Network and System Security

Question 1

What is the internet?

Answer 1

The internet is billions of interconnected devices

Host = end systems

Running network applications

Question 2

What are the communication links?

Answer 2

The communication links are fiber, satellite, copper and radio

transmit data
the transmission rate is measured in bandwidth

Question 3

What do packet switches do?

Answer 3

Packet switches forward (chunks of data)

Question 4

What do protocols do?

Answer 4

Protocols control the sending and receiving of messages

Define format
Order of messages sent and receive among network entities and actions taken on message transmission receipt.

Examples of protocols are TCP, IP, 802.11, HTTP

Question 5

What does TCP stand for?

Answer 5

TCP stands for Transmission Control Protocol

Question 6

What is the network edge?

Answer 6

host: clients and servers
servers are often in data centers
access networks, physical media: wired, wireless communication links

Question 7

What is the network core?

Answer 7

The network core is made-up of interconnected routers, and network of networks

Question 8

How do you we connect end systems to edge routers?

Answer 8

Through residential access networks, institutional networks (schools, companies), and mobile access networks

Question 9

What is NAT?

Answer 9

Network Address Translation

NAT is the process where a network device assigns a public address to a computer or group of computers on a private network

Question 10

Describe a home network setup

Answer 10

A home network setup has devices that are connected to either a wireless access point or wired ethernet. Which is connected to your local router

This is where the firewall is located as well as NAT occurs

Your router connected to a modem to your ISP

Question 11

Describe a enterprise network setup

Answer 11

Devices are connected to either a wireless access point or directly to an ethernet switch which can then be connected to a main router that links out to the ISP

Question 12

Describe packet switching

Answer 12

In packet switching the host break application-layer messages down into packets which are forwarded from router to router until they get from the source to the destination.

L/R - transmission delay (length of packet / rate of transmission)

Question 13

What is queueing delay and how can it lead to packet loss?

Answer 13

If the arrival rate of packets exceeds the transmission rate of the link, packets will queue up and wait to be transmitted.

Packets can be accidentally dropped if memory (buffer) fills up

Question 14

What is the IP (Internet Protocol) stack?

Answer 14

Application Layer - supporting network applications (HTTP, SMTP)

Transport - proces-process data transfer (TCP, UDP)

Network - routing of datagrams from source to destination (IP, routing protocols)

Link: data transfer between neighboring network elements.
(Ethernet, 802.11)

Physical: bits on the wire

Question 15

What is the OSI (Open systems interconnection) model?

Answer 15

Open Systems Interconnection (OSI) Model

• Application
• Presentation
• Session
• Transport layer
• Network layer
• Data link layer
• Physical layer

Question 16

Explain TCP vs UDP (User Datagram Protocol) transport layer protocols?

Answer 16

TCP - reliable, in order delivery.

UDP - unreliable, unordered delivery.

• barebones
• Packets may be lost or out of order
• no handshaking
• small header size
• less delay

uses: streaming multimedia apps, DNS

Question 17

What is in a UDP segment header?

Answer 17

source, destination, length, data, checksum

Question 18

What is the goal of a checksum?

Answer 18

to detect “errors” (flipped bits) in transmitted segments

Question 19

What is pipelining?

Answer 19

Sender allows multiple “in-flight”, yet to be acknowledged packets.

Two Generic Forms:

Go-back-n
Selective repeat

Question 20

Describe the TCP/IP Model

Answer 20

1) Process / Application Layer
2) Host-to-Host/Transport Layer
3) Internet Layer
4) Network Access/Link Layer

Question 21

Describe ARQ

Answer 21

ARQ stands for automatic repeat request, also known as automatic repeat query, is an error-control method for data transmission that uses acknowledgements and timeouts to achieve reliable data transmission over an unreliable service

Question 22

Describe 7 sections of the Ethernet layer (802.3)

Answer 22

1) Preamble
2) SFD
3) Destination address
4) Source Address
5) Length
6) Data
7) CRC

Question 23

What are the 2 sections for memory hacking?

Answer 23

The 2 sections of memory hacking are

Heap section
Stack section

Both are stored in ram

Question 24

2 types of enumeration

Answer 24

Passive
o Search of interwebs with minimal traces in targets log files
o Using public sources to gather intelligence
o Correlating separate sources to draw meaning

Active
o Goal: identify as many systems, services, and potential vulnerabilities as possible
o Used on external or internal to a target
o Ping sweeps and port scans

6
Scanners examples

Question 25

Broadcast address

Answer 25

The last address of the network

A broadcast address is an IP address that is used to target all systems on a specific subnet network instead of single hosts. In other words broadcast address allows information to be sent to all machines on a given subnet rather than to a specific machine

Question 26

What is Fuzzing?

Answer 26

Fuzzing is the process where an attacker sends malformed packets to a service or application listening in on the network

The goal is to force the application to fail or produce errors

Question 27

What is a Symmetric Key?

Answer 27

More commonly used since faster and easier – better performance

Same key used to encrypt and decrypt

Faster compared to public key encryption

Problem
o Key needs to be stored securely – hackable
o Both need the key
o Better to combine with assymetric

Question 28

What is a hash and can you give some examples?

Answer 28

A hash is a string or number generated from a string of text

The resulting string or number is a fixed length

The best hashing algorithms are designed so that it’s impossible to turn a hash back into its original string
o MD5
o SHA
o SHA-2

Used when storing passwords

Question 29

Describe Encryption

Answer 29

Turns data into a series of unreadable characters that aren’t a fixed length
• CAN be reversed back into their originally decrypted form if you have the right key

Question 30

What are two primary types of encryption?

Answer 30

Symmetric key
-The key to both encrypt and decrypt is exactly the same

Public key
- Has two different keys
• One used to encrypt the string (the public key)
• One used to decrypt it (the private key)

Question 31

3 classes of intruders

Answer 31

Masquerader
o An individual who is not authorized to user the computer and who penetrates a system’s access controls to exploit a legitimate user’s account

Misfeasor
o A legitimate user who access data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges

Clandestine user
o An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection

Question 32

Examples of intrusion (10)

Answer 32

Performing a remote root compromise of an email server
• Defacing a web server
• Guessing and cracking passwords
• Copying a database containing credit card numbers
• Viewing sensitive data, including payroll records and medical information without authorization
• Running a packet sniffer on a workstation to capture usernames and passwords
• Using a permission error on an anonymous FTP server to distribute pirated software and music files
• Dialing into an unsecured modem and gaining internal network access
• Posing as an executive, calling the help desk, resetting the executive’s email passwords, and learning the new password
• Using an unattended, logged-in workstation without permission

Question 33

Hackers

Prevention?

Answer 33

Traditionally for the thrill of it or for status

• Intrusion detection systems (IDSs)
• Intrusion prevention systems (IPSs) are designed to counter hacker threads
• Consider restricting remote logons to specific IP addresses and/or use virtual private network technology

Question 34

What are CERTS?

Answer 34

Computer Emergency Response Teams

• They collect information about system vulnerabilities and disseminate it to the systems managers
• Hackers also routinely read CERT reports
• It is important for system administrators to quickly insert all software patches to discovered vulnerabilities

Question 35

Criminal Hackers

Answer 35

Organized groups of hackers
• Usually have specific targets, or at least classes of targets in mind
• Once a site is penetrated, the attacker acts quickly, scooping up as much valuable information as possible and exiting
• IDSs and IPSs can be used for these types of attackers, but may be less effective because of the quick in-and-out nature of the attack

Question 36

Insider attacks

countermeasures

Answer 36

Among the most difficult to detect and prevent

Can be motivated by revenge of simply a feeling of entitlement

Countermeasures
o Enforce least privilege
o Set logs to see what users access and what commands they are entering
o Protect sensitive resources with strong authentication
o Upon termination, delete computer and network access
o Upon termination, make a mirror image of employee’s hard drive before reissuing it (used as evidence if your company information turns up at a competitor)

Question 37

What is the CIA triad?

Answer 37

Confidentiality
Integrity
Availability

Question 38

What does data Confidentiality mean?

Answer 38

This can refer to data confidentiality: private or confidential information is not made available or disclosed to unauthorized individuals

Privacy - individuals control or influence what information related to them is collected and stored and by whom. And who that information may be shared with.

Example: Student records kept private. FERPA

Question 39

What is Integrity?

Answer 39

Assures that information and programs are changed only in a specified and authorized manner.

Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.

Example: Incorrect data in a database could have negative impact.

Question 40

What is availability?

Answer 40

Assures that systems work promptly and service is not denied to authorized users.

Example: School website is up and available to users when they need it.

Question 41

What is Authenticity?

Answer 41

Verifying that users are who they say they are and that each input arriving at the system is from a trusted source.

Question 42

What is Accountability?

Answer 42

The security goal that generates the requirement for actions of that entity to be traced uniquely to that entity.

Question 43

What does it mean for something to have low breach impact?

Answer 43

The loss could be expected to have limited adverse effect on an organization’s operations, assets, or individuals.

Question 44

What does it mean for something to have medium or moderate breach impact?

Answer 44

The loss could be expected to have a serious adverse effect on organizational operations, assets, or individuals.

Question 45

What does it mean for something to have high breach impact?

Answer 45

The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, assets, or individuals.

Question 46

What are some computer security challenges?

Answer 46

• Solutions are often complex
• require constant monitoring
• is often an afterthought
• little perceived benefit
• constant battle between perpetrators and the security specialist

Question 47

What is a security attack?

Answer 47

Any action that compromises the security of information owned by an organization.

Question 48

What is a security mechanism?

Answer 48

A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack.

Question 49

What is a security service?

Answer 49

A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization.

Intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.

Question 50

What is the difference between a threat and an attack?

Answer 50

Threat - A possible danger that might exploit a vulnerability

Attack- An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt to evade security services or policies.

Question 51

What are two different types of security attacks?

Answer 51

Passive - gathering information from the system but not physically affecting the resources themselves

Active- attempt to alter system resources or affect their operation.

Question 52

What is Nonrepudiation?

Answer 52

When someone can’t deny the authenticity of something.

Question 53

What are some characteristics of a firewall?

Answer 53

All traffic must pass through it

Only authorized traffic will be allowed to pass.

The firewall itself should be immune to penetration

There can be more than one in an organization.

Question 54

Describe a risk management plan

Answer 54

Determine what’s at risk
-Hardware, software, data, policies, procedures, people
Determine rough value
-Relative to loss of C/I/A/Total
Determine for each asset, each threat
-Likelihood of occurrence
Probability of loss
Determine for each assessed risk, an appropriate response
-Eliminate asset, mitigate risk, accept risk, transfer risk
Monitor and control risk

Question 55

Best practices for handling insider threats

Answer 55

Reverify user rights, particularly SAs
Use physical security to protect assets
Form and enforce clear, effective usage and sec policies
Educate users about concerns (SE, etc.)
Be ready to respond, create response team