Computing MASHUP!!

What are the three key parts of network security?

Confidentiality

Integrity

Availability

Confidentiality

only authorised users can access sensitive information within the network

Integrity

data within the network is accurate and has not been tampered with

Availability

authorised users can access the information and resources they need whenever they require them.

Ransomware

a type of malware that blocks access to the victim’s computer system until a certain amount of money, usually in bitcoin or other cryptocurrency is paid.

Scareware

a program that attempts to frighten the victim into buying unnecessary software or providing their financial data. It pops up on a user's desktop with flashing images or loud alarms, announcing that the computer has been infected. It usually urges the victim to quickly enter their credit card data and download a fake antivirus program.

Spyware

A hidden program that secretly collects personal information about users and sends the information to attackers without the user’s knowledge, without causing data corruption or data loss.

Spyware may record the websites the user visits, information about the user's computer system and vulnerabilities for a future attack, or the user’s keystrokes. Spyware that records keystrokes is called a keylogger. Keyloggers steal credit card numbers, passwords, account numbers, and other sensitive data simply by logging what the user types.

Adware

pushes unwanted advertisements at users and spyware secretly collects information about the user.

Fileless malware

fileless malware does not download code onto a computer, so there is no malware signature for a virus scanner to detect. Instead, fileless malware operates in the computer's memory and may evade detection by hiding in a trusted utility, productivity tool, or security application.

An example is Operation RogueRobin, which was uncovered in July 2018. RogueRobin is spread through Microsoft Excel Web Query files that are attached to an email. It causes the computer to run PowerShell command scripts, providing an attacker access to the system. As PowerShell is a trusted part of the Microsoft platform, this attack typically does not trigger a security alert. Some fileless malware is also clickless, so a victim does not need to click on the file to activate it.

Cookies

A small piece of data used by websites to store personal information on a user’s web browser.

It is misused by attackers to collect personal information about users.

Pharming

The interception of requests sent from a computer to a legitimate website and redirection to a fake website to steal personal data or credit card details.

The attacker can use the personal details to access the victims’ bank account in the bank’s actual website.

Phishing

The use of emails and fake websites that appear to be from reputable companies.

It is used to steal personal information such as passwords and credit card numbers from users.

Spamming

The mass distribution of unwanted messages or advertising sent to email addresses collected from sources such as public mailing lists, social networking sites, company websites and blogs.

Emails are usually easily sent to users and the emails sent are used to lure users to enter their personal information and steal their personal data.

Trojan Horse

A computer program that pretends to be a harmless file or useful application.

When the trojan horse is run, it does something harmful such as giving intruders unauthorised access to the computer instead.

Virus

A computer program that attaches itself to a normally harmless program and modifies it. When the modified program is run by a user, the virus attaches copies of itself to any other programs it can find, thus infecting it.

Worm

A standalone computer program that runs automatically and attempts to spread copies of itself over a network. Unlike a virus, it does not attach itself to a program and it spreads by exploiting a vulnerability in the infected system or through email as an attachment masquerading as a legitimate file. Worms consume bandwidth and overload web servers, harming the host network.

Denial of Service

an attempt, by a malicious actor, to overload a website or network, with the aim of degrading its performance or even making it completely inaccessible to its intended users.

typically function by overwhelming or flooding a targeted machine with requests until normal traffic is unable to be processed, resulting in denial-of-service to addition users. A DoS attack is characterized by using a single computer to launch the attack.

Distributed Dos

a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices.

DDoS attacks are carried out with networks of Internet-connected machines.

When a victim’s server or network is targeted by the botnet, each bot sends requests to the target’s IP address, potentially causing the server or network to become overwhelmed, resulting in a denial-of-service to normal traffic.

Firewalls

a filter that monitors access between an organisation’s internal network and the Internet at large, allowing some packets to pass and blocking others. A firewall allows a network administrator to control access between the outside world and resources within the administered network by managing the traffic flow to and from these resources.

Host vs Network-Based firewalls

Host:

installed on individual computer

may affect what traffic the computer accpets from the Internet, local network or even itself

Network:

implemented at a specific point in the network path and protects all computers on the internal side of the firewall from the ect side

may be installed at the perimeter, edge of a network to protect a corporation, or internally to protect on segment of community, e.g corporate and residential systems, or research from marketing systems

cannot protect one computer from another, or from itself

Goals of firewall

Traffic control: act as a single choke point for inspection, to manage and enforce security-access policy

Authorised Traffic: only authorised traffic, defined by local security policy, can pass, w unauthorised blocked to protect network resources

Maintaining security: designed to be resistant to attacks, acts as a robust barrier, preventing external threats from infiltrating the internal network

Firewall implementations

Packet Filters: Traditional packet filters occur at a gateway router that connects the internal network to its ISP. It examines each datagram based on the administrator-specific rules.

Stateful Packet Filters: Track TCP connections and use the info to make filtering decisions

Application Gateways: application-specific servers through which all application data (inbound and outbound) must pass. They look beyond the IP/TCP/UDP headers and make policy decisions based on application data.

Digital Signature

Sender creates a digest by hashing the message with a hash algorithm and encrypts the digest with their private key

Recipient use sender’s public key to decrypt hashed message. They will use the same hash algorithm on the un-hashed message sent, and compare with the decrypted hash message. If the same, can confirm message is sent by sender.

Limitations of firewall

• cannot protect against from a source if a user has explicitly allowed it to bypass the firewall

• cannot protect from internal attacks

• as firewall is a single point of failure, system becomes vulnerable when the firewall is compromised

Intrusion Detection System and Intrusion Prevention System (aka the IDS system)

• IDS generates alerts when it observes potentially malicious traffic.

• IPS filters out suspicious traffic.

• An IDS can be used to detect a wide range of attacks, including network mapping (emanating,

  for example, from nmap), port scans, TCP stack scans, DoS bandwidth-flooding attacks, worms,

  and viruses, OS vulnerability attacks, and application vulnerability attacks.

• may deploy one or more IDS sensors in its organizational network.

• When multiple sensors are deployed, they typically work in concert, sending information about suspicious traffic activity to a central IDS processor, which collects and integrates the information and sends alarms to network administrators when deemed appropriate.

Placement of IDS

• IDS not only needs to do deep packet inspection but must also compare each passing packet with tens of thousands of “signatures”.

• By placing the IDS sensors further downstream, each sensor sees only a fraction of the organisation’s traffic, and can more easily keep up.

• Nevertheless, high-performance IDS and IPS systems are available today, and many organisations can actually get by with just one sensor located near their access router.

Two types of IDS

• Signature based 

  • has extensive extent of attack signatures

  • Each signature is a set of rules pertaining to an intrusion activity.

  • can be a list of characteristics of packet, or relate to a series of packet

  • sniff every packet that passes by and compare, and send alert

• Anomaly based

  • creates traffic profile as it observes traffic in action

  • looks for statistically unusual packet streams like sudden growth in port scans and ping sweeps

  • does not rely on previous knowledge, so it can detect new attacks

Limitations of IDS

Signature:

• can only detect known attacks

• even if signature matches, it could be a false alarm

• must be compared to an extensive database of signatures, so it could lead to overwhelmed with processing and miss out on malicious packets

Anomaly:

• very hard to distinguish between normal traffic and statistically unusual traffic

• usually is still signature based

Secure access methods

Encryption

Digital Signature

Authentication

Encryption

Symmetric key encryption:

• sender uses encryption algo and key to encrypt message

• sender and receiver uses same secret key to encrypt and decrypt

• e.g. Caesar Cipher

• issue is being able to securely send the secret key to the receiver

Public/Asymmetric key encryption:

• sender uses receiver’s public key to encrypt the message

• receiver uses their own private key to decrypt the message

• reduces the need to exchange secret keys

• e.g Rivest-Shamir-Adleman (RSA)

Solves: Packet Sniffing (ppl making copies of packets sent)

Authentication

Usually for 1 entity to prove to another entity over a computer network, e.g. user to email server

Solves: IP spoofing (ppl pretending to come from credible sources)

Passwords

Biometrics

2FA

• issue w otp: if sent wirelessly, could be intercepted. or if secret algo to generate otp is figured out, intruders may figure out how to generate w/o security token

Token Values e.g. from physical device like mobile phone

LAN

Local area network is a network of computing devices connected in a small geographical area, typically within the same building (home, school, office)

Usually faster bc of how close they are

WLAN —> wireless

MAN

Metropolitan area network is a network of computing devices connected in a larger geographical area, (two or more buildings in the same city) than a LAN.

Usually used by large org like cities, businesses and govt

WAN

Wide area network is a network of computing devices covering a large-scale geographical area, typically across multiple geographical areas.

Usually consists of LANs and MANs

Largest public WAN —> Internet

Difference between LAN and WAN

WAN is not limited to a single geographical location and can span long distances via long-range transmission media such as telephone lines, fibre optic cables or satellite links.

A WAN also uses more expensive and high-speed technology than a LAN.

5 characteristics of a good hash function

1. for the same input value, it must output the same hash value

2. must be capable of returning the hash value quickly to ensure efficiency

3. provide a uniform distribution across the hash table to minimise collision

4. should use all the input data as ignore parts may lead to increase risk in collision

5. minimise collision

Good hash table

• hash table should be 1.5 size of max dataset size to minimise collision

• may use prime number as the size to minimise clustering or cyclic allocation

• 5 characteristics of a good hash function

Close addressing vs open addressing

Pros of closed (separate chaining/linkedlist):

• easy to implement

• surety that if element exists in the table, it is in the linked list at its key (hash value)

• easy to delete from linked list

Cons of closed: 

• inefficient use of memory as some addresses may not be used

• need extra memory allocation for nodes in linked list

• worse case time complexity: O(n)

Pro of open (linear probing):

• highly efficient in memory usage

Con of open:

• due to clustering, search is slower —> if full, need to go through the whole list to check if the element exists or not

Hash function

a function that converts a given numeric or alphanumeric key to a small practical integer value such that the value can be used as the index to access the hash table directly.

Advantages/Disadvantages of Static Memory Allocation

• Memory is allocated during compile time

• allocated memory remains the same from start to end of runtime

• size and location of memory allocated cannot be changed at runtime

• fast and simple as no need to allocate or deallocate memory during runtime

• avoids memory fragmentation as blocks are contiguous and aligned

• inflexible and wasteful if actual memory usage is less than memory allocated

• preferred in an array

Advantages/Disadvantages of Dynamic Memory Allocation

• Memory is allocated during run time

• size and location of memory allocated can be changed depending on program logic and data size

• allocated memory can be released anytime during program

• flexible and efficient as memory is allocated based on usage

• slower and more complex as you need to manage memory allocation and deallocation

• may lead to memory fragmentation

• preferred in linked list

Linear Search

Time complexity: O(n)

Pros:

• simple to implement and easy to understand

• can be used irregardless of sorted or not

• can be used on arrays of any data type

• suited for small datasets

Cons:

• O(n), slow for large datasets

Binary search

Time complexity: O(log n) / O(n log n)

Pros:

• faster than linear, esp for large datasets

Cons: 

• requires for array to be sorted or time complex goes to O(n log n)

• data must be stored in contiguous memory locations

• elements must be comparable, so they must be able to be sorted —> can be issue if elements are not naturally ordered or ordering is not well defined (e.g int vs string)

Hash table search

Best case: O(1)

Worse case: O(n)

Function vs Procedure

F: accept inputs and produces output, must have at least 1 return value

P: does not return any value

Advantages of Subroutines

1. Organisation

   1. help break programs into smaller and modular chunks

   2. more manageable

2. Abstraction

   1. use subroutine at anytime, using its unique name and appropriate outputs

3. Reusability

   1. supports code reusability and reduces repeated codes

   2. can also be shared with other programs, so no need to code from scratch

4. Modifying

   1. when want to make change, can just change in one place and have the change take place every time the subroutine is called

5. Testing

   1. easier to test and debug since is self contained

   2. once is working properly, no need to test again unless it is modified

Recursion

It is defined in terms of itself and repeatedly calls itself with one or more similar but smaller problems until a base case or terminating case is reached.

Benefits and drawbacks of recursion

Pros:

• more elegant and use less program code

• complex task can be broken down into simpler sub-problems using recursion while iterative may be hard to program

• easier to implement if problem is mathematical that is recursive by nature

Cons:

• can carry large amounts of memory usage and processor time from the multiple function calls, storing return addresses and copies of local and temp variables

• if continues for too long, program will run out of memory (stack overflow) and crash

Stack in recursive function

When a function is called a certain amount of memory called stack frame is allocated for the function to store local variables and return addresses, so the program can return to the proper place after a function call.

When function is called, the return address to the main (first call) is pushed into the stack. Then the recursive inside is called in the first call, and the return address of that call and local variable is pushed into the stack. This repeats until base case is reached. Push return value onto stack. This value is then popped and returned to the caller of this function. With each return from a function call, the corresponding frame is taken off and the value of the local variables are restored.

3 types of error

Syntax error

• errors that occur when one has not followed the rules of the language. A program with syntax errors will not run.

• forget bracket

Logic error

• program will execute, but the program will not behave as expected

• program skill issue, eg. wrong variable name, indent to wrong level, poor understanding

Runtime error

• program crashes while running

• stack overflow, accessing non-existent arrays, ImportError, ValueError

2 types of input error

Transcription Error

• key in incorrect character

Transposition Error

• swap position of two characters

Data Validation

a process of ensuring that the input data satisfies/follows a set of rules such that it is sensible, complete and within acceptable boundaries.

!! before verification !!

6 checks for data validation

range check (within 0-100)

format check (dd/mm/yyyy)

length check (15 char long)

type check (is int)

presence check (not empty)

check digit

Data verification

process of getting users to confirm that the data they entered is what they intended to enter

!! after validation !!

2 methods for data verification

Double entry

• entering thing twice (eg confirm new password)

Proofreading

• someone check the data against original source

Data Redundancy 

same data being stored more than once

• increased risk of having inaccurate data

• can lead to data inconsistency

Key field / key

a combination of one or more columns in a database that uniquely identifies a row in the table

Keys allows for the establishment of relationships between tables and allows for the identification of relation between tables. Keys also help to enforce identity and integrity in the relationship.

Candidate key

A minimal set of fields required to uniquely identify each record in the table. It tells a particular record from another

Primary key

a field or set of fields whose values can uniquely identify each record in a table and cannot be changed over time

Secondary keys

Candidate keys that were not selected as the primary key

Composite Primary keys

a combination of two of more fields that can uniquely identify each record in the field, where uniqueness is guaranteed when the fields are combined but not when they are taken individually

Foreign key

an attribute (field) in one table that refers to the primary key in another table

1NF

all columns must be atomic

• no duplicate rows and only 1 value per attribute

2NF

must be 1NF and every non-key attribute must be functionally dependent on the primary key

3NF

must be 2NF and table should not have transitive dependency - all fields must only be determined by the primary/composite key and no other non-key attribute

Encapsulation

supports information hiding through the combination of public methods and private properties into a class, ensuring that private properties are only accessed/altered by calls to the public methods.

also supports implementation independence, where users can use methods of the class without needing to know how it is implemented. if it were to change, user will not know

Inheritance

when the subclass is derived from the superclass and has its attributes and methods.

it promotes code reuse and makes programs easier to maintain and extend.

Polymorphism

occurs when subclasses define methods with the same name as the methods in base class, but with different implementations, override superclass behaviour.

enables code generalisation 

Intranet vs Internet

Intranet:

• private network within an organisation

• only accessible by authorised users

• holds internal resources relevant to organisation

• more secure due to restricted access

• can be isolated from internet or connected with security measures

• used for internal communication, collaboration and resource sharing

Internet

• public network accessible globally

• can be accessed by anyone with internet connection

• diverse content from various platforms

• less secure due to open nature

• connects devices across the globe

• used for global comms, info sharing and access to online service

TCP three way handshake

The three-way handshake takes place before the data transfer to ensure that the connection is reliable.

(1) The user first sends a synchronization packet to the server to check that the server is ready to receive.

(2) The server sends an acknowledgement back to the user and sends its own synchronization packet to the user.

(3) The user acknowledges the server’s synchronization packet.

After this, the actual data packets are transmitted.

Decision Table

A decision table is a tabular method to document decision-making logic. It systematically shows all possible combinations of conditions, with each of the corresponding actions to take

Data integrity

refers to the accuracy, consistency and reliability of data throughout its entire lifecycle

IP address

a unique numerical label assigned to devices connected to a network that uses the Internet Protocol (a set of rules for data transmission which are agreed by sender and receiver) for communication. It acts like an online mailing address, allowing information to be sent and received precisely between devices over the internet.

Used by routers to direct data across different networks

IPv4 address is 32 bits or 4 groups of denary numbers between 0 and 255, separated by dots when written in dotted-decimal notation

IPv6 address is 128 bits, 8 grps of 4 hexadecimal digits separated by colons. 

How are IP address assigned?

allocated dynamically through mechanisms such as Dynamic Host Configuration Protocol (DHCP) server or statically by configuration of host hardware or software.

Static vs dynamic IP address

Usually home users get dynamic IP addresses that change periodically

Static IP address do not change, so they are usually for servers or other devices that need to be easily reachable on the internet

MAC address

is a unique identifier assigned to a network interface controller (NIC) in a device. It acts like a permanent hardware fingerprint for that particular network connection. This ensures no two devices on the same network have the same MAC address.

48 bits w 6 grps of 2 hexadecimal digits separated by colons or dashes

Bubble sort

Best: n

Worst: O(n²)

Insertion sort

Best: n

Worst: O(n²)

Merge sort

Best: n log n

Worst: O(n log n)

Quicksort

Best: n log n

Worst: O(n²)

Merge vs Quicksort

Quicksort is unstable as it might change the occurrence of two similar data items

In-place quicksort does not need additional memory space to perform sorting. Merge sort requires a temporary array to merge the sorted arrays. Hence, merge sort needs more memory space compared to in-place quicksort.

How to Domain Name Server

1. Client types URL in web browser and comp checks local cache first.

2. else request URL is sent to recursive server

3. Recursive server checks local cache and if found, do step 8

4. Recursive server sends DNS query to DNS root name server to obtain info on Top Level Domain (TLD)

5. Recursive server sends the query again to a TLD name server to obtain information on the authoritative server

6. Recursive server sends the query again to an authoritative name server to obtain information on the domain and its associated IP address.

7. Authoritative name server sends the IP address back to the recursive server.

8. Recursive server returns the IP address to the client through the web browser and stores the IP address in its local cache for future use

Components of Domain Name

www - refers to the subdomain

.wikipedia – refers to the root domain

.org – refers to the Top-Level Domain

wikipedia.org - is the domain name

Application Layer

provides high-level functionality to end-users.

provides services directly to applications we use every day, such as web browsing (HTTP), email (SMTP), file transfer (FTP), and video conferencing

Transport Layer

provides functionality to transmit messages between any two programs.

TCP and UDP occur here

Internet Layer

provides functionality to determine a route between any two devices.

Routers

routing, handling addressing and routing data packets across networks using the Internet Protocol (IP). Imagine IP addresses like zip codes for devices on the internet; this layer ensures packets are delivered to the correct destination.

Link Layer (Network Access Layer)

provides functionality to transmit packets from one device to an adjacent device.

Network Interface Cards (NICs), Switches

Physical Layer (Network Access Layer)

provides functionality to transmit individual bits through a transmission medium

Protocol

Protocols are essential for successful transmission of data over a network. Each protocol defines a set of rules that must be agreed between sender and receiver.

How does router work

A router connects different links. The role of a router is to transmit an incoming packet from one input link to an outgoing link. It examines IP packet headers, looking at the destination IP address and determine how to forward the packets by consulting a routing table of known networks. The table indicates which connections to send the packet on as the next link. In the event that the entire packet has not been sent, it will buffer or store the packet’s bits and only transmit when all the packet’s bits have been received.

Packet Switching

a communication method where data is divided into smaller units called packets and transmitted over the network.

the packets may take different paths to get to the destination, and may be transmitted out of order or delayed due to network congestion

at the destination, the packets are re-ordered in the correct order to form the original data

Packet vs Circuit Switching

Packet does not need a dedicated path for comms vs circuit does

Path is established for each packet by router vs path is established for entire conversations

dynamic bandwidth vs fixed bandwidth

Ways to solve Packet Transmission Delay

1. increase transmission capacity

2. compress data

Packet Loss and how to deal with it

some routers may receive packets faster than they are able to route them on. These packets are buffered in memory and this introduces delays

Solve: TOS(type of service) field in header to mark priority level, but router could choose to ignore

Unreachable destination

Solve: TTL

If broken cable, router will detect bad connection and find new path for packet to take.

Client server architecture

There is an always-on host, the server, with a fixed well-know IP address, which services many other requests from many other hosts, called clients. (e.g Web app to web browsers)

Due to fixed IP address, clients can always contact the server by sending a packet to their IP address

A data center is usually to create a powerful virtual server as a single server host cannot keep up with the demand

P2P architecture

there is minimal or no reliance on dedicated servers in data centres.

Instead, the application exploits direct communication between pairs of intermittently connected hosts, called peers. The peers are not owned by the service provider, but are desktops and laptops controlled by users, residing in homes, universities, and offices. (e.g Skype, BitTorrent)

Client-Server vs P2P

Pro of CS:

• easy to maintain

• more secure

Cons:

• more expensive to maintain (data centers are v exp)

• unreliable as if server fail, clients all fail

Pro of P2P:

• cheaper to maintain (own devices)

• easier to set up as no need special equipment

• reliable as the failure of 1 peer does not lead to failure of other peers

Cons:

• harder to maintain bc resources are saved locally instead of in 1 server

• less secure

SCS Code of Conduct

Integrity

Professionalism

Competence

Responsibility

Ten Commandments for Code of Ethic

1. Thou shalt not use a computer to harm other people

2. Thou shalt not interfere with other people’s computer work

3. Thou shalt not snoop around in other people’s files

4. Thou shalt not use a computer to steal

5. Thou shalt not use a computer to bear false witness

6. Thou shalt not use or copy software for which you have not paid for

7. Thou shalt not use other people’s computer resources without permission

8. Thou shalt not appropriate other people’s intellectual output

9. Thou shalt think of the social consequences of the program one wrote

10. Thou shalt use the computer in ways that show consideration and respect