Skip to content

Security

There are only two types of companies: Those that have been hacked and those that will be hacked. – Robert S. Mueller III, former Director of the FBI.

1 Introduction

How security is your password? How many do you have and how do you manage them?

Information security is a critical aspect of today's digital age, as it encompasses the protection of sensitive data and systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The concept of information security is multifaceted and comprises several key elements, including privacy, authentication, authorization, integrity, non-repudiation, and availability.

  • Privacy is the right of individuals to control their personal information and to ensure that it is not disclosed to unauthorized parties. In the digital realm, privacy is crucial, as personal data is often collected, stored, and transmitted online. Information security measures, such as encryption and access controls, help to protect individual privacy and prevent data breaches.
  • Authentication is the process of verifying the identity of users, devices, or systems. This is achieved through various methods, including passwords, biometrics, and tokens. Authentication ensures that only authorized entities have access to sensitive information and systems.
  • Authorization is the process of determining what actions a user or system can perform once they have been authenticated. This includes access controls, such as role-based access control and mandatory access control, which ensure that users only have access to the resources and data they need to perform their tasks.
  • Integrity refers to the protection of data from unauthorized modification, deletion, or alteration. This is achieved through measures such as digital signatures, checksums, and data backups. Ensuring the integrity of data is critical, as any changes or alterations can compromise its accuracy and reliability.
  • Non-repudiation is the assurance that a sender of a message cannot deny having sent the message. This is achieved through digital signatures and certificates, which provide a tamper-evident record of transactions and communications.
  • Availability refers to the accessibility and usability of information and systems. This includes ensuring that systems are operational and accessible when needed, and that data is retrievable and usable.

Below is an example of Alice sending a confidential message to Bob. It illustrate the concepts of information security:

  • Privacy: Alice wants to ensure that only Bob can read the message, and no one else can access it. She uses encryption to protect the message, so even if an unauthorized party intercepts it, they won't be able to understand its contents.
  • Authentication: Before sending the message, Alice verifies Bob's identity through a digital certificate or password to ensure she's sending it to the right person.
  • Authorization: Alice checks Bob's access level and ensures he has the necessary clearance to receive the message.
  • Integrity: Alice uses a digital signature or checksum to ensure the message isn't tampered with or altered during transmission. When Bob receives the message, he can verify its integrity using the same digital signature or checksum.
  • Non-repudiation: Alice uses a digital signature that includes a timestamp and her unique identity, so Bob can verify the message came from her and when it was sent. This prevents Alice from denying she sent the message.
  • Availability: Alice ensures the message is stored on a reliable server and transmitted through a secure channel, so Bob can access it when needed.

To fully understand and effectively utilize security tools like encryption and digital certificates, it's essential to have a basic understanding of cryptography. Cryptography is the practice of protecting the confidentiality, integrity, and authenticity of information by using mathematical algorithms to transform it into an unreadable format, called ciphertext. This ancient art has evolved significantly over the centuries, and today, it plays a vital role in securing online transactions, communication networks, and digital data.

2 Symmetric Encryption

Symmetric encryption is a type of cryptography that uses the same secret key for both encryption and decryption. This means that the key used to lock the information is the same key used to unlock it. Symmetric encryption algorithms are fast, efficient, and widely used in various applications, including secure web browsing, email encryption, and digital signatures.

The process of symmetric encryption involves three main steps: plaintext, encryption, and decryption. The original information or data that needs to be protected is referred to as plaintext. The plaintext is then combined with the secret key using a mathematical algorithm, resulting in ciphertext. Finally, the ciphertext is combined with the same secret key using the same algorithm, restoring the original plaintext.

Symmetric Encryption

Source: Symmetric Encryption 101

Symmetric encryption has been a cornerstone of modern cryptography, providing confidentiality and integrity to data. Three algorithms have played a significant role in shaping the landscape of symmetric encryption: Data Encryption Standard (DES), Triple Data Encryption Algorithm (Triple DES), and Advanced Encryption Standard (AES).

  • Data Encryption Standard (DES): introduced in 1976, DES was the first widely adopted symmetric encryption algorithm. Developed by IBM, DES uses a 56-bit key and operates on 64-bit blocks. Its simplicity and speed made it an attractive choice for various applications. However, its short key length and vulnerability to brute-force attacks led to its eventual deprecation. DES was a pioneering effort in standardizing symmetric encryption. Its widespread adoption and use in various industries paved the way for future algorithms.
  • Triple Data Encryption Algorithm (Triple DES): introduced in the late 1990s, aimed to address DES's security concerns. It uses three separate 56-bit keys, effectively increasing the key length to 168 bits. This enhancement provided better security, but its performance was slower due to the multiple encryption and decryption processes. Triple DES served as a transitional algorithm, bridging the gap between DES and more secure alternatives.
  • Advanced Encryption Standard (AES): introduced in 2001, revolutionized symmetric encryption. AES uses a variable key length (128, 192, or 256 bits) and operates on 128-bit blocks. Its efficiency, security, and flexibility have made it the de facto standard for various applications, including data storage and online transactions. It is a modern algorithm used by HTTPS and SSH. HTTPS (Hypertext Transfer Protocol Secure) is a secure version of the HTTP protocol used for transferring data over the internet, using encryption and authentication to protect the integrity and confidentiality of online communications. SSH (Secure Shell) is a cryptographic network protocol used for secure remote access to a computer or server. It allows users to securely access and manage remote systems, transfer files, and run commands as if they were sitting in front of the remote machine.

Despite its advantages, such as speed and efficiency, symmetric encryption has two significant drawbacks that need to be addressed. A major challenge with symmetric encryption is securely distributing the secret key to all parties involved. This key must be kept confidential and secure, as its compromise would render the entire encryption process useless. Managing the keys becomes increasingly complex as the number of users grows. Each pair of users needs a unique key, leading to a large number of keys that must be securely stored and managed. Symmetric encryption does not provide non-repudiation. Since the same key is used for both encryption and decryption, it is impossible to prove which party encrypted the message, making it unsuitable for scenarios where proof of origin is required.

Let's consider a scenario where a group of 10 people need to communicate securely with each other using symmetric encryption. To share the symmetric key, they could try the following approaches:

  • Meet in person: This would require each person to meet with every other person individually, resulting in 45 separate meetings (10 people x 9 others = 90, but since each meeting involves two people, we divide by 2).
  • Share via email or messaging: This would require each person to send the key to every other person, resulting in 90 separate key transmissions (10 people x 9 others = 90). However, this method is insecure since the keys could be intercepted or compromised during transmission.
  • Use a central key server: This would require each person to trust the key server and connect to it to retrieve the shared key. However, this creates a single point of failure and a potential target for attacks.

As the number of users increases, the complexity of sharing symmetric keys grows exponentially. In a larger group, managing and securing the key exchange process becomes impractical. For example, with 100 users, each person would need to share the key with 99 others, resulting in 4,950 separate key exchanges (100 people x 99 others = 9,900, but since each exchange involves two people, we divide by 2). This highlights the scalability issue with sharing symmetric keys in large groups. In Internet that has millions of businesses and billions of users, sharing symmetric key is a an impossible mission. Asymmetric encryption and public-key cryptography offer a more efficient and secure solution for key exchange and management. Public key cryptography is often used with hashing algorithm for digital signature, thus we introduce the hashing algorithm first.

3 Hashing Algorithms

Hashing algorithms are a fundamental component of modern cryptography, playing a crucial role in ensuring data integrity, authenticity, and security. A hashing algorithm is a mathematical function that takes input data of any size and generates a fixed-size output, known as a hash value or digest. This output is unique to the input data and is designed to be irreversible, meaning it is computationally infeasible to recreate the original input data from the hash value. The key characteristic of a hashing function is that it is a one-way function, meaning it is:

  • Deterministic: Given the same input, it always produces the same output.
  • Non-invertible: It is computationally infeasible to reverse-engineer the original input from the output hash value.

3.1 Hashing Algorithm Applications

3.1.1 Data Integrity

Hashing ensures that data is not tampered with or altered during transmission or storage. For instance, when downloading a software update, a hash value is generated and sent along with the update. The recipient can recalculate the hash value and compare it with the sent value to ensure the update was not tampered with during transmission. An example is software downloading introduced in the next section.

3.1.2 Data Indexing

Hashing enables efficient data indexing and retrieval, as hash values can be used to quickly identify and locate specific data records. Imagine a library where each book has a unique code (hash value) and is placed on a specific shelf (hash table). Instead of searching through all the shelves, you can directly go to the shelf that matches the book’s code. Instead of searching through all the shelves, you can directly go to the shelf that matches the book’s code.

Hash Indexing

Source: Wikipedia

3.1.3 Password Storage

Hashing is used to store passwords securely, making it difficult for attackers to obtain the original password. When a user creates a password, a hash value is generated and stored instead of the actual password. When the user logs in, the input password is hashed and compared with the stored hash value to authenticate the user. This way, even if an attacker gains access to the stored hash values, they cannot obtain the original passwords.

Password Hashing

Source: Authgear

bcrypt in the above picture is a popular password hashing function because it allows the computational cost to be increased as computational power grows, enhancing security.

3.2 The Role of Hashing in Ensuring Data Integrity: A Case Study on Downloading Software

Data integrity is a critical aspect of ensuring the reliability and trustworthiness of digital information. With the increasing reliance on digital systems, it is essential to guarantee that data remains unaltered and uncorrupted during transmission and storage. Hashing is a widely used technique that plays a vital role in ensuring data integrity.

When downloading software, it is crucial to ensure that the file is not tampered with or altered during transmission. Hashing provides a robust solution to this problem. On the server-side, a hash value is generated using a hashing algorithm, such as SHA-256, for the software update file. This hash value is a unique digital fingerprint that represents the file's contents. The server then sends the software update file and the corresponding hash value to the client. The hash value is made public to all in a trustable place such as the software company's web site.

On the client-side, the received software update file is recalculated to generate a new hash value. This recalculated hash value is then compared with the received hash value from the server. If the comparison matches, it ensures that the software update file was not tampered with or altered during transmission. However, if the comparison does not match, it indicates that the file was modified or corrupted during transmission, and the client can alert the user or take appropriate action.

Hash for data integrity

Source: Tutorial Point

For example, the download page of the popular open source Apache Web server lists hash codes for different hashing algorithms.

4 Asymmetric Encryption

In the realm of cryptography, asymmetric encryption has emerged as a game-changer, offering unparalleled security and flexibility in secure communication. Unlike its symmetric counterpart, which relies on a shared secret key, asymmetric encryption employs a pair of keys: one public and one private. This innovative approach has transformed the way we protect sensitive information, enabling secure communication over public channels. Asymmetric encryption offers several advantages over symmetric encryption. Firstly, it eliminates the need for a shared secret key, making it ideal for scenarios where secure key exchange is challenging. Secondly, it enables digital signatures, allowing individuals to authenticate the source and integrity of messages. Finally, it facilitates key exchange and secure communication over public channels, such as the internet.

One of the most popular asymmetric encryption algorithms is RSA, widely used for secure web browsing, email encryption, and digital signatures. Other notable algorithms include Elliptic Curve Cryptography (ECC) and PGP (Pretty Good Privacy). Secure Web Browsing (HTTPS) is based on ECC to provide encryption and authentication for Web.

4.1 Key Concepts

The fundamental principle of asymmetric encryption is based on the concept of key pairs. A user first generate a pair of keys that consists of a public key and a private key from a large random number.

Key Generation

Source: Wikipedia

4.1.1 Public Key

A public key is a cryptographic key that is freely accessible to anyone. It is used for encryption, allowing anyone to send secure messages to the owner of the corresponding private key. Public keys are typically shared openly and are used to encrypt data, verify digital signatures, and establish secure connections. Characteristics of Public Keys:

  • Publicly available
  • Used for encryption
  • Not sensitive, shared openly

4.1.2 Private Key

A private key, on the other hand, is a cryptographic key that is kept confidential and secure. It is used for decryption, allowing the owner to access encrypted messages and data. Private keys are sensitive and must be protected from unauthorized access to prevent compromise. Characteristics of Private Keys:

  • Kept confidential: it is computationally impossible to find out the private key from its public key
  • Used for decryption, digital signature, and key exchange
  • Sensitive, not shared publicly

4.1.3 Public Key Encryption

In a public-key encryption system, anyone can use the public key to lock (encrypt) a message, but only the person with the matching private key can unlock (decrypt) it to read the original message.

Public Key Encryption

Source: Wikipedia

4.2 Authentication

A common application of asymmetric encryption is user authentication. Following is a simplified authentication process:

  1. Generate Key Pair: Create a linked public and private key pair for the user.
  2. Bind Identity: Associate the public key with the user’s identity (e.g., username, email) and store this information in the service provider’s database.
  3. Send Challenge: When the user requests access, the server sends a random challenge (nonce) to the user.
  4. Sign and Verify: The user signs the challenge with their private key and sends the signature to the server. The server verifies the signature with the public key. If valid, the user is authenticated and granted access.

4.2 Key Exchange

Public key and private key can be used in a key exchange protocol to create a shared key for symmetric encryption. The Diffie-Hellman (DH) key exchange protocol is a secure way for two parties (let's call them Alice and Bob) to share a secret key without actually sharing the key itself. This protocol is important for modern cryptography because it allows Alice and Bob to communicate securely over public channels.Here's how it works:

  • Alice and Bob agree on some mathematical parameters (like algorithm version and key length etc).
  • They use these parameters to generate two keys: a public key and a private key. They keep their private keys secret, but share - their public keys openly.
  • Alice and Bob exchange their public keys over a reliable channel (like a trusted messenger or a secure Web site).
  • They use each other's public keys and their own private keys to calculate a shared secret key. This shared key is never sent in plain text, so it remains secure.

Key Exchange

Source: Wikipedia

The beauty of the DH key exchange protocol lies in its ability to establish a secure shared secret key without actually exchanging the key itself. This eliminates the risk of the key being intercepted or compromised during transmission. A key exchange protocol like Diffie-Hellman or RSA is used to create a session key. A session key is a temporary, symmetric encryption key used for secure communication between two parties during a single session or transaction. Session keys provide improved security by limiting the exposure of the long-term secret key. This is essential because long-term secret keys are highly sensitive and need to be protected from unauthorized access. If a long-term secret key is compromised, it can lead to a complete breakdown of the security system. Session keys, on the other hand, are temporary and are used for a single session or transaction. This means that even if a session key is compromised, the damage is limited to that specific session, and the long-term secret key remains secure. Session keys also facilitate efficient key management. In any secure communication system, key management is a critical component. Managing long-term secret keys can be complex and cumbersome, especially in large-scale systems. Session keys simplify key management by minimizing the number of long-term secret keys that need to be stored and managed.

Key exchange protocols are widely used in almost everywhere in today's digital communication:

  • Secure Internet Communication: Diffie-Hellman is a fundamental component in TLS and SSL protocols, enabling secure connections between web browsers and servers.
  • Wi-Fi Security: The Diffie-Hellman key exchange enables secure connections between devices and access points in Wi-Fi networks.
  • Remote Access Protocols: Remote desktop protocols often use Diffie-Hellman to establish encrypted communication channels between remote users and servers.
  • Virtual Private Networks (VPNs): VPNs commonly use Diffie-Hellman to establish secure communication channels over the Internet.
  • Secure Messaging: Many messaging applications, including Signal and WhatsApp, use Diffie-Hellman to protect the privacy of conversations.
  • Email Protection: Several email security protocols (e.g., Pretty Good Privacy (PGP) or its open standard OpenPGP) use Diffie-Hellman to ensure safe key exchanges.
  • Voice over Internet Protocol (VoIP): VoIP services use Diffie-Hellman to establish secure communication channels for voice and video calls.
  • Secure File Transfers: SSH (Secure Shell) and SFTP (Secure File Transfer Protocol) use Diffie-Hellman for secure key exchanges when establishing a secure channel for data transfers.

4.3 Digital Signature

The use of private keys and public keys in digital signatures is a fundamental aspect of asymmetric cryptography. This technology enables secure communication over the internet by providing authentication, integrity, and non-repudiation.

Private keys play a crucial role in generating digital signatures. When a sender, Alice, wants to send a secure message to Bob, she uses her private key to encrypt the hash of the message. This creates a digital signature that is unique to the message and Alice's private key. The digital signature is then sent along with the original message. On the receiving end, Bob uses Alice's public key to decrypt the digital signature. Bob also hashes the received message using the same algorithm as Alice. He then compares the decrypted digital signature with the newly generated hash. If the two values match, Bob can be certain that the message came from Alice and was not tampered with during transmission.

Digital Signature

Source: Wikipedia

The PGP protocol is a prime example of how private keys and public keys facilitate digital signatures. PGP uses a combination of symmetric and asymmetric cryptography to ensure secure communication. The digital signature is generated using the sender's private key and is verified using the sender's public key. This ensures that the message is authentic and has not been tampered with. In addition to authentication and integrity, digital signatures also provide non-repudiation. This means that the sender cannot deny having sent the message, as the digital signature serves as proof of their involvement. This is particularly important in legal and financial transactions, where authenticity and accountability are crucial.

4.4 Bitcoin User ID and Digital Signature

Bitcoin, the pioneering cryptocurrency, has revolutionized the way we think about money and financial transactions. One of the fundamental components of Bitcoin's decentralized and secure nature is its use of public key cryptography to identify users.

The process of identifying users in Bitcoin begins with the generation of a key pair, consisting of a private key and a public key. The private key is kept secret, while the public key is shared with others. The public key serves as a unique identifier, allowing users to receive bitcoins and participate in the Bitcoin network. From the public key, a bitcoin address is generated through a series of mathematical operations, providing a shorter and more convenient version of the public key. The bitcoin address, starting with 1 or 3, is a string of letters and numbers (For example, 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa) that is used to receive bitcoins. When a user wants to receive bitcoins, they share their bitcoin address with the sender, who uses this address to send bitcoins. The bitcoin network then verifies that the sender has the private key corresponding to the public key used to receive the bitcoins, ensuring that the transaction is secure and legitimate.

Digital Signature

Source: Wikipedia

The use of digital signatures in Bitcoin is a crucial component of the cryptocurrency's decentralized and secure nature. When a user initiates a transaction in Bitcoin, they create a message that includes the sender's and recipient's public addresses, the amount of bitcoins to be transferred, and other relevant information. This message is then hashed using a cryptographic hash function, such as SHA-256, to create a fixed-length digest. The user's private key is then used to sign the hashed message, generating a digital signature. This digital signature is unique to the transaction and the user's private key, ensuring that the transaction is authentic and cannot be tampered with. The digital signature is then broadcast to the Bitcoin network, where it is verified by nodes using the user's public key. If the digital signature is valid, the transaction is considered authentic and is combined with other verified transactions in a block. The block is then added to the blockchain, a decentralized and public ledger that records all Bitcoin transactions.

4.4 PKI

Public Key Infrastructure (PKI) is a crucial component of modern cryptography, enabling secure communication, authentication, and digital signatures over the internet. It builds the secure infrastructure for Web based on public-key cryptography. The concept of PKI dates back to the 1970s, when cryptographers introduced the idea of public-key cryptography. This revolutionary concept enabled secure communication over public channels, using a pair of keys: a public key for encryption and a private key for decryption. Over the years, PKI evolved to address the growing need for secure online transactions, authentication, and digital signatures.

The first PKI systems emerged in the 1980s, with the development of X.509, a standard for digital certificates. The structure of X.509 digital certificates includes the subject's identity, public key, and algorithm, as well as the issuer's identity and digital signature. A Certificate Authority (CA) plays a crucial role in the issuance of digital certificates, which are essential for secure online transactions and communication.

One of the critical steps in this process is the validation of a Certificate Signing Request (CSR). The process has the following steps:

  • Step 1: Receipt of Certificate Signing Request (CSR). The Certificate Authority (CA) receives the CSR from the applicant through a web interface or email.
  • Step 2: Validation of CSR. The CA validates the CSR to ensure it meets the required format and contains all necessary information, such as: Applicant's public key, Name, Email address. This step prevents errors and ensures the CSR is complete.
  • Step 3: Verification of Applicant's Identity. The CA verifies the applicant's identity through documentation, such as: Business registration, Articles of incorporation, and/or Government-issued ID. This step establishes the authenticity of the applicant and ensures the digital certificate is issued to a legitimate entity.
  • Step 4: Verification of Domain Ownership (for SSL/TLS certificates): The CA verifies the applicant's ownership of the domain name through: DNS records, Email verification, or other means. This step ensures the digital certificate is issued to the rightful owner of the domain, preventing potential security breaches.
  • Step 5: Issuance of Digital Certificate. If validation and verification steps are successful, the CA issues a digital certificate containing: Applicant's public key and Identity information (use id, email address, domain name).
  • Step 6: Signing of Digital Certificate. The CA signs the certificate using its private key, creating a digital signature that verifies the certificate's authenticity.
  • Step 7: Delivery of Signed Certificate. The CA sends the signed certificate to the applicant, who can then install it on their server or device.

Certificate

Source: Automate the Local Certificate Authority Registration with Python

PKI operates on a hierarchical trust model, with a Root CA at the top, issuing certificates to intermediate CAs, which in turn issue certificates to organizations, individuals, or devices. This hierarchy ensures that each certificate is traceable back to a trusted Root CA. How could one get the public key of a Root CA (there are multiple Root CAs)? Pre-installed trust stores in operating systems and browsers provide a convenient starting point. These trust stores come with a collection of trusted Root CA public keys, regularly updated to include the latest additions. This approach ensures that most users have access to trusted Root CA public keys without needing to take additional steps. Alternatively, users can visit the CA's website to download the Root CA public key. Most CAs provide their Root CA public keys in the form of a certificate or PEM file, making it easily accessible. This approach requires some technical knowledge but provides a direct path to obtaining the necessary public key. Public key repositories, such as the Mozilla Public Key Repository or the Apple Root Certificate Program, offer a centralized collection of trusted Root CA public keys. These repositories provide a convenient way to access a wide range of Root CA public keys, making it easier to establish trust in digital certificates.

PKI serves several purposes, including:

  • Secure Communication: PKI enables secure communication over public channels, ensuring confidentiality, integrity, and authenticity of data. For example, online banking and e-commerce transactions rely on PKI for secure communication. When you access your online bank account, PKI ensures that your login credentials and financial data remain confidential and tamper-proof.
  • Authentication: PKI verifies the identity of individuals, organizations, and devices, ensuring trust and credibility in online transactions. For instance, digital certificates issued by a trusted CA authenticate the identity of a website. When you visit a website with a digital certificate, your browser verifies the certificate, ensuring that you are communicating with the genuine website and not an imposter.
  • Digital Signatures: PKI enables digital signatures, allowing individuals to sign documents and messages electronically, ensuring non-repudiation and authenticity. Digital signatures are used in legal documents, contracts, and digital agreements. For example, when signing a digital contract, your digital signature ensures that you cannot deny having signed the document.
  • Encryption: PKI facilitates encryption, protecting sensitive data from unauthorized access. Encryption ensures that even if data is intercepted, it cannot be read or accessed without the decryption key. For instance, when you send sensitive data over the internet, PKI enables encryption, ensuring that only the intended recipient can access the data.

5 Malware

Malware is a general term used to describe any type of malicious software that is designed to harm or exploit a computer system or its data. Malware can take many forms, including viruses, worms, trojans, spyware, adware, ransomware, and botnets.

  • Virus: A self-replicating program that attaches itself to a file or program on a computer. Viruses can cause damage to a computer's operating system, files, and data. Example: The "I Love You" virus, which spread through email attachments and infected millions of computers in 2000.
  • Worm: A self-replicating program that can travel from computer to computer without needing to be sent as an attachment. Worms can consume bandwidth and overload computer systems. The Morris worm, also known as the Internet worm of November 2, 1988, was one of the first computer worms to gain significant mainstream media attention. The worm exploited several vulnerabilities of targeted systems, including weak passwords, and was initially programmed to check each computer to determine if the infection was already present.
  • Trojan: A program that appears to be legitimate but actually contains malicious code. Trojans can allow hackers to access a computer system remotely. Example: The "Zeus" Trojan, which was used to steal banking credentials and was found on over 1 million computers in 2010.
  • Spyware: A program that secretly monitors and collects personal information about a user, such as browsing history and credit card details. Example: The "Aurora" spyware, which was used to track user activity and was found on millions of computers in 2011.
  • Adware: A program that displays unwanted advertisements on a computer, often in the form of pop-ups or banners. Example: The "Bonzi Buddy" adware, which displayed pop-up ads and was installed on millions of computers in the early 2000s
  • Ransomware: A program that encrypts a user's files and demands payment in exchange for the decryption key. Example: The "WannaCry" ransomware, which infected over 200,000 computers in 2017 and demanded a ransom in bitcoin.
  • Botnet: A network of computers that have been infected with malware and can be controlled remotely by a hacker to conduct malicious activities. Example: The "Mirai" botnet, which was used to conduct massive DDoS attacks in 2016 and was made up of over 600,000 infected devices.
  • Rootkit: A program that hides malware from the operating system and security software, allowing it to remain undetected. Example: The "Sony Rootkit", which was included on music CDs in 2005 and installed a rootkit on users' computers without their knowledge.
  • Logic Bomb: A piece of code that is designed to cause havoc only when a specific set of circumstances occur. Example: The "Stuxnet" logic bomb, which was designed to destroy Iranian nuclear centrifuges and was discovered in 2010.
  • Backdoor: A secret entry point in a computer system that allows hackers to access the system without being detected. Example: The "Shadow Brokers" backdoor, which was discovered in 2016 and allowed hackers to access NSA hacking tools.
  • Keylogger: A program that records every keystroke made on a computer, often used to steal sensitive information like passwords. Example: The "Ghost RAT" keylogger, which was used to steal sensitive information and was found on millions of computers in 2011.

5.1 How Can Malware Break Into Your System?

Don't be scared by the many types of malware because they are just different harms they can do after breaking into your system. The best protection is understanding the ways malware can break into you system and block those ways. Malware can break into a system through four primary entry points:

  • Vulnerable System: Security bugs vulnerabilities in software or operating systems, or outdate systems allowing malware to gain access.
  • Download and Install Infected Software: Downloading software from untrusted sources, which may bundle malware.
  • Social Engineering (Phishing): Tricking users into revealing login credentials or installing malware through emails, messages, or social media.
  • Weak Passwords: Using easily guessable passwords, allowing hackers to gain access.

5.2 Antivirus Software ?

Many books and people tell you that antivirus software is an essential tool in protecting your digital security because it prevent malware from infecting your system. However, the author of this book would argue that it is wrong: it cannot prevent malware from infecting your system because it cannot detect any NEW malware (virus or worms). For example, if Microsoft Apple, or Google system has a security bug that is exploited by a worm, how could antivirus software know it? If a user want to install a new virus that only still your email address, how could antivirus software prevent it?

And it comes with the cost of anti virus software to provide real time protection. Two big costs are subscription fee and resource utilization. The antivirus software can consume system resources (CPU, memory, etc.), potentially slowing down your computer by 20%, more or less. If you can following the following best practices, your system is safe.

5.3 Protection

To prevent malware infections and keep your system safe, it's essential to:

  • Keep your system and software up-to-date - simply turn on auto system updates.
  • Don't download software from untrusted sources. Be cautious with emails and messages, and avoid suspicious links or attachments.
  • Use strong, unique passwords and enable two-factor authentication.
  • Don't leak your password to untrusted ones.
  • Have multiple data copies.

6 DOS and DDOS

The terms DOS (Denial of Service) and DDOS (Distributed Denial of Service) refer to types of cyberattacks that aim to make computer resources or networks unavailable by flooding them with traffic or exploiting vulnerabilities. A DOS attack is a type of cyberattack where an attacker attempts to make a computer or network resource unavailable by flooding it with traffic or exploiting a vulnerability. This is typically done by sending a large amount of data or requests to the targeted system, overwhelming its resources and causing it to slow down or crash. For example, a website may be flooded with a large number of requests from a single source, causing the server to become overwhelmed and unavailable to legitimate users. Similarly, an attacker may exploit a vulnerability in a network device, causing it to malfunction and deny service to users.

On the other hand, a DDOS attack is a type of DOS attack where the traffic or requests come from multiple sources, often compromised devices or bots. This makes it difficult to block the attack by simply blocking a single source IP address. For instance, a group of compromised devices (bots) may be used to flood a website with traffic, causing it to become unavailable. Similarly, a DDOS attack may be launched against a gaming server, causing it to slow down and become unresponsive to players. The key difference between DOS and DDOS attacks is the source of the traffic or requests. DOS attacks come from a single source, while DDOS attacks come from multiple sources. This makes DDOS attacks more difficult to mitigate, as it is harder to block traffic from multiple sources. Additionally, DDOS attacks are often more sophisticated and may use multiple vectors to attack the targeted system. Real-world examples of DDOS attacks include the 2016 attack on a DNS provider, which caused widespread outages and slow loading times for popular websites. Another example is the 2018 attack on GitHub, which peaked at 1.35 Tera bps and was one of the largest DDOS attacks on record.

Preventing Distributed Denial of Service (DDOS) attacks requires a comprehensive approach to ensure the security and availability of networks and systems. Three essential measures to prevent DDOS attacks are network infrastructure, Content Delivery Networks (CDNs), and network monitoring and auditing. Firstly, network infrastructure plays a critical role in preventing DDOS attacks. Firewalls and Intrusion Prevention Systems (IPS) are essential components of network infrastructure that help detect and block malicious traffic. Firewalls act as a barrier between the internet and the internal network, controlling incoming and outgoing traffic based on predetermined security rules. IPS, on the other hand, inspect traffic and identify potential threats, blocking them before they can cause harm. By implementing firewalls and IPS, organizations can significantly reduce the risk of a successful DDOS attack. Secondly, CDNs are a vital measure to prevent DDOS attacks. CDNs distribute traffic across multiple servers, reducing the load on individual servers and making it more difficult for attackers to overwhelm the network. CDNs also help filter out malicious traffic and provide real-time monitoring and analysis to quickly identify and respond to potential threats. By using CDNs, organizations can ensure that their websites and applications remain available and secure, even in the face of a DDOS attack. Lastly, network monitoring and auditing are crucial measures to prevent DDOS attacks. Network monitoring involves real-time monitoring of network traffic to detect potential threats and anomalies. Auditing involves regular security assessments to identify vulnerabilities and address them before they can be exploited. By monitoring network traffic and conducting regular security audits, organizations can quickly identify and respond to potential threats, minimizing the risk of a successful DDOS attack.

7 Security Policies

Can you play video games on a company computer? Is your email on a company computer private? The answer is, it depends. Company policies and acceptable use agreements vary, and some may permit personal use,

Computer security policies are essential for any organization that uses computer systems and networks. These policies outline the rules and guidelines for employees to follow to ensure the security and integrity of the organization's computer systems and data. As an employee, it is important to understand and adhere to these policies to prevent unauthorized access, data breaches, and other security threats. First and foremost, employees should familiarize themselves with the organization's computer security policies and procedures. This includes understanding the acceptable use policy, password policy, and incident response plan. Employees should also be aware of the consequences of violating these policies, which can include disciplinary action, termination, or even legal action.

In today's digital age, companies have a vested interest in ensuring the security and integrity of their computer systems and networks. As such, it is not uncommon for companies to monitor and inspect employee computers and email accounts. This practice is often met with controversy, as some employees may feel that it infringes upon their privacy. However, companies have a legitimate interest in protecting their assets and ensuring that employees are not engaging in misconduct or illegal activities.