Cyber Security Fundamentals

Cyber Security Fundamentals is the first course in our curriculum.  It covered the following topics: Threats and Vulnerabilities, Policy, Encryption, Reference Monitor, OSI Models, Topology, Network Scanning, Intrusion Detection, Incident Response, and Privacy Goals. We also explored and categorized tools in Kali Linux for quick reference.  We used Kali Linux tools to penetration test our computer system for vulnerabilities and weaknesses. We used WireShark to scan our network for open ports, network activity to capture and analyze traffic packets.  It's amazing how much information we can gather from using WireShark. We also used Nmap to scan for open ports.  We learned that we can only scan our own home network and computers and must obtain permission first from owners of network and computer systems that are not ours prior to penetration test. The Fundamentals course gave us a sampling of topics from subsequent courses which are taught in more detail. 

I believe it is essential to have an understanding of Public-Key Cryptography in today's electronic communication to ensure messages are sent securely and confidentially to prevent information leak and unwanted third party from reading the message. If done properly, the message is scrambled (encrypted) by the sender. It can only be unscrambled (decrypted) by the intended receiver. While in transit, the scrambled message is unintelligible to a third party interceptor of the message. 

​

Below are secondary research I've found to be very helpful in obtaining a better understanding of how Public-Key Cryptography and Symmetric Key crypto work:

​

Mozilla provides an excellent tutorial on the Introduction to Public-Key Cryptography.

​

Ryan Riley presented an excellent YouTube video on how Symmetric key crypto lets two parties share secret messages as long as they already have a shared key. Symmetric key crypto has a major problem: How do two people who don’t know each other share a key? A Diffie-Hellman key exchange lets them compute a shared key even in the presence of an eavesdropper, Eve. (Riley, 2014)

​

This method assumes that Eve is a passive attacker. Otherwise, this wouldn’t work if Eve is an active attacker who manipulates and inserts a different message. The Diffie Hellman concept is analogized using paint to mix the common color paint with secret paint and exchange the mixed paint with one another. The mixed paint is then mixed with the secret color paint to generate the common secret color paint. “Eve can’t determine the secret color because she doesn’t have the right colors to mix together. This works based on two assumptions: Paint is easy to mix. Paint is hard to unmix.” (Riley, 2014)  The real Diffie Hellman is based on modulo exponentiation which uses very large prime numbers and primitive roots. (Riley, 2014) Both the color mixture technique and the modulo exponentiation math are referred to as one-way function, easy to perform, hard to reverse. In the paint mixture, it’s easy to mix the paints to arrive at a color, hard to reverse after 3 mixes to determine what the color mixes were. In math, it’s easy to calculate a primitive root modulo a prime number problem but hard to reverse it in what is called discrete logarithm problem to find the exponent of the primitive root. (NowScience, 2016)

​

Source:

NowScience. (2016, Dec 13). Public Key Cryptography Diffie Hellman Key Exchange. Retrieved from YouTube:

        https://www.youtube.com/watch?v=B8ZfPUeVlio

Riley, R. (2014, Jun 29). CMPS 485: Diffie-Hellman Key Exchange. Retrieved from YouTube: https://www.youtube.com/watch?v=LameOrl3Qgw

​