Quiz 8 Security - Networks Quiz

CIA triad

• confidentiality

• intergrity

• avalibility

confidentiality

protects data for unauthroized access

intergrity

ensuring that information remains unaltered from sender to receiver

• focuses on preventing unauthorized or malicious modification, guaranteeing that the data received is exactly the data that was sent

avalibility

assuring that authorized users are able to access their information when needed

wiretapping

the interception of communication traveling over a physical transmission medium, such as phone lines, fiber, copper cables, or cellular channels, can capture anything from analog audio and voice conversations to raw electrical, optical or digital signals

• typically involves attatching a physical tap or listening device and is a broad form of communication interception at the physical layer capable of accessing oth analog and digitial informaiton

skimming attack

installing a fraudulent device, often on ATMs, gas pumps, or payment terminals, that secretly captures card data and PIN entries. The skimmer intercepts the information before it reaches the legitimate payment system, allowing attackers to clone cards or steal account credentials without the user's knowledge."

reply attacks

A replay attack occurs when an attacker intercepts data from a legitimate communication, such as a session token, and later resends it to impersonate the original user.

buffer overflow attacks

A buffer overflow attack occurs when an attacker sends more data than a program expects, causing that data to spill into adjacent memory locations beyond the intended buffer.

• An attacker may send an oversized packet or a rapid sequence of packets to trigger the overflow, potentially enabling unauthorized actions or system compromise. Ultimately, only the software vendor can fully fix the flaw by correcting the underlying code.

spoofing attacks

Spoofing attacks involve impersonating a trusted host by exploiting the trust-based mechanisms built into network and communication systems.

ARP spoofing

Address spoofing often uses …., where an attacker sends a forged ARP reply that falsely associates a chosen IP address with the attacker's MAC address. As a result, any host attempting to send packets to that IP will unknowingly forward them to the attacker instead.

DNS spoofing

involves registering or using a subtle misspelled version of a trusted domain to trick users into believing they've reached a legitimate website.

DOS - denial of service

floods a server with excessive traffic so that valid users are unable to use it

DDOS - distributed denial of service

uses many comprised hosts across the internet to send coordinated streams of traffic, overwhelming a target server,

SYN flood

sends a large number of spoofed SYN requests to exhaust the server's available TCP connection slots. Each SYN forces the server to allocate a control block and reply with a SYN acknowledgement. But because the final acknowledgement never arrives, the server's resources fill up, preventing new legitimate connections from being established.

port scanning

a method to see what ports are open and can be used as pre attack reconnaissance or as part of cybersecurity efforts

• tcp scans are faster, easier, and more effective than UDP port scan

TCP scanning

easy to scan because the protocol requires a system to respond with a SYN acknowledgement packet when a SYN is sent to an open port. An attacker can send SYN packets to all 65,536 ports and identify which ports are open by the SYN acknowledgement responses it receives. An RST or reset response from a port indicates that that port is closed, while no response typically indicates that the port is being filtered by a firewall.

UDP scanning

… scanning is more difficult than TCP scanning because there is no send acknowledgement handshake to indicate open ports. Instead, the scanner must try to register a response from each service, often using minimal or protocol-specific probe packets, which makes scanning slow and inconsistent.

packet interception

involves capturing or observing network traffic as it passes by without altering it

man in the middle

places the attacker between two communicating parties, allowing them to intercept, read, inject modify or block data while both endpoints believe they are communicating directly

• difficult to execute

crypotgraphy

the science of securing information through mathematical algorithms and keys, encompassing both encryption and hashing.

hasing

an algorithm to convert digital information into an unreadable fixed-length value, and the process is not reversible

• common hashing protocols such as MD5 or SHA1 generate message authentication codes, MACs, that help verify data integrity and authenticity

mesage authentication codes (MACs)

use hashing combined with a secret key to ensure data integrity and authenticity. The sender generates a message authentication code from the message and the shared key, and then sends both the message and message authentication code to the receiver, who recomputes the message authentication code on their end and compares the one they computed with the one they received. If they match, the message is confirmed intact and unaltered since an attacker without the secret key cannot forge a valid message authentication code.

encryption

transforms readable data into unreadable ciphertext, using an algorithm and a key allowing the process to be reversed only by authorized parties

symmetric encryption

uses a single shared secret key to both encrypt and decrypt data

• the sender encrypts the plain text with the key transmits the cipher text, and the recipet uses hte same key to recover the original message

AES

a fast, secure, symmetric block cipher used globally, encrypting data with a shared secret key, and it supports 128, 192, and 256-bit keys.

asymetric encrpytion

uses a publicly shared key to encrypt data, and it uses a secret private key to decrypt it

public key

a … for encryption and a private key for decryption

digital signature

works by hashing the received message and using the sender’s public key to confirm that the signature corresponds to that hash

public key infrastructure PKI

Digital certificates provide sender authentication by securely distributing public keys through a public key infrastructure

authentication

the process of verifying the identity of a user, process, system, or device before granting access

authorization

determines what actions a user is allowed to perform after being authenticated

access control list

a set of list that defines the permissions an authenticated user has on a shared resource, and access control is commonly explained through three models

• mandatory

• discretionary

• role based

mandatory access control lists

assigns security labels to resources and only allows accses if a user has the required level

discretionary access control

allows resource owners to decide who can access the resources offering greater flexibility

role based

• most widely used

• it is what it sounds like

point to point control PPP

allows two devices to establish a direct connection, authenticate using a username and password, and negotiate the network protocol to use, almost always using TCP IP today.

challenge handshake authentication CHAP

uses a shared password to create a challenge response exchange in which the initiator hashes the challenge with the password and sends the result to the authenticator, which independently computes and compares the hash to verify identity

• PPP also supports …

AAA

To protect centralized username and password databases, organizations adopt the … Framework — Authentication, Authorization, and Accounting — which supports port-based access control for remote network connections

Kerberos

a network authentication protocol that is not tied to PPP and is commonly used in domain environments.

SSL & TLS

SSL and its successor TLS provide secure communication by using digital certificates to authenticate servers and establish encrypted connections. When a client connects, it verifies the server certificate and then negotiates encryption keys to create a secure tunnel. While SSL was originally associated with specific application protocols like with HTTP, TLS is protocol agnostic and can secure virtually any TCP-based application, including web traffic, email, VoIP, and VPN connections.

IPSEC

provides security at the network layer and can be used for authentication, integrity, and encryption. When used with the authentication header AH, IPsec provides authentication and integrity without encrypting the data. Encapsulating security payload ESP provides encryption and can operate in two ways, encrypting only the IP payload in transport mode, or encapsulating and encrypting the entire original IP packet within a new packet in Tunnel Mode. Tunnel Mode adds additional overhead and may increase packet size, which may lead to fragmentation.

firewalls

protect networks by filtering traffic in and out of a network based on a set of rules

firewall rules

determine whether to accept or reject packets based on criteria such as source IP, source port, destination IP, destination port, IP version, and whether the packet uses TCP or UDP

IDS IPS

monitors incoming network traffic and alerts administrators when it detects potential security violations, such as port scanning activity

Intrusion detection

tools that detect or block suspicious activity on a network

virtual private network VPN

route data through a trusted network and encrypt the data between the VPN user and then trusted network using methods such as payload encryption, IP-in-IP tunneling, and TCP-in-IP-tunneling