Network and Computer Security Flashcards

1
Q

What does CIA stand for?

A

Confidentiality
Integrity
Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define Identification

A

Associating an identity with a subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Authentication

A

Verifying the validity of something

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define Authorization

A

Granting (or denying) the right or permission of a system entity to access an object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define Access Control

A

Controlling the access of system entities (on behalf of subjects) to objects based on an access control policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are four widely used mechanisms for authentication?

A
  1. Something you know - Password/PIN
  2. Something you have - Smart card or one-time password
  3. Something you are - Biometric Characteristics/Facial Scan/Photograph
  4. Location
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What do good systems include?

A

Allow for passwords and validate passwords securely
How to access systems securely that require a password
Allow passwords of arbitrary length
Store passwords hashed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define Social Engineering

A

Tricking people into giving up private information or doing things they shouldn’t, usually by pretending to be someone they trust.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define a Soft Token

A

A one-time use password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a bad example of a Hard Token?

A

UniCard as it could easily be duplicated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a Biometric Scan?

A

Uses characteristics of your body
- Fingerprint
- Retina scan
- Face scan
To authenticate your identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What do Typical Access Control models focus on?

A

Authorization
- Specification of who is allowed to do what
- How to update/change permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Give an example of a simple access control model.

A

AC = Subject x Object x Request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

List 4 key factors of access control models.

A
  1. Often depend on system state
  2. Subjects and permissions change over time
  3. Access rights might require completion of certain tasks or conditions
  4. Prone to implementation and configuration mistakes (bugs)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does a security policy do?

A

Defines what is allowed (and/or forbidden)
- It is comparable to a set of laws
- Defined in terms of rules and/or requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a security model?

A

A framework that defines rules and guidelines for protecting data and resources in a system.

It helps ensure confidentiality, integrity, and availability by describing how users, processes, and systems interact securely. Examples include Bell-LaPadula.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a Role-based Access Control used for?

A
  • Create roles for job functions in enterprises
  • Assign users to roles
  • Assign a set of permissions for each role
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

How is a RBAC formalized?

A
  • A set ROLES
  • A set USERS
  • A relation UA ⊂ USER x ROLES
  • A relation PA ⊂ ROLES x PERMISSION
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are key factors of a RBAC when it comes to changing/removing roles?

A

It uncommon to add/remove roles in organizations - they are more static
If people leave/change roles only one smaller, simpler table/relationship to update

  • Employees leaving the company are much more in focus - don’t want them having permissions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What should be considered in a simple RBAC

A
  • Role Hierarchies
  • Who can change permission
  • Context information
  • User switching roles
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What do most pratical RBAC applications use?

A

Extended/modified versions
- Role hierarchies
- Access control constraints (attributes)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is widely used with RBAC?

A

XACML (attribute-based access control, very flexible)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is a Hierarchical RBAC?

A

Extends RBAC with role hierarchy:
- A relation RH ⊂ ROLES x ROLES
- Describing the role hierarchy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is Mandatory Access Control (MAC)?

A

Controls access to resources based on predefined policies.
Access is determined by a central authority, not by the owner or user of the data.

Used often in government or military systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
How does MAC work?
Specifies system-wide access restriction to objects - Mandatory because subjects may not transfer their access rights - Shift power from users to system owner
26
What are the 4 security clearance levels?
Top secret - Comprehensive backgrounc check, highly-trusted individual Secret - Routine background check, trust individual Confidential/Sensitive - No background check. Limited distribution, minimally trusted individuals Unclassified - Unlimited distribution and untrusted individuals
27
Define a compartment
A way to divide resources, data and systems into separate groups to control access and limit exposure to risks. Each compartment has its own sets of rules, permissions and protections.
28
Define a partially ordered set
A set that is: Reflexive, Transitive, Anti-symmetric
29
What is a Reflexive set?
A reflexive set is a set in which every element is related to itself under a given relation.
30
What is a Transitive set?
A transitive set is a set where everything inside the set also has all of its "parts" included in the set. (If a→b and b→c then a→c)
31
What is an Anti-symmetric set?
An antisymmetric relation means that if two things are related in both directions, they must actually be the same thing.
32
What is a Lattice?
A mathematical structure used to model relationships between security levels, access controls, or permissions.
33
Why use Lattices?
Recall all pairs of lattice elements have a least upper bound and a greatest lower bound If labels form a lattice, we can uniquely answer questions like: Given 2 objects with different labels, what is the minimal label a subject requires to be allowed to read both objects? Given 2 subjects with different labels, what is the maximal label an object can have that can still be read by both subjects? Well-suited for need-to-know policies, where each subject is assigned a label reflecting least privilege required for this function.
34
What is the Bell-LaPadula Model (BLP) ?
A security model used to protect classified information and control access to it. Considers cross-level communication where subjects may interact below their level of clearance Main insight: prohibiting write-down is essential for confidentiality as otherwise information can effectively be reclassified.
35
Conclude the BLP model.
No information leakage possible (if implementation is secure) Prevents "legitimate" communication from high-level subjects to low-level ones.
36
What is the Discretionary Access Control (DAC)?
Owners can change permissions
37
What is the Break-Glass Access Control?
Allows to override the access control in "emergencies"
38
What is Usage Control?
Controlling the use of documents For example: - You aren't allowed to share files but you can use them yourself - You can watch a film 3 times in the next 2 weeks
39
What are 2 techniques used for usage control/DRM?
Watermarking Monitoring
40
What are the Usage Control challenges and open questions?
Technical - how to implement usage control iin an open environment Ethical - The right to read
41
How does the Bell-LaPadula Model (BLP) work?
No Read Up - A user cannot read information that is classified higher than their clearance No Write Down - A user cannot write information to a lower security level
42
What is Cryptography, Steganography and Cryptanalysis in simple terms?
Cryptography - Secret Writing Steganography - Concealed Writing Cryptanalysis - Secret Analysis
43
What is the main difference between Symmetric and Asymmetric Encrpytion?
Symmetric Encryption - Same key is used to encrypt/decrypt Asymmetric Encryption - Different keys used to encrypt/decrypt (a public and private key)
44
Define a Bijection
One-to-one relationship between items in sets
45
What is a Code-book?
A guide that explains how data or information is encoded or translated. It lists codes and their corresponding meanings or values, helping to decode or interpret the data
46
What is a Mono-Alphabetic Cipher?
Each letter in the plaintext is replaced with a different one, but the substitution pattern stays the same throughout the message.
47
What is some key information about the Mono-Alphabetic Cipher?
Key-length: 26 letters Key Space: total number of possible keys - 26!
48
What is true about the security of Substitution Ciphers?
- Brute-forcing a key is difficult - Trivial to crack using frequency analysis
49
What is a Polyalphabetic Cipher?
A polyalphabetic cipher is a type of cipher where each letter in the plaintext can be encrypted using different alphabets at different points in the message. This means that the same letter may be replaced by different letters at different times.
50
What is a One-Time pad (OTP) ?
Uses random key that is the same length as the message, each bit is encrypted with corresponding pad using XOR
51
What is a Transposition (Permutation) Cipher?
Where the positions of the letters in the plaintext are rearranged according to a specific system, but the actual letters themselves remain unchanged.
52
What is a Composite Cipher?
Combines two or more encryption methods, such as substitution and transposition, to make the encryption stronger and harder to break.
53
What is a Feistel Cipher?
Splits data into two halves and repeatedly applies a series of operations, where one half is transformed using a function and then combined with the other half. The halves are swapped after each round. This process is repeated several times, creating strong encryption. The key idea is that decryption works by reversing the steps with the same key.
54
What is the Data Encryption Standard (DES) ?
- First cryptographic standard - 16 round Feistel cipher and key-scheduler - A block cipher, encrypting 64-bit blocks - Was extended to triple-DES to overcome key length problem - Now replaced by AES
55
What is the security of DES?
Main attack: exhaustive search - took 7 hours with $1M pc (1993) - took 7 days with $10,000 FGPA-based machine (2006) No mathematical attacks (but reduced key space from 2^56 to 2^43) No known attacks on triple DES
56
Define a One way function
Easy to compute in done direction but difficult (or pratically impossible) to reverse
57
Define a Trapdoor One-Way function?
Easy to compute in one directrion but exteremely difficult to reverse unless you have special information
58
What is RSA?
An expanded public-key encryption concept into encryption system
59
What does RSA depend on?
RSA depends on the difficulty of factoring large prime numbers - Breaking down a prime into its factors - (because factoring numbers over 2048 bits is computationally infeasible
60
What is congruent modulo n?
Two numbers are congruent modulo n if they have the same remainder when divided by n (for example 10 and 7 are congruent modulo 3, as 10 mod 3 = 7 mod 3 = 1)
61
What is GCD?
GCD of 2 numbers is the greatest common divider
62
What is Relatively (Co-) Prime?
Two numbers are relavitely prime if their gcd is 1 (don't share any factors except 1)
63
What is Multiplicative Inverse?
The multiplicative inverse of a number is a value that, when multiplied by original number, results in 1.
64
What are the steps on Key Generation in RSA?
1. Find two (pretty large) prime numbers p & q 2. Compute n & Φ(n) 3. Choose public key (e) 4. Compute (d)
65
What is the symbol for Euler Quotient?
Φ(n)
66
What is Euler's Quotient?
A way of evaluating the performance or efficiency of an algorithm, particularly in the context of computational complexity. It can be understood as the ratio of the actual performance of an algorithm to its theoretical performance.
67
In Key management, what can be used for the maximum number of keys among a group on N users?
N ( N - 1) / 2
68
In Asymmetric Cryptography what are the public and private key used for?
Public - encryption Private - decryption
69
What is a digital signature used for?
Proving Identity
70
What is the use of MDC?
Modification Detection Code provides a checkable fingerprint (also known as hash, message digest, MAC, MDC, fingerprint)
71
What is are the key details of a Hash Function?
Used to check if data has been altered does not encrypt the data Hashing is a pure one-way function Generates a unique hash for a piece of data - changing the data, changes the hash
72
What are two properties of a Hash Function h(x)?
- Compression: h maps an input x of an arbitrary bit length to an output h(x) of fixed bit length n - Polynomial time computable
73
When is a Hash Function cryptographic?
If it is additionally: - One way (Pre-image Resistance) - And usually either: - 2nd Pre-image Resistance - Collision Restistance
74
What is One way (Pre-image Resistance) on a Hash Function?
Given a hash output y=h(x), it is computationally hard to find the original input x
75
What is 2nd Pre-image Resistance on a Hash Function?
Given an input x, it is computationally infeasible to find another x' (x!=x') such that both inputs produce the same hash output –> h(x) = h(x') (its very hard to find another input that produces the same output hash)
76
What is Collision Resistance on a Hash Function?
It is difficult to find any two distinct inputs x and x', such that h(x) = h(x')
77
How could you construct Cryptographic Hashes?
Block Chaining techniques can be used: - Divide message M into fixed size blocks b1,...bn - Use symmetric encryption algorithm (such as DES)
78
What is the Application of Hashing Passwords?
Instead of storing passwords in plaintext, we store only its cryptographic hash: - For password p, store h(p) in password file - Requires only pre-image resistance
79
What is the purpose of a cryptographic hash function?
To provide data integrity
80
How is symmetric encryption different from a cryptographic hash function?
Symmetric encryption is reversible, while hash functions are not
81
Which algorithm is used to provide confidentiality, not integrity?
AES (Advanced Encrpytion Standard)
82
Which of the following is NOT a use case for hash functions? 1. Verifying data integrity 2. Password hashing for secure storage 3. Securing communication between two parties 4.Digital signatures for message verification
3. Securing communication between two parties
83
What is Public Key Infrastructure (PKI) used for?
To know if the private/public key pair belongs to the right person
84
How does Public Key Infrastructure work (PKI)?
To join PKI, Alice - Generates her own public/private key pair - Takes her public key Ka to private certification authority (CA) that everybody trusts and states she is Alice and this is her public key The CA verifies that Alice is who she says she is, and then signs a digital certificate - That says "Ka is Alice's public key"
85
What is a Public Key Infrastructure (PKI)?
An infrastructure that allows principles to recgonise which public key belongs to whom
86
What are the core services of a PKI?
Linking public keys to entities (certificates) Key life-cycle management (key revocation, recovery, updates)
87
What are the core components of a PKI?
1. Certification Authority (CA) - Creates Certificates and publishes them in the directory 2. Directory - Makes user certificates and CRLs available - Must identify users uniquely (needs fresh/accurate user data) - Backs up certain keys 3. Registration Authority (RA) - Manages process of registering users and issuing certificates - Ensures proper user identification
88
What does the Certification Authority (CA) do?
- Creates certificates and publishes them in directory - Maintains Certificate Revocation List (CRL) in directory. CRL checked actively by single clients or by validation services - Backs up certain keys
89
Define a Certificate
A token that binds an identity to a key
90
Define X.509
A standard that defines a framework for authentication services
91
How would you Establish an Authentic Channel (NSPK Protocol)?
Goal: Ensure Alice can securely communicate with Bob and verify it's genuinely him. Key Concept: - Nonce (Number Used Once): - A fresh, unique value known only to the entity that generated it. - Helps to verify message authenticity and freshness.
92
What are the steps of the NSPK Protocol Attack?
1. Eve intercepts communication between Alice and Bob 2. Eve uses her own keys to impersonate Alice to Bob and vice versa Result: Bob thinks he’s securely communicating with Alice, but Eve is the intermediary
93
What is a Protocol?
A protocol is a set of rules governing communication between two or more participants
94
What do Security Protocols do?
Security protocols utilize cryptographic methods to achieve: 1. Authentication: Verifying identities. 2. Key Establishment: Securely sharing cryptographic keys. 3. Integrity: Ensuring messages are not tampered with. 4. Non-repudiation: Preventing denial of actions.
95
Define an Honest Agent in Security Protocols
- Follows the protocol rules strictly. - Always generates fresh, unique nonces. - Does not respond to invalid or malformed messages.
96
What are the Potential Vulernabilities in Initial Key Exchange?
Key Problem: - Kab contains no information about A or B, only a random bit-string representing the session key. Risk: - If intercepted, an attacker can misuse the session key without knowing its intended context.
97
What are the strategies for Improving Key Establishment Protocols?
1. Embed context in the session key (e.g., identities or usage scope) 2. Use encryption to ensure the key exchange is secure 3. Introduce mutual authentication steps Example: - A protocol can include signed or encrypted messages between parties to verify their identities
98
Why are Nonces Critical in Protocols?
Role of Nonces: - Nonces ensure the "freshness" of a session or message. - Prevents replay attacks by verifying that a received message is recent and unique. Best Practice: - Always generate a new, unpredictable nonce for every session or transaction.
99
What is the Notation in Protocol Modelling?
Roles: - A, B: Represent principals like Alice and Bob - a, b, i: Represent agents Key: - Symmetric Keys: K, Kab, ... - Asymmetric Keys: - Public Keys: pk(A) - Private keys: inv(pk(A)) Encryption: - Symmetric: {M}k (Message M encrypted with key K) - Asymmetric: {M}pk(A) (Message M encrypted with pk(A)) Other Notations: - Nonces(NA, NB): Fresh values for challenge-response - Timestamps (T): USed for key expiration - Message concatenation: M1, M2, M3
100
Define Communication
Communication between principals A and B is represented as: A→B:{A,T1,Kab} pk(B) ​
101
What is the Structure of Protocols?
Combine prose, specifications, diagrams, and message sequences. Example sequence: - A → B: {NA, A}_{pk(B)} - B → A: {NA, NB}_{pk(A)} - A → B: {NB}_{pk(B)} Purpose: Define evefnt sequences (traces) and describe the conditions for secure communication
102
What is the steps of a Protocol Execution (Role A's Perspective)?
Steps: 1. Generate a fresh nonce (NA), attach identity, and encrypt with pk(B) 2. Wait for response: - Decrypt with inv(pk(A)) - Verify contents match expected format 3. Encrypt NB with pk(B) and send back to B Checks: - Verify nonce values. - Reject messages that fail decryption or validation.
103
What are the 7 Common Attacks on Security Protocols and what do they do?
1. Person-in-the-Middle Attack: - An attacker intercepts and modifies messages between A and B 2. Oracle Attack: - Exploits normal responses to derive encryption/decryption results 3. Replay Attack: - Reuses parts of old messages to fool the system 4. Type Flaw Attack: - Substitutes fields with unexpected message types 5. Masquerading Attack: - Pretends to be another principal 6. Reflection Attack: - Sends received data back to the originator 7. Binding Attack: - Uses messages out of context for unintended purposes
104
What are 4 Defensive Strategies when transmitting data?
1. Use timestamps and nonces to prevent replay attacks 2. Employ key-specific contexts to mitigate binding attacks 3. Ensure strict type checks to prevent type flaw attacks 4. Validate all received data thoroughly
105
What are Formal Methods?
Formal methods use mathematical notation to model and verify systems, ensuring they work as intended
106
Building Problems 1. Why? 2. What? 3. How?
1. Why? Lack of resources or awareness 2. What? Issues that arise during the developing and maintenance of secure systems 3. How? Poor development of systems
107
How would you build an Automated Verification Tool?
1. Create models for the system 2. Define specifications (properties to check) 3. Use a tool to verify properties (e.g., automated theorem provers)
108
What is the Purpose of Protocol Model Checker?
Used to check security protocols by checking the flow of information between parties
109
What are the Roles in Role-Based Verification (RBV) and what is the Verification Goal?
Roles: - Initiator: Begins the interaction - Responder: Responds to the initiator Verification Goal: - Ensure every message and response align with protocol rules
110
What is Random Bit Verification and what are 3 Common Attacks Verified with Random Bit Verification (RBV)?
By adding random bits or values in messages, it becomes difficult for an attacker to reuse or replay intercepted messages without detection 1. Man-in-the-Middle Attack: - Intercepts and modifies communication between two parties. 2. Replay Attack: - Reuses valid messages to trick the system. 3. Reflection Attack: - Sends the same message back to its sender.
111
What are the Core Elements of a Basic Access Control Model?
1. Subjects: The entity requesting access 2. Objects: The resource being accessed 3. Rules: Define which subjects can access which objects
112
What is the Bell-LaPadula Model?
Enforce confidentiality through access control Key Concepts: - No Read-Up: Subjects cannot read data above their clearance - No Write-Down: Subjects cannot write data below their clearance level
113
What is the Biba Integrity Model?
Enforce data integrity through access control Key Rules: - No Read-Down: Subjects cannot read lower integrity data - No Write-Up: Subjects cannot write to higher integrity levels - (Its the inverse of Bell-LaPadula Model)
114
What are the Tools and Benefits of using Automated Tools for Verification?
Tools: - SPIN: Checks model specifications for concurrent systems - Alloy: Lightweight modeling language for analyzing structures Benefits: - Reduces human error in verification - Speeds up analysis and testing
115
Give an Example and Prevention of a Substitution Attacks in Cryptographic Protocols
Example: - Malicious entity replaces a legitimate key with their own Prevention: - Use certificates and trusted key exchanges
116
What is the purpose of Theorem Provers in Verification?
Automate proof generation to check the correctness of system properties
117
What are Role Scripts and their components?
A protocol is defined by role scripts for each role name Components: - Role names are agent variables. - Signal events are used to define properties.
118
What are Free Variables in Protocol Roles?
Variables in a chord that first occur in a non-receive event are free variables Example: - In A→B:{NA,NB}pk(A), 𝑁𝐴, 𝑁𝐵. NA, NB are free variables.
119
What are the steps for Role-Based Protocol Execution?
1. Instantiate free variables (agents, values) 2. Replace these in the role description to create a "closed role"
120
What are the Operational Semantics State Definition?
State = Trace × IntruderKnowledge × Threads - Trace: History of events - IntruderKnowledge: Messages the attacker knows - Threads: Map thread IDs to roles
121
What are they 3 Key Rules in Operational Semantics?
1. Send Rule: Adds a message to the trace and updates the intruder's knowledge 2. Receive Rule: Matches incoming messages 3. Signal Rule: Processes specific protocol events (e.g., verification)
122
What is an example Attack on NSPK Protocol?
Steps: - Eve intercepts 𝐴→𝐵:{𝑁𝐴,𝐴}𝑝𝑘(𝐵)A→B:{NA,A} pk(B) - Uses it to deceive 𝐵 into thinking Eve is 𝐴 Key Takeaway: - Without mutual authentication, protocols can be attacked.
123
What is Rice's Theorem?
Let S be any non-empty, proper subset of the computable functions. Then the verification problem for S is undecidable.
124
Define the Halting Problem
Deals with determining whether a computer program will eventually stop (halt) or keep running forever, given a specific input
125
What is the Dolev-Yao-Style Intruder Model?
A way to describe how an attacker behaves when trying to break a cryptographic protocol; helps us understand security by assuming a very powerful but simple adversary.
126
What are the Attackers Capabilities in the Dolev-Yao-Style Model?
- Full Control of the Network: Attacker can eavesdrop, modify, block, or replay any message sent between two parties. - Can See All Messages: Attacker can see all messages being exchanged over network - Can Create New Messages: Attacker can create new messages using any information they have (e.g., encrypting or signing messages using known methods). - Can Use Public Keys: Attacker can use public keys (but not private keys) to encrypt or verify messages. - Cannot Break Cryptography: Attacker cannot break strong cryptographic systems unless they have the secret key. So, if encryption is strong, the attacker can't decrypt messages without the correct key.
127
How would the Attacker Act in Dolev-Yao-Style Model?
- Intercepts messages between honest parties - Modifies messages or injects new ones into the conversation - Replays old messages to confuse or trick the parties - Can encrypt or sign messages they create using public information or knowledge of cryptographic operations (like encrypting plaintext)
128
What can't the Attacker do in Dolev-Yao-Style Model?
- Cannot break encryption or cryptographic systems unless it already has the keys - Cannot guess secret information like private keys or secret session keys unless it's exposed
129
Why is Software Hard to Secure in Software Security?
1. Large Codebases: Modern applications contain millions of lines of code 2. High Adoption Rates: Technologies evolve rapidly, introducing more vulnerabilities (e.g., Apple iOS adoption) 3. Defects in Coding Phase: 80% of software defects are introduced during coding
130
What is Key with the Cost of Fixing Defects in Code?
Fixing Defects earlier (such as in the coding phase) is much easier and cheaper to fix (640x cheaper) Later on in the development process the cost to fix defects grows exponentially
131
What is Shifting Left with Defects in Code?
Shifting the process of fixing defects to towards the start of the development process (left) makes it much cheaper and easier
132
What is the Motivation for Threat Modelling?
- Securing systems is expensive; prioritization based on value-risk analysis is essential - Helps allocate resources effectively: - High-Value, High-Risk Assets: Require immediate protection - Low-Value, Low-Risk Assets: Lower priority
133
What is the Purpose for Threat Modelling?
To identify and mitigate potential security concerns
134
What are the Benefits of Threat Modelling?
1. Built-in Security: - Embeds security measures early in the system 2. Early Detection: - Identifies vulnerabilities before deployment 3. Security Mindset: - Encourages thinking critically about system weaknesses
135
What is Threat Modelling Process?
1. Scope Definition: - Identify: - Representation - Assets - Entry points - Trust boundaries 2. Determine Threats: - Use structured methodologies (e.g., STRIDE framework) 3. Countermeasures and Mitigation: - Strategies include: - Accept risk - Eliminate risk - Mitigate risk - Transfer risk 4. Evaluation: - Assess the effectiveness of implemented measures
136
What is the STRIDE Framework's Key Objectives?
Preserve Confidentiality, Integrity, Availability (CIA)
137
What are the STRIDE Threat Types?
1. Spoofing Identity: Impersonating another user 2. Tampering with Data: Altering data/code unauthorized 3. Repudiation: Denying actions without proof 4. Information Disclosure: Exposing unauthorized data 5. Denial of Service (DoS): Disrupting service availability 6. Elevation of Privilege: Gaining unauthorized higher permissions
138
Explain the Threats in STRIDE Framework
1. Spoofing Identity: - Unauthorized access using another user's credentials (e.g., stolen passwords) 2. Tampering with Data: - Modifying database entries or code files without authorization 3. Repudiation: - Example: Denying the transfer of funds while records say otherwise 4. Information Disclosure: - Accidentally exposing sensitive information, such as private customer data 5. Denial of Service (DoS): - Examples: Flooding a server to make it unresponsive 6. Elevation of Privilege: - Exploiting system flaws to gain admin-level access
139
What is the Qualitative Risk Model's Risk-Impact Evaluation?
- High impact + high ease of attack = Critical Risk - Helps prioritize mitigation efforts effectively
140
Define a Business Logic Flaw
A flaw in application logic that allows unintended or malicious behaviour Example: Payment system increases balance when a negative amount is entered Impact: Can lead to financial loss or exploitation
141
Define a SQL Injection
A vulnerability where malicious SQL is executed by injecting it into user input Impact: Bypasses authentication and exposes sensitive data Example: SELECT * FROM users WHERE name = 'admin' OR '1'='1';
142
What is an Exploit Example for an SQL injection when logging in?
Username: admin Password: ' OR '1'='1 Result: Always evaluates as TRUE, bypassing authentication.
143
How to prevent SQL Injection?
1. Use prepared statements. 2. Validate and sanitize inputs. 3. Use ORM (Object-Relational Mapping) tools.
144
What is Common Weakness Enumeration?
A catalog of software weaknesses to standardize vulnerability descriptions. Purpose: Provides a shared language for security discussions. Examples: Includes SQL injection, XSS, and buffer overflow.
145
What is the CWE Top 25?
The most critical and common software weaknesses Examples: 1. Improper Input Validation. 2. SQL Injection. 3. Buffer Overflow.
146
What is CWE's usage?
Purpose: - Identify and categorize vulnerabilities. - Link to specific attack patterns. Tool Integration: Used by tools like static analyzers to flag potential weaknesses.
147
What are Common Vulnerabilities and Exposures (CVE)?
A database of real-world vulnerabilities with unique identifiers Contents: - Vulnerability description. - Affected software and versions. - Fixes and patches.
148
What is CVSS?
Common Vulnerability Scoring System for rating severity
149
What are the types of CVSS Access Vector (AV)?
- Network (N): Exploitable remotely. - Adjacent (A): Exploitable within the same subnet. - Local (L): Requires local access. - Physical (P): Requires physical access.
150
What are the levels of CVSS Attack Complexity (AC)?
- Low (L): Exploit requires no special conditions. - High (H): Exploit depends on specific conditions.
151
What are the levels of CVSS Privileges Required (PR)?
1. None (N): No authentication needed. 2. Low (L): Requires basic access. 3. High (H): Requires admin-level access.
152
What are the types of CVSS User Interaction (UI)?
1. None (N): No user action needed. 2. Required (R): User must perform an action.
153
What are the CVSS Impact Metrics?
1. Confidentiality (C): Data exposure levels. 2. Integrity (I): Data modification risk. 3. Availability (A): System uptime impact.
154
Define XSS
Injecting malicious scripts into a web page to execute in the victim’s browser
155
What are the types of XSS?
1. Reflected XSS: Immediate reflection of input. 2. Stored XSS: Input stored and executed later. 3. DOM-Based XSS: Execution via client-side scripts.
156
How would you prevent XSS?
1. Sanitize and validate inputs. 2. Use frameworks that auto-encode outputs (e.g., Jinja2, React).
157
What are the OSWASP Top Ten?
1. Broken Access Control. 2. Cryptographic Failures. 3. Injection. 4. Insecure Design. 5. Security Misconfiguration. 6. Vulnerable Components. 7. Identification Failures. 8. Software Integrity Failures. 9. Logging Failures. 10. SSRF
158
What is Fuzzing?
Sending random or malformed inputs to a system to find vulnerabilities
159
What are the 3 types of Fuzzing and what do they do?
1. Random Fuzzing: Purely random inputs. 2. Mutation-Based Fuzzing: Modify valid inputs. 3. Generation-Based Fuzzing: Create inputs from specifications.
160
What is Responsible Disclosure?
Notify vendors and give them time to fix vulnerabilities before publicizing Typical Period: 90 days.
161
What are Bug Bounty Programs?
Rewards for finding and reporting vulnerabilities
162
What is Static Security Testing (SAST) and its Pros and Cons?
Analyzes source code for vulnerabilities Pros: Identifies issues early Cons: May miss runtime issues
163
What is Dynamic Security Testing (DAST) and its Pros and Cons?
Tests a running application for vulnerabilities Pros: Identifies runtime flaws Cons: Requires a deployed environment
164
What is Input Validation?
Ensuring that user inputs follow expected formats Example Rules: Only allow numeric values for a "quantity" field Disallow special characters in usernames
165
What are Allow-Lists and Deny-Lists and whats the best use of them?
- Allow-Lists: Define what is allowed (e.g., [0-9]+ for numeric input) - Deny-Lists: Define what is disallowed Best Practice: Use allow-lists whenever possible for stricter control
166
What are Prepared Statements and what is their benefit?
Pre-compiled SQL queries where user input is passed as parameters Benefit: Prevents SQL injection
167
What are examples of Cryptographic Failures and what software can prevent them?
1. Using outdated algorithms (e.g., MD5, SHA-1) 2. Insecure key storage 3. Weak random number generators Prevention: Use modern libraries like OpenSSL and robust algorithms like AES
168
What is a Content Security Policy (CSP) and what is its benefit?
A browser policy that restricts resources a page can load Benefit: Reduces risk of XSS and other attacks
169
What is Buffer Overflow, and what are its impacts?
Overwriting memory by exceeding buffer size Impacts: - Corrupts data - Executes arbitrary code
170
How to prevent Buffer Overflow?
1. Use memory-safe languages like Rust 2. Implement bounds-checking in C/C++
171
What is Broken Access Control and how to prevent it?
Users accessing resources outside their permissions Prevention: - Use role-based access controls (RBAC) - Implement server-side checks Examples: - Viewing another user’s profile without authorization - Modifying sensitive data via ID tampering
172
How to prevent Security Misconfiguration?
- Regularly check configurations - Use security benchmarks (e.g., CIS) Examples of Security Misconfiguration: - Default credentials left unchanged - Unnecessary services enabled - Insecure default settings in frameworks
173
How to prevent Vulnerable Components?
- Regular dependency checks using tools like Snyk - Update software promptly Examples of Vulnerable Components: - Outdated libraries - Known vulnerabilities in third-party tools
174
What is Identification and Authentication Failures and how to prevent it?
Examples: - Weak passwords. - Broken session management. Prevention: - Enforce strong password policies. - Use secure token-based authentication (e.g., OAuth).
175
What is Software and Data Integrity Failures and its prevention?
Insecure methods for software updates or data integrity Prevention: - Use signed certificates for updates - Implement cryptographic checks for files
176
What is Security Logging and Monitoring Failures?
Insufficient or non-existent logging of security events Impact: Delayed response to breaches Best Practices: - Enable logging for sensitive operations - Regularly review logs
177
What is Server-Side Request Forgery (SSRF)?
A vulnerability where attackers force servers to make requests to unintended destinations Prevention: - Validate and sanitize user-supplied URLs - Use allow-lists for accessible domains Example: Accessing internal services via manipulated URLs
178
What are the Types of Security Testing and what do they do?
1. Static Application Security Testing (SAST): - Examines source code. 2. Dynamic Application Security Testing (DAST): - Tests running applications. 3. Interactive Application Security Testing (IAST): - Combines SAST and DAST.
179
What are False Positives in Security Testing?
Incorrectly flagged vulnerabilities that aren’t real issues Impact: Wastes developer time Mitigation: - Use accurate configuration settings - Manually review critical findings
180
What are False Negatives in Security Testing?
Real vulnerabilities that are not detected Impact: Leaves systems exposed to attacks. Mitigation: - Combine multiple testing tools (SAST + DAST). - Regularly update tools to detect new patterns.
181
Random Fuzzing vs Mutation Fuzzing
Random Fuzzing: - Purely random inputs. - Example: aaaa... or #$%@. Mutation-Based Fuzzing: - Modifies existing valid inputs. - Example: Altering a valid JSON.
182
What is Generation based Fuzzing?
Create test cases using input specifications. Advantages: High coverage for valid inputs. Examples: Using RFCs to design test inputs for protocols.
183
How does Responsible Disclosure Process?
1. Identify the vulnerability 2. Contact the vendor 3. Provide sufficient details for reproduction 4. Wait for the vendor’s fix before publicizing
184
What is a Full Disclosure Process?
Publish all details of a vulnerability immediately
185
What are the Pros and Cons of a Full Disclosure Process?
Pros: - Forces vendors to act quickly. Cons: - Increases risk for users before a fix is available.
186
Define Evolutionary Fuzzing?
Generates test cases based on coverage metrics
187
What is the Best Practices for Cryptographic Key Management?
1. Rotate keys regularly 2. Use hardware security modules (HSMs) for key storage 3. Avoid embedding keys in source code
188
What are some OWASP Secure Coding Practices?
1. Validate inputs. 2. Use parameterized queries. 3. Avoid hard-coded secrets. 4. Implement error handling securely. 5. Regularly test and review code.
189
What is the Importance of Secure Design?
Incorporating security from the start of the software lifecycle Principles: 1. Identify potential risks early. 2. Design with defense-in-depth. 3. Document security requirements alongside functional ones.
190
Define Hard-Coded Credentials
Storing usernames or passwords directly in code Why it’s bad: Easily accessible in version control systems Fix: Use environment variables or secret management tools
191
How to prevent Data Leakage?
1. Remove sensitive data from logs 2. Encrypt data at rest and in transit 3. Implement strict access controls for sensitive files
192
What should be logged when Security Logging?
1. Failed login attempts 2. Privileged operations 3. Changes to configurations 4. Suspicious activity (e.g., rate-limited actions)
193
What should not be logged when Security Logging?
1. User passwords 2. Cryptographic keys 3. Session tokens or sensitive personal data
194
What is Multi-Factor Authentication (MFA)?
Combines two or more authentication methods Examples: - Password + OTP - Password + Biometric (fingerprint/face ID) Benefit: Reduces risk of credential theft
195
What is OWASP ZAP and what can it do?
A tool for detecting vulnerabilities in web applications Capabilities: 1. Automated vulnerability scanning. 2. Manual penetration testing. 3.Fuzzing input fields.
196
What is Burp Suite? Whats its features?
A web security testing tool Features: 1. Proxy for intercepting and modifying traffic 2. Scanner for vulnerabilities like XSS and SQL injection 3. Intruder module for brute-force testing
197
What are the 4 Injection Attack Categories?
1. SQL Injection: Manipulating SQL queries 2. Command Injection: Executing OS commands 3. LDAP Injection: Manipulating directory queries 4. XML Injection: Altering XML data
198
What are the phases in the Secure Software Development Lifecycle (SDLC)?
1. Requirements: Include security needs 2. Design: Incorporate secure architecture 3. Development: Use secure coding practices 4. Testing: Perform security tests 5. Maintenance: Regularly update and patch
199
What are the 3 Vulnerability Disclosure Models?
1. Full Disclosure: Publish immediately 2. Responsible Disclosure: Notify vendors, allow time for a fix 3. Bug Bounty Programs: Incentivize researchers to report vulnerabilities
200
What makes a secure API Design?
1. Use API keys and authentication 2. Rate-limit requests 3. Validate all inputs
201
What is Evolutionary Fuzzing?
Uses code coverage metrics to generate smarter inputs
202
What is Threat Modelling and whats the steps involved?
Identifying potential security threats during design Steps: - Identify assets - Identify threats - Define controls to mitigate threats
203
----------------------------
--------------------------
204
In the context of Public Key Infrastructures (PKIs) for securing web sites, discuss briefly why many advocate certificates with a short (only a few weeks/months) validity.
1. Shorter certificate validity periods limit the time frame in which a compromised certificate can be exploited by an attacker, enhancing security by minimizing the potential damage. 2. Certificates with shorter lifespans encourage website administrators to renew them regularly, ensuring they stay up-to-date with the latest security standards and practices. 3. Shorter certificate validity reduces the reliance on CRLs, which can be difficult to manage and less reliable, as frequent renewals minimize the risk of using an outdated or revoked certificate.
205
In the context of Public Key Infrastructures (PKIs) for securing web sites, discuss briefly why many experts advocate for the use of Extended Validation (EV) Certificates despite their higher cost and longer issuance time.
Experts advocate for the use of Extended Validation (EV) Certificates despite their higher cost and longer issuance time because they offer several important benefits. 1. They increase user trust by displaying the organization's name in the browser's address bar, helping to distinguish legitimate websites from phishing sites. 2. EV Certificates require a more thorough validation process, ensuring the website's identity is verified, which enhances security. 3. Additional verification reduces the risk of fraud and phishing attacks, providing greater protection for both website owners and users.
206
Many modern websites allow users to log-in using external services such as Google, Facebook, or Github. This mechanism is called single sign-on. Briefly explain two threats to the core information security goals (confidentiality, integrity, and availability) of a user using such a single sign on service. Name which goal is violated by each of your threats
Threat 1: Phishing Attack Description: A user might be tricked into entering their login credentials on a fake SSO login page created by an attacker. Once the credentials are entered, the attacker can access the user’s accounts. Goal Violated: Confidentiality. The attacker gains access to the user’s login credentials, compromising the confidentiality of their personal information. Threat 2: Service Provider Breach Description: If a major SSO provider, such as Google or Facebook, is breached, the attacker may access the accounts of users who use that provider for authentication. This can affect all connected services. Goal Violated: Availability. The breach may result in users being unable to access websites or services, violating the availability of those services.
207
How do Hybrid Encryption Systems work?
Use asymmetric encryption to securely exchange the symmetric key and symmetric encryption to encrypt the actual data
208
What are the 2 main benefits of a Hybrid System?
1. Has greater security as it uses Asymmetric Encryption to securely transfer the symmetric key which is used to transfer the data. 2. Symmetric encryption is computationally faster for large data, ensuring quick and efficient data processing.
209
Do you consider the Dolev-Yao attacker model appropriate for security protocols that require a physical proximity between the agents (e.g., Bluetooth).
It's not entirely appropriate as it: 1. Assumes the attacker can fully control the communication network, including eavesdropping, intercepting, and injecting messages. However, in proximity-based protocols, physical distance and signal range constraints limit an attacker's capabilities, making the model too negative 2. Focuses on symbolic message manipulation and ignores real-world physical-layer attacks, such as signal jamming or relay attacks, which are relevant to protocols like Bluetooth.