Revision Lecture

Question 1

what is the CIA Triad?

Answer 1

confidentiality
integrity
availability

Question 1

what is the CIA Triad: Availability ?

Answer 1

• Data is available when required.
• Enforced through redundancy,
• Violations: Hardware damage,
  DoS

Question 2

what is the CIA Triad: Integrity?

Answer 2

*Accuracy and completeness of data, assurance that data has not been modified or omitted,
* Enforced through hashes,
* Violations: modifications of data during transfer.

Question 3

what is the CIA Triad: Confidentiality ?

Answer 3

• Ensuring data is hidden, only visible to authorized users,
• Enforced through encryption,
• Violations: packet sniffing , breaking encryption,unintentional human errors

Question 4

Identity Access Management (IAAA): Identification

Answer 4

• Identify an entity: I am John
• Possible to identify yourself without authentication

Question 5

Identity Access Management (IAAA): Authethication

Answer 5

• Password PIN biometric,
• Authentication can be only done after identification
• No-repudiation

Question 6

Identity Access Management (IAAA): Authorization

Answer 6

Access control list
* Clearances
* Authorization is consulted after authentication

Question 7

Identity Access Management (IAAA): Accountablity

Answer 7

• Account audits
• Log reviews

Question 8

Authentication Factors

Answer 8

• Type I: Something that you KNOW(weak)
  Password
  PIN
• Type II: Something that you HAVE
  PIN Sentry
  Mobile SIM
• Type III: Something that you ARE (Strong)
  Retina Pattern
  Fingerprint

Question 9

What is Multifactor Authethication(MFA)

Answer 9

Single factor authentication, e.g., password – weak
MFA combines more than one type of authentication

Often Type I and Type II are combined
✓ Type I: something that you know (e.g., password)
✓ Type II: something that you have (e.g., Mobile
SIM, SMS)
✓ 2FA: Two factors combined
✓ 3FA: Three factors combined

Question 10

What are the 5 primary functions of cryptography?

Answer 10

1. Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver.
2. Authentication: The process of proving one’s identity.
3. Integrity: Assuring the receiver that the received message has not been altered in any way from the original.
4. Non-repudiation: A mechanism to prove that the sender really sent this message.
5. Key exchange: The method by which crypto keys are shared between sender and receiver.

Question 11

what is symmetric cryptography?

Answer 11

Same key used for encryption and decryption, i.e., symmetric,
* Same cipher (algorithm) used for encryption and decryption,
* Key length determines the strength of encryption, the longer is better,
* Popular private-keys ciphers are AES (AES-128, AES-192, and
AES-256), RC5, Twofish, and many more.

Question 12

What is asymmetric cryptography?

Answer 12

Public key used for encryption and private key used for decryption, i.e., asymmetric,
* Private key is completely different than public key
* Data encrypted by public key CANNOT be decoded with public key and must use the private key.
* If a sender uses his private key to encrypt then it is not for secrecy, but for digitally signing the document

example: RSA

Question 13

Symmetric vs Asymmetric

Answer 13

Symmetric:
Same key used for encryption and decryption
Encryption and decryption algorithms are same
Cannot always exchange keys safely
Fast
Similar key size offers strong encryption

Asymmetric:
Different keys (Public and Private) used for encryption and decryption
Encryption and decryption algorithms are different
Can be done even in public networks
Slow
Longer keys required to ensure strong encryption

Question 14

Explain hashing terms

Answer 14

Message digest: Hashing creates a fixed size “summary”

Input/Output Size: Fixed-size message digest for any size of input

One-way function: impossible to recover the original

Unique: Different documents lead to different hashes

Collision: Different documents lead to same message digest

Question 15

hashing file integrity

Answer 15

1. Source calculates file hash and includes it with file
2. User downloads file and its hash
3. User recalculates the hash of the downloaded file independently
4. User compares the downloaded hash and the calculated one to check the integrity

Question 16

Hashing: Digital Signature

Answer 16

• Source calculates file hash
• Source signs with his private key (digital signature)
• User downloads file and signed hash
• User recalculates the hash of the downloaded file independently
• User decrypts the signed hash using source’s public key and compares the hashes

Question 17

IPSec: Virtual Private Networks (VPNs)

Answer 17

VPN extends a private network over public networks e.g., internet

VPN achieves this by encrypting the traffic to/from the remote users

Effectively creates a tunnel using encryption

Question 18

IPSec Modes of operation:

Answer 18

Modes of operation:
* Transport mode: Encapsulates only the data (payload), used for device-to-device secure communication
* Tunnel mode: Encapsulates entire IP packet (incl. headers), used for gateway-to-gateway secure tunnels

Question 19

IPSec Protocols:

Answer 19

Protocols:
* AH (Authentication header): Focused on authentication
* ESP (Encapsulating Security Payload): Authentication and
confidentiality

Question 19

IPSec Protocols:

Answer 19

Protocols:
* AH (Authentication header): Focused on authentication
* ESP (Encapsulating Security Payload): Authentication and
confidentiality

Question 20

IPSec: Transport Mode

Answer 20

Transport Mode:
* Mostly used for host-to-host i.e., app-to-app communication
* Encrypts only the data, not the IP header
* Not encrypting IP header allows to end-to-end routing

Question 21

IPSec : Tunnel mode

Answer 21

Tunnel Mode:
* Used in VPNs to connect to corporate network
* Encrypts the entire packet including IP Header, thus routing
requires a new encrypted IP header (corporate gateway IP)

Question 22

NAT Network Address Translation

Answer 22

NAT is used on network gateways and offers:
* A single public IP address to handle thousands of systems
* Use of private IP address
* Hiding IP addresses from internet
* Prevent connection initiation from outside

Question 23

NAT Network Address Translation extra info
PAT(Port Address Translation):

Answer 23

PAT (Port Address Translation):
Traditional NAT required one-to-one mapping of private IPs to public IPs,
* NAT/PAT provide some degree of security
* Trade-off: NAT bends a few rules since it modified IP and port

Question 24

Brute force attack :Pass storage

Answer 24

• Passwords are never stored in plaintext
• Passwords are always hashed, and hash stored for security
• Impossible to recover password from hash since it is one-way
• When the user enters password, it is hashed and compared to the stored hash

Question 25

Brute Force Attack: Online vs Offline
Online:

Answer 25

Brute force attacks do not work well online:
* Account lockout
* Slow processing

Question 26

Brute Force Attack: Online vs Offline
Offline

Answer 26

Offline copies of database are ideal for attackers
* Hashing makes it a slow process due to additional processing
* Attackers often use Rainbow Tables → Table
with hashes pre-computed for all possible
passwords so just comparison is needed

Question 27

what is DoS (Denial of Service)?

Answer 27

Any attack that causes services to be slow or unavailable to legitimate users is termed as a DoS attack.

• Examples:
• Crashing a web-server or database
• Overloading web/database servers through bogus request
• Chocking network through bogus traffic

Question 28

DoS vs DDoS?

Answer 28

DoS:
* DoS → Attack from one IP address/source (easy to block)
* DoS: send a flood of packets (Ping, TCP requests)
* Easy to detect and block the single IP address

DistributedDoS:
* DDoS → Attack from multiple IP addresses
* Distributed DoS Attack: Multiple IP addresses, difficult to block

Question 29

Social Engineering

Answer 29

• Humans – weakest link in the security chain
• More than 80% of successful data breaches and hacks starts with phishing scams

Social engineering exploits humans to get them to:
- Share their passwords
- Inserts USBs of unknown origin
- Click on malicious links and email attachments (Phishing)

Question 30

Phishing and Whaling: Consequences

Answer 30

Malware infections
* Viruses, trojans, rootkits,
* Spyware
* Ransomware

Compromises
* Confidentiality of your data
* Availability of your systems (DoS)
* Reputational damage

Question 31

RESIT

Blind SQL injections

Answer 31

SQL Injection: when an attacker can see output from DB on the webpage

Blind SQL Injection: when attacker cannot see output from DB:
- Database does not return results
- Database returns generic error messages

Idea: Guess passwords by passing true/false SQL statements to DB.

Types:
* Boolean-based: Output of the page is different if the query result is true or false
* Time-based: If the first letter of password is ‘A’, wait 5 secs to return results.

Question 32

RESIT

Defence against SQL injections

Answer 32

Defenses:
- Input sanitization
- Parameterized SQL statements
- WEB application firewalls (WAF)

Question 33

RESIT

what is XSS (Cross-Site Scripting)?

Answer 33

XSS: Cross-site Scripting :
* Web apps allow invalid data input on webpages e.g., discussion forums
* Attacker creates a new thread & injects malicious code e.g., JavaScript
* When user visits that thread or webpage, the scripts loads and steals user’s session data such as cookies and passwords

Question 34

RESIT

What are the 2 types of XSS?

Answer 34

Types of XSS
* Persistent or Stored XSS: Stored on webpages permanently
* Reflected XSS: Malicious script included in the URL which the user clicks

Question 35

RESIT

Persistent XSS steps (without diagram)

Answer 35

1)Perpetrator creates a new thread and injects a malicious JavaScript
2)Perpetrator submits the thread which is
stored on the backend persistent
3)User views the thread
4)Malicious script loaded
5)Session data sent

Question 36

RESIT

Reflected XSS (steps without diagram)

Answer 36

1) Perpetrator crafts a URL which includes a malicious code
2) User visits the website and includes the malicious string
3) Website reflects the malicious string
4) User’s info is sent

Question 37

RESIT

How to prevent XSS?

Answer 37

User input sanitization:
* Prevent special characters e.g., < > or keywords e.g.,

User input validation:
* Ensure that any user content rendered to other users does not contain code snippets or special characters e.g., < > or keywords e.g.,

#

Secure code review and using secure libraries:
* Review code for entry points and test attack scenarios in a browser
* Use secure code libraries e.g., OWASP Java Encoder

Question 38

RESIT

Why do SQL injections work?

Answer 38

SQL injections work because
* User input is not sanitized
* Code and data are mixed (bad programming)

Question 39

What is Cryptography?

Answer 39

The study and application of methods and techniques to protect information by using codes for secure communication

Question 40

What are all the malware types?

Answer 40

Viruses - Self replicates, causes damage to systems and data

Worms - Self replicates, propagates over network

Trojans - Looks like a legitimate software to trick users, install malware and Trojans backdoor

Spyware - Steals confidential data such as browsing history etc.,

Ransomware - Encrypt and lock downs files, demands payment for restoring data

Rootkits - Hidden malware that infects privileged components e.g., OS kernel

Logic bombs - Triggers on particular date or event causes damages