Secure Communications and Application Vulnerabilities Flashcards
How are secure communications achieved?
Through the design and implementation of protocols
What is the layered model of networking?
Each layer is an abstraction of networking.
Each layer has one or more associated protocols and vertical interfaces.
Where are security protocols implemented?
At each layer of the model
What protocols are implemented at the application layer?
FTP, SMTP, HTTP, DNS, IMAP
What security protocols are applied at the application layer?
PGP
What protocols are implemented at the Transport layer?
TCP, UDP
What security protocols are implemented at the Transport layer?
SSL/TLS
What protocols are implemented at the Network layer?
IPv4, IPv6, ICMP
What security protocols are implemented at the Network layer?
IPSec
What protocols are implemented at the Link layer?
ADSL, Ethernet, WiFi
What security protocols are implemented at the Link layer?
Wireless: WEP, WPA, WPS
What is SSL?
Provides secure programming interface to applications, inserted between the application and transport layers and secures communication.
When is SSL applied to communications?
TCP connection is followed by the SSL protocol handshake and data exchange.
How does the SSL handshake work?
Client sends list of algorithms it supports and a nonce
Server chooses algorithms from list, sends choice + cert + server nonce
Client verifies the cert, extracts the server’s piblic key and generates a pre_master_secret which is encrypted and set to the server.
Server computes encryption and MAC keys from pre_master_secret and nonces
Client and server sends MAC of all handshake messages
What is a cookie?
Text file stored on the client-side after being generated and transmitted from server.
What is a form and what do they do?
Forms are online inputs that allow users to pass parameters to web pages.
Use GET and POST commands.
When should validation be done on input?
Client-side before sending the information
Server-side before processing the information.
How can input be restricted on a web page?
Dropdown menus, radio buttons etc.
What do forms allow users to input into web pages?
Snippets of code by escaping the html.
How can session-hijacking occur?
MITM attacks
Cross Site Scripting (CSS)
Session Sniffing
How is session-hijacking done?
By reusing an old URL’s session ID, SID, Value.
How does Cache poisoning work?
HTTP response splitting injects code into the web cache through the HTTP header which is executed if there’s no validation. This can change the DNS mappings of a site in order to serve the wrong content to the requesting user.
How are web services assessed?
Identify running services
Identify subsystem and enabled components
Investigate known vulnerabilities in web services
Identify poorly constructed or protected sensitive data
Assess CGI, ASP etc scripts. Looking for parameter manipulation, patch regularity etc.
What are the problems with emails?
Delivery systems for malware.
Encryption can be done through PGP and/or S/Mime
How many bits does an S/Mime key have?
40 bits
How is PGP used in email?
Uses PKI including X.509 certificate. Can use keys such as 3DES of 168 bits, and IDEA 128 bits
How does S/Mime work?
Receive message
Separate the message from the header info
Decrypt the message
Retrieve the message body
Retrieve the digital signature and sender information
Compare the digital signatures
Allow or deny the message.
Why are emails monitored?
To review business patterns and detect information disclosure
What other issues does email face?
Anonymisation
Interception
Remailers forwarding information to the recipient and other servers. TOR setup can hide sender details using PKE
SMTP doesn’t check for the legitimacy or accuracy of emails.
What did Baumgartner et. al. investigate and conclude?
Wanted to investigate connections between email servers to determine if email could be read.
Found they could trick emails to be sent in plaintext.
Also found that some organisations denied the connection but then opened another connection to send the plaintext version.
What is STARTTLS?
Encrypts email session once the SMTP session has been initiated and STARTTLS is supported by the email server.
In the absence of STARTTLS a plaintext transmission is done.
What is STARTTLS Stripping?
Takes advantage of the fail-open design of STARTTLS by making the encrypted transmission fail and then intercepting the plaintext.
What are databases?
Data collected in tables with fields and elements with a describing schema.
What are the benefits of using databases?
Shared resources Reduced redundancy Data integrity/internal consistency Authenticated access Accuracy Recovery
What is the problem of inference?
Sensitive information shouldn’t be able to be gleaned from public data. This can be done directly or indirectly.
Direct: User queries records to determine values
Indirect: Only stats are used to determine information
What are inference attacks mitigated?
Suppression of stats when the identification of individuals is possible
Place controls on queries.
What is multi-level security?
Data is protected with a number of different controls, such as partitioning, encryption, integrity checking.
What is SQL injection?
Use SQL in the input form on the frontend to run SQL code on the backend.
