Lesson 11 - Network Security Flashcards

1
Q

What are 2 types of attacks common in Network security?

A
  1. Routing Attacks
  2. Naming Attacks
    Reflection & Phishing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

“Reflection”

A

generating large amounts of traffic at a victim causing a DDOS attack. Extremely common type of attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

“Phishing”

A

attempt to trick user into revealing sensitive info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is wrong with the Internet’s design and why?

A
  • It is fundamentally insecure
  • It was designed for simplicity
  • “On by default” - reachable by any other host by default
  • Hosts are insecure
  • Attacks can look like normal traffic - especially in DDOS attacks were no one request is the problem, but rather a large volume can cause potential problems
  • Federated design - the internet is not run by one person so it is difficult to coordinate security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the problem with packet switch networks?

A
  • They are inherently vulnerable to resource exhaustion attacks
  • Particularly prone to DDOS attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the 4 Components to Security?

A
  • Availability
    • Confidentiality
    • Authenticity
    • Integrity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Availability in Internet Security?

A

Ability to use a resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Confidentiality in Internet Security?

A

Concealing information from prying eyes successfully

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Authenticity in Internet Security?

A

It assures the correct origin of the information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Integrity in Internet Security?

A

Prevents unauthorized changes to packets/etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In Security, what is considered a Threat?

A

Any potential violation of Availability, Confidentiality, Authenticity or Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In Security, what is considered an Attack?

A

Any action that violates either Availability, Confidentiality, Authenticity or Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is an example of a threat to Confidentiality?

A

Eavesdropping with Wireshark and TCPdump in promiscuous mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is an example of a threat to Authenticity?

A
  • Man-In-The-Middle - If the person can suppress the original packet, modify it and send it out again, essentially impersonating Alice
  • ALSO an attack on Integrity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is an example of a threat to Availability?

A

DDOS attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is DOS attack vs a DDOS attack?

A

A regular DOS attack comes from just one origin or host. A DISTRIBUTED DOS attack comes from multiple hosts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

In Security, what are the negative impacts of Attacks?

A
  • Theft of confidential info
  • Unauthorized use of info
  • Spreading false info
  • Disruption of service
18
Q

Routing Security (BGP)

A
  • Control plane authentication
    • Session authentication: point-to-point between routers
    • Path authentication: protects AS path routes
    • Origin authentication: ensures that AS advertising prefix is the owner of that AS
  • Data plane security - determining if data is traveling to the intended locations
19
Q

What is the goal of control plane authentication?

A

To determine the veracity(accuracy) of routing advertisements

20
Q

What is the goal of Data plane security

A

Determining if data is traveling to the intended locations

21
Q

How do routing attacks occur?

A
  • Configuration errors (AS 7007 attack)
  • Routers can be compromised
  • Unscrupulous ISPs
  • These attacks all can happen by tampering with the Config, Software or Routing Data
22
Q

Why do hijacks matter?

A
  • DNS masquerading

* Man In The Middle Attacks

23
Q

What type of IP protocol connects ASes together?

A

TCP connections

24
Q

What is sent over TCP between ASes?

A

We send a message and a hash of the message and the secret key

25
Q

What is Secure BGP (BGPSEC)?

A

Adds signatures to route advertisements making BGP more secure

26
Q

What is Origin Attestation/Address Attestation?

A
  • Certificate binding a prefix to an owner

* Signed by a trusted party

27
Q

What is Path Attestation?

A
  • Signatures along AS path
  • It includes not only the current path, but also the valid next-hop. The next hop is critical to include since an attacker can steal the signatures and replay them and append them together otherwise
28
Q

What types of attacks can Path Attestation protect against?

A
  • Hijacks
  • Shortening
  • Modification
29
Q

What types of attacks can Path Attestation NOT protect against?

A
  • Suppression (if an AS fails to advertise an attack)
  • Replay attacks
  • Data Traffic is not guaranteed to actually be traveling along a valid AS path
30
Q

What is an attack against a DNS Stub?

A
  • Man In The Middle

* Protected by DNSSec

31
Q

What is an attack against a DNS cache resolver?

A
  • Cache poisoning

* Protected by 0x20

32
Q

What is an attack against a DNS Master/Slave Authoritative?

A
  • Spoofing

* Protected by DNSSec

33
Q

What is an attack against a DNS Master Authoritative zone files?

A

Corruption

34
Q

What is an attack against a DNS Master Authoritative dynamic updates?

A

Spoof

35
Q

Why is DNS vulnerable?

A
  • No Authentication!
  • They are Connectionless (UDP)
  • Resolvers implicitly trust responses especially in race conditions
36
Q

What is DNS cache poisoning?

A
  • It’s where a stub resolver sends a request to a recursive resolver and an attacker beats the S.O.A. to sending back a response.
  • Typically the correct ID being sent along with the bogus attack response can be guessed by flooding only a few hundred responses due to the birthday paradox
37
Q

What are the defenses against DNS cache poisoning?

A
  • Add a randomized query ID to the request (weak because of birthday paradox)
  • The recursive resolver can randomize the source port (resource intensive and a NAT might unrandomize it)
  • 0x20 Encoding - which is essentially where the resolver and authoritative server agree on a specific randomized capitalization. This become hard to crack because you have to guess both capitalization and query ID (adds additional entropy)
38
Q

Are DNS servers case sensitive?

A

NO! They are case IN-sensitive

39
Q

What is the Kaminsky attack?

A

Generate a stream of queries of A records causing a bunch of races and then stuffing results with bogus answers

40
Q

What is the DNS Amplification Attack?

A
  • Exploits the asymmetry in size between DNS queries and responses
  • You send a relatively small request and specify the victim as the person requesting the page. This is repeated through many systems causing large result sets to flood the victim resulting in a DDOS attack
41
Q

What are defenses against the DNS Amplification Attack?

A
  • Prevent IP address spoofing through filtering rules

* Disable ability for resolver to resolve queries from arbitrary locations

42
Q

What is the major weakness of DNS and what is the solution?

A
  • Lack of authentication!

* DNSSEC