Topic 9.3.2 Internet Security Flashcards
What does a firewall do
Sits between the device and the Internet and checks the packets passing through it.
Can be either software or hardware
Can work as a proxy server which can perform packet filtering and stateful inspection
Sender addresss in a packet is the firewalls address so has some degree of anonymity.
What is a proxy server and how does it work
A computer system which acts as a gateway between the user and the internet.
Has its own IP address
Client sends a request for webpage to proxy server
Fetches webpage from cache if previously retrieved
If not then it will fetch webpage from target server
Forwards webpage back to the client
Benefits of a Proxy Server
Privacy - hides client’s IP address making it hard to track online activitity
Security - Blocks malicious and harmful websites and protects against cyberattacks like DDos
Performance - Fetches webpage from cache if possible
Content filtering - Adult or Social media sites (useful in schools or businesses)
Bypass geographical restrictions - If a webpage/video is blocked in your country, a proxy will retrieve it by going through different proxies in different locations.
How does Packet Filtering work
Firewalls use packet filtering to accept or block packets based on the sender’s IP address.
Network Admin can block specific IP addresses (blacklisting)
How does Stateful Inspection work
Examines the contents of a packet to decide whether it will allow or block packet.
Some firewalls keep a record of connections in a network, so they can filter out unrelated packets.
Explain encryption
When information needs to be sent securely over a network or the internet, encryption is used.
Explain Symmetric (Public Key) Encryption
Both the sender and receiver will share the same private key.
So this key is used to encrypt AND decrypt data.
Explain Key Exchange
Before any information is sent, the sender and receiver must participate in a key exchange, so that both have a copy of the key.
IF the key is exchanged over a network it is VERY vulnerable to interception so high security risks
This is used in public key encryption but not in private key encryption
Explain Asymmetric (Private key) Encryption
4 different keys are used.
Each device has a pair of mathematically related keys.
The Private key is kept seret and the Public Key is shared on the internet.
When a message is encrypted with the Public Key, only the corresponding Private Key can decrypt it.
Before a message is sent, it is encrypted using the recipient’s public key. So only the recipient can decrypt the message.
Example in use:
Bob sending Steve a message
BOB encrypts message using STEVE’s PUBLIC key.
STEVE receives message and uses his PRIVATE KEY to decrypt the message
What is the purpose of a digital signature
In Asymmetric Encryption
To verify the sender of the message
To check that the message has not been tampered with during transmission
How do digital signatures work
A digest (result) of the message is created by hashing the message with a hash function
The digest is encrypted with the SENDERS PRIVATE key which can be decrypted with the SENDERS PUBLIC key.
The recipient (or anyone) can view the digest but only the recipient will be able to verify if it matches the original message by hashing the original message and seeing if the digest is the same.
In simpler terms, only the sender can create the digest and only the recipient can verify if it matches the message, meaning nobody can tamper with the message and get away with it.
So Asymmetric Encryption using digital signatures is very secure.
What is the purpose of a Digital Certificate.
Verifies ownership of a pair of keys used in asymmetric encryption
Checks that a fake pay of keys isn’t being used by an attacker.
How do Digital Certificates work
Person generates a pair of keys
Person send a Certificate Signing Request (CSR) to its Certificate Authority (CA) with its public key and personal details
CA verifies the person’s identity
CA issues digital certificate containing
public key
validity period
CA’s digital signature
Person presents certificate to Recipients
Recipients verifies CA signature using CA public key to see if valid and in validity period
Then the two entities can communicate.
Define Malware and list examples
AKA Malicious Software, refers to any software intentionally designed to harm, exploit or disrupt computer networks and devices.
Worms, Trojans and Viruses are common types of malware.
Explain worms and the vulnerabilities they exploit
Similar to viruses however they can replicate spread without any need for human interaction.
If they replicate enough without being removed they can:
Cause traffic congestion, shutting down whole networks
Consume system resources (CPU, memory) leading to slower performance
Delete and corrupt files leading to important data loss
They exploit out of date systems with out-of-date virus scanners and fewer security updates
