Guidebolt

Information Security

2018.04.04

Policies

Master Email Control

Ensure that the owners of the business have control of all email accounts, such that if someone is hospitalized, critical access is not lost.

AFK Defense

Always suspend, log off, or shut down the computer before moving away from the keyboard. No exceptions.

USB Defense

Never accept untrusted USB drives for data transfer.

HTTP

HTTP requests are fully visible to the router, modem, ISP, intermediary servers, and destination server. The domain, URI path, request method, header/body data, and your IP address are exposed.

HTTPS

HTTPS requests still expose the domain (ex. www.website.com), but encrypts the path (ex. /blog/article/why-security-matters) to protect the privacy of visiting a certain page on a website.

HTTPS requests also encrypt the request method and header/body data so as to protect sensitive passwords and messages.

VPN

VPN services provide a launchpad with which to initiate pseudo-anonymous requests. The secure connection with the VPN server ensures that your encrypted requests splits the data exposure into 2 sides. On your side, your ISP and the intermediary network servers only see your IP address, the domain/IP of the VPN server, the request size/timestamp; the true destination and content of the request are kept completely private. On the destination server's side, its ISP and the intermediary network servers only see the VPN server's IP address, the destination server's domain/IP address, the request size/timestamp.

You will be compromised in the future if the VPN server saves logs. Logs show timestamps and connection details. They can be used to trace packets back to your computer. To ensure forward secrecy, the VPN server and its network infrastructure must be truly logless.

You will be compromised now if the VPN server has been taken over already. The VPN server does not need to record logs if it is streaming your connection details in real-time to those with malicious intent against you.

You may be compromised if the target website or VPN ISP colludes with your ISP or a packet sniffer on your side. Timestamps and IP address tracing can be analyzed to point back to your computer. You can protect yourself by accessing the website during high traffic periods (camouflaging), using multiple VPN servers to complicate the retroactive trace analysis (proxy chaining), and switching IP addresses (dummy swapping).

Symmetric vs Asymmetric Encryption

The two big categories in the field of cryptography are symmetric encryption and asymmetric encryption.

Symmetric encryption uses a single password to both encrypt and decrypt a message. In AES-256, a written password like "PlaceholderForSomeStrongPasswordHere" runs through a slow key derivation function to generate a complex 256-bit key. This long key is then quickly mixed with the message to either encrypt or decrypt its contents. The mixing uses a specific algorithm such that an encrypted message can be properly decrypted by using the algorithm in reverse order.

Asymmetric encryption starts with a single password that runs through a specific algorithm to generate a second related password. These two passwords are the private key (original) and public key (derived). Using a related algorithm, a message encrypted by the public key can be decrypted by the private key. Thus a sender only needs to apply the public key to send an encrypted message, which can only be decrypted by the receiver's private key. The means of encryption are public such that the means of decryption stay private.

Asymmetric encryption also offers source verification. A message mixed with the private key can only be unmixed by the public key. Because everyone knows the public key, the message can be unmixed by anyone. However, because only the private key could have mixed such a message, it is confirmed that the message was truly sent by the owner of the private key. The process of mixing a private key with the message to provide source verification is called signing. A signed message is cleanly unmixed by its associated public key. Signing is the foundation of DKIM verification (confirms the sender of an email using a public key in the DNS TXT records of the expected sender domain) and TLS certificates (confirms the safety of a public key by following a chain of signed certificates that prove that a trusted authority agrees that the public key is indeed associated with the owner of the website domain).

Attack Vectors

IP spoofing. Distributed denial of service. Port scanning.

Resources

Kali Linux - Linux distribution for cyber penetration testing.

Concepts

Encryption vs Decryption

Encoding vs Decoding

Hashing

Salting

Network Protocols

Public and Private IP Addresses

IP Address Ranges and Subnets

Ports and Firewalls

Remote SFTP Fileserver

Remote USB Backup Drive

Remote VPN Gateway