Computer Science Module 2: Network Security

Questions and Answers

What is the purpose of well-known port numbers?

To provide security for network traffic

To identify specific service types on a host (correct)

To increase internet speed

To encrypt user data

Which of the following ports is used for Hypertext Transfer Protocol (HTTP)?

443

80 (correct)

21

25

What type of attack is characterized by overwhelming a network service to render it unusable?

Dictionary Attack

Social Engineering

Denial of Service (correct)

Packet Sniffing

Which of the following is a method to secure data against packet sniffing?

Implementing Secure Sockets Layer (SSL)

Which protocol is associated with port 25?

Simple Mail Transfer Protocol (SMTP)

What threat involves manipulating individuals to disclose sensitive information?

Social Engineering

What type of attack uses well-known patterns of behavior to monitor network activity?

Intrusion Detection

Which of the following protocols is used on port 443?

HTTP Secure (HTTPS)

What is the primary purpose of network security?

To protect vital information and provide access control

Which of the following is NOT a method of providing authentication?

Encryption

What is a key feature of firewalls?

They filter packets based on predefined rules

Denial of Service (DoS) attacks primarily aim to:

Disrupt the availability of resources

Packet sniffing is primarily used for what purpose?

To analyze and capture data being transmitted

Which of these statements accurately describes a firewall?

Acts as a single point of access to control network traffic

Which protocol is associated with TCP attacks like spoofing?

Transmission Control Protocol (TCP)

Which of the following best describes social engineering in the context of network security?

Manipulating individuals to gain unauthorized access to information

What are firewalls primarily used for in network security?

Filtering packets based on rules

Which of the following accurately describes the role of a firewall?

It limits access to a network to specific users or systems.

Why is guaranteeing availability of resources important in network security?

It ensures services remain operational and reliable.

What is one of the primary reasons many network applications and protocols have security problems?

Security vulnerabilities are addressed over time, making it hard to keep up.

What kind of attack is characterized by overwhelming a service to make it unavailable?

Denial of Service

Which of the following best describes the function of Intrusion Detection Systems?

They monitor and track network communications for unusual activity.

What is the role of authentication in network security?

To verify the identity of users accessing resources.

What is a common method used to protect against social engineering attacks?

Implementing strict access controls and user training.

What is the primary role of well-known port numbers?

To identify specific applications on a host

Which of the following protocols is used for secure communication over the internet?

SSH

What technique involves attackers listening to unencrypted data being transmitted over a network?

Packet sniffing

Which of the following is NOT an example of a typical TCP port?

8080

Which type of attack aims to overload network resources to make them unusable?

Denial of Service

What is a common solution to protect against packet sniffing attacks?

Implementing encryption protocols

Which of the following ports is typically assigned to the Simple Mail Transfer Protocol (SMTP)?

25

Which type of attack relies on exploiting human factors to gain sensitive information?

Social engineering

Study Notes

International & Access Foundation Programmes

• Computer Science Module, Semester 2, Part 5

Networks: Network Security

• Overview
  • What is network security?
  • Why do we need network security?
  • Who is vulnerable?
  • Common security attacks and countermeasures
    • Firewalls & Intrusion Detection Systems
    • Denial of Service Attacks
    • TCP Attacks (Spoofing)
    • Packet Sniffing
    • Social Engineering

Why Do We Need Security?

• Protect vital information while allowing access to those who need it
  • Trade secrets, medical records, personal data
• Provide authentication and access control for resources
  • Login, Passwords, Biometrics
• Guarantee resource availability (uptime 99.995% reliability)

Firewalls

• Basic problem - many network applications and protocols have security problems that change over time.

• Difficult for users to keep up with changes and keep hosts secure.

• Solution:

  • Administrators limit access to end hosts using firewalls.
  • Firewalls are kept up-to-date by administrators.

• Firewall analogy: A castle with a drawbridge; only one point of access to the network.

  • Can have positives and negatives

• Firewalls can be hardware or software.

  • Some routers have firewall functionality.
  • Unix, Windows XP/7/8, and Mac OS X have built-in software firewalls.

• DMZ (Demilitarized Zone): A segment between the Internet and the intranet, where web servers, email servers, and web proxies reside.

• Filtering packets based on rules (packet filtering firewalls).

• Windows 7 Default Firewall Configuration:

  • 135/tcp open loc-srv
  • 139/tcp open netbios-ssn
  • 445/tcp open microsoft-ds
  • 1025/tcp open NFS-or-IIS
  • 3389/tcp open ms-term-serv
  • 5000/tcp open UPnP

Ports (TCP & UDP)

• In the internet protocol suite, a port is an endpoint of communication in an operating system.

• 1024 well-known port numbers are reserved to identify specific service types on a host.

• A port is always associated with an IP address of a host.

• Example:

  • http://www.example.com:8080
  • http://72.56.123.233:80/

• List of registered ports.

• Typical TCP Ports:

  • 21: File Transfer Protocol (FTP)
  • 22: Secure Shell (SSH)
  • 23: Telnet remote login service
  • 25: Simple Mail Transfer Protocol (SMTP)
  • 53: Domain Name System (DNS) service
  • 80: Hypertext Transfer Protocol (HTTP)
  • 110: Post Office Protocol (POP3)
  • 119: Network News Transfer Protocol (NNTP)
  • 123: Network Time Protocol (NTP)
  • 143: Internet Message Access Protocol (IMAP)
  • 161: Simple Network Management Protocol (SNMP)
  • 194: Internet Relay Chat (IRC)
  • 443: HTTP Secure (HTTPS)

Types of Attacks

• Intrusion Detection: Monitoring for suspicious activity on a network based on known patterns of behaviour.

• Dictionary Attack (Brute Force): Trying passwords from a dictionary or list of common passwords.

• Denial of Service (DoS): Making a network service unusable by overloading the server or network.

• TCP Attacks: Attackers create IP packets and routers process them based on destination address. End-host may lie about other fields; malicious data inserted into the TCP stream, deceives the reciever that it's not from the attacker.

• Packet Sniffing: Capturing network traffic. Affects any broadcast-based network. A host listens to the data (plain-text passwords).

  • Solution: Encrypt data (SSL for https addresses; web browser knows how to trust based on certificate authorities).

  • Secure Socket Layer (SSL) for HTTPS addresses. Web browsers know how to trust HTTPS websites based on Certificate Authorities (CAs)

  • IPSec - Internet Protocol Security (IPsec) is protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet.

• Social Engineering: Exploiting human psychology to gain access to sensitive information. People can be lied to, manipulated, bribed, threatened, and harmed to give up valuable information

  • Example: "Your account has been hacked, please resend..."

Description

This quiz covers essential concepts in network security, including its definition, importance, and vulnerabilities. It also explores common security attacks, countermeasures, and the significance of firewalls in protecting sensitive information. Test your knowledge on how to secure networks effectively and understand the critical components involved.