1323 Networks and Security Flashcards

Question

What is the role of routers in the Internet Layer?

Answer 1

Determine routing using routing tables ## Footnote Routers forward packets usually based on destination routing.

Answer 2

A method where packets are sent to routers which then forward them until they reach the destination ## Footnote This abstracts the complexity of the physical network.

Answer 3

Congestion or errors/faults in the network ## Footnote This highlights the unreliability of the Internet Layer.

Answer 4

1500 bytes ## Footnote This is the typical Maximum Transmission Unit (MTU) for Ethernet.

Answer 5

A protocol that uses 32-bit addresses written as 'dotted quads' ## Footnote Example: 152.78.64.100.

Answer 6

Variable-size header with a minimum of 20 bytes ## Footnote Contains fields like TTL, Protocol, Checksums, and Source/Destination IP.

Answer 7

Classless Inter-Domain Routing ## Footnote Introduced in 1993 to allow variable length prefixes and reduce IPv4 consumption.

Answer 8

'Colon-hex' format ## Footnote Example: 2001:0630:00d0:f500:0000:0000:0000:0064.

Answer 9

1280 bytes ## Footnote Path MTU Discovery must be used before sending to ensure compatibility.

Answer 10

fe80::/10 ## Footnote Local addresses are never routed.

Answer 11

To limit the propagation of broadcast traffic and segment hosts ## Footnote It allows logical division of networks.

Answer 12

To connect different address spaces and manage routing tables ## Footnote Each router interface must have an address reachable by the hosts in that segment.

Answer 13

True ## Footnote Transition methods like dual stacking allow both protocols to run side-by-side.

Answer 14

Used by IPv6 hosts to access IPv4-only destinations ## Footnote This is part of the strategy to facilitate communication between different IP versions.

Answer 15

Specifies how many bits identify the network prefix.

Answer 16

A: /8 - 16 million addresses B: /16 - 65,000 C: /24 - 256

Answer 17

A unique IP address

Answer 18

A more simplified version of the OSI model which better represents what happens

Answer 19

How packets are moved between subnets (between changes in IP address space)

Answer 20

How many bits identify the network prefix

Answer 21

The first 48 bits represent the Network

Answer 22

255.255.0.0

Answer 23

Internet Control Message Protocol

Answer 24

Standard IP packets

Answer 25

Information and error messages

Answer 26

Router advertisement and neighbour discovery

Answer 27

One-to-many communication

Answer 28

Interested in them

Answer 29

* One-to-many multimedia * Live video streaming * Local service discovery * Multicast DNS allows name resolution in a local network

Answer 30

Address Resolution Protocol

Answer 31

An IPv4 address on the local subnet to a MAC address

Answer 32

An ARP 'who has' request

Answer 33

Dynamic Host Configuration Protocol

Answer 34

Automates the process of configuring addresses on a network for IPv4

Answer 35

A DISCOVER message

Answer 36

Neighbour Discovery Protocol

Answer 37

An IPv6 address on the local subnet to a MAC address

Answer 38

ICMP and multicast

Answer 39

* Router solicitation * Router advertisement * Neighbour solicitation * Neighbour advertisement * Redirect

Answer 40

The IPv6 network prefix (/64) to use

Answer 41

Stateless Address AutoConfiguration

Answer 42

Autoconfigure basic network settings without a DHCPv6 server

Answer 43

A 64-bit prefix determined from a Router advertisement

Answer 44

Based on a host MAC address

Answer 45

A pseudo-random function

Answer 46

An ephemeral randomly-generated host part for outbound connections

Answer 47

An extension of DHCP that requires router advertisement

Answer 48

DHCP Unique Identifier

Answer 49

Delegate prefixes rather than just an address

Answer 50

* No NAT * More plug and play than IPv4 - SLAAC * Streamlined header * Fragmentation only at sender

Answer 51

IPv4 is on 'borrowed time'

Answer 52

* Time and money * Hardware support * Convincing management

Answer 53

IPv6 hosts can pick their address, using many private addresses over time

Answer 54

Polling switches and routers for MAC table and ARP information

Answer 55

We don't need IPv6, CGNAT and address recovery means we have a lot more addresses

Answer 56

A 16 bit number that uniquely identifies a connection endpoint on the host. ## Footnote The range is from 0 to 65535.

Answer 57

TCP ## Footnote Port conventions include well-known ports (0-1023), registered ports (1024-49151), and dynamic/private ports (49152-65535).

Answer 58

Transmission Control Protocol, a connection-oriented protocol that includes acknowledgements and retransmissions. ## Footnote TCP provides flow control and congestion control for segments it sends.

Answer 59

* Provides connection management * Provides flow control * Uses retransmission for reliability * Receiver reassembles segments in the correct order ## Footnote TCP provides performance and reliability on an otherwise unreliable IP service.

Answer 60

They are used to track sequential packets. ## Footnote The SYN bit is also included.

Answer 61

SYN → SYN-ACK → ACK

Answer 62

SYN opens connection with a random seq num, server acknowledges, client acknowledges completing the connection.

Answer 63

Acknowledgement

Answer 64

ACKs are sent back by the receiver, and the sender must detect lost packets through retransmission timeout. ## Footnote This helps estimate when an ACK is expected.

Answer 65

Prevents a fast sender from overwhelming a slow receiver using the Sliding Window Protocol.

Answer 66

The sender should not send data unless the receiver indicates it has buffer space available.

Answer 67

Reduces send rate to cope with network congestion.

Answer 68

Packet loss is a signal of congestion.

Answer 69

User Datagram Protocol, a connectionless protocol that allows sending datagrams without establishing a connection. ## Footnote It is often referred to as 'send and forget'.

Answer 70

* Connectionless * No sequence numbers * No acknowledgements * Requires application-level retransmission if needed ## Footnote Some UDP applications may use a fixed bit rate.

Answer 71

Simpler than TCP, with an optional checksum.

Answer 72

It can drop packets, and higher protocols can send a request back to the source.

Answer 73

* Protocol * Source IP * Destination IP * Port number source * Port number destination

Answer 74

An API to use sockets in C, including server-side socket() and bind(), and client-side socket() and connect().

Answer 75

Video streaming applications, including YouTube.

Answer 76

Video or Audio applications.

Answer 77

Maps host names to IP addresses

Answer 78

A single text file on a central host.

Answer 79

A distributed, hierarchical system on port 53, that uses UDP.

Answer 80

Nominet control .uk and delegate .ac.uk to JISC who delegate soton.ac.uk to Uni who delegate uglogin.soton.ac.uk by hosting an authoritative name server.

Answer 81

SOA - Start of authority AAAA - IPv6 A - IPv4 MX - Mail exchange NS - Name server CNAME - Canonical name PTR - Pointer to Canonical name SRV - Service location TXT - Text record HINFO - Host information

Answer 82

DNS record system isn't designed to have any extra information and as such it is placed in the text record.

Answer 83

Hosts query DNS for an A record and or AAAA. So clients have to know a local DNS server, may be an ASDL router or a local or public DNS server.

Answer 84

Name Authority Pointer Records.

Answer 85

A program that extracts information from the name server. They resolve the query and return the answer.

Answer 86

A referral to another server.

Answer 87

Responds from the local cache or resolve the query before replying to the client.

Answer 88

Sends queries to a different DNS server, even if the RD bit is set.

Answer 89

A continuous chunk of name space.

Answer 90

An associated set of name servers, storing list of names and tree links

Answer 91

The owner must delegate subzones, you need to 'convince' them to do it.

Answer 92

Records within a zone should be stored redundantly Manually update primary name server Secondary name servers updated by zone transfer.

Answer 93

Responsible for the 'root' zone Currently 13 of them - operated by 12 independent organisations Queried when local name servers can't resolve a name.

Answer 94

No, there are 1730+ distributed by anycast

Answer 95

Allows a client to reach the nearest instance of a server.

Answer 96

You advertise the same IP or a small IP block, at multiple points on the internet, routers learn the nearest.

Answer 97

Multicast DNS DNS for small networks with a 'zero configuration' approach.

Answer 98

Confidentiality Integrity Availability

Answer 99

Persevering authorised restriction on information access and disclosure

Answer 100

Guarding against improper information modification or destruction

Answer 101

Ensuring timely and reliable access to or use of information.

Answer 102

Property of being genuine and being able to be verified and trusted.

Answer 103

Security goal that is the requirement for actions of an entity to be traced uniquely to that entity.

Answer 104

Assets Including: Hardware Software Dara Communication facilities

Answer 105

The system can be corrupted Can be leaky Can be unavailable

Answer 106

A representation of a potential security harm to an asset

Answer 107

The materialisation of a threat.

Answer 108

Active: alter or affect the operations of an asset Passive: Attempt to learn or make use of information from the system that doesn't affect assets

Answer 109

Initiated by an entity within the security perimeter, they are authorised to access the system resources.

Answer 110

The measure of extent to which an asset is threatened by a potential circumstance or event.

Answer 111

The adverse impacts of the circumstance. The likelihood of the circumstance.

Answer 112

Any means taken to deal with a security threat / attack

Answer 113

Detection Prevention Mitigation Recovery

Answer 114

The specific connection type.

Answer 115

Coaxial cable Power line Fibre Optic Wireless

Answer 116

Transmission of frames over physical media, passing IP datagrams up the stack Detection and handling of transmission errors.

Answer 117

Primarily using messages to sender saying that more data can be sent, but can also be rate-based so speed is agreed.

Answer 118

Connectionless Acknowledged and connectionless Acknowledged, connection-orientated

Answer 119

On low error rate networks, no signalling path is established in advanced, the frames are sent, and may or may not be received by the destination.

Answer 120

Wireless (WiFi 802.11n) supports block acknowledgements

Answer 121

For long delay, unreliable links -> satellite

Answer 122

Stop-and-wait automatic

Answer 123

Repat reQuest Send frame and wait for ACK, will not get an ACK if frame is lost.

Answer 124

Pipelining Send multiple frames before receiving ACK Go back-N ARQ Use a sequence number to identify each frame, send many, and if an ACK if missing retransmit that frame. Selective-repeat ARQ Similar but only retransmit lost frames.

Answer 125

Error or packet loss detection and retransmission

Answer 126

As no link is error free and link layer detection cannot detect IP faults

Answer 127

The checksum field of the frame.

Answer 128

False, only IPv4 has checksums

Answer 129

To indicate where the frame starts and ends. Uses some bandwidth to indicate the start/end of frames.

Answer 130

Marks the start and the end with a special byte, if this byte occurs in the data, escape it using and escape byte. If the escape byte occurs then escape that.

Answer 131

Media Access Control Manages access to and from the physical medium, part of the link layer. It has a mechanism for sending frames to/from PHYS and typical frames channels/ frequencies / collisions.

Answer 132

Twisted pair cable with switches that are packet switched. One device per switch port, no contention over a medium if switch has sufficient internal bandwidth.

Answer 133

Something is needed when using a single, shared media to ensure only one sender is transmitting at any time.

Answer 134

Carrier Sense Multiple Access with Collision Detection Sender listens to see if the medium is busy, if it is the sender will wait. When the channel is free, the sender begins to transmit. Back off before retransmitting if a collision is detected, pick the time delay to retransmission from an increasing set of values.

Answer 135

As their is a hidden node problem, so they use CSMA/CA instead

Answer 136

Maximum Transmission Unit 1500

Answer 137

Supported by a part of the 802.1Q tag, only, affects the prioritisation at the switch.

Answer 138

Unicast: 1-1 Broadcast: 1-All Multicast: 1-Many Anycast: 1-Someone we don't care

Answer 139

Address Resolution Protocol Determines the destination's MAC address given their IP address, when on the same network. Uses a broadcast message, to a special broadcast address. (111.111.111.111) or (ff:ff:ff:ff:ff:ff), the frame contains the IP address of the target and the target will reply with its MAC.

Answer 140

ARP can be spoofed by machine pretending to have specific IPs In the event of a change of IP or MAC, a gratuitous ARP is sent. ARP probes can detect IP address clashes.

Answer 141

A suite of protocols which can detect loops created by bridging LANS and remove paths. Done via a spanning tree algorithm

Answer 142

Vendor allocation

Answer 143

True, they are originally 48 but can be extended to 64.

Answer 144

Allows a switch to only forward frames to ports where the devices they are addressed to are connected.

Answer 145

Observes incoming source addresses on each port, store this in a table. Can the forward future frames to that port only. If a MAC address is not in the table, it must be flooded to all ports. Entries only have a 60 second lifespan.

Answer 146

Desktop: 1Gbit/s Server: 10Gbit/s

Answer 147

Receives frames and makes the decision whether to forward the frame, and if so, on which port and performs MAC learning

Answer 148

As broadcasts can flood LANs.

Answer 149

We need to use an IP router, the router can forward the packets, but not broadcasts.

Answer 150

With router solicitation. Router periodically sends advertisements, non-local traffic is send to the router.

Answer 151

Gateways between individual link layer Ethernet LANS

Answer 152

Determine which LANs use which IP address range. They are needed to decide how to assign address space to LANs.

Answer 153

Typically uses copper twisted pair cabling, deployed using Data riser: vertically aligned switch Flood wiring per floor: To faceplates from switch room Ethernet switch stacks - one switch port per faceplate

Answer 154

Typically a fibre link

Answer 155

Typically use an ASDL router with multiple Ethernet ports and 802.11 WiFi Just a single LAN with no internal routing.

Answer 156

Virtual Switched networks over fixed infrastructure. Ethernet frame includes an optional VLAN identifier.

Answer 157

12 bit value in 802.1Q tag,. can place a switch port in specific VLAN. Can carry multiple VLANs over one trunked uplink.

Answer 158

Avoids needing to physically re-cable the network, and can control broadcasts to certain areas

Answer 159

Dynamic Host Configuration Protocol. Automatically assigns IP addresses to devices on a network.

Answer 160

Device request an IP from a DHCP server, the server leases an available IP for a specific lease time. Once the lease expires, it can be renewed or reassigned.

Answer 161

Automated Efficient management

Answer 162

Simple Mail Transfer Protocol Responsible for sending emails only, does not receive them. Text-based protocol that use specific commands and responses.

Answer 163

Sender connects to SMPTP server and sends the message. Server relay, checks the recipient's domain and locates the correct mail server. SMTP Transfer - sender's server connects to the recipients server and transfers the email. The recipients server stores the email until it is retrieved. Authentication is an extension

Answer 164

Internet Message Access Protocol Used by email clients to retrieve and manage stored emails.

Answer 165

Connection to mail server: port 143 or 993 for encrypted connections. Email synchronisation: Clients keeps TCP connection open to send requests or receive notifications. Unlike POP3, the mail is kept on the server and not deleted unless requested.

Answer 166

Hypertext Transfer Protocol Used for web browsing and communication between web servers and clients.

Answer 167

The browser connects to the web using TCP on port 80 or 443 for secure. The browser sends a request. The server responds with a status code. The browser processes the response. This is all transmitted in plaintext unless secure.

Answer 168

GET HEAD POST PUT DELETE

Answer 169

1xx: Information 2xx: Success 3xx: Redirection 4xx: Client error 5xx: Server error

Answer 170

Wraps HTTP in a TLS session to achieve confidentiality and integrity

Answer 171

Transport Layer Security

Answer 172

Improves on HTTPby adding header compression and multiplexing multiple requests over a single connection

Answer 173

Improves on HTTP/2 by not using TCP connections, but QUIC instead.

Answer 174

Quick UDP Internet Connections. A new UDP based protocol to replace TCP in some situations It does less handshakes than TCP.

Answer 175

Real Time Streaming Protocol Designed for streaming media over the internet.

Answer 176

DESCRIBE SETUP PLAY PAUSE TEARDOWN

Answer 177

Real-time Transport Protocol Handles the actual transmission of real-time media, it runs over UDP for low-latency.

Answer 178

With timestamps Uses sequence number to detect lost packets

Answer 179

The process of granting or denying specific requests to: obtain and use information and related processing services. Enter specific physical facilities

Answer 180

Prevent unauthorised users from gaining access to resources Prevent legitimate user to access resources in an unauthorised manner. Enable legitimate users to access resources in an authorised manner Implements a security policy that specifies who or what may have an instance of each specific resource and type of access that is permitted in each instance

Answer 181

Verification that credentials of a user or other system entity are valid.

Answer 182

Granting of a permission to a system entity to access a system resource

Answer 183

An independent review and examination of system record and activities.

Answer 184

An amalogous set of lews that defines those executions of a system that are acceptable or complementary, those that are not acceptable. Defined in terms of high-level rules or requirements.

Answer 185

Provides a formal representation of a class of systems highlighting their security features at some chosen level of abstraction. Abstract descriptions of system behaviours, guide the design of specific policies.

Answer 186

An entity capable of accessing objects, process that represents a user application actually gains access to an object.

Answer 187

Owner, group, world

Answer 188

A resource to which access is controlled. An entity used to contain and/or receive information

Answer 189

The way in which a subject may access an object Read/Write/Exec/Delete

Answer 190

Define a specific set of policies and authorisation rights for a system to enforce via a set of rights to fulfil security concerns.

Answer 191

DAC: discretionary MAC: mandatory RBAC: Role-based ABAC: Attribute-based

Answer 192

An owner and a discretionary access control list of the permission of each subject.

Answer 193

Users won resources and control their access. Owner may change an object's permissions at their discretion Owner may be able to transfer ownership.

Answer 194

Open to mistakes, negligence or abuse due to flexibility Management is complex Difficult to ensure that the correct access is provided to the right users. Permissions change frequents because objects and subjects change frequently

Answer 195

Explicit access relations between object's and subjects. These can quickly grow.

Answer 196

Mandatory Access Control Classification of subjects and objects by security levels.

Answer 197

Every subject has a profile, which includes their clearance and need-to-know. Every object has a security label composed of two parts: classification and a category.

Answer 198

To keep objects and users classifications up to date.

Answer 199

This is more rigid than DAC, but more secure.

Answer 200

Subjects cannot transfer their access rights.

Answer 201

Global public network connecting devices worldwide using standardised protocols

Answer 202

Lack of content controls, privacy concerns, vulnerable to hacking and malware.

Answer 203

A private network that is restricted to an organisations employees. It is used for sharing information, resources and tools within the organisation.

Answer 204

Isolated from the public internet threats via firewalls and VPNs

Answer 205

A private network that extends certain services or access external partners clients or suppliers.

Answer 206

Used for collaboration between different organisations

Answer 207

Access controls Encryption Firewalls and VPNs

Answer 208

If packets match an allowed rule, then they are forwarded otherwise they are not. E.g allow traffic from trusted IPs or block all on port 80

Answer 209

Creates a secure connection between a user and the internet, protecting data from threats.

Answer 210

The user connects to a VPN The client encrypts data prior to transmission Data is sent through a secure tunnel to the server The server decrypts the data and forwards it to destination Response from the destination is encrypted and sent back via the tunnel.

Answer 211

Security Privacy Bypass geo-restrictions Secure remote access

Answer 212

Performance issues Complexity and management: cost of VPNs is high Security and risks: encrypts between device and server only.

Answer 213

PPTP: Point to Point Tunnelling protocol: Older and faster but less secure L2TP/IPSec Layer 2 Tunnelling Protocol with IPSec: More secure commonly used IKEv2/IPSec: Internet Key Exchange Version 2. very fast, secure and ideal for mobile devices.

Answer 214

Role-based Access Control.

Answer 215

The administrator associates various permissions to each role. Each user is assigned at least one role and inherits the permissions associated to the roles.

Answer 216

Many subjects have identical attributes, and a policy is based on these attributes. Fundamental/organisation hierarchies that determine access rights.

Answer 217

A role is an abstract representation of a group of subjects that are allowed to perform the same operation on the same objects. The objects are assigned an authorised role The subjects must identify themselves to acquire these roles to access and operate on the objects.

Answer 218

Roles are an abstraction of jobs or functions Distinct from the notion of user groups Emphasis is on responsibility and associated permissions Widely used by companies Increase abstraction in policies Policies are more manageable Reduce user administration Easy to audit Higher flexibility and scalability

Answer 219

One role to inherit permissions from another role.

Answer 220

A defined relationship among roles or a condition related to roles.

Answer 221

Setting a maximum number with respect to roles. A risk mitigation technique.

Answer 222

When it is already assigned to some other specified roles.

Answer 223

Attribute-based Access Control Access control by evaluating rules against the attributes of entities, operations, and the environment relevant to the request.

Answer 224

Characteristics that define specific aspects of the subject, object, environment condition, and/or requested operations.

Answer 225

Define the identity and characteristics of the subject.

Answer 226

They can often be extracted from the metadata of the object

Answer 227

Describe the operational, technical, and situational environment or context in which the information access occurs.

Answer 228

Dynamic as Access Control is evaluated at time of request. Contextual: Environmental conditions considered Fine-grained: Providing more combination to reflect more definitive set of rules.

Answer 229

Complexity of the design and implementation, in terms of the performance impact. It is likely to exceed that of other access control models.

Answer 230

The study and practise of techniques for secure communication in the presence of adversarial behaviour.

Answer 231

Because its keys.

Answer 232

The same key is used for encryption and decryption

Answer 233

Each user has a pair of keys: Private key and a public key.

Answer 234

The sender encrypts a piece of information, with the public key of the recipient. The recipient decrypts it using their private key,

Answer 235

two primes and two related numbers (e and d) to form the public and private keys.

Answer 236

Sender encrypts a piece of info and the sender decrypts, if it can be decrypted then it must have come from the origin

Answer 237

h:{0,1}* -> {0,1}n. Where n is a security parameter, n = 128, 160, 256, 512.

Answer 238

Maps data of an arbitrary size to a bit string of a mixed size.

Answer 239

It's vulnerable to a man in the middle attack.

Answer 240

It's purpose is to enable two users to securely exchange a key that can then be used for subsequent symmetric encryption of messages

Answer 241

We add different secret information at each point, which we know that if we add the same thing we will arrive at the original info. Basically lots of MOD and primes

Answer 242

9.6 gbps compared to 10

Answer 243

Connects to a wired network. It transmits radio signals in a specific frequency range (2.4GHz to 5GHz) Client devices associate with the AP and receive these signals SSID is used to identify a network.

Answer 244

Service Set Identifier

Answer 245

A network where the client connects directly without an AP

Answer 246

As 2.4GHz is very crowded and has high interferance.

Answer 247

IEEE 802.11

Answer 248

Signal strength Interference Network congestion

Answer 249

MIMO beamforming Channel Bonding Quality of service

Answer 250

Devices receive every other node's transmission Devices can transmit and receive at the same time

Answer 251

Rely on shared channels Devices can't always sense each other's transmissions Devices can't transmit and receive at the same time.

Answer 252

A situation where two devices can't detect each other, but are transmitting to the same access point, leading to collisions

Answer 253

Request to Send / Clear to Send

Answer 254

A device sends an RTS to an access point. It will reply with a CTS if the channel is free. The device transmits while others wait.

Answer 255

Carrier Sense Multi Access / Collision Avoidance In wired networks: Collision Detections -> CSMA/CD

Answer 256

Listen to the channel, transmits, and if a collision is detected it stops, waits, and retransmits.

Answer 257

Listens to the channel and waits for it to be idle before retransmitting, uses ACKS to confirm receipt.

Answer 258

A situation where a device incorrectly assumes the channel is busy and unnecessarily delays transmission.

Answer 259

As the signal is not constrained by wires Anyone within range can listen or participate.

Answer 260

Eavesdropping Man in the middle Deauthentication: forces devices to disconnect Evil twin attack

Answer 261

Key Reinstallation attack A vulnerability in WPA and WPA2 found in 2017. Attack forces a device to reinstall an already used key, leading to the decryption of data of injection of malicious traffic.

Answer 262

A vulnerability discovered in devices affecting WPA2, allowing the decryption of data packets.

Answer 263

Wired Equivalent Policy Intended to provide data confidentiality comparable to a wired system

Answer 264

Pre-shared key

Answer 265

Initialisation Vector

Answer 266

Rivest Cipher 4 stream cipher to encrypt data Integrity Check Value.

Answer 267

RC4 is weak IV too short and is sent in plaintext Static pre-shared key Weak integrity check.

Answer 268

WiFi Protected Access. The immediate solution to WEP.

Answer 269

Temporary key derived from pre-shared key

Answer 270

Yes, for backward compatibility.

Answer 271

128 bits 48 bits

Answer 272

Still based on RC4 and relies on a shared password, vulnerable to brute-force attacks.

Answer 273

Authenticated encryption using AES with CCMP

Answer 274

AES for encryption. PSK replaced with SAE

Answer 275

Simultaneous Authentication of Equals

Answer 276

WiFi Protected Setup Intended to make it easier to connect to a WPA protected network

Answer 277

User enters an 8 digit Pin or presses a button for initial connection

Answer 278

User authentication

Answer 279

The determination of the identity of something by encompassing identification and verification?

Answer 280

ID: Username Verification: Password

Answer 281

Something the individual knows The posses They are They do

Answer 282

The most widely used authentication The user provides a username and password which is compared to a stored password.

Answer 283

Predictable passwords are common People reuse passwords Passwords can be compromised in data breaches

Answer 284

Objects that the user possesses for authentication Such as Memory cards and Smart Cards

Answer 285

Memory cards only store data Smart cards have a microprocessor to process data.

Answer 286

Challenge-response authentication protocol.

Answer 287

Requires a special reader, which needs to be maintained. Tokens can be lost or stolen providing potential unauthorised access and disruption User dissatisfaction - user may find it inconvenient.

Answer 288

Based on unique physical characteristics. This is based on pattern recognition by mapping physical characteristics to a digital representation.

Answer 289

Static: fingerprints, facial characteristics, and retinal Dynamic: voiceprint and signature

Answer 290

False matches False nonmatches The concept of accuracy does not apply in password and tokens.

Answer 291

An adversary could eavesdrop the authentication process, steal the authenticator or hijack the process ultimately to gain access to the target system.

Answer 292

A and B have shared a secret in advanced and A wants to authenticate B. A sends a unique challenge value, chall, to B B computes the hash of chall + secret. A calculate expected values of this to ensure B responded correctly, when B replies.

Answer 293

A user is granted access only after they present two or more pieces of evidence.

Answer 294

Easy to remember but hard to guess

Answer 295

In an online attack we have an online service to crack, in an offline attack, we have a password file

Answer 296

An exhaustive search of possible combinations up to a certain length.

Answer 297

|symbols|^length

Answer 298

An intelligent search that tries password associated with the user, try words in dictionary and popular passwords.

Answer 299

No guarantee the right password is found.

Answer 300

Hackers attempt to bypass the access controls protecting the system password file

Answer 301

The attacker tries to access the system password file and then compare password hashes against common passwords.

Answer 302

Password policies Changing passwords Machine generated passwords Lockout mechanics

Answer 303

Time delays are introduced between consecutive failed login attempts

Answer 304

Monitoring login to detect unusual user and then notify user of attempted logins

Answer 305

Check if an input password is in a list of common words, this might be a sign of an attacker. This is not the same as having password policies

Answer 306

We store the hash of a password rather than the password itself.

Answer 307

By hashing our new attempt, comparing to the stored hash and if they match we have the password.

Answer 308

A precomputed table on the relation

Answer 309

A reduction function that generates a new password to be hashed

Answer 310

Compute the last reduction from the target hash. If not, compute the last two reductions and check if they compute the password. Stop when you find a password that does.

Answer 311

Because it is a good trade-off between space and time.

Answer 312

Avoiding or mitigating a reverse password attack

Answer 313

Add a random salt (append or prepend) to the password. Compute the hash of the password with salt Store the hash of the salted password and salt.

Answer 314

Because it prevents duplicate password from being visible in the password file, where two entries of the same password have different salts.

Answer 315

In the Security Account Manager Database

Answer 316

brute-force/dictionary password cracker, primarily for cracking weak passwords/

Answer 317

Tool to crack hashes through rainbow tables.

Answer 318

A notion of a security policy that defines who can access our data.

Answer 319

Privacy is confidentiality for individuals, secrecy is confidentiality for organisations.

Answer 320

A condition in which your true identity is not known The confidentiality of your identity

Answer 321

Four basic groups of harmful activities Information collection Information processing Information dissemination Invasions

Answer 322

Direct intrusions on the data subjects

Answer 323

Surveillance and interrogation

Answer 324

Aggregation: combining various pieces of data Identification: linking individuals to particular information Insecurity: carelessness in protecting secured info Secondary use: info changes use without consent

Answer 325

Breaking a promise to keep a person's information confidentiality.

Answer 326

Exposing others to certain physical and emotion attributes about a person. Often creates embarrassment and humiliation. Needs protection to safeguard human dignity.

Answer 327

Use of one's identity or personality for the purposes and goals of another interfere the way an individual desires to present themselves to society.

Answer 328

Dissemination of false or misleading information about individuals

Answer 329

Dissemination of false or misleading information about individuals

Answer 330

Revelation of truthful information about a person that impacts the way others judge a person's character

Answer 331

Invasive acts that disturbs one's tranquillity of solitude

Answer 332

Government interference with people's decisions regarding certain matters of their lives

Answer 333

Communication Anonymisers: Hiding a user identity Enhanced Privacy IDL A digital signature algorithm that uses a common group public verification associated with unique private keys Zero-knowledge Proof: One party can prove to another party that they know a secret without sharing anything. Homomorphic Encryption: Encryption that allows computation on ciphertexts. Secure Multi-party Computation: Jointly computing a function over their inputs while keeping those inputs private Differential Privacy: Sharing info about a dataset by describing the patterns of groups within the dataset without the individuals Federated Learning: Training models across multiple distributed nodes without sharing local data

Answer 334

Virtual Private Network

Answer 335

Connecting one device to another via a server in the middle so that P knows A and B are connected and what they sent but B knows only P while A knows B. A -> P -> B

Answer 336

By creating an encrypted tunnel between you and the server. Encapsulating your device in the network of the server.

Answer 337

A VPN encrypts the data a proxy does not.

Answer 338

No, it depends on the protocol being used.

Answer 339

To access sensitive service or data in the company from outside. To anonymise the traffic as the ISP will no longer know which websites you will visit as it will only see a connection towards a VPN server. To simulate your current position as the VPN server.

Answer 340

Open-source software for creating a VPN using a custom security protocol based on TLS.

Answer 341

The Onion Router

Answer 342

A different approach to anonymity using a chain of proxy server, known as mixes, to create hard-to-trace communications.

Answer 343

All traffic is protected by layers of encrypted added on and removed at each proxy.

Answer 344

During path establishment, the sender places keys at each mix along the path. Data is re-encrypted as it travels the reverse path.

Answer 345

Takes bandwidth into account when selecting relays (mixes). Introduces hidden services only available via Tor.

Answer 346

Perfect Forward Secrecy Minimises the risk posed to personal information in the event of an encryption key breach.

Answer 347

Maintain the status tor nodes

Answer 348

Entry nodes: Know the identity of the sender Relay nodes: Route the messages Exit nodes: Know the identity of the receiver and can see traffic if unencrypted

Answer 349

Allows you to run a server without disclosing the IP or domain name.

Answer 350

Binds a user / company to it's public key. Consisting a public key, user ID of the owner, with the whole block signed by a trusted third party.

Answer 351

Used for secure e-mail, VPN, wireless, web servers, network authentication and code signing.

Answer 352

Public Key Infrastructure The set of hardware, software, people, processes, policies and procedure that are needed to create, manage, store, distribute and revoke digital signatures based on asymmetric cryptography.

Answer 353

To enable secure, convenient, and efficient acquisition of public keys.

Answer 354

Certification Authorities Responsible for issuing, revoking and distribution. Often a trusted third party organisation.

Answer 355

As they are signed with the CA's private key which can be decrypted using CA's public key.

Answer 356

Registration Authority Performs function for CA but does not issue certificates directly.

Answer 357

Identifies and authenticates certificate applicants Approves or rejects applications Initalising certificate revocations or suspensions. Processing subscriber requests to revoke or suspend their certificates Approving or rejecting renewal requests.

Answer 358

Means of storing and distributing certificates and certificates revocation lists and managing updates to them.

Answer 359

RA verfies subject information Generates public - private key pair CA issues the certificate.

Answer 360

Fetch the certificate Fetch the certificate revocation list Compare against CRL Check the signature using the certificate.

Answer 361

Expiration Compromised private key Human resources reason Company changes name, physical address, DNS.

Answer 362

Certificate Revocation Lists A list of certificates which are no longer valid Published regularly by the CA in the PKI repository But also sent by any relying party who has subscribed to it.

Answer 363

Not issued frequently enough to be effective against attacks Expensive to distribute Vulnerable to simple DoS attacks.

Answer 364

The most widely accepted format for public-key certificates used in most network security applications. Issuer: CA Subject: Owner Signature: Hash of the entire block signed by the CA's private key

Answer 365

Online Certificate Status Protocol where we query the CA as to if a certificate is valid.

Answer 366

Each certificate has a serial number and the revocation date, but there are overheads in retrieving and storing lists, we use OCSP.

Answer 367

Designed to secure communications over IP networks by providing encryption, authentication, and data integrity.

Answer 368

Otherwise, data could be intercepted and read. And then altered or tampered. Attackers could impersonate users to gain access.

Answer 369

Authentication header attaches a cryptographic hash to the packet. But doesn't encrypt data. Encryption Security Payload encapsulates the original data within a secure header and encrypts it. (AES)

Answer 370

Securely establishes authentication and key exchange between two devices, creating Security Assoiciations to enable encrypted communication

Answer 371

Transport Tunnel

Answer 372

In transport only the payload is encrypted, but in tunnel the entire packet is encrypted including the header.

Answer 373

Performance overhead: introduce latency due to encryption Require complex setup Incompatibility issues.

Answer 374

DNS Security Extensions A set of security protocols designed to add integrity and authenticity to the DNS

Answer 375

DNS provides no authenticity or integrity, an attacker can divert traffic by impersonating a resolver or forging response to poison a resolver DNS cache.

Answer 376

Uses public-key cryptography to digitally sign DNS records with RRSIG and DNSKEY. These are digital signatures to ensure that DNS responses come from the right source and have not been altered.

Answer 377

Resource Record Signature

Answer 378

Provides cryptographic proof of non-existance to prevent forging.

Answer 379

As each level validates the layer below until you get to the final layer.

Answer 380

The is no encryption of queries or responses so eavesdroppers can learn which domains are being resolved. Performance overhead increases latency

Answer 381

By DNS over TLS (DoT) and DNS over HTTPS (DoH)

Answer 382

Illegal profit

Answer 383

Money theft Personal document ransom Data breaches DDoS Cyptojacking

Answer 384

Malware Social engineering Social media Botnets

Answer 385

High quality intelligence Sabotage of critical infrastructure Subversion of political matters Cyberwarfare

Answer 386

Influence campaigns Data breaches DDoS Advanced Persistence Threats

Answer 387

They are the same vectors, just a nation state is more advanced.

Answer 388

Activity of fighting a cyberwar, often including the weapons and methods that are used in the cyber space.

Answer 389

As the right of self-defence of the victim is only triggered for large-scale attacks on critical infrastructure. Plausable deniability due to anonymity and lack of casulties.

Answer 390

Advanced Persistent Threat A long-term pattern of targeted sophisticated attacks Advanced: Cutting-edge Persistent: Use of stealthy technologies to remain hidden Threat: Malicious

Answer 391

A actor motivated by the pursuit of social change.

Answer 392

Web defacements Data breaches DDoS

Answer 393

The same as cybercriminals but less advanced.

Answer 394

Libertarian and anarchist Opponents of the power elite Act of civil disobedience No damage to property No personal profit Personal responsibility

Answer 395

Conspiracy theorising Obsession with privacy and secrecy Membership fluidity Culture of humour and creativity.

Answer 396

The media should not be attacked Critical infrastructure should not be attacked One should work for justice and freedom

Answer 397

False They have no leader or hierarchy

Answer 398

An organisation that publishes sensitive or classified documents

Answer 399

Legitimate access to valuable resources used for malicious purpose

Answer 400

Yes, e.g accidental deletion

Answer 401

A less skilled hacker motivated by the desire to join a real group, the challenge or just curiosity.

Answer 402

Ones found on the internet

Answer 403

An empirical model of representing the sequence of steps that cyber attacks go through. Providing a better framework to better understand cyber attacks.

Answer 404

Figure out why past attacks succeeded Develop a structured knowledge base on past attacks Identity convenient and effective ways to protect assests Forecast potential next steps of an ongoing attack.

Answer 405

Reconnaissance: Target research and selection Weaponization: Deploy cyber weapons Delivery: Deliver payload Exploitation: Execute payload Installation: persistence Command & Control: Talk to a C&C server Action on objectives

Answer 406

Delivery is putting the payload in place and exploitation is executing the payload to make use of an exploit.

Answer 407

CVE-Year-UID

Answer 408

Initial Intrusion Lateral Movement Data Exfiltration

Answer 409

An adversary discovered one of Equifax's servers was running vulnerable software. They gained access and confirmed they could run commands. They used this to send queries to other systems and retrieve data, including personal informations. They expanded from 3 that they could initally access to 51 in total through some credentials they found. They then began extracting the data through 9000 queries, a portion of which succeeded. They then began to remove data in small increments