Module 3: Network Security Concepts Flashcards
1
Q
Describe the Attack Type
Eavesdropping Attack
Also called sniffing or snooping
A
This is when a threat actor captures and “listens” to network traffic.
2
Q
Describe the Attack Type
Data Modification Attack
A
If threat actors have captured enterprise traffic, they can alter the data in the packet without the knowledge of the sender or receiver.
3
Q
Describe the Attack Type
IP Address Spoofing Attack
A
A threat actor constructs an IP packet that appears to orginate from a valid address inside the corporate intranet.
4
Q
Describe the Attack Type
Password-based Attacks
Specifically what can be done with a valid user account password
A
Used the password of a valid user account, to obtain lists of other users, network information, change server and network configurations, and modify, reroute, or delete data.
5
Q
Describe the Attack Type
Denial of Service Attack
(DoS)
A
Prevents normal use of a computer or network by flooding traffic to either slow down or shut down systems and networks.
6
Q
Describe the Attack Type
Man-in-the-Middle Attack
(MitM)
A
When a threat actor positions themselves between a source and destination. They can now actively monitor, capture, and control the communication transparently.
7
Q
Describe the Attack Type
Compromised-key Attack
A
If a threat actor obtains a secret key, it becomes compromised. It can be used to gain access to secure communications without the sender or receiver being aware of the attack.
8
Q
Describe the Penetration Testing Tool
Password Crackers
List some tools
A
Used to find or ‘recover’ a password, either by removing the original password or by discovery by repeated guessses (Brute Force Attack) or using lists of commonly used passwords (Dictionary Attacks)
e.g. John the Ripper, Ophcrack, L0phtCrack, THC Hydra, RainbowCrack, Medusa
9
Q
Describe the Penetration Testing Tool
Wireless Hacking Tools
List some tools
A
Used to discover and hack wireless networks.
Aircrack-ng, Kismet, InSSIDer, KisMAC, Firesheep, NetStumbler
10
Q
Describe the Penetration Testing Tool
Network Scanning and Hacking Tools
List some tools
A
Used to probe network devices, servers, and hosts for open TCP or UDP ports.
Nmap, SuperScan, Angry IP Scanner, NetScan Tools
11
Q
Describe the Penetration Testing Tool
Packet Crafting Tools
List some tools
A
Used to probe and test a firewall’s robustness using specifically crafted forged packets.
Hping, Scapy, Socat, Yersinia, Netcat, Nping, Nemesis
12
Q
Describe the Penetration Testing Tool
Packet Sniffers
List some tools
A
Used to capture and analyse packets within traditional Ethernet LANs or WLANs.
Wireshark, Tcpdump, Ettercap, Dsniff, EtherApe, Paros, Fiddler, Ratproxy, SSLstrip
13
Q
Describe the Penetration Testing Tool
Rootkit Detectors
List some tools
A
Directory and file integrity checker to detect root kits.
AIDE, Netfilter, PF: Open BSD Packet Filter
14
Q
Describe the Penetration Testing Tool
Fuzzers
List some tools
A
Used by threat actors to discover a computer’s security vulnerabilities.
Skipfish, Wapiti, W3af
15
Q
Describe the Penetration Testing Tool
Forensic Tools
List some tools
A
Used to discover evidence existing on a computer.
Sleuth Kit, Helix, Maltego, Encase
16
Q
Describe the Penetration Testing Tool
Debuggers
List some tools
A
Used to reverse engineer binary files when writing exploits.
GBD, WinDbg, IDA Pro, Immunity Debugger
17
Q
Describe the Penetration Testing Tool
Hacking Operating Systems
List some tools
A
Specially designed operating systems preloaded with tools optimised for hacking.
Kali Linux, Knoppix, BackBox Linux
18
Q
Describe the Penetration Testing Tool
Encryption Tools
List some tools
A
Used to encode data to prevent unauthorised access, whether for legitimate or malicious means.
VeraCrypt, CipherShed, OpenSSH, OpenSSL, Tor, OpenVPN, Stunnel
19
Q
Describe the Penetration Testing Tool
Vulnerability Exploitation Tools
List some tools
A
Used to identify whether a remote host is vulnerable to a security attack.
Metasploit, Core Impact, Sqlmap, Social Engineer Toolkit, Netsparker
20
Q
Describe the Penetration Testing Tool
Vulnerability Scanners
List some tools
A
Used to scan a network or system to identify open ports or other weaknesses.
Nipper, Secunia PSI, Core Impact, Nessus, SAINT, Open VAS
21
Q
Question
Which penetration testing tool uses algorithm schemes to encode the data, which then prevents access to the data.
Name the tool, not the attack type!
List some tools
A
Encryption Tools
VeraCrypt, CipherShed, OpenSSH, OpenSSL, Tor, OpenVPN, Stunnel
22
Q
Question
Which penetration testing tools is used by black hats to reverse engineer binary files when writing exploits? They are also used by white hats when analysing malware.
List some tools
A
Debuggers
GBD, WinDbg, IDA Pro, Immunity Debugger
23
Q
Question
Which penetration testing tool is used to probe and test a firewall’s robustness?
List some tools
A
Packet Crafting Tools
Hping, Scapy, Socat, Yersinia, Netcat, Nping, Nemesis
24
Q
Question
Which penetration testing tool is used by white hats to sniff out any trace of evidence existing on a computer?
List some tools
A
Forensic Tools
Sleuth Kit, Helix, Maltego, Encase
25
# Question
Which penetration testing tool exploits a remote host susceptible to a security attack?
## Footnote
List some tools
Vulnerability Exploitation Tools
## Footnote
Metasploit, Core Impact, Sqlmap, Social Engineer Toolkit, Netsparker
26
# Question
What are the three most common types of malware
* Virus
* Worm
* Trojan Horse
27
# Question
Describe a virus:
How does it infect a device?
What does it do?
A virus is a type of malware attached to a file, such as a piece of software. When opened it executes and infects the device.
A virus can:
* Alter, corrupt, or delete files, applications or drives.
* Cause boot issues.
* Capture and send sensitive information to threat actors.
* Access and use email or communication accounts to spread.
* Lay dormant until summoned by the threat actor.
28
# Question
Describe a Trojan horse:
How does it infect a device?
What does it do?
A Trojan is a program that looks useful but carries malicious code, such as free software or games. Unsuspecting users download and install the program and are infected by the Trojan horse.
A Trojan can:
* Provide remote-access to threat actors.
* Send sensitive data to threat actors, like passwords or credit card information.
* Destroy files or drives.
* Act as a proxy to launch attacks or illegal activities.
* Enable unauthorised file transfers via FTP.
* Disable security software or firewalls.
* Denial of Service attack the device, network or a remote network.
* Keylog to steal confidential information.
## Footnote
Remote-access, Data-sending, Destructive, Proxy, FTP, Security Disabler, DoS, Key Logger
29
# Question
Describe a worm:
How does it infect a device?
What does it do?
A worm is a self-replicating program that propagates automatically. It does so without user action, typically by exploiting vulnerabiltiies in legitimate software.
A worm can:
* Use networks to find other victims and propagate.
* Slow or disrupt networks.
30
# Question
Which malware executes arbitrary code and installs copies of itself in the memory of the infected computer? The main purpose of this malware is to automatically replicate from system to system across the network.
Worm
31
# Question
Which malware is non-self-replicating type of malware? It often contains malicious code that is designed to look like something else, such as a legitimate application or file. It attacks the device from within.
Trojan Horse
32
# Question
Which malware is used to gather information about a user and then, without the user's consent, sends the information to another entity?
Spyware
33
# Question
Which malware typically displays annoying pop-ups to generate revenue for its author?
Adware
34
# Question
Which malware is installed on a compromised system and provides privileged access to the threat actor?
Rootkit
35
# Question
Which malware denies access to the infected computer system and demands payment before the restriction is removed?
Ransomware
36
# Question
What three types of attacks are networks susceptible to?
* Reconnaissance Attacks
* Access Attacks
* Denial of Service (DoS) Attacks
37
# Question
What is a Reconnaissance Attack?
What may be gained by carrying it out?
An attack designed to gather information.
Carried out to gain:
* Details on an organisation and its employees.
* Discover active IP addresses.
* Discover available ports.
* Discover vulnerable services.
* Discover vulnerabilities in the applications and operating systems in use.
38
# Question
What is an Access Attack?
What may be gained by carrying it out?
An attack designed to gain entry to accounts, databases and sensitive information.
Carried out to gain:
* Data that can be exfiltrated.
* Gain further access to ensure a foothold.
* Escalate access privileges to adminstrator accounts.
39
# Describe the Access Attack
Password Attack
Attempting to discover passwords using methods like Brute Force Attack (BFA) or Dictionary Attack.
40
# Describe the Access Attack
Spoofing Attack
Attempting to pose as another device by falsifying data, such as MAC spoofing or DHCP spoofing.
41
# Describe the Access Attack
Trust Exploitation
Using unauthorised privileges on one system to gain access to a different system:
* System A trusts System B.
* Attack System B to gain access to it.
* Use System B to gain access to System A.
| Exploits permissions, not by bypassing firewalls like Port Redirection
42
# Describe the Access Attack
Port Redirection
Using a compromised system's ports to redirect data, often to bypass firewall restrictions.
* Attackers sets up SSH (port 22) to Server A that directs traffic from an external web traffic port (port 8080) to a sensitive internal Server B port (port 80).
* Normally any traffic sent from an external source to Server B on port 80 would be blocked by the firewall, but because it uses port 8080 on a trusted server, it is permitted.
| Bypasses firewall, rather than exploits permissions like Trust Exploits
43
# Describe the Access Attack
Man-in-the-Middle Attack
| (MitM)
Positioning yourself between two legitimate entities to read or modify data that passes between them.
44
# Describe the Access Attack
Buffer Overflow Attack
Exploiting buffer memory and overwhelming it with unexpected values or quantities of data. Usually renders it inoperable (DoS)
45
# Question
What is an Social Engineering Attack?
What may be gained by carrying it out?
A type of access attack, designed to manipulate individuals into performing actions or divulging confidential information.
May gain:
* Personal data on an individual
* Account information
* Security system information
* A foothold for further attacks
46
# Describe the Social Engineering Attack
Pretexting
Pretending to need personal or financial information to confirm the identity of a target.
47
# Describe the Social Engineering Attack
Phishing
Sending fraudulent emails designed to appear legitimate from a trusted source. Designed to trick recipients into clicking links, opening attachments, or replying with confidential information.
48
# Describe the Social Engineering Attack
Spear Phishing
Phishing that targets specific individuals or organisations.
49
# Describe the Social Engineering Attack
Spam
Junk mail that is unsolicited, either to advertise, or contain harmful links or malware.
50
# Describe the Social Engineering Attack
Something for Something
| "Quid pro quo"
Requesting confidential information in exchange for a gift.
51
# Describe the Social Engineering Attack
Baiting
Leaving a malware infected device, such as a USB drive, in a public location. Victims who find the drive may then insert it into their device and infect their computer.
52
# Describe the Social Engineering Attack
Impersonation
Pretending to be someone they are not to gain the trust of a victim.
53
# Describe the Social Engineering Attack
Tailgating
Following an authorised person into a secure location, to avoid authorisation checks.
54
# Describe the Social Engineering Attack
Shoulder surfing
Looking over someone's shoulder to steal their password or confidential information as it is entered or displayed.
55
# Describe the Social Engineering Attack
Dumpster diving
Rummaging through bins or waste to discover confidential information, often to carry out identity theft or to steal financial information.
56
# Question
Name some Social Engineering Protection Practices
| 8 listed
1. Never give your login details to anyone.
2. Never leave your login details where they can easily be found.
3. Never open email links or attachments from untrusted sources.
4. Never release confidential work related information on social media sites.
5. Never re-use work related passwords.
6. Always lock or sign out of your unattended computer.
7. Always report suspicious individuals and activity.
8. Always destroy confidential information, according to your organisations policies.
57
# Question
What is a Denial of Service Attack?
What is different about a Distributed Denial of Service attack?
What may be gained by carrying it out?
| DoS and DDoS
An attack that creates interruption in network services. Typically achieved by sending an overwhelming quantity of traffic, but can also be achieved by using maliciously formatted packets.
DDoS attacks are similar, but are carried out from multiple, coordinated sources.
May gain:
* Interruption of services to users, devices or applications.
* Social prestige / fame.
* Bring attention to political issues (hacktivism).
58
# Describe the DDoS term
Zombie
An infected host that is part of a network controlled by a threat actor. Often self-propagating, they are used to coordinate a Distributed Denial of Service attack (DDoS)
59
# Describe the DDoS term
Command and Control System
| CnC
A system that sends control messages to zombies.
60
# Describe the DDoS term
Botnet
A collection of zombies.
61
# Question
What type of attack is tailgating?
Social Engineering Attack
62
# Question
What type of attack is a password attack?
Access Attack
63
# Question
What type of attack is port scanning?
Reconnaissance Attack
64
# Question
What type of attack is man-in-the-middle?
Access Attack
65
# Question
What type of attack is address spoofing?
Access Attack
66
# Describe the IP Attack
ICMP Attack
Threat actors use Internet Control MEssage Protocol (ICMP) echo packets (pings) to discover subnets and hosts on a network, generate a DoS flood attack, or to alter host routing tables
67
# Describe the IP Attack
Amplification and Reflection Attacks
Threat actors attempt to prevent legitimate users from accessing information or services using DoS and DDoS attacks.
68
# Describe the IP Attack
Address Spoofing Attacks
Threat actors spoof the source IP address in an IP packet to perform blind or non-blind spoofing.
69
# Describe the IP Attack
Man-in-the-Middle Attack
| (MitM)
Threat actors position themsevles between a source and a destination to transparently monitor, capture, and control the communication. They could eavesdrop by inspecting captured packets, or alter packets and forward them on to their original destination.
70
# Describe the IP Attack
Session hijacking
Threat actors gain access to the physical network, and then use a MITM attack to hijack a session.
71
# Question
What does IPv4 and IPv6 not do that can be exploited by threat actors?
Validate the source address of the sender is legitimate.
72
# Question
What should be put in place to reduce the effectiveness of ICMP attacks?
What can be put in place to detect them?
Strict ICMP ACLs should filter traffic at the network edge to avoid ICMP probing from the internet or untrusted devices.
Security logging can be used to identify ICMP attacks, and security devices like firewalls and Intrustion Detection Systems (IDS) can detect them and generate alerts.
73
# Describe the ICMP Message type
ICMP Echo Request / Echo Reply
Used to perform host verification and DoS attacks.
74
# Describe the ICMP Message type
ICMP Unreachable
Used to perform network reconnaissance and scanning attacks.
75
# Describe the ICMP Message type
ICMP Mask Reply
Used to map an internal IP network, by sending a broadcast that is replied to with the subnet mask of the network by other devices. Often replaced by DHCP doing the same job.
76
# Describe the ICMP Message type
ICMP Redirects
Used to lure a target host into sending all traffic through a compromised device and create a MITM attack.
77
# Describe the ICMP Message type
ICMP Router Discovery
Responds with information about routers in use on the network. May be used by threat actors to inject bogus route entries into the routing table of a target host.
78
# Question
What is an Amplification and Reflection Attack?
What may be gained by carrying it out?
The threat actor forwards ICMP echo request messages to many hosts. These messages have a modified Source IP Address to match the victim.
May gain:
* All the hosts reply to the victim to unwittingly carry out a DDoS attack
## Footnote
Newer amplification attacks may use DNS or Network Time Protocol (NTP) based attacks
79
# Question
What is a Non-Blind Address Spoofing Attack?
What may be gained by carriying it out?
Changing the Source IP Address of packets, when the threat actor CAN see the traffic sent between the host and the target.
May gain:
* Authorisation to a session
* Firewall state
* Sequence-number predictcion
80
# Question
What is a Blind Address Spoofing Attack?
What may be gained by carrying it out?
Changing the Source IP Address of packets, when the threat actor CAN NOT see the traffic sent between the host and the target.
May gain:
* Denial of Service attack (DoS)
81
# Question
What is MAC Address Spoofing?
What may be gained by carrying it out?
Changing your device MAC address to match a target's.
May gain:
* Updating CAM table entry on a switch, to make the port think the threat actors device is the new port for the target.
82
# Question
Which attack is being used when threat actors position themselves between a source and destination to transparently monitor, capture, and control the communication?
Man-in-the-Middle Attack
| MITM
83
# Question
Which attack is being used when threat actors gain access to the physical network, and then use an MiTM attack to capture and manipulate a legitimate user’s traffic?
Session Hijacking
84
# Question
Which attack is being used when threat actors initiate a simultaneous, coordinated attack from multiple source machines?
| It results in a DDoS but this is the specific attack technique name...
Amplification and Reflection Attack
85
# Question
Which attack is being used when threat actors use pings to discover subnets and hosts on a protected network, to generate flood attacks, and to alter host routing tables?
ICMP Attack
86
# Question
Which attack is being used is when a threat actor creates packets with false source IP address information to either hide the identity of the sender, or to pose as another legitimate user?
Address Spoofing Attack
87
# Question
What are the six control bits of the TCP segment?
| URG, ACK, PSH, RST, SYN and FIN
1. URG - Urgent pointed field significant
2. ACK - Acknowledgement field significant
3. PSH - Push function
4. RST - Reset the connection
5. SYN - Synchronise sequence numbers
6. FIN - No more data from sender
88
What is a UDP Flood Attack?
## Footnote
Name some tools that can cause UDP Flood Attacks
A threat actor usess a tool that sweeps through a network trying to find closed ports. It sends UDP packets to them, which makes them reply with "ICMP Port Unreachable" message, creating a lot of traffic on the segment and a DoS attack.
## Footnote
UDP Unicorn, Low Orbit Ion Cannon (LOIC)
89
# Question
Which attack exploits the three-way handshake?
TCP SYN Flood Attack
90
# Question
Two hosts have established a TCP connection and are exchanging data. A threat actor sends a TCP segment with the RST bit set to both hosts informing them to immediately stop using the TCP connection. Which attack is this?
TCP Reset Attack
91
# Question
Which attack is being used when the threat actor spoofs the IP address of one host, predicts the next sequence number, and sends an ACK to the other host?
TCP Session Hijacking
92
# Question
A program sends a flood of UDP packets from a spoofed host to a server on the subnet sweeping through all the known UDP ports looking for closed ports. This will cause the server to reply with an ICMP port unreachable message. Which attack is this?
UDP Flood Attack
93
# Describe the IP Service attack
What is ARP Cache Poisoning?
What may be gained by carrying it out?
ARP is used to identify devices devices on the subnet and associate them with an IP Address. By sending 'spoofed gratuitous ARP replies' a threat actor can pretend to be the default gateway.
* Implement a Man-in-the-Middle attack.
* Steal confidential information.
* Modify data in transit.
* Inject malicious data.
94
# Question
Name 4 different types of DNS Attacks
1. DNS Open Resolver Atttacks
2. DNS Stealth Attacks
3. DNS Domain Shadowing Attacks
4. DNS Tunneling Attacks
95
# Describe the DNS Attack type
DNS Open Resolver Attack
| Name some techniques
Public DNS servers like GoogleDNS 8.8.8.8 respond to any queries.
This can be manipulated via the following techniques:
* DNS Cache Poisoning - To spoof Record Resource (RR) information to redirect users from legitimate sites to malicious ones.
* DNS Amplification and Redirection Attacks - Threat actors send messages to an open resolver using the IP address of a target host, flooding it with responses.
* DNS Resource Utilisation Attacks - DoS attacking the open resolver to consume its resources and impact any device that relies upon it.
96
# Describe the DNS Attack type
DNS Stealth Attacks
Changing your DNS information or rapidly generating domains to hide a threat actor's identity for malicious use.
97
# Describe the DNS Attack type
DNS Domain Shadowing Attacks
Gathering domain account credentials to silently create multiple sub-domains to be used during attacks, without alerting the domain owner.
For example if access is gained to cisco.com and the threat actor creates subdomains like emails.microsoft.com and recovery.cisco.com they legitimise malicious uses of those domains.
98
Name 3 different types of DHCP Attack
| Think about what information DHCP provides
1. Wrong default gateway
2. Wrong DNS server
3. Wrong IP address
99
# Describe the DHCP Attack type
Wrong Default Gateway
What might be gained by carrying it out?
Either redirects external network traffic to a non-existant IP, or to the IP address of the threat actor's host.
* Non-existant gateway leads to DoS attack.
* Threat actors host as gateway leads to MITM attack.
100
# Describe the DHCP Attack type
Wrong DNS Server
What might be gained by carrying it out?
Threat actor points at their own DNS server.
* They can redirect traffic to their own malicious copies of websites
101
# Describe the DHCP Attack type
Wrong IP Address
What might be gained by carrying it out?
Threat actor serves clients with incorrect IP addresses.
* Creates a Denial of Service (DoS) attack
102
# Question
What are the 3 parts of the CIA Triad?
* Confidentiality
* Integrity
* Availability
103
# Describe
What is Confidentiality?
How may it be achieved?
Ensuring that only authorised individuals, entities, or processes can access sensitive information.
* Typically achieved by permissions and encryption.
104
# Describe
What is Integrity?
How may it be achieved?
Integrity is ensuring that data is protected from unauthorised alterations.
* Typically achieved by hashing algorithms, such as SHA.
105
# Describe
What is Availability?
How may it be achieved?
Authroised users have uninterrupted access to resources.
* Typically achieved by implementing redundancy - redundant internet lines, routers, switches, servers and so forth.
106
# Describe
What is the Defence-in-Depth Approach?
What sort of systems are used to implement it?
A layered approach to security, requiring a combination of networking devices and services working together. These devices must be 'hardened' against access and tampering.
* VPN - To provide remote acess via secure encrypted tunnels.
* Firewall - Stateful awareness of traffic, to direct and block traffic.
* IDS/IPS - Intrusion Detection/Prevention Systems monitors traffic looking for malware, attack signatures etc. often raising alerts or automatically blocking them.
* Email Security Appliance - Checking and blocking of malicious emails.
* Web Security Appliance - Checking and blocking of malicious websites.
* AAA Servers - Servers that ensure ensure Authentication, Authorisation and Accounting. RADIUS, Network Policy Server, Active Directory etc.
* Secure network links - Ensuring that data in transit is also secure, especially to external sources.
107
# Describe the Network Security device
What is a Firewall?
What are the benefits of a firewall?
What are some limitations of firewalls?
A firewall is a network security device that permits certain traffic while denying others.
Benefits:
* Resistant to network attacks.
* Protect the flow of traffic between internal networks to other internal or external networks.
* Enforce access control policy.
Limitations:
* May become a single point of failure for the network.
* Complex to configure, often leading to insecure configurations for convenience.
* Can slow network performance.
* Users might take riskier behaviours to avoid the firewalls restrictions.
* Unauthorised traffic may still be hidden or tunneled, appearing legitimate.
108
# Describe the Network Security device
What are an IDS and an IPS?
How do they differ?
Intrusion Detection Systems and Intrusion Prevention Systems use sensors to inspect network traffic and match them against known malicious packet signatures, to stop threats.
* IDS are passive and simply detect and alert on threats.
* IPS are active and alters network traffic to respond to threats, such as dropping packets or blocking hosts.
109
# Describe the Network Security device
What are Content Security Appliances?
## Footnote
List some examples
Network security devices that give fine-grained control over specific network activities.
* ESA - Email Security Appliance that monitors for email-based threats.
* WSA - Web Security Appliance that monitors for web-based threats.
110
# Question
Which network security device ensures that internal traffic can go out and come back, but external traffic cannot initiate connections to inside hosts?
Firewall
111
# Question
Which network security device contains a secure database of who is authorized to access and manage network devices?
AAA Server
| Authorisation, Authentication, and Auditing
112
# Question
Which network security device filters known and suspicious internet malware sites?
WSA, a type of CSA
| Web Security Appliance, a type of Content Security Appliance
113
# Question
Which network security device is used to provide secure services with corporate sites and remote access support for remote users using secure encrypted tunnels?
VPN
| Virtual Private Network
114
# Question
Which network security device monitors incoming and outgoing traffic looking for malware, network attack signatures, and if it recognizes a threat, it can immediately stop it?
IPS
| Intrusion Prevention System
115
# Question
What are the 4 elements of secure communications?
1. Data Integrity
2. Origin Authentication
3. Data Confidentiality
4. Data Non-Repudiation
116
# Describe the element of Secure Communications
What is Data Integrity?
## Footnote
Name some methods
Guarantees that the message was not altered. Any changes to the data will change its hash value, from a 'known good' file.
## Footnote
SHA, MD5
117
# Describe the element of Secure Communications
Origin Authentication
## Footnote
Name some methods
Guarantees that the message is not a forgery and comes from whom it states.
## Footnote
HMAC, Digital Signatures, TLS/SSL certificates, Kerberos, IPSec, DMARC
118
# Describe the element of Secure Communications
Data Confidentiality
## Footnote
Name some methods
Guarantees that only authorised users can read the message, and any interception would take too long to decipher.
## Footnote
AES (symmetric encryption algorithm), RSA (asymmetric encryption algorithm)
119
# Describe the element of Secure Communications
Data Non-Repudiation
## Footnote
Name some methods
Guarantees that the sender cannot repudiate (refute) the validity of the sent message.
## Footnote
Digital Signatures, PKI, Timestamping, Audit trails
120
# Question
Why is Data Hashing vulnerable to MITM attacks?
| (Man-in-the-Middle)
Because without Origin Authentication a threat actor can intercept the data, change it and generate a new hash which matches the changes.
121
How does HMAC provide Origin Authentication?
| (Keyed-Hash Message Authentication Code)
It adds a Secret Key to the hashing process known by only authorised entities. Without the secret key, such as a password, a threat actor cannot make a hash that will match.
122
# Question
What are some differences between Symmetric Encryption and Asymmetric Encryption?
## Footnote
Why might you use one over the other?
Symmetric Encryption uses the same key to both encrypt and decrypt data.
Asymmetric Encryption uses a different key to encrypt the data (public key) than it does to decrypt the data (private key).
## Footnote
Symmetric encryption is faster, which is useful for bulk data like VPNs. Asymmetric encryption is more secure as it uses longer key lengths, and allows for sharing the public key without worrying about who has access to it.
123
# Describe the Symmetric Encryption method
Block Ciphers
## Footnote
List some Block Ciphers
Encrypt data in fixed-size blocks, usually 64-bit or 128-bit.
## Footnote
AES, 3DES
123
# Describe the Symmetric Encryption method
Stream Ciphers
## Footnote
List some Stream Ciphers
Encrypts data one bit or byte at a time in a continuous string.
## Footnote
ChaCha20, RC4 (deprecated)
124
# Describe the Asymmetric Encryption method
Diffie-Hellman
| (DH)
## Footnote
Where is DH commonly used?
Allows two parties to create an indentical shared key, without having communicated before - and without communicating it.
1. Alice and Bob publically declare an 'Agreed Number = 10'
2. Alice adds her own secret number 3 to it and gets 'Public Number = 13'
3. Bob adds his own secret number 8 to it and gets 'Public Number = 18'
4. Both share their public numbers.
5. Alice adds her secret number to Bob's Public Number '3 + 18 = 21'
6. Bob adds his secret number to Alice's Public Number '8 + 13 = 21'
7. Both have the same Shared Secret number of 21.
| In reality the maths is way more complicated!
## Footnote
IPsec VPN, TLS VPN, SSH
125
# Question
Which encryption method repeats an algorithm process three times and is considered very trustworthy when implemented using very short key lifetimes?
Triple DES
126
# Question
Which encryption method encrypts plaintext one byte or one bit at a time?
Stream Cipher
127
# Question
Which encryption method uses the same key to encrypt and decrypt data?
Symmetric Encryption
128
# Question
Which encryption method is a stream cipher and is used to secure web traffic in SSL and TLS?
Rivest Cipher (RC4)
## Footnote
RC is depreciated and replaced by things like AES-GCM and ChatCha20-Poly1305
129
# Question
The IT department is reporting that a company web server is receiving an abnormally high number of web page requests from different locations simultaneously. Which type of security attack is occurring?
DDOS Attack
| Distributed Denial of Service
130
# Question
What causes a buffer overflow?
Attempting to write more data to a memory location than it can hold.
131
# Question
Which objective of secure communications is achieved by encrypting data?
Confidentiality
132
# Question
What type of malware has the primary objective of spreading across the network?
Worm
133
# Question
What three items are components of the CIA triad?
1. Confidentiality
2. Integrity
3. Availability
134
# Question
Which cyber attack involves a coordinated attack from a botnet of zombie computers?
DDoS Attack
135
# Question
What specialized network device is responsible for enforcing access control policies between networks?
Firewall
136
# Question
To which category of security attacks does man-in-the-middle belong?
Access Attack
137
# Question
What is the role of an IPS?
To detect patterns of malicious traffic by the use of signature files.
138
# Question
Which type of DNS attack involves the cybercriminal compromising a parent domain and creating multiple subdomains to be used during the attacks?
DNS Shadowing Attack
139
# Question
Which two types of hackers are typically classified as grey hat hackers?
1. Hacktivists
2. Vulnerability brokers
140
# Question
What is a significant characteristic of virus malware?
A virus is triggered by an even on the host system
141
# Question
A cleaner attempts to enter a computer lab but is denied entry by the receptionist because there is no scheduled cleaning for that day. What type of attack was just prevented?
Social Engineering Attack
