Security Informtion

By -
First of all, we should ask ourselves why is it important to protect information ?

Well... we all have secrets... companies, governments and individuals...

To help us, our "sages" gave them acronyms, CIA.



Confidentiality

One of the main issues in confidentiality is: encryption.

Encryption is taking information and making it such that even if someone reaches it, he will not be able to understand what is there.

For example, in the old and famous encryption of Julius Caesar, the "Caesar cipher", this algorithm deflects letters, (for example here, a 3 letter offset) the letter A becomes C, and the letter B becomes D, and so on...

ZH KDYH WR NLOO MXOLXV FDHVDU which is actually = We have to kill Julius Caesar






 

Modern encryption types:

Today we are using more sophisticated encryption technologies…

  • Symmetric encryption

  • Asymmetric encryption

 

Example from everyday life:

The home door, we encrypt it with a key, and when we return home we decrypt with the same key.

 

How Symmetric encryption works ?

We take a key and lock the data, we call that "Encryption".

We take the exact same key to decrypt the information, we call it "Decryption".

Modern Symmetric algorithms:

AES, 3DES, IDEA, etc...



 

Cons:

When we are not next to each other.. and we communicate through the public Internet, how can we pass the key to each other without someone in the middle can catch it ?

To do this, very smart people invented the Asymmetric encryption that uses a pair of keys (Key Pair).

Any information for encrypt using the Private Key can only be decrypted by the Public Key.



OK… Now say Hello to Alice and Bob:


Alice makes herself a pair of keys, and sends a copy of her public key to Bob. Bob takes his file and encrypts it using Alice’s public key (copy) and sends the file to Alice. Now Alice will decipher the information that Bob sent to her with her private key that no one has a copy of. Even if someone catches on the way the public key, he will not be able to decrypt the file, remember: we can decrypt the file only when we use the private key that exists only in Alice.


Common algorithms in asymmetric encryption for example:

RSA, DSA, DH, etc...


Abstract



Here is how the lock 🔒 really looks:


 

Here is how an encrypted message 📧 looks:


 

Where is my RSA public key on my laptop ?

1cat ~/.ssh/id_rsa.pub

How can I find my public keys on my laptop ?

1ls ~/.ssh/*.pub

Where is my private key ?

1sudo find / |grep "\.pem"

Usually, it exists in:

1cat /etc/ssl/certs/cert.pem

 

Now, see it in a more visual way... enjoy...


 






 









Digital signature

Goal

  • Verify the identity of the sender.

  • Verify the integrity of the information.

Uses

Important documents, bank instructions, e-mail, software, anything that the identity of the sender is important.

According to the law in Israel, Europe & USA, a digital signature is equivalent to a manual signature.

How

Encrypt the information with the sender's private key (reverse use of keys).

Once the recipient of the message opens the message (with his public key) he realizes that the same person sent him the message because only he has the private key

How do we keep the private key ?

  • Hard drive + password

  • Smart card + password

Integrity (reliability)

Reliability means the integrity of the information, meaning that I have information that I passed on, and I want to make sure that what I sent is really what reached the destination, and that someone along the way did not catch the information and change it.

 

Hash

The algorithm that hash information in a one-way way (not like encryption)

  • Gets any length of information

  • Returns a fixed length (digest)

Example:

MD5 - 128 bit SHA1 - 160 bit




 

Principles

  • Impossible, in a reasonable time, to find a message that matches a particular hash.

  • Impossible, in a reasonable time, to find 2 messages with the same hash.

  • Impossible to change the file without changing the hash.

 

SHA1: 2 ** 51

MD5: 2 ** 20

Comments

Post a Comment

Popular posts from this blog

Selenium - locators

By -
Image
Selenium Locators are used for identifying the web elements on the web page. T o access the HTML elements from a web page locators are used. In Selenium, we can use locators to perform actions on text boxes, checkboxes, links, radio buttons, list boxes, and other web elements. Locators help us in identifying the objects. This tutorial explains different types of locators, how, when, and ideal Strategies to use these locators. Example of web browser methods: Find Element by: There are two private methods that might be useful for locating page elements: find_element find_elements Example usage: from selenium.webdriver.common.by import By driver . find_element ( By . XPATH , '//button[text()="Some text"]' ) driver . find_elements ( By . XPATH , '//button' ) These are the attributes available for  By  class: ID = "id" XPATH = "xpath" LINK_TEXT = "link text" PARTIAL_LINK_TEXT = "partial link text" NAME ...
Read more

Selenium Webdriver Manager

By -
Image
The simple way to connect the Webdriver is like that: 1 from selenium import webdriver 2 3 driver = webdriver.Chrome(<path_of_driver>) Const: We need to put all paths and their relative path. If the webdriver or the browser version change/update, we need to manually download him and replace it with the old one. A better way is to put the driver in venv folder, in that way the webdriver is available in all projects without writing the relative path. so... what is the easiest way to figure it out ? Meet webdriver manager, an alternative way to work with webdriver, It pulls the latest version from the central repository automatically. you just need to do two simple steps: Webdriver Manager The main idea of  webdriver_manager i s to simplify the management of binary drivers for different browsers. Instead of: Downloading binary chrome driver. Unzip it somewhere on your PC. Set path to this driver. Every time when there is a new version of the browser, we should repeat all tho...
Read more
By -
Image
A framework (based on python) that makes it easy to write small tests, yet scales to support complex functional testing for applications and libraries. Why do we need Pytest ? why selenium is not enough ? Selenium performs an action in the browser. But how we'll create a test to assert our case ? How we’ll run test suite (a bunch of test cases ) ? That's right... we need PyTest... Build our code structure (Fixtures) Create Test Suites Test Runners Provide Assertions Let's not waste time and start coding… Create Folder My_tests Create python file test_utils 1 def twice(x): 2 return x * 2 3 4 5 def thrice(x): 6 return x * 3   Code conventions: Files start (or end) with: test_ Methods start with: test_ Class starts with: Test_ Install PyTest: Install: pip install -U pytest Verify correct version: pytest --version How to tun PyTest ? Note : When you run  pytest , by default, it will look for tests in all directories and files below the current directory. We would...
Read more

Selenium - brief

By -
Image
Selenium is an umbrella project (Open-Source) for a range of tools and libraries that enable and support the automation of web browsers. Selenium Modules: Selenium - IDE Selenium - RC Selenium - Webdriver Selenium - Grid Appium*   Selenium IDE The first project in selenium (2004), a t first, was only a firefox plugin for record tests. Records in 2004 were trash... if we would record 500 tests and something in my core application was a change, you should record from the beginning... Selenium RC (the second project, 2006) called Selenium 1 Now we could code our tests (with several languages) support with several browsers How ? They create Selenium RC Server (RC = Remote Control), the server translates the code from all those languages to the only language that the browsers know… JavaScript... Const: The biggest const was performance.. a normal test for example 30 steps, could take 20 min !   Selenium Webdriver (2009) called Selenium 2 Now to every browser will be his driver to ...
Read more

אבטחת מידע

By -
Image
  אבטחת מידע אז למה חשוב להגן על מידע ? כיוון שלכולם יש סודות, חברות, ממשלות, ואנשים פרטיים. כדי לעזור לנו, חכמינו נתנו להם סימנים: CIA Confidentiality נתחיל ב Confidentiality סודיות, אז מה זה סודיות ? אנחנו רוצים שהתכנים שלנו יהיו סודיים ולא יהיו נגישים לאנשים אחרים. אחד הנושאים העיקריים בסודיות הוא: הצפנה . הצפנה זה לקחת מידע ולהפוך אותו לכזה שגם אם מישהו מגיע אליו הוא לא יוכל להבין מה יש שם, למשל ההצפנה המפורסמת של יוליוס קיסר, ה ״ cypher text ״,שזה צופן היסט.                                            דוגמה: ״WR EH RU QRW WR EH״ שזה בעצם צופן היסט (של 3 אותיות) למשפט ״to be or not to be״, בעצם לוקחים את האותיות ה - a-z ומסיטים כל אות 3 צעדים קדימה למשל האות A הופגת להיות C והאות B הופכת להיות האות D וכך הלאה.. בימינו כמובן שההצפנה הקיסרית היא לא חזקה מספיק, ואנחנו משתמשים בטכנולוגיות מתוחכמות יותר.. כיצד ? באמצעות 2 סוגי הצפנה, הצפנה סימטרית והצפנה ...
Read more

Page Object Model, what is it ?

By -
Image
Page Object Model (POM)   is a Design Pattern that has become popular in test automation for enhancing test maintenance and reducing code duplication. Benefits of using page object pattern : Creating a reusable code that can be shared across multiple test cases. Reducing the amount of duplicated code Duplicate browser action. Duplicate page action. Duplicate element action. If the user interfaces changes, the fix needs changes in only one place. Starting a UI Automation in Selenium WebDriver is NOT a tough task. We just need to: Find elements Perform operations on it Verify the result Example of a simple test ( without implementation of POM) As you can see... all we are doing here is finding elements and filling values for those elements. This is a small script, script maintenance looks easy now, but with time, the test suite will grow and we'll add more and more lines to your code... and things become tough. The main problem with script maintenance is if 10 different scripts ar...
Read more

תבניות עיצוב - מפעל

By -
Image
תבניות עיצוב  ״ הי-יו ג׳ורד ת׳יודע מה חזק ?    קוד שמתכנת לממשק ולא למימוש זה חזק ! ״ אנחנו רוצים שהקוד שלנו יהיה גנרי ומאפשר התפתחות עתידית, כדי שאם נרצה להוסיף אובייקטים שונים, לא נצטרך לשנות את הקוד שלנו בכמה מקומות. אנחנו גם רוצים ששינוי ברכיב אחד לא ישפיע על רכיב אחר, כי אנחנו לא אוהבים כפל קוד ולהתחיל לחפש ב- 10 מקומות איפה צריך לשנות/להוסיף את מה שאנחנו רוצים, וכתיבה בצורה הזו היא אבן יסוד בתכנות מונחה עצמים. אנחנו לא רוצים גם להמציא את הגלגל, אין שום צורך, אבותינו וחכמינו זצ״ל כבר חשבו על בעיות נפוצות וגם חשבו על דרכים לפתור אותם. אם אני רוצה ליצור מכונית, יש כבר אנשים שחשבו על ה״תבנית״, מנוע, 4 גלגלים, הגה ועוד... לא צריך להמציא כל פעם את הגלגל מחדש... תרתי משמע :) נכון שזה לא פותר לנו את העיצוב של כל המבנה, אבל זה אומר שאני לא צריך להמציא כל דבר קטן. לפתרונות כאלה קוראים ״תבניות עיצוב״. בתמונה: התנ״ך של תבניות העיצוב:  Design Patterns(1994)   ניתן עוד דוגמה להמחשה, אנחנו פותחים סטארט-אפ וכותבים אפליקציה לניהול לוגיסטי. האפליקציה שלנו בהתחלה יכולה להתמו...
Read more