Pretty Good Privacy (PGP) is a popular program used to encrypt and decrypt e-mail over the Internet.

It can also be used to send an encrypted digital signature that lets the receiver verify the sender's identity and know that the message was not changed en route. Available both as freeware and in a low-cost commercial version, PGP is the most widely used privacy-ensuring program by individuals and is also used by many corporations. Developed by Philip R. Zimmermann in 1991, PGP has become a de facto standard for e-mail security. PGP can also be used to encrypt files being stored so that they are unreadable by other users or intruders.
How It Works

PGP uses a variation of the public key system. In this system, each user has a publicly known encryption key and a private key known only to that user. You encrypt a message you send to someone else using their public key. When they receive it, they decrypt it using their private key. Since encrypting an entire message can be time-consuming, PGP uses a faster encryption algorithm to encrypt the message and then uses the public key to encrypt the shorter key that was used to encrypt the entire message. Both the encrypted message and the short key are sent to the receiver who first uses the receiver's private key to decrypt the short key and then uses that key to decrypt the message. PGP comes in two public key versions - Rivest-Shamir-Adleman (RSA) and Diffie-Hellman. The RSA version, for which PGP must pay a license fee to RSA, uses the IDEA algorithm to generate a short key for the entire message and RSA to encrypt the short key. The Diffie-Hellman version uses the CAST algorithm for the short key to encrypt the message and the Diffie-Hellman algorithm to encrypt the short key. For sending digital signatures, PGP uses an efficient algorithm that generates a hash (or mathematical summary) from the user's name and other signature information. This hash code is then encrypted with the sender's private key. The receiver uses the sender's public key to decrypt the hash code. If it matches the hash code sent as the digital signature for the message, then the receiver is sure that the message has arrived securely from the stated sender. PGP's RSA version uses the MD5 algorithm to generate the hash code. PGP's Diffie-Hellman version uses the SHA-1 algorithm to generate the hash code. To use PGP, you download or purchase it and install it on your computer system. Typically, it contains a user interface that works with your customary e-mail program. You may also need to register the public key that your PGP program gives you with a PGP public-key server so that people you exchange messages with will be able to find your public key. Where Can You Use PGP? Originally, the U.S. government restricted the exportation of PGP technology. Today, however, PGP encrypted e-mail can be exchanged with users outside the U.S if you have the correct

versions of PGP at both ends. Unlike most other encryption products, the international version is just as secure as the domestic version. There are several versions of PGP in use. Add-ons can be purchased that allow backwards compatibility for newer RSA versions with older versions. However, the Diffie-Hellman and RSA versions of PGP do not work with each other since they use different algorithms.

Secure Electronic Transaction (SET) is a system for ensuring the security of financial transactions on the Internet. It was supported initially by Mastercard, Visa, Microsoft, Netscape, and others. With SET, a user is given an electronic wallet (digital certificate) and a transaction is conducted and verified using a combination of digital certificates and digital signatures among the purchaser, a merchant, and the purchaser's bank in a way that ensures privacy and confidentiality. SET makes use of Netscape's Secure Sockets Layer (SSL), Microsoft's Secure Transaction Technology (STT), and Terisa System's Secure Hypertext Transfer Protocol (S-HTTP). SET uses some but not all aspects of a public key infrastructure (PKI). Here's how SET works: Assume that a customer has a SET-enabled browser such as Netscape or Microsoft's Internet Explorer and that the transaction provider (bank, store, etc.) has a SET-enabled server. 1. The customer opens a Mastercard or Visa bank account. Any issuer of a credit card is some kind of bank. 2. The customer receives a digital certificate. This electronic file functions as a credit card for online purchases or other transactions. It includes a public key with an expiration date. It has been through a digital switch to the bank to ensure its validity. 3. Third-party merchants also receive certificates from the bank. These certificates include the merchant's public key and the bank's public key. 4. The customer places an order over a Web page, by phone, or some other means. 5. The customer's browser receives and confirms from the merchant's certificate that the merchant is valid. 6. The browser sends the order information. This message is encrypted with the merchant's public key, the payment information, which is encrypted with the bank's public key (which can't be read by the merchant), and information that ensures the payment can only be used with this particular order. 7. The merchant verifies the customer by checking the digital signature on the customer's certificate. This may be done by referring the certificate to the bank or to a third-party verifier. 8. The merchant sends the order message along to the bank. This includes the bank's public key, the customer's payment information (which the merchant can't decode), and the merchant's certificate. 9. The bank verifies the merchant and the message. The bank uses the digital signature on the certificate with the message and verifies the payment part of the message. 10. The bank digitally signs and sends authorization to the merchant, who can then fill the order.

In computing, an exploit is an attack on a computer system, especially one that takes advantage of a particular vulnerability that the system offers to intruders. Used as a verb, the term refers to the act of successfully making such an attack. Many crackers (or hackers, if you prefer that term) take pride in keeping tabs of such exploits and post their exploits (and discovered vulnerabilities) on a Web site to share with others. Where an exploit takes advantage of a weakness in an operating system or vendedapplication program, the owners of the system or application issue a "fix" or patch in response. Users of the system or application are responsible for obtaining the patch, which can usually be downloaded from the Web. Failure to install a patch for a given problem exposes the user to a security breach. (However, it can be difficult to keep up with all the required patches.)

Transport Layer Security (TLS) is a protocol that ensures privacy between communicatingapplications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL). TLS is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. The TLS Record Protocol provides connection security with some encryption method such as the Data Encryption Standard (DES). The TLS Record Protocol can also be used without encryption. The TLS Handshake Protocol allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged. The TLS protocol is based on Netscape's SSL 3.0 protocol; however, TLS and SSL are not interoperable. The TLS protocol does contain a mechanism that allows TLS implementation to back down to SSL 3.0. The most recent browser versions support TLS. The TLS Working Group, established in 1996, continues to work on the TLS protocol and related applications.

The representation of text in the form of a single string of digits, created using a formula called a one-way hash function. Encrypting a message digest with a private key creates a digital signature, which is an electronic means of authentication.

Kerberos is a secure method for authenticating a request for a service in a computer network. Kerberos was developed in the Athena Project at the Massachusetts Institute of Technology (MIT). The name is taken from Greek mythology; Kerberos was a three-headed dog who guarded the gates of Hades. Kerberos lets a user request an encrypted "ticket" from an authentication process that can then be used to request a particular service from a server. The user's password does not have to pass through the network. A version of Kerberos (client and server) can be downloaded from MIT or you can buy a commercial version. Briefly and approximately, here's how Kerberos works: 1. Suppose you want to access a server on another computer (which you may get to by sending a Telnet or similar login request). You know that this server requires a Kerberos "ticket" before it will honor your request. 2. To get your ticket, you first request authentication from the Authentication Server (AS). The Authentication Server creates a "session key" (which is also an encryption key) basing it on your password (which it can get from your user name) and a random value that represents the requested service. The session key is effectively a "ticket-granting ticket." 3. You next send your ticket-granting ticket to a ticket-granting server (TGS). The TGS may be physically the same server as the Authentication Server, but it's now performing a different service.The TGS returns the ticket that can be sent to the server for the requested service. 4. The service either rejects the ticket or accepts it and performs the service. 5. Because the ticket you received from the TGS is time-stamped, it allows you to make additional requests using the same ticket within a certain time period (typically, eight hours) without having to be reauthenticated. Making the ticket valid for a limited time period make it less likely that someone else will be able to use it later. The actual process is much more complicated than just described. The user procedure may vary somewhat according to implementation.

Active Fingerprinting and Passive Fingerprinting If you take the Security+ exam, you may come across the terms active fingerprinting and passive fingerprinting. Its worthwhile knowing the differences between the two. Its also important to realize that fingerprinting in this context is not referring to the biometric method of authentication. As an example, heres a practice test question that tests your knowledge of this information. Active Fingerprinting and Passive Fingerprinting Question Q. You are monitoring traffic through a mirrored port on a switch. By analyzing this traffic, you are able to determine the operating system of each device connected to the switch. What does this describe? A. Active fingerprinting B. Passive fingerprinting C. Port scanning D. Vulnerability scanning Answer at end of this blog Pass the Security+ exam the first time you take it. CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide Fingerprinting and Reconnaissance In this context, fingerprinting refers to identifying specific information about a system. It is often part of a larger reconnaissance attack. Reconnaissance provides a big-picture view of a network or servers in a DMZ. It identfies the IP addresses used in the target network using a method such as an ICMP sweep or a host enumeration sweep. Ping scanners are sometimes used for this step. Fingeprinting then homes in on individual systems to provide details of each of them. For example, a fingerprinting attack can identify the operating system of the target and in many cases, it can identify the service pack and patches that have been installed. It can also identify the protocols and services that are running on a system and the likely role of the server based on these services. For example, if a server is listening on port 80, it is running the HTTP protocol and is very likely a web server. When fingerprinting any system, its useful to know many of the commonly used well-known ports.

Security+ Study Packages Passive Fingerprinting Passive fingerprinting uses a sniffer (such as Wireshark) to capture traffic sent from a system. It analyzes this traffic to determine what the server is doing. A key point is that passive fingerprinting does not send any traffic to the target system but instead just collects the traffic.

With this in mind, passive fingerprinting cannot be done from remote attackers. It can only be done with a sniffer installed in the network. Realistic practice test questions for the Security+ SY0-301 exam Available for the Kindle with flash cards to reinforce key testable material Free Kindle apps from Amazon to run Kindle books on your PC, iPad, or other platforms Active Fingerprinting Active fingerpringinting uses active techniques to identify the role of a server. Chapters 7 and 8 of the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide covered several methods used with active fingerprinting. They include: Xmas attack. This is a specific type of scan that sends specailly crafted packets to a system. By analyzing the return packets, the scanner can determine the operating system of the target. Port scanning. A port scanner sends queries on specific ports. If the server answers a query on a port, it indicates it is listening on this port. For example, if a system answers a query on port 25, it indicates it is running SMTP and is likely an email server. Additional queries can be sent to the system to verify it is an email server. These methods are useful for attackers trying to determine the role of remote servers. Realistic practice test questions for the Security+ exam. Available through Learnzapp on your mobile phone Active Fingerprinting and Passive Fingerprinting Answer Q. You are monitoring traffic through a mirrored port on a switch. By analyzing this traffic, you are able to determine the operating system of each device connected to the switch. What does this describe? A. Active fingerprinting B. Passive fingerprinting C. Port scanning D. Vulnerability scanning Answer at end of this blog Answer: B is correct. Fingerprinting a system refers to identifying specific information about a system and passive fingerprinting does this by capturing and analyzing traffic. Passive fingerprinting never sends traffic to a system but instead only passively captures the traffic. A is incorrect. Active fingerprinting sends traffic to a system and analyzes the responses. In this scenario, traffic is sent to a mirrored port on a switch. You can configure a switch to send a copy of all traffic through the switch to a mirrored port, but this port is only used for monitoring traffic. In other words, you would not be able to send traffic through the mirrored port. C is incorrect. Port scanning is active and sends traffic to a system to determine what ports are open. D is incorrect. Vulnerability scanning checks for vulnerabilities. It may include active or passive fingerprinting but it does more than just determine operating systems. Objective: 3.7 Implement assessment tools and techniques to discover security threats and vulnerabilities

Summary Fingerprinting is used to get details on a specific target. It is often used as part of a larger reconnaissance attack. The difference between active fingerprinting and passive fingerprinting is that active fingerprinting will send queries to the target and analyze the response. Passive fingerprinting only uses a sniffer to capture and analyze traffic, but never sends traffic to the target.

Computer Viruses are classified according to their nature of infection and behavior. Different types of computer virus classification are given below. Boot Sector Virus: A Boot Sector Virus infects the first sector of the hard drive, where the Master Boot Record (MBR) is stored. The Master Boot Record (MBR) stores the disk's primary partition table and to store bootstrapping instructions which are executed after the computer's BIOS passes execution to machine code. If a computer is infected with Boot Sector Virus, when the computer is turned on, the virus launches immediately and is loaded into memory, enabling it to control the computer. File Deleting Viruses: A File Deleting Virus is designed to delete critical files which are the part of Operating System or data files. Mass Mailer Viruses: Mass Mailer Viruses search e-mail programs like MS outlook for e-mail addresses which are stored in the address book and replicate by e-mailing themselves to the addresses stored in the address book of the e-mail program. Macro viruses: Macro viruses are written by using the Macro programming languages like VBA, which is a feature of MS office package. A macro is a way to automate and simplify a task that you perform repeatedly in MS office suit (MS Excel, MS word etc). These macros are usually stored as part of the document or spreadsheet and can travel to other systems when these files are transferred to another computers. Polymorphic Viruses: Polymorphic Viruses have the capability to change their appearance and change their code every time they infect a different system. This helps the Polymorphic Viruses to hide from anti-virus software. Armored Viruses: Armored Viruses are type of viruses that are designed and written to make itself difficult to detect or analyze. An Armored Virus may also have the ability to protect itself from antivirus programs, making it more difficult to disinfect. Stealth viruses: Stealth viruses have the capability to hide from operating system or anti-virus software by making changes to file sizes or directory structure. Stealth viruses are anti-heuristic nature which helps them to hide from heuristic detection. Polymorphic Viruses: Polymorphic viruses change their form in order to avoid detection and disinfection by anti-virus applications. After the work, these types of viruses try to hide from the anti-virus application by encrypting parts of the virus itself. This is known as mutation. Retrovirus: Retrovirus is another type virus which tries to attack and disable the anti-virus application running on the computer. A retrovirus can be considered anti-antivirus. Some

Retroviruses attack the anti-virus application and stop it from running or some other destroys the virus definition database. Multiple Characteristic viruses: Multiple Characteristic viruses has different characteristics of viruses and have different capabilities..

What is MIME? MIME (Multi-Purpose Internet Mail Extensions) is an extension of the original Internet email protocol that lets people use the protocol to exchange different kinds of data files on the Internet: audio, video, images, application programs, and other kinds, as well as theASCII text handled in the original protocol, the Simple Mail Transport Protocol (SMTP). In 1991, Nathan Borenstein of Bellcore proposed to the IETF that SMTP be extended so that Internet (but mainly Web) clients and servers could recognize and handle other kinds of data than ASCII text. As a result, new file types were added to "mail" as a supported Internet Protocol file type. Servers insert the MIME header at the beginning of any Web transmission. Clients use this header to select an appropriate "player" application for the type of data the header indicates. Some of these players are built into the Web client or browser (for example, allbrowsers come with GIF and JPEG image players as well as the ability to handle HTML files); other players may need to be downloaded. New MIME data types are registered with the Internet Assigned Numbers Authority (IANA). MIME is specified in detail in Internet Request for Comments 1521 and 1522, which amend the original mail protocol specification, RFC 821 (the Simple Mail Transport Protocol) and the ASCII messaging header, RFC 822.

S/MIME (Secure Multi-Purpose Internet Mail Extensions) is a secure method of sending email that uses the Rivest-Shamir-Adleman encryption system. S/MIME is included in the latest versions of the Web browsers from Microsoft and Netscape and has also been endorsed by other vendors that make messaging products. RSA has proposed S/MIME as a standard to the Internet Engineering Task Force (IETF). An alternative to S/MIME is PGP/MIME, which has also been proposed as a standard. MIME itself, described in the IETF standard called Request for Comments 1521, spells out how an electronic message will be organized. S/MIME describes how encryption information and a digital certificate can be included as part of the message body. S/MIME follows thesyntax provided in the Public-Key Cryptography Standard format #7.

In cryptography, a public key is a value provided by some designated authority as anencryption key that, combined with a private key derived from the public key, can be used to effectively encrypt messages and digital signatures. The use of combined public and private keys is known as asymmetric cryptography. A system for using public keys is called a public key infrastructure (PKI).

Data Encryption Standard (DES) is a widely-used method of data encryption using a private (secret) key that was judged so difficult to break by the U.S. government that it was restricted for exportation to other countries. There are 72,000,000,000,000,000 (72 quadrillion) or more possible encryption keys that can be used. For each given message, thekey is chosen at random from among this enormous number of keys. Like other private key cryptographic methods, both the sender and the receiver must know and use the sameprivate key. DES applies a 56-bit key to each 64-bit block of data. The process can run in several modes and involves 16 rounds or operations. Although this is considered "strong" encryption, many companies use "triple DES", which applies three keys in succession. This is not to say that a DESencrypted message cannot be "broken." Early in 1997, Rivest-Shamir-Adleman, owners of another encryption approach, offered a $10,000 reward for breaking a DES message. A cooperative effort on the Internet of over 14,000 computer users trying out various keys finally deciphered the message, discovering the key after running through only 18 quadrillion of the 72 quadrillion possible keys! Few messages sent today with DES encryption are likely to be subject to this kind of code-breaking effort. DES originated at IBM in 1977 and was adopted by the U.S. Department of Defense. It is specified in the ANSI X3.92 and X3.106 standards and in the Federal FIPS 46 and 81 standards. Concerned that the encryption algorithm could be used by unfriendly governments, the U.S. government has prevented export of the encryption software. However, free versions of the software are widely available on bulletin board services and Web sites. Since there is some concern that the encryption algorithm will remain relatively unbreakable, NIST has indicated DES will not be recertified as a standard and submissions for its replacement are being accepted. The next standard will be known as the Advanced Encryption Standard (AES).

RSA is an Internet encryption and authentication system that uses an algorithm developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is the most commonly used encryption and authentication algorithm and is included as part of the Webbrowsers from Microsoft and Netscape. It's also part of Lotus Notes, Intuit's Quicken, and many other products. The encryption system is owned by RSA Security. The company licenses the algorithm technologies and also sells development kits. The technologies are part of existing or proposed Web, Internet, and computing standards. How the RSA System Works The mathematical details of the algorithm used in obtaining the public and private keys are available at the RSA Web site. Briefly, the algorithm involves multiplying two large prime numbers (a prime number is a number divisible only by that number and 1) and through additional operations deriving a set of two numbers that constitutes the public key and another set that is the private key. Once the keys have been developed, the original prime numbers are no longer important and can be discarded. Both the public and the private keys are needed for encryption /decryption but only the owner of a private key ever needs to know it. Using the RSA system, the private key never needs to be sent across the Internet. The private key is used to decrypt text that has been encrypted with the public key. Thus, if I send you a message, I can find out your public key (but not your private key) from a central administrator and encrypt a message to you using your public key. When you receive it, you decrypt it with your private key. In addition to encrypting messages (which ensures privacy), you can authenticate yourself to me (so I know that it is really you who sent the message) by using your private key to encrypt a digital certificate. When I receive it, I can use your public key to decrypt it. A table might help us remember this.

To do this Send an encrypted message

Use whose Use the receiver's Use the sender's Use the receiver's Use the sender's

Kind of key Public key

Send an encrypted signature

Private key

Decrypt an encrypted message

Private key

Decrypt an encrypted signature (and authenticate the sender)

Public key