ASSIGNMENT 2
CS6525 NETWORK SECURITY
1.
Generally, the horse of Trojans is coded programs coded for the purpose of harming the computer devices which appears to be harm free, but when the code is executed by users, the data & file systems are corrupted leading to damaging the computer devices.
Preventions
The quality of monitoring system is very important, so that its used to scan & detect different kind of attacks preventing them from striking the system.
Safety parameters should be taken while establishing any connection with the systems.
We shouldn’t allow any work station to access which cannot be trusted.
Software update in the workstations should be very regular, as the hackers can intrude the older version assuming it’s still running, newer versions of software cannot be updated that easily.
Strong passwords prevent the access of unauthorized intruders to the workstation.
Flaws in Kerberos
• Authentication
…show more content…
Right after this process of Kerberos Alice will be receiving two kinds of messages from the system of Kerberos
The first one is contained of the session-key for the encrypted Alice- B0b using the Alice- TGS session-key.
Secondly, the next one will be contained of similar session-key as Alice & B0b’s but the difference is it’s obtained by using the B0b- TGS’s secret-key.
Alice is able to extract from the session-key &decrypt the message sent first.
Alice will also be sending the next message to B0b, and now bob is able to extract from the same kind of session-key &decrypt the message.
Now they both will be having the same kind of session-keys.
Therefore this key will used for further more mode of communication in between both of them.
5.
PKI is abbreviated as the Public-Key infrastructures, which is a system of cryptographic mechanisms, wherein we will have to use mainly two kinds of keys, they are:
Public-key o This is being shared.
Private-key o This is kept secretive. o Utilizes asymmetric form of
Change Cipher Spec: - This protocol is used to change the keying material used for encryption between the client and server. Keying material is raw data that is used to create keys for cryptographic use. The Change Cipher Spec sub-protocol consists of a single message to tell other party in the SSL/TLS session, who is also known is the peer that the sender wants to change to a new set of keys.
STEP 4: The screenshot below shows the screenshot of the decryption of database in crypt 12 format using the same secret key generated by the
! for troubleshooting access-list 111 permit icmp any 192.168.1.0 0.0.0.255 echo access-list 111 permit icmp any 192.168.1.0 0.0.0.255 echo-reply
Since the system/application domain involves business’s mission-critical systems and applications, as well as data, it is important to ensure security of this domain. Failure to do so can result in a large loss of information and can ultimately lead to the cease of productions. This will ensure the protection of confidential data and its integrity. By implementing monitoring software tools, this will analyze any potential vulnerability that may exist on the
OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections and remote access facilities. OpenVPN allows authentication using certificates or username/password. OpenVPN can work in two different modes regarding encryption. It can use static encryption or Public Key Infrastructure (PKI). The advantage of static encryption is that it is very easy to configure. The disadvantage of this type setup is that if your encryption key is compromised, all VPN data can easily be decrypted. The PKI mode resolves many of the issues static encryption has. It
B. Key Generation: The key generation phase takes set of attributes S as input and the secret key equivalent to S is produced as output. Initially, it selects a random number from . Then, it calculates the key as
The hash is encrypted with Person A’s Private Key (in this case it is known as the Signing Key) to create the Digital Signature.
PKI supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data over networks and verifies the identity of the other party. It enhances the security of data by
Key: It is the information used to decrypt the data known only by sender and receiver
Tripartite authenticated key agreement protocols are also called one round key authenticated protocols for key agreement based on pairings. Joux proposed a tripartite generalization of the Diffie-Hellman protocol using bilinear pairings in 2009. This protocol requires one round of communication and is unauthenticated. It is simpler than the group Diffie-Hellman protocol that requires two broadcasts per member. In a single pass, a common key is constructed using pairings. Every member is allowed to talk once and broadcast some data to the other two participants in a single pass of
In secret key cryptography, same key is used for encryption and decryption. In this same encryption key is used by both sender and receiver. For example sender uses key “123” for encryption then receiver also have to use same key that
Where D stands for decryption, K stands for the key, E stands for encryption, M stands for encrypted text. In case the key is the same for both encryption and decryption procedures, the decryption process leads to the same plain text as the original text before encryption.
In this example the AES 256 bit cipher is used but you can use other
Kerberos: Kerberos is a windows and UNIX authentication protocol which is used to provide strong authentication for client and host in an open networks. It use secret encryption keys for the authentication mechanism. Secret key are stored in a key distribution center and act as a trusted third party. Kerberos services can be divided into two session, TGT services and TGS service. In TGT services, Authentication between client and host using the active directory takes place and TGS services, which generate session tickets for a valid TGT. By using Kerberos, client can prove its identity to server across an insecure connection because it using strong encryption keys.
There can be several key 's in a given relation, that can be identified uniquely. Those can be called Candidate keys.