System Security Attacks and Defences

15-01-2022

Introduction

The System Security Attacks and Defences module provided in-depth knowledge on securing systems against various threats and understanding how different security mechanisms work to protect data and resources. We focused on access control, cryptography, cyber attack models, and advanced firewalls, with a strong emphasis on how these systems are implemented to defend against common and advanced cyberattacks. The module also introduced the concepts of risk assessments and how to mitigate potential vulnerabilities. Understanding the mathematical principles behind popular cryptographic algorithms was a key part of the course, providing a solid foundation for grasping the science of system security.

Key Concepts Covered:

  • Access Control: Access control is a critical component of system security, ensuring that only authorized users can access specific resources. The module covered different types of access control mechanisms such as Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role-Based Access Control (RBAC). We learned how to implement these mechanisms to restrict access to systems based on policies that define the permissions and rights of users and groups. This also included discussions on Multi-factor Authentication (MFA) and Least Privilege Principle, which are essential for securing sensitive information.

  • Cryptography: Cryptography plays a central role in system security, and this module focused on both symmetric and asymmetric encryption methods, as well as hashing algorithms. We studied how encryption works to protect data in transit and at rest. Key algorithms such as AES (Advanced Encryption Standard), RSA, and Diffie-Hellman (DH) were explored in detail. Understanding the mathematics behind these algorithms, such as modular arithmetic and public-key infrastructure (PKI), was essential for grasping how cryptographic protocols secure communications and data.

    • Symmetric Cryptography: In this section, we learned about symmetric encryption algorithms like AES, where the same key is used for both encryption and decryption. We discussed how key management is crucial for maintaining the confidentiality of data, as well as the challenges posed by key distribution and rotation.

    • Asymmetric Cryptography: The module also focused on asymmetric cryptography, where different keys are used for encryption and decryption. We explored RSA and how it relies on mathematical functions such as factorization and modular exponentiation. We also covered the Diffie-Hellman key exchange protocol, which allows two parties to securely share a key over an insecure channel.

    • Hashing: Hash functions like SHA-256 were discussed, which are used to verify data integrity and store passwords securely. We learned how hashes are used in digital signatures and blockchain technology, and how their one-way nature ensures that original data cannot be easily reconstructed from the hash.

  • Cyber Attack Models: A key component of this module was understanding various cyber attack models and how attackers exploit vulnerabilities in systems. We studied different types of attacks such as denial of service (DoS), man-in-the-middle (MITM), SQL injection, and buffer overflow attacks. The goal was to understand how these attacks work and how to build defenses against them, leveraging tools and techniques such as firewalls, encryption, and intrusion detection systems (IDS).

  • Advanced Firewalls: The module provided an overview of advanced firewalls, including heuristic, signature-based, and anomaly-based detection methods. These types of firewalls allow for better detection and mitigation of threats by examining network traffic more deeply. Heuristic-based firewalls analyze patterns of behavior to predict potential threats, while signature-based firewalls match traffic against known attack signatures. Anomaly-based firewalls, on the other hand, look for deviations from normal traffic patterns, providing a more proactive approach to security.

    • Kerberos: We also studied Kerberos, a network authentication protocol that provides strong authentication for client-server applications. Kerberos relies on symmetric-key cryptography to enable secure communications between users and services, ensuring that only authenticated users can access specific resources.

  • Risk Assessments: Finally, risk assessments were a major part of the module. We learned how to evaluate and quantify the risks that an organization faces based on the likelihood of certain threats and their potential impacts. The risk assessment process helps organizations prioritize which security measures to implement based on criticality and resource availability. The focus was on identifying vulnerabilities in systems, determining the associated risks, and developing strategies to mitigate those risks through appropriate defense mechanisms.

Key Learning and Practical Insights:

  • Understanding Cryptography in Depth: One of the most valuable aspects of this module was learning the mathematical algorithms behind cryptography. Understanding how symmetric and asymmetric encryption methods like AES, RSA, and Diffie-Hellman work not only helped me grasp the theory but also allowed me to apply this knowledge in practical scenarios. For example, I was able to better understand how cryptographic protocols ensure the security of online transactions and email communications.

  • Access Control Mechanisms: Learning about different access control models and their practical applications gave me insights into how organizations secure their systems by enforcing strict access policies. Understanding the principles of Least Privilege and RBAC helped me design secure systems where only authorized personnel can access sensitive data.

  • Firewalls and Defense-in-Depth: The exploration of advanced firewalls such as heuristic, signature, and anomaly-based firewalls provided me with a deeper understanding of how to build layered defense mechanisms. This defense-in-depth approach, combined with strong encryption and access controls, is essential in protecting systems from advanced persistent threats (APTs) and other cyberattacks.

  • Real-World Applications: The cryptography and firewall principles we learned were directly applicable to securing modern IT systems. We also had the opportunity to analyze attack models and simulate real-world cyberattacks, allowing us to see how different types of defenses work in practice.

Conclusion

The System Security Attacks and Defences module was a challenging yet rewarding experience that provided me with a strong foundation in system security. By studying topics such as access control, cryptography, advanced firewalls, and cyber attack models, I gained a thorough understanding of how to protect systems and data from a wide variety of threats.

The hands-on exercises and deep dives into the mathematical algorithms behind cryptographic methods allowed me to appreciate the complexity of modern security techniques. This knowledge, combined with a comprehensive understanding of firewall technologies and risk assessments, has equipped me with the skills necessary to evaluate and defend against a range of cyberattacks.

Overall, this module has strengthened my interest in pursuing a career in cybersecurity, as I now feel more confident in my ability to analyze and defend systems against attacks using a combination of technical and strategic approaches.

Sources:

  • None