Jan 26, 2018
updated at: May 28, 2019
The goal of security:
Confidentiality / \ / \ / \ Auditing & / \ Non-Repudiation Accountability / \ / \ / \ /_______________\ Integrity Availability
In depth types:
Common Sense and Experience
Example: Employees should have a strong password.
|Acceptable Use Policy||What you can and can not do on company assets.|
|Access Control Policy||TODO|
|Password Policy||Example: If someone loses their password.|
|Data Sensitivity and Classification Policies||You have to define the importance of your data.|
Example: A password should have an Uppercase, numbers and a special character.
Impact : Harm caused by a threat.
Risk acceptance : Likelihood and impact is less than the actual cost of mitigating.
A bunch of protocols securing a connection point2point.
2 types of IPSEC:
This only provides integrity. It will add an AH header to am ip packet and hash it (HMAC).
AH TCP DATA IP_ADDRESS
Encrypting the full ip packet with DES, 3DES or AES. and then put a header on it.
AH TCP DATA IP_ADDRESS
There is also something called tunnel mode it will add a new ip address left to AH, this is used most of the time when talking about IPSEC.
NEW_IP_ADDR AH TCP DATA ORIGINAL_IP_ADDRESS
The protocol that makes all this security work is ISAKMP (internet security association and key management protocol).
IPSEC is used in VPN, RADIUS and TACACUS+.
Works at the application layer.
Web proxies speed up web traffic by caching, they can block websites, monitor the traffic, etc.
Is kind of a proxy except the feature set is different and more focussed on anti-malware.
A IPS runs between a switch and a router this is what I mean with inline. An IDS runs just inside the network and mostly on servers.
Summary: A firewall filters, IDS notifies and an IPS acts to stop.
Extensible authentication protocol is an authentication framework frequently used in wireless networks and PPP.
Well known EAP's:
2 things needs for VPN:
Simple network management protocol.
Data is controlled by the administrator, data is controlled by labels.
The owner of the data defines the access.
access to resources is defined by a set of rules defined by an admin.
Cryptography is the the practice of taking information and obscuring it / hiding it in such a way that a third party can't read it.
You always have an algorithm and a key.
Both parties share the same key.
2 kind of Symmetric algorithms:
Cut off a block of data, encrypt it send it, take the next block.
AES (advanced encryption standard) (ssl, ssh intern)
1 bit at a time
public key and different private keys.
ECC (eliptic curve Cryptography)
Diffie helman -> key exchange protocol
ssh is a protocol not a math function
encrypting on the internet -> TLS protocol
Hiding text inside other things where you normally don't look, fe. images
In terms of website security, there is also a private and public key. The server will send you a public key to send and receive data from the server but how do you as a client know for sure it's the right public key?
The server will encrypt the webpage with its private key and then hash it. You will get the public key, the hash and the webpage. You can encrypt and hash the webpage to and compare the hash (also known as the digital signature.)
So it's all based on trust:
You can do this 3 ways:
TODO lookup PKI
How does public key infrastructure works:
based on hierarchy:
CA (issues certs)
is an Organization they will have a root certificate.
o root cert 0 0 0 interneddiate 0 0 0 0 0 client
the thing is B trust A, C trust B so you will get a secure chain.
interneddiate (to take the load of CA) clients
How to check bad cert:
Online certificate status protocol replaces certifacte revocation list1