NET-180 Week 3: Chapter 8

Encryption can be used at rest (such as an encrypted storage device) as well as for transmitting information (such as SSL/TLS or SSH).

Symmetric encryption uses a single key to encrypt and decrypt messages.  

Asymmetric encryption uses paired keys: a public key that is shared with message senders, and a private key that is kept secret and is used by the recipient to decrypt their messages received that are encrypted with its matching public key.  This arrangement can also be used to verify that a public message has not been tampered with, by comparing the hashed (encrypted) message generated by the public key with the plaintext.  If the hashed output does not match the original text, the message has been altered in some way, possibly by adding or removing characters, or sometimes just because of using different encoding schemes, such as ANSI, UTF-8, etc.  One downside of asymmetric encryption compared to symmetric encryption is that a message to multiple recipients has to be re-encrypted with each recipient's public key, which takes additional time.

It is usually only necessary to encrypt data at rest if physical security does not adequately protect the data.  An example of data that does not typically need to be encrypted under normal circumstances is a picture of a cat or dog that is going to be posted to a public website.  An example of data that normally would be encrypted at rest (as well as in transit) is medical records.  A clever and unorthodox use of encryption is to publish a scientific paper in encrypted form prior to verification of the findings, then publish the key after the findings were verified.  This technique was popular with Nikolai Kopernik, Galileo Galilei, and many of their colleagues.  

Comments

Post a Comment

Popular posts from this blog

NET-180 Week 6: Mobile Security

This week I learned more about mobile devices in the workplace.  I was already familiar with the fact that a rogue access points being used by attackers frequently interpose themselves (a man-in-the-middle attack) between a legitimate access point and their targets.  One thing that has changed over time is that many vendors of wireless hardware use different default passwords for wireless networks, although there are still plenty that do not (and need to step up their game).  I also did something that I enjoy doing, which is comparing different networking hardware and daydreaming about how I might set it up.  One device I researched but didn't write about because it doesn't have as many features as I'd want in a router is the mesh system Google Wifi.  It has good performance and security, but has fewer adjustments that can be made.  It doesn't support upload quality of service, for example.  It also can't be set up or configured with a laptop or deskto...
Read more

NET-180 Week 4: Chapter 5

Note: The title refers to the chapter listings in the syllabus. This week I have been reminded the importance of strong passwords or passphrases with many characters (8 is a minimum, but more is better), and many different types of characters, such as numbers and exclamation points, ampersands, etc.  I also learned about how to actually use a picture password, which I hadn't used since I did not have a touchscreen or trackpad on any Windows PC I have.  It just consists of drawing some kind of pattern on a picture instead of typing something. Picture passwords are good for touchscreen devices (a variant of them seem to be quite popular on Android), but can be difficult to draw with a mouse.  I already had learned about using PINs as a quick login method if you don't want to type a long password every time you lock the screen of you device, but do want to leave it locked if you're leaving it unattended.  So far I use a PIN on one Windows PC at the moment, since I can...
Read more

NET-180 Week 5: Internet Security

This week I learned more about some of the things that can be done to secure two fairly common browsers, Microsoft Edge and Google Chrome.  Turning on the options to protect against dangerous sites if these options are not already on is a good choice.  I also was reminded about private browsing features, which can come in handy if you don't want to reveal what gifts you just ordered for a family member on a shared computer, for example.  Private browsing prevents history and cookies from being kept permanently on your computer.  If you want to keep your Internet Service Provider (ISP) from knowing which websites you visit (which they can sell to advertisers), you'll have to use a VPN. Using a VPN is especially advisable if AT&T or Verizon is your ISP, since both of them are particularly known for snooping on this information.  HTTPS is very helpful for protecting your data, but your ISP (and DNS provider) can still find out which servers you're getting conte...
Read more