Network security Flashcards

1
Q

What is the purpose of a Denial Of Service (DOS) attack?

A

It is an attack meant to shut down a machine or network, making it inaccessible to its intended users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How does a DOS attack work?

A

User’s access to services is denied by using up all TCP connections (flooding the network) or sending it information that triggers a crash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How does a Distributed Denial Of Service (DDOS) attack work?

A
  • attacker infiltrates multiple hosts, using them as bots in a coordinated botnet
  • attacker uses bots to flood the bandwidth and resources of the targeted system
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are worms and viruses?

A

Worms: standalone programs that replicates itself to other host systems

Viruses: program binaries that attach themselves to other programs in order to replicate itself to other host systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a firewall?

A

A program which filters incoming and outgoing data packets, based on a set of user-defined rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How does a firewall protect a network from an attack?

A

A firewall checks data packets by applying filtering rules to determine if data packets are allowed to enter / go out of the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the three processes in the AAA Security Framework and their purposes?

A

Authentication: To ensure that the user is who they say they are.

Authorisation: To check that a user is authorised to access a resource.

Accounting: To keep logs of actions a user has carried out on the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is malware?

A

Malware stands for “malicious software”, intrusive software that is designed to steal data and damage or destroy computers and computer systems.

Software is considered malware based on intent of creator, not features

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Name one method to achieve each of the processes in the AAA Security Framework.

A

Auhentication: Implement a login system with multi-factor authentication/Requires users to change password regularly

Authorisation: User Account Control, Identity Management, that prevents users from accessing data without login/checks for user permissions before giving access to data/implement different roles (user, admin) with different permissions for data access

Accounting: Implement a logging system that keeps track of user actions/keeps backups of user data/archives old logs for investigation/legal purposes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is encryption?

A

The process of encoding data so that a secret key is required to read the data.

The key is usually provided as a sequence of bytes.

Before the data is decoded using the secret key, it appears as random, meaningless data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a digital / electronic signature?

A

It is part of a message that is used to verify:

  1. the identity of the sender.
  2. the message was not tampered with in transit

created by encrypting message with sender’s private key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a digital certificate?

A

An encrypted message provided by a certification authority that:

  1. authenticates the identity of the individual
  2. verified that the public key in the message belongs to the individual

created by authorising with certificate authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Describe symmetric key cryptography and its advantages and disadvantages.

A

Both the sender and the receiver have the same key.

Advantages: Security of the message does not depend on the algorithm remaining secret; key exchange is simpler as only one key is required

Disadvantages: Encryption and decryption functionality are coupled. Anyone with the key can send encrypted messages, and also decode them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a botnet?

A

collection of internet-connected devices infected by malware that allow hackers to control them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Name common types of malware

A

computer viruses, worms, trojan horses, bots, spyware, adware, ransomware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is asymmetric key cryptography?

A

A public key and private key are generated as a pair

The public key is distributed publicly and used by any sender to encrypt a message to the recipient

The private key is kept by the recipient only and used to decrypt any encrypted messages

17
Q

spyware vs keylogger

A

spyware is a malware that runs on the background of host computers, recording user activity, actions and sending that information back to the attacker

keylogger is a spyware that runs in the background of the host computer recording users mouse and keystroke movements, sending data back to attack for analysis

18
Q

what is a trojan?

A

is a malware that disguises itself as an innocent program in order to trick the user into opening it

19
Q

what is a ransomware

A

is a malware that encrypts data on the host computer rendering it unusable to legitimate users- attack usually demand money for data to be decrypted

20
Q

name network security principles

A

CIA
1. confidentiality
data, objects and resources are protected from unauthorized viewing and other access
2. integrity
data is protected from unauthorised changes to ensure that it is reliable and correct
3. availability
authorised users have access to the systems and the resources that they need

21
Q

name the network security processes

A
  1. authentication
    that people are who they say they are
    2 authorisation
    verifies that the users has permission to access the resources they are attempting to access
  2. accounting
    tracks and records activities and actions taking place on the network and its computer systems
    aids accountability and facilitates investigations
22
Q

ways to implement authentication

A
  1. multi factor authentication (security token / otp)
    - something you know
    - something you have
    - something you are
  2. certificates
23
Q

ways to implement authorisation

A
  1. account controls / 2. access permissions
    has different roles assigned on the system with different sets of permissions
  2. firewalls
    filter packets a the transport and internet layer (ip, port no, protocol)
  3. intrusion detection system and prevention
    - detection only detects and sends an alarm
    - prevention actively takes steps to prevent packets possible threats from entering (better than firewall since it can detect)
  4. encryption and digital certificates
24
Q

way to implement accounting

A
  1. system logs
    - activities taking place on a computer shutdown, startup, enabling or disabling
  2. network logs
    - records source and destination of IP of data received or sent
25
Q

limitations of asymmetric key encryption

A
  1. since anyone can encrypt a message with the public key it is not possible to confirm that the message is sent by stated recipient –use digital certificate
  2. it is not possible to confirm that the message has not been tampered en-route by another person with the private key (less impt)
26
Q

how does digital signature work?

A

when a server wishes to send a secure message, they will first use a hashing algorithm to create a unique hash of the message content
- this has is encrypted with the private key of the sender forming a digital signature
- sender then send this private key with the original message
- receiver receives them and will decrypt the digital signature using the public key of the sender and hash the original message with the same hashing algorithm
-if the decrypted signature matches the hashed message, it can assure the receiver that the message has not been tampered in transit
-since the private key used to encrypt the message is only available to the sender, no one else can encrypt the message and hence assumer the receiver that message is sent by sender