Network Security Flashcards
What is a network Protocol?
A Protocol is an agreement on how to communicate Specifies the syntax, format of message, order exchanged Specifies the semantics, what they mean, specify times.
What is a Internet Protocol (IP)?
- lets computers communicate around the world.
- Has defined binary representation for transmission over the networks it uses.
- Everything is big-endian (Network byte order)
- Any IP-enabled host receiving an IP packet knows how to handle it, because of the protocol
What are the 7 layers of the OSI Model?
7 - Application
6 - Presentation
5 - Session
4 - Transport
3 - Network
2 - Data Link’
1 - Physcial
Please do not throw sausage pizza away
How are bits encoded for a single physical link?
- Voltage levels
- RF modulation
- Photon wavelengths/intensities
Tech used, Coaxial, twisted pair, RF Broadcast, Fibre
What happens in the link layer?
- Combines bits into frames
- Provides local addressing (MAC)
- Supports point-to-point and often broadcast delivery
- Can Transmits messages with the subnet
What is a subnet?
A subnet is a logical partition of an IP network into multiple, smaller
network segments.
What happens in the network layer?
- Bridges subnets for end-to-end connectivity
- Provides global addressing
- Delivery is best-effort
- Data is encapsulated in packets (packets assembly)
router is a device that implements up through Network layer (Layer 3)
⇒ connects multiple subnets
⇒ different IP addresses on each interface
What happens in the transport layer?
End-to-end communication between processes
UDP (User DatagramProtocol)
- UDP socket contains the port number and
- IP address of the destination only
- unreliable, best effort, no packet retransmission if the if it gets lost
- datagram-based (single-packet messages)
TCP (Transmission Control Protocol)
- TCP socket contains the port numbers and IP addresses of the source & destination
- reliable, keeps track of data sent/received
- retransmission of lost packets
- byte-based (messages/sessions span possibly many packets)
What happens in the application layer?
What users/processes interact with
Choice of transport depends on what is needed
- Web browsing ⇒ TCP
- Email ⇒ TCP
- Voice calls ⇒ UDP
Defines its own data formats and protocols, within TCP or UDP
- Web browsing ⇒ HTTP (Hypertext Transfer Protocol)
- Email ⇒ SMTP (Simple Mail Transfer Protocol)\
- Voice calls ⇒ RTP (Real-time Transport Protocol)
What are Network Security Threats?
- ARP Poisoning
- Sniff, Spoof,
- DNS Poisoning
- Denial of Service
What is MAC, Why is it vulnerable?
- 48 bits = 6 bytes
- Can be changed in some hardware,
- Can be simulated in software
What does ARP do?
Address Resolution Protocol
- Translate IP (logical) addresses to MAC (physical) addresses.
- Each host OS has a table of IP to MAC addresses.
What is ARP Poisoning?
Sending forged ARP replies a target system could be convinced to send frames destined for a computer to another.
What can defend against ARP Poisoning?
- Static ARP table
- Access control based on IP, MAC, and Port
- Redirect user to a registration page before allowing usage of the network.
What is a sniffing attack?
- Sniffers listen to packets on the network and pick out interesting details, e.g. passwords
- Hackers install sniffer software on compromised hosts. Tools are available for download
- Wireless Ethernet most vulnerable
- unauthorized listening
Is it possible for an attacker to sniff traffic at router/switch level?
Yes
- tools available such as ‘dsniff’
- directly exploit its memory limitations and make the switch act as a hub
How can you defend against a sniffing attack?
Encryption - HTTPS
What is IP Spoofing?
sending unauthentic messages = using false sender address or identifier
What is happening in the image?
IP Spoofing
How can you defend against IP Spoofing?
- Monitoring networks for atypical activity,
- Deploying packet filtering to detect inconsistencies
- Authenticating all IP addresses,
- Firewall
What is DNS?
Domain Name Server
DNS servers translate web addresses (like www.howtogeek.com) into their IP addresses (like 23.92.23.113)
How do you lookup a DNS address
nslookup
What is DNS Hijacking?
- Route packets to the wrong server
What is DNSSEC?
- Assignments, response.
What is a DOS attack?
denial-of-service, attacks is to prevent authorized users from accessing a resource, or to reduce the quality of service that they receive.
Destruction or Disabling
Examples:
• Formatting the hard disk
• Crashing a server
• These attacks usually exploit a bug in a system implementation.
• Hence, can be prevented by proper design and implementation.
- Flooding a web server with requests
- Flooding a communications link with packets
