Revision Lecture Flashcards
what is the CIA Triad?
confidentiality
integrity
availability
what is the CIA Triad: Availability ?
- Data is available when required.
- Enforced through redundancy,
- Violations: Hardware damage,
DoS
what is the CIA Triad: Integrity?
*Accuracy and completeness of data, assurance that data has not been modified or omitted,
* Enforced through hashes,
* Violations: modifications of data during transfer.
what is the CIA Triad: Confidentiality ?
- Ensuring data is hidden, only visible to authorized users,
- Enforced through encryption,
- Violations: packet sniffing , breaking encryption,unintentional human errors
Identity Access Management (IAAA): Identification
- Identify an entity: I am John
- Possible to identify yourself without authentication
Identity Access Management (IAAA): Authethication
- Password PIN biometric,
- Authentication can be only done after identification
- No-repudiation
Identity Access Management (IAAA): Authorization
Access control list
* Clearances
* Authorization is consulted after authentication
Identity Access Management (IAAA): Accountablity
- Account audits
- Log reviews
Authentication Factors
- Type I: Something that you KNOW(weak)
Password
PIN - Type II: Something that you HAVE
PIN Sentry
Mobile SIM - Type III: Something that you ARE (Strong)
Retina Pattern
Fingerprint
What is Multifactor Authethication(MFA)
Single factor authentication, e.g., password – weak
MFA combines more than one type of authentication
Often Type I and Type II are combined
✓ Type I: something that you know (e.g., password)
✓ Type II: something that you have (e.g., Mobile
SIM, SMS)
✓ 2FA: Two factors combined
✓ 3FA: Three factors combined
What are the 5 primary functions of cryptography?
- Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver.
- Authentication: The process of proving one’s identity.
- Integrity: Assuring the receiver that the received message has not been altered in any way from the original.
- Non-repudiation: A mechanism to prove that the sender really sent this message.
- Key exchange: The method by which crypto keys are shared between sender and receiver.
what is symmetric cryptography?
Same key used for encryption and decryption, i.e., symmetric,
* Same cipher (algorithm) used for encryption and decryption,
* Key length determines the strength of encryption, the longer is better,
* Popular private-keys ciphers are AES (AES-128, AES-192, and
AES-256), RC5, Twofish, and many more.
What is asymmetric cryptography?
Public key used for encryption and private key used for decryption, i.e., asymmetric,
* Private key is completely different than public key
* Data encrypted by public key CANNOT be decoded with public key and must use the private key.
* If a sender uses his private key to encrypt then it is not for secrecy, but for digitally signing the document
example: RSA
Symmetric vs Asymmetric
Symmetric:
Same key used for encryption and decryption
Encryption and decryption algorithms are same
Cannot always exchange keys safely
Fast
Similar key size offers strong encryption
Asymmetric:
Different keys (Public and Private) used for encryption and decryption
Encryption and decryption algorithms are different
Can be done even in public networks
Slow
Longer keys required to ensure strong encryption
Explain hashing terms
Message digest: Hashing creates a fixed size “summary”
Input/Output Size: Fixed-size message digest for any size of input
One-way function: impossible to recover the original
Unique: Different documents lead to different hashes
Collision: Different documents lead to same message digest
hashing file integrity
- Source calculates file hash and includes it with file
- User downloads file and its hash
- User recalculates the hash of the downloaded file independently
- User compares the downloaded hash and the calculated one to check the integrity
Hashing: Digital Signature
- Source calculates file hash
- Source signs with his private key (digital signature)
- User downloads file and signed hash
- User recalculates the hash of the downloaded file independently
- User decrypts the signed hash using source’s public key and compares the hashes
IPSec: Virtual Private Networks (VPNs)
VPN extends a private network over public networks e.g., internet
VPN achieves this by encrypting the traffic to/from the remote users
Effectively creates a tunnel using encryption
IPSec Modes of operation:
Modes of operation:
* Transport mode: Encapsulates only the data (payload), used for device-to-device secure communication
* Tunnel mode: Encapsulates entire IP packet (incl. headers), used for gateway-to-gateway secure tunnels
IPSec Protocols:
Protocols:
* AH (Authentication header): Focused on authentication
* ESP (Encapsulating Security Payload): Authentication and
confidentiality
IPSec Protocols:
Protocols:
* AH (Authentication header): Focused on authentication
* ESP (Encapsulating Security Payload): Authentication and
confidentiality
IPSec: Transport Mode
Transport Mode:
* Mostly used for host-to-host i.e., app-to-app communication
* Encrypts only the data, not the IP header
* Not encrypting IP header allows to end-to-end routing
IPSec : Tunnel mode
Tunnel Mode:
* Used in VPNs to connect to corporate network
* Encrypts the entire packet including IP Header, thus routing
requires a new encrypted IP header (corporate gateway IP)
NAT Network Address Translation
NAT is used on network gateways and offers:
* A single public IP address to handle thousands of systems
* Use of private IP address
* Hiding IP addresses from internet
* Prevent connection initiation from outside
NAT Network Address Translation extra info
PAT(Port Address Translation):
PAT (Port Address Translation):
Traditional NAT required one-to-one mapping of private IPs to public IPs,
* NAT/PAT provide some degree of security
* Trade-off: NAT bends a few rules since it modified IP and port
Brute force attack :Pass storage
- Passwords are never stored in plaintext
- Passwords are always hashed, and hash stored for security
- Impossible to recover password from hash since it is one-way
- When the user enters password, it is hashed and compared to the stored hash
Brute Force Attack: Online vs Offline
Online:
Brute force attacks do not work well online:
* Account lockout
* Slow processing
Brute Force Attack: Online vs Offline
Offline
Offline copies of database are ideal for attackers
* Hashing makes it a slow process due to additional processing
* Attackers often use Rainbow Tables → Table
with hashes pre-computed for all possible
passwords so just comparison is needed
what is DoS (Denial of Service)?
Any attack that causes services to be slow or unavailable to legitimate users is termed as a DoS attack.
- Examples:
- Crashing a web-server or database
- Overloading web/database servers through bogus request
- Chocking network through bogus traffic
DoS vs DDoS?
DoS:
* DoS → Attack from one IP address/source (easy to block)
* DoS: send a flood of packets (Ping, TCP requests)
* Easy to detect and block the single IP address
DistributedDoS:
* DDoS → Attack from multiple IP addresses
* Distributed DoS Attack: Multiple IP addresses, difficult to block
Social Engineering
- Humans – weakest link in the security chain
- More than 80% of successful data breaches and hacks starts with phishing scams
Social engineering exploits humans to get them to:
- Share their passwords
- Inserts USBs of unknown origin
- Click on malicious links and email attachments (Phishing)
Phishing and Whaling: Consequences
Malware infections
* Viruses, trojans, rootkits,
* Spyware
* Ransomware
Compromises
* Confidentiality of your data
* Availability of your systems (DoS)
* Reputational damage
RESIT
Blind SQL injections
SQL Injection: when an attacker can see output from DB on the webpage
Blind SQL Injection: when attacker cannot see output from DB:
- Database does not return results
- Database returns generic error messages
Idea: Guess passwords by passing true/false SQL statements to DB.
Types:
* Boolean-based: Output of the page is different if the query result is true or false
* Time-based: If the first letter of password is ‘A’, wait 5 secs to return results.
RESIT
Defence against SQL injections
Defenses:
- Input sanitization
- Parameterized SQL statements
- WEB application firewalls (WAF)
RESIT
what is XSS (Cross-Site Scripting)?
XSS: Cross-site Scripting :
* Web apps allow invalid data input on webpages e.g., discussion forums
* Attacker creates a new thread & injects malicious code e.g., JavaScript
* When user visits that thread or webpage, the scripts loads and steals user’s session data such as cookies and passwords
RESIT
What are the 2 types of XSS?
Types of XSS
* Persistent or Stored XSS: Stored on webpages permanently
* Reflected XSS: Malicious script included in the URL which the user clicks
RESIT
Persistent XSS steps (without diagram)
1)Perpetrator creates a new thread and injects a malicious JavaScript
2)Perpetrator submits the thread which is
stored on the backend persistent
3)User views the thread
4)Malicious script loaded
5)Session data sent
RESIT
Reflected XSS (steps without diagram)
1) Perpetrator crafts a URL which includes a malicious code
2) User visits the website and includes the malicious string
3) Website reflects the malicious string
4) User’s info is sent
RESIT
How to prevent XSS?
User input sanitization:
* Prevent special characters e.g., < > or keywords e.g.,
User input validation:
* Ensure that any user content rendered to other users does not contain code snippets or special characters e.g., < > or keywords e.g.,
#
Secure code review and using secure libraries:
* Review code for entry points and test attack scenarios in a browser
* Use secure code libraries e.g., OWASP Java Encoder
RESIT
Why do SQL injections work?
SQL injections work because
* User input is not sanitized
* Code and data are mixed (bad programming)
What is Cryptography?
The study and application of methods and techniques to protect information by using codes for secure communication
What are all the malware types?
Viruses - Self replicates, causes damage to systems and data
Worms - Self replicates, propagates over network
Trojans - Looks like a legitimate software to trick users, install malware and Trojans backdoor
Spyware - Steals confidential data such as browsing history etc.,
Ransomware - Encrypt and lock downs files, demands payment for restoring data
Rootkits - Hidden malware that infects privileged components e.g., OS kernel
Logic bombs - Triggers on particular date or event causes damages
