Network Security Flashcards
Why is Network Security important?
It ensures the protection of networks against threats like unauthorized access, data breaches, and attacks.
The human factor is often the weakest link in security, as careless users can compromise even robust systems.
Example: Poor password practices (e.g., “marge123”).
What are key Security Terminologies in networking?
Authentication: Verifies the identity of a client or entity.
Encryption: Protects data by converting it into an unreadable format.
Public Key: A key used in encryption that is publicly available.
Private Key: A confidential key used in encryption processes.
How does Authentication with IPSec work?
IPSec secures IP datagrams by providing authentication features.
Authentication Headers (AH): Bind the sender to the message.
Message Digests: Ensure data integrity, created using algorithms like SHA-1 or MD5.
How does Public Key Encryption work?
Bi-Directional Usage: Data encrypted with a private key can only be decrypted with the corresponding public key and vice versa.
Applications:
*Authentication: Sender encrypts with their private key to verify identity.
*Confidentiality: Sender encrypts with the recipient’s public key to ensure privacy.
What is Encryption in IPSec?
Encapsulating Security Payload (ESP): Encrypts the data portion of a datagram, commonly used in VPNs for secure communication.
VPN Integration: IPSec ESP helps maintain data security in VPN connections.
What are some Web Security Threats?
Integrity: Modification or destruction of data.
Confidentiality: Unauthorized access to private data.
Denial of Service (DoS): Disruption of service availability.
Unchecked Code: Exploiting user inputs (e.g., JavaScript or SQL injection).
What is a Denial of Service (DoS) attack?
A DoS attack overloads resources like servers or memory, causing service disruptions.
Example: Nimbda virus, which uses incoming requests to propagate itself.
What are some Secure Coding Practices?
Validate user inputs using positive validation (check for expected formats) and negative validation (check for malicious code like
tags).
Sanitize inputs to prevent unchecked code attacks.
What are Encryption Techniques?
Single Key Encryption: Uses the same key for both encryption and decryption (e.g., DES).
-Vulnerabilities: Key interception can compromise security.
Public Key Cryptography: Uses separate keys for encryption and decryption (e.g., RSA).
What is Secure Socket Layer (SSL)?
SSL provides encrypted communication over TCP connections.
It involves steps like exchanging certificates and public keys before starting secure communication.
How is Email Security ensured?
PGP (Pretty Good Privacy): Encrypts emails using single or public key cryptography.
Virus Protection: Antivirus tools scan incoming emails for malicious attachments.
What are some examples of Malicious Programs?
Trap Door: Hidden entry points to systems.
Logic Bomb: Activated under specific conditions.
Trojan Horse: Appears as legitimate software but has malicious behavior.
Virus: Propagates through executable files.
Worm: Spreads through network connections.
Bacteria: Propagates without causing harm.
What are the Key Takeaways about network security?
Prevention is critical, such as regular updates to avoid vulnerabilities like the Code Red worm.
A robust security system combines encryption, authentication, input validation, and proactive defense.
