MOD 6 - Network Security

Question 1

Name all 4 types of security threats and examples for each.

Answer 1

IIFM

1. Interception/sniffing:
   ex: Host A and Host B are doing a online transaction, but Host C sniffs and steals Host A’s credit card info
2. Interruptions:
   when an asset is no longer available ex: Flooding the network
3. Fabrication:
   An unauthorized user fabricates objects into the network
   Ex: email spam
4. Modification:
   Tampering information, ressources or services/ man in the middle attack

Question 2

What are the 4 values of network security?

Answer 2

1. Confidentiality
   - Only sender and receiver should understand message contents (sender encrypts, receiver decrypts)
2. Authentication
   - Sender and receiver can confirm each others identities
3. Message integrity
   - Message was not altered before, during or after transit
4. Access and availability
   - Services must be accessible

Question 3

What are the 3 ways to break an encryption scheme?

Answer 3

1) ciphertext only attack (brute-force, stat analysis)
2) known plaintext attack (can determine pairings)
3) chosen plaintext attack (Trudy sends a plain text she knows, then gets back cypher text, can then determine pairings)

Question 4

what is substitution cipher?

Answer 4

simple encryption scheme

replace one letter for another. Ex: h->o, i->q , plaintext = hi-> cyphertext= oq

Question 5

what is ciphertext?

Answer 5

plain text that was encrypted with an encryption algorithm, to become ciphertext

Question 6

what’s an encryption key?

Answer 6

unique string of bits used to transform plain-text to cipher-text or vise-versa

Question 7

what is private key crypto?

Answer 7

-sender and receiver DO NOT share a key
-public key = (encryption) KNOWN TO ALL
-private key = (decryption) KNOWN ONLY TO RECEIVER(OWNER), SECRET

Question 8

in the context of bob, what is K+B, K-B, K-B(m), and if K+B(K-B(m)) = m

Answer 8

K+B = bobs public key
K-B = bobs private key
K-B(m) = message m encrypted with bobs private key

K+B(K-B(m)) = m here we applied bobs public key to the message signed with his private key. If this is equal to m, this proves that bob indeed signed m with his private key

Question 9

What is CA?

Answer 9

Certification Authority

• Binds public key to particular entity, E
• E (person/router) registers its public key with CA

ex:
-bob registers his public key with CA (with proof that hes bob)
-CA signs bobs public key with their private key
- Alice wants to send bob smt, and requests his public key
-bob sends Alice his public key signed by CA
-alice applies CA’s public key on bobs public key to decrypt it (to make sure its bob)
-now alice can use bobs public key to encrypt and send a message

Question 10

Alice wants to send a secure email to Bob, explain the process.

Answer 10

Alice:
-Generates symmetric private key, Ks
-Encrypt message m with Ks : Ks(m)
-Also encrypts Ks with bobs public key : K+B(Ks)

Bob:
-Uses his private key to decrypt Ks (from K+B(Ks))
-Then uses Ks to decrypt message m

Question 11

What is SSL?

Answer 11

Secure Socket Layer = widely deployed security protocol for TCP sockets.

Question 11

what is a VPN

Answer 11

Virtual Private Network : secure and encrypted connection that allows users to access the internet as if they were connected to a private network

Question 12

what is IPsec?

Answer 12

Suite of protocols that provide cryptographic security and integrity for internet communications

Question 13

What are the 2 modes of IPsec operation? compare them

Answer 13

Transport mode = IPsec is applied on the DATA FROM TRANSPORT LAYER (payload) & sent and received by end system. Transport mode does not protect the IP header.

Tunneling mode = IPsec is applied on the ENTIRE PACKET & sent and received by end system. Tunneling mode protects the entire IP packet, then adds new IP header. (prof said: pushing packet through tunnel with new ip, idea is to hide the IP from another user)

SUMMARY: transport encrypts only IP payload, tunneling encrypts the entire IP packet and adds a new header

Question 14

What are the 2 IPsec protocols?

Answer 14

AH = Authentication Header protocol
- provides source authentication and data integrity, but NOT confidentiality

ESP = Encapsulation Security Protocol
- provides source authentication, data integrity AND confidentiality (encryption)
-build upon AH and is more widely used

both protocols supports the 2 modes of IPsec transport (transport and tunneling)

Summary: AH provides source authentication & integrity, ESP additionally provides encryption

Question 15

what is a SA?

Answer 15

Security Association

• set of security parameters and keys that define the rules for securing communication between two network entities in IPsec
• simplex logical connections : for only one direction ( from source to destination)
• before sending data, “security association (SA)” established from sending to receiving entity

Question 16

If IPsec was properly executed, will Trudy – be able to see original contents of datagram? How about source, dest IP address, transport protocol, application port?
- flip bits without detection?
- masquerade as Alice using Alice ’s IP address?
- replay a datagram?

Answer 16

• IPsec provides confidentiality, encrypting the payload of the datagram, making it unreadable to an eavesdropper like Trudy.
• IPsec provides integrity checking, which means that if Trudy were to alter any part of the datagram, the changes would be detected. Tampering with the datagram, such as flipping bits, would result in the receiver rejecting the packet due to failed integrity checks.
• IPsec includes authentication mechanisms to verify the identities of communicating parties. Without the proper authentication keys, Trudy should not be able to convince Bob that she is Alice.
• IPsec includes protection against replay attacks. Each datagram is typically assigned a unique sequence number, and if Trudy were to attempt to replay a previously intercepted datagram, it would be detected and rejected.

Question 17

what is a firewall?

Answer 17

= isolates organization’s internal network from larger Internet, allowing some packets to pass, blocking others

Prevents:
- DoS attacks
- Illegal mods/acces of internal data
- Unauthorized access - to inside network

Question 18

Draw a diagram to show how Alice can send Bob a message that ensures confidentiality, authentication, integrity, ..

Answer 18

Reminder:
confidentiality = only bob and alice can understand the contents of the message
authentication = sender can prove their identity
integry = message was not compromised

authentication + integrity = hash the message and encrypt it with ka-, send message in plain text for comparison

confidentiality = encrypt ks with kb+, encrypt tot message with ks

Question 19

What is the main function of a digital signature and how is it obtained.

Answer 19

= used to verify the the sender if indeed the owner/creator before sending the message

simple digital signature = sender encrypts message with their private key, creating a “signed” message. Receiver can then decrypt and verify the sender identity by using the senders public key.

CA can also be used to bind public key to particular entity

Question 20

Name 2 possible ways to break a mono-alphabetic cypher

Answer 20

Brute force = search through all keys ( all possible mappings)

statistical analysis

Question 21

What are the 4 SSL blocks/components?

Answer 21

1) Handshake protocol : server authentication, negotiation: agree on crypto algorithms, establish keys, client authentication (optional)

2) Record Protocol : fragmentation, compression, message authentication and integrity protection, encryption

3) Alert Protocol : error messages (fatal alerts and warnings)

4) Change Cipher Spec Protocol : a single message that indicates the end of the SSL handshake

Question 22

Why are random numbers used during an SSL handshake?

Answer 22

To prevent replay attacks when generating keys.

Question 23

What is the use of the message authentication code inside the SSL record?

Answer 23

Ensures the integrity and authenticity of the data transmitted between the client and the server

Question 24

When do you use transport mode, and when do you use tunneling mode?

Answer 24

Use transport when : when securing communication between individual hosts

Use tunneling when :
when securing communication between networks (EX: VPN uses tuneling)

Question 25

What’s in a ESP header, and what do they do?

Answer 25

ESP header contains:
* SPI(Security Parameter Index): so receiving entity knows what to do
* Sequence number: to prevent replay attacks

Question 26

What is the use of the SAD in your computer?

Answer 26

Security Association Database = used to store and manage security associations (SA), which helps your computer identify and apply the appropriate security settings when sending or receiving protected data, ensuring secure and authenticated communication.

Question 27

What are the 3 kinds of firewalls? Which one is more secure for TCP based servers?

Answer 27

▪ stateless packet filters = router filters packet-by-packet, decision to forward/drop packet based on: source IP address, destination IP address, TCP/UDP source and destination port numbers, ICMP message type, TCP SYN and ACK bit

▪ stateful packet filters = track status of every TCP connection, track connection setup (SYN), teardown (FIN): determine whether incoming, outgoing packets “makes sense”

▪ application gateways = filter packets on application data as well as on IP/TCP/UDP fields

Question 28

What are application gateways?

Answer 28

typeof firewall
= filter packets based on application data as well as on IP/TCP/UDP fields.
example: allow select internal users to telnet outside

Simple terms: filters packets based on what they wanna do/ bodyguard

Question 29

What are limitations of firewalls and gateways?

Answer 29

IP spoofing: router can’t know if data “really” comes from claimed source

Question 30

A firewall filters packets based on?

Answer 30

rules or criteria set by the network
administrator

• EX: source and destination IP addresses, port numbers, and the protocol used (e.g., TCP or UDP)

Question 31

Which of the following implementations of IPsec is the least secure:
a. AH with ESP in tunnel mode
b. AH with ESP in transport mode
c. AH without ESP in either mode
d. ESP without AH in either mode

Answer 31

C.

AH alone only provides source authentication

Question 32

Which of the following is an interdomain protocol?
a. BGP
b. RIP
c. OSPF

Answer 32

a.

BGP = interdomain
RIP & OSPF = intra domain