Network and System Security Flashcards
What is the internet?
The internet is billions of interconnected devices
Host = end systems
Running network applications
What are the communication links?
The communication links are fiber, satellite, copper and radio
transmit data
the transmission rate is measured in bandwidth
What do packet switches do?
Packet switches forward (chunks of data)
What do protocols do?
Protocols control the sending and receiving of messages
Define format
Order of messages sent and receive among network entities and actions taken on message transmission receipt.
Examples of protocols are TCP, IP, 802.11, HTTP
What does TCP stand for?
TCP stands for Transmission Control Protocol
What is the network edge?
host: clients and servers
servers are often in data centers
access networks, physical media: wired, wireless communication links
What is the network core?
The network core is made-up of interconnected routers, and network of networks
How do you we connect end systems to edge routers?
Through residential access networks, institutional networks (schools, companies), and mobile access networks
What is NAT?
Network Address Translation
NAT is the process where a network device assigns a public address to a computer or group of computers on a private network
Describe a home network setup
A home network setup has devices that are connected to either a wireless access point or wired ethernet. Which is connected to your local router
This is where the firewall is located as well as NAT occurs
Your router connected to a modem to your ISP
Describe a enterprise network setup
Devices are connected to either a wireless access point or directly to an ethernet switch which can then be connected to a main router that links out to the ISP
Describe packet switching
In packet switching the host break application-layer messages down into packets which are forwarded from router to router until they get from the source to the destination.
L/R - transmission delay (length of packet / rate of transmission)
What is queueing delay and how can it lead to packet loss?
If the arrival rate of packets exceeds the transmission rate of the link, packets will queue up and wait to be transmitted.
Packets can be accidentally dropped if memory (buffer) fills up
What is the IP (Internet Protocol) stack?
Application Layer - supporting network applications (HTTP, SMTP)
Transport - proces-process data transfer (TCP, UDP)
Network - routing of datagrams from source to destination (IP, routing protocols)
Link: data transfer between neighboring network elements.
(Ethernet, 802.11)
Physical: bits on the wire
What is the OSI (Open systems interconnection) model?
Open Systems Interconnection (OSI) Model
- Application
- Presentation
- Session
- Transport layer
- Network layer
- Data link layer
- Physical layer
Explain TCP vs UDP (User Datagram Protocol) transport layer protocols?
TCP - reliable, in order delivery.
UDP - unreliable, unordered delivery.
- barebones
- Packets may be lost or out of order
- no handshaking
- small header size
- less delay
uses: streaming multimedia apps, DNS
What is in a UDP segment header?
source, destination, length, data, checksum
What is the goal of a checksum?
to detect “errors” (flipped bits) in transmitted segments
What is pipelining?
Sender allows multiple “in-flight”, yet to be acknowledged packets.
Two Generic Forms:
Go-back-n
Selective repeat
Describe the TCP/IP Model
1) Process / Application Layer
2) Host-to-Host/Transport Layer
3) Internet Layer
4) Network Access/Link Layer
Describe ARQ
ARQ stands for automatic repeat request, also known as automatic repeat query, is an error-control method for data transmission that uses acknowledgements and timeouts to achieve reliable data transmission over an unreliable service
Describe 7 sections of the Ethernet layer (802.3)
1) Preamble
2) SFD
3) Destination address
4) Source Address
5) Length
6) Data
7) CRC
What are the 2 sections for memory hacking?
The 2 sections of memory hacking are
Heap section
Stack section
Both are stored in ram
2 types of enumeration
Passive
o Search of interwebs with minimal traces in targets log files
o Using public sources to gather intelligence
o Correlating separate sources to draw meaning
Active
o Goal: identify as many systems, services, and potential vulnerabilities as possible
o Used on external or internal to a target
o Ping sweeps and port scans
6
Scanners examples
Broadcast address
The last address of the network
A broadcast address is an IP address that is used to target all systems on a specific subnet network instead of single hosts. In other words broadcast address allows information to be sent to all machines on a given subnet rather than to a specific machine
What is Fuzzing?
Fuzzing is the process where an attacker sends malformed packets to a service or application listening in on the network
The goal is to force the application to fail or produce errors
What is a Symmetric Key?
More commonly used since faster and easier – better performance
Same key used to encrypt and decrypt
Faster compared to public key encryption
Problem
o Key needs to be stored securely – hackable
o Both need the key
o Better to combine with assymetric
What is a hash and can you give some examples?
A hash is a string or number generated from a string of text
The resulting string or number is a fixed length
The best hashing algorithms are designed so that it’s impossible to turn a hash back into its original string
o MD5
o SHA
o SHA-2
Used when storing passwords
Describe Encryption
Turns data into a series of unreadable characters that aren’t a fixed length
• CAN be reversed back into their originally decrypted form if you have the right key
What are two primary types of encryption?
Symmetric key
-The key to both encrypt and decrypt is exactly the same
Public key
- Has two different keys
• One used to encrypt the string (the public key)
• One used to decrypt it (the private key)
3 classes of intruders
Masquerader
o An individual who is not authorized to user the computer and who penetrates a system’s access controls to exploit a legitimate user’s account
Misfeasor
o A legitimate user who access data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges
Clandestine user
o An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection
Examples of intrusion (10)
Performing a remote root compromise of an email server
• Defacing a web server
• Guessing and cracking passwords
• Copying a database containing credit card numbers
• Viewing sensitive data, including payroll records and medical information without authorization
• Running a packet sniffer on a workstation to capture usernames and passwords
• Using a permission error on an anonymous FTP server to distribute pirated software and music files
• Dialing into an unsecured modem and gaining internal network access
• Posing as an executive, calling the help desk, resetting the executive’s email passwords, and learning the new password
• Using an unattended, logged-in workstation without permission
Hackers
Prevention?
Traditionally for the thrill of it or for status
- Intrusion detection systems (IDSs)
- Intrusion prevention systems (IPSs) are designed to counter hacker threads
- Consider restricting remote logons to specific IP addresses and/or use virtual private network technology
What are CERTS?
Computer Emergency Response Teams
- They collect information about system vulnerabilities and disseminate it to the systems managers
- Hackers also routinely read CERT reports
- It is important for system administrators to quickly insert all software patches to discovered vulnerabilities
Criminal Hackers
Organized groups of hackers
• Usually have specific targets, or at least classes of targets in mind
• Once a site is penetrated, the attacker acts quickly, scooping up as much valuable information as possible and exiting
• IDSs and IPSs can be used for these types of attackers, but may be less effective because of the quick in-and-out nature of the attack
Insider attacks
countermeasures
Among the most difficult to detect and prevent
Can be motivated by revenge of simply a feeling of entitlement
Countermeasures
o Enforce least privilege
o Set logs to see what users access and what commands they are entering
o Protect sensitive resources with strong authentication
o Upon termination, delete computer and network access
o Upon termination, make a mirror image of employee’s hard drive before reissuing it (used as evidence if your company information turns up at a competitor)
What is the CIA triad?
Confidentiality
Integrity
Availability
What does data Confidentiality mean?
This can refer to data confidentiality: private or confidential information is not made available or disclosed to unauthorized individuals
Privacy - individuals control or influence what information related to them is collected and stored and by whom. And who that information may be shared with.
Example: Student records kept private. FERPA
What is Integrity?
Assures that information and programs are changed only in a specified and authorized manner.
Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
Example: Incorrect data in a database could have negative impact.
What is availability?
Assures that systems work promptly and service is not denied to authorized users.
Example: School website is up and available to users when they need it.
What is Authenticity?
Verifying that users are who they say they are and that each input arriving at the system is from a trusted source.
What is Accountability?
The security goal that generates the requirement for actions of that entity to be traced uniquely to that entity.
What does it mean for something to have low breach impact?
The loss could be expected to have limited adverse effect on an organization’s operations, assets, or individuals.
What does it mean for something to have medium or moderate breach impact?
The loss could be expected to have a serious adverse effect on organizational operations, assets, or individuals.
What does it mean for something to have high breach impact?
The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, assets, or individuals.
What are some computer security challenges?
- Solutions are often complex
- require constant monitoring
- is often an afterthought
- little perceived benefit
- constant battle between perpetrators and the security specialist
What is a security attack?
Any action that compromises the security of information owned by an organization.
What is a security mechanism?
A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack.
What is a security service?
A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization.
Intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.
What is the difference between a threat and an attack?
Threat - A possible danger that might exploit a vulnerability
Attack- An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt to evade security services or policies.
What are two different types of security attacks?
Passive - gathering information from the system but not physically affecting the resources themselves
Active- attempt to alter system resources or affect their operation.
What is Nonrepudiation?
When someone can’t deny the authenticity of something.
What are some characteristics of a firewall?
All traffic must pass through it
Only authorized traffic will be allowed to pass.
The firewall itself should be immune to penetration
There can be more than one in an organization.
Describe a risk management plan
Determine what’s at risk
-Hardware, software, data, policies, procedures, people
Determine rough value
-Relative to loss of C/I/A/Total
Determine for each asset, each threat
-Likelihood of occurrence
Probability of loss
Determine for each assessed risk, an appropriate response
-Eliminate asset, mitigate risk, accept risk, transfer risk
Monitor and control risk
Best practices for handling insider threats
Reverify user rights, particularly SAs
Use physical security to protect assets
Form and enforce clear, effective usage and sec policies
Educate users about concerns (SE, etc.)
Be ready to respond, create response team
