Network Security Flashcards
Define social enngineering
List the types of social engineering
Social engineering targets its attack on the network users, usually tricking them into leaking sensitve infomation that will allow attacker to access protected parts of network.
Methods: Phising, Identity fraud
Define the three principles of network security
Confidetiality - data is protected from unauthorised access
Integrity - data is protected from unauthroised changes
Availability - data is accessible by those with authority
Define the three security processes
Authentication - verify who the users really say there are
Authorisation - ensure that the users have permission to access/modify data
Accounting - process and track record activities and action taking place on the network
Explain (Distributed)Denial of Service (DDoS/DoS) attacks
Purpose:
- meant to shut down machine or network and make it inaccessible for intended users
How:
- hacker infiltrates multiple multiple hosts to form a botnet (DDOS)
- attacker uses a botnet to flood the network with requests from different computers
- all TCP connections are used up (DOS)
- triggering a crash
How DOS:
1. DoS works by sending requests at a rate higher than what the server can handle
1. Server is compromise as it is unable to respond to legitimate requests made by actual users
Explain Bot and Botnet
Bot
- is malware which connects to a central server,
- often to send data and recieve instructions from the server
- allows attacker to use the bot to coordinate larger scale attacks as a part of a botnet
Botnet
- collection of internet connected devices infected by malware that allows hackers to control them
What is Spyware?
Spyware
- is a type of malware that runs in the background of host computers, recording user activity and actions, where data is sent back to attacker
What is a Trojan?
Trojan
- is a malware that disguises itself as an innocent program to trick the users into opening it
What is Ransomeware?
Ransomeware
- is a malware that encrypts data on the host computer, rendering it unsuable for the users
- the data can only be decrypted if the user pays the demanded ransome amount
What is a keylogger?
Keylogger
- is malware that runs in the background of host computers, recording users keystrokes and mouse movements, where data is sent back to attacker
Explain how Accounting can be acheieved
Accounting
- System logs; records activities on computer
- Network logs; records source and destination IPs of data recieved and sent in the network
Explain how Authentication can be acheieved
Authentication
- Passwords
- Multifactor authenthication with the use of OTPs and security token(physical keys)
- digital certificates
Explain how Authorisation can be acheieved
Authorisation
- Account controls; only administrator acc have access to root file directories
- Firewall; ensure that users who violates rules cannot access the network
What is a data breach?
How is it done?
Data breach occurs when a hacker is able to access infomation stored on a server without requiring authorised access.
This can be done through
- Cross Site Scripting; load malicious scripts on website
- Sript Injection (SQL injection); enters queries into websitees which does not validate the input, thus returning sensitve data
What is a worm?
Worm
- is a standalone program that replicate itself to other host systems
What is a virus?
Viruses
- are program binaries/executable scripts that
- attach themselves to other files or programs to replicate themselves to other host systems
What is a Firewall?
Firewall is a software which checks all inbound and outbound data packets against a predetermined rule, not allowing data which does not meet the conditions to enter the network.
Explain the types of firewalls
Intrusion detection system (IDS): monitors networks for malcious activity
Intrusion prevention system (IPS): takes action to prevent an intrution when one is detected
What is malware?
Malware stands for “malicious software”, which refers to intrusive software that is designed to steal data/damage and destroy computer systems.
Software is considered malware based on it’s intentions not features
Eg: Keylogging feature can be non harmful, however if the intent of the use of keyloggers is to obtain senstive info from others, then it is considered malicious.
What is phising?
Phishing - is the use of misleading emails or web pages to trick users into entering sensitive info
Eg: Lookalike login form which redirects users to the original login form after users enter sensitive infomation
What is symmetric key encryption?
Sender and receiver have the same private key,
Only the sender and receiver has the private key.
Sender encrypts the data and sends to the receiver, where the receiver will use the same key to decrypt the data.
What is asymmetric key encryption?
The sender has a public encryption key and the receiver has a private decryption key`.
The two keys are generated as a pair and are mathematically related.
The sender encrypts the message with the public key and only the receiver can decrypt the message using the private encryption key.
Advantages and Limitations of symmetric key encryption
A: Fast: key can be easily generated and the whole process uses very little system resources
D: Less secure: If attacker manages to obtain private key, they can intersect the message and decrypt it.
Advantages and Limitations of Asymmetric key cryptography
A: More secure: Even if attacker manage to intersect the message, they will not be able to decrypt as they does not possess the private decryption key
D: limitation in authentication: as encryption key is public, anyone can send and thus not possible to confirm the identity of the sender
D: limitation in authorisation: not possible to confirm if the message has been tampered by another person
What is a Digital Signature?
Digital signature is produced by the sender of the document to ensure that the message received by receiver is what the sender intended to send.
Digital signature verifies the authenticity of the document as it ensures that the message has not been tampered with on the way to the receiver.
How is digital signature created and used?
Creation:
1. Message is hashed using a cryptographic hash function
2. Message hash is encrypted with the sender’s public key to produce a digital signature
Send:
1. The digital signature is included with the original message
2. The receiver decrypts the digital signature using the sender public key
3. The receiver hashes the decrypted message using the same cryptographic function
4. compares the two hashes to check if they are the same
What is a digital certificate?
A digital certificate is issued by an authority which certifies that the contents are valid.
For eg: digital certificate authenticates the validity of a public key, thus digital certificate ensures that users are who they claim to be.