Since Encryption and network protocols, I wrote about Common network attacks and the shortcomings of standard network defences.

Apart from that, I've made some good progress using the classic MonoGame/XNA game tutorial which I manually reproduced a few weekends ago (https://github.com/stumathews/WindowsShooterGame).

I spent most of the day writing it up and trying to figure it out and I think its a great learning exercise. The fundamental concepts of which are to delegate as much detail to co-operating objects and then ask them to update() their states (or modify the world state) and draw themselves(). 

I've been trying to put into context some of the concepts I've learnt during the Computer Games Architectures course I'm doing too:

Recently we've touched on how to separate the architectural components into layers and how the organisation of components within a typical game engine is laid out. We've put together some theory about architectural design patterns and I'm quite enthused that my reading on the subject, pertain specifically to game development was used as a reference to  MVC. I wrote this a while ago before I decided to take the course: A simple game engine architecture. This tells me that I'm doing the right course. There is also some application of physics slowly coming into the course which is great.

I've also spent quite some time learning about digital sampling and the quantisation of analogue signals into digital ones and representing them mathematically.

This is part of the game development course and it goes through the physics of audio. Basic topics include investigating sampling frequencies, downsampling/aliasing, filters, Nyquist frequency, sine, triangle, triangle and sawtooth wave patterns including Envelope generators(ADSR).

I'm also finding the mathematics fascinating, particularly the representation and modelling of waves. I've enjoyed learning about the Fourier transform and as a result, an application of complex numbers - which is something new and therefore interesting.

Last weekend I spent it doing practicals for my Network Security course work. I set up various switches and routers and configuring firewalls and routes. Very interesting. Quite a time-consuming. Details of that setup are here: 

I also spent time investigating the EK Angler attack and used some interesting tools that report the attack such as Snort, Sguil, Bro, Elsa and of course...Wireshark. The attack particulars of the attack are quite interesting however the details are quite well described by Palo Alto networks here. 

I used the Security Onion VM to research. I've long since uninstalled Tails...

Since then, however, I've been focusing on digital signal processing and physics. I've spent most of this weekend, going through a set of lessons described as the recommended reading. If I'm going to pass the exam, I've got to study as much of it as I can within the time I have left.

I think the most useful, apparent link I've made to gaming with regards to the theory of waves, which does seem out of place - is the representation of Tones or harmonics ie, that when running through an ASDR envelope,  produce a noticeable variation of the sound which is very reminiscent of game sounds (less sharp but more tapered loudnesses). This is in fact exactly what ASDR envelopes do - they modulate the loudness over the duration of the tone.  In other words, it's apparent that tones in games have been run through an ADSR envelope to make them sound better.

The mathematics is dry due to its abstractness however the fun is extracted by applying it to real practical pictures and realisation of ideas and concepts like - the motion of pressure waves, compressions and rarefaction. It also makes for more enlightened appreciation.

It's clear that there is a lot of work still to do, for example, the 2-hour lectures hide many details and the various aspects that you need to spend like I did this weekend - 2 days to appreciate and fully understand! There is a good chance If I don't focus on the detail, pay attention and study now, then in a couple of weeks, I'll be far too behind to catch-up adequately.

The maths work, particularly with my tendencies to solely focus on non-physics and non-mathematics related ideas daily such as solving theoretical problems or modelling problems in code, leaves much to be practised, especially to participate adequately in the mathematical domain. This might seem daunting but I find it quite empowering as I need to learn new things which I'm not used to which adds variety to my attention.

Speaking on logical problems that I face each day, these don't have standardised rules and laws that mathematics and physics have. For example, I don't need to manipulate or model problems as known mathematics algorithms such as coding around creating sine waves. That being said, I've already seen that this will change in gaming: I was reading code recently that made level objects bounce in a sine wave pattern/form...expressed that using sine waves in the code. That is something I don't do every day!

I think my everyday non-game related problems are logical - almost implicit, theoretical reasoning-related problems, not explicit formal manipulations of discrete math. That being said, I've found that my every-day type of thinking is more akin to the kind of thinking one does in physics - more contemplative, reflective and then I suppose, applicative by the realisation of code. Though, this might be a fallacy.

I also spent this weekend writing some code to decouple the input sensing code from the action that is performed as a result of that input sensing code. This is one of the key ideas that the computer games architectures course teaches. We're using Monogame and I was using events and delegates to represent this. 

There is a lot to learn, and much sleeping has not happened because of it. 

In other news, my trusty reliable laptop has started to show its age, though not in ways you might think. I've used the same laptop for almost 9 years and I've not noticed a single thing that appears to me that it's getting old. Ok, it might look old: https://www.cnet.com/reviews/lenovo-thinkpad-x220-review/, and the guy next to me in my gaming class says it looks like a big calculator! And I agree it ain't pretty, though Ironically, his gaming laptop is like a spaceship...not pretty either.

Anyway, I can run many browser tabs, none of the applications is slow - no degradations at all. So how has it shown its age? Unfortunately in the unlikeliest of places: drivers.

My graphics card, while absolutely capable of OpenGL cannot be used in Windows 10 because of the driver manufacturers (intel) have not added support for OpenGL for my particular graphics card, in Windows 10. So, its a limitation of the driver implementation in Windows 10, not the machine. If I ran Windows 8.1 - it would work ok. Attempts to get MonoDevelop and MonoGame on Ununbu are thus far inconclusive. Annoying.

With regards to my physical routine, with all the work and study, late nights and constancy of focus - waking up in the morning early to go to the gym has taken a hard hit.  I went to the gym for the first time in months yesterday and it was tough. One thing that has offset this has been my running into the city. I've been able to do this with more frequency.

One noticeable change is that I've switched over from Strava Premium to TrainingPeaks. I'm following my fitness level through its TSS score and associated calculations.

In networking, protocols are like laws, contracts or agreements which specify how aspects within systems are designed and agreed to work. This is so that those that abide by them can utilise the mutual assurances such as “Confidentiality, Integrity and Availability” of data (Pawar et al, 2015).

Changing the rules so to speak and therefore breaking protocol rules affects those assurances and allows the instigator an unauthorised and unfair advantage, usually at the expense of others - and often illegally.

In law, just as in cyber security, being technically able to break the rules is no the justification for doing so. For instance, in the Computer Misuse Act 1990, it is explicitly stated that Unauthorised access and/or manufacturing of ‘articles’ (such as Trojans, Viruses etc) that may aid in breaking the rules carry hash penalties, irrespective of the means in which it was conducted. I will briefly discuss how some of the protocol and network rules are broken by attackers and what is in place to try prevent these circumventions of policy.

Many network attacks are based on weaknesses and “vulnerabilities of allowed protocols” (Anderson et al, 1997), and are exploited based on “packet forging” techniques where irregular, custom authored packets are injected into the network which cause systems to malfunction jeopardising the previously mentioned assurances (Hoque, et al, 2013).

Attacks of this nature include ARP cache poisoning, VLAN hopping and MAC Flooding - where manipulating packets by spoofing sender or recipient details(or embedding additional content) - instruct systems to send undesignated data to the attacker’s machine (Confidentiality).

Other similar packet-based ‘Denial of Service’ attacks, introduce rogue packets into the network which are out of sequence, irregular and lead to overloading target systems resources, disrupting normal service (Availability). Examples of which include, “flooding, smurf, fraggle, jolt, land and ping-of-death” (Hoque et al, 2013) as well as DNS amplification/ reflection and DHCP starvation attacks.

In addition to these attacks, packets can be crafted to contain embedded payloads of malicious intent such as malware like viruses, trojans, worms and user-crafted scripts, code and attachments, which can infiltrate network nodes and operate from them.

At almost every layer in the OSI model, protocols are vulnerable to these types of attacks (Bransad, 1986) however traditionally they concentrate on IP or layer 3 (Umasuthan, 2016)

Growth and dependence on Firewalls

Firewalls play a key and increasingly (Nacht, 1998) important part in protecting against some these types of attacks, specifically protecting against unauthorised internal and external access, Compromising authentication, Spoofing, Session stealing and Tunnelling and can limit the amount of damage caused by an attacker (Anderson et al, 1997)

Firewalls, fail however at protecting against other attacks such as denial of service attacks, embedded payloads such as malware - fundamentally falling to understand the underlying intention, legitimacy and context of packet traffic when comes to detecting malevolent traffic and“ill-suited to handle executable content” (Anderson et al, 1997).

Many of these shortcomings are purposefully addressed by Intrusion Prevention and Detection systems (IPS/IDS) which, unlike network firewalls analyse the contents and context of packets for malicious payloads and abnormal transmission behaviour. 

One interesting, however worrying, aspect of these systems is that they designed to protect you from the past - using previous attack signatures, behaviours and indicators for future attacks mitigation. However, as any economist knows, the past is no predictor of the future and they do little against “Day zero” attacks (Samtani et al, 2017). On the other hand as Mark Twain said once, "For the majority of us, the past is a regret, the future an experiment" and it of this future and experimentation I now turn your attention.

It is increasingly becoming important to understand the nature of the new attack before it happens.

For example, research indicates that gathering information(which could arguably be used in IDS/IPSs learning algorithms) on what attackers are talking about now, what they are sharing with each other and analysing their content: discussions, keywords and the code exchanged and hosted on hacking forums can go some way in detecting and predicting  zero-day attacks, especially if combined with IDS/IPS systems. (Samtani et al, 2017)

While IPS/IDS and “Firewalls do not prevent external attacks on a network” (Anderson et al, 1997), layer 2 security can - by preventing those obtaining access to the network in the first place - through 802.1X port security and other layer 2 mitigations.

Network switches must be protected against being targets: It’s important to restrict malicious requests such as gratuitous ARP requests - which flood switch CAM tables, by implementing measures like Dynamic ARP Inspection or limiting known/trusted MAC address(port security) and preventing untrusted sources of network services such as DHCP being deployed on the network. That latter can be prevented through implementing mitigations like DHCP Snooping and maintaining a credible list of source addresses through IP Source guard -which can help against mitigating the spoofing of network packets, and being certain where known devices and services originate from.

An interesting perspective on the problem of network security is design. It is an important factor as indicated by the fact that “most key internet protocols such as ICMP, TCP, TELNET and HTTP have bugs.” (Hoque, 2017). Others were not originally designed with security in mind at all like TELNET and DNS and like the latter has been unable to adapt with ever changing security lanscape, perhaps in part due to failed attempts to retrofit security as is the case with DNSSEC (Hertzberg, 2014).

Furthermore, misconfiguration of security systems such as ACLs used to setup IPSEC and firewall policies can “…result in illegitimate traffic being allowed into the network” and “increasing the network vulnerability to various network attacks such as port scanning and denial of service” (Hamed et al, 2006).

Reliance on firewalls for network security is a partial solution, understanding design, context and forward thinking coupled with and the ability to adapt and introduce flexibility is key to protecting against the future. The majority of attacks occur when the attacker is already on the network and protecting against physical access can mitigate all these kinds of attacks and so must be considered in any network security policy

[1020]

 

 Umasuthan, V. (2016) ‘Protecting the Communications Network at Layer 2’, in 2016 IEEE/PES Transmission and Distribution Conference and Exposition (T&D). IEEE, pp. 1–5. doi: 10.1109/TDC.2016.7519889.

 

  Anderson, J. . et al. (1997) ‘Firewalls: an expert roundtable’, IEEE Software. IEEE, 14(5), pp. 60–66. doi: 10.1109/52.605932.

 

  Nacht, M. (1998) ‘The spectrum of modern firewalls’, Computers & Security. Elsevier Ltd, 17(1), pp. 54–56. doi: 10.1016/S0167-4048(97)80250-7.

 

  Branstad, D. K. (1987) ‘Considerations for security in the OSI architecture’, IEEE Network. IEEE, 1(2), pp. 34–39. doi: 10.1109/MNET.1987.6434189.

 

  Samtani, S. et al. (2017) ‘Exploring Emerging Hacker Assets and Key Hackers for Proactive Cyber Threat Intelligence’, Journal of Management Information Systems. Routledge, 34(4), pp. 1023–1053. doi: 10.1080/07421222.2017.1394049.

 

  Pawar, M. V. and Anuradha, J. (2015) ‘Network Security and Types of Attacks in Network’, Procedia Computer Science. Elsevier B.V, 48(C), pp. 503–506. doi: 10.1016/j.procs.2015.04.126.

 

  Hoque, N. et al. (2014) ‘Network attacks: Taxonomy, tools and systems’, Journal of Network and Computer Applications. Elsevier Ltd, 40(1), pp. 307–324. doi: 10.1016/j.jnca.2013.08.001.

 

 

  Herzberg, A. and Shulman, H. (2014) ‘Retrofitting Security into Network Protocols: The Case of DNSSEC’, IEEE Internet Computing. IEEE, 18(1), pp. 66–71. doi: 10.1109/MIC.2014.14.

 

  Hamed, H. and Al-Shaer, E. (2006) ‘Taxonomy of conflicts in network security policies’, IEEE Communications Magazine. IEEE, 44(3), pp. 134–141. doi: 10.1109/MCOM.2006.1607877.

Since BYOD and Implications for Network Security and Protocols, Packets and Prototypes, recently I've been learning about cryptography, primarily within the computing discipline, which essentially means encryption. 

Prior to this was setting up firewall ACLs to inhibit or permit traffic from certain parts of the network. Then prior to that, the focus was mostly concerned with layer 2 security such as Port Security, VLANs and Layer 2 protocols such as Spanning Tree protocol and then even further back, was network vulnerabilities and techniques that attacker use to break into networks which I'm writing a separate Common network attacks and the shortcomings of standard network defences:

However, it doesn't stop there - that would be too easy, almost sane.

I've recently surveyed a great deal of technology so far, including MD5/SHA/HMAC integrity mechanisms (and authentication in the case of HMAC), symmetric block ciphers (DES, AES, RCx), stream ciphers(RC4, A5, DES), asymmetric ciphers(Diffie-Hellman, DSS, DSA, RSA, ElGamal, Elliptical Curve) - for confidentiality, as well as public key infrastructure including digital signatures, certificates, code signing (which can service a variety of purposes) and then protocols that use them, such as SSL/TLS and IPSec. 

I've also had a look into how the DES algorithm is actually implemented and it's interesting: splitting binary up and glueing it all back together through 16 rounds moving in and out of constructs called P-Boxes and S-boxes, that permeate and obfuscate while using the key and plain text as input. Interesting, however, I don't claim to fully understand it which perhaps is a side project for some other time, as that might lift the lid on it. The patent has been royalty-free since 1997.

I've recently learnt how to establish a secure link (read VPN) between two sites using IPSec from two routers/firewalls using particular SAs (Security Associations - these establish an agreed stack of technology based on the aforementioned technologies) using ISAKMP/IKE and learnt how to up an SSL VPN using Cisco ADSM. I've still got a bit more practical work to do before I'm entirely comfortable.

I've come across some interesting research into the implication of conventional computing when it comes to encryption, particularly in light unconventional methods such as using light and the potential for quantum-based encryption. I've written an article about it but its not fnished yet however my inspiration comes from the follownig sources, listed here for posterity's sake:

• Naughton, J., 2019. We’re still a long way from making a quantum leap in web code-breaking | John Naughton. The Guardian.
• Scarani, V. and Kurtsiefer, C. (2014) ‘The black paper of quantum cryptography: Real implementation problems’, Theoretical Computer Science, 560(1), pp. 27–32. doi: 10.1016/j.tcs.2014.09.015.
• Greg Vetter (2010) ‘PATENTING CRYPTOGRAPHIC TECHNOLOGY’, Chicago-Kent Law Review, 84, pp. 757–1027.
• Salimi Sartakhti, J. and Jalili, S. (2019) ‘On the computational power of the light: A plan for breaking data encryption standard’, Theoretical Computer Science. Elsevier B.V, 773, pp. 71–78. doi: 10.1016/j.tcs.2018.08.015.
• Cesare, C. (2015) ‘Encryption faces quantum foe: researchers urge readiness against attacks from future-generation computers.’, Nature. Nature Publishing Group, 525(7568), pp. 167–168. 
• Kolata, G. (1983) ‘Flaws found in popular code’, Science (New York, N.Y.), 219(4583), pp. 369–370. doi: 10.1126/science.219.4583.369. 
• Putra, S. D. et al. (2019) ‘Power analysis attack against encryption devices: a comprehensive analysis of AES, DES, and BC3’, TELKOMNIKA (Telecommunication Computing Electronics and Control), 17(3), pp. 1282–1289. doi: 10.12928/telkomnika.v17i3.9384. 
• Calmels, B. et al. (2006) ‘Low-Cost Cryptography for Privacy in RFID Systems’, in Smart Card Research and Advanced Applications: 7th IFIP WG 8.8/11.2 International Conference, CARDIS 2006, Tarragona, Spain, April 19-21, 2006. Proceedings. Berlin, Heidelberg: Springer Berlin Heidelberg, pp. 237–251. doi: 10.1007/11733447_17. 
• Velan, P. et al. (2015) ‘A survey of methods for encrypted traffic classification and analysis’, International Journal of Network Management, 25(5), pp. 355–374. doi: 10.1002/nem.1901. 
• Kapoor, B., Pandya, P. and Sherif, J. S. (2011) ‘Cryptography’, Kybernetes. Emerald Group Publishing Limited, 40(9/10), pp. 1422–1439. doi: 10.1108/03684921111169468.
• Lian, J.H. & Chen, K. 2011, "Implementation of DES Encryption Algorithm Based on FPGA and Performance Analysis", Applied Mechanics and Materials, vol. 130-134, pp. 2953-2956.

Also, part of my recent study I have been exposed to the ASA 5505 Next-Generation Firewall Gateway which is a bit more advanced than the Cisco IOS-based ISR routers I'd dealt with before, most notable is the ability to define 'objects' that can define aspects of networking which you can then use in expressions such as establishing firewall rules. Another is the first-class representation of VLANs (which, along with routing I've come to appreciate a lot more)

In other news, I watched 'The Gentleman' which is a classic Guy Ritchie film like 'Lock, Stock and Two Smoking Barrels' which I enjoyed immensely. I also saw the new Star-wars film which was better than the last one, perhaps even better than the last few and so quite enjoyable - though 'The Gentleman' was the hands-down favourite. 

I recently started running recently again, I stopped because I had too much work to do which unbalances things a bit and does start to affect my Zen. That being said, I'm back at it now. Anyway, some of my most recent runs are below.

Here we're looking at about a 4.36/km pace which is about right. This was my most recent run back (And I feel like I'm saying that a lot recently because things have become a lot more haphazard recently which is affecting pretty much my 'everything' right now).

It's back at my usual pace, however, it's still quite a jaunt. I feel like I'm still working to regain my usual comport and my VO2 max has dropped to 60.

My resting heart rate has been up and down over the past couple of months which is a bit worrying(but not that worrying). This took a relative effort of 31 which shows that I'm still not quite back yet.

Prior to that, there was this one which took an effort too, clocking in at 25 on the effort scale but managing a pretty decent pace at 4'34 over 8.5km.

It's pretty much at this point that I found that there was a 'little' improvement detected at some of the stages of the route that had previously been quite tough and uncomfortable, ie it was less uncomfortable this time around.

This was a bit of a weird one. I decided to go out on the canal again but this time I'd turn left and see what that looks like. It was a disaster.

It was like running around a sunny city where the roads were made out of chocolate. The roads melted as my trainers hit the turf and it wasn't because it was sunny - it wasn't - it was because it had rained the previous night. It was a slodgy, sludgy, mucky, squidgy, squelchy - a real melted milk-chocolate mess.

So I thought better of it and part way through, decided to explore other routes - hence the 4-legged spider-like route I made.

This one's a bit fast at 4'27 which for some reason I registered no HR for, so I can't say how it compares effort-wise compared to others only that it was faster, and a bit longer - not too sure why. Maybe I was dithering at pace. 

Also lost my heart here, but still a good steady pace for a dead guy at 4'35.

This was probably one of the nicest runs I've done in a long time, I ran towards Rickmansworth on the Canal and I'd never done that before around where I live  - surprisingly.

This was quite special because I discovered a new route that runs past a lake where you can catch fish and a Marina which was new!

The lake is perfect and the weather was great and I ran in complete bliss without a care in the world. That doesn't happen enough, but funnily - only happens while I'm running. It's usually when I start walking that things start slowing down and you notice problems and its like rewinding like some old record.

Anyway a good run none-the-less!

I've also just made a record recovery from a cold that I caught on Friday: I slept from 19:00 on Friday(left work early...and live 1 hour away) and basically hibernated until today. And it looks like it's done the trick, and come Monday no one will know any differently. 

I also took Sudafed for my blocked nose, Flu/Cold Hot drinks for my headache (I like the Blackcurrent flavour meds from Boots - I'm a cheap date) and I drank plenty of fluids - which is what every Doctor on the planet scratches into their consultation desks I'm sure.

I'm taking a new courseafter work working with Python and how to model digital signals with it. I'm also going to extend my foray into gaming by learning more about computer game Architectures, which should help my understanding of designing real-time systems - which should see me up to the point at which I perish and disintegrate entirely.