The Role Of Cryptography In Network Security Computer Science Essay Example

to Citrix-system (2010), "The cipher scrambles the message in a way that renders it illegible to anyone except for the sender and receiver. Only the recipient who possesses the secret code can decode the original message, thereby ensuring confidentiality."

There are three common types of cryptography:

Secret key cryptography, also known as symmetric key cryptography, involves using a shared secret code between the sender and receiver. This code, called the key, is used by the sender to encrypt messages and by the receiver to decrypt them. It relies on one key for both encryption and decryption purposes. While effective for communicating with a small group of people, it becomes impractical when dealing with a large number of individuals. Examples of secret key cryptography algorithms include data encryption standard (DES), advanced encryption standard (AES), Cast-128/256, international data encryption algorithm (IDEA), and rivest ciphers (Citrix-system, 2010).

Public key cryptography, also known as asymmetric encryption, utilizes a pair of keys – one for encrypting and the other for decrypting. These keys consist of a public key and a private key. The public key can be freely shared, while the private key must remain confidential. This approach enables secure communication without the necessity of openly exchanging keys. Public key cryptography finds frequent application in procedures like key exchange and digital signatures. Algorithms such as RSA, digital signature algorithm, and public-key cryptography standard are commonly employed.

Hash functions, also known as message digests and one-way encryption, utilize a mathematical transformation to securely encrypt information. They generate a digital fingerprint of file contents and are commonly used by operating systems to encrypt passwords and ensure file integrity. Commonly employed hash functions include message digest, secure

hash algorithm, and RIPEMD (Kessler, G,2010).

Network security is one of the top concerns for IS professionals in organizations due to a combination of various factors. The decentralization of business operations and the increase in computer network correspondence have become the primary drivers for this concern. The security of organization networks is continuously at risk, and it is impossible to predict when accidents or security breaches will occur. Choosing a network security solution that heavily relies on cryptography technology is a crucial decision. The following outlines the five fundamental uses of cryptography in network security solutions:

Confidentiality is achieved through cryptography, which involves altering or concealing a message. This technique safeguards confidential data from being accessed or utilized by unauthorized individuals. To ensure data protection, cryptographic key techniques are employed.

Access control is in place to ensure that only users who have been authorized, by using a login and password, can access and protect confidential information. Access is provided to individuals who possess the correct cryptographic keys (Mitchell, M, 1995).

Integrity - Cryptographic tools enable the recipient to verify the integrity of a message, ensuring that it has undergone transformation and cannot be altered. These tools effectively identify both intentional and unintentional changes made to the message.

The process of authentication involves confirming the identity of the message sender by using the control key. This control key enables encryption of the message, guaranteeing its integrity. Cryptographic functions like hash functions, digital signatures, and message authentication codes are used to ensure that the message remains unchanged.

The act of encrypting data on the network security is considered the most effective method for reducing data loss or theft. Encryption is implemented at the

network transfer layer, which sits on top of the data link level and beneath the application level in the process of network security. This type of encryption is often referred to as network layer or network level encryption. The network transfer layers, known as layers 2 and 4 in the open systems interconnections (OSI) reference model, are responsible for connectivity and routing between two endpoints. Network encryption operates independently of any other encryption processes and is transparent to the end user. It utilizes existing network services and application software. Data is encrypted solely during transmission and remains unencrypted on both the originating and receiving hosts.

Internet protocol security is utilized to ensure network security by implementing encryption. This encryption is achieved through a set of open internet engineering task force (IETF) standards, which work together to establish a secure communication structure over IP networks. The encrypted packets used in internet protocol security are indistinguishable from unencrypted packets, allowing them to easily pass through any IP network. Companies like Cisco and Oracle offer various network encryption products and services. (Search security, 2010)

The link provided in the HTML tag is the image at http://www.cipheroptics.com/images/network-encryption-big.jpg.

Figure 1: Network Encrypted

The protection and availability of information are crucial for business success. Encryption, an essential technology in network system security, effectively safeguards data and information. Encryption keys, specifically the public and private keys, play a significant role in securing information and networks within the cryptographic system.

Public key encryption, invented in 1976, is a cipher architecture that utilizes two key pairs for both encryption and decryption. This method enables the encryption of messages using a public key and their subsequent decryption using the corresponding

private key. Public key encryption offers high security by eliminating the requirement for a shared secret key between sender and receiver. It proves particularly valuable in safeguarding email privacy, especially when emails are stored on mail servers over extended periods. Programs like PGP additionally offer digital message signing capabilities.

The private key, also referred to as the secret key and encryption/decryption key, allows for the exchange of confidential messages. Both parties use it to encrypt and decrypt messages while collaborating with the public key.

The password is crucial for system and network login. It is essential for organizations to restrict network access to authorized users only. Each user should possess unique login credentials, which enhances security. The following measures ensure password safety in the network system:

It is essential for every user to have a long password because a short password can easily be compromised. Analyzing the permutation based on the password length is crucial in determining its security.

Employees should change their password regularly to enhance network security and minimize the risk of unauthorized access.

It is unwise for the administrator to assume that employees will use separate passwords for network system safety and security. It is not advisable to utilize identical passwords for multiple accounts.

In line with Storts' (2010) findings, the demand for employees to regularly update their passwords has increased. This is a direct result of the rising trend of accessing work accounts from remote locations, necessitating a greater emphasis on educating users about the significance of frequent password changes.

A symmetric encryption system utilizes a single secret key for both encrypting and decrypting information, as well as transforming between two keys. The secret key plays a crucial

role in the transformation process as it enables the encryption and decryption of data traffic. Symmetric encryption systems can be classified into two types:

Stream ciphers are faster and more efficient because they process bits of information individually, operating on one bit at a time. However, this also means they have a security vulnerability as specific attacks can potentially expose the encrypted data.

Block ciphers are encryption methods that divide information into blocks. Each block is encrypted individually, and the data within each block is typically a fixed size, commonly 64 bits. Block ciphers are commonly used in triple DES and AES. (Encryptionanddecryption, 2010)

The text highlights various symmetric encryption algorithms such as DES, 3DES, AES, and RC4. Among these, 3DES and AES are commonly utilized in IP sec and other VPNs, while RC4 is predominantly used for encryption in wireless networks by WEP and WPA. It is mentioned that symmetric encryption algorithms offer high speed and are easily implementable in hardware due to their low complexity. However, a prerequisite for successful encryption is that all participating hosts must have been configured with the secret key through external means (Stretch, J, 2010).

Symmetric encryption vulnerabilities involve:

To crack a symmetric encryption system using brute force and cryptanalysis;

Figure-2 depicts a system designed for symmetric encryption.

Symmetric encryption systems can have compromised security due to weak passwords.

Remember your password at all times or make a backup copy of it for safekeeping.

Exchange secret keys securely and ensure proper storage (Encryptionanddecryption, 2010)

To leak and spy on passwords.

The file "symmetric_encryption.png" is displayed in a paragraph tag.

Within a network, a key pair creation for an asymmetric encryption system typically involves six primary components. These include a public

encryption key that is available to everyone for message encryption and a private decryption key that only the intended recipient can use to decipher the message.

The term "plaintext" refers to the text message used in an algorithm.

The plaintext is substituted and transformed through mathematical operations by the encryption algorithm.

Public and Private keys are a pair of keys with distinct functions - one for encryption and the other for decryption.

The ciphertext is generated by encrypting a plaintext message using an algorithm and a key.

Encryptionanddecryption (2010) states that the decryption algorithm is in charge of creating ciphertext and then comparing it with the key to generate plaintext.

The RSA encryption method is the preferred choice for asymmetric encryption. Despite being slower compared to symmetric encryption, RSA can establish a secure connection over an insecure medium like the internet according to Stretch (2010). This is achieved by exchanging public keys for encrypting data while keeping the private key confidential and using it for decryption.

The vulnerabilities of asymmetric encryption are as follows:

Figure-3 illustrates a system of asymmetrical encryption where the public key is openly distributable.

The task requires a substantial amount of computing power.

The processing speed is very slow;

It is easy to steal weak passwords.

Breaking this system is possible due to weak encryption.

The digital signature crashed.

There was a security breach during the key exchange.

The internet plays a vital role in numerous daily tasks, including online searching, browsing, communication with customers and colleagues, and email. However, it is essential to prioritize web security to safeguard against identity theft. Web security encompasses concerns like spam, viruses, security breaches, and theft. These issues stem from networks of compromised computers and servers that

unknowingly distribute spam messages. Additionally, competitors may gather and sell email accounts and passwords.

According to a security expert, experts tend to offer convenient solutions without mentioning the associated security risks. An example of this is using PHP solutions that require making a file globally writable for data storage. Although this approach is straightforward, it also enables spammers to write to the file. Hence, if a solution appears too good to be true, it probably has undisclosed vulnerabilities (Heilmann, 2010).

Web security involves various risks and attacks, such as the identification of a computer's IP address. An important security risk is the utilization of a static IP address. Sharing networks and staff members who are unaware of network setting vulnerabilities also contribute to further weaknesses. Additional threats encompass SQL injection attacks, browser and website exploits, remote file inclusion (RFI), and phishing attempts (Heilmann, 2010).

The list below outlines various web security tools and technologies:

The Spike Proxy is a web application security testing tool.

It is a tool for identifying application level vulnerabilities in web applications, specifically targeting SQL injection and cross-site scripting.

Power fuzzer

It can spider websites and detect common web vulnerabilities such as XSS and SQL injection. It also supports HTTPS. The program is written in Python.

Sec point penetrator

Network security tools are used to perform penetration testing either as an appliance or through a web-based service. These tools can conduct vulnerability scans, penetration tests, and have the capability to change the IP address for scanning and reporting purposes.

Net sparker

Users can utilize the identified vulnerabilities to observe the actual consequences of the issue. It is capable of handling websites that depend on AJAX and JavaScript without generating false

positives.

OWASP

Various techniques are utilized in this process, including conditional error injection, blind injection that is based on integers and strings/statements, MS-SQL verbose error messages to identify database version and gather information.

Gama Sec

Automated online website vulnerability assessment is a tool that conducts tests on web servers, web-based applications, and web-interfaced systems. It supports HTTP authentication schemes, HTTP protocol, BASIC, etc.

NIkto Scanner

An open-source web server scanner is available to conduct comprehensive tests on various aspects of web servers, including dangerous files, CGIs, and server-related issues.

Perimeter check

According to Hower (2010), it is crucial to analyze external network devices like servers, websites, firewalls, routers, and security vulnerabilities as they can result in interrupted service, data theft, system destruction, and the need for immediate security problem resolution.

Vulnerability is defined as any event that compromises the security of an organization and its network, impeding its ability to effectively operate at the necessary level of confidentiality and defend against system flaws and misconfigurations.

Below are some of the common vulnerabilities found in wireless networks:

Wireless access points are not limited by physical boundaries, as they can lose signals when there are obstacles such as doors, walls, floors, and insulation.

Lane (2005) states that the establishment of unauthorized networks and workstations can be attributed to untrained users who either lack knowledge about security measures or prioritize their desire for wireless over organizational rules.

Rogue access points refer to an attack wherein an unauthorized access point is connected to the network.

In all organizations, a common issue is the lack of monitoring. However, intrusion detection tools have the ability to continuously monitor and ensure the security of the network system.

MAC address filtering is a technique that assigns a unique

number to wireless LANs, allowing access points to connect to a network. However, this method may undermine security as users can alter their MAC address, potentially resulting in identity theft.

Insufficient security levels of weak encryption standards not only discourage users from enabling them but also pose a vulnerability risk to wireless LANs.

Wireless usage increases the vulnerability to unauthorized network access and eavesdropping on network traffic. Hackers can exploit WEP encryption by attempting to decrypt the encrypted data.

Network vulnerabilities enable hackers to bypass firewalls and gain unauthorized entry into wireless LANs. This, in turn, permits others to do the same, potentially leading to loss or compromise of confidential data on the network.

A denial-of-service attack happens when external factors intentionally disrupt a network, making it unproductive and forcefully disconnecting users. These attacks can disrupt an organization's operation in multiple ways, like jamming a radio network, overwhelming the network with malicious connections, or sending fake de-authentication frames (Lane, H, 2005).

The issue of mis-matched software and hardware is a problem that arises for network infrastructure, making it vulnerable to a wide range of attacks. Sometimes the function works properly but is awfully mis-configured.

Service Set ID (SSID) is a configurable identification mechanism that allows a client to communicate with the correct base-station. It is important to configure the SSID properly to prevent attackers from exploiting it and attempting to access the base station, change the SSID password, or alter the 802.11 security settings for authentication. (Spam-laws, 2009)

Wi-Fi networks, or 802.11 networks, are increasingly popular for offering cable-free connections between computers. This convenience enables effortless internet browsing, data transfer, printing, emailing, and downloading. However, it also poses a risk

of hackers breaching these networks. To ensure the security of wireless network systems, organizations should follow the following guidelines:

Encrypting the wireless network can enhance security and limit access to authorized individuals. It obscures data, allowing only those with the correct password or encryption key to gain entry. Moreover, restricting network access during regular office hours adds an extra layer of protection. Different encryption methods such as WEP, WPA, and WPA2 offer security measures for safeguarding the wireless network.

When setting up a wireless network, it is crucial to select a robust password. During my investigation, I came across several fundamental recommendations for achieving this objective.

To maintain a strong level of security and avoid easy guessing, it is recommended that the password be a minimum of 20 characters long.

Use a mix of lowercase and uppercase letters;

Integrate numbers with letters, incorporate numerical values into alphabetical characters, include numeric figures within the text of alphabets, and place digits in the midst of letters;

It is advised to update the password every three months.

It is essential to remember and securely store your password in case you forget it.

Bryan, S. (2010) emphasizes the importance of utilizing a firewall to maintain front security and safeguard the network, computers, and data against unauthorized access.

Hide the presentation of the network name (SSID).

Change the default SSID and refrain from using the organization's name for identification.

Restricting network access can be achieved through MAC filtering, which permits only specific network cards with distinct MAC addresses to connect to the access points.

Utilize the built-in encryption feature to enable protection against eavesdropping.

One unauthorized access point can easily undermine the progress made by other access points, preventing network administrators from setting

up a fast and inefficient wireless network, even temporarily.

According to Microsoft (2010), it is essential to ensure that all security measures are implemented in order to provide protection against intruders.

The wireless network should be shut down if it is not being used.

Ensure the security of your confidential files and data by storing them in a secure location.

In essence, organizations must make the security of their wireless network systems a top priority. They need to implement various network security strategies to prevent unauthorized access, modification, or damage to network resources. It is also important for them to utilize cryptography tools and web security tools to effectively protect sensitive data, information, and IT assets.

Below are some crucial factors that you should take into account:

Improvements have been implemented in both education and security measures.

To guarantee that employees are promptly informed and trained on wireless networks;

Consistently updating the security of your wireless network is crucial.

Ensure the security of your wireless access point by using a robust password.

When it is necessary to implement the WEP authentication method;

Ensure that all users have a correct key or password set up on their system;

Ensure that all services provided to users are safeguarded with end-to-end encryption.

SSID and MAC address filtering can be used to configure wireless APs.