Question 1

Core components – equipment and software for IT operations and storage of data and
applications. These may include storage systems; servers; network infrastructure, such as
switches and routers; and various information security elements, such as firewalls.

The cloud can provide tremendous value to organizations, delivering cost-effective access to a comprehensive range
of innovative business services and applications. However, the cloud and its capabilities do not exist in

a vacuum. To ensure maximum value from these assets, enterprises must examine certain criteria, including the
best network connectivity model and service provider for their business requirements.

The public internet is a convenient way to deliver cloud-based applications to a large number of people, but it
frequently doesn’t fit the privacy and performance requirements of enterprises. As a result, organizations are
increasingly turning

to private connectivity, such as Multiprotocol Label Switching (MPLS), Virtual Private LAN Service (VPLS) and
Ethernet, to provide consistent, high-quality access to key business services and applications.

Safeguarding corporate data

Security is a key area of concern for the C-suite and a significant driver toward using private connectivity to the
cloud and cloud service providers (CSPs). With private connectivity, such as MPLS, organizations can benefit from
isolation of traffic from the internet, protecting critical corporate information. These security capabilities also provide
companies with the ability to better comply with stringent regulatory requirements.

Optimal performance

Another key reason that organizations choose private connectivity is to ensure reliable, high- quality delivery of
services and applications. MPLS allows for different streams of traffic to be separated by Class of Service (CoS),
ensuring
that applications that are more latency-sensitive receive higher prioritization and guaranteeing a better user experience
from end to end.

Ability to easily scale

Ethernet, VPLS and MPLS are inherently flexible and scalable technologies, providing organizations with the ability
to dynamically adjust bandwidth, connect to a growing number of CSPs and

modify interconnect capacity on demand. Private connections are also an attractive option to organizations that have
frequent, large data transfers and backups or those that conduct research and development initiatives that require
quick activation of new environments.

Efficient and cost-effective

MPLS connectivity can optimize infrastructure ROI by leveraging an organization’s existing WAN environment.
Furthermore, network service providers that have already invested in pre- provisioned connectivity to a cloud
exchange platform can offer enterprises efficient connectivity to a number of CSPs using cost-effective price plans.

Companies can also realize cost efficiencies by using a single access circuit for cloud connectivity, splitting the
network traffic locally across private networking and public internet access. This approach ensures optimal
performance by balancing premium connectivity for business- critical services with low-cost access such as
broadband.

As Sorell Slaymaker and Danellie Young explain in their research note Utilizing Network Service Provider Direct
WAN Connectivity for the Cloud, there are three common cloud connectivity options: internet, cloud internet
(exchange-based) and direct WAN. An ideal network provider would have the assets and flexibility to connect clients
to the cloud using any of these methods. For example, a global Tier 1 ISP that could provide MPLS connectivity
and broadband aggregation could effectively be a one-stop solution for an enterprise and its evolving cloud
strategy and connectivity requirements.

Choosing the Right Network Solution

Today, about 5 percent of enterprise public cloud connections eschew the public internet in favor of private connectivity,
according to Gartner. In a few short years, this number is expected to increase to 30 percent. For organizations that are
considering private connectivity, there are key areas to focus on when evaluating specific network service
providers and service offerings.

Seamless connectivity to cloud service provider networks

Cloud service providers usually natively host applications and services in specific locations, which can significantly
impact QoS for the end user. To provide a high-quality user experience from end to end, a network service provider
should connect to the cloud service provider at multiple points on its network.

Flexible offering

An ideal provider will offer both a wide variety of private connectivity technologies, such

as MPLS, VPLS and Ethernet, and different configurations and port types. The ability to deploy a private, public or
hybrid cloud solution is also important.

Robust service level agreements (SLAs)

The chosen service offering should include a robust, end-to-end SLA to guarantee minimal packet loss and optimal
performance all the way through to the end user. The provider also should offer real-time reporting tools for
verification of SLA performance.

Diverse bandwidth options

Traffic is never constant or consistent—and it can rapidly increase or decrease due to factors such as data backups,
billing cycles, and additions of offices and users. The selected service provider should provide burstable bandwidth
and a per-Mbps rate that doesn’t penalize for burst traffic. Organizations should also have the ability to share
bandwidth across ports so they have the flexibility to scale across locations as they grow.

In summary, deciding on the cloud architecture that best fits a business can be challenging. By taking a holistic
approach, evaluating the type of cloud model and connectivity required, and carefully examining network service
providers, organizations can maximize the investment that they are making in the cloud and cloud-based services
and applications.

There are three primary methods to connect an enterprise to public cloud service providers (CSPs): Internet, cloud
interconnect and direct WAN cloud connectivity. Each method has its relative advantages, depending on the
enterprise use case for cloud services.

The dominant method to connect an enterprise to public CSPs is via a secure Internet connection. Every enterprise
and public cloud provider is connected to the Internet, so connections can

be set up quickly through existing gateways. The disadvantage of utilizing this approach is a lack of performance
guarantees and potential exposure to distributed denial of service (DDoS) attacks. Figure 1 illustrates Internet-based
enterprise cloud network connectivity.

Figure 1

The second, less common approach is to connect an enterprise to CSPs via a cloud interconnect. In this approach, an
enterprise acquires a private, direct, high-speed connection to a cloud interconnect, such as Equinix Cloud Exchange,
CoreSite, Telx (now a part of Digital Realty) and/ or other facilities where multiple carriers meet and exchange
Internet traffic and Ethernet network-to- network interfaces (NNIs). It can be beneficial for an enterprise to have a
presence and buy Ethernet cross-connects to various CSPs. In Gartner’s IaaS research, this approach is referred to
as “third- party connectivity via partner exchange.” All large CSPs have network connectivity at these cloud
interconnects, which are geographically distributed and, in many cases, in the same physical location as regional
Internet peering points. The disadvantage of utilizing this approach is the investment and time required to connect the
enterprise to a cloud interconnect in a highly redundant manner, along with the associated support requirements.
Figure 2 illustrates a cloud interconnect configuration.

The third emerging method of connecting an enterprise to CSPs is to utilize the incumbent enterprise WAN for
direct cloud connectivity. In this model, the • Network service providers (NSP) has reprovisioned connectivity into a
CSP, so adding connectivity is quick, versus an enterprise ordering redundant network connections and edge routers
and firewalls at the CSP site(s).

In this model, an enterprise can utilize its existing WAN and dynamically add CSPs and capacity as required, as well as
modify interconnect capacity on-demand. Figure 3 portrays a direct WAN cloud connectivity architecture.
These models can also be combined. For example, direct WAN cloud connectivity can connect into

a cloud interconnect for use cases where an NSP may not yet have a direct cloud connection to the CSP. Also, in
direct WAN cloud connectivity, an enterprise may use a managed firewall service to minimize backhauling traffic
through the enterprise data center. Cloud-to-cloud services supporting applications like big data can flow

between CSPs without having to backhaul through the enterprise data center.

Finally, to strategic enterprise CSPs, both Internet and direct connections may be required based on factors such as type
of application, who is consuming that application and their location, inside or outside the enterprise. Software-defined
WANs, which include private and/or public connections to both branch offices and cloud providers with a centralized
controller, will play a greater role in dynamically ensuring the optimal network path and application performance, end
to end.

Analysis

Choose the Right Public Cloud Network Connectivity Method

Enterprises should define their network requirements for each application within each cloud provider and use Figure
4 as a framework to assess which method(s) of cloud network connectivity best suit each use case. For instance, an
email application hosted in the cloud will have different requirements than a real-time Web conferencing
application.
Cloud ecosystem — This refers to the size of the cloud ecosystem that is directly addressable by the solution.
Internet connectivity provides access to thousands of CSPs, while hundreds are available through cloud
interconnects, and only tens are available through direct WAN cloud connections.

Performance and SLAs — Cloud-based services that utilize the Internet as transport do not
commit to standard network-performance-based SLAs

for latency, jitter and dropped packets. Cloud interconnects offer tight SLAs, whereas some
NSPs offer equivalent SLAs as their MPLS services while others do not. A critical consideration
for direct WAN cloud connections is that quality of service (QoS) markings should be honored
end to end.

High availability — Internet connections can be subjected to DDoS attacks and other network
interruptions that do not occur on private networks. Direct WAN cloud connect services include
automated failover in case the cloud providers’ services or sites go offline.

Provisioning time — This refers to how quickly a network connection can be deployed from an
enterprise to a cloud service. Since Internet connectivity is ubiquitous, a virtual private
connection can be established in near real time. For WANs, the NSPs are building self-service
portals, so once an enterprise subscribes to this service, it can use its existing WAN connections.
Cloud interconnects take some time for the initial build, but once they are up and running, new
public cloud connections can be added quickly.

Security — Security of data in motion over the network connection and the opportunities for
third parties to interrupt traffic through DDoS attacks, “man in the middle” attacks and tracking

metanetworking data are important considerations for some applications. While an IPsec tunnel
is good enough for many enterprise applications, there are some where enterprises require that
the application run exclusively over a private network.

Price per megabit — Internet bandwidth offers the lowest cost per megabyte. Cloud interconnect
pricing is also very competitive, especially for speeds above 500 Mbps, but not for speeds at 100
Mbps or lower. Initial pricing contracts that Gartner has seen for direct WAN cloud connectivity
are higher than standard MPLS pricing contracts from NSPs, and this is being treated as a
premium service.

Initial setup costs — Setting up a cloud interconnect can be time-consuming and requires a
significant capital investment for routers and security equipment within the interconnect in order
to realize the longer-term performance and cost savings for public cloud connectivity. Internet
and WAN infrastructures are already in place, although some NSPs charge a setup fee for their
direct WAN cloud connectivity service.

Evaluate the Direct WAN Cloud Connectivity Offers of Your Incumbent WAN Provider

Each NSP offering for direct WAN cloud network connectivity varies, since this is an emerging
market with product updates being announced weekly. The NSP offerings differ in many areas,
including the number of connected cloud partners, geographic coverage, SLAs, price points and
the types of connectivity available.

An important differentiation among the NSP WAN direct cloud connectivity offers is whether
they provide Ethernet-based services to the cloud providers. Gartner finds that Ethernet-based
connectivity is significantly more cost-effective than MPLS at speeds above 500 Mbps. Ethernet
Private Line (EPL) services can also be tightly controlled to ensure the shortest physical path
between any two points, minimizing round- trip delay. This can be especially valuable for
connecting back-end systems (such as databases and directories) to cloud services, where
minimal latency is critical for optimal application performance.

The objectives of the NSP direct WAN connectivity offers are similar, but they are each in a
different place in their execution. The common objectives include:

• Managed integrated service — Touchless orchestration that brokers the connection to the
cloud provider’s private network

• Software-defined — Virtualized, on-demand and centrally controlled to provide a highly

customizable solution through a programmable infrastructure

• High availability — Redundant network connections to the cloud provider as part of the
base service

• Flexible billing options — Usage, capacity or fixed billing, based on the enterprise’s
desires regarding performance and costs.
While MPLS is a mature service with common features across each of the NSPs, direct WAN
cloud connectivity is new and will have many areas of differentiation from NSPs. Some of the
key differentiators include:

• Mobile support — For mobile endpoints, this will require the use of a mobile device

management system and/or a VPN client to ensure traffic is routed properly. The NSPs that have
large mobile networks will focus on this feature.

• Security — Enhanced security features include cloud traffic isolation for the enterprise
MPLS network using separate virtual routing and forwarding (VRF), reverse network address
translation and WAN encryption.

• Cloud partner reach — Some NSPs will connect to a large number of secondary cloud

providers, while others will focus on geographic density across the dominant cloud providers.

• WAN optimization — This includes caching, content delivery and network acceleration
to enhance the performance of applications running across the WAN.

• Global coverage — This includes NSP coverage within the region(s) required, and the
centers where the cloud applications reside.

In 2016, all NSPs will be adding additional features and expanded coverage, enhancing SLAs,
and improving security options. In addition, almost every NSP has a partnership with Equinix to
provide direct WAN connectivity to CSPs that NSPs do not have a direct connection to today.
As enterprises move more mission-critical applications and collaboration tools that utilize real-
time voice and video into public cloud providers, network performance and security will become
even more important. This will drive enterprises to reconsider utilizing just Internet connectivity
for cloud network connectivity. As enterprises’ cloud strategies evolve, their network
connectivity strategies must also evolve.
Question 2

Hashing can show that data has not changed in transmission, but on its own cannot demonstrate
that the data originated with its supposed author. To do that, a digital signature should be used.

Digital signatures use the sender’s private key to encrypt the hash. Previously, you learned how
documents can be encrypted with a public key which can be used by anyone but can only be
decrypted using the corresponding private key known only to the owner.

Encrypting data using the private key isn’t suitable for securing secrets (as anyone with access to
the public key could decrypt it). However, it is perfectly possible to encrypt a hash using the
private key so that the hash can be decrypted and compared by anyone possessing the matching
public key. This can be used to provide authenticity since the encrypted hash must have been
produced by the holder of the private key – hence the name digital signature.

Case study 1: Retail Webmaster and Customers

Imagine that Retail webmaster wants to send the company’s quarterly profit statement to
Customers, who works in the financial markets, for public announcement. Both Retail
webmaster and Customers want confidence that the quarterly profit statement has not been
intercepted by third party (Man-in-Middle) enroute and altered.

An illustration of how Retail webmaster would send her quarterly profit statement to Customers.

Figure 10

Long description

Retail webmaster will therefore produce a hash of the quarterly profit statement and then encrypt
this with her private key to produce a digital signature. Retail webmaster will then include the
digital signature with the quarterly profit statement and send this to Customers. Retail webmaster
may also encrypt the quarterly profit statement and the encrypted hash with Customers’ public
key so that all details of the message remain secret.

Upon receipt Customers will, if Retail webmaster sent the message encrypted with his public
key, decrypt the message using his own private key. This will then reveal the encrypted digital
signature. He will decrypt the digital signature using Retail webmaster’s corresponding public
key to reveal the hash. Customers will then calculate a hash of the quarterly profit statement and
then compare this with the encrypted hash that he received from Retail webmaster. If the hashes
are the same, then both Customers and Retail webmaster can be confident that the quarterly
profit statement was not altered enroute by third party (Man-in-Middle).

Digital signatures do not provide us with complete confidence of the author or originator. Just
because a digitally signed document claims to come from a person or a company it doesn’t mean
that it actually did, a malicious individual could masquerade as the sender by producing their
own public/private key pair and using these to produce digital signatures.

The digital signature is used to achieve integrity, authenticity, and non-repudiation. In a digital
signature, the senders private key is used to encrypt the message digest (signing) of the message
and receiver need to decrypt the same using senders public key to validate the signature.
A digital signature (not to be confused with a digital certificate) is an electronic signature that
can be used to authenticate the identity of the sender of a message or the signer of a document,
and possibly to ensure that the original content of the message or document that has been sent is
unchanged. Digital signatures are easily transportable, cannot

be imitated by someone else and can be automatically time-stamped. The ability to ensure that
the original signed message arrived means that the sender cannot easily repudiate it later.

A digital signature can be used with any kind of message, whether it is encrypted or not, simply
so that the receiver can be sure of the sender’s identity and that the message arrived intact. A
digital certificate contains the digital signature of the certificate-issuing authority so that anyone
can verify that the certificate is real.
Question 3

PGP (Pretty Good Privacy) is a popular program that's used to give confidentiality and
authentication services for electronic correspondence and train storehouse. It was designed by
Phil Zimmermann way back in 1991. He designed it in such a way, that the stylish cryptographic
algorithms similar as RSA, Diffie-Hellman crucial exchange, DSS are used for the public-crucial
encryption (or) asymmetric encryption; CAST-128, 3DES, IDEA are used for symmetric
encryption and SHA-1 is used for mincing purposes. PGP software is an open source one and
isn't dependent on either of the Zilches (Operating System) or the processor. The operation is
grounded on many commands which are veritably easy to use. The following are the services
offered by PGP 1. Authentication2. Confidentiality3. Compression4. Dispatch Compatibility5.
Segmentation In this composition, we will see about Authentication and Confidentiality.

1. Authentication
Authentication principally means commodity that's used to validate commodity as true or real.
To login into some spots occasionally we give our account name and word, that's an
authentication verification procedure. In the dispatch world, checking the authenticity of a
dispatch is nothing but to check whether it actually came from the person it says. In emails,
authentication must be checked as there are some people who imitate the emails or some
spams and occasionally it can beget a lot of vexation. The Authentication service in PGP is
handed as follows
As shown in the below figure, the Hash Function (H) calculates the Hash Value of the
communication. For the mincing purpose, SHA-1 is used, and it produces a 160- bit affair hash
value. Also, using the sender’s private key (KPa), it's translated, and it’s called as Digital Hand.
The Communication is also added to the hand. All the process happed till now, is occasionally
described as subscribing the communication. Also, the communication is compressed to reduce
the transmission outflow and is transferred over to the receiver. At the receiver’s end, the data is
mellowed and the communication, hand are attained. The hand is also deciphered using the
sender’s public key (PUa) and the hash value is attained. The communication is again passed to
hash function and its hash value is calculated and attained. Both the values, one from hand and
another from the recent affair of hash function are compared and if both are same, it means that
the dispatch is actually transferred from a known one and is legal, differently it means that it’s
not a legal bone.

2. Confidentiality Occasionally we see some packages labelled as‘Nonpublic’, which means

that those packages aren't meant for all the people and only named persons can see them. The
same applies to the dispatch confidentiality as well. Then, in the dispatch service, only the sender
and the receiver should be suitable to read the communication, that means the contents must be
kept secret from every other person, except for those two. PGP provides that Confidentiality
service in the following manner

The communication is first compressed and a 128- bit session key (Ks), generated by the PGP,
is used to cipher the communication through symmetric encryption. Also, the session key
(Ks) itself gets translated through public key encryption (EP) using receiver’s public key
(KUb). Both the translated realities are now concatenated and transferred to the receiver. As
you can see, the original communication was compressed and also translated originally and
hence indeed if anyone could get hold of the business, he cannot read the contents as they
aren't in readable form, and they can only read them if they had the session key (Ks).
Indeed, though session key is transmitted to the receiver and hence, is in the business, it's in
translated form and only the receiver’s private key (KPb) can be used to decipher that and
therefore our communication would be fully safe. At the receiver’s end, the translated
session key is deciphered using receiver’s private key (KPb) and the communication is
deciphered with the attained session key. Also, the communication is mellowed to gain the
original communication (M). RSA algorithm is used for the public-crucial encryption and for
the symmetric crucial encryption, CAST-128 (or IDEA or 3DES) is used. Virtually, both the
Authentication and Confidentiality services are handed in parallel as follows
Diagram abbreviation Note: 
M – Message 
H – Hash Function 
Ks – A random Session Key created for Symmetric Encryption purpose 
DP – Public-Key Decryption Algorithm 
EP – Public-Key Encryption Algorithm 
DC – Asymmetric Encryption Algorithm 
EC – Symmetric Encryption Algorithm 
KPb – A private key of user B used in Public-key encryption process 
KPa – A private key of user A used in Public-key encryption process 
PUa – A public key of user A used in Public-key encryption process 
PUb – A public key of user B used in Public-key encryption process 
|| – Concatenation 
Z – Compression Function 
Z-1 – Decompression Function
Question 4a.

Malicious software (often called malware for short) is any type of software that is intended to
harm or hack the user. They might be attempting to steal your information, or they might simply
do it for malicious reasons. Either way, it’s not worth the time to wonder about the motivations
of a hacker. Instead, it’s best to focus on questions that you might be able to answer.

It’s very hard to pin down a definition for malware because it can work in so many ways.
Anything that is intended to cause harm or gain unauthorized access would fall under this broad
heading, and that’s probably all you need to know.

First, the risk of malware is by no means limited to the computer. Any device which can connect
to the internet might potentially be infected. Once infected, all sorts of bad things might happen.

For one thing, malware can allow someone else to take control of your computer/device. This
might include the installation of programs, the changing of settings or passwords, or the theft of
intellectual property (among other things). Anything that you put on the computer will be
accessible to the one who controls the malware.

Ransomware Attacks

In many cases, malware is intended to bring about monetary gain for the attacker. In recent
years, malware attacks have been used to lock people out of their computer systems. In cases like
these, which are called “ransomware attacks,” the attacker will first infect your computer via
phishing or some other social-engineering method. Then, they will use the illegitimate access
they have gained to encrypt the entire hard drive. Normally, this will be followed up with a
ransom demand, and the victim cannot regain access until they do as the hacker demands.

Keyloggers

Obviously, ransomware attacks are seldom carried out against private individuals. Only
companies and corporations have enough money to be appealing as ransomware targets. If
someone infects your private computer with malware, they will probably have more modest
goals. For instance, they can use a special type of malware called a keylogger to capture your
online banking login info.
A keylogger is self-explanatory. It spies on your computer and records every keystroke that is
made. This will include everything from mundane internet searches to sensitive login credentials.

Password Crackers

Yes, there are programs that can crack your password, but it’s not as bad as it might sound.
These programs work by taking hundreds or even thousands of guesses. Obviously, most of
those guesses will be wrong, but the computer is able to learn a tiny bit from every failed guess.
Eventually, they can construct a complete set of login credentials. The good news is that these
programs take a very long time to do their work. Thus, they are virtually useless against long and
complex passwords.

APT Malware

In some cases, a hacker might have personal motivations for infecting you with malware. For
instance, there have been cases in which people have used malware to spy on former partners or
spouses who have rejected them. As petty as this might sound, there are plenty of people out
there who are petty enough to do this.

If someone is trying to spy on you, they will probably use something called an APT (advanced
persistent threat). This is like the undercover ninja of the malware world. The ninja does not
expose himself, nor do anything that might draw attention. Instead, he sits in the background and
quietly gathers information, doing nothing that might reveal his presence.

However, this kind of hacking is by no means innocent. Stalkers, serial killers, and other
dangerous/deranged individuals can potentially use this sort of software to find and stalk their
victims. Here’s a point to remember: Malware is almost always designed to get something from
you. If they aren’t after your money or your data, they may be after you.

The primary difference between a virus and a worm is that viruses must be triggered by the
activation of their host; whereas worms are stand-alone malicious programs that can self-
replicate and propagate independently as soon as they have breached the system. Worms do not
require activation—or any human intervention—to execute or spread their code.

Viruses are often attached or concealed in shared or downloaded files, both executable files—a
program that runs script—and non-executable files such as a Word document or an image file.
When the host file is accepted or loaded by a target system, the virus remains dormant until the
infected host file is activated. Only after the host file is activated, can the virus run, executing
malicious code, and replicating to infect other files on your system.

In contrast, worms don't require the activation of their host file. Once a worm has entered your
system, usually via a network connection or as a downloaded file, it can then run, self-replicate
and propagate without a triggering event. A worm makes multiple copies of itself which then
spread across the network or through an internet connection. These copies will infect any
inadequately protected computers and servers that connect—via the network or internet—to the
originally infected device. Because each subsequent copy of a worm repeats this process of self-
replication, execution and propagation, worm-based infections spread rapidly across computer
networks and the internet at large.

Viruses and worms are a subcategory of malicious programs, aka malware. Any program in this
subcategory malware can also have additional Trojan functions.

Viruses

Viruses can be classified according to the method that they use to infect a computer

• File viruses

• Boot sector viruses

• Macro viruses

• Script viruses

Worms

Worms often exploit network configuration errors or security loopholes in the operating system
(OS) or applications

Many worms use multiple methods to spread across networks, including the following:

• Email: Carried inside files sent as email attachments

• Internet: Via links to infected websites; generally hidden in the website’s HTML, so the
infection is triggered when the page loads
• Downloads & FTP Servers: May initially start in downloaded files or individual FTP
files, but if not detected, can spread to the server and thus all outbound FTP transmissions

• Instant Messages (IM): Transmitted through mobile and desktop messaging apps,
generally as external links, including native SMS apps, WhatsApp, Facebook messenger, or any
other type of ICQ or IRC message

• P2P/Filesharing: Spread via P2P file sharing networks, as well as any other shared drive
or files, such as a USB stick or network server

• Networks: Often hidden in network packets; though they can spread and self-propagate
through shared access to any device, drive, or file across the network

Viruses, worms, and malware most often exploit security vulnerabilities and bugs. For this
reason, it is crucial to keep current with all OS and application updates and patches.
Unfortunately, keeping current with updates and being vigilant simply are enough. There are
many exploits and vectors that can get viruses and worms into a network or onto a computer or
mobile device.

These days, comprehensive cyber security is mandatory for all your devices—desktops, laptops,
tablets, and smartphones. To be effective, cyber security solutions must provide real-time
protection for all your activities, from emails to internet browsing, not just periodic hard drive
scans. Furthermore, today’s best security software products are not static one-time installations
with periodic updates. A quality cyber security product is provided as a service, known as SaaS
(Software-as-a-Service). This means that in addition to monitoring your devices in real-time, the
software itself is updated in real-time with the most current information about existing and
emerging threats, how to prevent them and how to repair their damage.
Question 4b

Encryption can help protect data you send, receive, and store, using a device. That can include
text messages stored on your smartphone, running logs saved on your fitness watch, and banking
information sent through your online account.

Encryption is the process that scrambles readable text so it can only be read by the person who
has the secret code, or decryption key. It helps provide data security for sensitive information.

Vast amounts of personal information are managed online and stored in the cloud or on servers
with an ongoing connection to the web. It’s nearly impossible to do business of any kind without
your personal data ending up in an organization’s networked computer system, which is why it’s
important to know how to help keep that data private.

Encryption plays an essential role.

Encryption is the process of taking plain text, like a text message or email, and scrambling it into
an unreadable format — called “cipher text.” This helps protect the confidentiality of digital data
either stored on computer systems or transmitted through a network like the internet.

When the intended recipient accesses the message, the information is translated back to its
original form. This is called decryption.

To unlock the message, both the sender and the recipient have to use a “secret” encryption key
— a collection of algorithms that scramble and unscramble data back to a readable format.

Difference Symmetric and asymmetric encryption

An encryption key is a series of numbers used to encrypt and decrypt data. Encryption keys are
created with algorithms. Each key is random and unique.

There are two types of encryption systems: symmetric encryption and asymmetric encryption.
Here’s how they’re different.

Symmetric encryption uses a single password to encrypt and decrypt data.

Asymmetric encryption uses two keys for encryption and decryption. A public key, which is
shared among users, encrypts the data. A private key, which is not shared, decrypts the data.
Types of Encryptions

There are several types of encryptions, each developed with different needs and security needs in
mind. Here are the most common examples of encryption.

Data Encryption Standard (DES)

Data Encryption Standard is considered a low-level encryption standard. The U.S. government
established the standard in 1977. Due to advances in technology and decreases in the cost of
hardware, DES is essentially obsolete for protecting sensitive data.

Triple DES

Triple DES runs DES encryption three times. Here’s how it works: It encrypts, decrypts, and
encrypts data — thus, “triple.” It strengthens the original DES standard, which became regarded
as too weak a type of encryption for sensitive data.

RSA

RSA takes its name from the familial initials of three computer scientists. It uses a strong and
popular algorithm for encryption. RSA is popular due to its key length and therefore widely used
for secure data transmission.

Advanced Encryption Standard (AES)

Advanced Encryption Standard is the U.S. government standard as of 2002. AES is used
worldwide.

TwoFish

Twofish is considered one of the fastest encryption algorithms and is free for anyone to use. It’s
used in hardware and software.

Using encryption via SSL

Most legitimate websites use what is called “secure sockets layer” (SSL), which is a form of
encrypting data when it is being sent to and from a website. This keeps attackers from accessing
that data while it is in transit.
Look for the padlock icon in the URL bar, and the “s” in the “https://” to make sure you are
conducting secure, encrypted transactions online.

It’s a good idea to access sites using SSL when:

You store or send sensitive data online. If you use the internet to carry out tasks such as filing
your taxes, making purchases, renewing your driver’s license, or conducting any other personal
business, visiting sites using SSL is a good idea.

Your work requires it. Your workplace may have encryption protocols, or it may be subject to
regulations that require encryption. In these cases, encryption is a must.

Encryption is important in protecting.

1. Internet privacy concerns are real

Encryption helps protect your online privacy by turning personal information into “for your eyes
only” messages intended only for the parties that need them — and no one else.

You should make sure that your emails are being sent over an encrypted connection, or that you
are encrypting each message.

Most email clients come with the option for encryption in their Settings menu, and if you check
your email with a web browser, take a moment to ensure that SSL encryption is available.

2. Hacking is big business

Cybercrime is a global business, often run by multinational outfits.

Many of the large-scale data breaches that you may have heard about in the news demonstrate
that cybercriminals are often out to steal personal information for financial gain.

3. Regulations demand it

The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare providers
to implement security features that help protect patients’ sensitive health information online.

Institutions of higher learning must take similar steps under the Family Education Rights and
Privacy Act (FERPA) to protect student records.
Retailers must contend with the Fair Credit Practices Act (FCPA) and similar laws that help
protect consumers.

Encryption helps businesses stay compliant with regulatory requirements and standards. It also
helps protect the valuable data of their customers.

Encryption is designed to protect your data, but encryption can also be used against you.

For instance, targeted ransomware is a cybercrime that can impact organizations of all sizes,
including government offices. Ransomware can also target individual computer users.

How do ransomware attacks occur? Attackers deploy ransomware to attempt to encrypt various
devices, including computers and servers. The attackers often demand a ransom before they
provide a key to decrypt the encrypted data. Ransomware attacks against government agencies
can shut down services, making it hard to get a permit, obtain a marriage license, or pay a tax
bill, for instance. Targeted attacks are often aimed at large organizations.
Question 5

A firewall is a device security against attack and refers to any hardware or software in a
computer that when used allow the protection of a computer network. It filters the flow of traffic
in the form of data to find outsiders and then block those unwanted outsiders or intruders from
entering and accessing private data on a computer scrupulously through unauthorized means like
eavesdropping. For example, a firewall on my computer is used to avoid theft of my credit card
number and passwords when I am browsing a shopping website on the internet. Firewall is a
security weapon or wall whereby all network traffics are filtered in a two-way direction (trusted
network and malicious network).

The five types of firewalls that continue to play significant roles in enterprise environments
today.

1. Packet filtering firewall

Packet filtering firewalls operate inline at junction points where devices such as routers and
switches do their work. However, these firewalls don't route packets; rather they compare each
packet received to a set of established criteria, such as the allowed IP addresses, packet type, port
number and other aspects of the packet protocol headers. Packets that are flagged as troublesome
are unceremoniously dropped -- that is, they are not forwarded and, thus, cease to exist.

Packet filtering firewall advantages

A single device can filter traffic for the entire network

Extremely fast and efficient in scanning traffic

Inexpensive

Minimal effect on other resources, network performance and end-user experience

Packet filtering firewall disadvantages

Because traffic filtering is based entirely on IP address or port information, packet filtering lacks
broader context that informs other types of firewalls

Doesn't check the payload and can be easily spoofed

Not an ideal option for every network

Access control lists can be difficult to set up and manage

Packet filtering may not provide the level of security necessary for every use case, but there are
situations in which this low-cost firewall is a solid option. For small or budget-constrained
organizations, packet filtering provides a basic level of security that can provide protection
against known threats. Larger enterprises can also use packet filtering as part of a layered
defense to screen potentially harmful traffic between internal departments.

2. Circuit-level gateway

Using another relatively quick way to identify malicious content, circuit-level gateways monitor
TCP handshakes and other network protocol session initiation messages across the network as
they are established between the local and remote hosts to determine whether the session being
initiated is legitimate -- whether the remote system is considered trusted. They don't inspect the
packets themselves, however.

Circuit-level gateway advantages

Only processes requested transactions; all other traffic is rejected

Easy to set up and manage

Low cost and minimal impact on end-user experience

Circuit-level gateway disadvantages

If they aren't used in conjunction with other security technology, circuit-level gateways offer
no protection against data leakage from devices within the firewall
 No application layer monitoring

Requires ongoing updates to keep rules current

While circuit-level gateways provide a higher level of security than packet filtering firewalls,
they should be used in conjunction with other systems. For example, circuit-level gateways are
typically used alongside application-level gateways. This strategy combines attributes of packet-
and circuit-level gateway firewalls with content filtering.

3. Application-level gateway

This kind of device -- technically a proxy and sometimes referred to as a proxy firewall --
functions as the only entry point to and exit point from the network. Application-level gateways
filter packets not only according to the service for which they are intended -- as specified by the
destination port -- but also by other characteristics, such as the HTTP request string.

While gateways that filter at the application layer provide considerable data security, they can
dramatically affect network performance and can be challenging to manage.

Application-level gateway advantages

Examines all communications between outside sources and devices behind the firewall,
checking not just address, port and TCP header information, but the content itself before it lets
any traffic pass through the proxy

Provides fine-grained security controls that can, for example, allow access to a website but
restrict which pages on that site the user can open

Protects user anonymity

Application-level gateway disadvantages

Can inhibit network performance

Costlier than some other firewall options

Requires a high degree of effort to derive the maximum benefit from the gateway

Doesn't work with all network protocols

Application-layer firewalls are best used to protect enterprise resources from web application
threats. They can both block access to harmful sites and prevent sensitive information from being
leaked from within the firewall. They can, however, introduce a delay in communications.

4. Stateful inspection firewall

State-aware devices not only examine each packet, but also keep track of whether that packet is
part of an established TCP or other network session. This offers more security than either packet
filtering or circuit monitoring alone but exacts a greater toll on network performance.

A further variant of stateful inspection is the multilayer inspection firewall, which considers the
flow of transactions in process across multiple protocol layers of the seven-layer Open Systems
Interconnection (OSI) model.

Stateful inspection firewall advantages

Monitors the entire session for the state of the connection, while also checking IP addresses
and payloads for more thorough security

Offers a high degree of control over what content is let in or out of the network

Does not need to open numerous ports to allow traffic in or out

 Delivers substantive logging capabilities

Stateful inspection firewall disadvantages

Resource-intensive and interferes with the speed of network communications

More expensive than other firewall options

Doesn't provide authentication capabilities to validate traffic sources aren't spoofed

Most organizations benefit from the use of a stateful inspection firewall. These devices serve as a
more thorough gateway between computers and other assets within the firewall and resources
beyond the enterprise. They also can be highly effective in defending network devices against
particular attacks, such as DoS.

The four techniques used by firewalls to control access and enforce security policy are the
service control, direction control, user control and behavior control.

There are several types of firewalls, each with varying capabilities to analyze network traffic and
allow or block specific instances by comparing traffic characteristics to existing policies.
Understanding the capabilities of each type of firewall and designing firewall policies and
acquiring firewall technologies that effectively address an organization’s needs, are critical to
achieving protection for network traffic flows. This document provides an overview of firewall
technologies and discusses their security capabilities and relative advantages and disadvantages
in detail. It also provides examples of where firewalls can be placed within networks, and the
implications of deploying firewalls in particular locations. The document also makes
recommendations for establishing. Originally, firewalls focused primarily on service control, but
they have since evolved to provide all four:
Service Control

This Control determines the types of internet services that can be accessed, inbound or outbound.
Firewall may filter traffic based on IP address, protocol, or TCP port number

It may provide proxy software that receives and interprets each service request before passing it
on. It may host the server software itself such as a web or mail service.

For Example:

Incoming HTTP Requests – Rejected unless they are directed to an official web server host

Direction Control

This Control regulates the direction in which service request may be initiated and allowed to
flow through firewall.

User Control

A User control manages or authorizes admission to a service according to which entity is trying
to access that specified service. This feature is applied to users inside the firewall perimeter
(Internal Users). It may also be applied to incoming traffic from external users. But it requires
some form of secure authentication technology. User role firewall policies allows the
administrators to permit or restrict network access for users based on the roles they are assigned.
User role firewalls enable greater threat mitigation, provide more informative forensic resources,
improve record archiving for regulatory compliance, and enhance routine access provisioning.

Network security enforcement, monitoring, and reporting based solely on IP information soon
will not be sufficient for today’s dynamic and mobile workforce. By integrating user firewall
policies, administrators can permit or restrict network access of employees, contractors, partners,
and other users based on the roles they are assigned. User role firewalls enable greater threat
mitigation, provide more informative forensic resources, improve record archiving for regulatory
compliance, and enhance routine access provisioning.

User role firewalls trigger two actions:

Retrieve user and role information associated with the traffic

Determine the action to take based on six match criteria within the context of the zone pair

The source-identity field distinguishes a user role firewall from other types of firewalls. If the
source identity is specified in any policy for a particular zone pair, it is a user role firewall. The
user and role information must be retrieved before policy lookup occurs. If the source identity is
not specified in any policy, user and role lookup is not required.

To retrieve user and role information, authentication tables are searched for an entry with an IP
address corresponding to the traffic. If an entry is found, the user is classified as an authenticated
user. If not found, the user is classified as an unauthenticated user.

The username and roles associated with an authenticated user are retrieved for policy matching.
Both the authentication classification and the retrieved user and role information are used to
match the source-identity field.

Characteristics of the traffic are matched to the policy specifications. Within the zone context,
the first policy that matches the user or role and the five standard match criteria determines the
action to be applied to the traffic.
The following sections describe the interaction of user and role retrieval and the policy lookup
process, methods for acquiring user and role assignments, techniques for configuring user role
firewall policies, and an example of configuring user role firewall policies.

For policy lookup, firewall policies are grouped by zone pair (the from zone and to zone). Within
the context of the zone pair, IP-based firewall policies are matched to traffic based on five
criteria—source IP, source port, destination IP, destination port, and protocol.

User role firewall policies include a sixth match criteria—source identity. The source-identity
field specifies the users and roles to which the policy applies. When the source-identity field is
specified in any policy within the zone pair, user and role information must be retrieved before
policy lookup can proceed. (If all policies in the zone pair are set to any or have no entry in the
source-identity field, user and role information is not required and the five standard match
criteria are used for policy lookup.)

The user identification table (UIT) provides user and role information for an active user who has
already been authenticated. Each entry in the table maps an IP address to an authenticated user
and any roles associated with that user.

When traffic requires user and role data, each registered UIT is searched for an entry with the
same IP address. If a user has not been authenticated, there is no entry for that IP address in the
table. If no UIT entry exists, the user is considered an unauthenticated user.

Behavior Control

Controls how particular services are used.

For example, the firewall may filter email to eliminate spam, or it may enable external access to
only a portion of the information on a Local web server.
Filtering of email spam attacks – may require examination of Sender’s email address in message
headers and message contents.

When taking the behavior groups and behavior rules that make up each of the individual firewall
entities, the initial idea of how traffic may be processed is linear. Meaning, one will process
traffic as a true firewall does, attempting a match in a linear method, one behavior rule at a time
to one packet at a time. With a reformulation of each behavior group, the processing time may be
bound to the number of decisions that must be made, as opposed to the number of behavior rules
and the size of the address space. This same model may then be replayed for behavior groups
that represent routing tables and NAT tables. The formulation of the problem is different but is
still a factor of the number of decisions that must be made. In a review of the routing behavior
group, the decision to be made is what egress interface matches the traffic and with NAT, the
addresses to be translated.