Network Security – XMind – Mind Mapping Software











  1. Security Goals

    1. 1
    2. Major

      1. Confidentiality

        1. This is the assurance that messages or data exchanged between two people or hosts on a network remains secret and is not read by third parties
        2. Encryption
      2. Integrity

        1. This is the assurance that messages or data exchanged between two people or hosts on a network is not changed while it is being transmitted over the network
        2. Hash Function
        3. Message Authentication Codes (MAC)
      3. Availability

        1. This is the assurance that a host on a network is freely allowed to send and receive legitimate messages with other hosts on the network without interference.
        2. Firewall
        3. Backup Server
    3. Minor

      1. Entity Authentication

        1. This is the general idea that a host on a network should be able to prove its identity.
        2. Passwords
        3. Nonces
      2. Message Origin Authentication

        1. This means that it can be established with certainty that a message came from a particular entity
        2. Digital Signature
      3. Non-Repudiation

        1. This means that a host or other entity on a network cannot deny having sent/received a message.
        2. Origin
        3. Destination

          1. Trusted Third Party
          2. Confirmation
      4. TImeliness

        1. This means that a conversation between 2 hosts on a network cannot be watched by a third party who can use the record of the conversation to masquerade as one of parties and replay the prior conversation. To put it another way, each session where 2 hosts on a network exchange a set of messages is unique and cannot be replicated later.
        2. Timestamps
      5. Access Control

        1. This is ability to restrict access to certain computing resources.
        2. Firewall
        3. Access Control List
        4. Unix File Permission
      6. Authorisation

        1. This refers to the legitimate granting of access to computing resources to a human being or a host on a network.
        2. Passwords
  2. Encryption

    1. 2,3,4
    2. Inputs

      1. Plaintext
      2. Encryption Key
      3. Encryption Algorithm
    3. Cryptology

      1. Cryptanalysis
      2. Cryptography
    4. Algorithms Made Public

      1. By being made public they will be open to scrutiny from a very wide adudience. It is much more likely that any weaknesses will be discovered
      2. Making them publicly available means that they can be incorporated into networking protocols and other standards. This way their usefulness is maximised.
    5. Terms

      1. Ciphertext

        1. Attack

          1. Brute Force Attack
          2. Given Enough TIme, can always break an encryption
          3. Exploit a weakness of algorithm
      2. Symmetric Encryption

        1. Overview

          1. Security depends on the secrecy of the key
          2. the strength of encryption algorithm
          3. Algorithms made public
        2. Security Services

          1. Confidentiality
          2. Integrity
        3. Feistel Cipher Structure

          1. Block Size
          2. Key Size
          3. Number of Rounds
          4. Subkey Generation Algorithm
          5. Speed of Execution
        4. DES

          1. Feistel Product Cipher
        5. 3DES

          1. This is achieved by making the middle step of 3DES a DES decryption.
        6. AES

          1. Rijndeal
          2. Advanced Encryption Standard
          3. Steps
          4. Byte Substitution
          5. Shift Rows
          6. Mix Columns
          7. Add Round Key
        7. Cipher Block Modes

          1. ECB
          2. Electronic Code Book
          3. CBC
          4. Cipher Block Chain
          5. Initialisation Vector
          6. OFB
          7. CFB
          8. CTR
        8. Issues

          1. Key Management
          2. Key Distribution Center
          3. Kerberos
          4. Authentication Protocol
          5. Application Layer
          6. Requirements
          7. Secure
          8. Reliable
          9. Transparent
          10. Scalable
          11. Security Services
          12. Entity Authentication
          13. Authorisation
          14. Access Control
          15. Steps
          16. Shortcoming
          17. Server
          18. Authentication Server
          19. Ticket Granting Server
          20. Secure Key Exchange Protocol
          21. Diffie-Hellman
          22. Key Exchange Protocol
          23. Needham-Schroeder
          24. Key Generation
          25. The bit sequence in the key should be random
          26. TRNG
          27. True
          28. Physical
          29. PRNG
          30. Pseudo
      3. Asymmetric Encryption

        1. Public Key Encryption
        2. Security Services

          1. Confidentiality
          2. Message Authentication
          3. Entity Authentication
        3. Applications

          1. Encryption/Decryption
          2. Digital Signature
          3. Applications
          4. Time stamp, Nonce
          5. Digital Certificate
          6. Security Services
          7. Message Origin Authentication
          8. Integrity
          9. Hash Functions
          10. Unkeyed
          11. Keyed
          12. MAC
          13. Message Authenticator Code
          14. Operation
          15. Hashed MAC
          16. Hash Collision
          17. Birthday Attack
          18. Hash Standards
          19. SHA-1, SHA-2, SHA-3
          20. MD5
          21. Message Origin Authentication
          22. Non Repudiation (Origin)
          23. Trusted Third Party
          24. Key Exchange
        4. RSA
        5. Diffie Hellman

          1. Key Exchange Protocol
          2. No Built In Authentication
          3. man in the middle attack
          4. Trust Third Party
          5. X.509 Certificate
          6. Third Party Certificate
          7. Applications
          8. S/MIME
          9. Secure Multipurpose Internet Email
          10. IP Security
          11. SSL/TLS
          12. Secure Socket Layer / Transport Layer Security
          13. SET
          14. Secure Electronic Transaction
      4. Comparison
      5. Historical

        1. Caesar CIpher

          1. Frequency Analysis Attack
          2. Brute Force Attack
        2. Vigenere Cipher
    6. PKI

      1. Public Key Infrastructure
      2. X.509 Authentication

        1. Digital Signature

          1. Certificate uses the Digital Signature of the CA to authenticate the certificate
          2. Hashes
          3. Public Key Encryption
          4. Security Services
          5. Message Origin Authentication
          6. Integrity
          7. Non-Repudiation
        2. Digital Certificate

          1. Used for
          2. digital signature
          3. message encryption
          4. Characteristics
          5. Any B with access to CA’s public key can recover A’s public key that was certified.
          6. No party other than the CA can modify the certificate without this being detected.
          7. Revocation
          8. Validate Period
          9. can be renewed
          10. CA provides a list of revoked certificates
          11. Reason?
        3. Comparison

          1. Kerberos
          2. inside a large network
          3. X.509
          4. ideal for authentication and key exchange over the entire Internet
        4. Public Key Certificate
        5. Certificate Authorities

          1. Subtopic 1
      3. IETF

        1. Internet Engineering Task Force
      4. PKIX

        1. PKI system involving an X.509 Certificate
        2. System

          1. Certificate Authority
          2. A Certification Authority is charged with issuing Digital Certificates and Certificate Revocations Lists.
          3. End User and Entities
          4. Certificate Registry or Repository
        3. DIgital Documents

          1. Certificates
          2. Certificate Revocation Lists
    7. Effective Encryption
    8. Encryption Algorithms

      1. Operation

        1. Substitution
        2. Transposition
      2. Keys

        1. Symmetric (SIngle Key)
        2. Asymmetric (Public Key and Private Key)
      3. Way the plaintext processed

        1. Block
        2. Stream
      4. Product Cipher

        1. Substitution
        2. Transposition
        3. Swap
        4. Bit Inversion
        5. Circular Shift
        6. XOR
        7. Types

          1. Feistel Product Cipher
          2. Invertible and non invertible operation
          3. Non-Feistel Product Cipher
          4. only invertible operation
    9. Confusion and Diffusion

      1. Confusion

        1. Encryption Key
      2. Diffusion

        1. Plaintext
    10. Attack Types

      1. Ciphertext Only
      2. Plaintext
      3. Chosen plaintext
      4. Chose ciphertext
      5. chosen text
    11. Attack Methods

      1. Brute Force
      2. Exploit weakness in the encryption algorithm
  3. Authentication

    1. 4
  4. Access Restriction

    1. 6,11
  5. Secure Networking & Protocols

    1. 5,7,8,9,10,12
    2. Firewall

      1. Security Services

        1. Access Control
      2. Controls

        1. Service
        2. Direction
        3. User
        4. Behavior
      3. Capabilities

        1. Essential

          1. A single choke point for management of a network’s connection to the internet.
          2. A location for monitoring and logging security related events
        2. Other

          1. Network Address Translation (NAT)
          2. IPSec tunnel mode station (the other is transport mode)
      4. Limitations

        1. cannot protect against attacks bypass the firewall
        2. cannot protect against internal attacks
        3. cannot protect against the transfer of viruses
      5. Types

        1. Packet Filtering Firewall

          1. pro
          2. Simplicity
          3. Transparency To Users
          4. High Speed
          5. con
          6. Difficult of setting up packet filtering rules
          7. Lack of Authentication
          8. attacks
          9. IP Address Spoofing
          10. Fragmentation attacks
          11. Configuration
          12. Exclusive
          13. Inclusive
          14. Datalink, Network, Transport
        2. Circuit Level Firewall

          1. pro
          2. con
          3. SOCKS
          4. Session
        3. Apllication Level FIrewall

          1. pro
          2. Higher security than packet filters
          3. Only need to scrutinize a few allowable applications
          4. Easy to log and audit all incoming traffic
          5. caching web pages
          6. con
          7. additional processing overhead on each connection
          8. act as a replay of application-level traffic
          9. SQUID
          10. Application
      6. Bastion Host

        1. critical strong point in the network’s security
        2. serves as a platform for an application‐level or circuit‐level gateway
        3. Single Purpose Device
        4. Topology

          1. Packet Filtering Firewall Simple Topology
          2. SIngle Homed Bastion
          3. Dual Homed Bastion
          4. DMZ
      7. Malicious

        1. attach itself to other programme and copy itself
        2. Bacteria

          1. A malware program that deliberately replicates itself to consume large amounts of system resources
        3. Worm

          1. A worm propagates itself like a virus, but requires a network to be transmitted
        4. Trojan Horse

          1. masquerades as a useful legitimate program but which is actually designed for some other malevolent purpose
        5. Logic Bomb

          1. Similar to a Trojan horse but usually involve a legitimate program that has been deliberately modified by someone with access to the source code
        6. Trap Door

          1. A secret entry point into a program that allows access to resources controlled by the program
        7. Easter Egg

          1. A piece of code put in by the programmers writing a particular application that does something harmless
      8. Virus Type

        1. Parasitic
        2. Memory-Resident
        3. Boot Sector
        4. Stealth
        5. Polymorphic

          1. Subtopic 1
    3. Email

      1. PGP

        1. Pretty Good Privacy
        2. Key Rings

          1. Own Public/Private Keys
          2. Other user’s Public Key
        3. How PGP works?
        4. Secure Services

          1. Confidentiality
          2. encryption
          3. Integrity
          4. digital signature
          5. Message Origin Authentication
          6. digital signature
          7. Timeliness
          8. one time keys
        5. Email Services

          1. Compression
          2. pkzip
          3. Base 64/ Radix 64 Encoding
          4. Segmentation
        6. Techniques

          1. symmetric encryption
          2. public key encryption
          3. digital signatures
          4. genuine random numbers
        7. Keys and Key Rings

          1. One time session key used for symmetric encryption
          2. Public Key of Users
          3. Private key of Users
          4. Passphase based symmetric keys
        8. Key Distribution Mehtod

          1. Physical Deliver
          2. Mutual trusted friend
          3. Certifying Authority(CA) to verify the public key
        9. Certificates

          1. X.509
        10. Introducers

          1. a person sending a PGP certificate
        11. Trust Levels

          1. Full
          2. Partial
          3. None
      2. S/MIME

        1. Secure Multipurpose Internet Mail Extension
        2. Algorithms

          1. Message Digesting
          2. SHA-1
          3. MD5
          4. Digital Signatures
          5. DSS
          6. Secret Key Encryption
          7. Triple DES
          8. RC2/40
          9. Public-Private Key Encryption
          10. RSA
          11. Diffie Hellman
    4. Web

      1. Common Security Concerns

        1. Confidentiality of Communication
        2. Integrity of Communication
        3. Message Origin Authentication
        4. Non Repudiation Origin and Destination
        5. TImeliness
      2. User/Client Specific Concerns
      3. Webmaster Specific Concerns
      4. SSL/TLS

        1. Security Services

          1. Confidentiality
          2. Encryption
          3. Integrity
          4. HMAC
          5. Entity Authentication
          6. X.509 Certificate
          7. Message Origin Authentication
          8. Non-Repudiation (Server) (Origin)
          9. Timeliness
          10. Sequence Numbers,
        2. SSL

          1. Netscape
        3. TLS

          1. IETF
        4. Can receive data from any application layer program and pass it down to the transport layer.
        5. Communication Phases

          1. Establishment of the parameters for secure communication
          2. Handshake Protocol
          3. the secure exchange itself
          4. Record Protocol
        6. Protocols

          1. Handshake
          2. Cipherchange
          3. Alert
          4. SSL Record
        7. How Works?
      5. IPSec

        1. IPSec is the most widely used layer 3 (network layer) protocol for VPN implementation
        2. Security Services

          1. Confidentiality
          2. Integrity
          3. Data Origin Authentication
          4. TImeliness
          5. Traffic Flow Confidentiality
          6. Access Control
        3. Modes

          1. Transport
          2. Tunnel
        4. Layer

          1. Network
        5. Protocols

          1. Authentication Header (AH) Protocol (Provides Authentication Services)
          2. Encapsulating Security Protocol (ESP Protocol) (Provides Authentication and Encryption
        6. Algorithms

          1. Encryption
          2. 3DES
          3. RC5
          4. Rivest Cipher 5
          5. IDEA
          6. Three Key Triple IDEA
          7. CAST
          8. Blowfish
          9. Authentication
          10. HMAC-MD5-96
          11. HMAC-SHA-1-96
        7. Default automated Key Management Protocol

          1. Oakley Key Determination Protocol
          2. Internet Security and Key Management Protocol (ISAKMP )
        8. Benefits

          1. Transparent to application
          2. provide security to users
          3. Can provide security for all programs in and above layer 3
      6. VPN

        1. Virtual Private Network
        2. Essential Features

          1. Tunnelling
          2. Encapsulate
          3. Security
          4. Confidentiality
          5. Integrity
          6. Message Origin Authentication
        3. SSL / SSH

          1. Transport Layers
        4. Set Up Keys

          1. Manual Setup in a configuration file
          2. Key Exchange using the Oakley Key Exchange Protocol
    5. Intrusion

      1. Password

        1. One-way encryption
        2. Access Control
        3. Protection

          1. The purpose of salt
          2. Duplicate password don’t look the same in the password file
          3. Effective password length is increased by 2 characters
          4. Prevents hardware implementations of DES which could crack the password by a brute force attack
    6. Wireless

      1. Benefits

        1. Flexibility
        2. Reduce cost in some case
        3. Facilitate WiFi only device
      2. Disadvantages

        1. Security
        2. Possible Heath Effects
      3. CSMA/CD

        1. Carrier Sense Multiple Access With Collision Detection
      4. Wireless LAN Standards

        1. IEEE 802.11

          1. a,b,g,n,i
      5. Ethernet

        1. IEEE 802.3
      6. Organizations

        1. ITU-R
        2. IEEE
        3. Wi-FI Alliance
      7. Configurable Wireless Parameters

        1. 802.11x protocols
        2. Network Type

          1. Ad Hoc
          2. 1 Access Point
          3. BSS
          4. Basic Service Set
          5. Multiple Access Points
          6. ESS
          7. Extended Service Set
        3. Authentication

          1. Open
          2. Shared
          3. WEP
          4. Wired Equivalent Privacy
          5. Problems
          6. Master keys are used directly
          7. Key Management and updating is poorly provided
          8. Message integrity checking is ineffective
          9. WPA
          10. WiFi Protected Access
          11. PSK(Pre-sharedKey)
          12. WPA2
          13. SSID
          14. Shared Service Set Identifier
      8. Types of Attacks

        1. Rogue Access Points
        2. Man in the Middle Attacks.
        3. Denial Of Service
      9. Association

        1. Beacons
        2. Probes
        3. Authentication
        4. Stages of Process

          1. Probing
          2. Authentication
          3. Association