CNT4403 Network Security

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/11

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

12 Terms

1
New cards

Confidentiality

A goal of network security focused on preventing the unwanted inspection of resources and data.

2
New cards

Integrity

A goal of network security focused on preventing the unwanted modification of resources and data.

3
New cards

Authenticity

A goal of network security focused on verifying the identity of a user, device, or source of information.

4
New cards

Why is the internet vulnerable?

The Internet is extremely vulnerable to attacks mostly because it is a "huge open system". It is built on something called the "end-to-end principle," which means the computers at the ends of the connection are smart, but the network in the middle is actually "dumb".

5
New cards

Internet Risk (Guessing Secret Numbers, TCP/IP attack)

When computers connect using TCP/IP, they use a "three-way handshake." If a bad guy can guess the sequence number used in this handshake, they can trick a server into accepting whatever data they want.

6
New cards

Internet Risk (Routing manipulation)

Routers use vast amounts of data to decide where to send internet traffic. If a hacker forges this information, the routers will believe it, allowing the hacker to hijack connections or crash the network.

7
New cards

Internet Control Message Protocol (ICMP)

A protocol used as a control plane for IP messages, handling functions like ping and error notifications (e.g., Destination Unreachable).

8
New cards

ARP Poisoning

An attack where malicious ARP entries are sent to a device to overwrite correct entries, leading to session hijacking, man-in-the-middle attacks, or denial of service.

9
New cards

DNS (Domain Name System)

A hierarchical and distributed system that maps domain names (e.g., cis.fiu.edu) to IP addresses (e.g., 131.94.130.238). However, the system has a major weakness: no authentication. So there is no ID check to prove a message is really coming from where it says it is.

10
New cards

Spoofing

The broader category of attacks which involve the act of forging DNS data to provide a false response, such as a malicious IP address for a legitimate domain name. This is a primary vulnerability of unauthenticated DNS.

11
New cards

DNS cache poisoning

Is a specific type of attack where a hacker tricks a DNS server into saving fake information. A victim asks for the address of a real website, like a bank. An attacker guesses the ID number of that request (called a QID). The attacker quickly sends a fake answer with their own IP address before the real bank's server can respond. If the attacker guesses correctly, the victim's server saves (caches) the bad address.

12
New cards

DNSSEC (DNS Security Extensions)

It is the solution to DNS's lack of authentication. It is An IETF standard that secures DNS using public key cryptography. It authenticates DNS data and server communications to prevent data spoofing and corruption. Essentially, it adds a layer of security by using "digital signatures".