Security/Networking Encryption Encoding information ...

Security/Security/NetworkingNetworking

EncryptionEncryption

Encoding information – cryptographyEncoding information – cryptography Dan Brown’s “DaVinci Code” and “Digital Fortress”Dan Brown’s “DaVinci Code” and “Digital Fortress”

The The Caesar Cipher Caesar Cipher Julius Caesar encoded messages by replacing each Julius Caesar encoded messages by replacing each

letter with 3letter with 3rdrd letter after in alphabet (a=d, b=e, letter after in alphabet (a=d, b=e, z=c, etc.)z=c, etc.)

Improve: use cipher alphabet BUT use different Improve: use cipher alphabet BUT use different shifts for subsequent lettersshifts for subsequent letters 11stst letter = shift by 3 letters letter = shift by 3 letters 22ndnd letter = shift by 1 letter letter = shift by 1 letter 33rdrd letter = shift by 4 letters letter = shift by 4 letters Pi = 3.1415926Pi = 3.1415926

What would ‘Hello’ be?What would ‘Hello’ be?

EncryptionEncryption Public-key Public-key systems systems

Used with modern computer systemsUsed with modern computer systems Complex mathematical formulasComplex mathematical formulas Person wishing to receive messages will Person wishing to receive messages will

publish public key (often 128 publish public key (often 128 bits – larger the key – longer to bits – larger the key – longer to break)break) Example:1000 yearsExample:1000 years

Important for e-commerce (secure sites) Important for e-commerce (secure sites) PGPPGP – Pretty Good Privacy – protects – Pretty Good Privacy – protects

data in storage, too data in storage, too Public key is for Public key is for encryptionencryption Private key is for Private key is for decryptiondecryption

Debate over public key encryptionDebate over public key encryption Terrorists use encryptionTerrorists use encryption Yet, needed for e-commerce growthYet, needed for e-commerce growth

TLS/SSL TLS/SSL – Transport Layer – Transport Layer Security/Secure Sockets Layer Security/Secure Sockets Layer Web browsersWeb browsers Protects data in transit over a networkProtects data in transit over a network

Security for Wireless Security for Wireless Computer?Computer?

Wireless networksWireless networks PasswordsPasswords control what computers and users control what computers and users

access networkaccess network Encryption and AuthenticationEncryption and Authentication Encryption:Encryption:

WEPWEP (Wired Equivalency Privacy) (Wired Equivalency Privacy) Protects against casual snoopingProtects against casual snooping No longer recommended – crack in minutesNo longer recommended – crack in minutes

WPA WPA (Wi-Fi Protected Access)(Wi-Fi Protected Access) Works with all wireless network adapters but not Works with all wireless network adapters but not

all older routers or access pointsall older routers or access points WPA2WPA2 (Wi-Fi Protected Access) (Wi-Fi Protected Access)

More Secure than WPAMore Secure than WPA Will not work with some older network adaptersWill not work with some older network adapters

Wireless SecurityWireless Security

Prevents ‘Piggybacking’Prevents ‘Piggybacking’ Tapping into someone else’s wireless Internet Tapping into someone else’s wireless Internet

connection without proper authorizationconnection without proper authorization Illegal in some statesIllegal in some states

NY Times Article 2006

Passwords – Problems Passwords – Problems

Easily guessed (40-50%)Easily guessed (40-50%)

Share passwordsShare passwords

Post password next to computerPost password next to computer

Passwords too short Passwords too short

Password Solutions Password Solutions (PC (PC Mag Feb. 2008) Mag Feb. 2008)

Use ‘strong’ passwordsUse ‘strong’ passwords Mix numbers and letters; mix caseMix numbers and letters; mix case The longer the better (6-8 chars or longer)The longer the better (6-8 chars or longer)

Brute Force – trying every combination until Brute Force – trying every combination until password is determinedpassword is determined

Pet, kids and spouse names make bad Pet, kids and spouse names make bad passwordspasswords

Be inconsistent – use different passwords Be inconsistent – use different passwords for different sites for different sites (I know…hard to do!)(I know…hard to do!)

Change passwords oftenChange passwords often

Security Solutions - Security Solutions - Revised Revised

No such thing as 100% security No such thing as 100% security :: Make sure Operating System is up-to-date (automatic Make sure Operating System is up-to-date (automatic

update/service packs)update/service packs) Use anti-malware programs/Security Suites (update)Use anti-malware programs/Security Suites (update) Use a bidirectional firewallUse a bidirectional firewall Use additional anti-spyware scanners (Spybot S&D, Use additional anti-spyware scanners (Spybot S&D,

Adaware, Windows Defender)Adaware, Windows Defender) Secure wireless network (WEP/WPA/WPA2)Secure wireless network (WEP/WPA/WPA2) Use unique (strong) passwords Use unique (strong) passwords Consider using different browser – Internet Explorer Consider using different browser – Internet Explorer

is a popular target (Opera, Firefox)is a popular target (Opera, Firefox) Use encryption (E-mail, IM - example ‘PGP Desktop’)Use encryption (E-mail, IM - example ‘PGP Desktop’) Backup important files (ex. storms, hardware Backup important files (ex. storms, hardware

failure)failure) Be mindful of “social engineering” issues Be mindful of “social engineering” issues

(Phishing, Facebook)(Phishing, Facebook) Turn computer OFF when not in useTurn computer OFF when not in use

NetworkingNetworking

What are File What are File Servers?Servers?

NetworkNetwork – a group of two or more computers – a group of two or more computers connected together for exchanging connected together for exchanging data/information and sharing resourcesdata/information and sharing resources

File Server File Server – centralized computer used for – centralized computer used for storing (and sharing) programs and files.storing (and sharing) programs and files. Examples: Database server, Web server, mail Examples: Database server, Web server, mail

server, general file serversserver, general file servers

Client-serverClient-server Client – computer that ‘receives’ dataClient – computer that ‘receives’ data Server – computer that provides services to a Server – computer that provides services to a

clientclient

MessageMessage

A communication that is transferred from A communication that is transferred from one node on a network to another.one node on a network to another. E-mailE-mail Web Pages Web Pages FTP (File Transfer Protocol)FTP (File Transfer Protocol)

NetworksNetworks

BandwidthBandwidth Amount of data that can be transmitted across Amount of data that can be transmitted across

transmission medium in a certain amount of timetransmission medium in a certain amount of time

PacketPacket Data (Web pages, e-mail messages, etc.) is Data (Web pages, e-mail messages, etc.) is

transmitted in bundles called packets transmitted in bundles called packets HeaderHeader

Sender’s IP addressSender’s IP address Receiver’s IP addressReceiver’s IP address ProtocolProtocol Packet NumberPacket Number

DataData

TCP/IP- Tells which application TCP/IP- Tells which application should beshould be

used for a network used for a network message message

Transmission Control Protocol/Internet Protocol Transmission Control Protocol/Internet Protocol

Used withUsed with Ethernet networksEthernet networks

IP header IP header – includes information about which – includes information about which application should be used for each messageapplication should be used for each message

IP IP – specifies a way of sending packet – specifies a way of sending packet information from source to destinationinformation from source to destination

Port Address Port Address (16-bit number)(16-bit number)

PacketsPackets can travel separately to your computer. can travel separately to your computer.

ICANN maintains list of well-known ports (0-ICANN maintains list of well-known ports (0-1023)1023)◦ Registered ports 1024-49151Registered ports 1024-49151

Port AddressesPort Addresses

Port Address Port Address (16-bit number) (16-bit number) 21 – message contains FTP commands21 – message contains FTP commands 20 – message contains file related to FTP 20 – message contains file related to FTP

commandcommand 23 – Telnet23 – Telnet 25 – E-mail25 – E-mail 80 – HTTP (access to World Wide Web)80 – HTTP (access to World Wide Web)

Also used by firewall (screen port numbers)Also used by firewall (screen port numbers)

Firewall – Guard Against Firewall – Guard Against External ThreatsExternal Threats

Acts as a barrier between your Acts as a barrier between your system and outside worldsystem and outside world

Ports provide application-routing Ports provide application-routing information for every messageinformation for every message 21 (FTP)21 (FTP) 25 (E-mail)25 (E-mail) 80 (HTTP)80 (HTTP) 1234512345 (NetBus – Trojan) *Block* (NetBus – Trojan) *Block*

Firewall screens ports Firewall screens ports Norton Internet SecurityNorton Internet Security McAfee Internet SecurityMcAfee Internet Security Windows XP (blocks only incoming Windows XP (blocks only incoming

traffic)traffic)

Wireless TechnologyWireless Technology

Wireless TechnologyWireless Technology

Access PointAccess Point Computer connected to the Internet (acts as intermediary)Computer connected to the Internet (acts as intermediary) Name is Name is SSID (Example: RoyalAir) SSID (Example: RoyalAir) (to broadcast or not to (to broadcast or not to

broadcast?)broadcast?) Microsoft's AnswerMicrosoft's Answer

Usually user able to configure security features Usually user able to configure security features

Wireless RouterWireless Router – – attaches to access point computerattaches to access point computer

BeaconBeacon Repeating of identifying information by access pointRepeating of identifying information by access point Example: on a 2.4 GHz radio frequency band Example: on a 2.4 GHz radio frequency band

Association Association – Portable wishes to make connection– Portable wishes to make connection

Radio waves Radio waves or or infrared signals infrared signals used to communicate with used to communicate with access pointaccess point As portable computers move, interact with new access pointAs portable computers move, interact with new access point If no computers have direct access to the Internet, portable If no computers have direct access to the Internet, portable

computers still can interact with each other, but not with computers still can interact with each other, but not with the Internetthe Internet