Cyber security

Question 1

What is security?

Answer 1

Measures and control that ensure confidentiality, integrity and availability of information system assets, including hardware, software, firmware, and information being processed, stored and communicated. CIA triangle → Information security is confidentiality, integrity and availability. The CIA protects the assets (hardware, software information, etc).

Question 2

What is information security?

Answer 2

Information security is generally defined as the preservation of the confidentiality, integrity and availability of information. Other characteristics such as authenticity, accountability, non-repudiation and reliability are also information security.

Question 3

What does Adversity (threat agent) mean?

Answer 3

an individual group, organization or government that engages in or has access to the internet to engage in harmful activities.

Question 4

Threat

Answer 4

any circumstances or events with the potential to negatively affect organisational operations (including mission, functions, image, or reputation), organisational assets, individuals, other organizations, or Nation through an information system via unauthorized access, destruction, disclosure, modification or any information, and/or denial of service.

Question 5

Vulnerability

Answer 5

weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.

Question 6

System resource (asset)

Answer 6

hardware, software, communication network, data, major applications, general support system, high-impact program, physical plant, mission-critical system, staff, equipment, or a logically related group of systems.

Question 7

Attack

Answer 7

any kind of malicious activity that attempts to collect, disrupt, deny, degrade or destroy information system resources or the information itself.

Question 8

Risk

Answer 8

a measure of the extent to which a potential circumstance or event threatens an organization. We consider (1) the impact that would arise if the circumstance or event occurs; (2) the likelihood of the event occurring.

Question 9

Security policy

Answer 9

A set of criteria or rules for the provision of security services. It defines and limits the activities of a data processing facility to maintain a state of security of systems and data. E.g. password rules → security policy (password policy).

Question 10

Active attack

Answer 10

an attempt to alter system resources or affect their operation. E.g., DoS, DDoS, session hijacking, etc.

Question 11

Passive attack

Answer 11

An attempt to learn or use information from the system that does not affect the system’s resources. E.g. eavesdropping, keystroke logging, etc.

Question 12

What is meant by countermeasures?

Answer 12

the steps or measures you can take to prevent or manage attacks. The three countermeasures are prevent, detect and recover.

Question 13

What is privacy?

Answer 13

is the claim of individuals, groups, or institutions to determine how, when, and to what extent their personal information should be communicated to others. Privacy is an individual interest in sustaining a personal space that is free from intrusion from any organisation or people.

Question 14

Name the four states of privacy

Answer 14

-Solitude: the state of being free from observation by others.

-Intimacy: the privacy required for a close association.

-Anonymity: the condition of being unknown and free from identification.

-Reserve: the desire to limit disclosures to others.

Question 15

Name a data privacy law and regulation

Answer 15

GDPR. Strengths and unifies data protection for individuals within the European Union. Personal data shall be, Processed following the purpose of collection. Processed in a way that is lawful, fair and transparent. Processed in a manner that ensures integrity and confidentiality. Processed by the consent of data subjects.

Question 16

Types of malware

Answer 16

Stuxnet, Mirai, Mushtik and Mozi.

Question 17

What is Stuxnet?

Answer 17

Stuxnet is malicious software. Stuxnet targets Windows systems and Windows-based Siemens software used in industrial control systems.

Question 18

What is Mirai?

Answer 18

series of DDoS attacks that targeted domain name system (DNS) providers known as Dyn. About 100,000 IoT devices are used to create DDoS attacks. When the devices are infected they become zombies (botnet). The botnet targets various internet-connected devices like printers, IP cameras, residential gateways, baby monitors, and others.

Question 19

What is Mushtik?

Answer 19

use web application exploits to hinder IoT devices, including cloud security enterprise lacework for Drupal and Oracle Weblogic. It is a multistage attack and a variant of Mirai.

Question 20

What is Mozi?

Answer 20

peer-to-peer botnet targeting IoT devices such as network gateways and digital video records. Includes source code from Mirai, IoT Reaper, and the Gafgyt. Works by exploiting weak telnet passwords and unpatched IoT vulnerabilities. Conduct DDoS attacks, data exfiltration, and command or payload execution.

Question 21

DoS

Answer 21

Denial of Service. The DoS attack consists of overloading a server using a computer. A large amount of traffic is sent over the network to shut down specific devices and networks so they can no longer be used.

Question 22

DDoS

Answer 22

Distributed Denial of Service. They are created using different devices that are interconnected and controlled by the hacker/botmaster via a server. These botnets can be a few bots or several hundred. Another word for devices connected to botnets is zombies. Attack through multiple devices (zombies) on one device.

Question 23

Attack flow of Mozi botnet

Answer 23

1. Internet scan.
2. Identify targets.
3. Exploit path.
4. Deploy Mozi.
5. Enable persistence.
6. Maintain persistence.
7. Block remediation.
8. Deploy exploit kit.
9. Increase target spread.
10. Demand ransom.

Question 24

Name a method/tool used to identify security vulnerabilities in IoT devices

Answer 24

Port scanning. A method of examining a device or server by checking which ports are open, closed or filtered. This can reveal what services are running on a device, such as web services (port 80 for HTTP), secure connections (port 443 for HTTPS), remote control (port 22 for SSH), and so on.

Question 25

What are the two vulnerabilities the open port has?

Answer 25

Security and stability of the program responsible for delivering the service. E.g., ftp, http, etc.

Security and stability of the software that is associated with the operating system running on the host. E.g., vulnerable OS kernel, system file, etc.

Question 26

Types of port scanning

Answer 26

TCP scan, SYN scan, UDP scan, ACK scan and FIN scan.

Question 27

Top 10 security vulnerabilities in IoT

Answer 27

1. Weak, guessable or hardcoded passwords,
2. Insecure network services,
3. Insecure ecosystem interfaces,
4. Lack of secure update mechanism,
5. Use of insecure or outdated components,
6. Insufficient privacy protection,
7. Insecure data transfer and storage,
8. Lack of device management,
9. Insecure default settings,
10. Lack of physical hardening.

Question 28

What is meant by CVE and vulnerability database?

Answer 28

Common vulnerabilities and exposures (CVE) is a system used to identify and catalogue publicly known cybersecurity vulnerabilities and exposures in software and hardware products. It is a register or database where IoT vulnerabilities are registered.

Question 29

Which are the stakeholders that can prevent IoT vulnerabilities through shared responsibilities?

Answer 29

Manufactures, end users, organizations and policymakers.

Question 30

What factors comprise best practices for IoT security according to ENISA?

Answer 30

• People: security considerations that affect all stakeholders involved in the life cycle of IoT solutions, from the software developers to the end users of the product.
• Processes: secure development addresses security in the process of software development when a software project is conceived, initiated, developed and brought to market.
• Technologies: technical measures and elements used in order to reduce vulnerabilities and flaws during the software development process.

Question 31

Definition of cryptography

Answer 31

is the art and science of keeping messages secure. Secure information and communication techniques derived from mathematical concepts and algorithms, to transform messages in ways that are hard to decipher. These deterministic algorithms are used for cryptographic key generation, digital signing, and verification to protect data privacy and confidential communications such as credit card transactions and email.

Question 32

What does cryptography offer?

Answer 32

Confidentiality, Privacy preservation - there are mechanisms you can use for this??. Authentication - MAC, helps us to determine the actual device?. The IoT device needs a digital certificate to communicate. Public key and public key. Data integrity. Non-repudiation

Question 33

MAC

Answer 33

message authentication code. Can be used to check e.g., message integrity. A shared secret key K is used by the sender and receiver. MAC can be generated using different algorithms e.g. AES, hash function etc. MAC generated using hash functions can further use: (a) symmetric, (b) asymmetric, (c) secret value (salt). Using the encryption algorithms is slow for some applications. Hence, some implementations use only the hash digest with salt.

Question 34

What does AAA mean?

Answer 34

• Authentication (prove the identity of a user on a website so you get access to services on the website),
• Authorization (determines their access rights),
• Accounting (log and monitor user activity).

Question 35

Plaintext

Answer 35

this is the original message or data that is fed into the algorithm as input. Sometimes called cleartext.

Question 36

Encryption algorithm

Answer 36

performs various substitutions and transformations on the plaintext.

Question 37

Secret key

Answer 37

input into the algorithm. The exact substitutions and transformations performed by the algorithm depend on the key. In any cryptography, you need a unique key.

Question 38

Public key

Answer 38

a key used in public key cryptography (PKC) for encryption. Comes in a sort of digital certificate.

Question 39

Privat key

Answer 39

a key used in public key cryptography for decryption.

Question 40

Ciphertext

Answer 40

This is the scrambled message produced as output. It depends on the plaintext and the secret key. Different key produces different ciphertext for messages.

Question 41

Decryption algorithms

Answer 41

it is a reversed version of the encryption algorithm. It takes the ciphertext and the same secret key and produces the original plaintext.

Question 42

Cipher

Answer 42

algorithm for performing encryption or decryption.

Question 43

Cryptanalysis

Answer 43

the process of attempting to discover the plaintext or key. The strategy used by the cryptanalyst depends on the nature of the encryption scheme and the information available to the encryptionanalyst.

Question 44

Types of attacks on encrypted messages

Answer 44

Ciphertext only, Known plaintext, Chosen plaintext: you chose it randomly, Chosen ciphertext and Chosen text.

Question 45

Describe the network access security model

Answer 45

opponent (human, hacker, compromised IoT devices e.g. by DDoS, software e.g. malware like worm and virus) → access channel (untrusted channels e.g. cloud, protocols) → gatekeeper (a device that controls, protects and restricts access to resources or services, the encryption can be here, e.g. IDPS) → assets (such as computing resources, data processes, software, internal security control).

Question 46

How are cryptographic systems classified based on operation methods, key usage and plaintext processing?

Answer 46

• types of operations used for transforming plaintext to ciphertext are substitution (confusion) and transformation/permutation (diffusion).
• Key usage: If both sender and receiver use the same key, the system is referred to as symmetric, single-key, secret-key, or conventional encryption. If the sender and receiver each use a different key, the system is referred to as asymmetric, two-key, or public-key encryption.
• A block of cyphers processed the input one block of elements at a time, producing an output block for each input block. A stream cypher processes the input element continuously, producing output one element at a time as it goes along.

Question 47

Symmetric cryptography

Answer 47

the same key is used for both encryption and decryption.

Question 48

Asymmetric cryptography -

Answer 48

two keys are used, one for encryption and the other for decryption.

Question 49

Which are the algorithms modern Symmetric Key Cryptography (SKC) can be divided into?

Answer 49

stream ciphers and block cipher.

Question 50

Components and concepts used in the stream cipher? -

Answer 50

Exclusive-OR (XOR) operation, Modulo 2 arithmetic, Pseudorandom number generation (PRNG) is deterministic because it uses a seed, A non-deterministic (TRNG, etc) does not use a seed (e.g. throwing coins, etc) and Cryptogrphicallt-secure PRNH (CSPRNG). A form of stream cipher is the RC4 which is a variable-key-size stream cipher with byte-oriented operations based on random permutations.

Question 51

What are the structures of the block cipher?

Answer 51

The two most widely used general structures for designing block ciphers are (1) Feistel Cipher structure (FCS), (2) Substitution Permutation Network (SPN).

Question 52

Describe the Feistel Cipher structure

Answer 52

Feistel cipher is an iterative encryption structure where plaintext is split into two equal blocks (left and right), and multiple rounds of encryption are applied to ensure strong encryption. Each round consists of several steps where information from the right and left blocks is used together with a key to encrypt the data.

1. The left block (L) from the previous round is copied to the right block (R) in the next round.
2. The right block (R) is processed using a cryptographic function F and part of the key. The result of F and the key is XORed with the left block from the previous round.
3. The processed blocks are then combined and passed on to the next round.

Question 53

Describe the Substitution Permutation Network (SPN) structure

Answer 53

is a method of constructing block ciphers, where each block of data (e.g. 16 bits) is encrypted through a series of substitutions and permutations. An SPN consists of several rounds, and in each round the following operations take place:

• Substitution (S-box): Each part of the bits is exchanged (substituted) according to a predetermined table (called an S-box).
• Permutation (P-box): After the substitution, the bits are moved or rearranged (permuted) according to a specific rule (called a P-box).
• Round key (K): In each round, the data is combined with a unique round key (subkey) through an XOR operation. S-box provides confusion and Permutation provides diffusion.

Question 54

Hashing algorithms

Answer 54

• Hash functions convert variable-sized data into a fixed hash value.
• They are fast to compute and do not require a secret key.
• Preimage resistance (one-way) means that it is difficult to recreate the original message from the hash value.
• Second preimage resistance (weak collision resistance) means that it is difficult to find another input that gives the same hash value as a given input. Collision resistance means that it is difficult to find two different messages that produce the same hash value.

Question 55

Examples of hashing algorithms

Answer 55

Message Digest Algorithm 5 (MD5), Secure Hash Algorithm 1 (SHA-1), SHA256.

Question 56

Applications of hashing algorithms

Answer 56

• Intrusion detection through integrity verification, e.g. files and messages
• Signature generation and verification, e.g. in the digital signature, digital certificate
• Password verification, e.g. password hash
• Consensus methods like Proof-of-work, e.g. in blockchain, File or data identifier, e.g. in Gitm Monotone and Content-addressable storage: dealing with message or file retrieval based on its contents and not its name or location, e.g. in content-addressable memory

Question 57

Challenges of securing IoT devices

Answer 57

The encryption hardware cost of traditional encryption algorithms is not negligible. Power consumption e.g battery-driven devices, etc. Processing speed (throughput, delay). A high throughput is necessary for devices with large data transmissions such as a camera or a vibration sensor, while a low delay is important for the real-time control processing of a car-control system.

Question 58

What tools can be used for port scanning and traffic analysis?

Answer 58

Use tools such as Nmap, and ZenMap for port scanning. Capture traffic using Burp Suite, Wireshark, etc.

Question 59

Open port

Answer 59

When the port is open it allows external traffic to communicate with the service running on the port.

Question 60

Filtered port

Answer 60

means that a firewall, filter, or other network obstacle is blocking the port so that the port scanning tool cannot tell whether the port is open or closed.

Question 61

Closed port

Answer 61

Closed ports have no application listening on them, though they could open up at any time