections are established and maintained.
Circuit-level gateways are accountable for authenticating
incoming TCP and IP packets and permitting or denying traffic
based on the rules that have been configured.
Application Level Gateway Rules: Also known as proxy
servers, application level gateways serve as intermediaries between
the internet and an internal network.
 Proxy servers operate at the OSI model's application layer 7.
Network Address Translation (NAT) Rules: NAT protocols
translate IP addresses from one network to another, facilitating the
transit of network traffic.
Additionally, it can be used to protect private networks from
external attacks.
 CHAPTER- 5
 Application Vulnerability is a system flaw or weakness in an
application that could be exploited to compromise the security of the
application.
 Application vulnerability, and determined how to access it, the
attacker has the potential to exploit the application vulnerability to
facilitate a cyber crime.
These crimes target the confidentiality, integrity, or availability
(known as the “CIA triad”) of resources possessed by an application,
its creators, and its users.
 The application layer currently contains 90% of all
vulnerabilities.
Malicious code- is the kind of harmful computer code or
web script designed to create system vulnerabilities leading to back
doors, security breaches, information and data theft, and other
potential damages to files and computing systems.
Malicious code examples include backdoor attacks, scripting
attacks, worms, Trojan horse and spyware.
Malicious code attack can wreak havoc on a defenseless IT
infrastructure very quickly or wait on servers for a predetermined
amount of time or a trigger to activate the attack.
Industry studies have revealed that detection of malicious code
often takes weeks or months before the damage is noticed and
threats are defeated.
 Types of Malicious Code
Trojan Horses: Disguised as harmless software, Trojans trick users
into installing them.
Once inside, they can steal sensitive information, create backdoors,
or cause other harm.
Worms: Self-replicating programs that spread across networks. They
can overload servers, consume bandwidth, and cause system
slowdowns.
Ransom ware: Encrypts files and demands payment (ransom) for
decryption.
Spyware: Secretly monitors user activity, capturing sensitive
information.
Viruses: These attach themselves to legitimate files and spread
when the infected file is executed. They can corrupt data, delete files,
or disrupt system functionality.
 Adware: Displays unwanted advertisements.
Root kits: Conceal their presence by modifying system
files.
Bot nets: Networks of infected computers controlled by
a central server for malicious purposes.
 Effects of Malicious Code on Computers:

Data Theft: Malware can steal personal information, login

credentials, financial data, and sensitive files.
Denial of Service (DoS): Malicious code can overload servers,
rendering services inaccessible.
File Deletion: It may delete critical files, causing data loss.
Backdoors: Malware can create hidden entry points for
unauthorized access.
Password Compromise: User passwords can be stolen.
System Control: Malware gains control over the computer.
Corruption of Data: Files and databases can become corrupted.
Nuisance and Inconvenience: Pop-ups, slowdowns, and
disruptions.
Ransom and Extortion: Ransom ware encrypts files, demanding
payment for decryption.
Securing Services (shells, e-mail, web servers)
This is the start page for the SSH (Secure Shell) protocol,
software, and related information.
SSH is a software package that enables secure system
administration and file transfers over insecure networks.
 It is used in nearly every data center and in every large enterprise.
 Free e-mail account services are fine for regular use, but if you
want to be extra confident that the messages you send and receive
are protected, check out the email services below.
These services keep emails private, secure, and encrypted.
An encrypted email account protects your privacy. If you want
more anonymity, use your secure account behind a free, anonymous
web proxy server or a Virtual Private Network (VPN) service.
Protecting your emails both when they are in transit and sitting in
your employees’ inboxes.
Preventing unauthorized users from sending emails using your
organization’s domain.
Setting up email filters and antivirus protection on your servers.
Securing the network(s) your employees and other authorized users
use to access these email services
Ensuring that your email servers are physically inaccessible to
unauthorized parties (if you run your own email server).
Web server security - is a broad term covering the processes
and solutions that keep web servers secure.
 Web server - security encompasses three elements: host,
network, and physical.
For example, a comprehensive firewall can protect network
connections, while unauthorized users are prevented from accessing
a network by specific hardware or software components.
When discussing web server security, we can look at two key
areas:
Securing a web server’s data.
Securing the services that run on a web server.