Exam Paper Flashcards
Difference between authentication and Identification
authentication : verify the identity, what user have
Identification : Identify the user, who the user is
Difference between subject and object
Subject : An active entity within an IT system
eg. Process running under a user identity.
Used when discussing operational systems enforcing
policies
Object : Files or Resources
eg. Memory, printer, directories
Subject would have control on an object according to r,w,x permission
How firewall can improve network security and what their main limitation are
• Implements ‘single point’ security measures
• Security event monitoring through packet
analysis and logging
• Network-based access control through
implementation of a rule set
• Defends a protected network against parties
accessing services that should only be available
internally
Limitation :
• Cannot protect against attacks that bypass the firewall like tunneling
• Cannot protect against internal threats or insiders
• Network firewalls cannot always protect against
the transfer of virus-infected programs or files
One-way hash function and how it is used in Access Control
Takes a message of any length, and returns a
pseudorandom hash of fixed length.
Encrypt password.
Explain TOCTTOU
Time of check to time of use
Repeated Authentication
Authenticate user before and during a session
For example, in banking.
Trusted Computing Base
“The totality of protection mechanisms within a
computer system responsible for enforcing a security
policy”
- One of more components
- Enforce a unified security policy over a product or
system - Correct enforcement depends on components within
as well as input from administrators
Hardware – Dedicated registers for defining privileges
• Operating system kernel – E.g. Virtual Machine
Hypervisor
• Operating system – Windows security reference monitor
• Services Layer – JVM, .NET
• Application Layer – Firewalls
Explain CIA and 2 Additional Properties
Confidentiality : Prevent of data disclosure
Integrity : Prevent data modification
Accessibility : Prevent data withholding
Accountability : Users should be held responsible for their actions
Non - Repudiation : non foregable evidence
Software Vulnerability
Points is software that is vulnerable and can be attacked.
Malwares, Viruses , Trojan. Bug in software that can be exploited. eg. Heartbleed in SSL.
Man - in - the - middle Attack and Example
ARP Cache Poisoning.
We can simply send an unrequested ARP reply,
and overwrite the MAC address in a hosts ARP
cache with our own
Functionality in a botnet and example in DDOS
group of hijacked Internet-connected devices, each injected with malware used to control it from a remote location without the knowledge of the device’s rightful owner
Can be used for TCP Syn flooding for DDOS. ordered to rapidly access a website as part of a larger DDoS attack.
.
“Layer Below Attack”
Accessing the layer below the layer that is secured. Messing with the hardware
Four types of threat vectors
Email
Webpage
Software Vulnerability
Chatrooms
What are intrusion detection systems? Compare host based and network based.
- Detects possible intrusion attempts
- Generates alerts and logs for administrators
Host-based (HIDS):
• Monitors the characteristics of a single host to find
suspicious activity including resource / app usage
• In many ways modern Anti-virus does this
- Single computer
Network-based (NIDS):
• Monitors network traffic and analyses a variety of
packets from different protocols to identify suspicious
activity
- Network of computers
Describe and compare “accountability” and “nonrepudiation”
accountabiity : user responsible for their actions. keep a log
Non-repudiation : unforgeable evidence that someone did something. eg. digital certificates
Access Control List (ACL) Where it is used and what are its disadvantage.
Used to show what subject is allowed to do to the named file.
Stored with an object itself, corresponding to a
column of an ACL.
eg. game.exe | Alice : r,w,e | Bob r,e
-Difficult to get an overview
-Tedious to set up
-Management of individual subjects is hard
Denial Of Service and Example
• A denial of service attack is an attempt to make a
machine or network resource unavailable to its
authorised / intended users
• This will usually involve flooding a machine with
enough requests that it can’t serve its legitimate
purpose
• E.g. Ping flood
• A distributed denial of service occurs where there
is more than one attacking machine
TCP syn flooding
• Attacker initiates a genuine connection but then immediately breaks it • Attacker never finishes 3-way handshake • Victim is busy with the timeout • Attacker initiates large number of syn requests • Victim reaches its half-open connection limit • Denial of service
Single Sign On
user authentication process that permits an user to enter one name and password in order to access multiple applications.
Onion Model Diagram
Application Services OS Kernal Hardware
Race Conditions
• With concurrent threads or processes, timing can
lead to security vulnerabilities:
- Space between no access and opening file.
Prevent by turning it into one system call
Unix file permission
Octal Representation Inodes store security representation 4 - Read 2 - Write 1 - Execute User-Group-Others
2 Different Password attack and Prevention
Online
- On login terminal
- Phishing?
- Logging attempts. Limit
Offline
- When password hash file is obtained
- Brute forced
- Complex password
XSRF Attack
Cross-site Request Forgery
• When a user puts in an HTTP request, they
will also send any relevant session cookies
• E.g. an SID from having logged in
• If the user has already authenticated, a
malicious URL can then perform some
action on their account
Prevent by using synchroniser tokens
Cookie Stealing
Cookies are small text files used to provide persistence. • Session – Deleted when the browser exits, contain no expiration date • Persistent – Expire at a given time
• Obtaining this cookie – Cookie Stealing –
lets you hijack their session
2 Different ways Cryptography is Applied
DH KEX
Hash Function
Steps in public key encryption
Asymmetric Encryption
Eg : Diffie Hellman KEX
• Two keys, a public key and a private key
• It is computationally inpractical to calculate a private
from a public key
• In practice this is achieved through intractable
mathematical problems
