computer security midterm 2

Q: What are the main categories of DNS defenses mentioned in the lecture?

A: Nameserver configuration general security practices protocol improvements DNSSEC DNS over HTTPS and DNS over TLS

Q: What is DNSSEC?

A: DNSSEC is a system that adds cryptographic signatures to DNS answers so resolvers can verify that the data is authentic and has not been altered

Q: Does DNSSEC provide encryption?

A: No DNSSEC provides integrity and authenticity but not confidentiality

Q: What does DNSSEC protect against?

A: DNSSEC helps protect against forged or modified DNS responses such as those caused by cache poisoning or man in the middle tampering

Q: What is an RRset in DNSSEC?

A: An RRset is a group of DNS records of the same name type and class that are signed together

Q: What key is used to sign DNS record sets in DNSSEC?

A: The Zone Signing Key or ZSK signs RRsets

Q: In what DNS record is the DNSSEC signature delivered?

A: The signature is delivered in an RRSIG record

Q: In what DNS record is the public Zone Signing Key delivered?

A: The public Zone Signing Key is delivered in a DNSKEY record

Q: What is the role of the Key Signing Key in DNSSEC?

A: The Key Signing Key or KSK verifies the Zone Signing Key and helps build the chain of trust

Q: How does the chain of trust work in DNSSEC?

A: The KSK verifies the ZSK the ZSK verifies the RRset and the parent zone stores a hash of the public KSK in a DS record

Q: What is stored in a DS record?

A: A DS record stores a hash of the child zone public Key Signing Key

Q: Why is the parent zone important in DNSSEC?

A: The parent zone publishes the DS record which links the child zone into the broader DNSSEC chain of trust

Q: What happens if the DNSSEC chain of trust is broken?

A: If the chain is broken an attacker may be able to meddle with responses because validation cannot be completed

Q: What is the purpose of the DNS root key signing process?

A: It establishes trust in the root of the DNSSEC hierarchy through a highly public and audited procedure

Q: Why is DNSSEC compared to HTTPS?

A: Both use chains of trust and public key cryptography to verify authenticity though DNSSEC is built into DNS and does not encrypt traffic

Q: What is CAA and how does DNSSEC help it?

A: CAA stands for Certification Authority Authorization and DNSSEC helps ensure the integrity of records that restrict which certificate authorities may issue certificates for a domain

Q: What is DANE?

A: DANE stands for DNS based Authentication of Named Entities and it uses DNS records to store certificate related information for verification

Q: What DNS record type is used by DANE?

A: DANE uses TLSA records

Q: How does DANE differ from the normal TLS trust model?

A: DANE can verify certificates using the DNS chain of trust instead of relying only on root certificate authorities in the operating system or browser

Q: What is SSHFP?

A: SSHFP is a DNS record that stores the fingerprint of an SSH host key

Q: How can SSHFP improve SSH security?

A: It lets a client verify an SSH server fingerprint through DNS instead of relying only on trust on first use

Q: Why has DNSSEC adoption been slow?

A: DNSSEC adoption has been slow because TLDs must be signed domain owners must coordinate with registrars and resolvers must validate signatures

Q: What three parties must cooperate for DNSSEC to work broadly?

A: The TLD the domain owner with registrar support and the resolver

Q: Why might HTTPS alone not be enough if DNS is compromised?

HTTPS fails if an attacker can both redirect you and present a valid certificate.

Q: What are some ways an attacker might still succeed despite HTTPS?

A: They might use a malicious or compromised certificate authority compromise a server and complete domain validation or break into a registrar dashboard and complete DNS validation

Q: How can poisoned DNS be used in certificate attacks?

A: An attacker may poison DNS to help falsely prove domain ownership during certificate issuance

Q: Why is using both HTTPS and DNSSEC better than using only one?

Using both HTTPS and DNSSEC is better because DNSSEC ensures you connect to the correct server, while HTTPS ensures that communication with that server is authenticated and encrypted.

Q: Why is DNSSEC useful for non web services?

A: DNS is used for many things besides web browsing such as mail routing SSH verification and DANE so DNSSEC protects the integrity of those records too

Q: What is an MX record?

A: An MX record specifies the mail server for a domain

Q: What is DNS over HTTPS?

A: DNS over HTTPS sends DNS queries to a resolver over HTTPS

Q: What security properties does DNS over HTTPS provide?

A: It provides confidentiality and integrity between the client and the recursive resolver

Q: Does DNS over HTTPS protect DNS data all the way to the authoritative server?

A: No it protects the connection between the client and the resolver

Q: Which public resolvers commonly support DNS over HTTPS?

A: Google Quad9 and Cloudflare

Q: Why might DNS privacy not always be expected traditionally?

A: DNS mainly reveals source and destination information which historically has not been treated as confidential in the same way as application data

Q: What is the chicken and egg problem mentioned with DNS over HTTPS?

A: TLS and HTTPS often depend on domain names even though DNS is needed to resolve those names in the first place

Q: How can that chicken and egg problem be worked around?

A: A certificate can be issued for an IP address such as 8.8.8.8 so the client can connect securely without first resolving a domain name

Q: What is DNS over TLS?

A: DNS over TLS sends DNS traffic directly over TLS without wrapping it in HTTP

Q: What is the main practical difference between DoH and DoT?

A: The main practical difference is the default port with DoH using port 443 and DoT using port 853

Q: Why can DoH blend in with other web traffic more easily?

A: Because it uses HTTPS on port 443 which is the same port used by regular secure web traffic

Q: Why are DoH and DoT often slower than traditional DNS?

A: They require TCP and TLS overhead instead of lightweight UDP based DNS queries

Q: What happens in a browser after entering a URL according to the lecture section shown?

A: Later stages include browser processing HTML parsing CSS interpretation page rendering GPU rendering and post rendering script execution

Q: What kinds of events can trigger JavaScript execution after rendering?

A: JavaScript can run on page load on a timer or in response to user interaction

Q: What is the user interface component of a browser?

A: It includes visible controls such as the address bar back buttons and other interface elements

Q: What is the browser engine?

the component that handles page navigation and coordinates between the UI, networking, and rendering.

Q: What is the rendering engine responsible for?

A: It determines how content is displayed by building structures like the DOM and render tree laying them out and painting them

Q: What does the networking component of a browser do?

A: It handles network requests using appropriate system calls

Q: What does the UI backend do in a browser?

A: It draws widgets and windows using appropriate system calls

Q: What does the JavaScript engine do?

A: It parses and executes JavaScript code

Q: What does browser data storage handle?

A: It interfaces with the file system or sandboxed local storage

Q: What does DOM stand for?

A: DOM stands for Document Object Model

Q: What is the DOM?

A: The DOM is a tree structure of objects created from parsed HTML tags

Q: Why is HTML parsing complicated?

A: HTML parsing must be forgiving and error tolerant and the page structure can change while the DOM is still being built

Q: Why can browsers begin layout before parsing is fully complete?

A: Browsers try to render progressively even though the DOM may still be changing

Q: What is the same origin policy?

A: The same origin policy is a browser security rule that restricts how a document or script from one origin can interact with resources from another origin

Q: What parts make up an origin?

A: An origin is defined by the scheme host and port

Q: Are two URLs with the same host but different ports the same origin?

A: No different ports mean different origins

Q: Are two URLs with the same host and port but different schemes the same origin?

A: No different schemes mean different origins

Q: Why does the same origin policy exist?

A: It prevents a malicious website from reading or manipulating sensitive data from another site loaded in the same browser

Q: What can a script generally do with resources from its own origin?

A: It can read modify and interact with them freely subject to normal page permissions

Q: What is one major thing blocked by the same origin policy?

A: It blocks JavaScript from reading data returned by a different origin unless that origin explicitly allows it

Q: Does the same origin policy stop a browser from sending requests to another origin?

A: No it mainly restricts reading the response not necessarily sending the request

Q: Why are cross origin requests still dangerous even if the response cannot be read?

A: They can still trigger actions on another site such as changing settings or submitting forms if other defenses are missing

Q: What is CORS?

A: CORS stands for Cross Origin Resource Sharing and it is a mechanism that lets a server specify which other origins may read its responses

Q: How does a server allow a cross origin read with CORS?

A: It returns specific headers such as Access Control Allow Origin

Q: What does the Access Control Allow Origin header do?

A: It tells the browser which origin is allowed to read the response

Q: What does it mean if Access Control Allow Origin is set to star?

A: It means any origin may read the response though credentials usually cannot be included with that setting

Q: What are credentials in a CORS context?

A: Credentials include cookies HTTP authentication and client certificates

Q: When are preflight requests used?

A: Preflight requests are used when a cross origin request is not considered simple such as when it uses certain methods or custom headers

Q: What HTTP method is usually used for a CORS preflight request?

A: OPTIONS

Q: What is the purpose of a preflight request?

A: It asks the server whether the actual cross origin request is allowed before sending it

Q: What header lists the intended method in a preflight request?

A: Access Control Request Method

Q: What header lists custom headers in a preflight request?

A: Access Control Request Headers

Q: What response header tells the browser which methods are allowed?

A: Access Control Allow Methods

Q: What response header tells the browser which headers are allowed?

A: Access Control Allow Headers

Q: What is a simple request in CORS?

A: A simple request is a cross origin request that uses an allowed method and only safelisted headers and content types so it does not need preflight

Q: Which methods are usually considered simple in CORS?

A: GET HEAD and POST

Q: Why are HTML forms important to understanding cross origin requests?

A: Browsers allowed cross site form submissions long before CORS so simple requests preserve older web behavior

Q: What is CSRF?

A: CSRF stands for Cross Site Request Forgery and it tricks a user browser into sending an unwanted authenticated request to another site

Q: Why can CSRF work even with the same origin policy?

A: Because the browser may still send the request with the user cookies even if the attacking site cannot read the response

Q: What is the main goal of CSRF defenses?

A: To ensure that a request came intentionally from the legitimate site and not from another site

Q: What is a CSRF token?

A: A CSRF token is a secret unpredictable value included in a request that the server checks before accepting sensitive actions

Q: Why is a CSRF token effective?

A: An attacker on another site usually cannot read the legitimate page to obtain the token

Q: What is the Referer or Origin header used for in CSRF defense?

A: It can help the server verify where the request came from

Q: What is a weakness of relying only on Referer checks?

A: Referer may be missing or altered in some situations so it is less reliable than tokens

Q: What is SameSite in cookies?

A: SameSite is a cookie attribute that limits when cookies are sent with cross site requests

Q: How does SameSite help against CSRF?

A: It can stop browsers from including cookies on some or all cross site requests

Q: What is the difference between SameSite Strict and SameSite Lax?

SameSite Strict never sends cookies on cross-site requests, while SameSite Lax allows cookies on top-level navigations like clicking a link but blocks them on most other cross-site requests

Q: Why is SameSite not always a complete CSRF defense by itself?

A: Older browsers compatibility issues and some allowed request types can still leave gaps

Q: What is JSONP?

A: JSONP is an older technique that bypasses same origin restrictions by loading data as a script

Q: Why is JSONP risky?

A: It treats returned data as executable JavaScript which can be dangerous and is less safe than CORS

Q: Why are script tags special with cross origin loading?

A: Browsers allow scripts to be loaded from other origins and executed even though reading response bodies through JavaScript is normally restricted

Q: What is clickjacking?

A: Clickjacking tricks a user into clicking on something different from what they think they are clicking often by hiding or overlaying frames

Q: How can a site defend against clickjacking?

A: It can use frame restrictions such as X Frame Options or a Content Security Policy frame ancestors rule

Q: What does X Frame Options do?

A: It tells the browser whether the page may be displayed inside a frame

Q: What is postMessage used for?

A: postMessage lets documents from different origins communicate safely when both sides check the sender origin carefully

Q: Why is origin checking important with postMessage?

A: Without checking origin a page might trust messages from a malicious site

Q: What is document.domain and why is it notable?

A: document.domain is an old mechanism for relaxing origin checks between related subdomains but it is discouraged because it weakens security

Q: What is one key difference between CORS and CSRF defenses?

A: CORS controls which sites may read responses while CSRF defenses control which requests may cause authenticated actions

Q: Why is allowing Access Control Allow Origin for every site sometimes dangerous?

A: It can expose sensitive response data to any website if other protections are not in place

Q: What is a common mistake when enabling credentialed CORS?

A: Allowing credentials while reflecting arbitrary origins can let untrusted sites read authenticated data