The internet - Internet security Flashcards
Explain what the key exchange problem is, in relation to a symmetric cipher
- How to pass the key (from the sender) to the receiver;
- Without it being intercepted / securely;
Explain what it means for a cipher to be described as being computationally secure
The cipher cannot be cracked, by any known method in a polynomial amount of time
what is a TCP/IP protocol
a stack set of protocols used in turn, to format a message so it can be sent over a network
- each layer provides a specific function within the transmission of the message
layers of the TCP/IP
- application layer
- transport layer
- network layer
- link layer
summarise the application layer
- at the top of the stack
- Provides services directly to user applications
- such as web browsers and email clients,
- enabling communication over the network
- Uses protocols like HTTP, SMTP, FTP, and DNS to handle specific communication tasks,
- : Ensures that data is delivered to the correct application on the destination device through port numbers
summarise the transport layer
- establishes an end to end connection
- performs error detection/correction
- uses port number to pass the data on to the correct software in the application layer
- add port number
- split data up into segments
- performs flow control
-manages congestion
what does TCP/IP stand for
transmission control protocol/internet protocol
summarise the network layer
- adds the IP addresses of the source and destination
- Performs routing
- selects the next host/ hop to transmit a packet to
- ## performs error detection on the packet header
summarise the link layer
- handles communication between devices on the same local network.
- responsible for MAC addressing and error detection within frames.
- Ensures data is transmitted over physical hardware like Ethernet or Wi-Fi.
- MAC addresses change with each hop
how is data received after tcp/ip
- link layer removes mac address from each packet
- passes it to network layer
- network layer removes IP address from each packet, passes it to transport layer
- transport layer removes removes the port number from each packet, reassembles the packet in the correct order
- passes it to app layer
- app layer presents the image data for the user in a brpwser
features of a mac address
uniquely identifies a physical device with an NIC (NETWORK INTERFACE CARD)
- may be the destination computer or a router
-packets move around the lower layers of the stack as they hop across routers, changing their mac address as they go
what are well known ports
why are they used
-A reserved port number that has a specific purpose
- Used because the communication is initiated by the sender, therefore the port number must be the same for all initial email communications
20 = file transfer protocol
80 and 8080 = HTTP
443 = HTTPS(encrypted HTTP)
25 = SMTP (simple mail transfer protocol)
what is a port
- a virtual endpoint used to identify specific processes or services/applications in network communication.
examples of malicious software/ malware
- worms
- viruses
- trojans
summarise worms
- sub class of a virus
- standalone software that can replicate itself without user intervention
summarise viruses
- rely on other host files to be opened in order to spread themselves
- most become memory resident when their host file is executed
- once the virus is in memory, any other uninfected file that runs, becomes infected when copied into memory
where do other common viruses reside
macro files usually attached to word processing and spreadsheet data files
difference between a worm and a virus
viruses rely on other host files(usually executable programs) to be opened in order to spread themselves, whereas worms do not
how does a worm enter a computer
through vulnerability or by tricking the user into opening a file, often an attachment
virus or worm
ILOVEYOU bug - worm
Melissa - virus
blaster - worm
summarise a trojan
- manifests itself in a useful file, game, or utility you wanna install
- when installed, the payload is released,without irritation
- cannot self replicate
- serve to open up back doors in your computer to the Internet, so that the processing power, Internet bandwidth and data can be exploited remotely
what do malware do
- exploits vulnerabilities in systems
what is phishing
using email to manipulate a victim into visiting a fake website and giving away personal info
methods that protect against malware
- guarding against buffer overflow attack
- guarding against SQL injection attack
- use of strong passwords for login credentials
- two factor authentication
- use of access rights
what is buffer overflow
- occurs when a program accidentally writes data to a location too small to handle it
- as a result, the overflowed data may end up in an neighbouring instruction space
- malware can deliberately cause and manipulate overflow data which may then be read as malicious instruction
what is sql injection
when a malicious user can enter SQL commands via online databases forms to change the processing
What is monitoring
- observation and tracking of a system’s performance, activities, or data.
- can protect against the threat of hacking, which can produce malware
- eg packet sniffers, user access logs
summarise protection
- up to date anti malware software can prevent the spread of infection
describe how computer A can encrypt a message, create a digital signature
- and how computer B would decrypt the msg and verify that it was sent by computer A
- a messages hash value is calculated from the messages contents
- the message hash value is encrypted using A’s private key
- encrypted hash value is used as digital signature
- B’s private key used to decrypt the message
- the message is rehashed
- A’s public key decrypts the digital signature
- If both hashes match, the sender can be authenticated
what is file transfer protocol
an application level protocol used to move files across a network
- uses the client - server
- operates on ports 20 and 21
- used with username and passwords
what is secure shell (SSH)
- encrypted protocol that allows secure communication between nodes across a network
- can be used to create a tunnel through a network
- the tunnel can be used to pass through data that might be blocked
email protocols and what theyre used for
POP3 - retrieves emails on the server
IMAP - manages emails on the server
SMTP - forwards emails between mail servers and their destination
difference between POP3 and IMAP
IMAP holds mail on the server so that multiple devices can access all mail
POP downloads mail to a local device and removes it from the server
difference between http and https
- HTTP is used for transmitting data over the web in plain text.
- HTTPS encrypts data using SSL/TLS for secure communication.
- HTTPS ensures data confidentiality and integrity.
Describe the purpose of sockets in the TCP/IP stack.
A socket combines an IP address and a port number to uniquely identify a network connection, enabling communication between devices.
Discuss how improved code quality, monitoring, and protection can help address the risks posed by worms, trojans, and viruses.
1.Improved code quality:
- Reduces vulnerabilities that worms, trojans, and viruses exploit.
2. Monitoring:
- Detects malicious activity in real time to stop the spread of malware.
3. Protection:
- Firewalls, antivirus software, and security patches prevent and mitigate threats.
state names of application layer protocols and explain what they’ll be used for
SMTP // Simple Mail Transfer Protocol - To send emails to another client
POP(3) - ) retrieve emails on the server
SSH // Secure Shell - provides a secure/encrypted connection for remote management
HTTP / HTTPS - So users can access email via the web
explain how the transport layer determines which application layer software on the server should deal with a received request
- uses the port number to determine which server should deal with the received request
