4.9 - Internet Security Flashcards
What is a firewall?
A firewall is a device that sits between a computer and the Internet.
They can either be software or hardware and work as a PROXY SERVER which can perform both PACKET FILTERING and STATEFUL INSPECTION.
Explain packet filtering.
Packet Filtering is a method used by firewalls to accept and block packets based on their source IP address or the protocol that they are using (determined by their port number).
IP addresses or protocols can be specified by network administrators or automatic filtering software that can block suspicious packets.
Explain Stateful Inspection.
Stateful Inspection is a method used by firewalls to examine the contents of a packet before deciding whether to allow it through the firewall.
Explain Proxy Servers.
Proxy Servers are servers that sit between a public network and a private network. They managed every packet that passes between the two networks.
Firewalls can be said to act as proxy servers when they control the movement of packets between public and private networks.
When a device in a private network sends a packet through a firewall and into a public network, the packet’s sender address is that of the firewall, rather than the devices private IP address. This provides some degree of anonymity to devices on private networks as their private address is never sent beyond the private network.
What is symmetric encryption?
In symmetric encryption, both the sender and receiver share the same private key. This key is used to both encrypt and decrypt data sent between the two parties.
Before exchanging any information, the sender and receiver must perform a key exchange to ensure that they both have a copy of their shared key. If the key is shared over a network, it is vulnerable to interception.
What is asymmetric encryption?
In asymmetric encryption, four different keys are used for encyrption and decryption. Each member of the party has a pair of mathematically related keys, one of which is kept secret (private key) and the other shared on the internet (public key).
When a message is encrypted with a private key, only the corresponding public key can decrypt it and vice versa.
What are digital signatures?
In asymmetric encryption, a digital signature can be used to verify the sender of a message and to verify that a message has not been tampered with during transmission.
Explain the process of assigning a digital signature to a message.
- A digest of the message is created (by hashing or checksum algorithm). The value of the digest will depend on the content of the message and will not be the same if the message gets changed.
2.The digest is encrypted with the senders private key (which can be decrypted with the senders public key) - The encrypted digest is appended to the message
- The message and appended digest are encrypted with the recipients public key, meaning that only the recipient can decrypt the information.
- When the recipient receives the message they decrypt it using their private key, leaving them with the decrypted message and an encrypted digest as shown with the image on the right.
- As the digest was encrypted using the senders private key in stage 2, it can be decrypted using the senders public key. This verifies that the message was really sent by the sender as only they have access to their private key.
- The recipient then carries out the same hashing or checksum algorithm on the message and checks whether their result matches the now decrypted digest. If everything matches, the recipient can be certain that the message was sent by the sender and hasn’t been tampered with or corrupted during transmission.
What is a digital certificate?
A digital certificate verifies ownership of a key pair used in asymmetric encryption and can be used to check that a fake key pair isn’t being used by an imposter.
Issued by certificate authorities, they contain a serial number, owners name, expiry date, the owners public key and the certificate authority’s digital signature.
What are worms?
Worms are pieces of malicious software that can self replicate between computers, either within a network or by users downloading and running a malicious file.
What are trojans?
Trojans are types of malware that are disguised as a harmless benign file, that users can be tricked into opening.
What are viruses?
Viruses are