Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

TU 2 IT-Sicherheit > Network Security > Flashcards

Network Security Flashcards

1
Q

Eigenschaften Eavesdropping attacker

A
  • Can listen
  • Can not inject (spoof), intercept or modify
  • How: (remote) antenna, ‘tap’
  • Defense: encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Eigenschaften MITM attack

A
  • on-path
  • can listen, inject, block, change
  • How: control router/switch/link (route-hijacking, DNS poisoning)
  • Defense: encryption, signatures, MACs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Eigenschaften off-path attack

A
  • Off-path (do not control devices en-route)
  • Can (only) inject (e.g. spoofed (fake) sender address)
  • Cannot intercept, modify or block
  • Defense: challenge-response (“cookie”)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Internet protocol stack

A
  • physical
    -> delivery of individual bits over a medium
  • data link
    -> delivery of frames
    -> identified by MAC
  • internet/network
    -> delivery of packets from one host to another
    -> IP
  • transport
    -> end-to-end communication of segment or datagrams
    -> TCP/UDP
    -> add the concepts of ports
  • application
    -> provides protocols that can directly work with applications
    -> application-specific messages
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Subnets and Prefixes

A
  • Prefix a.b.c.d/p
    -> set of IP addresses with same p most significant bits
    -> Network part: p
    -> Host part: remaining (32-p) least significant bits
  • Subnet
    -> interfaces with IP addresses in prefix
    -> can communicate directly with each other (not via router)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IP Spoofing

A
  • Attacker constructs IP and transport headers with any chosen, false source IP address
  • Can be done by any user with local root privileges
  • Types of attacks:
    -> IP defragmentation cache poisoning
    -> DoS attacks
    -> DNS poisoning (insert malicious data, e.g. redirect to malicious DNS server)
  • Measures: Firewall filtering
    -> egress filtering: discard outgoing packets with source IP not in LAN
    -> ingress filtering: discard incoming packets with IP in LAN
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Internet Protocol Security (IPSec)

A
  • Provide universal authentication and encryption
  • Two modes: transport and tunnel (another IP header)
  • Two protocols:
    -> Authentication Header (AH): authenticate
    -> Encapsulating Security Payload (ESP): authenticate and encrypt
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Stateless vs. Stateful Firewalls

A
  • Stateless firewalls filter traffic packet-per-packet
  • Stateful firewalls do everything stateless firewalls do + monitor traffic state (can detect patterns)
    -> more resource heavy
    -> fewer rules, smaller tables
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Maximum Transmission Unit

A
  • packets that are too big to be transmitted are fragmented
  • every network has its own MTU (largest IP packet it can carry)
  • MTU is not known in advance
    -> client has to reassemble packets when further fragemented
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Difference IPv4 and IPv6

A
  • Originally should provide more IP addresses
  • Simpler header structure
    -> No IP record route option
    -> No mandatory identifier
    -> No broadcast addresses
    -> Multicast addresses can not be destined from remote
    -> Version, Class, Flow Label, Payload Length, next header, hop limit, 128 bit source and destination address
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IPv6 Privacy Extension (Temporary Addresses)

A
  • Enabled by default in Windows, Android, macOS, iOS, Linux
  • Address is based on a random value instead of MAC address
  • Addresses expire/have to be regenerated
  • Possible because IPs are chosen by each device and not by the router
  • Hosts still have a non-temporary address which is usually not used for new connections
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

UDP

A
  • Connectionless (es wird vorher keine Verbindung aufgebaut wie z.B. mit dem TCP handshake)
  • Unreliable: packet loss/duplicate/out of order
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

TCP

A
  • point-to-point (one client, one server)
  • reliable, in-order byte stream
  • connection-oriented
  • pipelined & flow-control
  • send & receive buffers
  • full duplex data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

SYN Flooding DoS Attack

A
  • Spoofing adversary sends many requests (using different client IP addresses) from spoofed src IP
    -> Send SYN without ACK
  • Server’s capacity for open connections is used up
  • Countermeasures: SYN cookie (keep state encoded in sequence number -> state not stored in table)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SYN Flooding DoS Attack

A
  • Spoofing adversary sends many requests (using different client IP addresses) from spoofed src IP
    -> Send SYN without ACK
  • Server’s capacity for open connections is used up
  • Countermeasures: SYN cookie (keep state encoded in sequence number -> state not stored in table)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

SYN Flooding DoS Attack

A
  • Spoofing adversary sends many requests (using different client IP addresses) from spoofed src IP
    -> Send SYN without ACK
  • Server’s capacity for open connections is used up
  • Countermeasures: SYN cookie (keep state encoded in sequence number -> state not stored in table)
17
Q

SYN Flooding DoS Attack

A
  • Spoofing adversary sends many requests (using different client IP addresses) from spoofed src IP
    -> Send SYN without ACK
  • Server’s capacity for open connections is used up
  • Countermeasures: SYN cookie (keep state encoded in sequence number -> state not stored in table)
18
Q

SYN Flooding DoS Attack

A
  • Spoofing adversary sends many requests (using different client IP addresses) from spoofed src IP
    -> Send SYN without ACK
  • Server’s capacity for open connections is used up
  • Countermeasures: SYN cookie (keep state encoded in sequence number -> state not stored in table)
19
Q

SYN Flooding DoS Attack

A
  • Spoofing adversary sends many requests (using different client IP addresses) from spoofed src IP
    -> Send SYN without ACK
  • Server’s capacity for open connections is used up
  • Countermeasures: SYN cookie (keep state encoded in sequence number -> state not stored in table)
20
Q

SYN Flooding DoS Attack

A
  • Spoofing adversary sends many requests (using different client IP addresses) from spoofed src IP
    -> Send SYN without ACK
  • Server’s capacity for open connections is used up
  • Countermeasures: SYN cookie (keep state encoded in sequence number -> state not stored in table)

TU 2 IT-Sicherheit (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions