One-way Hash Algorithm

In cryptographic application such as digital signature, we usually operate on the message with one-way hash algorithm before we apply the sender’s private key on it.

Why? It is because one-way hash algorithm can convert the message of whatever length  into a fixed length code (usually of 128 or 196 bits). In this way, we can easily apply asymmetric encryption on the shortened code instead of the original message.

This is because the original message can be infinitely long and the operation of asymmetric encryption on it can take a long time.

As one-way hash algorithm serves as the digital fingerprint of the original message it has to process the following properties:

• It has to be speedy in operation.
• It produces Hash of fixed length irrespective of the original message length.
• Once the hash produced, no one can reverse the process and reconstruct the original message from it (as the name one-way implies)
• Even if there is a little change in the original message, the resultant hash has to be changed in most of its bit (this is called diffusion in the cryptographic technology).

The last property prevents someone from constructing a modified message that produces the same hash.

Technorati Tags: One-way Hash Algorithm, digital signature, private key, asymmetric encryption, digital fingerprint, diffusion

Here they are:

• not guarantee data integrity
• not support authenticity of the source of data
• no control over how the packets were created
• not support confidentiality- no encryption among different firewalls unless it is incorporated with VPN features
• don’t protect against some Internet threats like virus attack and/or password cracking
• Do not provide protection from insider threats i.e. Insider Attacks
• can’t protect against traffic that doesn’t go through it (example: dial-up modems in the private network can be a backdoor)
• Once pass through it, it can do nothing!
• Single point of failure

Definitely there are more, can you think of some more?

Related topics: Limitations of Firewall, Single Point of Failure

Technorati Tags: Limitations of Firewall, Single Point of Failure

Myth # 1

IDS can handle network attacks automatically

No. IDS can only assist a human being to investigate and detect any potential network attack undergoing in the network. Its still relies on the network administrator to hande the suspicious incidents.

Myth # 2

Network based IDS can effectively monitor all network traffic of the network segment under investigation.

No.  As the modern network is getting faster and faster in bandwidth (considering Ethernet moving from 10Mb/s to now  there are some networks running at 1000 Mb/s Ethernet speed), it is very unlikely an ordinary network tap can capture all network packets for analysis. Failing to do so actually leads to the potential overlooking of network abnormal traffic patterns.

Myth # 3

No Alarm means there is no intrusion

No. For sure, IDS could fail to detect intrusion activities for the following reasons:

1) It fails to capture ALL network traffic (Myth #2)

2) It fails to identify the suspicious traffic pattern (due to the lack of related traffic pattern information in the pattern file)

This phenomenon is “False Negative” (in which an actual intrusion is not detected)

Myth #4:

If there is alarm, there must be intrusions.

No. Like most other detecting devices, there could be  cases for “False Positives” to happen. That is, IDS signals you there are intrusions but actually there is none. IDS can be too sensitive in detecting some network patterns that is unrelated to network attacks.

Related Topics: IDS, Intrusion Detection System,Myths of IDS, Network Mis-use, False Positive, False Negative

Technorati Tags: IDS, Intrusion Detection System, Myths of IDS, Network Mis-use, False Positive, False Negative