4.9.3.2 Internet security Flashcards
How does a firewall works (packet filtering)
Analyses incoming packets,
Packet filtering looks at header info to analyse whether the data is requested
Block/allow traffic on specific ports // block specific protocols;
Block/allow traffic from specific ip addresses/domain names
Firewall maintains information about current connections and only allows packets relevant to those connections.
Identifies unusual behaviour from a host e.g. sending unusually large amount of data.
Explain symmetric and asymmetric (private/public
key) encryption and key exchange.
Symmetric - uses one key to encrypt and decrypt, e.g caesar cipher
Asymmetric - using multiple keys to encrypt and decrypt.
Public / private key - A sender’s public and private key have a mathematical connection so that they can decrypt and encrypt data used together
Sender uses the receiver’s public key to encrypt their data, the receiver can decrypt the message using their private key.
Explain how digital signatures are obtained and used.
Because only the receiver’s keys are used to encrypt and decrypt the message, you can’t be sure who the sender of the message is, so they use a digital signature. A message hash is created where a message is run through a hashing algorithm to generate a unique number, which is sent to the receiver but encrypted with the sender’s private key. The receiver can decrypt with the sender’s public key which proves that the sender sent it because only the senders public and private key can decrypt the message hash and get the same number
Explain how digital certificates are used
Digital certificate / SSH - to make sure that you are requesting the correct public key and contacting the site you want, proving the connection is secure
A certificate organisation keeps certificates for websites and what their public key is. The organisation’s data on a website is encrypted with their private key and decrypted by the user using their public key, to prove that it is the certificate organisation. The keys from the website may be updated regularly
What are worms, trojans and viruses?
Viruses - all types of malware/ malicious software, e.g adware, spyware (tracking keystrokes, webcam, internet history)
Worms - Self-replicating virus, spreads itself around the computer that doesn’t have to be attached to another file
Trojan - malicious program hidden within a program to steal personal information
What are the purposes of the addition of the digital signature to the message.
Can detect unauthorised changes to a message.
Authenticate sender’s identity to confirm who has sent it.
What is stateful inspection?
Looks at the data inside the packet as well as the packet header. Search packets for specific contents / text and block/allow based upon this
What is a proxy server?
Connecting with another user so that the user will connect to a blocked website on your behalf.
A firewall acts as a proxy server // all traffic must go via firewall // stops computers on the Internet directly accessing devices on the LAN.
How does public / private key encryption work?
Steve requests Allan’s public key
Steve’s message is ran through a hashing algorithm to create a unique number, and it’s encrypted with Steve’s private key
Steve encrypts his message to Allan using Allan’s public key, and he sends a message hash
Allan decrypts the message using his own private key, and he decrypts the hash using Steve’s public key. Allan runs the hashing algorithm on the message, the number being the same proves the sender was Steve because only Steve’s public key can decrypt his encrypted message hash
