Monday, November 14, 2011

Double Columnar Cipher Challenge



As one of my cybersecurity classes comes to an end, this will be my final blog. Most of my postings have covered Mac OS X security configurations or cryptology, both subjects being a great interest of mine. Other topics, such as National Cyber Security Awareness Month, just happened to coincide with the area I was studying. The Mac OS X source was myself, playing around with the features on my own Macbook. I incorporated other sources into the postings where applicable, and tried to use a variety.

I hope this blog will be useful to other students and security professionals by providing a clear understanding of the chosen topics and resources for more information.

Since the holidays are just around the corner, I thought I would put a little cheer in this finale. Not only will you learn how a double columnar cipher works, but I challenge you to crack my own code!

The first step is to pick two code words or phrases of the same length, and put each letter in its own column. Letter by letter, write out your message under the first code word/phrase, like this:

R E D M U S T A N G
D O N T F O R G E T
T O D R I N K Y O U
R O V A L T I N E R
A L P H I E X X X X

In this example, the first code phrase is RED MUSTANG, and the message is DON’T FORGET TO DRINK YOUR OVALTINE RALPHIE. The message is not long enough to cover all the cells, so X’s are used for padding.

Next, order the code word/phrase according to the alphabet – 1 for A, and so on. If you have duplicate letters, I suggest numbering them in the order of appearance in the code word/phrase. It should look like this:

7 3 2 5 10 8 9 1 6 4
R E D M U S T A N G
D O N T F O R G E T
T O D R I N K Y O U
R O V A L T I N E R
A L P H I E X X X X

Starting with the column under #1, string the message into blocks of 5 letters, continuing on to the next number if needed (do not count the code word/phrase, just the message). This makes the first ciphertext, which is GYNXN DVPOO OLTUR XTRAH EOEXD TRAON TERKI XFILI.

The first ciphertext is used to fill the cells under the next code word, NIGHT MOVES:

6 4 2 3 9 5 7 10 1 8
N I G H T M O V E S
G Y N X N D V P O O
O L T U R X T R A H
E O E X D T R A O N
T E R K I X F I L I

To generate the final ciphertext, perform the same operation in the example above, with letters in blocks of 5: OAOLN TERXU XKYLO EDXTX GOETV TRFOH NINRD IPRAI. To decrypt, the operation is performed backwards, starting with this final ciphertext. If you know the code word/phrase, start by ordering the letters into numbers and place the first block of 5 letters into column #1, moving on to the next column. Once you have the cells filled in, do the same using the first code word/phrase.

Now that you have learned how to compose a double columnar cipher, I have two code phrases for you. The first is APPLE CIDER, and the second is SANTA CLAUS. The final ciphertext is NSAPO VHAAE AHFYA IEDHP YAANS ODSEL.

Happy Holidays!

Friday, November 11, 2011

Kids and Information Security

When most people think about protecting their kids, its usually from bullies on the playground, accidents, and illness. In the past few decades, it extended to censoring their exposure to graphic media such as TV, movies, and music. In today's world, kids are very technology-savvy, yet they know little about the consequences of using it inappropriately. That's where we need to step up as parents and offer our guidance, establish rules, and enforce our restrictions.

When it comes to kids, I feel that some level of censorship should be implemented, depending on their age level. As they get older, it will be increasingly difficult to shield them from every danger, so it is our job to talk to them about what they might encounter, and how to handle it. Why should information security be any different? With the increasing prevalence of online predators, cyberbullies, and malicious content disguised as legitimate offers, your kids and devices are at stake.

At the same time, we all know that kids do the exact opposite of what we want them to do, so some controls will help keep them on track. Installing a pop-up blocker or web filter on your browser is an obvious choice, but if you have read my previous blogs, you know that I advocate features built in to Mac OS X. One feature that addresses this topic is the Parental Controls under Accounts in System Preferences:


With this feature, you can manage areas such as System, Content, Mail & iChat, Time Limits, and Logs:


This example uses the default guest account, but you can set up several accounts and tweak the controls to suit the level of permission for each. Not only does this protect your children from the evil forces that be, but it also prevents other users from accessing sensitive information or modifying controls set by the administrator.

While this is a great way to keep tabs on what your kids are involved in, they still need to know the rules set by your family. Do they know what your expectations are and the risks of deviating from those expectations? Do they know what dangers to look for and how to avoid them? Keeping your kids educated is the best prevention. You will not be able to hold their hand forever.

Saturday, November 5, 2011

Firewall for OSX Leopard (10.5)

How many of you knew that a Macbook comes with a built-in firewall? Well, it does, and now is the time to take advantage of it.

To configure this firewall, you will need to open System Preferences and click on the Security icon. The Security menu has three tabs: General, FileVault, and Firewall. Select the Firewall tab, which should look like this:


Three radio buttons appear in the box:

Allow all incoming connections stops the firewall from running
Allow only essential services blocks any service from making a connection
Set access for specific services and applications allows the user to set permissions for trusted connections

The last one is probably the best choice for an average user. The + and - box will let you choose which applications are allowed to make connections. Once you activate the firewall, the Advanced button becomes available. Clicking on it will bring up a submenu:


I recommend checking both Enable Firewall Logging and Enable Stealth Mode. A great way to see if the Enable Stealth Mode option is working is to visit the ShieldsUP! website. From the Home page, click on the Proceed button, and choose All Service Ports. A quick run of my ports aced the test:


This configuration should be done with administrator privileges to avoid any changes being made, and don't forget to click the Lock icon when you are done!



*Answers to last week’s quiz:
1)d 2)b 3)c 4)d 5)b