12. Network Security Flashcards
What are the three main goals of network security?
Confidentiality (protecting data from unauthorized access), integrity (ensuring
data is not tampered with), and availability (ensuring services remain accessible).
Why is the human factor often the weakest link in network security?
Human errors like weak passwords, clicking on malicious links, or falling for
phishing scams can compromise even the most secure systems.
What is the role of IPSec in network security?
IPSec secures IP datagrams by providing encryption, authentication, and
integrity, ensuring secure communication.
How do public and private keys work in encryption?
- Public key: Used for encrypting data, widely shared.
- Private key: Used for decrypting data, kept confidential by the owner.
What is the function of SSL/TLS in web security?
Secure Socket Layer (SSL) and Transport Layer Security (TLS) encrypt
communication between a client and server, ensuring data confidentiality and
authenticity.
What are the primary threats to web applications?
- Integrity threats (data modification).
- Confidentiality threats (unauthorized access).
- DoS attacks (disruption of services).
- Authentication attacks (identity spoofing).
How do secure coding practices prevent unchecked code attacks?
By validating user inputs, sanitizing data, and ensuring only safe inputs are
processed, preventing exploits like SQL injection or XSS attacks.
What is the difference between a virus and a worm?
- Virus: Attaches to executable files and spreads when the file is executed.
- Worm: Spreads independently over networks without needing a host file.
What is a Trojan horse in network security?
A malicious program disguised as legitimate software, used to gain
unauthorized access to systems.
What does the term “denial of service” mean?
A type of attack that overwhelms network resources, making services
unavailable to legitimate users.
How does encryption ensure data confidentiality?
By converting data into an unreadable format that can only be decrypted by
someone with the correct key.
What is PGP, and how is it used in email security?
Pretty Good Privacy (PGP) is a cryptographic tool that encrypts emails to
ensure they remain private and secure during transmission.
What are examples of malicious programs and how do they operate?
- Trap Door: Provides hidden access to a system.
- Logic Bomb: Activates under specific conditions.
- Worm: Propagates via networks.
- Virus: Infects files and spreads upon execution.
What is the purpose of antivirus software?
To detect, block, and remove malware, protecting systems from threats like
viruses, worms, and Trojans.
How do digital certificates enhance network security?
By verifying the authenticity of public keys, ensuring they belong to the
claimed entity.
