Chapter 11 Secure Protocols and Applications

Question 1

What is DNS and why is it important to use DNSSEC?

Answer 1

DNS (Domain Name System) is a protocol that translates domain names into IP addresses. DNSSEC (DNS Security Extensions) is important to ensure the integrity and authenticity of DNS data. It uses digital signatures to prevent DNS spoofing and other attacks.

Question 2

What are the security risks associated with DNS?

Answer 2

DNS is susceptible to domain hijacking, URL redirection, and cache poisoning attacks. These can lead to unauthorized control of domains, redirecting users to malicious websites, and manipulating cached DNS data.

Question 3

What is SNMP and why is version 3 recommended for use?

Answer 3

SNMP (Simple Network Management Protocol) is used for network management and monitoring. SNMP version 3 is recommended because it provides encryption and authentication, ensuring secure communication between management systems and network devices.

Question 4

What protocol replaced Telnet for secure terminal communication?

Answer 4

SSH (Secure Shell) replaced Telnet for secure terminal communication. Telnet had no encryption, while SSH provides secure encrypted communication and runs on TCP Port 22.

Question 5

What are the secure alternatives to FTP?

Answer 5

The secure alternatives to FTP (File Transfer Protocol) are FTPS (FTP over SSL) and SFTP (SSH File Transfer Protocol). FTPS runs through an SSL tunnel on TCP Port 990, while SFTP runs through SSH on TCP Port 22.

Question 6

What is SRTP and what is its purpose?

Answer 6

SRTP (Secure Real-Time Transport Protocol) is used for securing voice over IP (VoIP) communications. It provides encryption and authentication to protect the privacy and integrity of voice data. SRTP runs on UDP Port 5004.

Question 7

Why is plain FTP vulnerable?

Answer 7

Plain FTP (File Transfer Protocol) is vulnerable because when authenticating, the username and password are sent over the network in plain text, making it susceptible to network sniffing attacks. If an attacker captures the network traffic, they can obtain the credentials.

Question 8

How can you capture and analyze FTP traffic using Wireshark?

Answer 8

In Wireshark, you can capture and analyze FTP traffic by applying a filter for the FTP protocol. Simply enter “FTP” in the filter bar and press enter to display only FTP-related packets. Wireshark provides detailed information about the FTP headers and the transmitted data.

Question 9

What measures can be taken to protect FTP traffic?

Answer 9

Using secure versions of FTP, Limiting network access to trusted entities to minimize the risk of unauthorized interception. Implementing IPsec (IP Security) on the internal LAN to encrypt the communication between endpoints.Enforcing strong passwords and implementing user authentication mechanisms to prevent unauthorized access to FTP servers.Implementing network monitoring and intrusion detection systems to detect any suspicious activity on the network.

Question 10

How can you hide the true identity of a web server host?

Answer 10

By using techniques like load balancing, reverse proxy, and network address translation.

Question 11

What is the recommended protocol for securing web applications?

Answer 11

HTTPS (HTTP over SSL/TLS).

Question 12

What should be used to enable HTTPS on a web server?

Answer 12

A certificate issued to the server, which is used to configure the HTTPS binding.

Question 13

What should be the minimum version of TLS used for securing web applications?

Answer 13

TLS 1.2 or higher.

Question 14

What is LDAPS?

Answer 14

LDAPS (LDAP over SSL/TLS) is a secure version of the Lightweight Directory Access Protocol, which utilizes SSL/TLS for encryption.

Question 15

Which port does LDAPS typically operate on?

Answer 15

Port 636.

Question 16

What is S/MIME used for in the context of email?

Answer 16

S/MIME (Secure/Multipurpose Internet Mail Extensions) is used for email encryption and digital signatures.

Question 17

What are some common mail protocols that can be secured with certificates?

Answer 17

SMTP (Simple Mail Transfer Protocol), POP (Post Office Protocol), and IMAP (Internet Message Access Protocol).

Question 18

What is domain reputation in the context of email security?

Answer 18

Domain reputation refers to the practice of subscribing to external lists of known spamming domain names to block or allow incoming email based on reputation.

Question 19

What should be avoided due to known vulnerabilities?

Answer 19

Older protocols like SSL and lower versions of TLS.

Question 20

What is a Cross-Site Request Forgery (CSRF)?

Answer 20

It is an attack where an attacker tricks a victim into making a malicious request on their behalf.

Question 21

How does CSRF attack work on the client-side?

Answer 21

The attacker gains access to the victim’s session tokens and uses them to send malicious requests without the victim’s knowledge.

Question 22

What are the potential consequences of a successful CSRF attack?

Answer 22

The attacker can perform unauthorized actions on behalf of the victim, such as transferring funds or making changes to their account.

Question 23

What is a server-side CSRF attack?

Answer 23

It is an attack where the attacker compromises a web server to make requests on other servers.

Question 24

How can CSRF attacks be prevented?

Answer 24

Hardening client devices, using Web Application Firewalls (WAF), and implementing anti-CSRF tokens or mechanisms in the web application.

Question 25

What is a Cross-Site Scripting (XSS) attack?

Answer 25

It is an attack where an attacker injects malicious code (usually JavaScript) into a vulnerable website, which is then executed by unsuspecting users.

Question 26

How does XSS attack work?

Answer 26

Attackers exploit web applications that do not properly validate or sanitize user input, allowing them to inject malicious code into the website. When other users view the infected page, the injected code executes on their browsers.

Question 27

What is the difference between client-side and server-side XSS attacks?

Answer 27

Client-side XSS attacks involve injecting and executing malicious code on the client’s web browser. Server-side XSS attacks involve injecting and executing code on the server-side, which can affect multiple clients.

Question 28

How can XSS attacks be prevented?

Answer 28

Secure coding practices should be followed, where all user input is treated as untrusted and properly validated or sanitized. Input validation and output encoding can help prevent XSS attacks. Regular vulnerability scanning and the use of web application firewalls (WAFs) can also provide additional protection.

Question 29

What is the OWASP Top 10?

Answer 29

The OWASP Top 10 is a list of the ten most common web application security risks published by the Open Web Application Security Project (OWASP), a nonprofit organization. It helps identify and prioritize the most critical security vulnerabilities in web applications.

Question 30

What are some examples of the OWASP Top 10 vulnerabilities?

Answer 30

Some examples include injection attacks (such as SQL injection and OS command injection), broken authentication, sensitive data exposure, XML external entity (XXE) attacks, broken access control, security misconfigurations, cross-site scripting (XSS), insecure deserialization, using components with known vulnerabilities, and insufficient logging and monitoring.

Question 31

What are some techniques to mitigate web application vulnerabilities?

Answer 31

Secure coding practices should be followed, including input validation and output encoding to prevent injection attacks. Web application firewalls (WAFs) can help detect and prevent attacks. Other measures include implementing proper authentication and authorization mechanisms, encrypting sensitive data at rest and in transit, regular vulnerability scanning, and conducting thorough security testing, such as static code reviews and dynamic runtime testing (fuzzing).

Question 32

: What is the role of software developers in web application security?

Answer 32

Software developers have a crucial role in ensuring web application security. They need to adhere to secure coding practices, validate and sanitize user input, implement proper authentication and authorization mechanisms, and use trusted components and APIs. Security should be considered throughout the software development lifecycle (SDLC), and continuous integration and continuous delivery (CI/CD) practices can help automate security checks and ensure secure code deployment.

Question 33

What is the role of administrators in web application security?

Answer 33

Administrators are responsible for managing the servers where web applications are hosted. They need to implement security measures such as secure configurations, access controls, regular updates and patching, monitoring and logging, and intrusion detection systems. Administrators should also ensure secure deployment and configuration of infrastructure resources, such as virtual machine templates and cloud resources.

Question 34

What is OWASP ZAP?

Answer 34

OWASP ZAP (Zed Attack Proxy) is a free and open-source web application security testing tool. It is designed to help identify vulnerabilities in web applications by performing automated scans and tests.

Question 35

How can OWASP ZAP be used to assess web application security?

Answer 35

OWASP ZAP can be used to scan web applications for vulnerabilities by intercepting and analyzing HTTP requests and responses. It crawls through the application, identifies links, files, and scripts, and performs various security tests such as injection attacks, broken authentication, sensitive data exposure, and more. The tool provides detailed reports on the identified vulnerabilities and helps in understanding and remediating them.

Question 36

How to download and install OWASP ZAP?

Answer 36

OWASP ZAP can be downloaded from the OWASP ZAP website (https://www.zaproxy.org/download/). Select the appropriate version for your platform (e.g., Windows 64-bit installer) and ensure that you have Java Runtime Environment (JRE) installed on your machine. Once downloaded, run the installer and follow the installation instructions.

Question 37

How does OWASP ZAP work?

Answer 37

OWASP ZAP acts as a proxy between the user’s browser and the web application. It intercepts and analyzes the HTTP traffic, allowing it to identify vulnerabilities and security issues. The tool performs automated scans, analyzes the application’s responses, and provides reports on the identified vulnerabilities. It can also be used for manual testing, exploring and modifying requests, and observing application behavior.

Question 38

What are the benefits of using OWASP ZAP for web application security?

Answer 38

OWASP ZAP provides a comprehensive set of features for web application security testing. It helps identify common vulnerabilities, such as injection attacks, broken authentication, insecure configurations, and more. By using the tool, developers and administrators can gain insights into the security weaknesses of their applications, prioritize fixes, and take appropriate measures to enhance the overall security posture.