CSC2031 Flashcards
1
Q
How would you ensure data entered in a form is of the correct type?
A
Use appropriate form data fields.
2
Q
How would you secure a password before storing it in a database?
A
Use hashing.
3
Q
What could you do to prevent information leakage when something goes wrong in a web application.
A
Implement custom error pages.
4
Q
Define Computer Security
A
Computer security is the protection of computer systems from theft or damage
5
Q
What three things does computer security involve controlling?
A
Physical access to hardware, malpractice by users and network access, bad data, or code injection.
6
Q
What are the three key properties of computer security
A
CIA Triad
Confidentiality
Integrity
Availability
7
Q
Define Confidentiality
A
Data is kept private or restricted by ensuring only authorised users can access it.
8
Q
When is confidentiality more important than other properties?
A
The value of the data depends on limiting access to it.
Examples: propriety data of a company, records of people’s personal activities, personal and financial information of a company’s customers
9
Q
Define Integrity
A
Data is kept authentic, accurate and reliable by ensuring only authorised users can modify it.
10
Q
When is integrity more important than other properties?
A
Data must be accurate and consistent.
Examples: financial records, exam results, medical records.
11
Q
Define Availability
A
Data is kept available to authorised users when they need it.
12
Q
When is availability more important than other properties?
A
Data must be sent or seen
Examples: urgent government press release, medical records, authentication data.
13
Q
What are the two other security properties?
A
Authentication
Non-repudiation
14
Q
Define Authentication
A
Determining whether someone or something is, in fact, who or what they claim to be.
15
Q
Define Non-repudiation
A
Ensuring that someone or something cannot deny or contest something (The inability to refute responsibility).
16
Q
What is the relationship between Threat, Vulnerability and Risk?
A
Risk = Threat x Vulnerability
17
Q
Define Threat
A
A potential negative action or event that has the potential to harm a computer system.
18
Q
Define Vulnerability
A
A weakness in a computer system that can be exploited by a threat to deliver a successful attack.
19
Q
Define Risk
A
The potential (or chance) for loss or damage when a threat exploits a vulnerability.
20
Q
Why does computer security matter?
A
Computer Systems are Valuable Targets
Computer Systems have many Security Threats
Cybercrime is Growing
Cybercrime Comes With a Cost
21
Q
What are the main costs for victims or cybercrime
A
Economic Cost - Theft of IP, corporate information, disruption in trading, cost of repairing damaged systems.
Reputational Cost - Loss of consumer trust, loss of current and future customers to competitors, and poor media coverage.
Regulatory Cost - The General Data Protection Regulation (GDPR) and other data protection laws mean that organisations can suffer from large regulatory fines or sanctions as a result of cybercrimes.
22
Q
Define Paradigm
A
A paradigm is defined as a pattern, model, approach, or distinct set of concepts or thought patterns
23
Q
Define Programming Paradigm
A
A programming paradigm can simply be defined as a style of programming
24
Q
A programming paradigm is a programming language. True or False?
A
False
25
A programming paradigm is enforced by the programming language compiler during the compilation stage. True or False?
True
26
What are the key programming paradigms?
Imperative Programming
Declarative Programming
27
What are the properties of Imperative programming?
A paradigm describing HOW the program should do something
Explicitly specify each step-by-step instruction (or statement), which change the program's state.
Imperative programming is easier to reason about for beginners.
Example Languages: C, C++, Java, Python, Ruby
Usually has more lines of code.
Provides flexibility but brings in complexity
28
What are the properties of Declarative programming?
A paradigm describing WHAT the program does.
Does not explicitly specify each step-by-step instruction (overall control flow).
Allows more readable code to be written that reflects what exactly we want to see.
Example Languages: Prolog, Lisp, Haskell, Python (supports some declarative features)
Usually has less lines of code.
Hides complexity and provides simplicity.
29
What are some subsets of Imperative programming?
Structural programming
Procedural programming
Object-Oriented programming
30
What are some subsets of Declarative programming?
Functional programming
Logic programming
31
What are some other common programming paradigms?
Scripting
Event-Driven
Database Querying
32
What factors affect the adoption of a particular programming paradigm
Current system implementation
System requirements
Software availability and support
Programming knowledge
Processing power
Usability
Maintainability
Functionality
Familiarity
33
What are some common Data Types?
Text - single string, free text, email addresses, passwords, URLs
Numbers - digits, integers, floats, Booleans
Temporal - dates, times
Files - text, media, sound
Biometrics - face, fingerprint
34
What are some common Data Input Methods?
Command line interface
Data stores
Web pages
Internal devices
External devices
URLs
APIs
35
What is the major security challenge with dealing with data input?
Computer systems or applications can take lots of diverse data input, much of which may be unknown, untrusted or insecure; and may be malicious
Inputting malicious data into a system or application is a primary attack method; it can be difficult to detect a malicious user inputting such data.
36
Define Injection Attacks
With an injection attack, an attacker submits malicious input which then gets inserted or injected into a genuine query or command that is subsequently processed.
37
What are some negative impacts of injection attacks?
Data loss (broken confidentiality)
Data alterations (loss of integrity)
Denial of service (prevent availability)
Full system compromise
38
Define SQL injection Attack
An SQL injection attack consists of inputting malicious SQL code which is inserted or injected into genuine SQL commands of an SQL driven application to cause some negative or compromising action.
39
What can a successful SQL injection attack do?
Read sensitive data from a database
Modify database data (insert/update/delete).
Execute admin operations on the database, e.g. shutdown the Database Management System (DBMS).
Access a sensitive file on the DBMS file system.
Issue commands to the operating system.
40
Example of an SQL Injection Attack
User input: 105 or 1=1
SQL statement could be: SELECT * FROM Users WHERE userId = 105 or 1=1;
This is always TRUE, SQL query will return ALL rows from the Users table
41
Define Cross-Site Scripting (XSS) Attacks
Cross-Site Scripting (XSS) attacks involve injecting malicious scripts into vulnerable web applications which are subsequently delivered to and executed on users' systems after they visit the website.
42
How a Cross-Site Scripting (XSS) attack works?
Malicious scripts are often written in JavaScript code.
The malicious script is included with dynamic content delivered as markup text (e.g. HTML) to a victim's browser
XSS attacks take advantage of the fact that browsers cannot distinguish between legitimate and malicious markup but rather execute whatever markup they receive.
Rather than attacking a victim directly, an attacker can **exploit a vulnerability** in a web application by getting it to deliver the malicious script when users visit.
43
What can XSS attacks do?
With an XSS exploit, an attacker can steal a user's session cookie and pretend to be that user.
Cookies can store a range of information including personal data.
XSS Attacks can also be used to spread malware, deface websites, disrupt social networks, phish for credentials, and cause more damaging attacks (with the addition of social engineering techniques).
44
Define Out of bounds read
Out of bounds read occurs when a program reads data past the end, or before the beginning, of an array or buffer.
44
Define Out of bounds write
Out of bounds write occurs when a program writes data past the end, or before the beginning, of an array or buffer.
45
What is bounds checking?
Bounds checking is a method of detecting whether a variable is within some bounds before it is used.
Commonly used to check that a variable used in an array is within the bounds of the array.
A failed bounds check usually generates some kind of exception signal.
46
Define Buffer Overflow Attack
A buffer overflow attack forces a program to put more data in an array/buffer than it can hold and therefore put the extra data in a memory area past a buffer.
47
What can a buffer overflow attack do?
Writing in an area of memory past the buffer can corrupt or overwrite the existing data, crash the program, or cause the execution of malicious code.
48
Why are some programming languages susceptible to a Buffer Overflow attack?
Certain languages such as C/C++ have no index checking.
It's thought by some programmers to be time consuming, an overhead they don't think is required.
49
What are format specifiers?
Format specifiers are used to take the next argument and print it in the specified format.
50
Define Format String Attacks
The Format String attack occurs when a submitted input String is evaluated as a command by the application to cause some malicious action.
51
Define Integer Overflow Attack
An integer overflow attack occurs when an integer values is forcibly incremented to a value that is too large to store in the associated representation and wraps around to become a very small or negative number.
52
Define Input Validation
Input validation is the proper checking or testing of any input supplied by a user or application to ensure it meets permitted input criteria.
53
How does input validation prevent invalid data entering a system?
Because it is difficult to detect a malicious user who is trying to attack software, applications should check and validate all input of a system to prevent security issues like injection and buffer overflow attacks.
Input validation should also occur when data is received from an external party, especially if the data is from untrusted sources.
Although not a guaranteed defence, input validation can considerably lower the impact of an input-based attack.
54
Define Whitelisting
Whitelisting defines allowed input data while any other input data is denied by default.
55
Define Blacklisting
Blacklisting defines unallowed input data while any other input data is allowed by default.
56
It is usually preferable to Blacklist data. True or False?
False, more mistakes occur with blacklisting as ALL unallowed inputs must be known.
57
Where are the 2 key places to place input validation?
It can be done client-side with HTML, handled with pure JavaScript or a specialist JavaScript library such as Jquery.
It could be done server-side within view functions, form validators, or using a server filter.
58
What is a data field?
Data fields can be used to validate input data as the type we want when implementing web forms.
59
Sample Data Fields
StringField()
EmailField()
IntegerField()
PasswordField()
DecimalField()
BooleanField()
60
Define CSRF Token
A CSRF Token is a random, unguessable string used to validate the origin of a request
61
What is a Cross-Site Request Forgery (CSRF) attack?
Tricking an authenticated user into sending a malicious request not generated via the application’s user interface is called a Cross- Site Request Forgery (CSRF) attack
62
Define Secret Key
A web application’s secret key is used for encryption tasks such as cryptographically signing session cookies and generating a CSRF token.
63
What is a validator?
Validator class instances can be added to a Form class to check or validate input data values.
64
Define Regular Expression (regex)
A regular expression is a String of text that defines the patterns or sequences that must be found within input data Strings to validate them (i.e., a search pattern).
65
Define Metacharacters
Metacharacters are special characters that affect how the Regex around them is interpreted.
66
What is a lookahead?
The construct that can be used to check the existence of characters is called a Lookahead.
67
What is Error Handling?
Error Handling helps in handling software errors gracefully and helps execution to resume when interrupted.
68
Define Hardcoding Data
Hardcoding Data is the practice of embedding data directly into the source code of a program as opposed to obtaining the data from external sources (e.g., databases, file) or generating it at runtime.
69
Hardcoding Data - Advantages and Disadvantages
Advantage - Fast delivery of code.
Disadvantage - Considered an anti-pattern.
Disadvantage - Hard to adapt.
Disadvantage - Hard to internationalise.
Disadvantage - Raises security vulnerabilities.
70
What security issues can a web application have
Source code disclosure enables attackers to understand how the application behaves by simply reading the code and checking for logical flaws, or hardcoded data such as username/password pairs and secret keys.
Hidden Form Fields
71
Define Hidden Form Fields
Hidden Form Fields are used in web pages to pass all kinds of information to be sent to the server, along with form data entered by a user, without the user having to be involved in the process.
72
Define Reverse Engineering
Reverse Engineering is the reversal of a program's machine code back into the source code that it was written in.
73
Why is software reverse engineering done?
the source code was lost
to study how the program performs certain operations
to improve the performance of a program
to fix a bug
to identify malicious content in a program such as a virus
to adapt a program written for use with one microprocessor for use with another.
74
What security issue can be exposed by reverse engineering?
Hardcoded data will be revealed which could be sensitive
75
Define .env file
A .env file can be used to remove and store sensitive environmental variables separately from the source code.
76
What are best practices for securing databases
Separate database servers and web servers.
Use web application and database firewalls.
Secure database user access.
Regularly update operating systems and patches.
Audit and continuously monitor database activity.
Test database security.
Avoid using default network ports.
Encrypt data and backups.
77
Define Authentication
Authentication is the process of determining whether someone (or something) is, in fact, who or what it declares itself to be.
78
What are the authentication factors
Knowledge Factor - something you know, e.g., password
Possession Factor - something you have, e.g., smart card
Inherence Factor - something you are, e.g., fingerprint
79
What is the distinction between authentication and authorisation?
Authentication is the process of **validating the identity** of a registered user before allowing authorised access to protected resources.
Authorisation is the process of **validating that the authenticated user** has been granted permission to access the requested resources.
The authentication process always comes before the authorisation process.
80
Define Access Control
Access control is the general term used for restricting access to resources to a certain number of authenticated and authorised users.
81
Define Anonymous User
An anonymous user is a user that has not been logged in by an application and therefore has no identity.
82
How do you log in authenticated users?
Logging in authenticated users involves creating a uniquely identifiable web session for each user so their requests can be distinguished from other users.
Multiple users can be differentiated when using an application at same time.
83
What is a web session?
A web session is a series of adjoining or connected actions by a specific user on an individual web application within a given time frame.
84
How does a web session work in practice?
Web applications use a **session ID associated with an authenticated user** to **respond to the user’s interactions** during a web session.
This **session ID is passed along with any requests** that the authenticated user makes while using the application.
85
What can Flask-Login do?
**Store** each active user’s identity in respective web sessions, and let you log them in and out easily.
Let you **restrict** what logged-in (or logged-out) users are **authorised** to do.
**Handle** the normally-tricky “remember me” functionality (the web session will not be deleted if a user closes their browser).
Help **protect** users’ web session data from being stolen.
86
What does Login Manager do?
**Storing** a user’s ID in a new web session.
**Getting** a user instance from the database using their ID.
**Managing** web sessions for multiple users.
**Logging** out users – make users anonymous again.
**Redirecting** anonymous users to the login page (if trying to access an area that requires authentication).
87
Define current_user
The keyword current_user is a proxy that can be used for the user sending the request.
88
What kind of variables do you get access to with current_user?
current_user.username
current_user.posts
current_user.is_authenticated
89
What is part of password management?
Automatically create secure passwords.
Secure password recovery.
Change password.
Password expiration.
Re-authenticate in sensitive areas.
90
Define Brute Force Search
A Brute Force search (or exhaustive search) is a problem-solving technique that consists of trying all possible solutions to a problem until a correct solution (if it exists) is found.
91
Define Brute Force Attack
A Brute Force Attack primarily consists in an attacker **configuring predetermined values** (username/password combinations), **making requests to a server** using those values, and then **analysing the response for success or failure**.
92
What are some security measures to prevent brute force attacks?
**A strong password policy** – minimum length, certain number of character types, special characters, change frequently.
**Biometrics** - The measurement and statistical analysis of people's unique physical and behavioural characteristics.
**Notification of unrecognised login** - Users are notified and asked to confirm login was genuine if a login attempt is made from an unrecognised device, location or IP address.
**Comprehensive login process** – CAPTCHA (proving user is human) and Two Factor Authentication (more than just a password)
**Limiting login attempts** – locking a user account after n login attempts.
93
What is Multi Factor Authentication?
Multi-factor authentication (MFA) is a security mechanism that requires individuals to **provide multiple forms of identification** before granting access to a system, application, or online account. The goal of multi-factor authentication is to **add an extra layer of security** beyond just a username and password, making it more difficult for unauthorized individuals to gain access.
94
What are some strong secondary authentication factors?
**One-time password (OTP)** – A unique password which can only be used once.
**Time-based PIN** – A sequence of digits which have to be entered within a short window, typically 30 to 60 seconds.
**Digital (PKI) certificates** – A digital certificate, issued by a trusted certificate authority, is installed on the device or in the user’s browser.
95
What is CAPTCHA?
It is an automated tool used to differentiate between real users and automated users, such as bots.
CAPTCHAs provide challenges that are difficult for computers to perform but relatively easy for humans.
96
What are some types of CAPTCHA
text-based
image-based
audio
97
Why is Image-based CAPTCHA used instead Text-based?
Image-based CAPTCHAs were developed to replace text-based ones.
Image-based CAPTCHAs are typically easier for humans to interpret than text-based.
For bots, image-based CAPTCHAs are more difficult than text to interpret because they require both image recognition and semantic classification.
98
What are drawbacks of CAPTCHA
Disruptive and frustrating for users.
May be difficult to understand or use for some audiences.
Some CAPTCHA types do not support all browsers.
Some CAPTCHA types are not accessible to users who view a website using screen readers or assistive devices.
There is a range of automated technologies, including APIs, browser plug-ins and extensions that enable attackers to bypass or solve CAPTCHA challenges.
99
Limiting Authentication Attempts - Pros and Cons
One way to block brute force attacks is to lock out accounts after a defined number of incorrect authentication attempts.
Account lockout is not always the best solution, because someone could easily abuse the security measure and lock out hundreds of user accounts.
100
What is Authorisation?
Authorisation is a security mechanism to **determine access levels or user privileges** related to system resources including Files, Services, Computer programs, Data and Application features
Authorisation includes the process of **granting or denying access** to a system resource based on a *user’s identities*.
101
What are some difficulties in authorisation?
Users may fall into several groups or roles with different abilities or privileges.
Authorisation conflicts can occur and stop production.
Users may try and by-pass authorisation mechanisms when they get in the way.
102
What are the phases of authorisation?
**Policy definition phase** where accesses are authorised.
**Policy enforcement phase** where access requests are permitted or not permitted depending on the policy.
102
Define Reference Monitor
A reference monitor should be NEAT
Non-bypassable.
Evaluable.
Always-invoked.
Tamperproof.
103
Define Path Traversal Attack
The Path Traversal attack technique allows an attacker unauthorised access to files, directories, and commands that potentially reside outside the web document root directory.
104
How is a path traversal attack done?
To access files or execute commands anywhere on the file-system, path traversal attacks will utilise the ability of special-characters sequences.
The most basic Path Traversal attack uses the ../ special-character sequence to alter the resource location requested in the URL.
../ typically means ‘go up one directory’ - dir1/dir1.2/dir1.2.1/../ == dir1/dir1.2/
../ is useful because references to resources can be written without having to use the full path.
A path traversal attack is sometimes called a dot dot slash attack.
105
How to prevent anonymous users from accessing pages?
The @login_required decorator can be added to any view function to prevent it from being accessed (executed) by the actions of anonymous (unauthenticated) users.
106
Define Role-Based Access Control (RBAC)
Role-Based Access Control (RBAC) is a method that assigns authorisations to roles given to groups of users rather than at the individual level.
107
Define The Principle of Lease Privilege.
The Principle of Least Privilege is a best practice to limit users to the minimum required role necessary for them to complete their assigned tasks.
108
What are some benefits of RBAC?
Improved operational efficiency.
Enhanced compliance.
Gives administrators increased visibility.
Reduces costs in terms of resources used.
Decreased risk of breaches and data leakage.
109
How do you implement RBAC in flask?
A custom view function decorator can be created to manage RBAC using a Wrapper Function.
110
What are some issues with RBAC?
**Role Explosion** – when the level of granularity needed for access control is too detailed resulting in many many roles which become hard to manage.
**Somewhat rigid** - once deployed, it is hard to react to changing security threats and risks.
**Scalability & Dynamism** - in the rush to onboard new people a situation can arise where organisation charts and job definitions have not been updated or clearly defined. RBAC may require a costly redesign to get it back on track.
**Expensive and Difficult Implementation** – if RBAC is decided upon as a solution, the duplication of servers and other infrastructures which support RBAC may be found to be prohibitive in terms of cost and complexity.
111
What are some RBAC alternatives?
Access Control List (ACL)
Attribute-Based Access Control (ABAC)
112
What is an Access Control List?
An access control list (ACL) is a table listing the permissions attached to computing resources.
It tells the operating system which users can access an object, and which actions they can carry out.
113
What is Attribute-Based Access Control?
ABAC evaluates a set of rules and policies to manage access rights according to specific attributes, such as environmental, system, object, or user information.
ABAC applies Boolean logic to grant or deny access to users based on a complex evaluation of attributes and the relationship between them.
114
What are some benefits of Event Logging and Monitoring?
**Detection** of security breaches.
**Event reconstruction** to understand how event happened
**Faster recovery** from bad events
115
What are the methods of logging user events?
Logging events using database storage
Logging events using a log file
116
What do you log when logging events using database storage?
Date and time of new user registrations
Date and time of user’s current login
Date and time of user’s previous login
117
What do you log when logging events using a log file?
User registrations
Successful user logins
Invalid user login attempts
User logouts
Unauthorised access attempts
118
Why is cryptography an essential security technique?
Cryptography is an essential security technique because data stored in a database in readable plaintext can be a major security vulnerability, especially when the data is sensitive such (e.g. a password).
119
What are some cryptography security properties?
Confidentiality – keeping data secret
Integrity – keeping data intact and correct
Non-repudiation – preventing deniability (e.g., of creating/sending data)
Authentication – providing identity of originator (e.g., data creator/sender)
120
Define Plaintext
data in its readable form.
121
Define Ciphertext
data in its unreadable or encrypted form.
122
Define Encryption
the act of scrambling readable data into unreadable ciphertext.
123
Define Decryption
the act of unscrambling unreadable ciphertext into readable data.
124
Define Algorithm
the set of steps that the encryption and decryption process follows.
The specific algorithm is often referred to as a Cipher.
125
What is a key fact about encryption?
Encryption is a two-way function (convert plaintext to ciphertext and back again).
126
Define Encryption Key
An Encryption Key is a random string of bits created specifically for encrypting and/or decrypting data.
127
What is symmetric-key encryption(Private-key encryption)?
Encryption and decryption process uses the same key.
The key must be kept secret.
128
What is Asymmetric key encryption (Public-key encryption)?
Encryption and decryption processes use different keys.
Encryption key can be made public.
Decryption key must be kept secret.
129
What is a persistent object?
An object present in the database session and has a record in the database.
Any changes made to the object are reflected in the row/entry it represents in the database.
The object is said to be in a Persistent State.
130
What is a transient object?
A transient object is not present in the database session and is not saved in the database as an entry/row (it has no database identity).
Changing a persistent object to a transient one cuts the connection to the database.
Any changes made to the transient object are not reflected in the row/entry it represented in the database.
A transient instance can be thought of as an independent copy of the database row/entry.
131
What is the difference between Hashing and Encryption?
Hashing is a one-way function – plaintext to ciphertext only
Encryption is a two-way function – plaintext to ciphertext and back to plaintext.
132
Why should Hashing be used?
In almost all circumstances, passwords should be hashed rather than encrypted, as this makes it very difficult for an attacker to obtain the original passwords from the hashes.
Encryption should only be used in edge cases where it is necessary to be able to obtain the original password.
133
How could a hacker crack a password hash?
Generate the plaintext from the hash? - NO!
Generate hash of a known String and see if it matches existing password hash values? - YES.
134
Define Salt
A salt is a unique, randomly generated string that is added to each password as part of the hashing process.
135
If a stored password is hashed using a random salt, How can a submitted password be verified during the log in process?
Modern hashing functions extract the salt from the stored password hash and use it to hash the submitted plaintext password for comparison.
136
Define Random Number
A random number is a number chosen purely by chance, i.e., randomly.
137
Define Pseudorandom number
A random number that is not truly random is called a Pseudorandom number.
138
What are the approaches to generating random numbers using a computer?
Pseudo Random Number Generators (PRNGs)
True Random Number Generators (TRNGs).
139
What are PRNGs
PRNGs use **mathematical formulae** or **precalculated tables** to produce sequences of numbers that **appear random**.
PRNGs must be given a **base value (called a Seed)** to generate a sequence of pseudorandom.
Pseudorandom numbers become a **security problem** when the numbers must be completely unpredictable, such as data encryption key generation or gambling.
140
What are the characteristics of PRNGs
**Efficiency** – can produce many numbers in a short space of time.
**Deterministic** - a given sequence of numbers can be reproduced at a later date if the starting point (seed state) in the sequence is known.
**Periodic** - a sequence of numbers will eventually repeat itself.
141
What are TRNGs
Numbers generated by TRNGs can be considered truly random
TRNGs extract randomness from physical phenomena and introduce it into the computing platform.
Involves identifying little, unpredictable changes in the data.
TRNGs are suitable for applications where the unpredictability of numbers is important, such as data encryption key generation and gambling.
142
What are the characteristics of TRNGs?
Inefficiency – can take some time to produce numbers
Nondeterministic - a given sequence of numbers cannot be reproduced, although the same sequence may occur several times by chance.
Aperiodic – a sequence of numbers will not repeat itself, unless by chance.
143
TRNGs disadvantages.
Need specialist and expensive equipment.
Need external source of randomness which may not be feasible or practical.
Slow and inefficient.
144
PRNG vs TRNG
Efficiency
PRNG - Excellent
TRNG - Poor
Determinism
PRNG - Deterministic
TRNG - Nondeterministic
Periodicity
PRNG - Periodic
TRNG - Aperiodic
145
What are the three key properties of CSPRNG
Generated numbers appear random.
Generated numbers are unpredictable in advance.
Generated numbers cannot be reliably reproduced after generation.
146
What does a value need to be cryptographically secure?
Essentially, for a value to be cryptographically secure, it must be **impossible or highly improbable** for an attacker to **distinguish** between **it and a truly random value.**
146
Define Sniffing Attack
a Sniffing Attack refers to **tapping into** network traffic or **routing** the traffic to a target where it can be **captured, analysed, and monitored.**
147
What are some defences against sniffing attacks?
Connect to trusted networks.
Encrypt data being sent.
Network scanning and monitoring
148
Define Man in the Middle Attack
a Man In the Middle attack involves an attacker getting in the middle of a data transmission in order to eavesdrop or impersonate.
149
Phases of Man in the middle attack
Interception
Decryption
149
What are some potential defences against MITM attacks?
Make sure **HTTPS is always in the URL bar** of websites being visited, e.g., https://www.google.com/
**Be wary of potential phishing emails** from attackers asking to **update passwords** or any **other login credentials.**
**Direct connections to public Wi-Fi routers** should be **avoided** if possible.
**Comprehensive internet security solutions** should be **installed** on systems and always kept up to date.
Be sure that **home Wi-Fi networks are secure.**
150
Define Spoofing Attacks
A spoofing attack is when an attacker **impersonates another device or user** on a network in order to launch **attacks against network hosts, steal data, spread malware or bypass access controls.**
151
What are some defences for spoofing attacks?
**Packet Filtering** - Packet filters **inspect packets** as they are transmitted across a network
**Avoid Trust Relationships** - Trust relationships allow users in one domain to access resources in another domain.
**Use Spoofing Detection Software** - There are many programs available that can help detect spoofing attacks.
**Use cryptographic network protocols** - Secure communications protocols bolster spoofing attack prevention efforts by encrypting data before it is sent and authenticating data as it is received.
152
Define Replay Attacks
A replay attack occurs when an attacker **intercepts** and then **delays or resends** a secure data transmission to misdirect the receiver into doing what the attacker wants.
153
What is the danger of replay attacks?
The danger of replay attacks is that an attacker **doesn't even need advanced skills** to decrypt the data transmission after capturing it from the network.
154
What are some defences to replay attacks?
**Random Session Keys** - Both sender and receiver should establish random session keys that are valid for one transaction only and cannot be used again.
**Timestamps** - Adding timestamps to all messages prevents attackers from resending messages after a certain length of time.
- Reduces the window of opportunity for an attacker to eavesdrop, siphon off the message, and resend it.
**One Time Password** - Use a One Time Password (OTP) for each transaction that can be used only once and discarded.
- This ensures that even if a message is duplicated and resent by an attacker, the encryption key has expired and no longer works.
155
Why is HyperText Transfer Protocol Secure (HTTPS) used?
HyperText Transfer Protocol Secure (HTTPS) is used for **secure data transmission** and is the **primary protocol used** to transmit data between **servers and clients** over the **Internet.**
156
What does HTTPS do?
Essentially, HTTPS **encrypts** requests and responses before transmission and **decrypts** them once arrived
HTTPS protects against **sniffing and Man-In-The-Middle (MITM) attacks**.
Migrating from HTTP to HTTPS is therefore considered beneficial, as it offers an **added layer of security and trust.**
157
What is Transport Layer Security (TLS)?
HTTPS uses **Transport Layer Security (TLS) encryption on top of** the HTTP protocol.
Any web application using HTTPS is therefore employing **TLS encryption.**
As well as **web pages**, TLS can be used to encrypt other communications such as **email, messaging, and voice over IP (VoIP).**
158
What main properties does TLS protocol provide?
Confidentiality: hides the data being transferred from third parties.
Integrity: verifies that the data has not been forged or tampered with.
Authentication: ensures that the parties exchanging information are who they claim to be.
159
What is a TLS certificate?
For a web application to use TLS, it must have a TLS Certificate installed on its host server.
160
What does the TLS certificate contain?
Who owns the domain name.
The server's public encryption key.
161
Where can you get a TLS certificate?
In practice, a TLS certificate must be acquired from a recognised Certificate Authority for it to be trusted.
An approach for testing involves creating local TLS certificates.
- A quick approach uses dummy certificates.
- A more through approach uses self-signed certificates.
162
Define HTTP Security Header
HTTP Security Headers are a **subset of HTTP headers** that provide an **extra layer of security** by **restricting behaviours** permitted by browsers and servers once a web application is running.
163
What is Content Security Policy?
A Content Security Policy security header must be defined to allow a web application to embed content from external sources. content such as CSS styling libraries, JavaScript function, CAPTCHA.
164
Define Digital Signatures
A Digital Signature is a process **guaranteeing** that the contents of a message have **not been altered** in transit (provides the security property of Integrity).
165
What is the process of detecting if document is altered by using the digital signature?
**When** the sender **digitally signs** a document, a **hash** of the message content is **calculated and encrypted** using the sender’s **private key (signing key)** before being added to the message.
The recipient can still read the message as normal, but only the sender's **public key** can decrypt the encrypted hash.
If the messages arrives but the hash of the received content does not match the content hash, then the recipient knows the message content has been altered.
The recipient can authenticate the sender as well as the integrity of the message content.
166
How to obtain a digital signature?
If you want the recipients of your documents to be able to verify the authenticity of your digital signature, then you must obtain a digital certificate from a reputable Certificate Authority (CA).
167
How to use Digital certificate?
After downloading and installing the certificate, users can use the Sign and Encrypt buttons on their mail clients to encrypt and digitally sign emails.
168
What are the types of digital signatures?
Certified Signatures
Approval Signatures
Visible Digital Signatures
Invisible Digital Signatures
169
What digital signatures does Adobe (PDF reader) support?
Adobe (PDF reader) supports certified and approval digital signatures.
170
What digital signatures does Microsoft Word support?
Microsoft Word supports visible and non-visible digital signatures.
171
What are certified signatures?
Adding a certifying signature to a PDF document **indicates** that you are the **author of the document** and **want to secure the document against tampering.**
Certified PDF documents display a **unique blue ribbon** across the top of the document.
It contains the **name of the document signer and the certificate issuer** to indicate the **authorship and authenticity of the document.**
172
What are approval signatures?
Approval signatures on a document can be used in an **organisation's business workflow** by helping to **optimise approval procedures**.
The process involves **capturing approvals** made by individuals and **embedding them within the PDF document.**
Adobe allows signatures to include details such as an **image of your physical signature, date, location, and official seal.**
173
What are visible digital signatures?
These allow a single user or multiple users to digitally sign a single document.
The signatures would appear on the document in the same way as signatures are applied on a physical document.
174
What are invisible digital signatures?
Documents with invisible digital signatures carry a **visual indication** of a **blue ribbon in the task bar.**
You can use invisible digital signatures when you **do not have to or do not want to** display your **signature**, but you need to **provide indications of the authenticity of the document, its integrity, and its origin.**
