Cyber Security

Question 1

What is the cyber security triad?

Answer 1

Confidentiality, integrity, availability

Question 2

What is integrity?

Answer 2

Guarding against improper information modification/destruction

Question 3

What are the integrity-related concepts?

Answer 3

Authenticity & accountability

Question 4

What 4 steps of cyber attack countermeasures are there?

Answer 4

Detection, prevention, mitigation, recovery

Question 5

What is a checksum?

Answer 5

A function that maps file contents to a numerical value

Question 6

List the 5 main cyber attackers

Answer 6

Cybercriminals, nation states, hacktivists, insider threats, script kiddies/noobs

Question 7

What is the relation between an instigator and a perpetrator?

Answer 7

A perpetrator can be hired/bribed by an instigator

Question 8

What are 3 potential motivations of Nation States?

Answer 8

Garner high quality intelligence
Sabotage critical infrastructures
Subversion e.g. political elections

Question 9

What are 3 potential attacks hacktivists may perform?

Answer 9

Web defacements
Data breaches (to prove beliefs)
DDoS

Question 10

List the stages of the Kill-Chain model

Answer 10

Reconnaissance, weaponisation, delivery, exploitation, installation, command & control, actions on objectives

Question 11

What is the difference between exploitation & installation?

Answer 11

Exploitation: execution of payload to exploit vulnerability
Installation: ensurance of payload persistence within the target

Question 12

What 8 cyber attacks are there?

Answer 12

Cryptojacking
Data breaches
DDoS
Influence campaigns
Money theft
Personal document ransom
Supply chain attacks
Web defacements

Question 13

What 3 types of money theft attacks are there and what do they involve?

Answer 13

Banking trojan horse: seemingly legitimate software captures credentials
Cyber banking fraud: attacks launched from compromised machines to transfer stolen funds
BEC (Business Email Compomise)/Whaling: attacker requests large money transfer pretending to be CEO

Question 14

What 4 steps are there in personal document ransom / ransomware?

Answer 14

1) Attacker sends email with attachment user is lured to open
2) Attachment either prompts user to execute a macro or lanuches powershell to download & execute final payload
3) Ransomware encrypts specific file types
4) Files can only be decrypted by paying a ransom

Question 15

What is cryptojacking?

Answer 15

The practice of hijacking computer resources to mine cryptocurrency

Question 16

What 3 things could happen to stolen data in data breaches?

Answer 16

Public disclosure
Private intelligence
Sold on the black market

Question 17

What is a supply chain attack?

Answer 17

Where the adversary compromises the weakest link in the supply chain to reach the target from there

Question 18

What is Social Engineering?

Answer 18

A technique to either pschologically manipulate people into performing an action or gather information left around by people

Question 19

What 3 ways is information gathered in Social Engineering?

Answer 19

Via the web (company website / social media)
Dumpster diving
Shoulder surfing

Question 20

What 4 ways may an adversary interact with the target in Social Engineering?

Answer 20

Phishing: sending emails incl. spear phishing (specific individual/organisation) & whaling (high-profile)
Vishing: using video calls
Smishing: using SMS (text)
Physical impersonation

Question 21

What is baiting in Social Engineering?

Answer 21

A real-world trojan horse e.g. infected removable media, gift with wiretap

Question 22

What 5 essential defences are there in corporate security?

Answer 22

Firewalls
User access control
Malware protection
Patch management
Secure configuration

Ineffective against advanced attacks e.g. SE

Question 23

Firewalls

Answer 23

Sit at the edge of a network
Blocks all incoming traffic by default, inspects each packet passing through, accepts packets that satisfy rules
Allows all outbound traffic.

Question 24

The 3 steps of secure configuration

Answer 24

Unnecessary software removed
Auto-run features disables
Default password changed

Question 25

User access control

Answer 25

Ensure user accounts are only assigned to authorised individuals

1) Authenticate before granting access
2) Remove accounts when no longer required
3) Use two-factor authentication

Question 26

What are the 2 requirements of malware protection?

Answer 26

Anti-malware software
Application whitelisting

Question 27

(Security update) / (patch) management

Answer 27

Keep everything updated, licensed, and supported
Remove when unsupported

Question 28

What 6 additional defences are there in corporate security?

Answer 28

Data protection, segregation of duties, network fragmentation, network monitoring, honeypots, pentesting

Question 29

What are the 4 ways of protecting data?

Answer 29

Encrypting data
Fragmenting data (split & store in diverse locations)
Backing-up data
Privacy protection (removing PII)

Question 30

What is the benefit of segregating a task?

Answer 30

If N accounts required to execute a task, N accounts must be compromised

Question 31

Give an example of network fragmentation

Answer 31

e.g. Front-end, back-end, office, and Internet split with access between managed with firewalls at bboundaries

Question 32

Network monitoring

Answer 32

Uses intrusion detection systems (signature-based & anomaly-based) and intrusion prevention systems
Observes & records all traffic on network
Alerts on suspicious traffic

Question 33

Honeypots (4 types)

Answer 33

A decoy to lure attackers
Research HPs: gather info about attackers (broader trends)
Production HPs: detect & deflect attackers from CIs
High-Interaction HPs: gain detailed insights into attacker behaviour (specific attacker behaviour)
Low-Interaction HPs: detect & deflect automated attacks

Question 34

Pentesting (6 phases)

Answer 34

An authorised simulated attack to assess the system’s security
1) Pre-engagement interactions - goals definition
2) Inteligence gathering - security mechanisms used
3) Threat modelling - how target can be attacked
4) Vulnerability analysis
5) Exploitation - actual attack
6) Post exploitation - what to do once compromised

Question 35

What makes an attack an APT?

Answer 35

If its advanced, persistent, and a threat
If it’s targeted and nation-state supported

Question 36

What are Critical Infrastructures?

Answer 36

Facilities, systems, sites, information, people, networks, and processes that are necessary for a country to function and on which daily life depends

Question 37

What is the impact of losing a Critical Infrastructure?

Answer 37

Major detrimental impact on availability, delivery, and integrity of essential services
Severe economic/social consequences
Potential loss to life

Question 38

What are Industrial Control Systems?

Answer 38

Systems that control & monitor CIs

Question 39

What 6 reasons are there for damaging CIs with malware rather than with an air strike?

Answer 39

Lower development costs
No casualties
No loss of employed weapons/equipment
Less chance of severe retaliation
Almost speed of light attacks
Anonymous / no attribution

Question 40

What are the 6 hacktivism ethics?

Answer 40

1) Everyone should have unrestricted access to computers
2) Information should be free
3) Authorities can’t be trusted
4) Hackers should solely be judged on ability
5) Hacking is considered an act of art
6) Computers are a positive phenomenon

Question 41

What actors are involved in cyberwarfare?

Answer 41

Nation states

Question 42

What are the 3 objectives of cyberwarfare?

Answer 42

Espionage: steal sensitive information from government to gather intelligence
Sabotage: disrupt/damage CIs
Propaganda: influence public opinion

Question 43

Why is cyberwarfare not considered to be warfare?

Answer 43

There is no use of physical force

Question 44

What is symmetric encryption?

Answer 44

The same key is used to encrypt & decrypt a piece of information
The key is shared between sender & recipient

Question 45

What is asymmetric encryption?

Answer 45

Each user has a private key and a public key
Sender encrypt with recipient’s public key
Recipient decrypts with its own private key

Question 46

What is a digital signature?

Answer 46

A form of asymmetric encryption
Sender encrypts with its own private key
Recipient decrypts with sender’s public key

Question 47

What is a key ring?

Answer 47

All the public keys a sender/recipient has

Question 48

What does a hash function do?

Answer 48

Converts in input into a fixed size string of bytes

Question 49

What 2 ways are there to initially exchange keys?

Answer 49

Public key encryption
Diffie-Hellman key exchange protocol

Question 50

How does public key encryption work?

Answer 50

Sender sends their public key and identity (PUa, IDa)
Receiver sends sender’s public key and a secret key encrypted Enc[PUa, Ks]

Question 51

How is public key encryption vulnerable to man-in-the-middle attacks?

Answer 51

Man in the middle attacks
MITM forwards sender’s message to receiver but with their own public key
MITM receives secret key and forwards message to sender, replacing their public key with the senders to avoid detection

Question 52

How does the Diffie-Hellman key exchange protocol work?

Answer 52

1) A & B agreed publically on a prime modulus (e.g. 3) and a generator (e.g. 17)
2) A selects a private random number (e.g. 15) and calculates (3^15)mod17 = 6 and sends result publically
3) B selects a private random number (e.g. 13) and calculates (3^13)mod17 = 12 and sends result publically
4) A takes B’s public result, 12, and own private number, 15, and calculates (12^15)mod17 = 10 to obtain shared secret
5) B takes A’s public result, 6, and own private number, 13, and calculates (6^13)mod17 = 10 to obtain shared secret

Question 53

How is the Diffie-Hellman key exchange protocol vulnerable to man-in-the-middle attacks?

Answer 53

1) MITM generates 2 private keys PUx & PUy and calculates 2 public keys PRx = (a^PUx)modq and PRy = (a^PUy)modq
2) MITM intercepts A’s public key PUa before it reaches B and creates a secret key for A, Ka = (PUa^PRy)modq
3) MITM transmits public key PUx to B in place of PUa
4) B calculates secret key K1 = (PUx^PRb)modq
5) MITM intercepts B’s public key PUb before it reaches A and creates a secret key for B, Kb = (PUb^PRx)modq
6) MITM transmits public key PUy to A in place of PUb
7) A calculates secret key K2 = (PUy^PRa)modq
8) Now MITM can decrypt messages using Ka and encrypt with Kb

Question 54

How can Diffie-Hellman man-in-the-middle attacks be prevented?

Answer 54

With a digital certificate: users/companies are bound to their public key

Question 55

What is the function of a Public Key Infrastructure?

Answer 55

To create, manage, store, distribute, and revoke digital certificates
Enables secure, convenient, efficient acquisition of public keys

Question 56

What are the 4 key players in PKIs?

Answer 56

Certification authorities
Registration authorities
PKI repositories
PKI users

Question 57

What do Certification Authorities (PKI) do?

Answer 57

Issues, revokes, and distributes certificates
Certificates signed with CA’s private key so authenticity can be checked using CA’s public key

Question 58

What do Registration Authorities (PKI) do?

Answer 58

Approves/rejects certificate applications
Renews (re-keys), revokes, and suspends certificates

Question 59

What to PKI repositories do?

Answer 59

Store & distribute certificates and certificate revocation lists

Question 60

What 4 reasons might there be for a certificate to be revoked?

Answer 60

Compromised private key
Certificate expiration
Human resources reason
Name/address/DNS change

Question 61

What 3 issues are there with Certificate Revocation Lists?

Answer 61

Issued too infrequently to be effective against attackers
Expensive to distribute
Vulnerable to DoS attacks

Question 62

Secure sockets layer vs transport layer security

Answer 62

Cyptographic protocols
TLS improves upon SSL by providing privacy & data integrity between communication applications

Question 63

What 4 steps are there in a handshake protocol?

Answer 63

1) Client hello (protocol version, supported cryptographic algorithms)
2) Server hello (highest protocol version, strongest cryptographic algorithm)
3) Server key exchange: client receives server’s certificate and verifies the CA private key with the CA public key
4) Client key exchange

Question 64

What is Kerberos?

Answer 64

A network authentication protocol that relies on symmetric encryption

Question 65

What are the 4 aims of Kerberos?

Answer 65

User password shouldn’t have to travel over network
User password shouldn’t be stored on client’s machine
User is only asked to enter password once per work session
Authentication information management is centralised and resides on authentication server

Question 66

What are Kerberos tickets?

Answer 66

Issued by authentication server
Encypted witht the secret key of the service it’s intended for
Used as proof presented by a user to an application server to demonstrate their identity and gain access to that service on the network

Question 67

What is the key distribution centre in Kerberos?

Answer 67

A centralised model containing the database, authentication server, and ticket granting server

Question 68

What are the 6 steps in accessing a service in Kerberos?

Answer 68

1) User requests a ticket-granting-ticket from the authentication server
2) AS sends the session key and the TGT to the user
3) User requests access to a particular server from the ticket granting server using the TGT
4) TGS sends a session key and the ticket-for-service
5) User requests the service from the application server using the TfS
6) Application server grants the service

Question 69

What 4 limitations does Kerberos have?

Answer 69

Single point of failure as if KDC server is down, no-one can log in
Vulnerable to password guessing attacks
Requires clocks to be synchronised
Has to assume user’s workstation is secure

Question 70

What 5 attacks is password-based authentication vulnerable to?

Answer 70

Password cracking (brute force attack, dictionary attack)
Electronic monitoring (network sniffing, keyloggers)
Workstation hijacking
Shoulder-surfing
Dumpster-diving

Question 71

What are the 3 drawbacks of token-based authentication?

Answer 71

Requires a special read - added cost
Token loss - loss of access, added cost, stealing
User dissatisfaction

Question 72

What are the 2 types of biometric authentication?

Answer 72

Static: fingerprints, hands, face, retina/iris
Dynamic: voice, signature

Question 73

What are the 3 drawbacks of multi-factor authentication?

Answer 73

User must carry physical token at all times
Risk of loss or theft –> replacement cost
Unscalable: new token required for each new account/system

Question 74

What 5 measures are there for preventing online password cracking?

Answer 74

Password policies
Password blacklists
Machine-generated passwords
Force regular password changes
Throttling - time delay between consecutive failed login attempts

Question 75

What’s the issue with hash dictionaries?

Answer 75

The size - good dictionaries can be 100s of TBs

Question 76

What is a rainbow table?

Answer 76

A precomputed table used to crack password hashes
Has a good trade-off between time and space

Question 77

What is password salting?

Answer 77

A way to avoid reverse password attacks

Question 78

What are the 3 steps of password salting?

Answer 78

1) Append/prepend a random salt to the password
2) Compute the hash of the password and the salt
3) Store the hash of the salted password and the salt

Question 79

What are the 2 benefits of password salting?

Answer 79

Prevents duplicate password visibility
Increase difficulty of offline dictionary attacks by factor 2^b for salt of b bits

Question 80

What are the 4 group of harmful activities in Solove’s Taxonomy of Privacy

Answer 80

Information Collection
Informaiton Processing
Information Dissemination (distribution)
Invasions

Question 81

What are the 2 harmful types of information collection (Solove)?

Answer 81

Surveillance: surveilling an individual’s activies
Interrogation: probing for information

Question 82

What are the 4 harmful types of information processing (Solove)?

Answer 82

Aggregation: combining pieces of data about a person
Identification: linking information to individuals
Insecurity: carelesseness in protection stored information
Secondary use: use of data for a different purpose without subject’s consent

Question 83

What are the 7 harmful types of information dissemination?

Answer 83

Appropriation (use of one’s information for purpose of another)
Breach to confidentiality
Blackmail
Distortion
Disclosure
Exposure (of physical/emotional attributes)
Increased accessibility

Question 84

What are the 3 research paradigms in Privacy Enhancing Technologies?

Answer 84

Privacy as confidentiality
Privacy as control
Privacy as practice

Question 85

What are quasi-identifiers?

Answer 85

Attributes that, when combined with other quasi-identifiers, create unique identifiers

Question 86

What are the 4 techniques for data anonymisation?

Answer 86

K-anonymity
L-diversity
T-closeness
Differential privacy

Question 87

What is K-anonymity?

Answer 87

Attributes are generalised into broader categories (e.g. age as >40) and/or suppressed (e.g. age as 2* for 28)
At least K records have the same values for quasi-identifiers

Question 88

What 2 attacks is K-anonymity vulnerable to?

Answer 88

Homogeneity attack: if values in a QI group lack diversity e.g. all age 5* people at postcode 476*** have heart disease
Background knowledge attack

Question 89

What is L-diversity?

Answer 89

Each QI group must contain at least L different sensitive attributes e.g. in a group with 3 attributes, its sufficient to have flu, shingles, or acne as the sensitive data

Question 90

What 2 attacks is L-diversity vulnerable to?

Answer 90

Skewness attack: doesn’t consider overall distribution of sensitive values e.g. instead of 1/1000 chance of heart disease, now 1/3
Similarity attack: if sensitive attributes in a 3-diverse are lung cancer, liver cancer, and stomach cancer, attack can infer patient has cancer

Question 91

What is T-closeness?

Answer 91

The distance between the distribution of a sensitive attribute in all QI groups and the distribution of the sensitive attribute in the whole table is at most T

Question 92

Proxy vs VPN

Answer 92

Similarities: both hide IP addresses, connection between proxy/VPN and end points aren’t encrypted
Differences: VPN encrypts connection with VPN node, proxy doesn’t encrypt connection

Question 93

What is onion routing?

Answer 93

Where (TCP) traffic is protected with multiple layers of encryption

Question 94

What is traffic mixing?

Answer 94

Mixes messages with other traffic
To allow responses, the sender places keys at each mix along the path when established

Question 95

What is dummy traffic?

Answer 95

Meaningless traffic inserted alongside genuine data to obscure the real communication

Question 96

What is Perfect Forward Secrecy?

Answer 96

Minimises risk to PI in event of encryption key breach
Each session’s key is unique and not re-usable

Question 97

What is access control and its 3 components?

Answer 97

The process of regulating system resources according to a security protocol

Authentication: verify user credentials are valid
Authorisation: grant permission to an entity to access a system resource
Audit: review & examine system activities

Question 98

What are the 3 foundations of access control?

Answer 98

Object: the resource to which access is controlled
Subject: an entity that can access objects
Access right: the way a subject may access an object (read, write, execute, delete, create, search)

Question 99

What are the three subject classes (access control)?

Answer 99

Owner: full control over object
Group: multiple users with similar access permissions to objects
World: all subjects that aren’t the owner or part of a group

Question 100

What 3 things are Access Control Models used for?

Answer 100

Defining a set of authorisation rights
Defining a set of policies to enforce the authorisation rights
Protecting systems against violations of confidentiality, integrity, and availability

Question 101

What are the 4 main Access Control Models?

Answer 101

Discretionary Access Control
Mandatory Access Control
Role-Based Access Control
Attribute-Based Access Control

Question 102

What are blockchains?

Answer 102

Systems that keep track of transactions securely across a network of computers without the need of a central authority e.g. cryptocurrency doesn’t require a bank

Question 103

What is double spending in blockchains?

Answer 103

When 2+ transactions use the same input

Question 104

What is proof of work (briefly)?

Answer 104

A way to mitigate double spending in blockchains

Question 105

What is a block of transactions?

Answer 105

A batch of submitted & confirmed transactions stored as a list
Each block also references the previous block so any changes require updating all following blocks
Each block also includes a random number

Question 106

What are miners?

Answer 106

Nodes that create new blocks

Question 107

What are the 4 steps a miner takes?

Answer 107

1) Chooses the transactions to include in a block
2) Chooses the previous block
3) Competes with other miners to solve a puzzle based on the data in the block and the previous block’s hash
4) Once solved, broadcasts proposed block for solution verification and block addition

Question 108

What puzzle are miners trying to solve?

Answer 108

Finding a number such that the hash of the whole block has at least a certain number of zeros as most significant digits
The more zeros, the harder the mining

Question 109

What 3 reasons are there for miners to mine over the longest chain/branch?

Answer 109

There is a network consensus so more cumulative work
There are higher rewards
There is more security

Question 110

What is branch resolution?

Answer 110

Where a generated block can be rolled back and transactions are cancelled
To avoid risk of double spending, wait for other six blocks before confirming txn

Question 111

What is hashpower?

Answer 111

The number of hash computed per second
The probability of a miner generating a new block is proportional to its hashpower

Question 112

What are mining pools?

Answer 112

Organised groups of miners
Have a collectively larger hashpower so a higher probability to mine blocks

Question 113

What are the 3 advantages of blockchains?

Answer 113

Trustless network
Immutable transaction history
No single point of failure

Question 114

What are the 3 disadvantages of blockchains?

Answer 114

High transaction fees
Slow transaction confirmation
Not yet stabilised currency

Question 115

What is a smart contract?

Answer 115

A computerised transaction protocol that executes the terms of a contract

Question 116

Node joining in permissionless/permissioned blockchains

Answer 116

Permissionless: any node can join the network
Permissioned: nodes need to be authorised to join the network

Question 117

Security in permissionless/permissioned blockchains

Answer 117

Permissionless: need to target thousands of miners to make unavailable
Permissioned: need to traget fraction of peers

Question 118

Stability in permissionless/permissioned blockchains

Answer 118

Permissioned blockchains aren’t based on cryptocurrencies so are more stable

Question 119

Transaction fees in permissionless/permissioned blockchains

Answer 119

Permissioned blockchains don’t require any transaction fees

Question 120

Decentralisation in permissionless/permissioned blockchains

Answer 120

Permissioned blockchains are inherently less decentralised

Question 121

Setup & maintenance in permissionless/permissioned blockchains

Answer 121

Permissionless: convenient, contained cost
Permissioned: costly