Define the Concepts of symmetric key encryption, public key encryption, and hashing and explain which of these techniques are used for confidentiality and authentication
2.You are a security administrator responsible for your organization's security. Using the content of the book, describe in detail at least two ways to defend your company from denial of service attacks
3.You are a security administrator responsible for your organization's security, list rules for working in secure areas. Please include how should trash bins be protected? and What can be done to reduce the dangers of desktop PC theft and unauthorized use?
4.The two types of filtering IDSs use are deep Packet inspection and packet stream analysis, explain why they are important and why they are processing intensive.
Encryption is a process of data protection by converting the data into a code that can be only accessed by the authorized user. Encryption prevents the unauthorized use or access of data or information. Encryption is one of the most effective methods of achieving data security (Goshwe, 2013). In order to access an encrypted file, one must obtain the security key or passwords that will be enable them to decrypt the file. The unencrypted text before the process of encryption is termed as plain text while the encrypted data in termed as cipher text. The process of encryption mainly uses an algorithm to encrypt or transfer the information into a cipher text. This method is used to protect sensitive data such as credit or debit card number by encoding and transferring it into cipher text (Shinge & Patil, 2014). Encryption ensures trusted delivery of sensitive information. There are mainly two main types of encryption namely symmetric encryption and asymmetric or public key encryption.
Symmetric key encryption is a more secure method of encryption as it uses a common secret key for both encryption and decryption. The data of each key is self-encrypted for additional protection. The algorithm related to the encryption is Data Encryption Standard or DES, which uses 56- bit encryption. However, the Advanced Encryption Standard or AES that uses 128-bit or a 256-bit key encryption is considered as more reliable (Agrawal & Mishra, 2012). Symmetric key encryption is simpler and faster as it uses only one key. The major drawback of this method of encryption is that only a private key is needed in both encryption and decryption and if this key is lost, the receiver can never decrypt the information. Another obligation of this system is that the sender and receiver must exchange the key in a secure manner.
Asymmetric or public key Encryption
Asymmetric or public key encryption needs two different keys (public and private) in order to encrypt and decrypt data. The key that can be shared with everyone and generally used for encryption. The key that is kept secret and used for decryption is called private key (Thambiraja, Ramesh & Umarani, 2012). Both the keys can be employed for encryption or decryption. This type of encryption is generally seen in web browsers to ensure a secure connection and also in digital signature (Hoffman, 2012).
Hashing is the transference of a string value into a smaller or shorter value of fixed length that represents the original string. This technique is majorly used in database in indexing and to retrieve the items or values present in that particular database. This is mainly done as it is faster to search and find items using a shorter hashed key instead of using the original value. It is one of the major encryption techniques as well, that hides the real value of an arbitrary sized data or string and transforms it into a fixed sized value.
Symmetric and asymmetric key encryption is generally used for authentication and maintaining the confidentiality of data. The asymmetric key encryption is mainly used in digital signatures attached with electronic documents that verify the authentication of the sender. In symmetric key encryption, the sender share a unique key with the receiver, which the receiver uses to decrypt the data send. Therefore, the receiver or the user who have access to the private key can read or access the data. Thus, it maintains the confidentiality of the data as only the sender and receiver is able to access the data.
Denial of service attack or DoS attack is a cyber attack where the attacker aims to make a network or system resources unavailable for the legitimate users by disrupting the services of the host connected with internet indefinitely (Gunasekhar et al., 2014). This is done by flooding the network with excessive unwanted messages asking the network or the server to authenticate the requests that generally have invalid return addresses. Thus, it becomes difficult for the legitimate users to access the network. Dos attacks may crash a server thus leading to the wastage of time and money. Denial of Service attack is dangerous in sense it can paralyze even a well-structured network for days, freezing all the online services of the company (Liu, Liu & Saddik, 2013).
The recommended ways to prevent the denial of service attack are as follows-
1) Installation of routers and firewalls along with DoS mitigation appliances- Routers can be well configured to prevent the ping attacks by filtering the invalid IP addresses and non essential protocols. Routers can however prove to be ineffective against a sophisticated spoofed attack. Firewalls are capable of shutting down a targeted flow related to an attack. DoS mitigation appliances can be used for load balancing. Proper server configuration is essential to minimize the effect of Dos attack. An administrator can limit the resources, an application can use and how it will respond to the requests. This will prevent the allowance of the invalid requests into the server thus preventing the Dos attack (Gupta, Joshi & Misra, 2012).
2) Over provisioning- this is another recommended way to handle DoS attack. Over provisioning refers to allocating excess bandwidth or redundant network devices in order to handle DoS attacks in the system. The advantage of buying an outsourced provider of service is that the extra bandwidth can be bought when the company needs it rather than making an expensive capital investment of buying the redundant networks interface and devices. A company however, has no idea that a DoS attack is coming and hence the company needs to acts as quickly as possible in this approach. The primary aim of any DoS attack is o consume the internet bandwidth and hence a well structured and equipped managed hosting provider is to be selected for preventing the attack. These equipments are fixed in front of the normal servers and are programmed to detect and filter out the malicious traffic (Hashmi, Saxena & Saini, 2012). These systems are needed to be updated constantly by the operations team in order to remain up to date with the latest threats. The only disadvantage of this system is that, it cannot handle the volumetric attacks and becomes incapable when the attack exceeds the network capacity.
Cloud Mitigation provider is an effective over provisioning method. The cloud mitigation providers are expert in delivering DoS mitigation in cloud. Cloud mitigation providers have developed massive amounts of network bandwidth and capacity of mitigation over multiple sites round the internet. It can take up any sort of network traffic and filter the traffic to send only the validated traffic into the destination. The network security engineers who monitor the latest DDoS tactics for better protection manage this (Deshmukh & Devadkar, 2015).
3) Server hardening is another recommended but less used method of controlling the DoS attack. It deals with hardening of IP Tables to permit only those traffic that is expected by the company. It also configures server in such a way that it is capable of auto recover on occasion of system failure. It makes the server more resilient of the requests thus preventing the DoS attacks (Sharma, Singh & Singh, 2013).
Working in secure areas is ensured to prevent unauthorized access or damage to the confidential information of the organization. This is done by protecting and defining the security perimeters with appropriate security barriers and entry control. The rules listed for protection includes commensuration of the identified risk (Peltier, 2016).
The rules for working in secure areas are listed below-
1) Unsupervised work in secure areas should be avoided to the best and when no one is working in the security area, the area should be locked and checked periodically.
2) Electronic devices capable of recording or copying mass amounts of information should be forbidden in the secure areas for example, Smartphone, camera, USB, laptops and similar devices.
3) The security perimeters should be clearly defined and the strength of each perimeter depends on the security requirement of the assets within the perimeter. The security perimeter or barrier includes card controlled entry doors, walls or manned reception desks to protect the secure areas from unauthorized access. The access to those areas of the organization will be restricted to authorized personnel only. Moreover, the areas should be equipped with suitable intruder detection system. This system should be regularly checked and tested to ensure that they are in perfect working condition.
4) Inspections of personnel entering or leaving the secure areas should follow strict notification and compliance. The entry and departure of the employee and the visitors are recorded on the visitor access log and they are to be granted access to the protected areas or organizations’ information only for specific and authorized purposes. Furthermore, authorization controls are to be used to authorize and validate their access.
5) Discretionary access control can be used for working in secure areas. In this method, the owner of the resource gives access rights to the other users according to his discretion.
6) The server room should be locked and should allow only authorized person to enter to ensure that the security of the protected areas are not tampered with. Setting up a proper surveillance is necessary for working in secure areas. A video surveillance camera should be installed to supplement other rules of working in secure areas (Chen et al., 2012).
7) The backup of the sensitive data should be properly stored to prevent unauthorized access. The backup files should be password protected to prevent unauthorized access. Or else, the backup file may be kept offsite to prevent intruders’ access.
Trash bins can act as an important source information and thus it is needed to be protected in order to prevent data loss. Trash bins are protected by ensuring that no confidential information is discarded into the trash bin. The wastes in the trash bin are properly disposed to prevent data theft. Moreover before disposing the contents of the trash bin, it is to be ensured that it does not contain any sensitive information or information that can be misused.
In order to reduce the danger s of desktop PC theft, the individual desktop Pcs present in the office premises can be locked onto their desks with a cable. In order to reduce the danger of unauthorized use, it has to be ensured that every PC has a login screen with a complex password so that no intruder can use it easily. The password should be strong and un-common so that the intruder has little room for guessing the password and accessing the PC. The laptops however can make use of the fingerprint authentication or face scanning security options to keep secured and prevent it from unauthorized access (Jain & Nandakumar, 2012).
Deep Packet Inspection
Deep packet inspection is an effective way of packet filtering, which functions in the application layer of the OSI reference model. Deep packet inspection renders it possible to identify, classify and block certain packets with specific data that the convectional packet filtering cannot detect. DPI is generally used to allocate resources and streamline the flow of traffic. A high priority packet is routed to its destination ahead of less priority packets. DPI improves the network performance by preventing the peer-to-peer abuse. The security implication of DPI is widespread as it helps in identifying the originator of a specific packet (Bremler-Barr et al., 2014). It is process intensive as it uses data parallel approach to process large volumes of data. Deep packet works by inspecting the data part of the packet as it passes the point of inspection. It generally un-hides the presence of non compliance, viruses, spam and intrusion. Deep packet inspection helps in advanced network management and operation of security functions such as data mining. DPI is widely used by the telecommunication provides. It is important particularly because it mixes the objectives of intrusion detection system as well as intrusion prevention system with the help of a state-full firewall. This combination makes it possible to detect a number of attacks. DPI is used to overcome the buffer overflow attacks, denial of service attacks and illegal intrusion into the system. DPI is often capable of monitoring the layers 2 to 7 of OSI model. DPI can also be used against net neutrality (Thinh, Hieu & Kittitornkun, 2012).
This is significant because it inspects all the fields in packet including the IP header, TCP or UDP header and the message of the application. Certain attacks cannot be prevented if the firewall only looks at the application content.
Deep packet inspection is processing intensive as it looks at all the fields of the packet and takes more time as well as processing power.
Packet Stream Analysis
Packet stream analysis intercepts and logs the traffic passing over a digital network. As the data in passed through the system or a network, a sniffer captures the contents of every packet and decodes the raw data present in the packet. It supervises and analyzes the content of the packets according to the set objectives or specifications. Packet stream analysis requires different IDS to maintain and compare a number of packets, which are examined to determine whether an attack is taking place into the system or not (Rueppel, 2012). This results in placing a heavy load of processing on the IDS. This effective filtering technique scans a series of packets at a time to determine the probability of an attack. Ids are important because they identify suspicious rackets that may be a cause of harm or a part of a probable attack. Packet stream analysis identifies a probable attack with the help of IDs and alerts network administrators of potential threats so that the suspicious packets can be dropped. IDs cannot drop the suspicious packets on its own (Sanders, 2017).
Packet stream analysis is important because, only a single packet is not capable of determining certain types of attack and therefore the need of checking of multiple packets comes into play. It generally takes more than one packet to determine whether a network is symmetrically scanned or not, whether the TCP is half open or even a probability of denial of service attack (Asrodia & Patel, 2012).
The packet stream analysis is processing intensive because every fields of a series of packets are inspected. This is necessary for defining the probability of attack and thus has more processing power (Singh, Lozano & Ott, 2013).
Agrawal, M., & Mishra, P. (2012). A comparative survey on symmetric key encryption techniques. International Journal on Computer Science and Engineering, 4(5), 877.
Asrodia, P., & Patel, H. (2012). Network traffic analysis using packet sniffer. International journal of engineering research and applications, 2(3), 854-856.
Bremler-Barr, A., Harchol, Y., Hay, D., & Koral, Y. (2014, December). Deep packet inspection as a service. In Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies (pp. 271-282). ACM.
Chen, C., Sun, L., Shao, Y., Hu, Z., & Shi, Q. (2012, January). Iems: An intelligent environment monitoring system of server room. In Intelligent Computation Technology and Automation (ICICTA), 2012 Fifth International Conference on (pp. 189-192). IEEE.
Deshmukh, R. V., & Devadkar, K. K. (2015). Understanding DDoS attack & its effect in cloud environment. Procedia Computer Science, 49, 202-210.
Goshwe, N. Y. (2013). Data encryption and decryption using RSA Algorithm in a Network Environment. International Journal of Computer Science and Network Security (IJCSNS), 13(7), 9.
Gunasekhar, T., Rao, K. T., Saikiran, P., & Lakshmi, P. S. (2014). A survey on denial of service attacks.
Gupta, B. B., Joshi, R. C., & Misra, M. (2012). Distributed denial of service prevention techniques. arXiv preprint arXiv:1208.3557.
Hashmi, M. J., Saxena, M., & Saini, R. (2012). Classification of DDoS attacks and their defense techniques using intrusion prevention system. International Journal of Computer Science and Communication Networks, 2(5), 607-14.
Hoffman, P. (2012). Elliptic curve digital signature algorithm (dsa) for dnssec.
Jain, A. K., & Nandakumar, K. (2012). Biometric Authentication: System Security and User Privacy. IEEE Computer, 45(11), 87-92.
Liu, S., Liu, X. P., & El Saddik, A. (2013, February). Denial-of-Service (DoS) attacks on load frequency control in smart grids. In Innovative Smart Grid Technologies (ISGT), 2013 IEEE PES (pp. 1-6). IEEE.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.
Rueppel, R. A. (2012). Analysis and design of stream ciphers. Springer Science & Business Media.
Sanders, C. (2017). Practical packet analysis: Using Wireshark to solve real-world network problems. No Starch Press.
Sharma, S., Singh, G., & Singh, P. (2013). Security Enhancing of a LAN Network Using Hardening Technique. International Journal of Innovative Technology and Exploring Engineering, 2(3), 174-181.
Shinge, S. R., & Patil, R. (2014). An encryption algorithm based on ASCII value of data. International Journal of Computer Science and Information Technologies, 5(6), 7232-4.
Singh, V., Lozano, A. A., & Ott, J. (2013, December). Performance analysis of receive-side real-time congestion control for WebRTC. In Packet Video Workshop (PV), 2013 20th International (pp. 1-8). IEEE.
Thambiraja, E., Ramesh, G., & Umarani, D. R. (2012). A survey on various most common encryption techniques. International journal of advanced research in computer science and software engineering, 2(7).
Thinh, T. N., Hieu, T. T., & Kittitornkun, S. (2012, May). A FPGA-based deep packet inspection engine for Network Intrusion Detection System. In Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON), 2012 9th International Conference on (pp. 1-4). IEEE.