Tentaplugg

Question 1

What does the C, I and A stand for in CIA? (explain with a sentence)

Answer 1

C (Confidentiality) - Only authorized users can read specified data
I (Integrity) - Only authorized users can manipulate specified data
A (Accessability) - Authorized users can always access the specified data.

Question 2

What are the three major categories for user authorization?

Answer 2

• What you know - password
• What you carry - key-card
• What you are - biometrics (fingerprint, iris-pattern)

Question 3

For the third category of users authentication (Biometrics) - What two values usually cause balancing problems in this category? Give example!

Answer 3

False-rejection and false-acceptance.
Since no readings of a fingerprint or iris is ever the same, this can cause problems in these values.
If the system is to be more secure, a higher level of false-rejection could mean “more secure” while in the time reduce the rate of false-acceptance.

Question 4

What three entities must exist for a risk to exist?

Answer 4

T (Threat) - Cause of damage to asset.
V (Vulnerability) - Unwanted system property that enables a threat.
D (Damage) - The negative effect of an unwanted event.

Question 5

If an attacker has access to the unsalted passwords, what type of an attack can the attacker use that uses a space-time tradeoff to break many hashes?

Answer 5

Dictionary attack

Question 6

Describe how to perform a dictionary attack and the meaning of a space-time tradeoff.

Answer 6

Take a list of common passwords.
Hash them seperately and them compare each hashed password with the actual hashed password. If they match, then you have the correct password.
It is called a spece-time tradeoff because with this method, you decrease the time of the attack at the expense of space due to the hashing of passwords.

Question 7

What is the most common way of defending against a CSRF-attack and how does it work (the defending).

Answer 7

When a server generates a page, it generates a session-unique token that must be hard to predict and short-lived. This token is stored in the clients session and as a parameter in the websites links.
When the client submits a request, the server then checks that a token is present, that it matches the clients session and that it hasn’t expired.
If all these criteria are met, only then is the request accepted.

Question 8

(Biometrics) What is enrollment?

Answer 8

When a user first is registered as a user and the biometric features are captured and stored in the user database for the first time.

Question 9

(Biometrics) What is false rejection rate?

Answer 9

The probability that a legitimate user is declined access.

Question 10

(Biometrics) What is false acceptance rate?

Answer 10

The probability that an unauthorized user is granted access.

Question 11

What is a salt and how is it generated?

Answer 11

A randomly selected string that is unique for any user and that is appended to password before hashing.

Question 12

Should a salt be kept secret?

Answer 12

There is no point since it is usually stored in the open next to the salted hash. The point of a salt is to defeat the dictionary attack by slowing it down.

Question 13

Describe three properties that are different from other ways of authenticating users.

Answer 13

A biometric feature is attached to a body and can not be removed or is very hard to remove.
Biometric features are not constant so there is a scale on how close the measurement is to the measurement stored from enrollment.
Some persons lack specific biometric features, a finger or hand for example.

Question 14

Describe the two different principles when interpreting the permission and privilages in access control for users in multiple groups.

Answer 14

“First relevant entry” - The first permission-level in the list of permission-levels per group is the only one concidered to decide if to grant access or not.

“Any permission” - All permission-levels in the list of permissions per group are concidered when deciding if to grant access or not.

Question 15

In a statistical database , a group of three is too small to conceal numerical values. Why?

Answer 15

You could get one number from commands like MAX or MIN and the middle value from 3xAVERAGE-MIN-MAX

Question 16

Can a firewall protect against a DoS-attack? How?

Answer 16

A firewall can block offending sender sites, once identified. A firewall can block a DoS attack by blocking the port used by the attack, disabling THIS service, but keeping the rest going as normal.

Question 17

What is an IDS and how can it protect you from a DoS-attack?

Answer 17

Intrusion Detection System - It can detect probing and identify probing sites, so they can be blocked (by the firewall). By finding a bot in your system that is taking part in a massive DoS-attack and blocking its user you could argue that finding this bot or traces of it is DoS-defence in itself.

Question 18

How does Kerberoes work? What sercrets are shared by the participants and what final data item dows the user gain in this process?

Answer 18

A client Cliff wants to connect to a server Serge. He first contacts the authentication server Trent and then the access-granting server Grant and then he can get access to Serge.

There are shared secrets between Cliff and Trent, Trent and Grant, Grant and Serge.

In the end, Cliff holds a ticket that he can present to Serge to get access to the service.

Question 19

Why can’t an email without a digital signature be concidered an “urkund”?

Answer 19

An “urkund” must be “reliably verifiable”.

An email isn’t verifiable by itself, but with a digital signature it could be.

Question 20

What is the BIBA-model?

Answer 20

“No write up, no read down”
Prevent high integrity objects from being contaminated with low integrity information.

BIBA only deals with integrity.

Question 21

What is the Bell LaPadula-model?

Answer 21

“No read up, no write down”
Example, military: Don’t read your superior officers stuff and don’t let inferior officers read your stuff.

Bell LaPadula only deals with confidentiality.

Question 22

What is the Chinese Wall-model?

Answer 22

Deals with confidentiality and the relation between compartments of data.

Question 23

What is a TCP SYN-flood?

Answer 23

A large number of TCP connection requests are sent that intend to overwhelm the recipient.

Question 24

Would a firewall stand against a DDoS-attack?

Answer 24

A packet filtering firewall checks for source and destination IP aswell as port but NOT rate which would make it vulnerable to a DDoS-attack

Question 25

If Kerberos is used for single sign-on. How does a system test that a user knows the password of the stated identity?

Answer 25

In the first instance of Kerberos, the ticket-server recieves an encrypted login-request aswell as a username in clear text. The ticket-server takes the stored password of the username and decrypts the encrypted login-request. If the request makes sense, then the user knows the true password.

(kanske behöver kompletteras - väldigt basic)

Question 26

How does your phone share keys with a guest network?

Answer 26

Your phone shares the secret key ki with your home network.

1: phone send ID to home network
2: a) creates random number RAND
b) retrieves ki
c) Creates RES and kc from RAND and ki
3: Sends RES, RAND and kc to guest
4: Guest keeps RES and kc and send RAND to phone
5: Phone uses RAND and ki to recreate RES and kc
6: Phone sends RES to guest
7: Guest matches the RES from phone with the RES it already have. If it is a match, then kc will be used as key for further encryption.

Question 27

What is Kerckhoff’s principle?

Answer 27

A cryptosystem should be secure even if everything

about the system, except the key, is public knowledge

Question 28

What basic property is needed for a secure cryptographic hash function?

Answer 28

Collision resistance: it should be difficult to find another message that hash to the same value.

Question 29

Two types of systems exists to guarantee authenticity. (checking the hash of a downloaded document does not guarantee that is has not been manipulated.)

Answer 29

• A secret must be added something known only to the sender or the recipient. This would giva a MAC, which is a secret-key system.
• A public system can be used to sign the hash value. This known as a digital signature.

Question 30

What is an ACL and why are they necessary?

Answer 30

An ACL normally lists users’ permissions to Read, Write and Execute the object.
ACLs are necessary to ensure the correct distribution of permissions among different users in the same network/environment.

Question 31

Why should inputs entered at a web form be sanitized?

Answer 31

If inputs are not verified, an attacker can get malicious code to run at the
server by cleverly injecting commands at the input.
You are vulnerable to a SQL injection.

Question 32

Bell-LaPadula and Biba are complex and expensive to implement. Why then use them?

Answer 32

A formal model gives a testable approach and a security theorem. Therefore, as soon as the requirements of the theorem are fulfilled we can be sure the system will remain secure.
Common mistakes; The fact that BLP enforces C and Biba enforces is not an “advantage”. The question relates to formal models “in general”. Just repeating the whole BLP and Biba model descriptions is an incorrect answer.

Question 33

The administrator can modify a user’s password in Unix and Windows. Can he/she read the user’s password?

Answer 33

Reading passwords in this systems has nothing to do with permissions. It is protected by being salted and hashed. No administrator has the privilege to break a cryptographic one-way function.

Question 34

In defending against an CSRF attack, what properties does we require of the token. And what are the basic steps that the server and client take to generate and validate the token?

Answer 34

When the server generates a page it generates a token, This token is unique for the client’s session and must be hard to predict and short lived. The server stores the token in the client’s session and inserts the token as a parameter into the likes in the page.
When the client submits a request, the server verifies that the token is present, that it matches the client’s session, and that it hasn’t expired. Only then is the request granted and otherwise it is rejected.

Question 35

What is a “per subject” list of permitted objects called?

Answer 35

Capability list

Question 36

Bell-LaPadula and Biba are complex and expensive to implement. Why then use them?

Answer 36

A formal model gives a testable approach and a security theorem. Therefore, as soon as the requirements of the theorem are fulfilled we can be sure the system will remain secure.
Common mistakes; The fact that BLP enforces C and Biba enforces is not an “advantage”. The question relates to formal models “in general”. Just repeating the whole BLP and Biba model descriptions is an incorrect answer.

Question 37

What is the main difference between

asymmetric and symmetric cryptographic systems?

Answer 37

The main difference is in respect to the keys employed. In symmetric systems, the legitimate parties encrypt and decrypt with the same key, while asymmetric
systems have different keys for encrypting/decrypting, and they are not shared among the parties.

Question 38

The administrator can modify a user’s password in Unix and Windows. Can he/she read the user’s password?

Answer 38

Reading passwords in this systems has nothing to do with permissions. It is protected by being salted and hashed. No administrator has the privilege to break a cryptographic one-way function.

Question 39

In defending against an CSRF attack, what properties does we require of the token. And what are the basic steps that the server and client take to generate and validate the token?

Answer 39

When the server generates a page it generates a token, This token is unique for the client’s session and must be hard to predict and short lived. The server stores the token in the client’s session and inserts the token as a parameter into the likes in the page.
When the client submits a request, the server verifies that the token is present, that it matches the client’s session, and that it hasn’t expired. Only then is the request granted and otherwise it is rejected.

Question 40

An attacker with access to unsalted password hashes can perform an attack that uses space-time tradeoff to break many hashes. What is this method called?

Answer 40

Dictionary attack.

Question 41

Describe how to preform a dictionary attack on unsalted hashed passwords. Why is it called a time-space tradeoff?

Answer 41

First, take a dictionary of common words. Then, take the hash value of each word and store it. Next, compare the hashed password with the dictionary. If a match exists, you have found the password.
It is called a time-space tradeoff because it reduces the time necessary for the attack at expense of needing more space.

Question 42

What is a two-factor authentication?

Answer 42

That is an authentication that uses two different kinds of the three main authentications.

Question 43

List two serious weaknesses with password authentication.

Answer 43

• Passwords can be guessed if they are words or are related to the user.
• Can be found with exhaustive search of short passwords.

Question 44

Give some examples of things that should be done when setting up a new system in order to harden the configuration.

Answer 44

• disable insecure accounts and passwords (like admin, default)
• Configuring all security mechanism
• Turning off all unused services
• Logging and alerts
• Keeping software updated.

Question 45

One property of threat is used in quantitative risk analysis to determine if it is worthwhile to protect an asset from a threat. Which threat?

Answer 45

The probability or frequency of the threat.

Question 46

Mitigation of social engineering attacks has to be done through three main fronts:
Policy, Awareness and Technology.
State one action to be done in each front by the security administrator.

Answer 46

Policy: State the rules through a company-wide policy: i.e. “Never click on links sent by external emails”. Awareness: Teach common social engineering
attacks to all employees. Technology: Authentication, digital signatures, etc…

Question 47

What is a two-factor authentication?

Answer 47

That is an authentication that uses two different kinds of the three main authentications.

Question 48

List two serious weaknesses with password authentication.

Answer 48

• Passwords can be guessed if they are words or are related to the user.
• Can be found with exhaustive search of short passwords.

Question 49

Give some examples of things that should be done when setting up a new system in order to harden the configuration.

Answer 49

• disable insecure accounts and passwords (like admin, default)
• Configuring all security mechanism
• Turning off all unused services
• Logging and alerts
• Keeping software updated.

Question 50

One property of threat is used in quantitative risk analysis to determine if it is worthwhile to protect an asset from a threat. Which threat?

Answer 50

The probability or frequency of the threat.

Question 51

What is the formula for simple quantitative risk analysis?
What does the variables mean?
Do they enter in the chain “threat-vunerability-damage”?

Answer 51

Install countermeasures if:
k < FbSb - FaSa
k = cost of countermeasure
Fb = probability before countermeasure
Fa = probability after countermeasure
Sb = damage cost before countermeasure
Sa = damage cost after countermeasure
The threat is still there after installing the countermeasure, but the frequency will change.