Cryptography Algorithms

Questions and Answers

PDF Questions PDF Answers

What is the primary way viruses, worms, and Trojan Horses cause damage?

By using asymmetric encryption

By exploiting weaknesses in buffer overflows (correct)

By using social engineering tactics

By exploiting vulnerabilities in firewalls

What is a buffer in the context of computer security?

A type of virus or malware

A type of encryption algorithm

A type of firewall rule

A allocated area of memory used by processes to store data temporarily (correct)

What is the primary goal of the Containment Phase in worm mitigation?

To patch the vulnerable software

To eradicate the worm from the network

To limit the spread of a worm infection to areas of the network that are already affected (correct)

To identify the source of the worm

What is a Trojan Horse in the context of computer security?

An entire application written to look like something else, when, in fact, it is an attack tool

What is the usual result of a buffer overflow?

Extra data overwriting adjacent memory locations, as well as causing other unexpected behaviors

What is the primary responsibility of system and network administration staff in worm mitigation?

To show diligence and vigilance in mitigating worm attacks

What is the purpose of using ACLs on routers and firewalls during the Containment Phase?

To segment the network and slow down or stop the worm

What is the main difference between a virus and a worm?

A virus is attached to another program, while a worm executes arbitrary code

What is the purpose of the Inoculation Phase in worm mitigation?

To run parallel to or subsequent to the Containment Phase

What is a common software vulnerability that can be exploited by viruses, worms, and Trojan Horses?

Buffer overflows

Study Notes

3DES

• 3DES (Triple Data Encryption Algorithm) is an encryption algorithm
• It has three phases: encryption, decryption, and decryption

Diffie-Hellman Key Exchange

• The Diffie-Hellman algorithm is used for key exchange
• It is commonly used in IPsec VPN, SSL/TLS, and SSH
• It is not an encryption mechanism and is not used for bulk encryption
• It is used to create keys for symmetric algorithms

Symmetric vs Asymmetric Key Algorithms

• Symmetric key algorithms use the same key for encryption and decryption
• Asymmetric key algorithms use a public key for encryption and a private key for decryption
• Asymmetric algorithms provide confidentiality and authentication

Limitations of Firewalls

• Firewalls cannot protect against attacks bypassing the firewall
• Firewalls may not protect against internal threats
• Improperly secured wireless LANs can be accessed from outside the organization
• Infected laptops or devices can be used internally

Bastion Hosts

• A bastion host is a secure system that serves as a platform for application-level or circuit-level gateways
• Characteristics of bastion hosts include:
  • Runs a secure operating system with only essential services
  • Requires user authentication to access the proxy or host
  • Proxies can restrict features and hosts accessed
  • Each proxy is small, simple, and checked for security
  • Each proxy is independent and non-privileged
  • Limited disk use, with read-only code

Zero-Day Attacks

• A zero-day attack is a computer attack that exploits software vulnerabilities
• Worms and viruses can spread rapidly across the world
• Zero-hour describes the moment when the exploit is discovered

IDS (Intrusion Detection System)

• IDS monitors traffic offline and generates an alert when malicious traffic is detected
• Advantages of IDS include:
  • Works passively
  • Requires traffic to be mirrored
  • Does not slow network traffic
  • Allows some malicious traffic into the network

Viruses, Worms, and Trojan Horses

• A virus is malicious software attached to another program to execute unwanted functions
• A worm executes arbitrary code and installs copies of itself in the infected computer's memory
• A Trojan horse is a malicious program disguised as a legitimate application
• Viruses, worms, and Trojan horses can be mitigated by:
  • Installing antivirus software
  • Keeping software up-to-date
  • Avoiding suspicious emails and attachments

Buffer Overflows

• A buffer is an allocated area of memory used to store data temporarily
• A buffer overflow occurs when a process attempts to store data beyond the buffer's capacity
• Buffer overflows can result in data overwriting adjacent memory locations and causing unexpected behaviors
• Buffer overflows are a primary conduit for viruses, worms, and Trojan horses

Worm Mitigation

• Worm attack mitigation requires diligence from system and network administration staff
• A four-phase process is used to mitigate an active worm attack:
  • Containment Phase: Limits the spread of the worm infection to already affected areas
  • Inoculation Phase: Runs parallel to or subsequent to the containment phase

Description

Quiz about different cryptography algorithms, including 3DES, Diffie-Hellman Key Exchange, and Symmetric vs Asymmetric Key Algorithms.