DNS and SSL/TLS Security Fundamentals

Questions and Answers

PDF Questions PDF Answers

What is the term used for redirecting a victim to a malicious site by corrupting name resolution?

Pharming

What is the primary purpose of a Denial of Service (DoS) attack?

To prevent users from contacting legitimate services.

What is DNS server cache poisoning?

It involves spoofing responses to DNS queries by exploiting weak transaction ID generation.

What security measure is utilized to keep data private while transiting the public network?

Secure tunnel

What is the function of IPsec in networking?

It provides network layer security that is application-independent.

What is the maximum tolerable downtime (MTD)?

It is the period that a function can be unavailable.

What is a site-to-site VPN?

A VPN that connects two private networks through VPN routers across the Internet.

What does the term 'typosquatting' refer to?

Registering domains that are very similar to a victim's domain.

Study Notes

Domain Name Service (DNS) Security

• Resolves host names and domain labels to IP addresses.
• Pharming is used to redirect victims to a malicious site by corrupting DNS resolution.
• DNS server cache poisoning results from spoofing responses to queries by exploiting weak transaction ID generation in DNS servers.
• Cybersquatting is taking over a company's legitimate domain.
• Typosquatting involves registering domains that are very similar to a victim's domain.

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

• SSL/TLS is used with TCP applications (notably HTTPS over port 443).
• PKI digital certificates are used to identify a host during authentication.
• SSL/TLS accelerators offload cryptographic calculations to a dedicated processor.

Hyper Text Transport Protocol (HTTP) and File Transfers

• HTTP is a protocol that enables clients to request files from a server (port 80).
• HTTP Payload consists of HTML web pages and associated binary files.
• SFTP allows FTP to be run over SSH on port 22.

Risk Management & Network Security

• Quantitative approach assigns concrete values to risk factor likelihood and impact.
• Risk mitigation is the overall process of reducing exposure to or the effects of risk factors.
• Maximum Tolerable Downtime (MTD) is the period that a function can be unavailable.
• Recovery Time Objective (RTO) is the time to bring a system back online.

Virtual Private Networks (VPNs)

• Secure tunnel is used to keep data private while transiting the public network.
• Site-to-site VPN connects two private networks by VPN routers across the internet.
• Internet Protocol Security (IPSec) provides network layer security---which is application-independent.
• Tunnel mode encrypts the original IP header and replaces it with another.
• IKE is used to handle authentication and key exchange/agreement (Security Associations).
• VPN concentrators are positioned at the network edge, protected by a firewall/DMZ configuration.
• Split tunnel occurs when the client accesses the internet directly using its "native" IP configuration and DNS servers.

Web Applications and Media Transfer

• Secure Shell (SSH) facilitates remote administration with public key cryptography security.
• Simple Mail Transfer Protocol (SMTP) routes mail between servers.
• Media gateway allows VoIP calls to be placed to the telephone network.

Cloud Computing

• Rogue VMs refer to system sprawl and undocumented assets.
• Cloud Computing consists of an IT infrastructure that provides on-demand resources over the network/internet.
• Sites can be categorized as hot, warm, or cold.

Description

This quiz covers key concepts related to Domain Name Service (DNS) security, including pharming, cache poisoning, and cybersquatting. Additionally, it explores Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, their application in securing communications, and the importance of PKI digital certificates. Test your knowledge on these critical topics in internet security.