Network security Flashcards
What is the purpose of a Denial Of Service (DOS) attack?
It is an attack meant to shut down a machine or network, making it inaccessible to its intended users.
How does a DOS attack work?
User’s access to services is denied by using up all TCP connections (flooding the network) or sending it information that triggers a crash
How does a Distributed Denial Of Service (DDOS) attack work?
- attacker infiltrates multiple hosts, using them as bots in a coordinated botnet
- attacker uses bots to flood the bandwidth and resources of the targeted system
What are worms and viruses?
Worms: standalone programs that replicates itself to other host systems
Viruses: program binaries that attach themselves to other programs in order to replicate itself to other host systems
What is a firewall?
A program which filters incoming and outgoing data packets, based on a set of user-defined rules
How does a firewall protect a network from an attack?
A firewall checks data packets by applying filtering rules to determine if data packets are allowed to enter / go out of the network
What are the three processes in the AAA Security Framework and their purposes?
Authentication: To ensure that the user is who they say they are.
Authorisation: To check that a user is authorised to access a resource.
Accounting: To keep logs of actions a user has carried out on the network.
What is malware?
Malware stands for “malicious software”, intrusive software that is designed to steal data and damage or destroy computers and computer systems.
Software is considered malware based on intent of creator, not features
Name one method to achieve each of the processes in the AAA Security Framework.
Auhentication: Implement a login system with multi-factor authentication/Requires users to change password regularly
Authorisation: User Account Control, Identity Management, that prevents users from accessing data without login/checks for user permissions before giving access to data/implement different roles (user, admin) with different permissions for data access
Accounting: Implement a logging system that keeps track of user actions/keeps backups of user data/archives old logs for investigation/legal purposes
What is encryption?
The process of encoding data so that a secret key is required to read the data.
The key is usually provided as a sequence of bytes.
Before the data is decoded using the secret key, it appears as random, meaningless data.
What is a digital / electronic signature?
It is part of a message that is used to verify:
- the identity of the sender.
- the message was not tampered with in transit
created by encrypting message with sender’s private key
What is a digital certificate?
An encrypted message provided by a certification authority that:
- authenticates the identity of the individual
- verified that the public key in the message belongs to the individual
created by authorising with certificate authority
Describe symmetric key cryptography and its advantages and disadvantages.
Both the sender and the receiver have the same key.
Advantages: Security of the message does not depend on the algorithm remaining secret; key exchange is simpler as only one key is required
Disadvantages: Encryption and decryption functionality are coupled. Anyone with the key can send encrypted messages, and also decode them.
What is a botnet?
collection of internet-connected devices infected by malware that allow hackers to control them.
Name common types of malware
computer viruses, worms, trojan horses, bots, spyware, adware, ransomware
What is asymmetric key cryptography?
A public key and private key are generated as a pair
The public key is distributed publicly and used by any sender to encrypt a message to the recipient
The private key is kept by the recipient only and used to decrypt any encrypted messages
spyware vs keylogger
spyware is a malware that runs on the background of host computers, recording user activity, actions and sending that information back to the attacker
keylogger is a spyware that runs in the background of the host computer recording users mouse and keystroke movements, sending data back to attack for analysis
what is a trojan?
is a malware that disguises itself as an innocent program in order to trick the user into opening it
what is a ransomware
is a malware that encrypts data on the host computer rendering it unusable to legitimate users- attack usually demand money for data to be decrypted
name network security principles
CIA
1. confidentiality
data, objects and resources are protected from unauthorized viewing and other access
2. integrity
data is protected from unauthorised changes to ensure that it is reliable and correct
3. availability
authorised users have access to the systems and the resources that they need
name the network security processes
- authentication
that people are who they say they are
2 authorisation
verifies that the users has permission to access the resources they are attempting to access - accounting
tracks and records activities and actions taking place on the network and its computer systems
aids accountability and facilitates investigations
ways to implement authentication
- multi factor authentication (security token / otp)
- something you know
- something you have
- something you are - certificates
ways to implement authorisation
- account controls / 2. access permissions
has different roles assigned on the system with different sets of permissions - firewalls
filter packets a the transport and internet layer (ip, port no, protocol) - intrusion detection system and prevention
- detection only detects and sends an alarm
- prevention actively takes steps to prevent packets possible threats from entering (better than firewall since it can detect) - encryption and digital certificates
way to implement accounting
- system logs
- activities taking place on a computer shutdown, startup, enabling or disabling - network logs
- records source and destination of IP of data received or sent
limitations of asymmetric key encryption
- since anyone can encrypt a message with the public key it is not possible to confirm that the message is sent by stated recipient –use digital certificate
- it is not possible to confirm that the message has not been tampered en-route by another person with the private key (less impt)
how does digital signature work?
when a server wishes to send a secure message, they will first use a hashing algorithm to create a unique hash of the message content
- this has is encrypted with the private key of the sender forming a digital signature
- sender then send this private key with the original message
- receiver receives them and will decrypt the digital signature using the public key of the sender and hash the original message with the same hashing algorithm
-if the decrypted signature matches the hashed message, it can assure the receiver that the message has not been tampered in transit
-since the private key used to encrypt the message is only available to the sender, no one else can encrypt the message and hence assumer the receiver that message is sent by sender