Settings
Log out
An image of a purple circle with a blue center.
go back
My courses
/
CASI
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
20%
5/47
01. Module 1
3 lectures
25 min
02. Module 2
3 lectures
25 min
03. Module 3
3 lectures
25 min
04. Module 4
3 lectures
25 min
05. Module 5
3 lectures
25 min
06. Module 6
3 lectures
25 min
07. Module 7
3 lectures
25 min
08. Module 8
3 lectures
25 min
09. Module 9
3 lectures
25 min
10. Module 10
3 lectures
25 min
11. Module 11
3 lectures
25 min
12. Module 12
3 lectures
25 min
13. Module 13
3 lectures
25 min
14. Module 14
3 lectures
25 min
15. Module 15
3 lectures
25 min
16. Video Collection
3 lectures
25 min
00. Network Security Fundamentals
01. Bash Scripting microlesson
4:14 min
01. Blockchain technology
01. Business Continuity and Disaster Recovery Planning
01. Communication Strategy
2:23 min
01. Computer Peripherals
10:33 min
01. DEFI and Core concepts
2:12 min
01. Data Backup Part 1
0:28 min
01. Edited Create a Blockchain 01 Made with Clipchamp
45:09 min
01. Edited Create a Blockchain 01 Made with Clipchamp
45:09 min
01. History and evolution of blockchain technology
01. ISO 27001
01. Keylogger
20:46 min
01. Knowledge Article Updates
2:10 min
01. Network Security Fundamentals
01. Overview of Active Directory (Azure and Windows)
01. Practical Cryptography
01. Security and wallet drains
1:11 min
01. Security in blockchain explained
1:12 min
01. Smart Contracts Explained
1:21
01. Smart Contracts Explained
1:21 min
01. TCP/IP model layers
1:38 min
01. Understanding the DoD Risk Management Framework (RMF)
01. What is Cloud Computing
4:49 min
02. Best Practices in Identity and Access Management (IAM)
02. Data Backup Part 2
0:30 min
02. Designing Secure Architectures
1:39 min
02. Essential Tools, Safety Measures, and Online Resources for Building a Computer
02. History of Cloud Computing
5:27 min
02. Incident Response Planning and Execution
02. Key concepts of blockchain
2:17 min
02. OSI model
2:18 min
02. Remote Desktop
2:54 min
02. Researching Blockchain Projects and Tokenomics
1:12 min
02. Rust and Solidity
1:40 min
02. Sandboxing
02. Securing JavaScript Applications
02. Service Strategy
2:30
02. Service Strategy
2:30 min
02. Understanding and Analyzing Threat Actors
02. Understanding the DoD Risk Management Framework (RMF)
03. Best Practices for Remoting into Someone's Workstation
03. Blockchain Security
03. Blockchain Security Tools
03. Blockchain Technology
4:12 min
03. Building Resilient Systems
03. Cloud Networking
3:04 min
03. Data Backup Part 3
0:16 min
03. Implementing Risk
03. Network Topologies
1:23 min
03. Overview of IT teams leads
03. Security in blockchain explained
1:11
04. Brief Overview of Operating Systems
04. Comparison with the OSI Model
0:40 min
04. Data Backup Part 4
0:30 min
04. Major Cloud Service Providers
2:40 min
04. Proof of Work (POW) vs Proof of Stake (POS)
0:57 min
04. Rust and Solidity
1:40
05. Cloud Watch video
8:34 min
05. Different Cloud Environments
05. POS VS POW
0:57
05. Storage
3:08 min
05. Understanding Print Queues, Printer Configurations, and Adding/Removing Printers
06. Data animated video
4:14 min
06. Knowledge Article Updates
2:10
06. Network Audio and Video
1:21 min
06. The Importance of Data Backups: Safeguarding Information and Ensuring Continuity
07. Bash scripting microlesson
4:14 min
07. Core Cloud Services Computer
4:59 min
07. Designing Secure Architectures
1:39
07. Key Processes and Practices
08. Alternatives to microsoft office
08. DEFI and Core Concepts
2:12
08. Overview of Active Directory
09. COMMAND / ADMIN TOOLS
09. Communication Strategy
2:23
1. Security Audits
10. Blockchain
2:17
10. Innovation
11. Blockchain Technology
4:12
12. TCP IP Model and its layers
1:38
13. Security and wallet drains
1:11
14. OSI MODEL
2:18
15. Network topologies
1:23
16. Comparison with the OSI Model
0:40
2. Defense in Depth
2. Security Audits part 2
Audio: Dealing with Bad leads
5:47 min
Audio: Interviewing
23:51
Audio: Interviewing
19:30
Audio: Leading projects
3:15 min
Audio: Learning opportunities
3:44 min
Audio: Networking Cables
0:07 min
Audio: Operating Systems
26:52 min
Audio: Security Policies
24:37
End of Module
Donate

01. Practical Cryptography

1: Cryptographic Concepts and Algorithms

In this lecture, we will dive deep into cryptography—both its core concepts and the different algorithms that make it possible for us to keep data safe in a digital world. You’ll gain a strong understanding of how encryption works, why it's necessary, and the key algorithms that shape modern-day cryptography.

What is Cryptography?

At its core, cryptography is the science of securing information so that only the intended recipient can read or understand it. It is used in almost everything we do online, whether it’s sending messages, making purchases, or accessing sensitive information. The fundamental idea behind cryptography is to take plain, readable information (plaintext) and turn it into an unreadable format (ciphertext). This transformation is done using encryption algorithms, and the information can only be turned back into its original form through a process called decryption.

Cryptography protects:

  1. Confidentiality – Only the intended person can read the data.
  2. Integrity – Ensures the data has not been altered.
  3. Authentication – Verifies the identity of the parties involved.
  4. Non-repudiation – Prevents denial of actions like sending a message.

Types of Cryptography

  1. Symmetric Encryption
    Symmetric encryption uses a single key to both encrypt and decrypt data. It’s fast and efficient for large amounts of data but requires a secure way of sharing the key between parties.
    Example: AES (Advanced Encryption Standard)
    • In AES, the same key is used to encrypt and decrypt data. AES is widely used for securing everything from personal files to large-scale government secrets. The challenge with symmetric encryption is sharing the key securely between two parties. If an attacker gets hold of the key, they can decrypt all the data.
  2. Asymmetric Encryption
    Asymmetric encryption uses two keys: a public key for encryption and a private key for decryption. Only the private key, which is kept secret by the recipient, can decrypt the data. This makes it more secure for exchanging data, especially across the internet, but it’s slower than symmetric encryption.
    Example: RSA (Rivest-Shamir-Adleman)
    • RSA uses a pair of keys—public and private—to encrypt and decrypt data. It’s widely used in secure communications, including SSL/TLS for website security. The public key is available to anyone, but only the person with the private key can decrypt messages.
  3. Hashing
    Hashing is a one-way process that converts data into a fixed-length string of characters, which is unique for each input. Unlike encryption, hashing cannot be reversed, meaning it’s typically used to ensure data integrity (like verifying a password) rather than protecting confidentiality.
    Example: SHA-256 (Secure Hash Algorithm)
    • SHA-256 generates a unique 256-bit hash for any input data. It’s commonly used in verifying the integrity of downloaded files or in securing passwords.
  4. Hybrid Encryption
    Hybrid encryption is a combination of symmetric and asymmetric encryption. Typically, asymmetric encryption (like RSA) is used to encrypt a symmetric key (like AES), and then that symmetric key is used to encrypt the actual data. This provides the security benefits of asymmetric encryption with the speed of symmetric encryption.
    Example: SSL/TLS (Secure Sockets Layer / Transport Layer Security)
    • When you access a secure website (https://), your browser uses SSL/TLS to establish a secure connection. The browser and server exchange public keys and use asymmetric encryption to securely exchange an AES key, which is then used for fast encryption of the actual data.

Common Cryptographic Algorithms

  1. AES (Advanced Encryption Standard)
    • Key Type: Symmetric
    • Strengths: Very fast, highly secure, widely adopted for everything from file encryption to secure communication.
    • Weaknesses: Requires secure key distribution.
  2. RSA (Rivest-Shamir-Adleman)
    • Key Type: Asymmetric
    • Strengths: Great for secure key exchange and digital signatures.
    • Weaknesses: Slower for large data encryption.
  3. SHA-256 (Secure Hash Algorithm)
    • Key Type: Hashing (not reversible)
    • Strengths: Ensures data integrity, widely used in blockchain technology and for verifying passwords.
    • Weaknesses: Vulnerable to brute-force attacks if used without additional security measures (e.g., salting for passwords).
  4. ECDSA (Elliptic Curve Digital Signature Algorithm)
    • Key Type: Asymmetric (used for digital signatures)
    • Strengths: Provides the same security level as RSA but with much smaller key sizes, making it more efficient.
    • Weaknesses: More complex to implement.

2: Implementing Cryptographic Solutions

In this lecture, we focus on putting cryptography into practice. You’ll learn how to use cryptographic techniques to solve real-world security problems, implement secure systems, and prevent common attacks.

How Do You Use Encryption in Practice?

  1. File Encryption
    Suppose you have a sensitive document that you want to store securely on your computer. You can use AES to encrypt the file, which converts the contents into unreadable data unless someone has the correct decryption key.
    • Tools like VeraCrypt or BitLocker use AES to secure files and folders on your computer. You’ll need to remember a password or key to decrypt the file when you need access to it.
  2. Secure Communication
    When you send an email or visit a website, cryptography helps keep your information secure during transmission. Email services like ProtonMail use asymmetric encryption (like RSA) to ensure that only the intended recipient can read the message. For web browsing, SSL/TLS ensures your connection to websites is encrypted, preventing attackers from intercepting your data.
  3. Authentication and Digital Signatures
    Imagine you're a developer working on software updates. You can use a digital signature (like RSA or ECDSA) to "sign" your update so that users can verify it came from you and hasn’t been altered. This is used in everything from software downloads to blockchain transactions to prove the authenticity and integrity of data.
  4. Password Storage
    When users create passwords for a website, you don’t store their actual password. Instead, you hash the password using an algorithm like SHA-256 and store the hash. When users log in, the entered password is hashed again, and the two hashes are compared. By using salting (adding a random value to the password before hashing), you protect against common attacks like rainbow table attacks.

Common Cryptographic Attacks

While cryptography is incredibly powerful, it's not foolproof. Understanding common attacks helps you design better systems.

  1. Brute-Force Attack
    This attack involves trying every possible key combination until the correct one is found. This is why longer, more complex keys (like 256-bit AES) are more secure than shorter ones.
  2. Man-in-the-Middle Attack
    In this type of attack, a hacker intercepts and possibly alters the communication between two parties without either knowing. SSL/TLS helps prevent this by ensuring that both parties' identities are authenticated before data is exchanged.
  3. Hash Collision Attack
    This occurs when two different inputs produce the same hash, which can allow attackers to fool a system that relies on hashes for integrity checks. Strong hash functions like SHA-256 are designed to minimize the chances of collisions.
  4. Replay Attack
    In a replay attack, an attacker intercepts data (like a message or login request) and then sends it again to trick the system into granting access. Using nonces (numbers that are used only once) helps prevent this type of attack. 

Key Takeaways:

  • Symmetric encryption is fast and used for bulk data encryption (like AES).
  • Asymmetric encryption is slower but useful for secure key exchange and digital signatures (like RSA).
  • Hashing ensures data integrity and is used for things like password storage (SHA-256).
  • Hybrid encryption combines the strengths of symmetric and asymmetric encryption for secure communication.
  • Understanding common cryptographic attacks like brute-force, man-in-the-middle, and replay attacks helps prevent. 

3. Data Protection Principles – Encryption and Data Masking

Introduction to Data Protection

Imagine you’re guarding a treasure chest filled with valuable items (in this case, your data). If anyone could just open the chest, it wouldn’t be much of a treasure, right? Data protection is the process of safeguarding that treasure from people who shouldn’t have access. The tools we use to protect that data are encryption and data masking.

1. Encryption – Locking the Treasure Chest

What is Encryption?

Encryption is like locking your treasure chest (your data) with a special code. The data is scrambled so that nobody can read or understand it unless they have the key to unlock it. If someone tries to break in without the key, all they’ll see is a bunch of jumbled nonsense.

How does it work?

When you encrypt something, you use an encryption algorithm (think of it as a recipe) to turn readable data (called “plaintext”) into scrambled data (called “ciphertext”). This ciphertext can’t be read by anyone unless they have the correct decryption key to reverse the process.

Types of Encryption:

  • Symmetric Encryption:
    Both you and the person receiving the data share the same key, like both of you having the same code to a safe. It’s fast and efficient but has a problem: if someone gets ahold of the key, they can unlock everything!
  • Asymmetric Encryption:
    This method uses two different keys—one to lock (public key) and one to unlock (private key). It’s like sending someone a padlock in the mail, and only you have the key to open it. This method is much more secure for things like emails and online banking.

Real-life Example:

When you send a message on WhatsApp, it’s encrypted. That means if someone tries to intercept your message, all they’ll see is gibberish. Only you and the person you’re messaging can decrypt and read the message.

2. Data Masking – Hiding the Treasure in Plain Sight

What is Data Masking?

Sometimes, you want to let people use certain information but not see the actual sensitive details. Imagine if you had a treasure map but blurred out all the secret locations. This is what data masking does.

How does it work?

Data masking hides sensitive parts of your data. For instance, if you’re handling a person’s Social Security number (SSN), you might show only the last four digits, like this: *--1234. The rest is hidden, but the data still exists in the background if needed.

When is Data Masking Used?

  • Testing and Development:
    Developers often need to test databases, but you wouldn’t want them working with real customer data. Masking allows them to work with fake data that looks real without risking security breaches.
  • Customer Service:
    When you call a customer service line, they might be able to see part of your credit card number (just enough to help you) without accessing the full number, which protects your privacy.

Real-life Example:

Think about when you buy something online. You might see only part of your credit card number when you check out. That’s data masking at work—it lets you verify that it's your card, but the full number is hidden for security.

Why Are These Important?

Encryption and data masking are essential tools in today’s world of digital transactions and online communications. Encryption keeps the bad guys out, while data masking allows us to work with sensitive information without fully revealing it.

When properly combined, these techniques ensure that your data stays safe both in transit (while moving from one place to another) and at rest (when it’s stored in databases or servers).

4. Data Loss Prevention (DLP) Strategies

Introduction to Data Loss Prevention

You wouldn’t leave your treasure chest unlocked, would you? But what if someone else at your camp (say, a colleague at your company) accidentally leaves it open or worse, tries to steal some treasure? Data Loss Prevention (DLP) is the strategy we use to make sure this doesn’t happen. It’s like hiring security guards to watch over your data, making sure it doesn’t get lost, stolen, or leaked.

1. What Is DLP and Why Do We Need It?

DLP is a set of practices, policies, and tools designed to stop sensitive data from being lost or accidentally shared with unauthorized people. The goal is to prevent leaks or misuse of data before it can happen.

Let’s break it down with an example:

Real-life Example: Imagine you work for a company that handles lots of sensitive customer information—credit card numbers, addresses, etc. One day, an employee accidentally sends an email with a spreadsheet full of personal data to the wrong person. Without a DLP system in place, that data could be easily accessed by unauthorized users.

DLP tools will detect that the email contains sensitive data and block it from being sent unless the employee encrypts the file or takes other protective actions.

2. How Does DLP Work?

DLP works by constantly monitoring your data. It looks for sensitive information being moved, copied, or shared, and applies rules to make sure it’s protected. Think of it like a surveillance system that’s always watching, ready to sound the alarm when something suspicious happens.

Here are some strategies DLP uses to prevent data loss:

  • Content Inspection:
    DLP systems scan emails, files, and other communications for sensitive data like Social Security numbers, credit card details, or confidential company documents. If they detect this data, they can stop it from being sent out or prompt the user to encrypt it first.
  • Monitoring Endpoints:
    DLP systems track how data is being used on employee devices (laptops, phones, etc.). If someone tries to transfer sensitive files to an unauthorized USB drive or cloud service, the system can block it immediately.
  • Data Classification:
    Every piece of data is classified based on its sensitivity. For example, customer data might be labeled as “Highly Confidential,” and the DLP system will apply stricter rules to this data to prevent any leaks.

3. Applying DLP in the Real World

DLP is essential for organizations like banks, hospitals, and companies that deal with personal or financial information. It protects sensitive data from:

  • Accidental sharing: An employee accidentally emailing the wrong recipient.
  • Malicious insiders: An employee trying to steal or leak data.
  • External attacks: Hackers trying to exploit vulnerabilities to access sensitive data.

Real-life Example: If a hacker breaks into a company’s system but the data is encrypted, DLP ensures the hacker can’t read or use the stolen information. Even if the data is taken, it’s protected.

4. DLP Tools in Action

Popular DLP tools include:

  • Email Security Systems: Automatically scan outgoing emails for sensitive content.
  • Endpoint Security: Monitors devices for any suspicious data transfers or storage.
  • Cloud Security: Ensures data uploaded to cloud services is protected and adheres to company policies.

Why DLP Matters

Data Loss Prevention is critical for protecting not only company assets but also customer trust. By putting DLP strategies in place, organizations can avoid data breaches, protect customer privacy, and maintain their reputation. DLP doesn’t just prevent accidents; it also ensures that even if data is stolen, it remains protected through encryption.

Key Takeaways

  • Encryption scrambles data, ensuring that only people with the correct decryption key can access it.
  • Data Masking hides sensitive information while still allowing the data to be used for analysis or testing.
  • DLP is a proactive approach to monitoring and protecting sensitive data before it’s leaked or misused.
  • By combining encryption, masking, and DLP, we create a strong defense that guards against both accidental and intentional data loss.

In these lectures, we covered how data is protected at every stage—whether it's being encrypted, masked, or monitored through DLP strategies. Through practical examples, students will be able to relate these techniques to everyday situations and understand how they are crucial to maintaining the integrity and confidentiality of data in any organization.

Download Course Files
file
.zip
Give Feedback
John Smith
Thank you! Your feedback has been received!
Oops! Something went wrong while submitting the form.
© 2024  Orbital. All rights reserved.
Privacy PolicyTerms of ServiceCookies Settings
A black and white logo with the words orbital.
HomeCoursesAbout UsBlogContacts
© 2024  Orbital. All rights reserved.
Privacy PolicyTerms of ServiceCookies Settings
star decorstar decor
An image of a purple circle with a blue center.An image of a purple circle with a blue center.decorstar decorstar decorstar decorstar decorA purple ball with a white ring around it.