Network Security terms Flashcards
CIA
- Confidentiality
- Integrity
- Availability
Confidentiality
▪ Keeping the data private and safe
• Encryption • Authentication to access resources
Symmetric Encryption
▪ Both sender and receiver use the same key
DES
Data Encryption Standard
- Developed in the mid-1970s
- 56-bit key
- Used by SNMPv3
- Considered weak today
3DES
(Triple DES)
- Uses three 56-bit keys (168-bit total)
- Encrypt, decrypt, encrypt
AES
(Advanced Encryption Standard)
- Preferred symmetric encryption standard
- Used by WPA2
- Available in 128-bit, 192-bit, and 256-bit keys
Asymmetric Encryption
▪ Uses different keys for sender and receiver
▪ RSA is the most popular implementation
▪ RSA algorithm is commonly used with a public key infrastructure (PKI)
▪ PKI is used to encrypt data between your web browser and a shopping website
▪ Can be used to securely exchange emails
▪ Sender and receiver use different keys to encrypt and decrypt the messages
Integrity
Hashing (Integrity)
▪ Ensures data has not been modified in transit
▪ Verifies the source that traffic originates from
(MD5) 128-bit hash digest
(SHA-1) 160-bit hash digest
(SHA-256) 256-bit hash digest
Availability
Measures accessibility of the data
▪ Increased by designing redundant networks
▪ Compromised by
• Crashing a router or switch by sending improperly formatted data
• Flooding a network with so much traffic that legitimate requests cannot be processed o Denial of Service (DoS) o Distributed Denial of Service
Attacks on Confidentiality
▪ Packet capture ▪ Wiretapping ▪ Dumpster diving ▪ Ping sweep ▪ Port scan ▪ Wireless interception o EMI interference interception ▪ Man-in-the-Middle ▪ Social engineering ▪ Malware/Spyware
Attacks on Integrity
Man-in-the-middle ▪ Data diddling • Changes data before storage ▪ Trust relationship exploitation ▪ Salami attack • Puts together many small attacks to make one big attack ▪ Password attack • Trojan Horse, Packet Capture, Keylogger, Brute Force, Dictionary Attack
Man-in-the-Middle
Causes data to flow through the attacker’s computer where they can intercept or manipulate the data
Session Hijacking
Attacker guesses the session ID for a web session, enabling them to take over the already authorized session of the clien
Botnets
▪ Software robot that lies on a compromised computer
▪ Collection of computers (called zombies) can be controlled by a remote server to perform various attacks/functions for the criminals
Attacks on Availability
• Denial of service (DoS) • Distributed Denial of Service (DDoS) • TCP SYN flood • Buffer overflow • ICMP attacks (Smurf) • UDP attacks (Fraggle) • Ping of Death • Electrical disturbances • Physical environment attacks
TCP SYN Flood
Variant on a Denial of Service (DOS) attack where attacker initiates multiple TCP sessions, but never completes the 3-way handshake
Smurf (ICMP Flood)
Attacker sends a ping to subnet broadcast address and devices reply to spoofed IP (the victim) using up bandwidth and processing
Electrical Disturbance
• Power spikes • Electrical surges • Power faults • Blackouts • Power sag • Brownout
Insider Threats
Employees or other trusted insiders who use their network access to harm the company
Logic Bomb
Specific type of malware that is tied to a time or logical event
Phishing
Attackers send email to get a user to click link
Ransomware
Attackers gain control of your files, encrypt them, and hold them for a ransom
Deauthentication
▪ Attacker sends a deauthentication frame a victim to disconnect them from the network
▪ Often used in wireless hacking attacks
VLAN Hopping
▪ Attacker physically connects to a different switch port to access a different VLAN
▪ Manually assigning switch ports and using NAC can help prevent this
Patching
▪ Designed to correct a known bug or fix a known vulnerability in programs and apps
▪ Should be implemented as they become available
▪ Updates add new features, but patches fix known vulnerabilities
Honey Pots and Honey Nets
▪ Systems designed as an attractive target
• Distraction for the attacker
▪ Attackers use their resources attacking the honey pot and leave the real servers alone
- Honey pot is a single machine
- Honey net is a network of multiple honey pots
▪ Used to study how attackers conduct attacks
SHH
Secure remote access via terminal emulator
RADIUS
Remote Authentication Dial In User Service (RADIUS)
(AAA) Framework, UDP 1812/1813
Networking protocol design to authenticate and log remote network users
TACACS+
Terminal Access Controller Access-Control System + is a Cisco protocol. Uses (AAA) TCP 49
Used to administrator access to network devices - Switches, Routers, Firewall etc
AAA
Authentication
-Who you are by credentials
Authorization
-What you can do
(access resources, services, task, time, etc)
Accounting
(track user activities, resources used, for how long, etc.
This can be used for billing customers in data center)
(BYOD) vulnerabilities
- Bluejacking - Sending of unauthorized messages over Bluetooth
- Bluesnarfing - Provides unauthorized access to wireless through Bluetooth
- Bluebugging - Unauthorized backdoor to connect Bluetooth back to attacker
Data Loss Prevention
▪ Policy that seeks to minimal accidental or malicious data losses
- Client level (data in operation)
- Network level (data in transit)
- Storage level (data at rest)
Multifactor Authentication
▪ Something you know ▪ Something you have ▪ Something you are ▪ Something you do ▪ Somewhere you are
Something You Have (Possession Factor)
▪ Smartcard
• Stores digital certificates on the card which are accessed once a valid PIN is provided (keyboard reader)
▪ Key fobs
▪ RFID tags
Something You Are (Inherence Factor)
▪ Fingerprints
▪ Retina scans
▪ Voice prints
Something You Do (Action Factor)
▪ How you sign your name
▪ How you draw a particular pattern
▪ How you say a certain passphrase
Somewhere You Are (Location Factor)
▪ Geotagging
▪ Geofencing
Packet-Filtering Firewalls
▪ Permits or denies traffic based on packet header • Source IP address/port number • Destination IP address/port number ▪ Looks at each packet individually
Stateful Firewalls
▪ Inspects traffic as part of a session
▪ Recognizes whether traffic originated from inside or outside the LAN
NextGen Firewalls (NGFW)
▪ Third generation firewalls that conduct deep packet inspection and packet filtering
▪ Operates at higher levels of the OSI model than traditional stateful firewalls
▪ Web Application Firewalls are a good example of these, as they inspect HTTP traffic
Access Control List (ACL)
▪ Set of rules typically applied to router interfaces that permit or deny certain traffic
- Source IP, Port, or MAC
- Destination IP, Port, or MAC
Unified Threat Management (UTM) Devices
▪ Device that combines firewall, router, intrusion detection/prevention system, antimalware, and other security features into a single device
▪ Agent is run on an internal client and can be queried by the UTM before allowing connection to the network
▪ UTM can be purchased as a physical device to install in your network, or you can look to a cloud solution
Intrusion Detection System (IDS)
▪ Passive device
▪ Operates parallel to the network
▪ Monitors all traffic and sends alerts
Intrusion Prevention System (IPS)
▪ Active device
▪ Operates in-line to the network
▪ Monitors all traffic, sends alerts, and drops or blocks the offending traffic
Network-based (NIDS/NIPS)
Network device to protect entire network
• NIPS might prevent a DoS attack whereas a HIPS solution could focus on the protection of applications on a host from malware and other attacks
Host-based (HIDS/HIPS)
• Software-based and installed on servers/clients
▪ Network and Host-based can work together for more complete protection
Site to Site
Interconnects two sites and provides an inexpensive alternative to a leased line
Client to Site
Connects a remote user with a site and commonly called remote access
VPN Types: SSL
▪ Secure Socket Layer (SSL) provides cryptography and reliability for upper layers of the OSI model (Layers 5-7)
▪ Largely replaced by TLS in current networks
▪ Provides for secure web browsing via HTTPS
VPN Types: TLS
▪ Transport Layer Security (TLS) has mostly replaced SSL
▪ If you are using an HTTPS website, you are probably using TLS
VPN Types: DTLS
▪ Datagram Transport Layer Security (TLS) is used to secure UDP traffic
▪ Based on the TLS protocol
▪ Designed to give security to UDP by preventing eavesdropping, tampering, and message forgery
VPN Types: L2TP
▪ Layer 2 Tunneling Protocol (L2TP) lacks security features like encryption
▪ Can be used for secure VPN if combined with additional protocols for encryption services
VPN Types: PPTP
▪ Point-to-Point Tunneling Protocol (PPTP) is an older protocol that supports dial-up networks
▪ Lacks native security features, but Windows added some features in their implementation
IP Security (IPSec)
▪ VPNs most commonly use IPsec to provide protections for their traffic over the internet using CIA
IPsec uses the Internet Key Exchange (IKE) to create a secure tunnel • IKE uses encryption between authenticated peers