### Infrastructure Security

Course
Time
4 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
4

### Video Transcription

00:05
Let's take an example here. We're gonna do some math. I'm gonna keep it a simplistic as possible. And keep in mind that this isn't the actual Mathis used in today's algorithms. This is just an example what I want to show you here. The idea is, here is how
00:21
you really need to have you need to choose an encryption algorithm that's gonna use, uh, that's that's strong. That's a more complex and a stronger outward than in others.
00:30
So let's take a very basic formula here. What if we have an algorithm of K plus three equals C? That means and we're saying ke is the ki that's the secret and C is the cipher text. He is just the result of the algorithm.
00:44
We take that and we use that to encrypt data and we transmit that.
00:48
We'll see our cipher text is eight.
00:51
So if we have an intruder who is listening in on the wire and he sees that C equals eight,
00:57
he knows what algorithms being used when now he can reverse engineer it. He knows the algorithm is K plus three equals C. In this case, C is eight. So he knows that are key. Plus three equals eight, and you can figure out pretty easily that are KIIS five. And now you can use that key to decrypt anything else that we send across the wire.
01:17
So this would be an example of a week algorithm.
01:19
When you choose an algorithm, you want to choose one that's much stronger. Here's, ah, fictitious example of a stronger our of them.
01:26
In this case, we've got an algorithm that's actually two different parts. The equation is broken into two different parts On the left side, we've got five plus K one and K one is part of our key. Maybe our key is 12 characters long, and
01:41
we're gonna use the 1st 6 characters as our partial key and use that in the first part of the equation. So five plus
01:48
a partial ki minus. The data itself equals some variable, which is X since we know what the key is, and we know what the data is, weaken solve for X, and then we can take X, and we can put it into the second equation and say X plus 45 minus the second part of the key. Equals are actual cipher text.
02:07
So this is a much there's much more layers to this algorithm than there are. Then there were two the other one, and this is a much more complex way to encrypt data.
02:16
Now we take that we transmit that data. It's still our site for Texas, still eight. But this time, if we have somebody listening on the wire and they see that our site for Texas eight, they say, Okay, we're gonna try to reverse engineer this. I know what the algorithm is that they're using. I know the cipher text.
02:31
We're gonna replace our cipher text with eight. So now the intruder says, OK, well, now I can reverse engineer and X plus 45 minus
02:40
part of the key. I don't know. I don't have any idea. It's too complicated. I can't decrypt it. It remains a secret,
02:47
So it's important to choose a strong algorithm whenever you're choosing one.
02:53
Some of the two most common algorithms today are R S A. R C stands for Rivest, Shamir, Adleman, and those are the last names of the three mathematicians that invented that algorithm.
03:09
Chances are today if you type in https colon slash slash something and you're gonna make a secure connection to some Internet site. It's using the Arce algorithm. It's one of the most widely used algorithms on the Internet today. Still very, very secure.
03:24
Another one is a yes, which stands for advanced encryption standard. Ah, that's one. Actually, that that the military uses that's been recognized by the military is the strongest encryption algorithm out there today. There's a lot of other things happening today. There's there's quantum encryption that's being talked about and things that are very, very complicated.
03:44
Encryption convey an entire subject by itself.
03:46
I put a an example down below. Here on this slide, I put the example of the actual This is the actual R S, a encryption algorithm, and you can see it's much more complicated than that. A plus B equals C that we were talking about, which is what makes it such a strong algorithm. And it's why it's been around for decades.
04:09
Start a little bit about symmetric versus asymmetric encryption. Symmetric encryption, as we said, is when both parties use the same key, so both sides have to know what that key is. We talked a little bit about that in our VPN lesson when we talked about P, p t p r Point Point Tunneling Protocol.
04:26
In that case, both keep both sides had the same key, and they just use that to encrypt the data or create that tunnel.
04:31
It is faster than a symmetric encryption, but it's faster because both sides know the key. They don't have to negotiate to figure out what key to use for encryption. They already know it. It's one less step that has toe happen during transmission. Therefore, it's faster,
04:46
but it requires each party to keep those keys secret. And not only does that key exist in two places, but now there's a bunch of other people that know what those keys are. So it's It's a lot more likely that that those secrets were gonna get dispersed, you're gonna get found out somehow.
05:01
Asymmetric encryption is a method by which both parts each party has a different key.
05:08
The keys are mathematically related, and we're gonna talk about that in a little while. But one party has one key that encrypts the data. The other side has a completely different key that's mathematically related to the first key to decrypt it But even though they're mathematically related, you cannot derive one from the other. So if you get your hands on this key and you steal it,
05:27
you can't figure out what this other key is.
05:29
You need both keys Teoh to see the whole conversation right, so you may see a conversation one way. We this key encrypted it in this one decrypted it with a conversation. The other way is vice versus, so you need both keys to steal the data. They're mathematically related but can't be derived from each other.
05:47
Let's talk about public key encryption
05:50
in a public key encryption system. The best way I could describe this is to use an example, and most of the most of the Internet uses public key encryption. Public key encryption is used mainly because it wouldn't be very efficient to use a symmetric key encryption system on the Internet.
06:08
If amazon dot com had to keep a separate key for every human being that might connect to them, they would have billions of keys that they would have to maintain. And that's just not very efficient, not very effective.
06:18
So in public key encryption, the way that works, let's say, Bob over here on the left wants to send an email to Jack, but he wants to do it in a secure manner. He wants to encrypt that e well, so if somebody intercepts along the way, they can't read it
06:31
in a public key encryption system. Both parties were gonna have a pair of keys. They're each gonna have their own pair of keys.
06:40
Bob is gonna have both a public and a private key. His private key. He's gonna keep private. No one. But Bob will ever know. Bob's private key is public. Key is public.
06:49
Anyone conceive Bob's public key? Sam with Jack, Jack's gonna have a public and a private key. And I remember these keys air mathematically related to one another.
06:59
So in the beginning of a transaction, what they're gonna do when they set up encryption is there going to exchange public keys? Bob is going to send Jack his public key. Jack's gonna send Bob his public key. So now Bob has his own initial keep here his public and private key. But he also has Jax Public key,
07:15
and vice versa. Jack has his initial pair, plus Bob's Public Key
07:19
now Once that key exchange happens,
07:23
Bob can now create a message.
07:26
His message at first is unencrypted, so when he wants to encrypt that message, he can apply. He could encrypt it using Jack's public key. So Bob created the message. He's gonna use Jack's public key to encrypt that message, and when he transmits it, it's encrypted. It's cipher text on the wire. If someone intercepts it, they can't read it
07:46
07:47
Jack is the only person on the planet that has Jax Private Key. So Jack's gonna use his private key to decrypt the message that Bob encrypted with with Jack's own public case of I'm Sorry With Eso Bob encrypted the message with Jax Public Key,
08:05
which is mathematically related to Jack's private key.
08:07
So therefore, when Jack received the message, he could decrypt it with his own private key.
08:11
When Jack wants to respond to that message, he's gonna encrypted with Bob's public key, and the same thing happens in reverse, goes across the wire encrypted. Bob receives it in order to decrypt it. He's going to use his own private key to decrypt it. He's the only one that could do that because he's the only one that has the key.
08:28
That's how public key encryption works.
08:33
So encryption could be a very, very deep subject. There's a lot of math. There's a lot of subtleties. We're not gonna get into any of that today. But I wanted you to understand, at a very high level how encryption works, what some of the different types of encryptions are, how they're applied in the environment and just a general idea of encryption
08:52
that wraps up this session on encryption. Next up, we're gonna talk about Web proxies.

### Infrastructure Security

This course will cover the concepts needed to identify and prevent threats across an enterprise environment. The course content will cover the practical application of security principles, models, and technology covered in previous courses.

### Instructed By

Scott Russ
Security Architect at Nerdery
Instructor