The Core Features of Blowfish Algorithm - Assignment Example

of the of the 25 November Task Part Blowfish is an encryption algorithm that was invented by Bruce Schneier in 1993 (Pachghare, n.d). It is constructed on a variable length key ranging from 32 buts to 448 bits that is considered to be perfect for both local and international use along with a solid encryption algorithm. After its recognition to be relatively solid encryption algorithm, it is gradually gaining acceptance. Some of the core features of blowfish algorithm include: Blowfish has a block cipher of block consisted of 64 bit The length of the key can be up to 448 bits On 32 bit microprocessor architecture, data encryption is supported at a rate of 18 clock cycles on every byte that is much quicker than DES and IDEA encryption. It is still free to use and is not patented Memory requirements for blowfish are less than 5 kilobytes of memory. The semantics are simplified and is relatively easy to deploy. Part 2 Click the button File then click on New Certificate option. Now press the button Create a personal open PGP key pair option. After this an email address along with name of the sender is added. At this point the key details can be changed. Furthermore, after pressing Advance setting option you can create RSA 4096 bit. This creates an additional strength. An expiration date will also be added according to the senders will. In order to generate a key you have to click Ok and then next. The passphrase is required in order to decrypt the sent message. Now enter this passphrase. The passphrase must be kept stronger in order to be secure. The following options are available such as email your public key, backup private key and upload public key. These options can be utilized after generating a key. The private key must be kept as a secret. However, the public key can be used without any security. The public keys can be mentioned on public forums or websites. Moreover, to keep a backup of both the keys is a good option. Press the finish button. Now the Mailvelope is downloaded over the chrome. In the below screen shots the Chromium on mint Linux is showed. However, this will work fine over both Chrome for windows and the Mac. Now after installing chrome search for http://mailvelope.com/. After opening this website click Mailvelope Chrome Extension and download the free version. The Mailvelope icons is located over right corner of the Chrome and click on this icon then choose options. On the left side the key ring is present click on it and creates the keys for the page. Now add all the required details such as passphrase, name and email address of the sender. Now the advance option can be changed according to the user. After finishing all the steps press the complete button. For the private and public keys the same rules and regulations are applicable. However, the public keys are changed. In Mailvelope, the chrome users will click on the display keys. Now select the key pair and then press the Export button. Now next step is to press the display public key and then click on the Create file in order to install the copy on your work station. This copy is sent to the outlook user as a copy in attachment.   The Outlook user must now save the attachment and import it into the Kleopatra program. After the attachment is saved to the computer, open Kleopatra and the Import Certificates button. Find the certificate and import it. Click OK when completed.     Click the My Certificates tab and right click your certificate. Select Export Certificates. Save it to a location and email it to the user that just sent their public key to you.    The public keys must be received by the webmail users. Now save this file and then open Mailvelope. Now after completing this process the keys are imported ad uploaded the file. After this select a key text file to import and then click submit. You are now ready to exchange Encrypted email! In order to get started we will allow the gmail users to transfer any message that is encrypted towards the outlook service.  In the Gmail account fresh email is required to be composed. Now place the mouse curser over the body of email so that the Mailvelope box should be visible. After typing the message, press the padlock that is located at the right side. Now choose the recipient to whom you would like to send an email. Add the user’s id and then click OK button. The encrypted message now flashes on the screen press transfer button.     The email now consists of block of encryption. Now the email address along with recipient’s id must be mentioned before sending it. After this step the user must add the subject. The subject will remain as a plain text in an email. Now it is ready to be sent.   The encrypted message must be received by an outlook user. Now double click so that a new window is open. After this step a GpgOL tab is clicked along with decrypt button. . After entering the passphrase along with private key then click the finish button. This passphrase is used for the decrypted messages. The decrypted elements related to the messages are now visible. The changes made to the decrypted contents needs to be saved. Otherwise the encrypted version if not saved will resume its previous setting. The confidential message can be visible to the network administrator if the server is sync and unencrypted. An encrypted email is sent to an outlook user. A fresh email message is generated. Now following details must be entered such as, receiver email address, subject and message. Once it is done then hit the GpgOL button and then clicks Encrypt. The user must be selected from the dialog box that is illustrated below and then click ok button. The messages are then encrypted. After the messages are ready click send button. An encrypted email message is now visualized by the user of Gmail account. A PGP message was identified by a Mailvelope as soon as you open the message. Enter the passphrase along with a security key for the user after clicking the lock pad button in the centre. The message appeared in decrypted form after clicking the OK button. The save option is not enabled in Mailvelope in the form of decrypted file after leaving the message. However, with the other emailing systems, Mailvelope works well. Initially, for the webmail service, Mailvelope does not connect with it but by using add page option in chrome it may work for the webmail service. Moreover, for Firefox this service is still under construction. In fact, the emails that were sent are only for the testing purpose. Task 2 Part 1 Likewise, there are efficient tools available for performing effective patch management. Secondly, configuration management also plays an essential role for ensuring security for mission critical aviation applications. For instance, if a faulty hardware component is replaced with the new one, it is important to address issues with hardware compatibility, as any mal functioned device may introduce vulnerability. Thirdly, change management procedures must also be document and approved from the respective application owners prior any changes to the application. For instance, change request form requiring any changes within the application can be approved and documented for ensuring no vulnerable spots in the architecture and infrastructure. All the identified attack interfaces must be addressed by taking following factors into consideration (Mitigating security threats by minimizing software attack surfaces.2008): Uninstall and prevent unnecessary features Default utilities and programs that are installed within the operating systems must be utilized (If required) Strong access management by user authentication Remove all default passwords on the application server Configure only required protocols on the application server Limiting the unnecessary codes from the application Applying metrics to measure the attack surface on periodic basis Disabling unwanted protocols on the application server Nowadays, hackers encapsulate a malicious code or a script for attacking a web page by using several techniques including obfuscation, polymorphism and encryption. As the anti-virus program detects viruses by signatures, malicious codes are able to bypass them by using these techniques. These types of methods are known ad passive attacks. Likewise, encryption is the best security control that can be implemented for securing the code and ciphering the user data. Secondly, polymorphism is a technique that replicates an application partially so that it appears just like the original application. Similarly, for hiding the source code of an application, obfuscation techniques can be applied for making the code complex to exploit and analyze while keeping complete functionality. These three factors need to be handled to provide better security. In order to tackle all three factors, Christian Fruhwirth, recommended an event based intrusion detection system. The system will support these three factors: Advanced tools incorporated with IDS to detect intrusions and eliminate attacks Standardized frameworks to handle legal compliance Efficient security management application tools to handle information security Task3 To make internet explorer safe, following settings are required: Disable Internet explorer add-ons Turn on the phishing filter Turn on the pop-up blocker Security settings must be set to ‘Recommended Settings’ The Cache size of the Internet Explorer is too large or too small, needs to be around 70 – 300 MB Task 4 Part 1 Security for a Wireless Network Infrastructure WLAN is another type of robust security wireless network where access points are mandatory along with a wired LAN connectivity, infrastructure and administration overhead. Some of the advantages for this type of network incorporate (Sankar, 2005): Higher Level Security – Certificates, 802.11x Extensible - Supports a very large number of hosts Collision Domain (broadcast) issues contained. Connects flawlessly to cabled networks And some of the disadvantages are: Security solutions need resources for comprehensive planning. Possibility of unauthorized access channel to wired network via wireless connections. Extensive planning and design necessary. A deployment cost is high as compared to other WLANs techniques. Additional administration expense needs to be overcome WPA-PSK Wi-Fi protected Access is a pre shared key that employs RC4 encryption and key exchange TKIP. Likewise, TKIP is enhanced by increasing key exchange frequency. Moreover, WEP can be replaced directly, as in most cases compatibility issues may occur with older, slower hardware. WPA-PSK weaknesses are more difficult to compromise as compared to WEP. However, it provides adequate security when combined with additional countermeasures. WPA 2 WPA 2 is another authentication technique that is utilized by Wireless Networks. Some of the features for WPA 2 are: WPA - WiFi Protected Access – Pre-Shared Key utilize RC4 encryption and TKIP key exchange mechanisms TKIP improved by increasing key exchange frequency Direct WEP replacement – in most cases compatible with older, degraded hardware AES encryption is also configurable– toughest cipher available – not compatible on all hardware Difficult to breach as compared to WEP Good security when integrated with additional countermeasures Substantial security when combined with 802.1x and two factor authentication with single sign-on through the wired network and centralized management. Nevertheless, adds administrative overhead. Diagram Part 2 Security Policy Information Security Policy 1. Scope This policy is applicable to all information resources, systems that are internally connected, employees and third parties who have access to the organization wireless network. The scope of this policy will also cover all the legacy and future equipment that will be configured and tuned as per the reference documentation. 3. Policy 3.1. Ownership 3.1.1. The first factor that must be addressed is the ownership criteria. The organization is responsible for recruiting or assigning an information security manager, a point of contact for communication and an alternate point of contact in case of unavailability of the primary point of contact. Employees who are assigned as the owners of the systems must organize and update the point of contact on regular basis in order to align with the information security and corporate enterprise management members or groups. Information security manager must be available all the time i.e. round the clock, either via phone or on office hours. In case of absence, alternate manager must be functional to avoid hindrance to production operations. In case of any lack of mismanagement, legal action is applicable against the employee. 3.1.2. Moreover, Information security managers are also liable for the vital factor that is the security of the information resources of Organization Solutions and the impact of its operations on the production functions and operations that are functional on the wireless network and any other associated wireless network services. However, in a situation where no specific requirements are addressed in the policy, managers must do their best for safe guarding information security of Organization Solutions, from security weaknesses and vulnerabilities. 3.1.3. Information security managers are also liable for aligning security policies in compliance with Organization Solutions, security policies. The following policies are vital: Password policy of wireless networking devices and hosts, wireless network security policy, Anti-Virus security policy and physical security policy. 3.1.4. The information security manager is of the Organization is responsible for granting and approving access to employees requiring access for information or business purpose. Access can be either short term or long term depending on the ongoing job description or responsibilities. Moreover, information security manager will also ensure effective procedures for terminating unwanted access to the Organization resources. 3.1.5. The wireless network support staff or administration must monitor and maintain a firewall between the wireless network that connects the production functions, processes and operations from the Organization Solutions wireless network or wireless network appliance / equipment / device. 3.1.6. The wireless network support staff or administration must be entitled to have full rights for interrupting wireless network connections of the Organization that may impose impact or security risk on processes, functions and operation on the production wireless network 3.1.7. The wireless network support and administration staff must maintain and record all the IP addresses that are operational in the Organization, any database associated with routing information from these IP addresses. 3.1.8. Wireless network access of Organization by departmental or external organizations to or from the wireless network must provide a business case including justification of access with wireless network diagrams and equipment to the information security management who will review the requirements for security issues and concerns and give approval prior to the deployment of the connection. 3.1.9. User passwords must meet the requirements of the access management or password policy of Organization, password policy. Moreover, any inactive account must be deleted within 2 days from the access list and any device that involves critical and sensitive information of Organization, passwords of group based accounts from the group membership modules must be modified within 24 hours. 3.1.10. The customized wireless network of Organization will not facilitate third party or outsourced organization apart from wireless network and data transmission, storage, modification, monitoring and protection. All the other departments of Organization will be facilitated by their respective support functions. 3.1.11. In case of non-compliance, information security management must consider business justifications and allow waivers accordingly. 3.2. Acceptable Use Requirements Any vulnerability detected in the Organization computer security must be reported to the adequate security staff. Vulnerabilities in computer systems are detected by unknown software or abnormal system behavior that may lead to accidental invasion of confidential information. Misuse Reporting processes section can be used to report any policy violation by the staff that can be related to Intranet, Extranet, Internet, and Email procedures. No user is allowed to access data, personal documents, emails and applications installed on Organization without documented authorization. All employees of Organization must not share their email passwords, Personal Identification Numbers, system passwords, server passwords with anyone. No employee of Organization is entitled to make copies of licensed software that is purchased by Organization. No employee of Organization is entitled to install any software on their systems without Organization management approval. No employee of Organization must involve in offensive contents or material that is used for transmitting, storing, harassing intentionally or that is not legal in terms of federal legislation. No employee of Organization will involve in practices that may slow down the performance of Organization information resources, remove authorize access to Organization information resources, gain approval for additional resource allocation. No employee of Organization will install and execute software such as packet sniffers, password cracking software or tools to reveal system vulnerabilities of Organization, unless approved and authorized by the Organization acting CISO Information resources of Organization are not entitled for gaining personal objectives, political movements, fund raising programs and every such activity that is prohibited by the federal legislation. Organization employees must provide authorized access to researchers and Organization employees for accessing patient information and medical records stored on Organization staff must not allow non-employees to access confidential patient and medical records stored on Organization information resources. 3.3. Configuration Requirements 3.3.1. The wireless network traffic between different departments and the other wireless networks for instance, Organization wireless network traffic, will be transmitted via a firewall monitored and maintained by the support staff. However, in case of a wireless network transmission, connection to other wireless networks of the organization will be prohibited. 3.3.2. In order to configure or modify any configuration settings on the firewall, it must be reviewed and approved by the information security personnel. 3.3.3. Tools associated with port scanning, wireless network sniffing, auto discovery of registered / unregistered ports and other scanning tools must be prohibited within the premises of Organization, as they can trigger information security risks and disrupt the Organization wireless network operations, or any other wireless network that may be operational. 3.3.4. Right to audit for all inbound and outbound activities of any department of Organization is applicable to the information security personnel anytime. 3.3.5. For ensuring physical access, every employee must identify themselves via physical security controls before entering in the premises of Organization. 3.3.6. Accessing mobile phones, PDA’s, smart phones, laptops and any other communication device in the parameter of Organization, must be according to the open area security policy. 3.3.7. Encryption must be applicable to stored password files, VPN connections and connections to the third party service providers where applicable. 3.4. Compliance with Legal Requirements 3.4.1. Associated and Applicable Legislation To sidestep for any legal issues or security breaches, Organization will define, document and demonstrate compliance with all applicable statutory, regulatory and contractual requirements for each information system. Owners of the systems must take advice from the information security officers for all issues related to Legal and security information. Local regulations must be addressed that are applicable where data is handled, stored or protected. Likewise, legal officer of Organization will examine applicable laws and regulations of policies at different regions. The legal officer will consult chief information security officer for establishing required exceptions to policies and specific policies to different regions. 3.4.2. Intellectual Property Rights All employees at Organization will conform to the legal requirements of intellectual property protection along with license agreements related to copyright software. The objectives of this policy is to make employees of Organization aware and to make them comply with copyrights, trademarks etc. Employees of Organization are accountable if they not use Organization intellectual property with guidelines and standard procedures. In case of non-compliance, employee will face a disciplinary action, termination of employment and criminal or civil charges. 3.4.3. Intellectual Property Standards and Training The Chief information security officer or any role acting in this category along with system owners will develop educational and training session. 3.4.4. Using Software from Outside Sources Employees of Organization must not install or download pirated or non-licensed software on Organization systems. Employees of Organization will not download and install any software from the Internet without approval. If approval is granted, it be justified and must contribute to business objectives. Information Labeling and Handling 3.5. Enforcement If any violation of this policy is found, the matter maybe subjected to disciplinary action including termination of employment and students of the campus maybe expelled. 4. Revision History Version 1.0 Wireless Router Installation In order to install a typical RADIUS server on a router, following protocols and services are associated: DHCP TCP / IP TKIP SSID WPA Internet Authentication Service DNS The next step is to demonstrate RADIUS server installation on a wireless router by incorporating the above mentions protocols and services. Figure 1.1 As shown in figure 1.1, the first step is to configure the wireless router configuration. These parameters will be considered: Internet Connection type: Automatic Configuration Router Name: Any Host Name: Any Domain Name: Any MTU: Any Local IP Address: Local IP address of the workstation DHCP Server: Disabled for RADIUS Configuration Figure 1.2 As shown in figure 1.2, following parameters will be considered for Basic Wireless network settings: Wireless Network Mode: Mixed Wireless Network Name (SSID): Type SSID Wireless Channel: do not make any changes Wireless SSID Broadcast : Enabled Figure 1.3 Figure 1.3 shows the configuration of the following parameters: Security Mode: Select WPA Enterprise WPA Algorithms: Select TKIP RADIUS Server Address: Configure IP address of the RADIUS server RADIUS Port: Set the port to 1812 Shared-key: Configure the selected shared key Key Renewal Timeout: Leave it to default Figure 1.4 Figure 1.5 As shown in Figure 1.4 and 1.5, Right click on the RADIUS client and click on ‘New RADIUS Client’ Figure 1.6 As shown in Fig 1.6, now select name of choice and enter IP address of the Linksys router. Figure 1.7 As shown in Fig 1.7, the last step will be to set ‘RADIUS standard’ as the ‘Client-Vendor’ and set the shared key that will be identical to the shared key that was configured in the Linksys router. Click finish to end the wizard. Work Cited Sankar, 2005, K. Cisco Wireless LAN Security. Cisco, 2005. Print. Read More