Cybersecurity: Networking, back to basics

Introduction

Every once in a while, it is good to brush off your knowledge and repeat the fundamentals. Sometimes you are completely new and need to build an understanding of the big picture or you don’t even know where to begin asking questions.

One important but ever-present area in cybersecurity is networks. It is one of many things that the blue team defends and the red team tries to breach. It is in the air and in the walls around you. It is with you when you travel and it keeps the world connected.

When thinking about networks I like to think about it from the perspective of the user and their devices. These devices at the “end of the line”, our phones and computers, are also known as endpoints.

In order for them to get updates, send messages, use certain apps or do anything productive in the web browser they need to be connected to the network. The smartphone or the computer might be connected wirelessly to a wi-fi, while a stationary computer might be connected with an ethernet cable.

The physical setup

In a business environment you sometimes see devices in the ceiling. There are devices like these that broadcast one or multiple wireless networks. Have you ever connected to a guest network at an office or a wi-fi in a café? It is likely that your device was communicating with that device in the ceiling, often called access point, or referred to as an AP.

So how is the access point able to broadcast a network for you to connect to? It happens to talk with something called a switch. It has a large number of ports, which are outlets for network cables. The switch can be managed by the IT team, segmenting the network traffic so that some devices cannot talk to other devices even if they are physically connected to the same switch. This division of traffic is referred to as Virtual Local Area Network (“VLAN”). This is a great way to enhance network security, for the simple reason that some devices might not be very safe and needs to be kept isolated.

The question then arises, how does the switch get network access and data to distribute throughout the workplace? Usually there is a router in the building that is connected to the outside, usually through a coaxial, copper or fibre-optic cable. Through this connection the router is talking to the company providing the customer with internet, the so-called internet service provider (“ISP”). When you look up your own or someone else’s IP-address online, it is the address of the router that you find, the public IP-address.

In a home environment on the other hand, it is common that you have only one device that does all things. It broadcasts wireless internet, distributes network through physical ports and has network protection in the form of a firewall. A firewall is basically a set of rules that allows and blocks certain traffic from going in or out. In a business grade environment, the firewall can be located in separate devices.

The non-physical side

We looked at the physical devices that can be used in networking, but it is only one side of the story. We also need to cover a bit about the things that you might not see, that are equally important.

Let’s start with the devices that you connect to the network, in order for the information to go to the right device they are provided an internal (“local”) IP-address on the network by something called the DHCP-server. IP stands for Internet Protocol and DHCP stands for Dynamic Host Configuration Protocol.

The IP-address that your phone is given on the network itself is normally not visible outside the network, when your phone visits a website it is your public IP-address that is shown. This is why devices on completely separate networks might have the same IP-address without any conflict. If two devices have the same IP-address on the same network however, it might cause issues. You can see the public IP-address as the address to an office building which the postal service is trying to deliver mail to. The local IP-address works like an identifier for the specific office to which the receptionist in the building is carrying the letter to. The router on the network, also called a gateway, has an IP-address too. This is so that your phone knows where to send the outgoing data for example.

It is worth mentioning MAC addresses as well, these are unique identifiers that is connected to the hardware in your device. While IP-addresses are provided and can change, the MAC normally cannot. However, it is possible to fake your MAC address, making it look like you use a different device than you actually are using. The act of faking this identifier can also be referred to as spoofing your MAC address.

When you visit a website you might enter a website address in the web browser, but your devices are thinking in IP-addresses, so there is something called DNS that helps with this translation. DNS stands for Domain Name System and it works like a phonebook. First your computer checks if the IP for the address that you are searching for already is stored in memory, otherwise it talks to a DNS server to get the correct IP so that it can communicate with the website. The DNS server can exist in different locations such as at your Internet Service Provider or at a public DNS provider (Cloudflare and Google being two commonly used ones). There is a certain type of attack called DNS poisoning that basically means that the phonebook contains malicious entries, so that the translation is corrupted. So even if you enter the correct website address, it connects you to a bad IP-address.

Finally, we will take a brief look at what is actually sent across the network.
The simplified version is that the raw data is sent through the network in wrappers called packets. Something called protocols define how the data is contained in these packets. With older and unencrypted protocols sensitive data might be intercepted if someone is sniffing the network.

The role of the defender

As you can see, there are many components that interact with each other and the defensive task doesn’t get easier. Taking inventory of what you need to protect, updating firmware and maintaining firewall policies are just a small part of network security. Security hardening is the process of reducing vulnerabilities and making your system harder to attack and that is something you need to work with regularly as a defender.

Cybersecurity: Quantum Computers

The quantum future

Introduction

One of the next big leaps in IT is the on-going and imminent development of quantum computers. I was very fascinated when I first heard about them and their potential a couple of years ago, which is why I want to share some of the fundamentals because of their implications on the cybersecurity field. This article aims to spread awareness without digging way too deep into the technical details, because frankly it is a complicated topic.

Encryption

First, we need to talk a bit about the basics of encryption, what it is and how it works.
The most basic example would be when you visit a website and enter sensitive information such as a password, perhaps you log onto your favorite social media. In many modern websites the information that travels between your computer and the remote server is protected with encryption. It is not readable for a human mind, it requires a key to remove the encryption essentially.

When sensitive data is sent, it often includes encryption. This essentially means that it is sent in an unreadable format, instead of a plaintext format, and only the right key can unlock the secret information. The encryption can be done with a method such as asymmetric encryption. One example is cryptography based on RSA (“Rivest-Shamir-Adleman”).

Asymmetric encryption uses two keys, one public and one that is kept private.
If you want to send data to someone, you send it using the recipient’s public key. They can then decrypt the data using their private key without having to share it with anyone.

As an extra step, the sender can sign what they send using their private key, which allows the receiver to confirm it using the public key of the sender.

The idea is that even if someone intercepts and stores the data being sent, they can’t read it, because they don’t have the right key. Sounds good right? In some cases, the encryption can be brute forced, revealing the secrets without having had the key. This can be done with a regular computer, but not always within a reasonable amount of time. This is where the quantum computers come in.

Quantum computers

So, what on earth is a quantum computer? They are energy efficient computers that solves really complex computational problems with the help of quantum mechanics. When we look at classical computers, which are the ordinary computers we are used to, they store information in bits, whereas the quantum computer stores the information in qubits. A bit is zero or one, while the qubit can be zero, one or a specific combination of both. When the qubit is in multiple states at once, it is referred to as being in superposition.

While there actually are quantum computers in use today there are still difficult problems that researchers are working on, still making them something of a thing of the future. There are organizations that already claim to have reached so called quantum supremacy, which is when a quantum computer can solve a problem that no classical computer can solve within a practical time frame.

When practical quantum computers will be more readily available it will also mean that plenty of sensitive data will be vulnerable. Fortunately, this scenario is still in the future and there are many years left to take precautions.

Asymmetric encryption is vulnerable to something called Shor's algorithm and even the longer encryption keys seem to be in danger of being defeated. Even if this might happen in many years there is still data stored today. Whether the data is stolen or not, it runs the risk of being decrypted. Data harvested today can be cracked later on as the quantum technology keeps maturing. This is one reason why new cryptographic algorithms are part of the solution.

As an example, NIST ("National Institute of Standards and Technology") that has worked with other encryption standards released three resilient post-quantum encryption standards in 2024.

The three standards that were selected after a lengthy investigation were:

* ML-DSA (Module-Lattice-Based Digital Signature Algorithm)

* SLH-DSA (Stateless Hash-Based Digital Signature Algorithm)

* ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism)

There are multiple participants in the quantum race and perhaps we can see similarities with the AI revolution. Some companies will fall behind and others will excel with this new exciting technology.

Access to quantum tools will lead us to a world with new rules. New security challenges will arise which will put new demands on software and hardware. Threat actors will have new ways of working and the role of the defender will also change along with it.

I, for one, follow the development with great interest and hope you found the article interesting.

Sources

Below are links that helped me put the article together so that you may research the topic further.

Information about asymmetric encryption:

https://www.geeksforgeeks.org/computer-networks/what-is-asymmetric-encryption/

An interview with D-Wave CEO regarding quantum computing:
https://www.youtube.com/watch?v=EOfuh_Wdshw

An introduction to post-quantum cryptography by NIST: https://www.youtube.com/watch?v=uE_Y1C4QPU8

Why regular encryption is not quantum safe by IBM: https://www.youtube.com/watch?v=ecvCfTPRBrI

The three finalized post-quantum encryption standards by NIST:
https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards