Introduction

Question 1

What is a network?

Answer 1

An interconnected configuration of system components designed to communicate and share

Question 2

What is a computer network physically?

Answer 2

A hardware infrastructure interconnecting end devices

Question 3

What are end devices? Give examples

Answer 3

The devices that are the sources or destinations of data transmitted across the network

E.g., PC’s, game consoles, smart TV’s, smartphones, Network Interface Cards (NIC) and OS’s

Question 4

What is infrastructure?

Answer 4

communication links (such as fibre cable, radio, etc.) or packet switches (such as routers, link layer switches, etc.)

Question 5

What are packet switches?

Answer 5

Intermediary network devices that forward data packets between devices within a network based on the packet’s destination addresses

Question 6

What is a computer network logically?

Answer 6

A system providing information exchange between applications that are not sharing memory

Question 7

What is Moore’s Law?

Answer 7

“The number of transistors that fit in unit area of an integrated circuit (or equivalently the total processing power of computers) doubles every two years”

Question 8

What is Metcalfe’s law?

Answer 8

“The value, usefulness, or utility of a network equal the square of the number of users (or connected devices)”

Question 9

What is the internet physically?

Answer 9

A public network of computer networks with billions of end-devices, networks

Question 10

What is the internet logically?

Answer 10

A network facility that provides services to globally distributed applications

Question 11

What is a service, and what is an application?

Answer 11

Services: Core functions provided by the Internet that support data exchange and communication (e.g., email services, web hosting, DNS).

Applications: Software programs that use these services to provide specific functionalities to users (e.g., Gmail, web browsers, instant messaging apps)

Question 12

What is standardisation for the internet? What does it ensure?

Answer 12

The establishment of uniform hardware and protocol specifications

Ensures device interoperability across different vendors, which fosters competition and results in lower prices for end users

Question 13

What would be three reasons for government regulations on the internet?

Answer 13

Fighting digital crimes

Facilitating open market competitions

Practicing censorship

Question 14

What is the internet of things physically? What are some downsides of it?

Answer 14

An extension of the Internet to billions of resource-poor devices

Consists of constrained devices with limited memory, processing power, energy, and accessibility

Question 15

What is the internet of things logically? Examples

Answer 15

A network that extends the reach of distributed applications to the physical world (including humans, animals, plants, terrain, etc.)

E.g., vehicular networks, intelligent lighting, smart cities, etc.

Question 16

What are the three primary elements of network infrastructure?

Answer 16

Network edges
Access Networks
Network Core

Question 17

What are network edges?

Answer 17

End systems/devices or hosts that run applications at the edge of the network, such as worldwide web or email

E.g., computers, smartphones, smart cars, laptops, etc.

Question 18

What are the two different network models?

Answer 18

Client/Server Model and Peer-to-Peer Model

Question 19

What is the Client/Server model?

Answer 19

Clients (typically end-user devices) request services or resources from servers, which are powerful computers or software systems that provide services or resources to clients upon requests

Question 20

What is the Peer-to-Peer model?

Answer 20

End-user devices that are part of the network act as both clients and servers, providing resources or services to other peers whilst also requesting resources or services from them

Question 21

What is an embedded system?

Answer 21

A specialised computer system designed to perform specific functions within a larger mechanical or electrical system

Question 22

What are the five types of embedded systems?

Answer 22

Standalone embedded systems
Network-aware embedded systems
Network-connected embedded systems
Network-central embedded systems
Fully networked embedded systems

Question 23

What is a standalone embedded system?

Answer 23

Systems that have a standalone functionality and do not communicate with other systems

Question 24

What is a network-aware embedded system? What type of network protocol do they come with? What is their most common form of communication with external sources? Are software updates over a network possible for such systems?

Answer 24

Systems that allow access of some internal functionality from outside

Proprietary network protocols dedicated to this purpose

Simple data retrieval (diagnostics, sensing)

Yes, but they are not typically straightforward

Question 25

What is a network-connected embedded systems? What is an alternative name for them?

Answer 25

On-line systems that use standard protocols open to the public

Machine-to-machine networks

Question 26

What is a network-central embedded system? For example:

Answer 26

Systems that have some standalone function but the design of both hardware and software aim at operation in a networked context

Many smartphone apps, television sets, and intelligent lighting

Question 27

What is a fully-networked embedded system? What type of devices are they typically?

Answer 27

Systems that do not have a meaningful standalone function when they are disconnected from the network.

Very low resource devices with elementary behaviour

Question 28

What are access networks? What are two distinct categories of access networks? What have been the two primary access networks for homes in the past decades?

Answer 28

The links that connect end devices to a router in the network core

Mobile, wireless acess networks and wired access networks.

Digital Subscriber Line (for telephone lines) and Cable Internet

Question 29

What is a router?

Answer 29

Networking devices that transfer data between each other

Question 30

What are the two ways that routers transfer data between each other?

Answer 30

Circuit switching and packet switching

Question 31

What is circuit switching? What does it require prior to data transmission? What does it need to reserve? What happens to unused, reserved resources? What is its primary advantage?

Answer 31

Involves establishing a dedicated communication path between the sender and receiver, ensuring exclusive access to resources for the entire session

Network setup

Resources for the session

They remain unused

Provides predictable performance

Question 32

What is packet switching? What are its two primary advantages? Does it involve the sharing of network resources? What does it prevent, and why?

Answer 32

Involves breaking data into packets, allowing them to travel independently through the network via variable routes

Flexibility and efficient resource utilisation

Yes

Idle time as resources are used when needed, without reservations

Question 33

What is statistical multiplexing?

Answer 33

A technique used in packet switching networks where multiple data streams share the same transmission medium, and resources are allocated dynamically as needed rather than dedicating a fixed amount of bandwidth to each packet

Question 34

What is the store-and-forward method? How long does it take to transmit a packet of L bits onto a link at R bps? What

Answer 34

Involves each packet of data being received, stored temporarily, and then being forwarded to the next node or destination in the network

L/R

Question 35

What is the structure of the internet? Specifically, what is at its centre, and what are the following layers?

Answer 35

Tier-1 ISPs, followed by Tier-2 ISPs, and finally Tier-3 ISPs?

Question 36

What coverage do tier-1 ISPs have? How do they connect to one another?

Answer 36

National/International Coverage

Privately among one another in a peer-to-peer manner

Question 37

What coverage do tier-2 ISPs have? What do they connect to? How do they interact with tier-1 ISPs? How do they interact with other tier-2 ISPs?

Answer 37

Often regional

Other tier-2 ISPs and tier-1 ISPs

Pay them for connectivity to the rest of the internet

They interconnect privately among one another

Question 38

What is the coverage of tier-3 ISPs? What are some examples of such ISPs? What are they closest to? Do they have peering and purchasing? What are they customers of?

Answer 38

Local

Businesses, corporations

End systems

No peering, only purchases

Higher tier ISPs

Question 39

What do last hope networks refer to?

Answer 39

Tier-3 ISPs and local ISPs

Question 40

What are the primary 7 security attributes for computer networks?

Answer 40

Confidentiality
Integrity
Availability
Authenticity
Non-repudiation
Privacy
Accountability

Question 41

What is confidentiality?

Answer 41

Keeping secret data hidden from those that are not supposed to see it

Question 42

What is integrity?

Answer 42

Ensuring that data is not altered by those who are not supposed to change it

Question 43

What is availability?

Answer 43

Ensuring that data can be used by those that are supposed to use it

Question 44

What is authenticity?

Answer 44

Ensuring that the data is authentic, i.e., of undisputable origin

Question 45

What is non-repudiation?

Answer 45

Ensuring that a sender cannot deny the authenticity of data they have sent, nor a recipient can deny receiving it

Question 46

What is privacy?

Answer 46

Ensuring that one’s data is not used in ways that it should not be

Question 47

What is accountability?

Answer 47

Ensuring that the information provider is accountable

Question 48

What are security requirements? What are they expressed in terms of?

Answer 48

Requirements related to security

Security attributes

Question 49

What are security policies?

Answer 49

Policies about what the system should achieve, what is allowed in which context, and how to enforce those permissions

Question 50

What is a security model?

Answer 50

Aformal framework used to express and interpret security policies

Question 51

What is ‘need to know’?

Answer 51

A principle in information security that restricts access to sensitive information to only those individuals who require it to perform their job duties

Question 52

What is an attacker model? Why is it important, provide an example:

Answer 52

A model describing the various capabilities, goals, and resources of potential adversaries in cybersecurity scenarios

https connection is ‘secure’ if attacker is an eavesdropper, but not secure if the attacker is the web site or its administrator

Question 53

What are the 11 CCWAPSS Security Scoring Principles?

Answer 53

1. Authentication (evaluating methods used to verify identity of users)
2. Authorisation (assessing system’s mechanism for determining what actions/resources users are permitted to perform/access)
3. Input Check (examining proccedures to validate and sanitise user inputs)
4. Error Handling (assessing how system responds to errors and exceptions to ensure that it does not create security risks)
5. Password Quality
6. Privacy
7. Sessions (reviewing how sessions are managed)
8. Patching (assessing how security patches and updates are applied)
9. Admin Access (evaluating security controls and policies governing administrative access to the system)
10. Encryption (analysing use of encryption techniques to protect data)
11. Third Parties (assessing security measures in place to manage and mitigate risks associated with third-party services, vendors, or integrations)

Question 54

What are the four most imporatnt aspects of security engineering?

Answer 54

Design - must address security goals and not imply security problems

Software Quality - implementation of design must not have vulnerabilities

Security Tool Selection - crypto chosen must be well-selected

System usage - users must know how to use the system in the expected manner

Question 55

What are the three most common security trade-offs?

Answer 55

Security and Usability

Performance and Costs

Confidentiality and Availability

Question 56

What are the two steps in one security requirement engineering approach?

Answer 56

1. Identifying the actors, their goals, and interdependencies
2. Identifying attackers, vulnerabilities, and attacks

Question 57

What does the “Identifying the actors, their goals, and interdependencies” step involve?

Answer 57

Determining the stakeholders (parties with legitimate interests in the system) and their interests, as these will have to be accounted for

Question 58

What does the “Identifying attackers, vulnerabilities, and attacks” step involve?

Answer 58

Outsiders may try to attack the system and must be considered, but so must insider attackers.

Both types of attacks must be labelled as agents in the system but with malicious intents as their goals.

Based on the vulnerabilities and malicious intents of attackers, we identify potential attacks and assign countermeasures to protect against such attacks.