Network Security

Question 1

Define social enngineering
List the types of social engineering

Answer 1

Social engineering targets its attack on the network users, usually tricking them into leaking sensitve infomation that will allow attacker to access protected parts of network.

Methods: Phising, Identity fraud

Question 2

Define the three principles of network security

Answer 2

Confidetiality - data is protected from unauthorised access

Integrity - data is protected from unauthroised changes

Availability - data is accessible by those with authority

Question 3

Define the three security processes

Answer 3

Authentication - verify who the users really say there are

Authorisation - ensure that the users have permission to access/modify data

Accounting - process and track record activities and action taking place on the network

Question 4

Explain (Distributed)Denial of Service (DDoS/DoS) attacks

Answer 4

Purpose:
- meant to shut down machine or network and make it inaccessible for intended users

How:
- hacker infiltrates multiple multiple hosts to form a botnet (DDOS)
- attacker uses a botnet to flood the network with requests from different computers
- all TCP connections are used up (DOS)
- triggering a crash

How DOS:
1. DoS works by sending requests at a rate higher than what the server can handle
1. Server is compromise as it is unable to respond to legitimate requests made by actual users

Question 5

Explain Bot and Botnet

Answer 5

Bot
- is malware which connects to a central server,
- often to send data and recieve instructions from the server
- allows attacker to use the bot to coordinate larger scale attacks as a part of a botnet

Botnet
- collection of internet connected devices infected by malware that allows hackers to control them

Question 6

What is Spyware?

Answer 6

Spyware
- is a type of malware that runs in the background of host computers, recording user activity and actions, where data is sent back to attacker

Question 7

What is a Trojan?

Answer 7

Trojan
- is a malware that disguises itself as an innocent program to trick the users into opening it

Question 8

What is Ransomeware?

Answer 8

Ransomeware
- is a malware that encrypts data on the host computer, rendering it unsuable for the users
- the data can only be decrypted if the user pays the demanded ransome amount

Question 9

What is a keylogger?

Answer 9

Keylogger
- is malware that runs in the background of host computers, recording users keystrokes and mouse movements, where data is sent back to attacker

Question 10

Explain how Accounting can be acheieved

Answer 10

Accounting
- System logs; records activities on computer
- Network logs; records source and destination IPs of data recieved and sent in the network

Question 11

Explain how Authentication can be acheieved

Answer 11

Authentication
- Passwords
- Multifactor authenthication with the use of OTPs and security token(physical keys)
- digital certificates

Question 12

Explain how Authorisation can be acheieved

Answer 12

Authorisation
- Account controls; only administrator acc have access to root file directories

• Firewall; ensure that users who violates rules cannot access the network

Question 13

What is a data breach?
How is it done?

Answer 13

Data breach occurs when a hacker is able to access infomation stored on a server without requiring authorised access.

This can be done through
- Cross Site Scripting; load malicious scripts on website
- Sript Injection (SQL injection); enters queries into websitees which does not validate the input, thus returning sensitve data

Question 14

What is a worm?

Answer 14

Worm
- is a standalone program that replicate itself to other host systems

Question 15

What is a virus?

Answer 15

Viruses
- are program binaries/executable scripts that
- attach themselves to other files or programs to replicate themselves to other host systems

Question 16

What is a Firewall?

Answer 16

Firewall is a software which checks all inbound and outbound data packets against a predetermined rule, not allowing data which does not meet the conditions to enter the network.

Question 17

Explain the types of firewalls

Answer 17

Intrusion detection system (IDS): monitors networks for malcious activity

Intrusion prevention system (IPS): takes action to prevent an intrution when one is detected

Question 18

What is malware?

Answer 18

Malware stands for “malicious software”, which refers to intrusive software that is designed to steal data/damage and destroy computer systems.

Software is considered malware based on it’s intentions not features
Eg: Keylogging feature can be non harmful, however if the intent of the use of keyloggers is to obtain senstive info from others, then it is considered malicious.

Question 19

What is phising?

Answer 19

Phishing - is the use of misleading emails or web pages to trick users into entering sensitive info

Eg: Lookalike login form which redirects users to the original login form after users enter sensitive infomation

Question 20

What is symmetric key encryption?

Answer 20

Sender and receiver have the same private key,
Only the sender and receiver has the private key.
Sender encrypts the data and sends to the receiver, where the receiver will use the same key to decrypt the data.

Question 21

What is asymmetric key encryption?

Answer 21

The sender has a public encryption key and the receiver has a private decryption key`.
The two keys are generated as a pair and are mathematically related.
The sender encrypts the message with the public key and only the receiver can decrypt the message using the private encryption key.

Question 22

Advantages and Limitations of symmetric key encryption

Answer 22

A: Fast: key can be easily generated and the whole process uses very little system resources

D: Less secure: If attacker manages to obtain private key, they can intersect the message and decrypt it.

Question 23

Advantages and Limitations of Asymmetric key cryptography

Answer 23

A: More secure: Even if attacker manage to intersect the message, they will not be able to decrypt as they does not possess the private decryption key

D: limitation in authentication: as encryption key is public, anyone can send and thus not possible to confirm the identity of the sender
D: limitation in authorisation: not possible to confirm if the message has been tampered by another person

Question 24

What is a Digital Signature?

Answer 24

Digital signature is produced by the sender of the document to ensure that the message received by receiver is what the sender intended to send.
Digital signature verifies the authenticity of the document as it ensures that the message has not been tampered with on the way to the receiver.

Question 25

How is digital signature created and used?

Answer 25

Creation:
1. Message is hashed using a cryptographic hash function
2. Message hash is encrypted with the sender’s public key to produce a digital signature

Send:
1. The digital signature is included with the original message
2. The receiver decrypts the digital signature using the sender public key
3. The receiver hashes the decrypted message using the same cryptographic function
4. compares the two hashes to check if they are the same

Question 26

What is a digital certificate?

Answer 26

A digital certificate is issued by an authority which certifies that the contents are valid.
For eg: digital certificate authenticates the validity of a public key, thus digital certificate ensures that users are who they claim to be.