Computer Science Module 2: Network Security

Questions and Answers

What is the purpose of well-known port numbers?

• To provide security for network traffic
• To identify specific service types on a host (correct)
• To increase internet speed
• To encrypt user data

Which of the following ports is used for Hypertext Transfer Protocol (HTTP)?

• 443
• 80 (correct)
• 21
• 25

What type of attack is characterized by overwhelming a network service to render it unusable?

• Dictionary Attack
• Social Engineering
• Denial of Service (correct)
• Packet Sniffing

Which of the following is a method to secure data against packet sniffing?

Implementing Secure Sockets Layer (SSL) (B)

Which protocol is associated with port 25?

Simple Mail Transfer Protocol (SMTP) (B)

What threat involves manipulating individuals to disclose sensitive information?

Social Engineering (A)

What type of attack uses well-known patterns of behavior to monitor network activity?

Intrusion Detection (D)

Which of the following protocols is used on port 443?

HTTP Secure (HTTPS) (A)

What is the primary purpose of network security?

To protect vital information and provide access control (D)

Which of the following is NOT a method of providing authentication?

Encryption (D)

What is a key feature of firewalls?

They filter packets based on predefined rules (D)

Denial of Service (DoS) attacks primarily aim to:

Disrupt the availability of resources (B)

Packet sniffing is primarily used for what purpose?

To analyze and capture data being transmitted (A)

Which of these statements accurately describes a firewall?

Acts as a single point of access to control network traffic (B)

Which protocol is associated with TCP attacks like spoofing?

Transmission Control Protocol (TCP) (D)

Which of the following best describes social engineering in the context of network security?

Manipulating individuals to gain unauthorized access to information (B)

What are firewalls primarily used for in network security?

Filtering packets based on rules (D)

Which of the following accurately describes the role of a firewall?

It limits access to a network to specific users or systems. (C)

Why is guaranteeing availability of resources important in network security?

It ensures services remain operational and reliable. (C)

What is one of the primary reasons many network applications and protocols have security problems?

Security vulnerabilities are addressed over time, making it hard to keep up. (D)

What kind of attack is characterized by overwhelming a service to make it unavailable?

Denial of Service (C)

Which of the following best describes the function of Intrusion Detection Systems?

They monitor and track network communications for unusual activity. (D)

What is the role of authentication in network security?

To verify the identity of users accessing resources. (A)

What is a common method used to protect against social engineering attacks?

Implementing strict access controls and user training. (A)

What is the primary role of well-known port numbers?

To identify specific applications on a host (B)

Which of the following protocols is used for secure communication over the internet?

SSH (D)

What technique involves attackers listening to unencrypted data being transmitted over a network?

Packet sniffing (D)

Which of the following is NOT an example of a typical TCP port?

8080 (D)

Which type of attack aims to overload network resources to make them unusable?

Denial of Service (C)

What is a common solution to protect against packet sniffing attacks?

Implementing encryption protocols (D)

Which of the following ports is typically assigned to the Simple Mail Transfer Protocol (SMTP)?

25 (C)

Which type of attack relies on exploiting human factors to gain sensitive information?

Social engineering (D)

Flashcards

Network Security

Protecting network resources from unauthorized access or attacks.

Firewall

A security system that controls network traffic by allowing or blocking specific connections.

Packet Filtering Firewall

A type of firewall that examines network packets and allows or blocks them based on pre-defined rules.

Denial-of-Service Attack

An attack that floods a network or server with traffic, making it unavailable to legitimate users.

TCP Attack (Spoofing)

A type of attack that involves faking network packets to gain unauthorized access.

Packet Sniffing

Capturing and examining network traffic to identify vulnerabilities.

Social Engineering

Manipulating individuals into revealing sensitive information or performing actions that compromise security.

Network Port

A specific address on a computer used for network communication.

Port Numbers

Reserved numbers that identify specific services on a computer.

TCP Ports

Specific port numbers used by the TCP protocol for various services.

Intrusion Detection

Monitoring network activity for suspicious behavior that could indicate an attack.

Dictionary Attack

Trying to guess passwords by using a list of common passwords.

Denial of Service (DoS)

Making a service or network unusable by overwhelming it.

HTTPS

Secure web protocol.

Trade Secrets

Confidential information that gives a company a competitive advantage, such as formulas, designs, or processes.

Medical Records

Personal health information that is confidential and protected by law.

Authentication

The process of verifying the identity of a user or device before granting access to a network or resource.

Access Control

The process of restricting access to resources based on user permissions.

Uptime

The percentage of time that a network or system is operational and available for use.

Firewall Rules

Specific instructions that define which network traffic is allowed or blocked by a firewall.

DMZ

A buffer zone between a firewall and the internet, used to isolate sensitive systems like web servers.

Packet Filtering

A firewall technique that examines individual network packets and allows or blocks them based on defined rules.

Secure Sockets Layer (SSL)

A security protocol that encrypts communication between a web server and a web browser, ensuring secure data transmission.

Study Notes

International & Access Foundation Programmes

• Computer Science Module, Semester 2, Part 5

Networks: Network Security

• Overview
  • What is network security?
  • Why do we need network security?
  • Who is vulnerable?
  • Common security attacks and countermeasures
    • Firewalls & Intrusion Detection Systems
    • Denial of Service Attacks
    • TCP Attacks (Spoofing)
    • Packet Sniffing
    • Social Engineering

Why Do We Need Security?

• Protect vital information while allowing access to those who need it
  • Trade secrets, medical records, personal data
• Provide authentication and access control for resources
  • Login, Passwords, Biometrics
• Guarantee resource availability (uptime 99.995% reliability)

Firewalls

• Basic problem - many network applications and protocols have security problems that change over time.

• Difficult for users to keep up with changes and keep hosts secure.

• Solution:

  • Administrators limit access to end hosts using firewalls.
  • Firewalls are kept up-to-date by administrators.

• Firewall analogy: A castle with a drawbridge; only one point of access to the network.

  • Can have positives and negatives

• Firewalls can be hardware or software.

  • Some routers have firewall functionality.
  • Unix, Windows XP/7/8, and Mac OS X have built-in software firewalls.

• DMZ (Demilitarized Zone): A segment between the Internet and the intranet, where web servers, email servers, and web proxies reside.

• Filtering packets based on rules (packet filtering firewalls).

• Windows 7 Default Firewall Configuration:

  • 135/tcp open loc-srv
  • 139/tcp open netbios-ssn
  • 445/tcp open microsoft-ds
  • 1025/tcp open NFS-or-IIS
  • 3389/tcp open ms-term-serv
  • 5000/tcp open UPnP

Ports (TCP & UDP)

• In the internet protocol suite, a port is an endpoint of communication in an operating system.

• 1024 well-known port numbers are reserved to identify specific service types on a host.

• A port is always associated with an IP address of a host.

• Example:

  • http://www.example.com:8080
  • http://72.56.123.233:80/

• List of registered ports.

• Typical TCP Ports:

  • 21: File Transfer Protocol (FTP)
  • 22: Secure Shell (SSH)
  • 23: Telnet remote login service
  • 25: Simple Mail Transfer Protocol (SMTP)
  • 53: Domain Name System (DNS) service
  • 80: Hypertext Transfer Protocol (HTTP)
  • 110: Post Office Protocol (POP3)
  • 119: Network News Transfer Protocol (NNTP)
  • 123: Network Time Protocol (NTP)
  • 143: Internet Message Access Protocol (IMAP)
  • 161: Simple Network Management Protocol (SNMP)
  • 194: Internet Relay Chat (IRC)
  • 443: HTTP Secure (HTTPS)

Types of Attacks

• Intrusion Detection: Monitoring for suspicious activity on a network based on known patterns of behaviour.

• Dictionary Attack (Brute Force): Trying passwords from a dictionary or list of common passwords.

• Denial of Service (DoS): Making a network service unusable by overloading the server or network.

• TCP Attacks: Attackers create IP packets and routers process them based on destination address. End-host may lie about other fields; malicious data inserted into the TCP stream, deceives the reciever that it's not from the attacker.

• Packet Sniffing: Capturing network traffic. Affects any broadcast-based network. A host listens to the data (plain-text passwords).

  • Solution: Encrypt data (SSL for https addresses; web browser knows how to trust based on certificate authorities).

  • Secure Socket Layer (SSL) for HTTPS addresses. Web browsers know how to trust HTTPS websites based on Certificate Authorities (CAs)

  • IPSec - Internet Protocol Security (IPsec) is protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet.

• Social Engineering: Exploiting human psychology to gain access to sensitive information. People can be lied to, manipulated, bribed, threatened, and harmed to give up valuable information

  • Example: "Your account has been hacked, please resend..."