Cryptographic Algorithms - 3DES and Diffie-Hellman

Questions and Answers

What is a virus in the context of malware?

Malicious software attached to another program (correct)

A standalone program that executes a particular unwanted function

A type of buffer overflow attack

A self-replicating program that spreads to other hosts

What is the primary difference between a virus and a worm?

A virus requires user interaction, while a worm does not

A worm is a type of Trojan horse

A virus is more deadly than a worm

A worm executes arbitrary code and installs copies of itself (correct)

What is a buffer overflow?

A type of malware that installs itself in a system's memory

When a fixed-length buffer reaches its capacity and a process attempts to store data beyond that maximum limit (correct)

A type of worm that targets a specific system's vulnerability

A type of Trojan horse that disguises itself as a legitimate application

What is the containment phase of worm mitigation?

Limiting the spread of a worm infection to areas of the network that are already affected

What is the primary conduit through which viruses, worms, and Trojan horses do their damage?

Buffer overflows

What is the inoculation phase of worm mitigation?

Running parallel to or subsequent to the containment phase

What is a Trojan horse in the context of malware?

A type of malware that is written to look like something else, but is an attack tool

Why is it important to mitigate viruses, worms, and Trojan horses?

All of the above

What is the goal of the containment phase in worm mitigation?

To stop the worm from spreading to other systems

What is the primary role of system and network administration staff in worm mitigation?

To be diligent in mitigating an active worm attack

Study Notes

3DES

• 3DES (Triple Data Encryption Algorithm) is an encryption algorithm
• It has three phases: encryption, decryption, and decryption

Diffie-Hellman Key Exchange

• The Diffie-Hellman algorithm is used for key exchange
• It is commonly used in IPsec VPN, SSL/TLS, and SSH
• It is not an encryption mechanism and is not used for bulk encryption
• It is used to create keys for symmetric algorithms

Symmetric vs Asymmetric Key Algorithms

• Symmetric key algorithms use the same key for encryption and decryption
• Asymmetric key algorithms use a public key for encryption and a private key for decryption
• Asymmetric algorithms provide confidentiality and authentication

Limitations of Firewalls

• Firewalls cannot protect against attacks bypassing the firewall
• Firewalls may not protect against internal threats
• Improperly secured wireless LANs can be accessed from outside the organization
• Infected laptops or devices can be used internally

Bastion Hosts

• A bastion host is a secure system that serves as a platform for application-level or circuit-level gateways
• Characteristics of bastion hosts include:
  • Runs a secure operating system with only essential services
  • Requires user authentication to access the proxy or host
  • Proxies can restrict features and hosts accessed
  • Each proxy is small, simple, and checked for security
  • Each proxy is independent and non-privileged
  • Limited disk use, with read-only code

Zero-Day Attacks

• A zero-day attack is a computer attack that exploits software vulnerabilities
• Worms and viruses can spread rapidly across the world
• Zero-hour describes the moment when the exploit is discovered

IDS (Intrusion Detection System)

• IDS monitors traffic offline and generates an alert when malicious traffic is detected
• Advantages of IDS include:
  • Works passively
  • Requires traffic to be mirrored
  • Does not slow network traffic
  • Allows some malicious traffic into the network

Viruses, Worms, and Trojan Horses

• A virus is malicious software attached to another program to execute unwanted functions
• A worm executes arbitrary code and installs copies of itself in the infected computer's memory
• A Trojan horse is a malicious program disguised as a legitimate application
• Viruses, worms, and Trojan horses can be mitigated by:
  • Installing antivirus software
  • Keeping software up-to-date
  • Avoiding suspicious emails and attachments

Buffer Overflows

• A buffer is an allocated area of memory used to store data temporarily
• A buffer overflow occurs when a process attempts to store data beyond the buffer's capacity
• Buffer overflows can result in data overwriting adjacent memory locations and causing unexpected behaviors
• Buffer overflows are a primary conduit for viruses, worms, and Trojan horses

Worm Mitigation

• Worm attack mitigation requires diligence from system and network administration staff
• A four-phase process is used to mitigate an active worm attack:
  • Containment Phase: Limits the spread of the worm infection to already affected areas
  • Inoculation Phase: Runs parallel to or subsequent to the containment phase

Description

This quiz covers the operation of 3DES encryption and decryption, as well as the Diffie-Hellman key exchange algorithm used in secure data exchange.