Encryption, Symmetric vs Asymmetric + Cybersecurity & Crime

Cards (37)

  • Encryption is a process of encoding messages to keep them secret
  • Caesar cipher/ shift cipher/ Caesar shift: one of the simplest and most known encryption techniques.
  • The Caesar Cipher works by shifting every letter in the plaintext message a certain number of positions down the alphabet
  • Caesar cipher is a substitution cipher
  • The best technique for cracking a random substitution cipher is known as frequency analysis
  • Frequency analysis is based on how frequently certain letters appear in English versus others
  • Good encryption algorithms are public, but use secret keys as an input to the algorithm
  • Encryption algorithms are evaluated based upon the amount of time it would take a computer to crack the key
  • Vigenere cipher is an encryption technique that uses a key and cannot be cracked using frequency analysis; it applies a series of Caesar ciphers based on the letters of a key
  • packet sniffing occurs when the contents of a packet is analyzed by a third party
  • Hypertext Transfer Protocol Secure was developed as a secure alternative to HTTP
  • In HTTPS, the communication protocol is encrypted by using SSL(Secure Sockets Layer, formerly)/TLS (Transport Layer Security)
  • SSL/TLS provides authentication between client and server
  • Authentication is the process of verifying that you are the person who has the right to access a particular computer or service
  • Passwords stored in databased are encrypted, usually with one-way function known as cryptographic hash function
  • A one-way function is an algorithm that is easy to apply and hard to undo
  • Passwords are hashed before being stored, when a user tries to login, the password entered is put through the same hash function
  • types of encryption: symmetric and asymmetric
  • A symmetric encryption algorithm requires the use of a secret key known to both the sender and receiver
  • In an asymmetric/ public key encryption algorithm, the key for encryption and for decryption are quite different, although related
  • Cybercriminals commits cybercrimes by exploiting vulnerabilities in hardware/ software or taking advantage of unintentional decisions made by people using software
  • A computer virus is a type of malicious software program (malware) that, when executed, replicates itself by modifying other computer programs and inserting its own code
  • Virus writers use social engineering deceptions and exploit detailed knowledge of security vulnerabilities to initially infect systems and to spread the virus
  • Computer viruses currently cause billions of dollars' worth of economic damage each year
  • An industry of antivirus software has cropped up, selling or freely distributing virus protection to users of various operating systems
  • Viruses can potentially gain control of computers and form a botnet then attack other machines connected to the internet (distributed denial-of-service attack/ DDoS attack)
  •  a network of infected computers that work together to carry out an attacker's goals
    botnet
  • denial of service is typically accomplished by flooding the targeted machine or resource with superfluous request
  • DDoS attacks tend to be more successful than their basic DoS counterparts as the amount of data required to overload the system is relatively high
  • DDoS attacks are harder to detect, prevent, and prosecute than DoS attacks as there are several machines involved
  • most common cybercrime
    phishing
  • The attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity
    phishing
  • Phishing is typically carried out by email spoofing (a technique used in spam and phishing attacks to trick users into thinking a message came from a person or entity they know or trust)
  • 2/3 of malware was installed via email attachments in 2016
  • Historically, popular operating systems and software applications have been the most vulnerable to viruses
  • The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information-security vulnerabilities and exposures
  • a threat intelligence firm that gathers information on attacks happening to its infrastructure, visualized via Norse Attack Map
    Norse