Author: jonber2021

What is a Firewall

A Firewall is a network security method that filters incoming and outgoing network by their IP, port, domain, or other. Firewalls must be previously configured by the network manager to say what is allowed through and what isn’t.

The above picture gives a very simplified explanation of a network with a firewall in it. A LAN (Local Area Network) has a router which is its connection to the WAN (Wide Area Network), also known as the cloud. The firewall is inside the router, and it will scan all incoming and outgoing signals to see if they pass the filter.

Risk 1 – Firewall is too easy to gain access to

A big risk that of firewalls are that they must be configured to block unwanted signals. So if a person is trying to break into your network, and they are blocked by the firewall, they might try to see if they can gain access to the configuration of the firewall and let their signals in. No matter how well the firewall secures your network, if someone gains access to it it’s useless. One might be able to break into the firewall by getting the authentication to it, like the password.

This security risk can be helped by increasing the security of gaining access to the firewall itself. This can be done by making the password stronger, or keeping the firewall software up-to-date. This can also be done by increasing the amount of steps or credentials needed to gain access to the firewall, like making so configuring it requires a code that you get from an e-mail or a phone text.

Risk 2 – Firewall does not have secure enough inspection

The second risk is when the configuration of the firewall itself is too easy to get around. For example, traditional firewalls only check the packet of data’s origin  and destination; two things which can easily be masked or spoofed. Or, the configuration simply does not block the unwanted data packet.

To get around this, you may add Layer 7 (“deep packet”) inspection to your firewall, which looks at multiple things about the packet itself, which can be measured to see if it’s bad and is harder to spoof (‘spoofing’ is the practice of masking parts of the signal, like where it came from). You can also make it so the firewall blocks signals by default, and instead you have to construct a list of what’s allowed in and out of your network. Although, that solution will require higher levels of knowledge in what you want in and out of your network.

A diagram demonstrating Deep Packet inspection.

Risk 3 – Insider attacks

The last type of risk comes from bypassing the firewall itself. The network might have multiple ways to get in, and the firewall is useless if the person trying to break in is already past it. Or, the person is intentionally or unintentionally already allowed into the network, and they are able to access it.

This risk can be mitigated by adding more firewalls, like at every connection in and out of the network or inside the network itself. Having security inside your network, although it can slow the network down, is never a bad idea. Another way to prevent insider attacks is simply by trusting less people with the higher level parts of your network. You can’t receive an insider attack if there’s no one on the inside.

SOURCES USED

5 Firewall Threats and Vulnerabilities (compuquip.com)

Top Firewall Vulnerabilities (trustnetinc.com)

 

DNS Masking

DNS Masking, or Domain Masking, is where you hide the name (URL) of a website and replace it with another name. This can be used for good, for example if you are a brand but there’s some other website hogging up the domain you want so you can mask your domain and change your website’s name to it. Or DNS Masking can be used to scam people, and make them think they’re at a reputable website or the website they want to be at when they’re not.

I think DNS Masking should not be used, because it seems like it has a lot more potential for harm than for good. Being able to set your website’s visible name to anything sounds very useful for scammers, and brands can probably just buy or wait for the domain they want to be available.

online videogame

I could not find any way to make a link launch when hovered without Javascript.

mario

Download something

 

UDP | User Datagram Protocol

UDP fits similarly to how TCP does; it has a header in front of your data much like TCP. Unlike TCP, though, UDP does not split data into multiple packets. All that UDP provides is port numbers, so several systems can use it at once. I suppose vulnerabilities of UDP is that it is easier to lose data since you only have one packet, and also easier for it to be stolen. An advantage might be increased versatility.

ICMP | Internet Control Message Protocol

ICMP is used for error messages, primarily. Is it intended for TCP/IP software, however it can still be used to find out information about a network. A big factor of ICMP is that it doesn’t include any port numbers at all. Network software interprets where the ICMP message gets sent to.

Challenge 7: Why is net neutrality important?

Net neutrality is important because it lets everybody access everything at the same speed regardless of what it is. ISPs want to demolish net neutrality so they can force you to pay for higher speeds; or even block and slow certain online content. For example, without net neutrality ISPs can make you pay for each different online service you use (videos, messaging, music) and block or slow down it if you don’t pay.

Challenge 8: Why is it important that ISP’s decide which content gets prioritized?

It’s important that ISP’s decide which content gets prioritized because they can send higher speeds to people… who are able to pay more.

Note: A symmetric encryption method has one key that can be used for encryption and decryption of the message. Although faster, it is less secure than an asymmetric encryption method wherein one key used to encrypt the message is made public but the key to decode the message is private.

1. Advanced Encryption Standard

AES is a symmetric encryption method, wherein the key used is 128, 192, or 256 bits long. The smaller the key, the less ’rounds’ it takes to encrypt the message. In each round, AES performs several steps of substitution, transposing and mixing in the message. AES is by far the most common encryption method.

2. Triple Data Encryption Standard

Triple DES is another symmetric encryption method and is a successor to the DES method. Data is encrypted with three 56-bit keys, hence the ‘Triple’ part. Triple DES is usually used for ATM PINs.

3. Twofish

Twofish is also a symmetric encryption method, and it encrypts messages with 128 bits (twice the amount of Blowfish, what it was based on, which uses 64 bits). Twofish always encrypts data in 16 rounds, making it slower than AES but secure.

 

Exchanging keys to communicate across a public channel

Diffie-Hellman key exchange is a way to communicate across a public channel securely. Basically, one person has keys A and B, and another person has keys C and D. A times C will equal Key E, and B times D will also equal E. Key E is used as the key to share messages (symmetrically; one person encrypts a message with E and the other person decodes it with E). One of each person’s keys will be private and the other will be public.

 

 

Overview

Binary is the base coding language of every computer and machine like it. Its symbols are “0” and “1”, that’s it. Specifically, the ‘0’ stands for power off and ‘1’ for power on. When enough of these two inputs are combined though, it can do anything.

Numbers

For example, to create any number, all you need is enough inputs equal to the next base 2 of the number. For example, any number below 16 can be made with 4 different zeros and ones. Any number below 256 can be made with 8 different zeros and one. A bit is a single 0 or 1, and a byte is a set of 8 bits.

An example is the number 39,421,537. It can be made with 26 bits: 10010110011000011001100001. The number 9 can be made with 4 bits: 1001. Actually, the last bit of a binary sequence for a number can be easily determined if its a zero or a one by if the number is odd or even; this is because in base 2, the last bit is the only odd number, a 1. Every bit before that has a common ratio of 2. You read binary from the right, so it’d be 1, then 2, then 4 then 8 then 16…

Characters

A character is either a letter from the alphabet (AaBb…), a number (1234…), or a symbol (!@#$…). So that’s 26 lowercase letters plus 26 uppercase letters plus 10 numbers plus a lot of symbols. A character is a single byte of data, 8 bits, which means there can be 255 characters. Every character is assigned to a number from these 255. This isn’t a coincidence, people had to decide what characters to include in these 255 to fit a convenient byte per character.

The number 97 (01100001 in binary) translates to the character a. The number 65 (01000001) translates to the character A. The symbol ¶ for paragraph is the number 244 or 11110100. From 0 to 255, it does ‘tools’ (like Backspace and Shift down/up), then the space key, then symbols, then numbers, then uppercase letters, then lowercase letters, then accents for letters and a few more symbols, then more accents, and then a bunch of miscellaneous symbols and such.

Simple Images

I’m using simple images to define images that have a color depth of 2- this means every picture element (pixel) can be of 2 different colors. Every pixel in the image is a single bit of data. Images that have a color depth of 2 are handled in a unique way than other images: rather than having a bit for every single pixel, they are segmented.

Segmentation is where the image is stored as quantity of pixels that are ‘on’ or ‘off’ in every row. This drastically reduces the amount of data required for large images. It can make a straight line of pixels take up only a few bits (for defining the number with binary) rather than a bit for every pixel in the line.

Colorized images

Images with color in binary won’t work with segmentation. Instead, they use a scale of Red, Green, and Blue for the pixel to display. If the image is gray scale (not colored), every pixel instead has just a value for its lightness. Any visible color can be made by combining red, green and blue with differing strengths. The amount of bits you use to define each of these 3 colors determines the quality of the image. It’s important to know that the strength of each color is based on its percentage, not its value.

In 8 bit color, every pixel has a byte of data assigned to it: 3 bits for red, 3 bits for green, and 2 bits for blue (the human eye is less perceptive to blue). A bright red pixel would be represented as 11100000. A dim aqua pixel could be represented as 00001110. If the pixel is uncolored, the percentage for every color is the same: A white pixel would be 11111111 because the percentage of every color is 100% (8/8 red, 8/8 green, 4/4 blue).

A representation of the color scale with 16 color depth. Notice how you can see discontinuities in the green, but not the blue.

8 bit color is good, but its also really limiting. There’s only 255 different color possibilities. However, we can increase the amount of colors far beyond the limits of the human eye just by having a byte for every color rather than the pixel itself. 8 bits for red, 8 bits for green, and 8 bits for blue. This means each pixel can be of 256^3 different colors, which is 16,777,216 different combinations of bits. A bright purple pixel might be stored as (10111111), (01100110), (11100110), which is around 75% red, 40% green, and 90% blue.

The color I was talking about. In RGB, it’s (192, 102, 230).

Your computer probably uses a single byte for every color of a pixel, which means 24 bits per pixel, which can mean tens of millions of bits just for one good-quality image. Isn’t that a lot of bits? A megabyte is 8 million bits. A 1920×1080 computer screen with 24-bit color is around 6.2 megabytes. Modern hard drives sometimes have more than a terabyte of space, which is a million megabytes. Maybe in 1985 would 6.2 megabytes have been a lot, but technology has progressed and bits are now incredibly small, which allows us to carry trillions of zeros and ones in our hands.

I’m sorry, but this capstone project is just really stupid. We have to create at least 10 more posts to hit the quota, and each of them have to be unique and thought-out. Why are we being graded based on how good we are at writing in computers class? Not only that, but also it’s really subjective. Just.. all of this. I have zero clue whether my current site layout is “well-designed” and “looks good” and there is nothing to help me. If I’m being honest, this class is really stressful for me. I signed up for coding and logic challenges, and more often than not this class has just felt like English class, except I’ve only had to write one essay in English.