The internet - Internet security

Question 1

Explain what the key exchange problem is, in relation to a symmetric cipher

Answer 1

• How to pass the key (from the sender) to the receiver;
• Without it being intercepted / securely;

Question 2

Explain what it means for a cipher to be described as being computationally secure

Answer 2

The cipher cannot be cracked, by any known method in a polynomial amount of time

Question 3

what is a TCP/IP protocol

Answer 3

a stack set of protocols used in turn, to format a message so it can be sent over a network
- each layer provides a specific function within the transmission of the message

Question 4

layers of the TCP/IP

Answer 4

• application layer
• transport layer
• network layer
• link layer

Question 5

summarise the application layer

Answer 5

• at the top of the stack
• Provides services directly to user applications
  
  • such as web browsers and email clients,
• enabling communication over the network
• Uses protocols like HTTP, SMTP, FTP, and DNS to handle specific communication tasks,
• : Ensures that data is delivered to the correct application on the destination device through port numbers

Question 6

summarise the transport layer

Answer 6

• establishes an end to end connection
• performs error detection/correction
• uses port number to pass the data on to the correct software in the application layer
• add port number
• split data up into segments
• performs flow control
  -manages congestion

Question 7

what does TCP/IP stand for

Answer 7

transmission control protocol/internet protocol

Question 8

summarise the network layer

Answer 8

• adds the IP addresses of the source and destination
• Performs routing
• selects the next host/ hop to transmit a packet to
• ## performs error detection on the packet header

Question 9

summarise the link layer

Answer 9

• handles communication between devices on the same local network.
• responsible for MAC addressing and error detection within frames.
• Ensures data is transmitted over physical hardware like Ethernet or Wi-Fi.
• MAC addresses change with each hop

Question 10

how is data received after tcp/ip

Answer 10

• link layer removes mac address from each packet
• passes it to network layer
• network layer removes IP address from each packet, passes it to transport layer
• transport layer removes removes the port number from each packet, reassembles the packet in the correct order
• passes it to app layer
• app layer presents the image data for the user in a brpwser

Question 11

features of a mac address

Answer 11

uniquely identifies a physical device with an NIC (NETWORK INTERFACE CARD)
- may be the destination computer or a router
-packets move around the lower layers of the stack as they hop across routers, changing their mac address as they go

Question 12

what are well known ports
why are they used

Answer 12

-A reserved port number that has a specific purpose
- Used because the communication is initiated by the sender, therefore the port number must be the same for all initial email communications

20 = file transfer protocol
80 and 8080 = HTTP
443 = HTTPS(encrypted HTTP)
25 = SMTP (simple mail transfer protocol)

Question 13

what is a port

Answer 13

• a virtual endpoint used to identify specific processes or services/applications in network communication.

Question 14

examples of malicious software/ malware

Answer 14

• worms
• viruses
• trojans

Question 15

summarise worms

Answer 15

• sub class of a virus
• standalone software that can replicate itself without user intervention

Question 16

summarise viruses

Answer 16

• rely on other host files to be opened in order to spread themselves
• most become memory resident when their host file is executed
• once the virus is in memory, any other uninfected file that runs, becomes infected when copied into memory

Question 17

where do other common viruses reside

Answer 17

macro files usually attached to word processing and spreadsheet data files

Question 18

difference between a worm and a virus

Answer 18

viruses rely on other host files(usually executable programs) to be opened in order to spread themselves, whereas worms do not

Question 19

how does a worm enter a computer

Answer 19

through vulnerability or by tricking the user into opening a file, often an attachment

Question 20

virus or worm

Answer 20

ILOVEYOU bug - worm
Melissa - virus
blaster - worm

Question 21

summarise a trojan

Answer 21

• manifests itself in a useful file, game, or utility you wanna install
• when installed, the payload is released,without irritation
• cannot self replicate
• serve to open up back doors in your computer to the Internet, so that the processing power, Internet bandwidth and data can be exploited remotely

Question 22

what do malware do

Answer 22

• exploits vulnerabilities in systems

Question 23

what is phishing

Answer 23

using email to manipulate a victim into visiting a fake website and giving away personal info

Question 24

methods that protect against malware

Answer 24

• guarding against buffer overflow attack
• guarding against SQL injection attack
• use of strong passwords for login credentials
• two factor authentication
• use of access rights

Question 25

what is buffer overflow

Answer 25

• occurs when a program accidentally writes data to a location too small to handle it
• as a result, the overflowed data may end up in an neighbouring instruction space
• malware can deliberately cause and manipulate overflow data which may then be read as malicious instruction

Question 26

what is sql injection

Answer 26

when a malicious user can enter SQL commands via online databases forms to change the processing

Question 27

What is monitoring

Answer 27

• observation and tracking of a system’s performance, activities, or data.
• can protect against the threat of hacking, which can produce malware
• eg packet sniffers, user access logs

Question 28

summarise protection

Answer 28

• up to date anti malware software can prevent the spread of infection

Question 29

describe how computer A can encrypt a message, create a digital signature
- and how computer B would decrypt the msg and verify that it was sent by computer A

Answer 29

• a messages hash value is calculated from the messages contents
• the message hash value is encrypted using A’s private key
• encrypted hash value is used as digital signature
• B’s private key used to decrypt the message
• the message is rehashed
• A’s public key decrypts the digital signature
• If both hashes match, the sender can be authenticated

Question 30

what is file transfer protocol

Answer 30

an application level protocol used to move files across a network
- uses the client - server
- operates on ports 20 and 21
- used with username and passwords

Question 31

what is secure shell (SSH)

Answer 31

• encrypted protocol that allows secure communication between nodes across a network
• can be used to create a tunnel through a network
• the tunnel can be used to pass through data that might be blocked

Question 32

email protocols and what theyre used for

Answer 32

POP3 - retrieves emails on the server
IMAP - manages emails on the server
SMTP - forwards emails between mail servers and their destination

Question 33

difference between POP3 and IMAP

Answer 33

IMAP holds mail on the server so that multiple devices can access all mail
POP downloads mail to a local device and removes it from the server

Question 34

difference between http and https

Answer 34

• HTTP is used for transmitting data over the web in plain text.
• HTTPS encrypts data using SSL/TLS for secure communication.
• HTTPS ensures data confidentiality and integrity.

Question 35

Describe the purpose of sockets in the TCP/IP stack.

Answer 35

A socket combines an IP address and a port number to uniquely identify a network connection, enabling communication between devices.

Question 36

Discuss how improved code quality, monitoring, and protection can help address the risks posed by worms, trojans, and viruses.

Answer 36

1.Improved code quality:
- Reduces vulnerabilities that worms, trojans, and viruses exploit.
2. Monitoring:
- Detects malicious activity in real time to stop the spread of malware.
3. Protection:
- Firewalls, antivirus software, and security patches prevent and mitigate threats.

Question 37

state names of application layer protocols and explain what they’ll be used for

Answer 37

SMTP // Simple Mail Transfer Protocol - To send emails to another client

POP(3) - ) retrieve emails on the server

SSH // Secure Shell - provides a secure/encrypted connection for remote management

HTTP / HTTPS - So users can access email via the web

Question 38

explain how the transport layer determines which application layer software on the server should deal with a received request

Answer 38

• uses the port number to determine which server should deal with the received request