• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Security Architecture

MIS 5214 - Section 001 - David Lanter

Security Architecture

MIS 5214.001 ■ Spring 2023 ■ David Lanter
  • Homepage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit 01 – Threat Environment
      • Unit 02 – System Security Plan
      • Unit 03 – Planning and Policy
      • Unit 04 – Cryptography
      • Unit 05 – Secure Networks
      • Unit 06 – Firewalls
      • Unit 07 – Mid-Term Exam
    • Second Half of the Semester
      • Unit 08 – Access Control
      • Unit 9 Host Hardening
      • Unit 10 Application Security
      • Unit 11 Data Protection
      • Unit 12 – Incident and Disaster Response
  • Deliverables
    • Assignments
    • Case Studies
      • Case Study 1 – A High Performance Computing Cluster Under Attack: The Titan Incident
      • Case Study 2 – Data Breach at Equifax
    • Participation
    • Team Project
  • Harvard Coursepack
  • Zoom Meeting

My question to discuss with my classmates

February 1, 2023 by David Lanter 47 Comments

Filed Under: 04 - Cryptography Tagged With:

Reader Interactions

Comments

  1. Jill Brummer says

    February 2, 2023 at 10:09 pm

    Question for the class: What is one risk associated with a company allowing employees to use remote access VPN?

    Log in to Reply
    • Chinenye Marylyn Akinola says

      February 3, 2023 at 12:27 am

      Confidentiality and Integrity Risks: In an organization, managing users and authenticating users is crucial. However, when a VPN is implemented, numerous problems arise. Businesses lack both the power and the means to control employee computers. To verify users, an organization might allocate network resources and put network solutions in place. Consider a worker who accesses a shared computer from their house. There are numerous attack vectors when an employee uses a shared computer, and there are few solutions for guaranteeing that only one person has access to company resources. In addition to creating problems with authorization and authentication, this might give attackers an advantage against companies.

      Log in to Reply
      • Jill Brummer says

        February 4, 2023 at 9:27 pm

        I agree with your comment that the management of users and authenticating users is crucial. Particularly with terminated team members. There needs to be a policy in place specifically with removing access to remote users that were terminated. The removal needs to be immediately upon notification or timely (i.e., within 24 hours).

        Log in to Reply
    • Shepherd Shenjere says

      February 4, 2023 at 11:07 pm

      Data-leakage which may fall under Integrity security objective.

      Log in to Reply
    • Abayomi Aiyedebinu says

      February 5, 2023 at 7:24 pm

      Hi Jill,
      VPNs provide minimal security with traffic encryption and simple user authentication. Since most remote workers connect via their home network there is no scrutiny of the security posture of the connecting device, which could allow malware to enter the network.

      Log in to Reply
    • Sunam Rijal says

      February 6, 2023 at 6:24 pm

      Hi Jill,
      VPN use encryption to secure the connection between employee’s device and organization’s network however, this encryption can be vulnerable to attacks because of the user’s behavior of using weak passwords or unsecured Wi-Fi networks. attackers may be able to listen the transmitted data over VPN or gain access to the organization’s network by exploiting loopholes in the VPN configuration or software itself. So, Security becomes one of the great risk for the company allowing employees to use remote access VPN. To mitigate the risks, companies should implement strong security measures like enforcing use of MFA and regularly monitoring the logs for unusual activity,

      Log in to Reply
  2. Aayush Mittal says

    February 2, 2023 at 10:41 pm

    Comment on the advantages of using AES-128 bit over 3DES.

    Log in to Reply
    • Chinenye Marylyn Akinola says

      February 3, 2023 at 12:31 am

      Both use symmetric block ciphers, although AES is more technically efficient. The main advantage of AES is the variety of key lengths available. The length of the key used to secure the communication—128-bit, 192-bit, or 256-bit keys—is closely correlated with the amount of time needed to crack the encryption technique. As a result, AES is far more secure than DES’s 56-bit key. Because AES encryption is so much faster, it is perfect for software, firmware, and hardware that demands high throughput or low latency.

      Log in to Reply
    • Mengqi Xiong says

      February 6, 2023 at 5:03 pm

      Hi Aayush,

      Firstly, as Mary mentioned AES-128 is a faster algorithm for encryption because it uses a shorter key length and a simpler encryption algorithm. This makes information data encryption and decryption to be more efficient. In addition, AES-128 has been tested and proven to be secure and most organizations are usually willing to choose to use it to encrypt sensitive data. the AES-128 encryption standard is easier to find tools and resources for implementation and maintenance.

      Log in to Reply
    • David Vanaman says

      February 7, 2023 at 6:36 pm

      AES is a superior encryption algorithm over 3DES in every way. It is faster and more secure. 3DES was a stop-gap mechanism that was put into place when it was discovered that DES was no longer sufficient to protect against attacks from faster-than-brute-force methods. The idea to run multiple iterations of DES with multiple keys was simple to implement, but even at the time was known that it would be inefficient because it requires doing 3x the processing. Building the new standard that would become AES and fully testing it was a time consuming and difficult process. Proving new crypto is very difficult. The issues with known weak curves in ECC show that is still the case today. ECC is a strong and computationally light algorithm, but it can be crippled by a poor input curve and testing input curves is not something the average user (or anyone without specialist level math skills) can do.

      Log in to Reply
  3. Frank Kofi Kpotivi says

    February 3, 2023 at 10:57 am

    what is the difference between a public key compared to a private key? also are systems 100% secured ?

    Log in to Reply
    • Nishant Shah says

      February 3, 2023 at 12:09 pm

      Hey Frank! Both the public-private key pair is part of a mathematical function. However, knowing one would make it extremely difficult for a cryptanalyst to find the other one. So the only real difference is how the keys are used. A sender of a message can encrypt the message with their private key to ensure non-repudiation or use the receiver’s public key for encryption to ensure confidentiality.

      Log in to Reply
    • Abayomi Aiyedebinu says

      February 5, 2023 at 7:15 pm

      Hi Frank ,
      private keys can be used for both encryption and decryption, while public keys are used only for the purpose of encrypting the sensitive data. Private keys are shared between the sender and the receiver, whereas public keys can be freely circulated among multiple users.

      Log in to Reply
    • Wei Zhang says

      February 7, 2023 at 1:45 am

      Hi Frank,
      I don’t think the system can be 100% secure. Because people write code, and people make mistakes. It is estimated that the industry average is about 15-20 errors per 1000 lines of code. This leads to bugs in the core of the system. The system also has software and applications built and designed by humans, none of which is guaranteed to be completely secure.

      Log in to Reply
    • Shepherd Shenjere says

      February 7, 2023 at 9:58 am

      The private key is kept secret and not public to anyone apart from the sender and the receiver. The public key is free to use and the private key is kept secret only.

      Log in to Reply
    • Asha Kunchakarra says

      February 7, 2023 at 1:12 pm

      Both of the keys are used for encryption and decryption, however public keys are only used for the purpose of encrypting sensitive data. Private keys are used between sender and receiver. Public keys can be used freely between multiple users. Systems are never 100% secured, however there are ways to make sure that they can stayed as secure as possible.

      Log in to Reply
  4. Nishant Shah says

    February 3, 2023 at 11:53 am

    Why do asymmetric cryptographic algorithms need longer key lengths to provide similar encryption strength as symmetric cryptographic algorithms with shorter key lengths?

    Log in to Reply
    • Sunam Rijal says

      February 3, 2023 at 2:13 pm

      In asymmetric cryptography, 2 different keys are used for encryption and decryption, whereas symmetric cryptography uses only one key. Asymmetric is considered more secure, it needs longer key lengths to match the same level of security as symmetric. It is because asymmetric cryptography performs more complex mathematical function and must defend against more advanced attacks. So, longer key length raise the defense against these attacks. The public key in asymmetric algorithm is accessible to public, making it more vulnerable to attacks, so longer key lengths are required to provide encryption strength equivalent to symmetric algorithms.

      Log in to Reply
  5. Sunam Rijal says

    February 3, 2023 at 2:03 pm

    How important is regular security evaluation and update of cryptographic algorithms and protocols in maintaining the security of a system?

    Log in to Reply
    • Jill Brummer says

      February 4, 2023 at 9:23 pm

      Regular security evaluation and update of cryptographic algorithms and protocols to maintain security of a system is very important due to algorithms can be learned, and once learned, the cryptographic algorithm could be compromised.

      Log in to Reply
  6. Shepherd Shenjere says

    February 4, 2023 at 11:00 pm

    What is transmitted across the network the plaintext or the ciphertext?

    Log in to Reply
    • Jill Brummer says

      February 5, 2023 at 6:42 pm

      Ciphertext is transmitted across the network. Ciphertext is encrypted text. Plain text is not encrypted and therefore is transmitted across the network could be easily compromised.

      Log in to Reply
      • Abayomi Aiyedebinu says

        February 5, 2023 at 7:10 pm

        Hi Shepherd ,

        I agree with Jill, Plaintext is the original message and can be images, sounds, videos, or a combo. Ciphertext is what is sent to the receiver and is a random stream of bits, the ciphertext is transmitted across the network.

        Log in to Reply
    • Pranavi Yadalam Sekhar says

      February 7, 2023 at 9:28 am

      Hi Shepherd,
      Prior to being sent across the network, the plaintext is encrypted to create ciphertext. The data that is actually sent across the network is the ciphertext, which is the plaintext encrypted. The receiver then employs a decryption technique and the matching decryption key to convert the ciphertext back into the original plaintext. To prevent unauthorized access and transmission manipulation, it is crucial to transmit the ciphertext rather than the plaintext of the data.

      Log in to Reply
    • Asha Kunchakarra says

      February 7, 2023 at 1:18 pm

      Ciphertext is transmitted across the network because it is encrypted. Plaintext is not encrypted so it would be extremely unsafe to send across the network. It would break all the elements of the CIA triad and data would be leaked.

      Log in to Reply
  7. Abayomi Aiyedebinu says

    February 5, 2023 at 7:07 pm

    What are the human issues that affect cryptography?

    Log in to Reply
    • Wei Zhang says

      February 5, 2023 at 10:31 pm

      Hi Abayomi,
      Keys are classified as symmetric keys and asymmetric keys, where asymmetric keys decrypt and encrypt data through the use of public key and private key. In my opinion, the possible human issue is the wrong choice to encrypt the data with the private key and send it, which will result in the receiver who has the private key corresponding to the public key being unable to open the file to get the data. Or, the private key is leaked due to improper storage, and the data is intercepted during transmission and decrypted by attackers.

      Log in to Reply
  8. Samuel Omotosho says

    February 5, 2023 at 7:42 pm

    How do you determine the bit length of system encryption keys?

    Log in to Reply
    • Shadrack Owusu says

      February 6, 2023 at 2:17 pm

      You can determine the bit length of system encryption keys using the mathematical relationship
      If there is a key length of N bits, there are 2N (NB: N is superscript) possible keys.

      Log in to Reply
    • Shepherd Shenjere says

      February 7, 2023 at 10:04 am

      Hello Samuel,

      I agree with Shadrack and one thing to note is that, the longer the key, the more secure data can be viewed with it.

      Log in to Reply
  9. Nicholas Foster says

    February 5, 2023 at 8:57 pm

    A question I have for my fellow classmates surrounds quantum computing. We’ve all heard of it, and the possibilities that will unlock due to its implementation. How do you believe quantum computing will change the way we encrypt/decrypt data today?

    Log in to Reply
    • Aayush Mittal says

      February 6, 2023 at 11:15 am

      Great question. I believe quantum computing will be speeding up the required calculations, but with sufficiently powerful hardware. At the same time, this sounds alarming to me because hacker groups might be the people to be able to fund such extremely expensive hardware.

      Log in to Reply
      • Nicholas Foster says

        February 6, 2023 at 8:27 pm

        Hey Aauysh, great point about the hardware aspect. We saw previously a shortage in graphics cards due to bitcoin miners. The miners were buying them all up driving the prices of graphics cards sky high. I wonder if similar repercussions will occur when quantum computing goes mainstream.

        Log in to Reply
    • Sunam Rijal says

      February 6, 2023 at 6:14 pm

      I agree that quantum computing will likely have a significant impact on the way we encrypt and decrypt data. Currently, most data encryption relies on the difficulty of solving mathematical problems that are too complex for today’s computers. However, quantum computers are much better equipped to solve these problems, which means that current encryption methods may become vulnerable. To combat this, researchers are developing new encryption methods that take advantage of the unique properties of quantum computers, such as quantum key distribution, which is considered to be unbreakable.. Basically, while quantum computing presents new challenges for data security, it also offers the potential for even more secure encryption methods.

      Log in to Reply
  10. Mengqi Xiong says

    February 5, 2023 at 9:21 pm

    Which cryptographic algorithms could be used for both cryptography and digital signatures? What are their key strengths and weaknesses?

    Log in to Reply
    • Shadrack Owusu says

      February 6, 2023 at 2:36 pm

      Public Key algorithms could be used for both cryptography and digital signatures.

      key strength
      Digital signatures provide very strong security.

      Weaknesses
      a) Digital signatures consume extensive processing power.
      b) It is very difficult and expensive to set up a public key infrastructure to distribute the private keys and digital certificates.

      Log in to Reply
  11. Wei Zhang says

    February 5, 2023 at 10:06 pm

    What are the three types of VPNS and what are the differences between them?

    Log in to Reply
    • Shadrack Owusu says

      February 6, 2023 at 1:55 pm

      A virtual private network (VPN) uses a cryptographic system to secure communication over an untrusted network such as the Internet, or a wireless LAN.
      The three (3) types of VPNs are
      a) Host-to-host VPN
      b) Remote access VPN
      c) Site-to-site VPNs

      Differences
      A host-to-host VPN connects a single client over an untrusted network to a single server.

      Site-to-site VPNs protect all traffic flowing over an untrusted network between a pair of sites.

      A remote access VPN connects a single remote PC over an untrusted network to a site network.

      Log in to Reply
      • Pranavi Yadalam Sekhar says

        February 7, 2023 at 9:31 am

        Hi Shadrack,

        The three main types of Virtual Private Networks (VPNs) are:
        1.Remote Access VPNs
        2.Site-to-Site VPNs
        3.Intranet VPNs

        The number of locations these VPNs connect to and the kinds of users they are designed to accommodate are the key distinctions between these VPN varieties. Site-to-Site VPNs link many distinct networks, while Intranet VPNs build a secure network within an organization’s current network infrastructure. Remote Access VPNs are made for those who need to access the company network from a remote location.

        Log in to Reply
  12. Asha Kunchakarra says

    February 5, 2023 at 11:22 pm

    Which cryptography methodology do you think is best for maintaining the integrity of the data?

    Log in to Reply
    • Mengqi Xiong says

      February 6, 2023 at 5:19 pm

      Hi Asha,

      I think we can consider a portfolio using both symmetric and asymmetric encryption methods that may be helpful in maintaining data integrity. This combination can provide the security of asymmetric encryption while retaining the speed and efficiency of symmetric encryption. The combination of symmetric and asymmetric would ensure that the information data remains secure and confidential throughout the transmission process.

      Log in to Reply
  13. Shadrack Owusu says

    February 6, 2023 at 1:53 pm

    List the three (3) AES alternative key lengths released by NIST.

    Log in to Reply
    • Nicholas Foster says

      February 6, 2023 at 8:32 pm

      Hi Shadrack,

      The three key lengths for AES are 128, 192, and 256. AES 256 being the strongest of the three.

      Log in to Reply
    • Shepherd Shenjere says

      February 7, 2023 at 10:00 am

      Hello Shadrack,

      AES 256, 192, 128

      Log in to Reply
  14. Pranavi Yadalam Sekhar says

    February 7, 2023 at 9:22 am

    What is the relationship between cryptography and cybersecurity?

    Log in to Reply
    • David Vanaman says

      February 7, 2023 at 6:03 pm

      Cryptography is a component of just one class of tools that are used for good cybersecurity. Encryption is a powerful tool to ensure confidentiality. Encrypted data is safe data so long as best practices are followed. It allows us to store and send information without as much concern if someone was to obtain it. Unencrypted data is known as soon as it is accessed, encrypted data has a strong layer of protection that is still in place if the data is removed from your network, storage, or other secure location.
      Not as commonly thought of, but encryption is a powerful tool for integrity as well. Using asymmetrical encryption can prove that the sender/creator of data and the contents of the data are ensured with a public key signature. Because the signature only works if the public and private keys match, you can be assured that the matching key was used to sign. The signature also includes a hash of the data, so you can be assured that not even a single bit has changed or the hash would be invalid

      Log in to Reply
  15. David Vanaman says

    February 7, 2023 at 5:56 pm

    How do experts determine when an encryption algorithm is no longer secure? Is this determination a universal answer or is an algorithm that is not secure enough for a high security application still good enough for a low security application?

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • 01 – Introduction (1)
  • 01 – Threat Environment (3)
  • 02 – System Security Plan (6)
  • 03 – Planning and Policy (7)
  • 04 – Cryptography (4)
  • 05 – Secure Networks (7)
  • 06 – Firewalls (5)
  • 08 – Access Control (7)
  • 09 – Host Hardening (5)
  • 10 – Application Security (5)
  • 11 – Data Protection (3)
Fox School of Business

Copyright © 2023 · Course News Pro on Genesis Framework · WordPress · Log in