MOD 6 - Network Security Flashcards
Name all 4 types of security threats and examples for each.
IIFM
- Interception/sniffing:
ex: Host A and Host B are doing a online transaction, but Host C sniffs and steals Host A’s credit card info - Interruptions:
when an asset is no longer available ex: Flooding the network - Fabrication:
An unauthorized user fabricates objects into the network
Ex: email spam - Modification:
Tampering information, ressources or services/ man in the middle attack
What are the 4 values of network security?
- Confidentiality
- Only sender and receiver should understand message contents (sender encrypts, receiver decrypts) - Authentication
- Sender and receiver can confirm each others identities - Message integrity
- Message was not altered before, during or after transit - Access and availability
- Services must be accessible
What are the 3 ways to break an encryption scheme?
1) ciphertext only attack (brute-force, stat analysis)
2) known plaintext attack (can determine pairings)
3) chosen plaintext attack (Trudy sends a plain text she knows, then gets back cypher text, can then determine pairings)
what is substitution cipher?
simple encryption scheme
replace one letter for another. Ex: h->o, i->q , plaintext = hi-> cyphertext= oq
what is ciphertext?
plain text that was encrypted with an encryption algorithm, to become ciphertext
what’s an encryption key?
unique string of bits used to transform plain-text to cipher-text or vise-versa
what is private key crypto?
-sender and receiver DO NOT share a key
-public key = (encryption) KNOWN TO ALL
-private key = (decryption) KNOWN ONLY TO RECEIVER(OWNER), SECRET
in the context of bob, what is K+B, K-B, K-B(m), and if K+B(K-B(m)) = m
K+B = bobs public key
K-B = bobs private key
K-B(m) = message m encrypted with bobs private key
K+B(K-B(m)) = m here we applied bobs public key to the message signed with his private key. If this is equal to m, this proves that bob indeed signed m with his private key
What is CA?
Certification Authority
- Binds public key to particular entity, E
- E (person/router) registers its public key with CA
ex:
-bob registers his public key with CA (with proof that hes bob)
-CA signs bobs public key with their private key
- Alice wants to send bob smt, and requests his public key
-bob sends Alice his public key signed by CA
-alice applies CA’s public key on bobs public key to decrypt it (to make sure its bob)
-now alice can use bobs public key to encrypt and send a message
Alice wants to send a secure email to Bob, explain the process.
Alice:
-Generates symmetric private key, Ks
-Encrypt message m with Ks : Ks(m)
-Also encrypts Ks with bobs public key : K+B(Ks)
Bob:
-Uses his private key to decrypt Ks (from K+B(Ks))
-Then uses Ks to decrypt message m
What is SSL?
Secure Socket Layer = widely deployed security protocol for TCP sockets.
what is a VPN
Virtual Private Network : secure and encrypted connection that allows users to access the internet as if they were connected to a private network
what is IPsec?
Suite of protocols that provide cryptographic security and integrity for internet communications
What are the 2 modes of IPsec operation? compare them
Transport mode = IPsec is applied on the DATA FROM TRANSPORT LAYER (payload) & sent and received by end system. Transport mode does not protect the IP header.
Tunneling mode = IPsec is applied on the ENTIRE PACKET & sent and received by end system. Tunneling mode protects the entire IP packet, then adds new IP header. (prof said: pushing packet through tunnel with new ip, idea is to hide the IP from another user)
SUMMARY: transport encrypts only IP payload, tunneling encrypts the entire IP packet and adds a new header
What are the 2 IPsec protocols?
AH = Authentication Header protocol
- provides source authentication and data integrity, but NOT confidentiality
ESP = Encapsulation Security Protocol
- provides source authentication, data integrity AND confidentiality (encryption)
-build upon AH and is more widely used
both protocols supports the 2 modes of IPsec transport (transport and tunneling)
Summary: AH provides source authentication & integrity, ESP additionally provides encryption
what is a SA?
Security Association
- set of security parameters and keys that define the rules for securing communication between two network entities in IPsec
- simplex logical connections : for only one direction ( from source to destination)
- before sending data, “security association (SA)” established from sending to receiving entity
If IPsec was properly executed, will Trudy – be able to see original contents of datagram? How about source, dest IP address, transport protocol, application port?
- flip bits without detection?
- masquerade as Alice using Alice ’s IP address?
- replay a datagram?
- IPsec provides confidentiality, encrypting the payload of the datagram, making it unreadable to an eavesdropper like Trudy.
- IPsec provides integrity checking, which means that if Trudy were to alter any part of the datagram, the changes would be detected. Tampering with the datagram, such as flipping bits, would result in the receiver rejecting the packet due to failed integrity checks.
- IPsec includes authentication mechanisms to verify the identities of communicating parties. Without the proper authentication keys, Trudy should not be able to convince Bob that she is Alice.
- IPsec includes protection against replay attacks. Each datagram is typically assigned a unique sequence number, and if Trudy were to attempt to replay a previously intercepted datagram, it would be detected and rejected.
what is a firewall?
= isolates organization’s internal network from larger Internet, allowing some packets to pass, blocking others
Prevents:
- DoS attacks
- Illegal mods/acces of internal data
- Unauthorized access - to inside network
Draw a diagram to show how Alice can send Bob a message that ensures confidentiality, authentication, integrity, ..
Reminder:
confidentiality = only bob and alice can understand the contents of the message
authentication = sender can prove their identity
integry = message was not compromised
authentication + integrity = hash the message and encrypt it with ka-, send message in plain text for comparison
confidentiality = encrypt ks with kb+, encrypt tot message with ks
What is the main function of a digital signature and how is it obtained.
= used to verify the the sender if indeed the owner/creator before sending the message
simple digital signature = sender encrypts message with their private key, creating a “signed” message. Receiver can then decrypt and verify the sender identity by using the senders public key.
CA can also be used to bind public key to particular entity
Name 2 possible ways to break a mono-alphabetic cypher
Brute force = search through all keys ( all possible mappings)
statistical analysis
What are the 4 SSL blocks/components?
1) Handshake protocol : server authentication, negotiation: agree on crypto algorithms, establish keys, client authentication (optional)
2) Record Protocol : fragmentation, compression, message authentication and integrity protection, encryption
3) Alert Protocol : error messages (fatal alerts and warnings)
4) Change Cipher Spec Protocol : a single message that indicates the end of the SSL handshake
Why are random numbers used during an SSL handshake?
To prevent replay attacks when generating keys.
What is the use of the message authentication code inside the SSL record?
Ensures the integrity and authenticity of the data transmitted between the client and the server
When do you use transport mode, and when do you use tunneling mode?
Use transport when : when securing communication between individual hosts
Use tunneling when :
when securing communication between networks (EX: VPN uses tuneling)
What’s in a ESP header, and what do they do?
ESP header contains:
* SPI(Security Parameter Index): so receiving entity knows what to do
* Sequence number: to prevent replay attacks
What is the use of the SAD in your computer?
Security Association Database = used to store and manage security associations (SA), which helps your computer identify and apply the appropriate security settings when sending or receiving protected data, ensuring secure and authenticated communication.
What are the 3 kinds of firewalls? Which one is more secure for TCP based servers?
▪ stateless packet filters = router filters packet-by-packet, decision to forward/drop packet based on: source IP address, destination IP address, TCP/UDP source and destination port numbers, ICMP message type, TCP SYN and ACK bit
▪ stateful packet filters = track status of every TCP connection, track connection setup (SYN), teardown (FIN): determine whether incoming, outgoing packets “makes sense”
▪ application gateways = filter packets on application data as well as on IP/TCP/UDP fields
What are application gateways?
typeof firewall
= filter packets based on application data as well as on IP/TCP/UDP fields.
example: allow select internal users to telnet outside
Simple terms: filters packets based on what they wanna do/ bodyguard
What are limitations of firewalls and gateways?
IP spoofing: router can’t know if data “really” comes from claimed source
A firewall filters packets based on?
rules or criteria set by the network
administrator
- EX: source and destination IP addresses, port numbers, and the protocol used (e.g., TCP or UDP)
Which of the following implementations of IPsec is the least secure:
a. AH with ESP in tunnel mode
b. AH with ESP in transport mode
c. AH without ESP in either mode
d. ESP without AH in either mode
C.
AH alone only provides source authentication
Which of the following is an interdomain protocol?
a. BGP
b. RIP
c. OSPF
a.
BGP = interdomain
RIP & OSPF = intra domain
