Security - What are the principal ways to secure a wireless network?

Securing a wireless network is as important as securing wired networks, and in many cases even more since it can be easier to tap into a wireless network. One or the other time all of us might have used a WiFi network which might be unsecure (highly unsecure, or may have recent holes that are not yet patched). But this would not do much harm if you are just honestly looking for connecting to the internet. If you own an unsecure wireless network, you should know that everyone is not honest as you are. Attackers with bad intentions can know what activities are taking place in your network and how your network resources can be exploited.  This problem can be fixed by following some basic principles of securing your wireless network:
- WEP and WPA encryption: Encryption is the first line of defense that you can call up for the security of your network. The data that your PC transmits to the wireless router is encoded. But usually what happens is that in most of the routers this option is disabled. You first need to check if it is enabled or not. If you keep it disabled, it will expose your network to several vulnerabilities. You should keep the encryption in enable mode and use the strongest form that is supported by your computer. WPA2 is more sophisticated when compared to WPA. WEP can be easily cracked and so it has been replaced by the most recent version of WPA i.e., the WPA2. One thing to be taken care of is that all the devices should have either WEP or WPA if you are using either of them. These two protocols cannot be mixed and used. The WEP uses the same key every time but this is not the case with the WPA. Here the keys keep on changing dynamically. This makes it almost impossible to hack. The encryption key must have a strong password like a combination of numbers and letters of more than 14 characters. If your computer has an old router that supports only WEP, use the 128-bit WEP key as it is the safest. But you should continuously keep checking for a firmware update at the manufacturer’s website. This update will provide WPA support to WEP. If no update is available, you can replace the old routers and the adapters with their new models that provide support for WPA. It’s better to go with hybrid version of the routers that support both WPA and WPA2. This will provide stronger encryption at the same time while maintaining compatibility with the other adapters.
It should be made sure that the default network name as well as the password have been changed. Doing so will make it difficult for the hackers to break int o the system and change its configuration. Even if you do have a firewall in the router, additional security measures have to be taken. The firewall does not lets the hackers break in to the system. But it does not stop people that lie in to the geographical range of wi-fi from accessing the network. There are readily available tools that can be used for sniffing the traffic through your wireless networks. To supplement the security, the software firewall should also be installed on the computer. Public hotspots are typically very unsecure.  If there are no precautions it should be assumed internet traffic whether incoming or outgoing is visible to the attackers. Before connecting to the network always make sure that is a legitimate one, make sure that the firewall is enabled. And keep the file sharing option to off. You can check whether you have selected the appropriate security options in the firewall settings. These are some tips to increase your security level when dealing with WiFi.

What are the different types of attacks that network face?

With a lack of security measures and checks in the right place, we put our data to risk of various types of attacks, with many of these attacks of the level that there could be significant data loss, as well as the data could be stolen (and when this data is something sensitive such as credit card numbers or social security numbers, then it is a very serious matter).
Attacks are of two types namely active attacks and passive attacks. The active attacks involve altering the information with an intention of destroying or corrupting the network and the data. If you do not have a security plan in place your network and data are vulnerable to these types of attacks. In this article we discuss about few of such attacks:
- Eavesdropping: Generally most of the network communications occur in a format that is very unsecure (i.e., clear text). This gives a chance to the attacker to gain access to all the available data paths in that network for interpreting or listening to the traffic. Eavesdropping on someone’s communication is referred to as snooping or sniffing. The eavesdropper gets a great chance for monitoring the whole network which has become a great cause of concern for the administrator of an enterprise. There are services that are based on cryptography and can prevent this type of attack. With a lack of strong encryption data can be read or traversed by the eavesdropper.
- Data modification: After the data has been read by the attacker or eavesdropper, altering this data is his/ her next step. Without coming to the knowledge of the receiver and the sender, the data in the packet can be modified by the attacker. Even if confidentiality is not required in all the communications, it is a must that any of the messages should not get modified in the transition.
- IP address spoofing (identity spoofing): The computer’s IP address is used by most of the operating systems and the network for identifying whether an entry is valid or not. In some cases, a false assumption of the IP address is possible. This is called identity spoofing. Some special programs might be used by the attacker for constructing the IP packets that might seem to come from the systems that are inside the intranet of the corporate. After the attacker gains the access to a network having a valid IP address, he/ she might reroute, delete or modify the data.
- Attacks based up on passwords: Password based access control is a common denominator of many network security plans and operating systems. By this we mean that your user ID and password determine your access rights. However, it is possible that protection to this identity information is not provided by older applications as they might be validated when passed through the network. This might give a chance to the eavesdropper who poses as an authorized user for gaining access to the data. Whenever a valid user account is found by the attacker, he/ she gets the exact rights which are possessed by the real user. Now suppose if the user is admin of the network, then attacker gets the same rights as the admin and can create accounts for subsequent use. After gaining access to an account, the attacker can get lists of the authorized users and network info. He can make changes in the configurations, routing tables and access controls of the networks and servers.
- Denial – of – service attack: This attack prevents a valid user from using the network or the computer. By means of this attack the attention of the staff can be diverted from the internal information systems so that they don’t get to know about the intrusion. In the meantime attacker can make more attacks. Invalid data can be sent to the network services or applications. He can even overload the whole network so that it shut down.

What are secret-key and public-key signatures?

- Asymmetric cryptography is often referred to as the public-key cryptography. 

- It is a cryptographic algorithm which makes use of two individual keys namely the secret key and the public key. 

- The secret is kept private and the public key is open. 

- Even though these two keys are different, there is some mathematical link between the two. 

- The key which is used for the encryption of the plain text and verification of the digital signature is the public key. 

- So, the private key is one that is used for the decryption of the cipher text in to plain text or for creation of a digital signature. 

- Both these keys are contrast of each other unlike in the symmetric cryptography where the same key serves both the purposes. 

- The public keys are created based up on some mathematical problems for which presently there is no efficient solution such as the following:

Ø  Elliptic curve relationships

Ø  Discrete logarithms

Ø  Integer factorization

- Generating the public and the private key pair is computationally easy for the users. 

- The strength of the public keys lies in the fact that determining the private key from its public key is computationally in feasible or almost impossible. 

- Thus, without fearing any compromise with the security, the public key can be published whereas the private key is kept hidden from everyone so as not to reveal it to anyone who does not has authorization for performing the digital signatures or reading the messages. 

- Unlike for the symmetric key algorithms, a secure initial exchange of the secret keys is not required for the public key algorithms. 

- In the process of message authentication, a private key is used for processing a message for producing the digital signature. 

- After doing so, the signature can be verified by anyone by processing the value of the signature using the corresponding public key of the signer. 

- The result is then compared with the message. 

- The unmodified nature of the message is confirmed a success signal. 

- Also, it is presumed that the private key of the signer has been kept hidden from the others. 

- However, in practical applications, the message’s digest or hash is encrypted and used as the signature. 

- The fundamental security components of the cryptosystems, protocols and applications are the public key algorithms.

These systems underpin the following internet standards:

Ø  PGP

Ø  GPG

Ø  TLS or transport layer security

- Secrecy as well as Key distribution is provided by some of the public key algorithms such as the Diffie-Hellman key exchange algorithm while some algorithms like Digital signature algorithm provide the digital signature and some others offer both the things.

- An example of such algorithm is RSA. 

- All these algorithms have been widely accepted. 

- A pair of cryptographic keys (i.e., a public key for encryption and a private key for decryption) is provided to each of the users. 

- Similarly, for digital signatures the pair of keys consists of a private key for signing and a public key for verification. 

- The concept of the private key has been introduced so as to ensure the confidentiality. 

- The digital signatures can be verified by anyone possessing the corresponding public key. 

- With such a confirmation it is confirmed the private key is possessed by the sender. 

- This is also a way to confirm that no tampering has been done to the message. 

- If the message has been tampered, it will introduce changes in the encoded message digest. 

- Mail box having a mail slot and a personal wax seal can be taken as an analogy to public – key encryption and digital signatures respectively. 

What are two fundamental cryptography principles?

In this article we shall discuss about the two fundamental principles that govern a cryptographic system. 

1. Redundancy

- Some redundancy must be there in all the encrypted messages. 

- By redundancy here, we mean the information that is not required for understanding the message reducing the chances for a passive intruder to make attacks. 

- Passive intruder attacks involve putting the stolen information to misuse without understanding it. 

- This can be more easily understood by an example of a credit card. 

- The credit card number is not alone sent over the internet rather it is accompanied by other side info such as the DOB of the card holder, its validity date and so on. 

- Including such info with the card number cuts down on the changes for making up the number. 

- Adding a good amount of redundancy prevents the active intruders from sending garbage values and then getting it verified as some valid message. 

- The recipient must be capable of determining whether the message is valid or not by  doing some inspection and simple calculation. 

- Without redundancy the attackers would simply send junk message and the recipient will decode it as a valid message. 

- However, there is a little concern also with this. 

- N number of zeroes must not be put at the beginning or the end of the message for redundancy because such messages become easy to be predicted thus facilitating the crypt analysts work.

- Instead of zeroes, a CRC polynomial can be used because it proves to be more work. 

- Using cryptographic hash might be even better.

- Redundancy has also got a role to play in quantum cryptography. 

- Some redundancy is required in the messages for the bob to determine if the message has been tampered. 

- Repetition of the message twice is a crude form of redundancy.

- If the two copies are found to be identical, the bob states that somebody is interfering with the transmission or there is a lot of noise. 

- But such repetition process to be expensive. 

- Therefore, for error detection and correction the methods used are reed Solomon and hamming codes.

2. Update

- Measures must be compulsorily taken for the prevention of the attacks by active intruders who might play back the old messages. 

- The longer an encrypted message is held by an active intruder, the more is the possibility that he can break in to it. 

- One good example of this is the UNIX password file.

- For anybody who has an account on the host, the password is accessible. 

- A copy of this file can be obtained by the intruders and they can then easily de-crypt the password.

- Also, the addition of the redundancy allows the simplification of the messages’ decryption.

- It must be checked whether the message has been sent recently or is an old one. 

- One measure for doing so is including a time stamp of few seconds in the message. 

- This message then can be saved by the recipient for that many seconds and can be used for comparing with the incoming messages and filtering the duplicates.

- Messages which exceed this time period will be rejected as being too old.

Apart from the above two principles the following are some other principles of cryptography:

Ø Authentication: For ensuring that the message was generated by the sender itself and no one else so that no outsider can claim as being the owner of the message.

Ø Integrity: In cryptography, the integrity of the messages must be preserved while sending the message from one host to another. This involves ensuring that the message is not altered on the way. Using cryptographic hash is a way to achieve this.

Ø  Non-repudiation

What is Wifi technology? How does it work?

- Wifi has emerged as a very popular technology. 

- This technology has enabled the electronic devices to exchange information between them and to share the internet connection without using any cables or wires. 

- It is a wireless technology. 

- This technology works with the help of the radio waves. 

- The Wifi is defined as a WLAN (wireless local area network) product by the wifi alliance that is based on the standards defined by IEEE (802.11 standards). 

- Most of the WLANs are based upon these standards only and so this technology has been named as wifi which is the synonymous with the term WLAN. 

- The wifi-certified trademark might be used by only those wifi products which have the complete certification for the wifi alliance inter-operability. 

- A number of devices now use wifi such as the PCs, smart phones, video game consoles, digital cameras, digital audio players, tablet computers and so on. 

- All these devices can connect to the network and access internet by means of a wireless network access point. 

- Such an access point is more commonly known as a ‘hotspot’. 

- The range of an access point is up to 20 m. 

- But it has a much greater range outside.  

- An access point can be installed in a single room or in an area of many square miles. 

- This can be achieved by using a number of overlapping access points. 

- However, the security of the wifi is less compared to the wired connections for example Internet.

- This is so because a physical connection is not required by an intruder. 

- The web pages using SSL have security but the intruders can easily access the non-encrypted files on the internet. 

- It is because of this, that the various encryption technologies have been adopted by the wifi. 

- The earlier WEP encryption was weak and so was easy to break.

- Later, came the higher quality protocols such as the WPA2 and WPA. 

- The WPS or the wifi protected set up was an optional feature that was added in the year of 2007. 

- This option a very serious flaw which is that it allowed the recovery of the password of the router by an attacker.

- The certification and the test plan has been updated by the wifi alliance for ensuring that there is resistance against attacks in all the devices that have been newly certified.

- For connecting to a wifi LAN, a wireless network interface controller has to be incorporated in to the computer system.

- This combination of the interface controller and the computer is often called as the station. 

- The same radio frequency communication channel is shared by all the stations.

- Also, all the stations receive any transmission on this channel. 

- Also, the user is not informed of the fact that the data was delivered to the recipient and so is termed as the ‘best–effort delivery mechanism’. 

- For transmitting the data packets, a carrier wave is used. 

- These data packets are commonly known as the ‘Ethernet frames’. 

- Each station regularly tunes in to the radio frequency channel for picking up the transmissions that are available. 

- A device that is wifi enabled can connect to the network if it lies in the range of the wireless network. 

- One condition is that the network should have been configured for permitting such a connection. 

- For providing coverage in a large area multiple hotspots are required. 

- For example, wireless mesh networks in London. 

- Through wifi, services can be provided in independent businesses, private homes, public spaces, high street chains and so on. 

- These hotspots have been set up either commercially or free of charge. 

- Free hotspots are provided at hotels, restaurants and airports. 

What is a transposition cipher method?

- The transposition cipher method is one of the cryptography methods used for securing the communication from eavesdroppers. 

- This method of encryption shifts the positions of the units or letters of the plain text based up on some regular system so that a permutation of the plain text is generated. 

- This permuted plain text is termed as the cipher text. 

- Thus, the cipher text is generated by changing the order of the units. 

- Mathematically the following functions are used:

Ø  Bijective function: For encryption of the character’s position and

Ø  Inverse function: For decrypting the message

Now we shall see about some of the implementations of the transposition cipher:

1. Rail fence cipher: 

- This form of the transposition cipher has been named so because of the way that it follows for encoding.

- Here, the characters of the plain text are written on the successive rails in a downwards manner of some imagined fence.

- Then, we move upwards once getting to the bottom. 

- For reading the message, it is taken in rows.

2. Route cipher: 

- In this form of transposition cipher, a grid of given dimensions is taken on which the characters of the plain text are written out. 

- Then, the message is read based up on the pattern mentioned in the key. 

- For example, the pattern might be inwards spiral in clockwise direction starting from topmost right.

- The route ciphers may use many keys unlike the rail fence cipher. 

- In fact, the number of keys used for enumerating the messages of reasonable length by modern machinery might be too great. 

- Also, it is not necessary that all the keys might be good in equal terms. 

- Excessive chunks of the plain text might be left if bad routes are chosen. 

- Also, the plain text might be simply reversed, thus giving a clue to the crypt analysts about the routes. 

- The union route cipher is a variation of the traditional route cipher. 

- The difference between the two is that this one transposed the whole words unlike route cipher which transposed individual letters.

- But since transposing the whole words could expose them, they were first hidden by a code.

- The entire null words might be added for adding humor to the cipher text.

3. Columnar transposition: 

- In this form of transposition cipher, a fixed length is determined for the rows in which the message is written. 

- But for reading the message a column by column approach is followed where some scrambled order if followed for choosing the columns. 

- A keyword is chosen which is used for defining the permutation of the columns as well as the width of the rows. 

- The spare spaces might be filled with the null characters in case of the regular columnar transposition. 

- On the other hand, in these spaces are left as such in the irregular columnar transposition cipher. 

- The keyword specifies some order following which the message is read column - wise. 

- The column lengths have to be worked out by the recipient for deciphering the message. 

- This is done based up on division of the length of the message specified by the key length.

4. Double transposition: 

- A single columnar transposition is vulnerable to attacks since the possible lengths of the column and anagrams can be guessed. 

- Therefore, a stronger version of it i.e., the double transposition is followed. 

- This is a two-time application of the columnar transposition. 

- For both the transpositions, either the same key might be used or different keys.

- This was the most complicated cipher before the coming of the VIC cipher. 

- It offered reliable operation under difficult conditions. 

What is Traditional Cryptography?

- Cryptography is the practice that involves study and application of the techniques for making communication secure with the adversaries or the third parties. 

To be more general, it involves construction and the analyzation of the protocols for overcoming the impact of the adversaries and other aspects concerning the information security such as the following:

Ø  Data confidentiality

Ø  Data integrity

Ø  Authentication

Ø  Non – repudiation

- The modern cryptography in contrast to the traditional cryptography intersects the computer science, mathematical and the engineering disciplines. 

There are various applications of cryptography as in the following:

Ø  ATM cards

Ø  Computer passwords

Ø  Electronic commerce

- The traditional cryptography was synonymous with the process of encryption which involves converting the information which is in readable state to such a state in which it appears like utter nonsense. 

- The one who generated the encrypted message also shared the technique for decoding the message only with the desired recipients, thus the unwanted people are precluded from doing so.

- Cryptography is in use since the World War I and the methods that were used then now have become so complex and eventually its application increased. 

- Modern cryptography’s foundation is based up on the computer science and the mathematical theory. 

- The designing of the cryptographic algorithms is done around the computational hardness assumptions. 

- In practice, this makes these algorithms quite hard to break by any third party. 

- However, theoretically it is possible to break in to such a system but for doing so any known practical means are in-feasible.

- That is why, all these schemes are considered to be computationally safe and secure. 

For the following, the continuous adaptation of these methods is required:

Ø  Improvements in the algorithms for the integer factorization.

Ø  Faster computing technology.

- Also, there are schemes that are information – theoretically secure and even with unlimited computing power, these schemes cannot be broken.

- One such scheme is one time pad. 

- Also, the implementation of these schemes is also quite difficult when compared to the schemes that are computationally secure but are theoretically breakable. 

- Traditionally cryptography referred only to the encryption which involves conversion of the ordinary info in to cipher text or unintelligible text. 

- The reverse process of this is decryption. 

- The pair of algorithms that carry out these two processes is called the cipher. - Each instance of the operation of the cipher is controlled by a key which is kept secret between the communicants. 

- The purpose of this key lies in decryption of the cipher text. 

- Earlier the encryption and the decryption process were carried out directly by the ciphers without involvement of any integrity or authentication checks. 

- Before the advent of the modern cryptography, the traditional cryptography was known to be concerned only with the message confidentiality i.e., converting the message from comprehensible text in to incomprehensible text and vice versa. 

- The message was thus unreadable for the eavesdroppers and the interceptors without key. 

- For ensuring the secrecy in the communications, the encryption process was used. 

- But now the field expands far beyond the confidentiality issues.

- It now consists of techniques for authentication and message integrity checking, secure computation techniques, interactive proofs, digital signatures and so on. 

- Earlier two types of classical ciphers were used namely substitution ciphers and the transposition ciphers. 

- The former type involved replacing the letters by some other letters.

- The transposition ciphers involved rearrangement of the letters. 

- Some examples of early ciphers are caeser cipher, atbash cipher etc. 

- The early ciphers were assisted by some other physical aids and devices. 

- Eventually more complex ciphers could be developed with the development of the digital computers. 

- Any kind of data that could be represented in binary format could be encrypted.

What is link encryption method?

- Link encryption method is one of the classic methods used in the digital communications for the application of the crypto.

- Link encryption method has been designed for hiding the secrets and preventing the forgery of data. 

- It is quite a simple concept that has been discussed here and it fits for all the types of existing applications and software used in the communication.  

- Even though this method does not works well enough for most of the applications, it is the simplest of all. 

- Link encryption method is a security measure that should be used only if your security objectives match with those of the link encryption method. 

- It is commonly used in the applications where a boundary has to be maintained between the internal users and the external users. 

- With the link encryption it gets easy for the internal users to share data whereas it is just the opposite for the external users. 

- It provides transparent protection except for the separation that is maintained between the two classes of the users. 

Below we mention some security objectives that can be met with the link encryption:

Ø  Maintaining confidentiality: Our systems of course store very sensitive data. While exchanging the data with other systems, it is required that the risk of leakage involved should be as minimum as possible.

Ø  Communication with the outsiders: Obviously, we do not want to share our data with the unwanted outsiders and unauthorized sites and so we want these to be blocked. Such exchanges should be prevented from happening even by carelessness or accident.

Ø  Hiding data traffic: As much as possible we want our data and its details to be shielded from the outsiders. This data might contain information about the destination host and other info necessary for communication control. However, here it is assumed that the information will not be leaked by the insiders.

Ø  Familiarity and safety: We rank these two factors above the cost.

Ø  Protection of the data transfers: We need protection for our data against any sort of tampering or forgery by the outsiders during the transition. An assurance is important.  This objective is unconditionally met by this link encryption method.

- From security standpoint, a design is yielded by the link encryption that is highly reliable. 

- If in your organization some security parameter has been established that is strong enough, link encryption is the best technique for its maintenance. 

- A strict control is kept over the flow of physical documents through this security parameter. 

- The link encryption provides a complementary protection for the flow of the electronic documents. 

- We can have an environment with every data link that traverses the boundary having encryptors. 

- The documents will be kept within the parameter limits. 

- The data leaving the parameter will be protector by means of the encryptors. 

- Link encryption method is being used since years in banking organizations and military communications for providing secure links. 

- The link encryption uses the in-line encryptors as its building blocks.

- This hardware devices takes plain text and converts it into cipher text.

The encryptors have their own vulnerabilities as mentioned below:

Ø  Rewrite attacks: It is also known as the plain-text attack, it is used for forging the messages. Few crypto algorithms are vulnerable to these attacks.

Ø  Replay attacks: Most of us think that the encrypted data is self-validating and so by matching the encryptor with its keys a sensibly de-crypting message can be generated. Since the encrypted data is accessible to the outsiders, they can also access the message that decrypts sensibly.

Ø  Covert signaling attacks: This attack is based on the idea that there is always a way to leak info if there exists an internal process that tries to do so. 

What are the security problems faced by a network?

Making mistakes concerning the network security is very common. The same mistakes are repeated again and again. These problems cannot be solved without changing our working methods. In this article we discuss about some common security problems that are faced by a network.

ØUsing weak and non-complex passwords for accessing the network: 

- Brute forcing is an old school exploit to which many of the system network administrators are open to. 

- The very famous captcha technology has been implemented for correcting this vulnerability of the network security passwords. 

- In the common captcha, the user is required to type in the digits or the letters that are displayed on the screen in some sort of distorted image. 

- This technology has been designed to prevent the network to be accessed by unwanted internet bots.

- However, this is not as safe as it looks. 

- It just gives a false sense to the network admins for countering the brute forcing. 

- Complex password is the solution for this problem. 

- For creating a complex password, more than seven characters need to be combined with special characters and numbers. 

- Apart from the creation of the complex passwords, a password expiration system has to be implemented. 

- This system is for reminding the users for changing their passwords. 

- Also, care should be taken regarding the reuse of the passwords. 

- Cycling of the passwords should not be allowed.

Ø Using server application or software that is outdated: 

- The patches are released by the companies from time to time for ensuring that the system does not become vulnerable to the various threats. 

- Also, new exploits and threats are posed by the hackers that can harm the network if the patches are not properly used. 

- For ensuring the network administrator is kept informed of the new threats, the software or the applications have to be updated regularly.  

Ø Web cookies: 

- Even though the viruses and malware cannot be introduced in to the network through cookies, these cookies can be tracked by some third party cookies for compiling the records of the browsing histories of the individuals. 

- The cookies that are not encrypted pose a major threat because they make the system vulnerable to the cross site scripting (XSS) attacks, thus putting your privacy at risk. 

- The open cookies can provide access to the cookies with the log-in data which can be used by hackers for intruding in to your systems. 

- The solution to this problem is to use the encrypted cookies along with an encoded expiration time. 

- The admins might ask the users to re-log-in before accessing important network directories.

Ø Plain hashes: 

- Hashing is the technique used for indexing and retrieval purposes in the database. 

- In most of the encryption algorithms, the plain hashes are mostly used. 

- A type of encryption is the salt that might be added to the hashes for making the creation of a look-up table that might assist the brute force or directory attacks extremely difficult or let’s say almost impractical. 

- But this works only when large salt is used. 

- Usually a pre-computed look up table might not be used by the attacker in exploitation of the network. 

- This makes the network security system even more complex.

- So even if the attacker is able to break into your system, he won’t be able to access the information from the database. 

- The encryption key should be kept hidden.

Ø Shared web hosting: 

- This service is used by the websites that reside on one same server. 

- Each site is given its own partition. 

- This is economically feasible for most of the systems. 

- But here if the attacker breaches in to system of one website, he can get into other website’s security systems too.