Lesson 11 - Network Security

Question 1

What are 2 types of attacks common in Network security?

Answer 1

1. Routing Attacks
2. Naming Attacks
   Reflection & Phishing

Question 2

“Reflection”

Answer 2

generating large amounts of traffic at a victim causing a DDOS attack. Extremely common type of attack.

Question 3

“Phishing”

Answer 3

attempt to trick user into revealing sensitive info

Question 4

What is wrong with the Internet’s design and why?

Answer 4

• It is fundamentally insecure
• It was designed for simplicity
• “On by default” - reachable by any other host by default
• Hosts are insecure
• Attacks can look like normal traffic - especially in DDOS attacks were no one request is the problem, but rather a large volume can cause potential problems
• Federated design - the internet is not run by one person so it is difficult to coordinate security

Question 5

What is the problem with packet switch networks?

Answer 5

• They are inherently vulnerable to resource exhaustion attacks
• Particularly prone to DDOS attacks

Question 6

What are the 4 Components to Security?

Answer 6

• Availability
  
  • Confidentiality
  • Authenticity
  • Integrity

Question 7

What is Availability in Internet Security?

Answer 7

Ability to use a resource

Question 8

What is Confidentiality in Internet Security?

Answer 8

Concealing information from prying eyes successfully

Question 9

What is Authenticity in Internet Security?

Answer 9

It assures the correct origin of the information

Question 10

What is Integrity in Internet Security?

Answer 10

Prevents unauthorized changes to packets/etc

Question 11

In Security, what is considered a Threat?

Answer 11

Any potential violation of Availability, Confidentiality, Authenticity or Integrity

Question 12

In Security, what is considered an Attack?

Answer 12

Any action that violates either Availability, Confidentiality, Authenticity or Integrity

Question 13

What is an example of a threat to Confidentiality?

Answer 13

Eavesdropping with Wireshark and TCPdump in promiscuous mode

Question 14

What is an example of a threat to Authenticity?

Answer 14

• Man-In-The-Middle - If the person can suppress the original packet, modify it and send it out again, essentially impersonating Alice
• ALSO an attack on Integrity

Question 15

What is an example of a threat to Availability?

Answer 15

DDOS attack

Question 16

What is DOS attack vs a DDOS attack?

Answer 16

A regular DOS attack comes from just one origin or host. A DISTRIBUTED DOS attack comes from multiple hosts.

Question 17

In Security, what are the negative impacts of Attacks?

Answer 17

• Theft of confidential info
• Unauthorized use of info
• Spreading false info
• Disruption of service

Question 18

Routing Security (BGP)

Answer 18

• Control plane authentication
  
  • Session authentication: point-to-point between routers
  • Path authentication: protects AS path routes
  • Origin authentication: ensures that AS advertising prefix is the owner of that AS
• Data plane security - determining if data is traveling to the intended locations

Question 19

What is the goal of control plane authentication?

Answer 19

To determine the veracity(accuracy) of routing advertisements

Question 20

What is the goal of Data plane security

Answer 20

Determining if data is traveling to the intended locations

Question 21

How do routing attacks occur?

Answer 21

• Configuration errors (AS 7007 attack)
• Routers can be compromised
• Unscrupulous ISPs
• These attacks all can happen by tampering with the Config, Software or Routing Data

Question 22

Why do hijacks matter?

Answer 22

• DNS masquerading

* Man In The Middle Attacks

Question 23

What type of IP protocol connects ASes together?

Answer 23

TCP connections

Question 24

What is sent over TCP between ASes?

Answer 24

We send a message and a hash of the message and the secret key

Question 25

What is Secure BGP (BGPSEC)?

Answer 25

Adds signatures to route advertisements making BGP more secure

Question 26

What is Origin Attestation/Address Attestation?

Answer 26

• Certificate binding a prefix to an owner

* Signed by a trusted party

Question 27

What is Path Attestation?

Answer 27

• Signatures along AS path
• It includes not only the current path, but also the valid next-hop. The next hop is critical to include since an attacker can steal the signatures and replay them and append them together otherwise

Question 28

What types of attacks can Path Attestation protect against?

Answer 28

• Hijacks
• Shortening
• Modification

Question 29

What types of attacks can Path Attestation NOT protect against?

Answer 29

• Suppression (if an AS fails to advertise an attack)
• Replay attacks
• Data Traffic is not guaranteed to actually be traveling along a valid AS path

Question 30

What is an attack against a DNS Stub?

Answer 30

• Man In The Middle

* Protected by DNSSec

Question 31

What is an attack against a DNS cache resolver?

Answer 31

• Cache poisoning

* Protected by 0x20

Question 32

What is an attack against a DNS Master/Slave Authoritative?

Answer 32

• Spoofing

* Protected by DNSSec

Question 33

What is an attack against a DNS Master Authoritative zone files?

Answer 33

Corruption

Question 34

What is an attack against a DNS Master Authoritative dynamic updates?

Answer 34

Spoof

Question 35

Why is DNS vulnerable?

Answer 35

• No Authentication!
• They are Connectionless (UDP)
• Resolvers implicitly trust responses especially in race conditions

Question 36

What is DNS cache poisoning?

Answer 36

• It’s where a stub resolver sends a request to a recursive resolver and an attacker beats the S.O.A. to sending back a response.
• Typically the correct ID being sent along with the bogus attack response can be guessed by flooding only a few hundred responses due to the birthday paradox

Question 37

What are the defenses against DNS cache poisoning?

Answer 37

• Add a randomized query ID to the request (weak because of birthday paradox)
• The recursive resolver can randomize the source port (resource intensive and a NAT might unrandomize it)
• 0x20 Encoding - which is essentially where the resolver and authoritative server agree on a specific randomized capitalization. This become hard to crack because you have to guess both capitalization and query ID (adds additional entropy)

Question 38

Are DNS servers case sensitive?

Answer 38

NO! They are case IN-sensitive

Question 39

What is the Kaminsky attack?

Answer 39

Generate a stream of queries of A records causing a bunch of races and then stuffing results with bogus answers

Question 40

What is the DNS Amplification Attack?

Answer 40

• Exploits the asymmetry in size between DNS queries and responses
• You send a relatively small request and specify the victim as the person requesting the page. This is repeated through many systems causing large result sets to flood the victim resulting in a DDOS attack

Question 41

What are defenses against the DNS Amplification Attack?

Answer 41

• Prevent IP address spoofing through filtering rules

* Disable ability for resolver to resolve queries from arbitrary locations

Question 42

What is the major weakness of DNS and what is the solution?

Answer 42

• Lack of authentication!

* DNSSEC