Network Security Flashcards

1
Q

TLS (Transport Layer Security)

A

TLS is a cryptographic services protocol based on the
Browser PKI and is commonly used on the Internet.
- Port 443 is reserved for HTTP over TLS/SSL and the
protocol https is used with this port.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

(TLS) Protocols

A

Provides two services for TLS connections.
– Message Confidentiality:
• Encrypt the payload using symmetric encryption (e.g. AES)
– Message Integrity/Authenticity:
• Calculate a MAC to ensure the message was not modified in
transmission
• For both operations the session key exchanged
during the handshake is used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

(TLS) Security services

A
  1. Message Confidentiality:
    • Encrypt the payload using symmetric encryption (e.g. AES)
  2. Message Integrity/Authenticity:
    • Calculate a MAC to ensure the message was not modified in
    transmission

For both operations the session key exchanged during the handshake is used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

(TLS) Key establishment (RSA/DH)

A

I en diffie-Hellman key exchange kan det oppstå en “man in the middle attack” Dvs at det er en attacker mellom Alice og Bob, som tar i mot deres keys (g^a og g^b) for så å sende ut feil nøkler til hver av personene. For å unngå dette kan man digital sign the keys, slik at attackeren ikke får tilgang.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

(TLS) Challenges

A

• Many vulnerabilities exist for TLS
→ keep client and server software up-to-date
• Also vulnerabilities in cryptographic algorithms
→ configure server to exclude weak algorithms
• TLS provides security just for a single TCP connection
– Browser can establish HTTP and HTTPS connections; even to the
same server (e.g. HTML via HTTPS, images via HTTP)
• Relies on browser PKI which has many security issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

VPN

A

Virtual Private Networks:
Skaper en tunell fra en ekstern lokasjon (feks hjemme) og til et privat nettverk (feks bedriftnettverk). Med dette kan man unngå det offentlige nettverket med en “protected Pipe”. Likevel kan en attacker bryte seg inn vi den eksterne lokasjonen og få tilgang til bedriftsnettverket.

VPN kan også bidra til å skjule IP adressen din.

VPN provideren vet både hvem kilden og hvem mottakeren er.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Firewall

A
  • A firewall is a check point that protects the internal networks against attack from outside networks
  • The check point decides which traffic can pass in & out based on rules
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Principles of different firewalls, strengths and weaknesses. (Skriv inn styrker og svakheter for alle)

A
  • Packet Filters: Inspects packet headers only. A packet filter is a network router that can accept/reject
    packets based on headers
    Problems:
    Siden den ikke tar imot noen pakker, så kan det medføre at man ikke får respons på packets man har bedt om.
  • Stateful Packet Filters: Analyses bi-directional traffic
    Tillater pakker som har blitt forespurt, men avviser pakker som ikke er forespurt.
    Strengths:
    – Low overhead and high throughput
    – Supports almost any application
    Weaknesses:
    – Unable to interpret application layer data/commands
    • may allow insecure operations to occur
    – Allows direct connection between hosts inside &
    outside firewall
  • Application Level Gateway/ Next Generation Firewall: End-to-end connection inspects payload, and analyses traffic
    • Strengths:
    – Easy logging and audit of all incoming traffic
    – Provides potential for best security through control of application
    layer data/commands
    • Weaknesses:
    – May require some time for adapting to new applications
    – Much slower than packet filters
    – Much more expensive than packet filters
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

(Firewalls) Network architectures: simple/DMZ

A
Simple firewall (Lær modellen)
DMZ firewall (lær modellen)
DMZ oppnår en ekstra sikkerhet ved å bruke External og internal FIrewalls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Intrusion detection principles

A

Intrusion detection
– The identification of possible intrusion through intrusion
signatures and network activity analysis
– IDS: Intrusion Detection Systems

Intrusion prevention
– The process of both detecting intrusion activities and managing automatic responsive actions throughout the network
– IPS: Intrusion Prevention Systems
– IDPS: Intrusion Detection and Prevention Systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IDS (Intrusion Detection Systems)

A
  • Are automated systems that detect suspicious activity

- Can be either host-based or network-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Intrusion Detection Techniques

A

Misuse detection
– Use attack “signatures” (need a model of the attack)
• Sequences of system calls, patterns of network traffic, etc.
– Must know in advance what attacker can do, based on known attack patterns
– Can only detect known attacks

Anomaly detection
– Using a model of normal system behavior, try to detect deviations and abnormalities
• e.g., raise an alarm when a statistically rare event(s) occurs
– Can potentially detect unknown attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Network Security Concepts

A

– Wants to protect own local network
– Wants to protect communication with other networks

Communication Security: Protection of data transmitted across networks between organisations and end users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

TLS: Handshake Protocol

A

The handshake protocol
– Establishes a shared session key
– Authenticates the server

• After the handshake, application data is transmitted
securely (encrypted + integrity protected)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

TOR

A

An anonymizing routing protocol.

Senderen kan ikke spores. “Filen” sendes gjennom flere maskiner og kan ikke spores til mottaker eller sender

How well did you know this?
1
Not at all
2
3
4
5
Perfectly