As many people and devices are connecting to the internet and we are all sharing data, privacy is a major concern for all. Imagine sending a confidential file to a friend across the internet, but you're concerned about whether a threat actor is intercepting your communication and viewing your messages. To keep your data secure, cryptography is used to ensure that only an authorized person has access to the data. With cryptography, we can encrypt our messages to keep them private from unauthorized parties such as threat actors. Even if a threat actor is able to capture our encrypted data, the attacker will not be able to view the contents of the encrypted message.
Throughout this chapter, you will learn about various encryption standards and algorithms, and how they are used to provide data confidentiality on a network. Additionally, you will discover the techniques that threat actors use to retrieve the secret key and break the encryption. Furthermore, you will learn about various hashing techniques that are used to provide data integrity checking. Then, you will explore both symmetric and asymmetric algorithms and Public Key Infrastructure (PKI).
In this chapter, we will cover the following topics:
To follow along with the exercises in this chapter, please ensure that you have met the following hardware and software requirements:
Link for Code in Action video https://bit.ly/3vkFYTX
In the world of information security, data privacy is a very hot topic. Everyone is concerned about how their data is being used, and what security controls are in place to protect their data on systems and networks. In the computing world, cryptography is implemented to help keep our data safe from unauthorized persons.
What is cryptography? This is the technique of taking something that is readable by everyone, such as data, and encoding it using a mathematical algorithm that makes it difficult for others to understand it, except those who are authorized. Cryptography has been used for many years by various military organizations to secure their communication with others. Today, in the digital age, we use cryptography for the same purpose of securing our communication between a source and a destination host.
To get a better understanding, imagine you create a document on your computer, which we will call data. If anyone gets access to the document, they will be able to read the contents and there is no level of privacy on the document. To protect the data, the process of encryption can be applied to convert the data into a format that is only readable by you and those who are authorized. This means that if a threat actor acquires the encrypted file, the hacker will not be able to read the actual contents of the file but will see a scrambled message.
Any data (message) that is not encrypted is known as plaintext. If anyone gets access to the plaintext, they will be able to read the contents as there is no privacy in a plaintext message. To encrypt the message, the plaintext is sent through a special algorithm that converts the plaintext message into an unreadable format; this algorithm is referred to as a cipher. The cipher also uses a key to perform the encryption process to convert the message into ciphertext. The ciphertext is the encrypted format of the plaintext and is unreadable by anyone except those who are authorized to access it.
A key is used during the encryption process as it adds an additional layer of security to the ciphertext. Without the key, an attacker will not be able to perform cryptanalysis, which is the technique used to reverse, crack, or break data encryption.
The following diagram shows the process of cryptography:
As you can imagine, data encryption and cryptography play an important role in today's world. We use cryptography to protect data at rest and data in motion (transit). If you recall, in Chapter 3, Discovering Security Concepts, we mentioned that data at rest is simply the terminology used to describe data that is residing on storage media without being accessed by an application or a user, while data in motion is simply data that is traveling from a source to a destination, such as along a network. There are many encryption technologies, such as Microsoft's BitLocker, Apple's FileVault, and Linux Unified Key Setup (LUKS), which are baked into their native operating systems. These native encryption technologies allow the user to create a logical encrypted storage container on their operating system. Users are able to place files in the container and encrypt them by locking the container. This technique allows users to protect their data at rest from any threat actors who may compromise the victim's computer.
There are many secure and unsecure network protocols that transport your data along a network. Unsecure network protocols do not encrypt your data and transport it in plaintext. If a threat actor is able to intercept and capture the network packets, the attacker will be able to see all your plaintext messages as is.
The following snippet shows a packet capture containing Telnet traffic inside Wireshark:
Imagine if you were a threat actor; you could also use a tool such as Wireshark to reassemble all the packets shown in the preceding screenshot between the source and destination hosts. This will allow you to see the entire network conversation between the source (192.168.0.2) and the destination (192.168.0.1), as follows:
As shown in the preceding screenshot, we can see the play-by-play conversation between the client and the Telnet server. The content that is written in red is what is sent from the client to the server, while the content that is in blue is what is sent from the server back to the client. Wireshark has a feature to follow a stream of packets and present the information as a conversion to us in a human-readable format. In the screenshot, notice how we are able to see the logon name and password as the user enters it on their terminal interface and it is then sent across the network using Telnet.
Many have thought that cryptography is used to provide data encryption in the computing world. While this statement is true, cryptography has additional key benefits to data security, such as the following:
Confidentiality is defined as keeping something, such as an object or data, private from unauthorized persons. In the computing world, this can be achieved by using data encryption algorithms, simply by encrypting a plaintext message using a cipher and a key. If an unauthorized person or a threat actor acquires the encrypted data (ciphertext), without the key, the attacker is not able to decipher the encrypted message.
Confidentiality allows us to send secure messages (data) between a source and destination without the need to be concerned about whether someone is intercepting and capturing our username and passwords as they are passed along the network. Data encryption allows us to protect our data from various types of attacks, such as man in the middle (MiTM), as covered in Chapter 5, Identifying Attack Methods. Once the data is encrypted, the threat actor will not be able to view the contents of the actual data.
Important note
Data encryption affects a security investigation greatly. If a threat actor encrypts the malicious payload and sends it across a network, security appliances may not have the capabilities to decipher the encrypted message to inspect the contents. Data encryption is a technique used by threat actors to bypass detection.
Integrity plays a vital role in the field of information security. It helps us to determine whether data is modified or not as it leaves a source to a destination. In the digital age, users are always sending some type of message between one device and another; even the operating system on host devices is always exchanging information on the network. Imagine sending a message to a friend over a messaging app on your smartphone. How does your friend know that the message was not altered by an unauthorized person during the transmission process? This is a major concern and fortunately, there is a technique known as hashing that allows a device to check the integrity of an incoming message (data) from a source.
Authentication is the process of proving your identity to a system. Without authentication, anyone will be able to access the device and perform any actions without any accountability. In cryptography, authentication is used to help us verify and validate the source or the sender of a message, which is referred to as origin authentication. A message can be digitally signed using a digital certificate owned by the sender. When the destination receives the message, the receiver can use the information found within the source's digital certificate to verify the authenticity of the message; in other words, to determine whether the message actually originated from the sender and not a threat actor.
Non-repudiation is used to prevent a user from denying that they have done an action. A typical example would be as follows: imagine, during your lunchtime, that you visit a local coffee shop for a beverage. At the cash desk, you place your order, make a payment, and receive a bill with the items you ordered. All the information about the transaction you have just completed is printed on the receipt (bill), such as the time and date, the quantity and type of items, the cashier's name, and the branch location. This information is also recorded on the database of the coffee shop as well, so you cannot deny visiting and conducting those transactions at the shop.
Having completed this section, you have learned about the key elements within cryptography. Not only does it provide data encryption, but it also assists with data integrity, verifying the origin of a message, and providing non-repudiation of data. In the next section, you will learn about the characteristics of various types of ciphers.
In this section, we will discuss the characteristics of various types of ciphers that are used within data encryption algorithms.
In each type of encryption algorithm (cipher), a secret key is used to ensure the message remains private. In a substitution cipher, the secret key is the shifting of a letter from the original message. This means the number of letters within the plaintext message does not change after it is passed through the cipher and becomes ciphertext.
To better understand how a substitution cipher works, let's take a look at a very well-known cipher, the Caesar cipher, which has been around for quite some time, and its encryption techniques are simply shifting the letter of the alphabet. As an example, let's take a sentence such as the quick brown fox jumps over the lazy dog as the plaintext message. Let's use ROT13 as the key, which is to rotate the letters of the alphabet by 13, such as A = N, B = O, and C = P.
We will get the following output as the ciphertext:
gur dhvpx oebja sbk whzcf bire gur ynml qbt
Therefore, if a threat actor is able to capture the ciphertext as it transverses a network, without knowing the secret key, the message is kept safe.
Another type of cipher is the transposition cipher. This cipher does not shift any letters of a message; it simply rearranges the letters within each word. One type of transposition cipher is known as columnar transposition. This cipher keeps the same letters of each word in place but creates a column of a fixed size. If we use the sentence the quick brown fox jumps over the lazy dog and a column size of 6, we will get the following ciphertext:
thequi
ckbrow
nfoxju
mpsove
rthela
zydogz
Another variation of the transposition cipher is the rail fence cipher. This cipher writes the output in a zig-zag format; for example, the result is written diagonally, starting from left to right. Using our example sentence, thequickbrownfoxjumpsoverthelazydog (without spaces), once more as our plaintext, and the key as three rails, we will get the following output in the rail fence layout:
As shown in the preceding snippet, notice how the words are written diagonally. To create the ciphertext, the message is read from the top row to the last row. This will create the following ciphertext:
tubnjsrldhqikrwfxupoeteayoecoomvhzg
Once again, if a threat actor were to intercept and capture the ciphertext, the message is kept safe as long as the attacker does not know the secret key.
Having completed this section, you are now able to compare and contrast both substitution and transposition ciphers in the topic of cryptography. In the next section, you will learn about the methods that threat actors use to decipher encrypted data.
As mentioned earlier in this chapter, threat actors such as hackers use cryptanalysis to break an encryption cipher and retrieve the plaintext data. While this technique is often associated with the bad guys, such as hackers, many government agencies decipher encrypted data for the purpose of monitoring for any potential threats. Even security appliances such as next-generation firewalls have the ability to decipher an encrypted packet, inspect the contents for any potential malware, and re-package the message before forwarding it to the destination.
The following are various methods that are used during cryptanalysis:
Having completed this section, you have gained the essential knowledge to identify various cryptanalysis methods that a threat actor uses to decipher encrypted data. In the next section, you will discover the process of using hashes to validate data integrity.
Ensuring data is not altered (modified) during transmission is very important, and to help us determine whether the integrity of a message is maintained, we can use hashing algorithms. Hashing algorithms are designed to take an input, such as a string of text or a file, and then use a one-way function to create a digest. The digest is a hash representation of the input and it cannot be reversed. Each unique file or message will generate a unique hash value (digest). This means that if the data is changed in any way, the hash value will be uniquely different.
The following diagram shows the one-way hashing process:
How does this process work between devices? Imagine a sender, Host A, wants to send a message to a destination device, Host B. Rather than Host A sending the message as is, Host A will create a digest of the message. Once the digest has the message created, Host A will send both the message and the digest to Host B. The following diagram shows Host A is sending a message with the digest to Host B:
When Host B receives the message from the source, it will also create a digest of the message and compare it with the digest it received from Host A. If both hash values (digests) are the same, this means the message was not altered during transmission. However, if the digest values are different, it means somewhere along the way, the message was modified and therefore the content of the message is not the same.
Will two different files ever produce the same hash value? While hashing algorithms are designed to produce a unique digest for each unique file, in the past, two different files have been known to produce the same hash value. This is known as a hash collision. Once a hash collision has occurred, this means the hashing algorithm used during the process is vulnerable and should not be trusted. However, some of the most popular hashing algorithms that are currently in use today have been susceptible to a hash collision.
Message Digest 5 (MD5) is a hashing algorithm that creates a 128-bit digest. The MD5 algorithm has been implemented on many systems over the years and worked well until a hash collision occurred. This made MD5 a vulnerable hashing algorithm and it is no longer recommended within the industry.
The following diagram represents the MD5 hashing process:
As shown in the preceding diagram, a message is sent to the MD5 algorithm, which is then converted into a 128-bit digest. While MD5 is still being used on many systems, it's recommended to use a more secure function, such as Secure Hashing Algorithm 2 (SHA-2).
Another well-known hashing function is Secure Hashing Algorithm 1 (SHA-1). This hashing algorithm was created back in the 1990s by the National Institute of Standards and Technology (NIST). NIST designed this algorithm with similar functionalities as MD5. One of the major benefits of using SHA-1 for checking integrity is that it creates a 160-bit digest of any message or file.
The following diagram shows a representation of the SHA-1 function:
While SHA-1 seems to be better than MD5 for producing a larger digest, it performs slower than MD5 and contains vulnerabilities within the algorithm itself. However, a newer version was developed by NIST, and this is known as SHA-2.
SHA-2 allows the creation of digest using large bit sizes, such as the following SHA-2 variations:
Keep in mind that even when you know hashing has been used to validate the integrity of a message, it is still vulnerable to an MiTM attack. Imagine a source is sending a message with the hash value; a threat actor can intercept the message, modify the contents, and recalculate the new hash before sending it to the destination. To help a receiver validate the origin's authenticity, we need to apply Hash Message Authentication Code (HMAC) to our hashing process.
To add origin authentication during a hashing process, HMAC is added. HMAC is a secret key that combines the input message with the hashing algorithm, such as MD5 or SHA-1, to create a unique digest.
The following diagram shows a representation of using HMAC with a hashing function:
Since this secret key (HMAC) is only shared between the sender and the intended receiver, the output digest value will simply depend on the actual input message (data) and the secret key used to apply an additional layer of security for origin authentication. Since the source and destination would be the only parties who know the secret key (the HMAC value), an MiTM attack will not be successful in terms of tampering with the integrity of any messages that transverse the network.
The following screenshot shows a secret key (HMAC) applied to a string of text:
As shown in the preceding screenshot, the string of text (message) was combined with a secret key and processed using both the MD5 and the SHA-1 hashing algorithm to produce a unique digest.
As an up-and-coming security professional, it's important that you understand how to calculate the hashes of data to determine whether the data was modified during transmission. In this lab, you will learn how to use a hashing calculator to generate hashes of a file.
To complete this exercise, please observe the following instructions:
HashCalc allows you to calculate the hashes of a file, text string, or hex string using a number of different hashing algorithms.
Let's take note of both the MD5 and SHA-1 hashes for the file:
MD5 = cb08ca4a7bb5f9683c19133a84872ca7
SHA-1 = fb2f85c88567f3c8ce9b799c7c54642d0c7b41f6
After inserting the period (.), save the file as a new file with the name MyTestFile2.txt.
After making a simple modification to the file by inserting a period (.), we get entirely new hashes:
MD5 = 338b677dbcd742dcdb764591385ad7f4
SHA-1 = bba32246acb921b3ef3653c05cd25358af3d1fc9
Since the hash values from MyTestFile1 do not match the values of MyTestFile2, this is a clear indication that the contents within both files are not the same.
Having completed this lab, you have learned how to use a hashing calculator application to calculate the hashes of files and make a comparison to determine whether the data was modified.
There are two types of encryption algorithms that are used to encrypt data. These are symmetric and asymmetric algorithms. In this section, we will take a deep dive into exploring the functions and operations of symmetric encryption algorithms.
To encrypt a plaintext message, both a cipher and a key are required. In symmetric encryption, a key is used to encrypt the plaintext message into ciphertext and the same key is used to decrypt the ciphertext back to plaintext.
While symmetric encryption algorithms are commonly used in many systems, the major downside is that if the secret key is lost or stolen, the ciphertext is susceptible to compromise. If an attacker is able to retrieve the key, the threat actor will be able to decipher the message and view the contents. Therefore, it's extremely important that the key is kept safe at all times.
Symmetric algorithms use key lengths that range from 40 bits to 256 bits. These key lengths are a lot shorter than those that are used in asymmetric algorithms. However, symmetric algorithms are able to provide a better performance, as in faster data encryption, compared to asymmetric algorithms.
To get a better understanding of how symmetric algorithms work, let's imagine that there are two users, Alice and Bob, who want to apply confidentiality to the messages exchanged between them. Both users know of the Pre-Shared Key (PSK) or the secret key prior to exchanging their messages.
The following diagram shows that Alice is using the secret key to encrypt the plaintext message before sending it over to Bob:
Once the message is encrypted, Alice will send it across to Bob, who will use the same PSK or secret key to decrypt the message and retrieve the original plaintext message, as follows:
The same process is repeated whenever Bob wants to send a message back to Alice. The same key that is used to encrypt the data is used to decrypt the message.
Symmetric algorithms can encrypt data using either a block cipher or a stream cipher. A block cipher takes a fixed-length block of the plaintext message and performs the encryption process; these blocks are usually 64-bit or 128-bit blocks.
The following diagram shows a representation of a block cipher:
However, a stream cipher will encrypt either one bit or one byte at a time. Rather than encrypting an entire block of plaintext, imagine with a stream cipher the block size is reduced to one bit or one byte.
The following diagram shows a representation of a stream cipher:
Stream ciphers are considered to perform data encryption faster than block ciphers because they are continuously encrypting data one bit or one byte at a time.
The following is a list of symmetric algorithms and their characteristics:
Having completed this section, you have learned about various symmetric encryption algorithms. In the next section, we will cover the fundamentals of asymmetric encryption and its algorithms.
Asymmetric algorithms perform data encryption by using two different keys in the form of a key pair. This means that one key is used to encrypt the data while another is used to decrypt the message. If either key is lost or stolen, the message is not compromised.
The following diagram shows a user, Alice, using a key to encrypt the plaintext message:
When the destination host, Bob, receives the message from the sender, Bob will use a different key to decipher the message, as shown in the following diagram:
Asymmetric algorithms use a key pair known as a public and private key. The public key is given to anyone who wants to communicate with you, hence the name public key. The private key is kept by you. Only users of the key pair are able to encrypt and decrypt data; no other keys can be used to decipher a message that is encrypted with your private key.
Important note
Asymmetric encryption uses a key size from 512 bits to 4,096 bits. However, a key size that is 1,024 bits or greater is recommended.
To get a better understanding of these public and private keys, let's imagine there are two users, Bob and Alice, who want to encrypt data between themselves by using asymmetric encryption. To get started, let's assume Alice wants to send a message to Bob. This requires Bob to create a public and private key pair and share the public key with Alice, as follows:
The private key is kept with Bob and Alice receives Bob's public key. Alice will use Bob's public key to encrypt any message that she wants to send over to Bob. When Bob receives the message, he will use his private key to decrypt the message and read the contents.
The following diagram shows Alice sending an encrypted message to Bob:
As shown in the preceding diagram, Alice used Bob's public key to encrypt the message. If a threat actor intercepted the ciphertext during transit, the message is kept secure since the threat actor does not have Bob's private key.
Important note
The following are some network protocols that use asymmetric algorithms: SSH, Secure Sockets Layer (SSL), Internet Key Exchange (IKE), and Pretty Good Privacy (PGP).
The following is a list of asymmetric algorithms and their functions:
Having completed this section, you have learned about the characteristics and components that are used in asymmetric encryption algorithms. In the next section, we'll take a deeper dive into learning about PKI and how asymmetric encryption provides confidentiality and integrity over an unsecure network.
Public Key Infrastructure (PKI) is a set or collection of various technologies that are used to provide origin authentication, data integrity, and confidentiality to a user on a network. PKI takes advantage of asymmetric encryption and uses the public and private key pairs for data encryption.
In PKI, the public key is usually associated with a digital signature to add trust and validate details about the owner of the certificate. The following is the key life cycle in PKI:
Every day we commonly visit various websites such as social media, video streaming, news, sports, blogs, and other platforms. However, have you ever wondered about verifying the identity of the websites you are visiting? You're probably thinking, it's on the internet and we should not trust anything. While this is true, we still need to trust a limited number of websites, such as if you do online banking, you need to trust your bank's website. The main question is, how can we validate the identity of the websites we are visiting? This is where both PKI and digital certificates help to establish trust between a host on the internet and our computer.
PKI plays a vital role on the internet as many users and devices require a method to establish trust on the most untrusted network in the world – the internet. Understanding the components that help PKI to provide the assurance that both users and devices need is essential for any cybersecurity professional.
You can think of PKI as a set of procedures, rules, hardware and software, and people that all work together to manage digital certificates. A digital certificate is like an official form of identification for an object that is validated by a trusted party. These digital certificates are issued by a trusted party on a network or the internet; they are known as a Certificate Authority (CA).
Within each country, there is a government agency that is usually responsible for validating the identity of its citizens and issuing a national form of identification, such as a national ID card. These national ID cards will contain important information about the cardholder and a validity period, such as an expiration date. On a network and on the internet, the CA has a similar role and function. There are many vendors on the internet that are trusted CAs that allow you to purchase a digital certificate for your personal use. Examples of trusted CAs include GoDaddy, DigiCert, Let's Encrypt, Comodo, Cloudflare, and many more.
Important note
A digital certificate is created when a key and a digital signature are combined. The certificate will contain details about the certificate owner, such as the organization.
A CA will only issue a digital certificate to an entity after its identity has been verified. After the CA creates the digital certificate, it is stored in a certificate database, which is used to securely store all approved digital certificates by a CA.
Important note
Whenever a digital certificate has expired, it returns to the CA, which is then placed in a Certificate Revocation List (CRL), which is maintained by the CA.
A digital certificate is formatted using the X.509 standard, which contains the following details:
The following snippet is the digital certificate that is used to validate Cisco's website:
As shown in the preceding screenshot, you see the CA is HydrantID SSH ICA G2, which issues the certificate to www.cisco.com for the validity period of September 20, 2019, to September 20, 2021.
As shown in the following screenshot, the digital certificate contains additional information that is stored using the X.509 standard:
Next, let's take a look at understanding how a digital signature is created and its role within PKI.
When performing some type of business transaction, a signature is required on the documents to ensure that the transaction is authorized by the person concerned. The same concept is required on a network such that a digital signature is sent along with a message to the destination host. The destination host can then use the digital signature to validate the authenticity of the message.
When using PKI, the following algorithms are used to create and verify digital signatures:
To create a digital signature, the following process occurs between Alice (sender) and Bob (receiver):
The digital signature is used as proof that Alice has signed the message.
To get a better idea of how digital signatures are used in a real-world scenario, let's imagine there are two users on a network; Alice wants to send Bob a message. Alice can use a digital signature with the message to provide the reassurance to Bob that the message originated from Alice. These are the steps that Alice will use to provide authenticity, integrity, and non-repudiation:
Digital signatures are not only used to verify the authenticity of messages; they are also used in the following cases:
The following screenshot shows an example of an application containing a digital certificate:
The following screenshot provides further validation of the digital signature of the signer:
Having completed this section, you have learned about the essential components of PKI. In the next section, we'll take a deeper dive into discovering the PKI trust system.
So far, we have learned that an entity can obtain a digital certificate from a trusted CA on the internet. However, within many large organizations, you'll commonly find a root CA and many intermediate CAs. The root CA is responsible for creating the primary digital certificate, which is then delegated to each subordinate CA or intermediate CA. The intermediate CA will use the root's digital certificate to create new digital certificates for end devices such as internal servers.
The following diagram shows the root and intermediate CA hierarchy:
Using this type of hierarchical structure takes away the load from the root CA to manage all the digital certificates within the organization. Some of these responsibilities are delegated to the intermediate CA servers on the network. Imagine at your headquarters that you deployed the root CA and, at each remote branch office, you also deployed an intermediate CA at each location. Therefore, each intermediate CA is responsible for handling the certificate management of their own domain or branch location. This also reduces the risks of the root CA being compromised by a threat actor, such that if an intermediate CA is compromised, the root CA can be taken offline from the network without affecting any other end devices or intermediate CAs.
In small networks, a single root CA can be deployed to provide digital certificates to each end device, as shown in the following diagram:
As shown in the preceding diagram, a single CA is easy to manage. However, as the network grows, having a single CA on the network will not allow easy scalability, hence the need to use a hierarchical design with a root CA and intermediate (subordinate) CAs.
In this lab exercise, we will take a look at the information that is exchanged between a client machine with an IP address of 10.1.1.2 and a server with an IP address of 65.54.179.198. The server is configured with a digital certificate, which allows a client to validate the identity of the server. Additionally, the digital certificate is used to provide an encrypted connection between the client and server. We will observe the details found within the packets that are sent between the server and the client.
The following diagram is a visual representation of the network containing the client and server:
To complete this lab, please observe the following instructions:
In this packet, the server has sent its digital certificate across to the client. As shown in this packet, the server is using SSL version 3. Over the next few steps, you will discover how to view and interpret the data as a security professional.
As shown in the preceding snippet, you can determine the handshake type, which is a Server Hello message that is sent back to the client, the timestamp of the actual handshake between the server and client in the format month day year time timezone, the session ID and its length, and the cipher suite of the encryption, hashing, and authentication algorithms.
Point #1 allows you to determine the version of the X.509 standard. In this certificate, it's using the X.509 v3 standard. Point #2 provides the certificate signature and algorithm. Point #3 provides the details of the CA who issued the certificate to the server. Point #4 provides the validity period of the certificate.
As shown in the preceding snippet, the later sections of the packet indicate the subject and all the details aligned to the X.509 standard and the public key that is given to the client.
Having completed this lab, you have learned how to use Wireshark to investigate the contents of a digital certificate as it is sent from a server to a client system across a network. In the next section, we'll take a dive into understanding how cryptography is used in wireless security.
Almost anywhere you visit, whether it's a coffee shop or even a restaurant, you will always find wireless networks. The need to always stay connected is continuously growing around the world, as is the need for wireless security.
When configuring a wireless router or an Access Point (AP), we need to consider the wireless security standards and authentication methods that are available. The following is a list of wireless security standards that are commonly available on wireless routers and APs:
The following screenshot shows the available security modes within a wireless router:
As shown in the preceding snippet, there are many wireless security standards available. However, you will notice that there are Personal and Enterprise modes. Personal mode allows you to consider a PSK on the wireless router. The PSK needs to be shared with those who are authorized to join the wireless network.
The following screenshot shows the option to consider the PSK (passphrase) when WPA2 Personal is chosen:
Using Enterprise mode allows you to configure the wireless router to be associated with an Authentication, Authorization, and Accounting (AAA) server. Rather than configuring a PSK on the router and sharing the same PSK with all authorized users, you can create a network account on the AAA server for each user, assign security policies to users' accounts, and create logs of their actions while users are authenticated on the wireless network. Using an AAA server removes the need to configure and share a PSK. With AAA, network users' accounts are centrally managed.
The following snippet shows the options available when using Enterprise mode on the wireless router:
As shown in the preceding screenshot, you can configure the wireless router to query a Remote Authentication Dial-In User Service (RADIUS) server, which is an open source AAA server that is interoperable with mixed vendor equipment. The shared secret is a secret key that allows the wireless router to authenticate itself to the RADIUS server.
Having completed this section, you have learned about the various types of wireless security standards that are used on wireless networks and the various types of cryptographic algorithms that are used to provide data confidentiality and integrity.
During the course of this chapter, you learned about the importance of cryptography and the vital role it plays in the field of information security and assurance. Furthermore, you discovered the key elements that cryptography provides on a network, such as origin authentication, data integrity, and confidentiality. You also acquired the skills and knowledge to identify various types of encryption ciphers and hashing algorithms. Lastly, you explored the need for PKI on the internet and saw how it helps users to verify the identity of a host on an untrusted network.
I hope that this chapter has been informative for you and will prove beneficial in your journey toward learning the foundations of cybersecurity operations and gaining your Cisco Certified CyberOps Associate certification. In the next chapter, you will learn about the elements of endpoint security on host devices, and understand how to use the built-in tools within Windows and Linux operating systems to perform analysis.
The following is a short list of review questions to help reinforce your learning and help you identify areas that may require some improvement. The answers to the questions can be found in the Assessments section at the end of this book.
A. Integrity
B. Origin authentication
C. Non-repudiation
D. Confidentiality
A. Brute force
B. MiTM
C. Chosen-plaintext
D. Known-plaintext
A. HMAC
B. MD5
C. SHA-1
D. SHA-2
A. AES
B. SEAL
C. 3DES
D. DES
A. AES
B. RSA
C. DSA
D. DH
A. AES
B. Encrypted
C. X.509
D. Ciphertext
The following link is recommended for additional reading:
3.133.119.66