This course provides a strong foundation on the fundamentals of cybersecurity, taking you through cyber risks, how to protect against them, and how cybercriminals can use their target's digital footprint to find exploits.

Learning Objectives

The objectives of this course are to provide you with and understanding of:

Security Information Event Management (SIEM) processes and architecture, SIEM features, user activity monitoring, real-time event correlation, log retention, file integrity monitoring, security auditing & automation auditing, what to audit, implementation guidelines, what to collect, Windows Event Log, UNIX Syslog, logging at an application level, audit trail analysis, approaches to data analysis
Cyber exploits, understanding malware, cross-site scripting, SQL Injection, DDOS, input validation, buffer-overflow, targeted attacks and advanced persistent threats (APT)
Uses of encryption technology, symmetric/asymmetric key encryption, public and private keys, weaknesses, decryption, hashing, digital signatures, PKI, certificates authorities, data at rest and in transit, SSL
Internet foundations, domain name system, whois (Inc. worked example), Traceroute, Internet analysis, search engines, Tools for finding information on people and companies, username searchers, email lookups, disposable emails, passwords, internet communities and culture, deep web directories and leaking websites

Intended Audience

This course is ideal for members of cybersecurity management teams, IT managers, security and systems managers, information asset owners and employees with legal compliance responsibilities. It acts as a foundation for more advanced managerial or technical qualifications.

Prerequisites

There are no specific pre-requisites to study this course, however, a basic knowledge of IT, an understanding of the general principles of information technology security, and awareness of the issues involved with security control activity would be advantageous.

Feedback

We welcome all feedback and suggestions - please contact us at support@cloudacademy.com if you are unsure about where to start or if would like help getting started.

Transcript

Welcome to this video on encryption.

In it you’ll learn about encryption, and some of the fundamental concepts that underpins it, including encryption, ciphers, certification and digital signatures.

Encryption is the process of taking plain-text and transforming it, into a cipher-text that can only be decrypted by people who are know how it was done in the first place.

Encryption isn’t really new and has been used by military commanders for thousands of years, with the Caesar cipher being one of the most famous methods. Interestingly, the Rotation 13, or ROT13 variant of the Caesar cipher is widely used in the Windows operating system to this day.

Using encryption won’t ensure the safe delivery of your messages – they can still be stolen. The advantage is that the stolen messages cannot be read unless the thief has also gained knowledge of the encryption methodology used.

Many of the communication methods that are widely in use today were first introduced when interception of electronic communications was a big concern.

As such many of these communication methods sent their information in plain text.

Applications are now more likely to have baked in capabilities for using encryption in their communications as data privacy has become a bigger issue.

Information that is moving across a network is known as data-in-transit.

Data-at-rest is information within a storage medium. Data-at-rest can be protected by controlling who can log in to a given system, and the information they can view once logged in. This can be achieved via the operating system in use on the system. However, if the hard drive is removed from that system and accessed using a different operating system, then these controls can be bypassed easily.

To truly protect data-at-rest, we must combine operating system controls, with encryption of the data.

Encryption technology can also assist us with proving the integrity of data, using a particular type of encryption such as hashing algorithms and digital certificates.

As previously mentioned, encrypting plain-text resulted in the production of a cipher-text. But what is a cipher-text?

A cipher is a secret or disguised way of writing, but in computing terms we are talking about a secret or disguised way of storing data.

You can look at ciphers in two ways.

The first of these relates to the type of secret key used to encrypt the data.

If you use a symmetrical key, then the same key will be used to both encrypt and decrypt the data.

If you use an asymmetrical key, then the data will be encrypted using one key, and decrypted using another. These keys are mathematically linked.

You can also think about the way in which plain-text will be processed.

With a stream cipher each byte of data is encrypted as it is encountered. The resultant cipher-text is then sent on as a continual stream of information.

With a block cipher, plain-text is divided into fixed length blocks and encrypted one at a time before being sent on.

This diagram shows the basics of a symmetric key encryption and decryption process.

The plain-text is encrypted using the secret key, and dispatched as cipher-text.

The recipient takes the cipher-text and uses the secret key to decrypt it back to the original plain-text.

Two different secret keys will produce two different cipher-texts for any given message.

In asymmetric encryption, there are two different keys used in the encryption and decryption of the data.

These keys are mathematically linked, but not the same.

This method of encryption is generally known as Public Key Cryptography. In this method, the two keys are known as the Public and Private keys.

As one might suspect, the Public key is made to be shared, whilst the Private key should be kept in the sole possession of the person that created the pair.

As can be seen on screen, Carol has shared her Public key with Ted, and he has used it to encrypt some data before sending it to Carol.

Carol can then use her Private key to decrypt the information, and retrieve the original plain-text data.

One of the great advantages of using Public Key Cryptography is that it facilitates sharing of encryption keys, but without giving eavesdroppers the means to decrypt the cipher-text messages.

If only one key is used to both encrypt and decrypt the data, then there must be a time when this key is sent between the correspondents. Any eavesdropper that can listen in on this exchange is then able to decrypt any future messages they intercept.

If a pair of keys is used in the encryption and decryption process, and only one of those is ever sent across the network, the eavesdropper cannot use this one key to decrypt any intercepted messages.

The very nature of Public Key Cryptography means that people can share their Public keys in whichever way they see fit, and to the whole world at large if they so desire.

As long as the Private key remains secret, communications will remain secure.

On the flip side, given that anyone can publish a Public key, how do we know that any given Public key actually belongs to the person with whom we wish to communicate?

The Public Key Infrastructure (PKI) provides the means to bind public keys to their owners and helps in the distribution of reliable public keys in large heterogeneous networks.

The primary role of the Certification Authority (CA) is to digitally sign and publish the public key bound to a given user. The user submits their public key to the CA, for signing. They will also need to submit some further proof of identity, so that the CA can verify that the public key they are going to sign does in fact belong to the person that has submitted it.

This is done using the CA's own private key, so that trust in the user key relies on one's trust in the validity of the CA's key.

The key-to-user binding is established, depending on the level of assurance the binding has, by software or under human supervision.

The term trusted third party or TTP, may also be used for a CA.

The CA creates, signs and publishes certificates, but just as importantly maintains a list of invalid or revoked certificates.

To do this, it publishes Certificate Revocation Lists to the world. People are able to download these lists, and verify whether any certificates they wish to use for secure communications are still valid.

The CA also maintain an archive that records the status of keys and certificates throughout their lifetime. This can be used to verify whether a particular certificate was valid at the time it was used, even though it has been revoked.

This diagram breaks down how a user can obtain a certificate.

They should submit appropriate credentials to the Registration Authority (RA) along with a copy of their public key.

The RA is an authority in a network that verifies user requests for a digital certificate and tells the CA to issue it.

The CA signs the public key, using their own private key. The certificate is then issued to the requestor.

One other way encryption can be used is through digital signatures.

These are usually associated with a document, message or other data source which needs to be validated and unchanged.

The process combines hashing of the data with public key cryptography.

A hash of data is created by applying a mathematical function to the data.

A hash will always create a fixed length result for this mathematical operation, and will produce a unique value for any given data stream.

There are mathematical probabilities that two arbitrary data streams could produce the same hash value, but these probabilities are minuscule.

Some hashing functions have been deemed to be cryptographically weak because data collisions can be generated using two different input data streams, but these are difficult to generate outside of quite specific conditions.

Therefore, a hash value is perceived as a good way of proving that data has not been changed.

The generated hash is encrypted using the sender’s private key. The recipient will need to decrypt by using the senders public key as the user is going to encrypt with their private key.

This method ensures that there is non-repudiation – the sender cannot claim that they did not send the message, as only they have possession of their private key. This does assume that it is actually true, and that the private key has not been stolen.

This method does not protect the confidentiality of the data – anyone that possesses the sender’s public key will be able to decrypt the cipher-text back to the original plain-text.