Cyber Security: Security Controls and Network Layers
38 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary purpose of the TLS session?

  • To define cryptographic parameters
  • To create a transport layer protocol
  • To avoid renegotiating security parameters for each connection (correct)
  • To establish peer-to-peer relationships
  • The HTTPS protocol is a combination of HTTP and TLS.

    True

    What is the most complex part of TLS?

    TLS Handshake

    IPsec provides security services at the __ layer.

    <p>IP</p> Signup and view all the answers

    Define control as mentioned in the text.

    <p>An action, device, procedure, or other measure that reduces risk by eliminating or preventing a security violation, by minimizing the harm it can cause, or by discovering and reporting it to enable corrective action.</p> Signup and view all the answers

    Which classification of controls focuses on security policies, planning, and standards?

    <p>Management controls</p> Signup and view all the answers

    Preventative controls aim to inhibit attempts to violate security policies or exploit vulnerabilities.

    <p>True</p> Signup and view all the answers

    _______ provides a secure remote logon facility to replace TELNET and other remote login schemes.

    <p>SSH</p> Signup and view all the answers

    According to NIST 800-83, how is malware defined?

    <p>A program that is inserted into a system to compromise data</p> Signup and view all the answers

    Which of the following are information security properties that malware can attack?

    <p>All of the above</p> Signup and view all the answers

    What is the purpose of persistent malware?

    <p>Persistent malware is installed in persistent storage like a file system or hard drive, allowing it to remain on a compromised machine for a long time.</p> Signup and view all the answers

    ____ malware requires a host program to run and cannot run independently.

    <p>Host dependent</p> Signup and view all the answers

    Match the Malware Classification Dimension with its Description:

    <p>How it is triggered = Auto-spreading malware runs and looks for vulnerable machines or user-activated malware is run due to user interaction. Static or dynamically updated = Dynamically updated malware communicate regularly with an infrastructure or standalone static malware. Act alone or coordinated attack = Act alone malware operate independently while coordinated malware contribute to larger attacks.</p> Signup and view all the answers

    What does malware consist of?

    <p>Infection mechanism and payload</p> Signup and view all the answers

    Which of the following are main types of malware?

    <p>Keystroke loggers</p> Signup and view all the answers

    What is a virus?

    <p>A piece of software that infects programs, modifies them to include a copy of the virus, and replicates to infect other content.</p> Signup and view all the answers

    A virus infects fles that the operating system or shell considers to be ___________.

    <p>executable</p> Signup and view all the answers

    Match the virus classifications with their description:

    <p>Boot sector infector = Infects a master boot record or boot record Macro virus = Infects fles with macro or scripting code Polymorphic virus = Mutates with every infection Stealth virus = Designed to hide itself from detection</p> Signup and view all the answers

    How are payloads classified?

    <p>Based on the damage or threat they bring to the system</p> Signup and view all the answers

    What is the purpose of Attack Agents Bots?

    <p>To take over other computers and launch attacks</p> Signup and view all the answers

    Rootkits can hide the presence of a malware process by removing it from the list of active processes.

    <p>True</p> Signup and view all the answers

    What is the main purpose of Information Theft- Phishing?

    <p>Exploits social engineering to leverage the user's trust by masquerading as communication from a trusted source</p> Signup and view all the answers

    SQL injection attacks are designed to exploit the nature of Web application pages by insertion of a ____ query via the input data.

    <p>SQL</p> Signup and view all the answers

    What is the main purpose of XML External Entity Processing?

    <p>Pass data back and forth between a client and a server</p> Signup and view all the answers

    Cross-site scripting (XSS) attacks involve injecting code fragments into input fields on the server side.

    <p>False</p> Signup and view all the answers

    What does SQLi stand for?

    <p>SQL Injection</p> Signup and view all the answers

    In a SQL Injection attack, the attacker can terminate the injected string with a comment mark ___

    <p>--</p> Signup and view all the answers

    Match the following SQL Injection types with their descriptions:

    <p>Tautology = Injects code in conditional statements End-of-line comment = Nullifies legitimate code by using comments Piggybacked queries = Adds additional queries Inferential Attack = Reconstructs information by observing behaviors</p> Signup and view all the answers

    What are the two broad defense approaches against buffer overflows?

    <p>Compile-time</p> Signup and view all the answers

    Security is no longer an 'add-on' but a requirement in software engineering.

    <p>True</p> Signup and view all the answers

    What is the main concept of defensive programming?

    <p>Validation of assumptions and graceful handling of potential failures</p> Signup and view all the answers

    ______ and reliability are common design goals in most engineering disciplines.

    <p>Security</p> Signup and view all the answers

    Match the following SDLC phases to their descriptions:

    <p>System requirements = Identify and design program functions System design = Understand the requirements of the system Development = Code the programs Test = Test the programs, individually and collectively Deployment = Install the system into a secure 'production' environment</p> Signup and view all the answers

    What is the ultimate goal for the attacker in a Buffer Overflow attack?

    <p>getting a shell that allows to execute arbitrary commands with high privileges</p> Signup and view all the answers

    What does the NIST recommend to reduce software vulnerabilities?

    <p>All of the above</p> Signup and view all the answers

    What is an additional concern when input data represents numeric values? Internally stored in _ sized value.

    <p>fixed</p> Signup and view all the answers

    Using strongly typed languages limits the interpretation of data variables.

    <p>True</p> Signup and view all the answers

    Match the SQL countermeasures with their types:

    <p>Defensive coding = Manual defensive coding practices Detection = Signature based Run-time prevention = Check queries at runtime to see if they conform to a model of expected queries</p> Signup and view all the answers

    Study Notes

    Security Controls

    • Security control is defined as an action, device, procedure, or other measure that reduces risk by eliminating or preventing a security violation, minimizing harm, or discovering and reporting it to enable corrective action.

    Control Classifications

    • Management controls:
      • Focus on security policies, planning, guidelines, and standards that influence the selection of operational and technical controls to reduce the risk of loss and protect the organization's mission.
      • Address issues that management needs to address.
    • Operational controls:
      • Address the correct implementation and use of security policies and standards, ensuring consistency in security operations and correcting identified operational deficiencies.
      • Relate to mechanisms and procedures that are primarily implemented by people rather than systems.
      • Used to improve the security of a system or group of systems.
    • Technical controls:
      • Involve the correct use of hardware and software security capabilities in systems.
      • Range from simple to complex measures that work together to secure critical and sensitive data, information, and IT systems functions.

    Control Classes

    • Each of the control classes may include:
      • Supportive controls:
        • Pervasive, generic, underlying technical IT security capabilities that are interrelated with, and used by, many other controls.
      • Preventative controls:
        • Focus on preventing security breaches from occurring, by inhibiting attempts to violate security policies or exploit a vulnerability.
      • Detection and recovery controls:
        • Focus on the response to a security breach, by warning of violations or attempted violations of security policies or the identified exploit of a vulnerability and by providing means to restore the resulting lost computing resources.

    Application Layer Controls

    • Email Security:
      • MIME (Multipurpose Internet Mail Extension) and S/MIME (Secure/Multipurpose Internet Mail Extension) provide security enhancements to the Internet e-mail format.
      • S/MIME provides the ability to sign and/or encrypt e-mail messages.
    • Pretty Good Privacy (PGP) Cryptography:
      • A standard for electronic-mail encryption and digital signatures.
      • Uses a Public Private Keys (PPK) method.
    • DNS Threats Prevention:
      • DNS Security (DNSSEC) is deployed to ensure the authenticity of DNS answers, integrity of replies, and authenticity of denial of existence.
      • Accomplishes this by signing DNS replies at each step of the way using public-key cryptography.
    • Secure Shell (SSH):
      • A protocol for secure network communications designed to be relatively simple and inexpensive to implement.
      • Provides a secure remote logon facility, file transfer, and email.

    Host to Host/Transport Layer Controls

    • Transport Layer Security:
      • A definition of the transport layer protocol.
    • TLS (Transport Layer Security) Protocol Stack:
      • TLS is designed to make use of TCP to provide a reliable end-to-end secure service.
      • The TLS Record Protocol provides basic security services to various higher-layer protocols.
    • TLS Concepts:
      • TLS Session: created by the Handshake Protocol, defines a set of cryptographic parameters, and is used to avoid the expensive negotiation of new security parameters for each connection.
      • TLS Connection: a transport layer protocol that provides a suitable type of service, peer-to-peer relationships, and every connection is associated with one session.
    • TLS Handshake Messages:
      • The most complex part of TLS, used before any application data are transmitted, allows server and client to authenticate each other, negotiate encryption and MAC algorithms, and negotiate cryptographic keys to be used.

    Network Layer Security

    • IP Security (IPsec):
      • Provides security services at the IP layer by enabling a system to select required security protocols, determine the algorithm(s) to use for the service(s), and put in place any cryptographic keys required to provide the requested services.
    • IPsec Services:
      • Access control, connectionless integrity, data origin authentication, rejection of replayed packets (integrity), and confidentiality (encryption/confidentiality).
    • Benefits of IPsec:
      • Provides strong security that can be applied to all traffic crossing the perimeter.
      • Traffc within a company or workgroup does not incur the overhead of security-related processing.
      • IPsec is below the transport layer (TCP, UDP) and so is transparent to applications.
      • There is no need to train users on security mechanisms.
    • The Scope of IPsec:
      • Provides two main functions: a combined authentication/encryption function called Encapsulating Security Payload (ESP) and a key exchange function.
      • Also provides an authentication-only function, implemented using an Authentication Header (AH).
    • Transport Mode:
      • Provides protection primarily for upper-layer protocols.
      • Examples include a TCP or UDP segment or an ICMP packet.
      • Typically used for end-to-end communication between two hosts.
    • Tunnel Mode:
      • Provides protection to the entire IP packet.
      • Used when one or both ends of a security association (SA) are a security gateway.
      • A number of hosts on networks behind firewalls may engage in secure communications without implementing IPsec.### Malicious Software
    • Malware is a program that is inserted into a system to compromise the confidentiality, integrity, or availability of the victim's data, applications, or operating system.
    • Malware can be classified based on how it spreads or propagates through an information system environment.

    Malware Taxonomy

    • The NCSC approach to classifying malware considers the following dimensions:
      • Host dependent or independent
      • Persistent or transient
      • Where it installs itself
      • How it is triggered
      • Static or dynamically updated
      • Act alone or coordinated attack

    Malware Types

    • Virus: a piece of software that infects programs, modifies them to include a copy of the virus, and replicates and goes on to infect other content.
    • Worm: a program that actively seeks out more machines to infect and each infected machine serves as an automated launching pad for attacks on other machines.
    • Rootkit: a type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.
    • Trojans: a type of malware that disguises itself as a legitimate program.
    • Spyware: a type of malware that monitors and collects information about a user's activities without their consent.
    • Adware: a type of malware that displays unwanted advertisements.

    Malware Components

    • Infection mechanism: the means by which a virus spreads or propagates.
    • Trigger: the event or condition that determines when the payload is activated or delivered.
    • Payload: what the virus does (besides spreading).

    Malware Classifications

    • By targets: boot sector infector, file infector, macro virus, multipartite virus.
    • By concealment strategy: encrypted virus, stealth virus, polymorphic virus, metamorphic virus.

    Malvertising

    • Places malware on websites without compromising them.
    • Uses malicious ads to infect visitors to the targeted websites.

    Clickjacking

    • Also known as a user-interface (UI) redress attack.
    • Uses a similar technique to hijack keystrokes.
    • Vulnerability used by an attacker to collect an infected user's clicks.

    Social Engineering

    • "Tricking" users to assist in the compromise of their own systems.

    Macro and Scripting Virus

    • Infects scripting code used to support active content in a variety of user document types.
    • Threatening because they are platform-independent, infect documents, and are easily spread.

    Active Content Virus

    • Active content refers to dynamic objects that do something when the user opens a webpage.
    • Has potential weaknesses that malware can exploit.

    Worm Technology

    • Multi-platform: worms are not operating system specific.

    • Multi-exploit: worms penetrate systems using a variety of methods.

    • Ultrafast spreading: exploits various techniques to optimize the rate of spread of the worm.

    • Polymorphic: to evade detection, worms adopt the virus polymorphic technique.

    • Metamorphic: in addition to changing their appearance, metamorphic worms have a collection of behavior patterns that are unleashed at different stages of propagation.

    • Zero-day exploit: to achieve maximum surprise and distribution, a worm should exploit an unknown vulnerability that is only discovered by the general network community when the worm is launched.### Types of Malware

    • Memory-based malware: Has no persistent code, survives only in memory, and cannot survive a reboot, making it hard to detect.

    • User mode malware: Intercepts API calls and modifies returned results.

    • Kernel mode malware: Intercepts native API calls in kernel mode, can hide malware process presence, and remove it from the kernel's list of active processes.

    • External mode malware: Located outside the normal system operation, in BIOS or system management mode, allowing direct hardware access.

    Payload Classifications

    • System Corruption: Causes damage to physical equipment, such as Stuxnet worm, targeting specific industrial control system software.
    • Attack Agents (Bots): Takes over another internet-connected computer, using it to launch or manage attacks, creating a botnet capable of coordinated actions.
    • Remote Control Facility: Implements remote control using an IRC server, allowing bots to join a specific channel and receive commands.
    • Information Theft (Keyloggers and Spyware): Captures keystrokes to monitor sensitive information, or subverts the compromised machine to monitor system activity.
    • Information Theft (Phishing): Exploits social engineering, masquerading as a trusted communication, to capture login credentials.
    • Stealthing (Backdoor): A secret entry point into a program, allowing an attacker to bypass security access procedures.
    • Stealthing (Rootkit): A set of hidden programs, giving an attacker administrator privileges, allowing them to add/remove programs, monitor processes, and access the system.

    Malware Countermeasures

    • Prevention: The ideal solution to malware threats, involving policy, awareness, vulnerability mitigation, and threat mitigation.
    • Detection, Identification, and Removal: Technical mechanisms used to support threat mitigation options.

    Generations of Anti-Virus Software

    • Multiple generations of anti-virus software: Developed to combat evolving malware threats.

    Web Application Attacks

    • OWASP Top 10: A standard awareness document for developers and web application security, highlighting critical security risks.
    • Security Flaws: Include handling program handling, buffer overflow, injection flaws, cross-site scripting, and improper error handling.
    • CWE/SANS Top 25 Most Dangerous Software Errors: A list of poor programming practices causing the majority of cyber attacks.

    Software Security, Quality, and Reliability

    • Software quality and reliability: Concerned with accidental program failures, improved through structured design and testing.
    • Software security: Triggered by unusual inputs, rarely identified by common testing approaches.

    Handling Program Input

    • Unvalidated input: A common failing in web application security, leading to vulnerabilities.
    • Program input interpretation: May be binary or text, requiring care to identify character sets and encoding.

    SQL Injection Attacks

    • SQL injection attacks: Exploit web application pages, inserting or "injecting" a SQL query via input data.
    • Attack goals: Include bulk data extraction, modifying database data, executing administration operations, and recovering file system content.

    XML External Entity Processing

    • XML external entity injection attack: Accepts data from the client without validation, allowing tampering with an existing XML page and parsing different commands.

    Cross-Site Scripting (XSS) Attacks

    • XSS attacks: Use the web server to attack the client side, injecting code fragments into input fields.
    • Types of XSS attacks: Include persistent, reflected, and DOM-based XSS attacks.

    SQL Injection Techniques

    • Tautology: Injects code into conditional statements to always evaluate to true.
    • End-of-line comment: Nullifies legitimate code using end-of-line comments.
    • Piggybacked queries: Adds additional queries to the intended query.
    • Inferential attack: Reconstructs information by observing the website's behavior.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    sodapdf-merged (7).pdf

    Description

    This quiz covers security controls, application layer controls, host to host/transport layer controls and network layer security in the context of cyber security. It is part of the 6COSC019W course at the University of Westminster.

    More Like This

    Use Quizgecko on...
    Browser
    Browser