INTERNET PROTOCAL LEARNING

Internet Protocol Security (IPsec)

IPsec is a set of protocols used together to establish secure connections between devices. IPsec can help create authenticated and confidential IPv4 and IPv6 packets through authentication between agents before each session begins and negotiation of cryptographic keys used during sessions.
IPsec can be used in two modes:

1. Transport Mode: IPsec's Transport Mode protects transport-layer protocols by only encrypting/authenticating its payload (your data) of an IP packet.
2. Tunnel Mode: IPsec tunnel mode provides an IP packet encapsulation mechanism designed to protect packets routed between networks. In tunnel mode, entire IP packets are encrypted or authenticated before being wrapped back up into new IP packets with unique headers and then sent on their journeys.

TLS/SSL and IPsec are foundational to the secure operation of internet communications. They protect sensitive information from interception and tampering, ensuring that our online transactions and communications are confidential and authentic.

 

Secure Email and File Encryption

Secure Email

Secure email involves encrypting an email and its attachments for delivery only to its intended recipients, using encryption keys that only they possess can unlock it back to its original form. Essentially, secure emails turn plaintext emails into unintelligible scrambled ciphertext that only people possessing said encryption key can reverse back into plaintext form.
There are several methods to secure email:

1. Transport Layer Security (TLS)

TLS secures communication between mail servers and clients by encrypting connections while in transit, protecting email while on its way - yet may remain vulnerable at rest on servers or recipients devices.

2. Pretty Good Privacy (PGP) and GNU Privacy Guard (GPG)

Pretty Good Privacy (PGP) and GNU Privacy Guard (GPG) both employ end-to-end encryption that secures email messages sent out until decrypted by their intended recipients. The senders use public keys of recipients while recipients decrypt them using private keys corresponding to themselves.

3. Secure/Multipurpose Internet Mail Extensions (S/MIME)

S/MIME has become part of most modern email software and uses a central authority to select certificate recipients, providing users with more robust encryption and digital signing than just SSL/TLS can offer. It enables email encryptors and users to digitally sign their emails providing users with added layers of protection than just SSL/TLS provides.

File Encryption

File encryption is a security measure in which individual files or folders can be encrypted by either their users or system administrators to safeguard sensitive information from being exposed unknowingly to third-parties. Encryption encases it all within an encrypted structure preventing unwarranted access by anyone not authorised. Two main types of file encryption exist:

1. Symmetric encryption: This type employs symmetric keying for file encryption and decryption, providing quicker encryption with more security in its distribution of keys. While faster, however, safe distribution remains key.
2. Asymmetric Encryption: Also referred to as public-key encryption, this approach employs two keys: one public and one private when creating encryptions with public keys; only corresponding private keys can decrypt them back. As with asymmetric encryptions, however, this process tends to be more secure due to its complexity; yet may take more time in terms of speed and convenience.

Common file encryption methods include using file archiving programs like 7-Zip or WinZip that offer password protection and file encryption capabilities, while many operating systems also include built-in file protection features like Windows' BitLocker or macOS' FileVault for convenient file protection.
As technology becomes ever more pervasive, security of email communications and files becomes ever more crucial in today's increasingly digital environment. Learning how to protect this sensitive data through encryption techniques such as emails or files is vital in maintaining cybersecurity.

 

Web Application Security

This topic is intended to introduce you to Web Application Security.

Topics to Be Covered:

• Common vulnerabilities in web applications.
• Web application security frameworks and best practices.
• Secure coding principles.
• Web application penetration testing.

 

Common Vulnerabilities in Web Applications

What are Web Application Vulnerabilities?

Web application vulnerabilities are security weaknesses or flaws in an internet-facing application that an attacker could exploit to compromise it and gain entry to steal information or engage in other illegal acts, including poor input validation, incorrect configuration settings or outdated components among many other sources of vulnerability.

SQL Injection is an attack method utilised by malicious actors to exploit weaknesses within a web application's database layer.

The technique involves injecting SQL statements that execute, providing attackers access to view, modify or delete records within their target database.
An example of SQLi would be entering "' OR '1'='1" into a login field without

using proper filtering capabilities; otherwise, this can fool an application into providing access without valid username and password credentials.

 

Cross-Site Scripting attacks take place when an attacker exploits web apps as an entryway to deliver malicious scripts to other users without bypassing access controls and gaining entry to sensitive data. There are three primary forms of Cross-Site Scripting attacks:

1. Stored XSS: The malicious script is permanently stored on the target servers.
2. Reflected XSS: The malicious script is embedded in a URL and reflected off the web server.
3. DOM-Based Cross Site Scripting: This vulnerabilities present in client-side code rather than server-side code.Cross-Site Request Forgery

CSRF attacks aim at tricking victims into making malicious requests by persuasion or persuasion of some sort, typically by loading up pages with such requests on them and tricking the victims into clicking them in order to submit malicious requests on their behalf.

They act maliciously by taking on their identity and privileges for unintended functions on behalf of those being victimised by them.

 

Security misconfigurations can occur at any level of an application stack, including the network services, platform, web server, application server, database, and framework.

Common examples include unnecessary open ports, default account credentials, or verbose error messages containing sensitive information.

Web Application Security Frameworks

A strong understanding of web application security frameworks is fundamental to protecting your web applications from various security threats.

Web Application Security Frameworks

A web application security framework is a structure designed to promote the structured development and deployment of secure web applications. Examples of such frameworks include:

• OWASP (Open Web Application Security Project) Top Ten: This is a powerful awareness document for web application security, representing a broad consensus about the most critical security risks to web applications. The OWASP Top Ten includes risks like Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities (XXE), and more.
• Spring Security: This is a powerful, highly customizable authentication and access control framework for Java applications. It's a de-facto standard for securing Spring-based applications.
• Django Security Framework: Django offers an impressively robust framework for web application security, featuring built-in mechanisms such as CSRF protection, Clickjacking Prevention, SQL Injection Defences and more.

 

Web Application Security Best Practices

Adopting security best practices can dramatically lower the number of vulnerabilities present in your web application and minimise any resulting potential damages. Here are a few such practices:

• Validate input strictly for length, range, format, and type. Avoid any known unsafe characters or inputs.
• Always use HTTPS instead of HTTP to protect page authenticity, secure ongoing communication, and keep user data safe.
• Implement a Content Security Policy (CSP): CSP is a simple method to reduce XSS risks on modern browsers by declaring which dynamic resources are allowed to load.
• Use strong hash functions to store password (bcrypt, scrypt) and enforce password complexity that may deter password cracking attempts.
• Maintaining an updated system and software is important in protecting a web app's security, including updating server operating systems, databases, frameworks and libraries used by your applications.
• Following the principle of least privilege is key in protecting data. Each module (process, user or program depending on subject matter) should only access those resources essential for fulfilling its legitimate function.

Web application security should never be treated as an afterthought; rather, it must become part of your development life cycle and follow best practices when choosing security frameworks to use. Doing this will guarantee your applications remain as safe as possible.

 

Secure Coding Principles

Secure coding is vital because even minor miscalculations can lead to serious security vulnerabilities, so adhering to its principles can help developers circumvent many such problems.

1. Minimise Attack Surface Area

Every feature and functionality in your code can potentially be exploited. Therefore, minimise your application's attack surface by limiting the number of features, reducing code complexity, and compartmentalising your application.

1. Minimise Attack Surface Area

Every feature and functionality in your code can potentially be exploited. Therefore, minimise your application's attack surface by limiting the number of features, reducing code complexity, and compartmentalising your application.

 

2. Principle of Least Privilege

This principle holds that an individual or program should only need the bare minimum privileges necessary to perform its function, for example if writing access is unnecessary for its function a function should only require read access, thus restricting attackers.

3. Defence in Depth

Defence in depth, or layered security, is a principle where you use multiple layers of security controls to protect your application. For instance, you could have an IDS (Intrusion Detection System) as well as a firewall to protect your network.

 

4. Fail Securely

How your application handles errors can greatly influence its overall security. For example, if a function fails, it shouldn't offer more access than when it was working correctly. Additionally, error messages should not disclose sensitive information that could aid an attacker.

5. Don't Trust User Input

Even if an input seems harmless, always validate it. This includes not only form data entered by users, but also query parameters, HTTP headers, cookies, and any other input to your application.

6. Implement Secure Defaults

Security should always be the default setting, since having to choose between secure and insecure modes may lead users to accidentally select one over the other. Therefore, secure settings should always be the default choice.

 

7. Keep Security Simple

Aiming for simplicity in design will aid your application's security, since complex architectures and code bases require greater upkeep while having higher chances of harbouring vulnerabilities.

8. Encrypt Sensitive Data

Sensitive data such as user passwords or personal details should always be encrypted when stored at rest and/or transmitted, including data at rest and transit. This applies both when stored locally on computers as well as when transmitted between servers and clients.

9. Use Security Features of Your Frameworks and Platforms

Most platforms and frameworks come equipped with built-in security features like encryption and input validation that should always be taken advantage of rather than trying to implement your own.

10. Perform Regular Updates and Patching

It is critical that systems, programming languages, frameworks, libraries and software applications remain up-to-date to protect them against known vulnerabilities in applications and websites. Incorporating regular patching is integral in protecting applications against known security risks.