Initially I had not chosen Network Security as one of my courses; but I had to pick this course because the other course turned out to be uninteresting, to say the least. There I was in the Network Security class and I had to deal with different perspectives given by people about how difficult the course can be and how difficult it is to follow the instructor's lectures.
I thoroughly enjoyed this course and the lectures turned out to be really interesting; true that it was different from the courses instructed in a conventional way - All lectures involved a lot of discussion and the instructor took great care in explaining the required aspects within the scope of the course, very clearly.
One of the interesting topics I liked to read in this course was the Indistinguishability test introduced in formalizing the definition of security. It draws parallel from the Turing test and talks about distinguishability between truly Random world and the real world. The idea behing Shannon's perfect secrecy (One-Time-Pad), transitivity of Indistinguishability, building an Attacker for a given system (Proof by contra-positive argument), Rabin Miller primality test (Randomized algorithms - Monte-carlo algorithm for Primality test), Fermat's little theorem, Modular arithmetic ... the course when I look back looks very impressive and I will highly recommend this course for anyone, just to listen to the instructors lectures. [To give credit and to avoid confusion for those who would read it at a later point of time - the instructor during Spring 13 was Prof. Rob Johnson]
All the topics that I listed in the previous paragraph was merely the first section of the course; the second section was when the course became even more interesting with Protocols, PKI, DNSSEC, Secure-BGP, SSL, XSS, XSRF, HTML 5 POST message, Same Origin Policy - and the icing on the cake was the final exam. It was a short paper and it required us to apply all that we learnt during the semester, aptly, to devise best-possible solutions in a practical scenario. Not to forget the cool project that we got to work on - building an apache module that would add CSP1.1 script-nonce support as part of apache itself. source
And now I move on to the second part of the post:
WEP : I have come across many house-hold routers making use of WEP, still. There is even a documented demo about how aircrack-ng can be used to break a network using WEP.
For those interested in theory behind how WEP is insecure, I referenced a post written here
- Well written, brief and to the point.
The bottom line is we should never configure WEP in our wireless router setup. And I think by default all the routers are using WPA or WPA2 by default to secure the wireless network. I wanted to throw a word of caution about WEP! - RIP to WEP!
GT
No comments:
Post a Comment