Invitation to Cybersecurity

Invitation to Cybersecurity Seth Hamman, PhD

Cedrus Press is the digital and print-on-demand publishing service of CedarCommons, the institutional repository of Cedarville University. Though not an official university press, the work of Cedrus Press is authorized by Cedarville University and thus submissions for publication must be in harmony with the mission and doctrinal statements of the university. Publication by the Press does not represent the endorsement of the University unless specified otherwise. The opinions and sentiments expressed by the authors do not necessarily reflect the views of CedarCommons, the Centennial Library, or Cedarville University. The author is solely responsible for the content of this work. Cedrus Press 251 N. Main Street Cedarville, OH 45314 Invitation to Cybersecurity © Seth Hamman. All rights reserved. Ed. 1.02 ISBN (print version): 979-8-9862831-8-0 ISBN (electronic version): 979-8-9862831-7-3 Cover Art by Anna Mullinger. Scripture quotations are from Holy Bible, New International Version®, NIV® Copyright ©1973, 1978, 1984, 2011 by Biblica, Inc.®

Dedication “If I were giving a young man advice as to how he might succeed in life, I would say to him, pick out a good father and mother, and begin life in Ohio.” - Wilbur Wright This book is dedicated to my mom and dad. They have loved and supported me all my life and have been my greatest role models and teachers. They have been a fount of wisdom and a constant source of comfort and encouragement. God gave me the blessing of wonderful parents, and from this first blessing innumerable others have followed.

Table of Contents Foreword �� xiii About This Text ��i Chapter 1 1. Introduction: The Hacker Advantage ��1 1.1 Distanceless ��1 1.2 Digital ��2 1.3 Dynamic ��3 1.4 Conclusion ��4 Chapter 2 2. The Context of Cybersecurity: Cyberspace �� 5 2.1 How Computers Work ��5 2.1.1 Boolean Logic �� 6 2.1.2 Data Encoding ��7 2.1.3 Binary ��12 2.1.4 Computer Illustration ��14 2.1.5 Encapsulation and Abstraction ��16 2.2 Computer Hardware ��18 2.2.1 Memory ��18 2.2.2 Storage ��19 2.2.3 CPU �� 20 2.2.4 I/O Devices �� 20 2.3 Computer Software ��20 2.3.1 Algorithms ��21 2.3.2 Computer Programming ��21 2.3.3 The Operating System �� 24 2.3.4 The Web Browser �� 26 2.3.5 Virtual Machines ��27 2.4 How the Internet Works �� 30 2.4.1 The Five Layer Model ��31 2.4.2 Packet Switching �� 33 2.4.3 The Network Edge �� 36 2.5 The Frontiers of Computing ��39 2.5.1 Artificial Intelligence (AI) �� 39 2.5.2 Quantum Computing �� 40 2.6 Conclusion ��41

Chapter 3 3. The Adversary of Cybersecurity: Hackers ��43 3.1 Hackers ��43 3.1.1 Ethical Hacking ��45 3.1.2 Illegal Hacking ��52 3.1.3 Hacking Skill Levels ��56 3.1.4 Hacker Profile �� 57 3.2 Hacking Culture ��58 3.2.1 Language and Art ��58 3.2.2 Nicks �� 60 3.2.3 Literature and Films �� 60 3.2.4 Commerce ��62 3.2.5 Folk Stories ��62 3.2.6 Traditions ��64 3.3 Conclusion ��65 Chapter 4 4. The Need for Cybersecurity: Cyber Attacks ��67 4.1 Cyber Attacks ��67 4.1.1 Reconnaissance �� 69 4.1.2 Gaining Unauthorized Access �� 69 4.1.3 Post Exploitation �� 81 4.1.4 Actions on Objectives ��85 4.2 Cybersecurity Goals ��89 4.2.1 Confidentiality �� 89 4.2.2 Integrity �� 89 4.2.3 Availability �� 90 4.3 Conclusion ��91 Chapter 5 5. The Approach to Cybersecurity: Cyber Risk Management �� 93 5.1 Cybersecurity Governance ��93 5.2 Security Tradeoffs ��97 5.3 The Cyber Risk Management Process ��100 5.3.1 Cyber Assets ��101 5.3.2 Cyber Threats �� 102 5.3.3 Cyber Vulnerabilities �� 104 5.3.4 Risk Analysis �� 106 5.3.5 Handling Risk ��111 5.4 Planning for Failures ��117 5.5 Conclusion ��121

Chapter 6 6. The Skill of Cybersecurity: Adversarial Thinking ��123 6.1 Adversarial Thinking Defined ��125 6.2 Game Theory ��129 6.2.1 Real Life Through the Lens of Game Theory �� 133 6.2.2 Game Theory Summary �� 136 6.3 Behavioral Game Theory ��137 6.3.1 Level-k Reasoning in Security Games �� 140 6.3.2 Behavioral Game Theory Summary �� 143 6.4 Conclusion ��143 Chapter 7 7. The Bedrock of Cybersecurity: Cryptography ��145 7.1 Classic Cryptography ��146 7.1.1 Letter Substitution: Ciphers �� 146 7.1.2 Word Substitution: Codebooks �� 154 7.1.3 Letter and Word Transposition �� 155 7.1.4 Combinations �� 156 7.2 Computer Cryptography ��157 7.2.1 Symmetric Key Cryptography �� 158 7.2.2 Public Key Cryptography �� 165 7.2.3 Cryptographic Hashing ��170 7.3 Steganography ��177 7.4 Principles of Cryptography ��181 7.4.1 Kerckhoffs’s Principle ��181 7.4.2 Schneier’s Law �� 182 7.4.3 Simplicity and Security. . . . . . . ....... �� 183 7.5 Conclusion ��184 Chapter 8 8. The Means of Cybersecurity: Access Control ��185 8.1 Authentication ��185 8.1.1 Something You Know �� 188 8.1.2 Something You Are ��191 8.1.3 Something You Have �� 195 8.1.4 Multi-factor Authentication �� 198 8.1.5 Network-based Authentication �� 199 8.1.6 Authentication on the Web �� 200 8.2 Authorization ��202 8.2.1 Operating Systems ��202 8.2.2 Multi-level Security �� 206 8.2.3 Authorization in Applications �� 208 8.2.4 Firewalls �� 209

8.3 Accounting ��210 8.3.1 Analyzing Logs �� 213 8.4 Conclusion ��215 Chapter 9 9. The Application of Cybersecurity: Principles and Practices �� 217 9.1 Cybersecurity Principles ��217 9.1.1 Adversarial Thinking �� 218 9.1.2 Depth Wins �� 219 9.1.3 Trusting Trust �� 221 9.1.4 Simplicity ��223 9.1.5 Weakest Link ��224 9.1.6 Least Privilege ��225 9.1.7 Defense in Depth �� 227 9.1.8 Compartmentalization ��228 9.1.9 Security as a Process ��230 9.1.10 Planning for Failures ��233 9.2 Practices ��234 9.2.1 Manage Authentication Credentials ��234 9.2.2 Use Cryptography �� 240 9.2.3 Harden Systems ��242 9.2.4 Secure Networks �� 247 9.2.5 Online Safety ��249 9.3 Conclusion ��255 Chapter 10 10. The Boundaries of Cybersecurity: Ethics, Rights, and Laws ��257 10.1 Ethics ��258 10.1.1 Ethical Analysis ��258 10.1.2 Ethics and Social Responsibility ��265 10.2 Rights ��267 10.2.1 United States Constitution ��268 10.2.2 The Right to Due Process �� 270 10.2.3 The Right to Privacy �� 270 10.2.4 Summary �� 274 10.3 Laws ��274 10.3.1 The United States Code �� 275 10.3.2 State Laws �� 281 10.3.3 International Laws �� 281 10.4 Civil Disobedience ��286 10.5 Conclusion ��289 Chapter 11 11. Conclusion: The Impact of Cybersecurity ��291

Made with FlippingBook

RkJQdWJsaXNoZXIy MTM4ODY=