IT security

Question 1

What is the CIA triad?

Answer 1

The CIA triad includes confidentiality, integrity, and availability.

Question 2

What is the difference between safety and security?

Answer 2

Saftey is about protecting the environment from a system. Security is about protecting the system form the environment.

Question 3

What are potential causes of security vulnerabilities?

Answer 3

1. Development under tight time constraints
2. Insufficient knowledge of the developer
3. Underestimation of risk potentials
4. Operating system failure

Question 4

Define confindentiality?

Answer 4

Only the sender and the legitimate receiver should be able to understand the transmitted information.

Question 5

Define integrity?

Answer 5

Communication is not unnoticeable altered in transit. Neither by accident nor by a malicious adversary.

Question 6

Define availability

Answer 6

Communication should be available within its operational boundaries without an adversay being able to tear it down.

Question 7

Define authentication

Answer 7

Sender and receiver should be able to validate the other party involved in the communication at any time.

Question 8

Define non-repudiation

Answer 8

Sender of a message is not able to deny the authorship after transmission.

Question 9

Anonymity

Answer 9

The originator of a message can not be identified.

Question 10

Pseudonymity

Answer 10

The originator of a message can be identified, though either only with a huge effort or by using additional information not necesarily available to the message’s recipient.

Question 11

Name six frauds in communication systems

Answer 11

Malware - software that harms a target - worms , virus, spyware, ransomware
Distributed Denial-of-Service-Attack
Machine in the Middle Attack
Spoofing
Replay Attack
Insufficient input validation

Question 12

What is symmetric cryptography

Answer 12

In symmetric cryptography the same key is used for encryption and decryption.
It is older than assymmetric cryptography, for example, Caesar’s cipher.
Provides confidentiality for transmitted or stored data. Only sender and receiver should understand the transmitted information.
Algorithms: DES, advanced Encryption Standard, ChaCha20
Block cipher - work on plaintext pieves with a fixed size
Stram cipher - work on bit-by-bit or byte-by-byte

Question 13

What are the requirements for symmetric cryptography

Answer 13

Knowldge of the algorithm should not weaken the strenght of the encryption - Kerckhoff’s principle
Knowledge of ciphertext and algorithm should not enable an adversary to extract either the plaintext or the secret key
Stronger: Knowledge of ciphertext and corresponding plaintext should not enable the adversary to extract the secret key
Sender and receiver must obtain a copy of the secret key

Question 14

Attacks on symmetric encryption

Answer 14

Cryptoanalysis - algorith and plaintext-ciphertext is analyzed
Brute-fore attack - try all possible keys

Question 15

What are the properties of cryptographic hash functions?

Answer 15

Compression - H(x) produces output of fixed lenght, regardless of the lenght of x
Efficiency - H(x) is relatively easy and fast to compute
Pre-image resistance - Given H(x), it should be practically infeasible to find x
2nd pre-image resistance Given H(x) and x it should be practically infeasible to find x’ not equal x that H(x) = H(x’)
Collision resistance - it should be practically infeasible to find x and x’ (with x’ not equal x) such that H(x) = H(x’)

Question 16

What are the most widely used cryptographic hash functions?

Answer 16

> MD5, 128-bit output (don’t use!)
SHA-1, 160-bit output (don’t use!)
SHA-2(56), up to 256-bit output
SHA-3, 224 up to 512-Bit output

Question 17

Describe asymmetric cryptography

Answer 17

Problem of symmentric cryptography - key distribution.
Solution of asymmetric cryptography - public and private key. Public key is known to everyone, private key only to user. Public and private key are connected through a hard mathematical problem
RSA
ECC
Provides CIA

Question 18

What is authentication

Answer 18

Authentication describes the process that validates the identity of a user or program against any other user or program and is atwo step procedure.
Identification is asserting who a person is
Authentication is proving that asserted identity

Question 19

Name different authentication methods

Answer 19

Password
Something you are - biometrics
Something you have
Singel Sign-On
Multi-factor Authentication

Question 20

Name different authentication frauds

Answer 20

Brute-force attack
Social Engineering
Phishing
Physical attacks

Question 21

Name effective policy implementations

Answer 21

Check every access
Enforce least privilege
Verify acceptable usage
Tracking
Access Log

Question 22

What is spoofing?

Answer 22

Attacker pretends to be someone or something else.
ARP
MAC
DNS
IP

Question 23

What are digital certificates?

Answer 23

Digital document that assures the mapping between a public key and the corresponding entity (natural or legal person, domain name, mail address, …

Question 24

What’s the content of a X.509 certificate?

Answer 24

> Version: specifies the version and thus the
certificate format, currently v3
Serial Number: Unique identifier within the
CA.
Signature Algorithm Identifier: Algorithm
that is used to sign the certificate together
with any parameters.
Issuer Name: Name of the trusted third
party (CA).
Period of validity: Consists of two dates,
the first and the last on which the certificate
is valid.
Subject name: The name of the user who
holds the private key corresponding to the
contained public key.
Public key info: The public key itself together
with information about the algorithm in use.
Issuer identifier: Optional identifier for the
issuer.
Subject identifier: Optional identifier for the
subject.
Extensions: Added in version 3 and contains a
list of extension fields.
Signature: Covers all other fields of the
certificate and contains the hash digest
encrypted with the signer’s private key.

Question 25

What institutions are involved in the certification process?

Answer 25

> Certificate authority (CA): Provides the CA
certificate and signs CSR issued by the
subjects.
Registration authority (RA): Validates the
information provided by the subject and
approves the CSR before it is signed by a CA.
Validation authority (VA): Offers validation
of certificates either by OCSP or CRL.

Question 26

How does ARP work? And how is it spoofed?

Answer 26

1. A wants to send a frame to D
2. A sents an ARP request (boradcast) containing D’s IP address
3. All recieving devices update their tables
4. D send ARP reply (unicast) to A

Question 27

How can encryption keys be exchanged between two parties?

Answer 27

1 One party can physically deliver the key on a USB stick to the other
2 A thrid party generates a key and delivers it to both parties.
3 Transmit a new key over an established encrypted transmission path.
4 Use of asymmetric encryption for symmentric key exchange.

Question 28

How can data in motion be encrypted?

Answer 28

Transport encryption
End-To-End encryption

Question 29

What is TLS?

Answer 29

Successor of the Internet standard Secure Socket Layer SSL

> SSL architecture operates on two layers
The upper layer serves several functions:
Handshake, Change Ciper Spec, Alert Protocol, and
Application Data Protocol
The lower layer handles the security of the communication:
Record Protocol

Question 30

Describe the TLS 1.2 handshake

Answer 30

Phase 1: Establish security capabilities, including protocol version , session ID, cipher suite, compression methods, and initial random numbers
Phase 2: Server may send certificate, key exchange, and request certificate. Server signals end of hello message phase.
Phase 3: Client sends certificate if requested. Client sends key exchange. Client may send certificate verification.
Phase 4: Change cipher suite and finish handshake protocol.

Question 31

Describe the client_hello

Answer 31

> Version: Highest version supported by the client
Random: Nonce to prevent against replay
attacks
Session ID: If nonzero the client wishes to
update a session or create a new connection
within one session. If zero a new session is
created.
CipherSuite: List of supported cipher suites in
decreasing order of preference
(e.g. TLS_RSA_WITH_AES_128_CBC_SHA256)
Compression Method: List of supported
compression methods

Question 32

Describe the server_hello

Answer 32

> Ephemeral Elliptic Curve Diffie-Hellman
for key exchange (could also be RSA)
RSA for authentication (could also be
(EC)DSA)
AES128 GCM for symmetric encryption
SHA256 for message authentication hash
algorithm or MD5

Question 33

What is HTTPS? What is encrypted and not encrypted?

Answer 33

Combination of HTTP and useage of SSL/TLS as transport security

URL of the requeste document is encrypted
Contents of teh document
Contents of browser forms
Cookies

Not encrypted:
IP addresses of the endpoints and TCP ports
Amount of transmitted data

Question 34

What is a VLAN?

Answer 34

VLANs separate the network into different broadcast domains.

Question 35

What is a firewall?

Answer 35

A barrier between different network areas.

Question 36

What are firewall rules based on?

Answer 36

Source and destination IP
TLP
transport layer address port
physical interface

Question 37

What are stateful inspection firewalls?

Answer 37

Outgoing packets are tracked as connections. Incoming packets are allowed only if they match the outgoing packets in terms of sources destination address and port numbers.

Question 38

Name different firewall basing options and firewall locations

Answer 38

Bastion host: critical strong point int the network
Host-based firewall: software module to secure an individual host
Personal firewal: software module to secure a personal computer

distributed firewalls
demilitarized zone

Question 39

What information should be included in the audit log of an intrusion dedection firewall?

Answer 39

Subject: typicall a user
action: operation that is performed
object: resouce, file, progra, or whatever is accessed by the subject
exception-condition:
resouces usage
time-stamp