Internet Security

A firewall monitors and controls network traffic according to security rules. It acts as a barrier between a trusted internal network and untrusted external networks (the Internet).

Packet filtering

Examines each packet's header (source/destination IP, source/destination port, protocol). Allows or blocks packets based on a rule set.

• Example rule: block all incoming TCP packets to port 22 (SSH) from external IPs
• Fast and efficient; cannot inspect payload content
• Stateless — each packet is evaluated independently

Proxy server (application-layer firewall)

Acts as an intermediary: the client connects to the proxy, which makes the request on the client's behalf.

• Hides the internal network (client IP is not exposed to external servers)
• Can cache responses, filter content, and log requests
• Slower than packet filtering due to full connection handling

Stateful inspection

Tracks the state of active connections. A packet is only allowed if it belongs to an established, legitimate connection.

• Maintains a state table of current connections (source/dest IP, port, protocol, connection state)
• Detects attacks that exploit connection state (e.g. unsolicited replies to non-existent requests)
• More intelligent and secure than simple packet filtering

In symmetric encryption, the same key is used for both encryption and decryption.

Plaintext → [Encrypt with key K] → Ciphertext → [Decrypt with key K] → Plaintext

Advantages: fast; computationally efficient for large amounts of data.

Key distribution problem: how do the two parties share the key securely before they can communicate? If the key is intercepted during transmission, all future communication is compromised. This is the fundamental weakness of symmetric encryption.

Examples: AES (Advanced Encryption Standard).

In asymmetric encryption (public-key cryptography), each party has a key pair: a public key (shared openly) and a private key (kept secret).

Core property: a message encrypted with the public key can only be decrypted with the corresponding private key, and vice versa.

Sender encrypts with recipient's PUBLIC key
→ Ciphertext
→ Recipient decrypts with their PRIVATE key

How asymmetric encryption solves the key distribution problem:

1. Bob publishes his public key openly
2. Alice encrypts a message (or a symmetric session key) with Bob's public key
3. Only Bob — with his private key — can decrypt it

Key exchange: asymmetric encryption is typically used to securely exchange a symmetric key. The symmetric key then encrypts the bulk of the communication (because symmetric is faster). This hybrid approach is how HTTPS works.

A digital certificate is an electronic document that binds a public key to an entity (a person, organisation, or server). It is signed by a trusted Certificate Authority (CA).

Contents of a certificate:

• Subject's public key
• Subject's identity (domain name, organisation)
• Issuing CA's identity
• Validity period
• CA's digital signature (authenticates the certificate)

Purpose: when you connect to https://bank.com, your browser checks the server's certificate to verify that the public key you receive genuinely belongs to bank.com (not an attacker). Without certificates, a man-in-the-middle attacker could substitute their own public key.

Certificate chain: certificates are validated up a chain of trust: the CA's certificate is signed by a root CA, which is pre-trusted by your browser/OS.

A digital signature proves:

1. Authenticity — the message came from the claimed sender
2. Integrity — the message has not been altered in transit

How digital signing works:

1. Sender computes: hash = H(message)
2. Sender encrypts hash with their PRIVATE key → signature
3. Sender transmits: message + signature

Receiver:
4. Decrypts signature with sender's PUBLIC key → expected hash
5. Independently computes: actual hash = H(received message)
6. If expected hash == actual hash: signature is valid ✓

The private key is used to sign (not to encrypt the message itself); the public key is used to verify the signature.

Malware is malicious software designed to damage, disrupt, or gain unauthorised access to systems.

Type	How it spreads	Key characteristic
Virus	Inserts itself into other programs; spreads when infected program runs	Requires a host program; spreads through user action (copying files, sharing media)
Worm	Self-replicates across networks without a host program	Exploits network vulnerabilities; spreads automatically without user action
Trojan	Disguises itself as legitimate software	Does not self-replicate; relies on user installing it

All three exploit software vulnerabilities — flaws in operating systems, applications, or network services that allow code to execute without authorisation.

Protection:

• Keep software patched and updated (closes known vulnerabilities)
• Use antivirus/antimalware software
• Apply the principle of least privilege (limit what software can access)
• Firewalls block malicious network traffic

1. Confusing symmetric and asymmetric key usage

In symmetric encryption, the same key encrypts and decrypts. In asymmetric, the public key encrypts and the private key decrypts (for confidentiality) — or the private key signs and the public key verifies (for signatures). Swapping public and private key roles in an exam answer loses marks.

2. Stating digital signatures encrypt the message

A digital signature encrypts the hash of the message — not the message itself. The message travels in plaintext (or separately encrypted). The signature proves authenticity and integrity, not confidentiality.

3. Confusing viruses and worms

A virus needs a host program and spreads through human actions (sharing files). A worm spreads automatically across networks without a host. The distinction is self-replication over a network without user action.

4. Confusing proxy firewall and proxy server

All three firewall types (packet filtering, proxy, stateful inspection) provide different levels of protection. A proxy server is one firewall type that acts as a middleman — not all proxy servers are firewalls, but a proxy firewall uses the proxy mechanism for security purposes.