11. Network security

Question 1

Why do we need network security?

Answer 1

Attacks: Routing, Naming

Question 2

Internet is by design insecure/secure?

Answer 2

insecure

Question 3

Any host is on by default for other hosts to connect

Answer 3

True

Question 4

Packet switched networks are vulnerable to ______ attacks

Answer 4

resource exhaustion

Question 5

Components of security

Answer 5

Availability
Confidentiality
Authenticity
Integrity

Question 6

availability

Answer 6

ability to use resource

Question 7

Confidentiality

Answer 7

concealing information (Bank account)

Question 8

Authenticity

Answer 8

assures origin of information

Question 9

Integrity

Answer 9

prevents unauthorized changes

Question 10

Security Threat definition

Answer 10

Anything that is a potential violation of the components of security

Question 11

Security Attack definition

Answer 11

action that results in a violation of the components of security

Question 12

Attack on confidentiality

Answer 12

Eavesdropping - listening to people

Question 13

Negative impacts of attacks

Answer 13

theft of confidential info
unauthorized use
false info
disruption of service

Question 14

Control plane authentication

Answer 14

Session: point-to-point b/w routes
Path: protects AS paths
Origin: ensures that AS advertising prefix is the owner

Question 15

Route Attacks: How?

Answer 15

configuration error (accident)
router compromised by attacker
unscrupulous isp

Question 16

types of attacks

Answer 16

Configure router/ management softwar
tamper with software
tamper with routing message

Question 17

Most common type of attack

Answer 17

router hijack

Question 18

Origin Attestation

Answer 18

Certificate binding prefix to owner

Question 19

Path attestation

Answer 19

signatures along AS path

Question 20

Why is DNS vulnerable

Answer 20

Resolvers trust responses
Responses can contain info unrelated to query
NO authentication

Question 21

DNS Cache Poisoning

Answer 21

so resolver requests a thing, attacker sends a fuckton of stuff to recursive solver handling the thing hoping to match before the legit source resolves the thing.

Now the recursive resolver caches the attackers response instead of the legit one

Question 22

DNS Cache Poisoning Defenses

Answer 22

1. Query ID (can be guessed though)
2. Randomize ID
3. Source port randomization
4. 0x20 Encoding

Question 23

3. Source port randomization PROBLEM

Answer 23

resource intensive

NAT can derandomize

Question 24

0x20 Encoding

Answer 24

DNS is case insensitive

Question 25

DNS amplification attack

Answer 25

exploits asymmetry in size between queries and responses

Attacker sends requests to DNS resolver at a size of 60 bytes with the src as the victim. So the dns resolver sends the response to the actual victim but the response is 3000 bytes

Question 26

DNS amplification attack - Defenses

Answer 26

Prevent spoofing

Disable open resolvers