Cybersecurity Fundamentals Quiz

Questions and Answers

What is the primary function of a packet sniffer?

To create firewalls for data protection

To capture network packets for analysis (correct)

To authenticate users on a network

To encrypt data during transmission

Which of the following protocols is NOT vulnerable to sniffing?

SMTP (Simple Mail Transfer Protocol)

Telnet

HTTPS (Hypertext Transfer Protocol Secure) (correct)

FTP (File Transfer Protocol)

What tactic can be employed against replay attacks?

Implementing firewalls

Data encryption

Conducting regular security audits

Using a time stamp (correct)

Which of the following best protects data integrity against attacks like the Birthday Attack?

Hashing functions

What do certification authorities primarily manage?

Public key infrastructure and digital certificates

What is the primary concern when Host C broadcasts a request for Host A's IP address?

An ARP poisoning attack may occur.

Which MAC address is associated with Host A in the ARP reply shown?

10-A7-C4-55-E3-06

In the case of ARP poisoning, what could happen if Host A performs an explicit check for conflicts?

An IP conflict could occur due to multiple MAC addresses.

What happens if Host B does not broadcast a request in response to Host C's ARP request?

There is no conflict resulting from Host C's actions.

What is indicated by the presence of the same IP address with two MAC addresses?

An IP conflict situation.

What is required for a Network Interface Card (NIC) to capture all network traffic?

It must support promiscuous mode

Which type of network device allows users to see all traffic on the network?

Hub

What information must be transmitted in clear text for a packet sniffer to capture it?

Authentication data

What type of information can Wireshark provide during network analysis?

Live connection monitoring

What limitation is associated with sniffers when deployed in edge computing scenarios?

They are difficult to deploy

What is the primary functionality of dSniff in network auditing?

Extracting information from various application protocols

Which packet analysis tools can be used for forensic-level information gathering?

dSniff, Ettercap, and Wireshark

What must a capturing system be aware of to provide detailed forensic analysis?

The protocols being used

What is the purpose of ARP poisoning in the context provided?

To alter the MAC address associated with an IP address.

Which host has the MAC address 00-E0-2B-13-68-00?

Host B

What IP address is associated with the attacking machine in the ARP spoofing scenario?

192.168.1.121

In a switched network, what determines how the switch forwards traffic?

MAC address

What is the function of unsolicited ARP responses in ARP poisoning?

To send misleading MAC address information.

Which IP address is associated with the MAC address 10-A7-C4-55-E3-06?

10.10.0.29

What type of ARP attack involves spoofing the MAC address of another host?

ARP Spoofing

What effect does ARP spoofing have on network communication?

It diverts traffic to the attacker's device.

What is the primary function of ARP in a switched network?

To map IP addresses to MAC addresses

Which device is identified as the attacking machine in the scenario?

192.168.1.121

What happens after the ARP spoofing attack is executed?

Target machines communicate directly with the attacker

Why is it important for the router to know the attacking machine's MAC address in this context?

To correctly route packets to the attacker

How do modern routers defend against ARP spoofing attacks?

By utilizing network layer analysis

What role does the switch play in this ARP spoofing scenario?

It forwards packets based on MAC addresses.

What is the purpose of ARP replies in the ARP spoofing process?

To corrupt the ARP cache of target devices

Which part of the network does ARP operate in?

Data link layer

Study Notes

Encryption to Protect Privacy

• Key Management Issues: Certification Authority or Diffie-Hellman Key Exchange are methods used for key management.

Hashing to Protect Integrity

• Protects against Birthday Attacks, which aim to find collisions in hash functions.

Spoofing and MITM Attacks

• Spoofing and Man-in-the-Middle (MITM) attacks are methods used by attackers to impersonate legitimate users or intercept communications.

Time Stamp against Replay Attacks

• Time stamps can be used to ensure that messages are 'fresh' and not replays of previous messages.

Protocols Vulnerable to Sniffing

• Telnet (port 23), FTP (port 21), POP3 (port 110), IMAP (port 143), NNTP (port 119), SMTP (port 25), and HTTP (port 80) are vulnerable to sniffing because they lack data encryption.

Packet Sniffers

• Packet sniffers are hardware devices or software utilities that capture network packets.
• They exploit information transferred in clear text.

Limitations of Packet Sniffing

• Packet sniffers only capture traffic that they can see.
• They can see all traffic on a hub, but only traffic to or from a device on a switch.
• Wireless networks behave like hubs.
• Sniffers are difficult to deploy in edge computing scenarios.
• The Network Interface Card (NIC) needs to support promiscuous mode to see all traffic, not just traffic to or from itself, requiring administrator privilege.
• Private information must be in clear text to be captured.
• Capturing systems must be application aware to provide comprehensive forensic information.

What is in a Packet?

• Packets contain source and destination MAC addresses, email contents, web addresses, authentication information, and personal and financial information.
• Packet analyzers such as dSniff, Ettercap, Wireshark, and Kismet are used to analyze these packets.

dSniff

• A collection of tools used for network auditing and penetration testing.

Ettercap

• A comprehensive suite for man-in-the-middle attacks: sniffing live connections, filtering content, and network and host analysis.

Password Capture

• Wireshark, dSniff, and Ettercap can be used to capture passwords.

Wireshark

• Wireshark can be used to analyze packets, including ARP replies.

ARP Poisoning via Broadcast Request

• An attacker can spoof an ARP request by sending a broadcast response with a fake MAC address, allowing them to intercept communications between two devices without their knowledge.

ARP Poisoning via Request Response

• An attacker can send unsolicited ARP replies to both devices, claiming to have the MAC address of the other device, effectively redirecting traffic through themselves.

ARP Poisoning via Unsolicited Response

• An attacker can send unsolicited ARP responses to both devices, claiming to have the MAC address of the other device, effectively redirecting traffic through themselves.

ARP Spoofing - Switched Network

• An attacker can spoof ARP replies on a switched network to make the switch send traffic to the attacker instead of its intended destination.
• The attacker can then redirect traffic intended for specific devices or completely block communication between those devices.

Description

Test your knowledge on key concepts of cybersecurity including encryption methods, hashing for integrity, and vulnerabilities to attacks like spoofing and MITM. This quiz covers essential topics necessary to understand protections against various cyber threats.