Network security

Question 1

What is the purpose of a Denial Of Service (DOS) attack?

Answer 1

It is an attack meant to shut down a machine or network, making it inaccessible to its intended users.

Question 2

How does a DOS attack work?

Answer 2

User’s access to services is denied by using up all TCP connections (flooding the network) or sending it information that triggers a crash

Question 3

How does a Distributed Denial Of Service (DDOS) attack work?

Answer 3

• attacker infiltrates multiple hosts, using them as bots in a coordinated botnet
• attacker uses bots to flood the bandwidth and resources of the targeted system

Question 4

What are worms and viruses?

Answer 4

Worms: standalone programs that replicates itself to other host systems

Viruses: program binaries that attach themselves to other programs in order to replicate itself to other host systems

Question 5

What is a firewall?

Answer 5

A program which filters incoming and outgoing data packets, based on a set of user-defined rules

Question 6

How does a firewall protect a network from an attack?

Answer 6

A firewall checks data packets by applying filtering rules to determine if data packets are allowed to enter / go out of the network

Question 7

What are the three processes in the AAA Security Framework and their purposes?

Answer 7

Authentication: To ensure that the user is who they say they are.

Authorisation: To check that a user is authorised to access a resource.

Accounting: To keep logs of actions a user has carried out on the network.

Question 8

What is malware?

Answer 8

Malware stands for “malicious software”, intrusive software that is designed to steal data and damage or destroy computers and computer systems.

Software is considered malware based on intent of creator, not features

Question 9

Name one method to achieve each of the processes in the AAA Security Framework.

Answer 9

Auhentication: Implement a login system with multi-factor authentication/Requires users to change password regularly

Authorisation: User Account Control, Identity Management, that prevents users from accessing data without login/checks for user permissions before giving access to data/implement different roles (user, admin) with different permissions for data access

Accounting: Implement a logging system that keeps track of user actions/keeps backups of user data/archives old logs for investigation/legal purposes

Question 10

What is encryption?

Answer 10

The process of encoding data so that a secret key is required to read the data.

The key is usually provided as a sequence of bytes.

Before the data is decoded using the secret key, it appears as random, meaningless data.

Question 11

What is a digital / electronic signature?

Answer 11

It is part of a message that is used to verify:

1. the identity of the sender.
2. the message was not tampered with in transit

created by encrypting message with sender’s private key

Question 12

What is a digital certificate?

Answer 12

An encrypted message provided by a certification authority that:

1. authenticates the identity of the individual
2. verified that the public key in the message belongs to the individual

created by authorising with certificate authority

Question 13

Describe symmetric key cryptography and its advantages and disadvantages.

Answer 13

Both the sender and the receiver have the same key.

Advantages: Security of the message does not depend on the algorithm remaining secret; key exchange is simpler as only one key is required

Disadvantages: Encryption and decryption functionality are coupled. Anyone with the key can send encrypted messages, and also decode them.

Question 14

What is a botnet?

Answer 14

collection of internet-connected devices infected by malware that allow hackers to control them.

Question 15

Name common types of malware

Answer 15

computer viruses, worms, trojan horses, bots, spyware, adware, ransomware

Question 16

What is asymmetric key cryptography?

Answer 16

A public key and private key are generated as a pair

The public key is distributed publicly and used by any sender to encrypt a message to the recipient

The private key is kept by the recipient only and used to decrypt any encrypted messages

Question 17

spyware vs keylogger

Answer 17

spyware is a malware that runs on the background of host computers, recording user activity, actions and sending that information back to the attacker

keylogger is a spyware that runs in the background of the host computer recording users mouse and keystroke movements, sending data back to attack for analysis

Question 18

what is a trojan?

Answer 18

is a malware that disguises itself as an innocent program in order to trick the user into opening it

Question 19

what is a ransomware

Answer 19

is a malware that encrypts data on the host computer rendering it unusable to legitimate users- attack usually demand money for data to be decrypted

Question 20

name network security principles

Answer 20

CIA
1. confidentiality
data, objects and resources are protected from unauthorized viewing and other access
2. integrity
data is protected from unauthorised changes to ensure that it is reliable and correct
3. availability
authorised users have access to the systems and the resources that they need

Question 21

name the network security processes

Answer 21

1. authentication
   that people are who they say they are
   2 authorisation
   verifies that the users has permission to access the resources they are attempting to access
2. accounting
   tracks and records activities and actions taking place on the network and its computer systems
   aids accountability and facilitates investigations

Question 22

ways to implement authentication

Answer 22

1. multi factor authentication (security token / otp)
   - something you know
   - something you have
   - something you are
2. certificates

Question 23

ways to implement authorisation

Answer 23

1. account controls / 2. access permissions
   has different roles assigned on the system with different sets of permissions
2. firewalls
   filter packets a the transport and internet layer (ip, port no, protocol)
3. intrusion detection system and prevention
   - detection only detects and sends an alarm
   - prevention actively takes steps to prevent packets possible threats from entering (better than firewall since it can detect)
4. encryption and digital certificates

Question 24

way to implement accounting

Answer 24

1. system logs
   - activities taking place on a computer shutdown, startup, enabling or disabling
2. network logs
   - records source and destination of IP of data received or sent

Question 25

limitations of asymmetric key encryption

Answer 25

1. since anyone can encrypt a message with the public key it is not possible to confirm that the message is sent by stated recipient –use digital certificate
2. it is not possible to confirm that the message has not been tampered en-route by another person with the private key (less impt)

Question 26

how does digital signature work?

Answer 26

when a server wishes to send a secure message, they will first use a hashing algorithm to create a unique hash of the message content
- this has is encrypted with the private key of the sender forming a digital signature
- sender then send this private key with the original message
- receiver receives them and will decrypt the digital signature using the public key of the sender and hash the original message with the same hashing algorithm
-if the decrypted signature matches the hashed message, it can assure the receiver that the message has not been tampered in transit
-since the private key used to encrypt the message is only available to the sender, no one else can encrypt the message and hence assumer the receiver that message is sent by sender