Network Security

Question 1

TLS (Transport Layer Security)

Answer 1

TLS is a cryptographic services protocol based on the
Browser PKI and is commonly used on the Internet.
- Port 443 is reserved for HTTP over TLS/SSL and the
protocol https is used with this port.

Question 2

(TLS) Protocols

Answer 2

Provides two services for TLS connections.
– Message Confidentiality:
• Encrypt the payload using symmetric encryption (e.g. AES)
– Message Integrity/Authenticity:
• Calculate a MAC to ensure the message was not modified in
transmission
• For both operations the session key exchanged
during the handshake is used

Question 3

(TLS) Security services

Answer 3

1. Message Confidentiality:
   • Encrypt the payload using symmetric encryption (e.g. AES)
2. Message Integrity/Authenticity:
   • Calculate a MAC to ensure the message was not modified in
   transmission

For both operations the session key exchanged during the handshake is used

Question 4

(TLS) Key establishment (RSA/DH)

Answer 4

I en diffie-Hellman key exchange kan det oppstå en “man in the middle attack” Dvs at det er en attacker mellom Alice og Bob, som tar i mot deres keys (g^a og g^b) for så å sende ut feil nøkler til hver av personene. For å unngå dette kan man digital sign the keys, slik at attackeren ikke får tilgang.

Question 5

(TLS) Challenges

Answer 5

• Many vulnerabilities exist for TLS
→ keep client and server software up-to-date
• Also vulnerabilities in cryptographic algorithms
→ configure server to exclude weak algorithms
• TLS provides security just for a single TCP connection
– Browser can establish HTTP and HTTPS connections; even to the
same server (e.g. HTML via HTTPS, images via HTTP)
• Relies on browser PKI which has many security issues

Question 6

VPN

Answer 6

Virtual Private Networks:
Skaper en tunell fra en ekstern lokasjon (feks hjemme) og til et privat nettverk (feks bedriftnettverk). Med dette kan man unngå det offentlige nettverket med en “protected Pipe”. Likevel kan en attacker bryte seg inn vi den eksterne lokasjonen og få tilgang til bedriftsnettverket.

VPN kan også bidra til å skjule IP adressen din.

VPN provideren vet både hvem kilden og hvem mottakeren er.

Question 7

Firewall

Answer 7

• A firewall is a check point that protects the internal networks against attack from outside networks
• The check point decides which traffic can pass in & out based on rules

Question 8

Principles of different firewalls, strengths and weaknesses. (Skriv inn styrker og svakheter for alle)

Answer 8

• Packet Filters: Inspects packet headers only. A packet filter is a network router that can accept/reject
  packets based on headers
  Problems:
  Siden den ikke tar imot noen pakker, så kan det medføre at man ikke får respons på packets man har bedt om.
• Stateful Packet Filters: Analyses bi-directional traffic
  Tillater pakker som har blitt forespurt, men avviser pakker som ikke er forespurt.
  Strengths:
  – Low overhead and high throughput
  – Supports almost any application
  Weaknesses:
  – Unable to interpret application layer data/commands
  • may allow insecure operations to occur
  – Allows direct connection between hosts inside &
  outside firewall
• Application Level Gateway/ Next Generation Firewall: End-to-end connection inspects payload, and analyses traffic
  • Strengths:
  – Easy logging and audit of all incoming traffic
  – Provides potential for best security through control of application
  layer data/commands
  • Weaknesses:
  – May require some time for adapting to new applications
  – Much slower than packet filters
  – Much more expensive than packet filters

Question 9

(Firewalls) Network architectures: simple/DMZ

Answer 9

Simple firewall (Lær modellen)
DMZ firewall (lær modellen)
DMZ oppnår en ekstra sikkerhet ved å bruke External og internal FIrewalls

Question 10

Intrusion detection principles

Answer 10

Intrusion detection
– The identification of possible intrusion through intrusion
signatures and network activity analysis
– IDS: Intrusion Detection Systems

Intrusion prevention
– The process of both detecting intrusion activities and managing automatic responsive actions throughout the network
– IPS: Intrusion Prevention Systems
– IDPS: Intrusion Detection and Prevention Systems

Question 11

IDS (Intrusion Detection Systems)

Answer 11

• Are automated systems that detect suspicious activity

- Can be either host-based or network-based

Question 12

Intrusion Detection Techniques

Answer 12

Misuse detection
– Use attack “signatures” (need a model of the attack)
• Sequences of system calls, patterns of network traffic, etc.
– Must know in advance what attacker can do, based on known attack patterns
– Can only detect known attacks

Anomaly detection
– Using a model of normal system behavior, try to detect deviations and abnormalities
• e.g., raise an alarm when a statistically rare event(s) occurs
– Can potentially detect unknown attacks

Question 13

Network Security Concepts

Answer 13

– Wants to protect own local network
– Wants to protect communication with other networks

Communication Security: Protection of data transmitted across networks between organisations and end users

Question 14

TLS: Handshake Protocol

Answer 14

The handshake protocol
– Establishes a shared session key
– Authenticates the server

• After the handshake, application data is transmitted
securely (encrypted + integrity protected)

Question 15

TOR

Answer 15

An anonymizing routing protocol.

Senderen kan ikke spores. “Filen” sendes gjennom flere maskiner og kan ikke spores til mottaker eller sender