Comprehensive Analysis of Cryptography and Network Security Concepts

Verified

Added on 2023/06/08

AI Summary

This document presents a comprehensive solution to a homework assignment addressing key concepts in cryptography and network security. The assignment delves into replay attacks, explaining their mechanics and outlining effective countermeasures such as session keys and timestamps. It then critiques the four fundamental goals of secure networking: confidentiality, integrity, availability, and non-repudiation, providing illustrative examples for each. The solution further explores firewall technologies, specifically explaining how Stateful Packet Inspection (SPI) firewalls handle connectionless UDP protocols. Finally, it defines security baselines and elucidates their importance in organizational security, emphasizing their role in monitoring network activity and measuring the impact of architectural changes. The document provides detailed explanations and credible references to support its analysis.

Running Head: QUESTIONS AND ANSWERS 1
QUESTIONS AND ANSWERS
Student Name
Institution Affiliation
Facilitator
Course
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

QUESTIONS AND ANSWERS 2
Topic 2 - Cryptography
Discuss replay attacks and ways to thwart them.
Basically, replay attacks take place when a hacker eavesdrops on a secured network while
there is a communication process in progress, intercepts that communication and the fraudulently
delays and resends the message after altering it in order to lure the receiver to do what the hacker
wants (Alegre, Janicki & Evans, 2014). The dangerous fact about this hacking method is that the
hacker does need to have decrypting skills after capturing the message from the network because
the attack is fully successful by simply sending the whole message.
How it takes place
Considering a real world example of an attack where a staff member in a company sends
a message to another staff member requesting for financial transfers with an encrypted message,
when an attacker eavesdrops on the message and captures it and later resends it, the receiver on
the other end of communication channel with take this message as legit because it is correctly
encrypted and the possibility of responding to this new message is very high unless he or she is
very conscious (Hoehn & Zhang, 2016).
Preventing this type of an attack entails having right encryption methods. This is in
consideration to the fact that en encrypted message has keys within it and when it is decoded at
the other end of transmission, the message is opened. So in this case, it doesn’t matter whether
the attacker intercepting the original message can read it or decipher the key. All he has to do is
to capture and resend the whole thing, message and the key (Hoehn & Zhang, 2016). To prevent
this, both the receiver and the sender are supposed to establish session keys which are random in

QUESTIONS AND ANSWERS 3
form of codes that are valid for only one transaction and can’t be used anymore after the first
transaction.
Also, replay attack can be prevented by the use of timestamps on all the messages being
send from the sender to the receiver and vice versa. This hinders the attacker from resending
messages after certain time duration elapses, hence minimizing the chances of the attacker for a
successful eavesdrop, message siphoning and resending of that message (Hoehn & Zhang, 2016).
Topic 3 - Network Security fundamentals
Critique the four general goals for secure networking using suitable examples.
The first Network Security goal is Confidentiality and whose role is to protect
organization data (both in storage and in motion) from landing on unauthorized hands.
Confidentiality ensures that data is only available to the intended and the authorized persons
(Behringer et al, 2015). Organization data can therefore be accessed by only the individuals who
are permitted. However, this goal has a weakness in that it does not cover the personification
aspect. For that matter, if an unauthorized person manages to steal passwords from an authorized
person, he or she will be able to access the system.
Integrity is the second goal after confidentiality; this goal aims at assuring and
maintaining data accuracy and consistency. Its role Integrity is to ensure that system data is both
accurate and reliable and that it cannot be changed by any unauthorized person (Ambrosin et al,
2016). The data being received by the second party in a case of communication must be same
just as the one which had been sent, without any alteration. This does not take care of the
incidences of eavesdropping.

QUESTIONS AND ANSWERS 4
The third goal is the availability. This goal ensures that Data, all the network resources
and other services are readily available to the authorized users at any time they require it. For
that matter, if an unauthorized person manages to steal passwords from an authorized person, he
or she will be able to access the system (Luan, Lu, Shen & Bai, 2015).
The last goal is Nonrepudiation, that ensures the identity of network users is recorded and
kept safely for future responses and that any person who might have been involved in any
suspicious activity won’t be able to deny (Luan, Lu, Shen & Bai, 2015).
Topic 5 – Firewalls
UDP is connection-less. How is it possible for an SPI firewall to handle UDP connections?
Explain.
SPI firewall which fully stands for Stateful Packet Inspection is a high level security
mechanism used to check packets and keep track of all the connection states within a network.
SPI firewall provides various advantages within a network environment. First, it keeps track of
all the states of different network connections, enables detailed inspection on the packet states
within a network environment and lastly but not least, it enhances dynamic protection against
malicious packets that may penetrate into a network through the connections.
SPI firewalls can treat UDP communications as if they were stateful by treating some
certain UDP messages as connection opening attempts (Vijayakumar, Dade, Thomas & Verma,
2014). If subsequent messages match the connection table for the UDP packet, the incoming
UDP packet will be passed.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

QUESTIONS AND ANSWERS 5
In other words, the information on connectionless sessions will be kept within the same
session table just like in the case of TCP traffic. Then, timeout values are used to allow closure
of the sessions if either application layer protocols are unknown, are hindering execution of
termination commands or have encountered communication errors. If the application layer
gateway is applied, then the firewall understands the protocols under this layer and can therefore
see when the session closed shut, the session will therefore get closed out immediately.
Topic 6 - Host hardening
What is a security baseline? Why is it important in the context of organizational security?
Security Baseline refers to the set of rudimentary security objectives that must be upheld
by any information system. Those objectives must be pragmatic and fully complete to ensure that
they don’t impose other technical means (Schory, Raz & Gonda, 2015). For that matter, the
details outlining how those security objectives are met by any system are documented in a
different Security Implementation Document. The details depend on the functional environment
where the system is arrayed into, creatively using and applying all relevant security measures.
There is also a possibility of derogations from security baselines which must be clearly marked
(Bauer et al, 2016).
Importance of security baselines in the context of organizational security
Monitoring Unusual Network Activity
If there is a huge spike on network traffic, there could arise some form of volumetric
denial of service attack. But security baselines are able to do more than that. For instance, a
normal traffic pattern within a network indicates that a network is being used to access a CRM

QUESTIONS AND ANSWERS 6
system, e-mail, and maybe Internet. However, if there is a sudden traffic from the user’s
computer to an accounting server could mean that such a computer has been hacked and a certain
malware is trying to access and interfere with financial information (Schory, Raz & Gonda,
2015). Any abnormal traffic is therefore first directed towards the quarantining endpoint courtesy
of security baseline and that greatly helps in mitigating risks on the network as well as
minimizing the damages which would occur as a result of breach.
Measuring Changes within a Network
Baselines help in measuring the impacts of architectural changes within an organization
network infrastructure. For instance, a company using traditional MPLS network can set its
baselines to monitor traffic flow over its WAN links (Schory, Raz & Gonda, 2015). The baseline
can be used to help in understanding whether the business is spending the network rightfully or
over-spending it. Also, for an organization that is aspiring for WAN optimization, the baseline
can be reset to measure its bandwidth ‘before’ and ‘after’ use. Through that, the organization
can adjust the circuit size being purchased in order to reduce high spending on network.
References
Alegre, F., Janicki, A., & Evans, N. (2014, September). Re-assessing the threat of replay
spoofing attacks against automatic speaker verification. In Biometrics Special Interest
Group (BIOSIG), 2014 International Conference of the (pp. 1-6). IEEE.
Hoehn, A., & Zhang, P. (2016, July). Detection of replay attacks in cyber-physical systems.
In American Control Conference (ACC), 2016 (pp. 290-295). IEEE.

QUESTIONS AND ANSWERS 7
Behringer, M., Pritikin, M., Bjarnason, S., Clemm, A., Carpenter, B., Jiang, S., & Ciavaglia, L.
(2015). Autonomic networking: Definitions and design goals (No. RFC 7575).
Ambrosin, M., Conti, M., Ibrahim, A., Neven, G., Sadeghi, A. R., & Schunter, M. (2016,
October). SANA: secure and scalable aggregate network attestation. In Proceedings of
the 2016 ACM SIGSAC Conference on Computer and Communications Security (pp. 731-
742). ACM.
Vijayakumar, R., Dade, N. S., Thomas, J., & Verma, A. (2014). U.S. Patent No. 8,826,413.
Washington, DC: U.S. Patent and Trademark Office.
Schory, O., Raz, O., & Gonda, O. (2015). U.S. Patent No. 9,137,204. Washington, DC: U.S.
Patent and Trademark Office.
Bauer, E., Schluga, O., Maksuti, S., Bicaku, A., Hofbauer, D., Ivkić, I., ... & Tauber, M. (2016).
Towards a Security Baseline for IaaS-Cloud Back-Ends in Industry 4.0.
HE, L., JIA, Q. J., LI, C., & XU, H. (2016). College of Land and Resources, Agricultural
University of Hebei; College of Rural Development, Agricultural University of Hebei;
College of Resources and Environmental Sciences, China Agricultural University;
Baoding Institute of Ecological Civilization of Hebei;; Calculation on ecological security
baseline based on the ecosystem services value and the food security [J].
Luan, T. H., Lu, R., Shen, X., & Bai, F. (2015). Social on the road: Enabling secure and efficient
social networking on highways. IEEE Wireless Communications, 22(1), 44-51.
Vijayakumar, R., Dade, N. S., Thomas, J., & Verma, A. (2014). U.S. Patent No. 8,826,413.
Washington, DC: U.S. Patent and Trademark Office.