It’s been a long couple of weeks. I’ve been studying hard for the ITIL Foundations exam. It’s not my favorite material, which makes it very difficult to focus on.
It’s not the least bit technical, but it’s a lot of management-related stuff that tends to be less interesting to those who just enjoy the technology side of things.
Still, it’s somewhat of a popular certification, and it may help me along the way. I just can’t wait to get past it so I can look to more interesting things.
I should also add that I know I haven’t finished my posts on the OSI model, but life and school have to come first. The blog is just for fun. :)
I know this may not be a big deal to some, but I thought it was kind of cool. My school recently sent me this:
Congratulations! Your recent submission for Emerging Technologies in Cybersecurity has been selected by the WGU Evaluation faculty for recognition due to the exceptional nature of the work you submitted. The evaluator shared the following about your Task 1 submission: This excellent and professionally presented submission regarding an NMAP scan of an environment goes above and beyond the task requirements. The content of the submission includes an NMAP scan, OS fingerprinting and an analysis of a wireshark packet capture. Potential vulnerabilities and anomalies are identified as well as suggested solutions to mitigate these risks. The submission demonstrates attention to detail.
....
On behalf of the Evaluation department and WGU, congratulations on this achievement.
Deborah L. Fowler, J.D.
Vice President, Evaluation
Western Governors University
It’s cool to see my efforts go noticed. Hopefully it helps explain why I’ve been away from my blog for a few days. I enjoy trying to keep up with my writing, but school comes first for now.
Well, it’s been a while. The good news is I passed my EC-Council exam with relative ease. Now I am working on the ITIL Foundations certification. It’s not the most fun I’ve had reading, but it has to be done.
Anyway, on to Layer 2 of the OSI Seven Layer Model. The data link layer.
This is the layer where MAC addressing happens. The layer is responsible for Flow Control, which basically means that the receiving end controls how fast the sending end shoots data its way.
That flow control helps the data be transferred efficiently, minimizing data loss, which causes re-transmission. That re-transmission means more congestion in the network, which becomes a slower network.
The protocols operating in this layer also dictate how collisions are handled when they do happen. If devices transmit at the same time, causing a collision, the data link layer protocols figure out how to retransmit without creating yet another collision. They are doing this all the time, so we most likely aren’t even aware of it happening.
You can read a bit more about it here: https://en.wikipedia.org/wiki/Data_link_layer
Layer one of the OSI model is the physical layer. It’s called the physical layer, because it’s essentially the part that’s physically there. It is responsible for transmitting raw bits.
The thing to remember about the physical layer is that even though we often associate it with things like cabling, we have to keep in mind radio communications. Radio waves physically exist, too. We just don’t see them. They are there, and they are still transferring raw bits.
This is probably the simplest to grasp of the seven layers, because there really isn’t a lot to it on the surface level. We’re not diving too deep at this point -- don’t have to yet.
On a basic level, it’s just important to know that these technologies include things like network cable, Bluetooth and phone lines.
You may have heard of the OSI Reference Model. OSI stands for Open Systems Interconnection. The reference model is really designed as a way to help us better visualize network communications and can even become useful in troubleshooting.
Trust me when I say the books aren’t blowing smoke up your butt when they mention its use in the real world. It’s not unusual to hear a network administrator describe something by saying, “I took care of it -- it was a Layer 3 problem.”
Now, your boss probably won’t fire you for not referencing the OSI model, but they will appreciate the fact that you can speak on those terms. Especially when it comes to discussing issues and concerns with outside support or vendors.
I don’t have a lot of free time these days, but I figured I’d go over each of the layers over the course of the week. I may not get to update every day, but I’ll to my best to cover them all.
Just so you know the names of the layers, they are as follows:
Layer 1: Physical
Layer 2: Data Link
Layer 3: Network
Layer 4: Transport
Layer 5: Session
Layer 6: Presentation
Layer 7: Application
Most people like to use the mnemonic “Please do not throw sausage pizza away.”
You can if you want. Use whatever works for you.
Soon, I hope to go over Layer 1, the physical layer.
I’ve been studying most of the weekend, and have managed to get through more test objectives. It feels like so much ground to cover, and none of it goes particularly deep. A lot of it was also Sec+ material.
There are a few new concepts, and you’ll have to memorize a lot of formulas and numbers (key lengths, block sizes, etc.) While that’s not particularly hard, it’s not exactly fun. Still, the goal isn’t really a certification, it’s a degree. Regardless, despite the EC-Council study material being so-so, it’s given me the opportunity to use two books as supplemental material. I don’t necessarily have the time to fully read them, but I will when I graduate. Still, they've been very informative:
Serious Cryptography
Cryptography Engineering
Both excellent books that I hope to dive further into once I have the time.
Aside from that, I found a nice article I will read tonight to unwind:
Some will probably say that I’m not writing about the most advanced infosec concepts out there, and they’d be right. That comes with time and experience. For now, it’s about the basics. I recently discovered that some who are new to IT don’t know the difference between hashing and encryption. That’s okay. We’re here to learn. They are often both associated with cryptography, so it’s easy to see why people kind of mix them up.
Most simply put, hashing is a way of verifying integrity. Encryption is a way of (hopefully) maintaining confidentiality. See? We’re already talking about the CIA triad.
Hashing
First, let’s take a look at hashing. Hashing is taking some sort of input, whether it’s a file, a string of text, an entire hard drive, an executable file, whatever and running it through an algorithm that produces a (ideally) unique hash. For right now, let us pretend that something a hash collision does not exist. this will make our example a little easier to follow.
Below is a screenshot of a copy/paste of The Call of Cthulhu taken from hplovecraft.com:
I copied the entire text, but only used a screenshot of a small portion in hopes of demonstrating my example.
I saved that file as test.txt and computed the SHA1 hash. Here is the result:
2a7c060ea6bc704cc9038b3766e3db827927bb54 test.txt
The first part is the SHA1 hash, and the second part is the filename, test.txt.
Easy enough.
Now, if I take that same file and make one small change:
All I did was removed a single dot from the ellipsis at the end of introductory quote. See it?
Now I have the following output when I calculate the hash on the exact same file:
f0c5b4b2523c5757aa9abd9b980edae3b6e948d7 test.txt
original for comparison:
2a7c060ea6bc704cc9038b3766e3db827927bb54 test.txt
See how we get a different result?
That’s because I altered the text file. It was the smallest alteration, but it completely changes the resulting hash. The cool thing is that it doesn’t matter how little or how much I change the original. I could have added a single space or replaced the entire text with something else. The hash would compute differently. If the file remains unchanged, I can run the same SHA1 checksum on the file on any machine and the result will match the first, because the file itself remains unaltered. The idea is that if someone tries to change the file in any way, I will know that the file I received doesn’t match the one that was intended for me.
This is also why you will see people adding checksums to software downloads. While it can be a helpful way to ensure that no one has intentionally altered the software, it’s also a way of verifying that the file transferred correctly and that not a single bit has been lost in transit. Of course hashing has some other uses, but we can get into those later.
Oh, I mentioned those hash collisions earlier. Well, ideally, there is no way you can compute the same hash from different inputs. Of course, that isn’t always the case. MD5 is known to be susceptible to collisions, and Google last year accomplished a SHA1 hash collision. That said, it wasn’t the easiest thing in the world to do.
It’s also important to understand that hashes are not reversible. They’re not supposed to be. It doesn’t actually contain the file, it’s just a calculation based on an input. That’s also something that distinguishes it from encryption.
Encryption
Encryption, unlike hashing, is reversible. It includes all of your text or your file, it’s just simply scrambled up in some way that makes it ridiculously difficult to read without a special key. The scrambled message is called ciphertext while the clearly readable message is called plaintext.
We won’t go too far into encryption today, because I have to get back to my studies, but the basic idea is that you can encrypt a file or communications to make it difficult if not impossible for anyone but the intended party to read it. This helps protect confidentiality. Only the person with the decryption key can read the file or see the communication it its clear form.
It has to be reversible, because there has to be a way for the intended users to encrypt the file and decrypt it just as easily. Again, this is something that should only be accomplished with the key, so long as the cryptographic algorithm is sound and implemented properly, but that’s a whole different discussion.
The main thing to take out of this little blog post is that encryption and hashing aren’t the same thing. They just happen to come bundled together in discussions about security and cryptography.
Sure, they both involve ridiculous math that most of us will probably never have the need to understand, but beyond that, they serve very different purposes.
Well, today I learned about Symmetric Block Cipher Algorithms. I had a basic understanding of them that came from studying Security+, but this exam goes a little more in-depth. I mean, it’s not meant to make the tester an expert cryptographer. It’s more like Crypto 101 -- just enough to understand what’s going on at the upper levels of these algorithms. It doesn’t dive deep, but most people will never have to.
I learned about eight algorithms. All are symmetric block ciphers:
The Feistel Network
DES (Data Encryption Standard)
3DES
AES (Advanced Encryption Standard)
Blowfish
Serpent
Twofish
Skipjack
IDEA
Most of these ciphers are based on the Feistel function, and it serves as a basis for how many of them work. They are called block ciphers because they encrypt data in blocks. Larger key and block sizes are considered more secure so long as the encryption algorithm is well-designed. Furthermore, increasing the number of rounds the algorithm runs through increases the security.
DES is one of the more known ciphers, but is ideally no longer used. It uses a 56-bit key (64-bits minus 8 parity bits) and a 64-bit block. Because the key space is considered relatively small by today’s standards, it’s not really considered secure at this point.
DES iterates through 16-rounds applying a 48-bit key to each of those rounds. One thing to keep in mind about this system is that it has a maximum key size of 2 to the 56. That’s 56 bits. Not nearly enough for today’s applications.
3DES was the next of the bunch. It is basically DES with three separate keys. It does allow for some backwards compatibility with DES as it has three modes. The first uses three separate keys. The second has three iterations of two keys. The first and third are the same, and the second is unique. The third just repeats the same key three times, making it no more effective than DES.
DESx does something different called key whitening. Key whitening just means that the key is being XOR’d with the text before or after the round functions (sometimes both before and after).
Today, we most commonly use AES. It became the standard in 2001. It’s designated as FIPS 197. The things to remember about AES are the key sizes:
- 128
- 192
- 256
Sometimes you’ll see them represented as AES 128, AES 192 or AES 256. All three have a block size of 128 bits.
Interestingly, this one is not based on the Feistel cipher. It uses something called the substitution-permutation matrix, which I am still trying to understand. It involves a matrix called a state.
Blowfish is another big one worth learning about. It is a 16 round Feistel Cipher that operates on 64-bit blocks. That one has fooled me on a couple of quizzes, because I thought the quiz was leading me into DES. The main difference here is that DES has a limited block size of 56 bits. This one allows key sizes as low as 32-bit up to 448 bits.
Serpent is next. It’s similar to AES. It has a block size of 128 bits and also offers the 128, 192 and 256-bit key sizes. It also works of the substation-permutation idea. The major difference is the 32 rounds. Unfortunately, this makes it slower than AES, which was its major downfall when competing to become the next big cryptographic standard. Based on my limited knowledge, it’s more secure, but the speed difference helped AES edge out over this one.
Twofish - This sucker uses a block size of 128 bits and a key size up to 256 bits. It’s also a Fesitel Cipher.
Skipjack - Developed by the NSA, this one didn’t really happen. It’s associated with the Clipper chip. It uses an 80-bit key to encrypt and decrypt 64-bit blocks. It’s an unbalanced Feistel cipher. So why didn’t it happen? Apparently it the key was kept in a key escrow in case law enforcement needed to have a look.
IDEA - This one has a 128-bit key and operates on 64-bit blocks.
Yeah, there’s quite a bit more to take in than that, but that’s kind of the basics. Funny thing is, I don’t fully expect anyone to really read this. I just really do it as one more way for me to write down and help remember some of these numbers.
Either way, that’s all for today. Peace, to anyone reading.
As part of my degree program, I've started learning about Cryptography. The study materials are all part of the lead-up to the EC-Council Certified Encryption Specialist certification. I know that many aren't fond of the EC-Council, but it's part of the coursework. On top of that, an extra certification doesn't hurt. At worst, it gets ignored.
I've been reading about some of the classical ciphers such as the Caesar, ROT13 and the Vigenere. Most of the classical ciphers are single-alphabet substitution ciphers, which means that every letter in the cipher corresponds to one plaintext letter. Obviously, that's nowhere near secure by today's standards, but it helps us have a basic understanding of the origins of cryptography and the knowledge of how it works.
The Vigenere, unlike those other two I mentioned above is actually a multi-alphabet substitution cipher. What this means is that letters in the ciphertext don't match 1-to-1 with plaintext. A single letter can stand in for several other letters. It's more dependent on the key. In this case the key can be a word, or a random string of letters. It' much more complex than something like the Caesar, but is still easily breakable to anyone with an understanding of how the cipher works. If they can figure out the key-length, it's over.
(Image credit: Crypto-Interactive)
Looking at the chart above, if you were encrypting the word tacos, and your key was nachos, the ciphertext would be Gaevg.
You’d do this by first finding the N on the top line. Then look for where it intersects with the T. That would be G.
Next is the a in nachos. The A in the top line intersects with the A on the first column at the A. Then we move to the C in nachos. It corresponds to the C in tacos, but they intersect at the letter E. Do this until every letter in tacos has been replaced. If you run out of letters in the key, you just go back to the first letter and cycle through again until you’ve turned all plaintext into ciphertext.
It’s really simple, and just like all the other classical ciphers, it’s way too simple to hold up to today’s standards and a computer could crack it in fractions of a second.
What’s important here isn’t the complexity of the cipher, it’s the understanding of how encryption works at even the most basic algorithms.
We can see how if we could safely abide by Kerckhoff’s principal, the code would be solid. I know that’s not the case here, but let’s look at it this way for just a bit: Anyone could safely understand how the algorithm works. Anyone could safely understand that, and it wouldn’t matter, according to Kerchoff’s principal.
However, once you know the key, the secret text is broken. In this case, we know the key, and even if we didn’t, it wouldn’t be a horrible challenge. But that’s only because the algorithm is simple. If we for some hypothetical reason had no way of discovering the key through tricks like frequency analysis and the Kasiski method, the cipher would be much, much harder for us to crack.
Well, I’m not exactly the crypto expert, but I hope to have enlightened at least someone today. At the very least, I’ve entertained myself for a while by recapping some of my studies.
I’m a year into my Bachelor’s Degree at WGU, and so far it’s going well. I've been passing all my classes, and focusing hard on studying. The setup works well for my learning style, because it's basically what I would be doing anyway: reading books and websites and learning everything I can. The cool thing is that I get the added bonus of finally getting my degree. It's something I've wanted to do for a while now, I just haven't had time or money. Now I (kind of) have both.
It's funny starting a blog like this one. You feel so full of ideas and thoughts, then when you sit in front of the computer, it all just disappears. I guess the easiest thing to do right now is write up a quick post about some of the courses I've taken so far at WGU.
Term 1
Luckily, Comp, Math, Science, etc. had been transferred from back when I got my Associate's degree. It's been enough to get me somewhere, but there can be a definite ceiling with some jobs without a degree. No matter how much you have to offer.
First, was Introduction to IT, which is a very, very basic IT course that talks about the history of computers and how they evolved into what they are today. It's all pretty general stuff, and didn't take me very long to complete.
Next was the A+ duo: IT Foundations and IT Applications. These two prepare you for the A+ exam -- which is in two parts. This probably took the most time since it was two separate exams and I was nervous about the A+. Sure the material seemed easy, but I was relatively new to the field and didn't know what to expect from the test. Luckily, the uCertify materials more than prepared me for both tests.
Then I was on to Network and Security Foundations. It's kind of like the Network+ junior. It gives the student the essentials they'll need to have a foundational understanding of networking. The exam was pretty easy and I began studying for the Network+, which would come early next term.
Term 2
I probably could have taken the Network+ exam in the first term, but I ended up taking it on the first week of the second. I had heard horror stories about this exam, and I wanted to ensure that I was well-studied. Turns out the test wasn't the big scary monster everyone had made it out to be. I'm okay with that.
Immediately after the Network+ exam, I began studying for the Security+. WGU's curriculum calls the course Network and Security - Applications. I decided to try something different here and read Gibson's book since I'd heard amazing things about it. My Student Mentor was cool with it, and I mowed through that book as quickly as I possibly could given the small amount of spare time I had. The exam turned out to be, in my opinion, the easiest of the CompTIA trio.
Then it was on to Scripting and Programming - Foundations. When I took this class, it was centered around Python. I've been told that it's now pseudocode. I'm glad I took it when it was still Python-based. I'm sure it doesn't make it a whole lot different, but I just enjoyed seeing code that was relatively familiar already. That said, there was very little actual understanding code, and more understanding concepts like for loops and boolean logic thrown in with a memorizing a few terms.
Finally was Data Management - Foundations. This was one of the more difficult classes for me, but not so much because of the material. I just didn't have any interest in databases. Reading the book was a chore, and it was painful to get through. Still, I ended up taking the exam after about two months of forcing myself to read (I should have done this a lot faster, really.).
Term 3
I started my third term and hit my stride. Within the first month I was able to complete Fundamentals of Information Security, Data Management - Applications and Web Development Foundations. I know that makes it sound like the courses were too easy, but I should point out a few things:
1) I'd already taken Security+ (changed majors from IT Sec to Cybersecurity at the new year). Fundamentals was like taking calculus then having to jump into remedial math for a college credit. It probably would have been much more challenging had I not already been through a bigger course.
2) Data Management - Applications was a lot of review. The doozy on this course is building your own database according to some specs outlined by the school and demonstrating that you understand how to query it and operate it. I also built a database for myself to test and learn syntax before jumping into the test.
3) Web Development Foundations - I just read the material as fast I was able to and built a website to help myself learn HTML and CSS. The rest was vocabulary.
Right now I'm working on a Cryptography course, and I'll get back at ya when I have more time to go into it.