Network and Distributed Systems Security

Questions and Answers

What is the primary function of a network?

• To provide power to devices
• To isolate devices from external threats
• To store data securely
• To connect two or more devices for communication (correct)

Which of the following describes a potential vulnerability in data communications?

• Data is compressed for faster transfer
• Data travels on a wire or wirelessly (correct)
• Data is stored on a secure server
• Data is encrypted before transmission

What is 'packet sniffing' in the context of network security?

• Combining multiple packets into one
• Examining each packet as it goes by (correct)
• Securing packets using encryption
• Compressing packets for faster transmission

Which of the following best describes the vulnerability associated with 'radiation' in network transmission?

Wires radiate signals that an intruder can read through inductance (C)

Which type of cable is difficult to tap without being detected?

Optical fiber (B)

Why are microwave communications more accessible to outsiders?

Broadcast through the air (A)

What is a key weakness of satellite communication regarding security?

A wide broadcast footprint (C)

What is the primary function of a MAC address?

Unique identifier for a network interface card (B)

What does the term 'eavesdropping' refer to in network security?

Interception of communications (D)

What is a Denial of Service (DoS) attack?

An attempt to defeat availability (A)

What does a 'Smurf attack' involve?

Spoofing the victim's address and sending ping packets in broadcast mode (C)

In a SYN flood attack, what is the attacker primarily trying to do?

Fill the SYN_RECV queue (C)

What is the main goal of a 'teardrop' attack?

Cause the recipient's operating system to lock up (C)

What are compromised machines in a DDoS attack often called?

Bots or zombies (B)

What is a 'botnet'?

Networks of bots (D)

What is wiretapping?

Intercept communications. (B)

What does 'inductance' allow an intruder to do?

To steal data from a wire without physical contact (C)

What is impersonation in network security?

Pretending to be someone or something (B)

Which of the following is an example of a message integrity violation?

Changing the content of a message (D)

What is one reason why networks have security problems?

Anonymity - attacker can mount an attack without touching the system (D)

A network always involves a single client interacting with a single server.

False (B)

Data communications are only vulnerable when transmitted wirelessly.

False (B)

Optical fiber cables are easily tapped without detection using inductance.

False (B)

A MAC address is a unique identifier for a network interface card.

True (A)

Wires do not radiate signals, making them secure from eavesdropping.

False (B)

Microwave transmissions are harder to intercept than cable transmissions.

False (B)

Satellite communication signals are only accessible to the intended receiver.

False (B)

In a sequencing attack, packets arrive in the correct order.

False (B)

Eavesdropping and wiretapping are forms of interception.

True (A)

SSID is a string to identify a wired access point.

False (B)

Losing network services is called Denial of Service.

True (A)

A smurf attack directly uses the attacker's IP address.

False (B)

In a SYN flood attack, the attacker's identity is easily traced.

False (B)

DDoS attacks are difficult to launch.

False (B)

Data corruption can only be caused by hackers.

False (B)

A 'botnet' is a network of compromised computers used to launch attacks.

True (A)

A replay attack involves legitimate data being intercepted and reused.

True (A)

Routing always follows a single, predetermined path in a network.

False (B)

Impersonation involves pretending to be someone else.

True (A)

In link encryption, data is decrypted only at the final destination.

False (B)

What is a common contributor to security problems in organizations?

Low awareness of security problems (C)

What can result because of lack of unique responsibility for a network resource?

Neglect and increased susceptibility to security breaches (B)

What can be the consequence of not having audit trails in place?

Difficult to trace security incidents (A)

Which of the following is considered an environmental attack on network systems?

Power outages (B)

What's a potential risk of using software that's poorly designed or inadequately tested?

Vulnerabilities that can be exploited (C)

How does the high portability of devices impact security?

Expands the attack surface (A)

What is a risk that can arise from combining multiple duties for one individual without proper segregation?

Increased risk of insider threats (D)

Which the following is a class of security measures?

Issues Addressed by Procedures for Use (C)

What is the purpose of policies for user authentication and access control?

To mitigate human errors (B)

Why should users not leave printers unattended when printing sensitive output?

To prevent unauthorized access (A)

What is the purpose of securing equipment housing hardware components?

To prevent physical access by the unauthorized (C)

What do software controls involve for security?

Deploying security features in software (A)

What should users do regarding software and potential threats?

Utilize software with a full understanding of its potential threats (A)

Why is securing a Wide Area Network (WAN) complicated?

Due to distance and size (C)

What can the distributed nature of ownership in WAN deployments lead to?

Challenges in defining consistent security policies (A)

What is a key feature of an incident handling plan?

Users should know what is suspicious behavior and to whom to report it (B)

What is the purpose of the CRACK tool?

To check password strength (C)

What does Tripwire monitor?

Changes in critical system files (D)

What is the main purpose of COPS?

To evaluate the security posture of UNIX-based systems (C)

What does SATAN do?

Analyzes network security (B)

Low awareness of security problems is a contributor to security challenges.

True (A)

Unique responsibility for security ensures collective diffusion of accountability.

False (B)

Audit trails hinder effective threat detection.

False (B)

Environmental attacks can compromise data integrity and network security.

True (A)

Regular backups decrease the risk of data loss in the event of system failures.

False (B)

There are four classes of security measures.

False (B)

Security measures encompass issues addressed by procedures for use.

True (A)

Leaving printers unattended reduces the risk of unauthorized access to printed documents.

False (B)

Practices such as separation of authority should be implemented to centralize responsibilities.

False (B)

Security boards provide additional layers of protection.

True (A)

Hardware controls are aimed to disregard critical assets.

False (B)

It is recommended to use software from dubious sources.

False (B)

Wide Area Networks (WAN) are harder to secure due to distance and size.

True (A)

COPS is a collection of password cracking tools.

False (B)

System administrators should develop an incident handling plan.

True (A)

Tripwire is a tool to use before a suspected penetration.

False (B)

CRACK can identify users with weak passwords.

True (A)

SATAN is a collection of network analysis tools.

True (A)

The Computer Emergency Response Team was created by the US Department of Energy.

False (B)

Security planning starts with risk analysis.

True (A)

Flashcards

What is a network?

Two devices connected by hardware and software for communication.

What is packet sniffing?

Examining each packet as it goes by in a network.

What is radiation in network security?

Wires radiate signals readable by an intruder.

What is cable splicing?

Cutting and splicing a cable to receive a copy of the data.

What is a MAC address?

A physical address of a network interface card.

What is a network protocol?

A language or set of conventions for two computers to interact.

What is routing?

Direct traffic on a path that leads to a destination.

What is a port?

A number associated with an application program.

What is a replay attack?

Illegitimate data is intercepted and reused.

What is interruption?

Loss of service or Denial of Service.

What is a SYN flood attack?

Victims filling their SYN_RECV queue.

What is a Teardrop attack?

Sending overlapping fragments of data that cannot be reassembled.

What is traffic redirection?

Misleading routers for disrupting network communication.

What are botnets?

Networks of bots, are used for massive DoS attacks.

What is Denial of Service?

Preventing any part of a telecommunications system from functioning.

What is link encryption?

Data is encrypted just before being placed on physical communication links.

What is end-to-end encryption?

Provides security from one end of a transmission through the other.

What is KDC in Kerberos?

A trusted Key Distribution Center to authenticate users and services.

What is Kerberos?

A central server provides authenticated tokens.

What is hacking?

A series of actions attacking weaknesses in a computer system.

What is cable interception?

Signals in ethernet or other local networks are vulnerable to interception.

What is Microwave communication?

Broadcast through the air, making them more accessible to outsiders.

What is a Botnet?

A network of compromised computers controlled by a malicious actor.

What is wiretapping?

The unauthorized interception of communications, such as phone calls, emails, or network traffic.

What is Impersonation?

A security threat where an attacker pretends to be someone else.

Message Confidentiality Violation

When data is accessed by unauthorized individuals

Message Integrity Violation

The process of altering or corrupting transmitted data.

Low Awareness of Security Problems

Misconception that security is simple. This underestimates implementing robust measures.

No Unique Responsibility

Multiple users sharing resources diffuses responsibility, causing neglect.

No Audit Trails

Lacking mechanisms that hinders threat detection and response.

Environmental Attacks

Vulnerability exists through power outages, natural disasters and hardware theft.

No Backups

Leads to data loss during system failures, malware attacks.

Amateur Quality Software

Vulnerabilities & bugs exploited by malicious actors that pose a significant security risk.

High Portability

Portable devices and remote access expand the attack surface.

Combination of Duties

Increases insider threats, conflicts, and unauthorized access.

Procedures for Use

User authentication, access control, data handling, and incident response.

Issues Addressed by Hardware Controls

Physical hardware secured to prevent unauthorized access.

Issues Addressed by Software Control

Security software prevents, detects and mitigates security risks.

CRACK

Collection of password checking tools to assess password strength.

Tripwire

IDS monitoring critical files & alerting administrators to changes.

COPS

Assess security posture of UNIX systems by identifying potential flaws.

SATAN

Scans networks for vulnerabilities and misconfigurations to prevent attacks.

Off-site Backup

Process of backups and storing data at an offsite location to ensure data integrity.

Networked Storage

Offers storage space remotely, separating physical location of storage.

Hot Site

Facility to install/operate a computing system to ensure minimal downtime.

Usefulness

A clear, concise and direct policy to prevent being implemented incorrectly.

Revolving Backups

Maintaining backups while replacing the oldest with new ones.

Low awareness

Misconception using a calculator: Underestimating complexity, thus risking sensitive information.

Secure physical equipment

Securing hardware prevents unauthorized physical access to vital components

Incident Handling Plan

Developing an incident handling plan to address suspicious behavior for system administrators.

Risk analysis

A process to determine exposures, improve bases for decisions and their likely harm:

Security Plan

A document describing how an organization addresses its security needs.

Security Policy Considerations

Key considerations, defining rules, standards for protecting assets, managing risks, and compliance.

Cold Site

A facility with power and cooling but requiring you to install all hardware and software.

File Copy

A backup that make a copy of all or part of a file to assist in recovering lost data.

Selective Backup

Save only the files that have been modified or created since the last backup.

Security policy breadth

A security policy must be sufficiently broad to accommodate new situations or scenarios.

Security policy durability

Policies must adapt over time for continued relevance to meet evolving needs and challenges.

Security Planning: Six Issues

Security plans must address six key issues.

Policy Realism

Ensure stated security requirements can be realistically implemented.

Complete Backup

Perform periodic backups of entire system, ensuring all data is securely stored.

System Admin Responsibility

Each system administrator is responsible for developing an incident handling plan.

Study Notes

Chapter Outline

• This chapter addresses why administering security is important
• The chapter also covers elements to know as an information security officer

Contributors to Security Problems

• Low awareness of security problems, like underestimating the complexity
• No unique responsibility when users share resources
• No audit trails to track user activities and system events
• Environmental attacks targeting physical infrastructure
• No backups of critical data increases risk of data loss
• Amateur quality software introduces vulnerabilities
• High portability of devices expands attack surface
• Combination of duties increases insider threats

Security Measures

• Three classes of security measures exist, including procedures for use, hardware controls, and software controls

Issues Addressed by Procedures for Use

• Implementing policies for user authentication, access control, data handling, and incident response
• Instructing users not to leave PCs unattended in exposed environments
• Advising users not to leave printers unattended when printing sensitive output
• Securing media containing sensitive information
• Performing regular backups of critical data and system configurations
• Implementing separation of authority

Issues Addressed by Hardware Control

• Securing equipment housing sensitive hardware components to prevent physical access
• Using add-on security boards or modules for protection like hardware-based encryption
• Examples include biometric authentication, smart cards, locks, and surveillance cameras
• Controls safeguard assets, infrastructure, and resources from physical threats

Issues Addressed by Software Control

• Deploying software controls within applications, OS, and network devices
• Using software with full understanding of threats, awareness of vulnerabilities ,and safe usage guidelines
• Avoiding software from dubious resources
• Being cautious of results from software applications
• Maintaining periodic backups of all system resources

Network Security Management

• Securing a Wide Area Network (WAN)
• Distance and Size: Managing infrastructure due to vast geographical spread
• Distance and Size: Distance impacting performance and security
• Distance and Size: Requires planning and coordination to protect entire infrastructure
• Insiders and Outsiders: Distinguishing between legitimate and unauthorized users due to diversity
• Insiders pose potential risks intentionally or unintentionally
• Outsiders include hackers, cybercriminals who probe for vulnerabilities
• Ownership and Responsibility: WANs involve multiple stakeholders with different roles
• The distributed nature of ownership can cause challenges in consistent policy enforcement
• Establishing clear lines of ownership and communication is essential

Elements to consider when administering network security

• Architecture (structure, connectivity, permissions, backups)
• Host (software versions, accounts)

Network Security Management - Incidents

• Each system administrator should develop an incident handling plan
• Users should know what is suspicious behavior and who to report it to
• The administrator should have a management contact list in emergencies.
• Management should have decided on action for an attack like close operations
• Have means to notify users

Network Security Management - Tools:

• CRACK is a collection of password checking tools
• Tripwire is a tool to use after a suspected penetration
• COPS is a set of programs that check important system files, user configurations
• SATAN is a collection of network analysis tools

Network Security Management - CRACK

• CRACK is designed to assess strength and security of user passwords
• Administrators run the tool against a password file or database
• It employs dictionary-based, brute-force, and rule-based attacks
• Analyzing results from crack will let admins identify users with weak passwords

Network Security Management - Tripwire

• Tripwire is an Intrusion Detection System IDS, that monitors and alerts administrators to changes in critical system files, directories, and configurations
• After a suspected penetration or security breach, administrators can conduct a post-incident analysis
• Comparing current system states with baseline configurations stored in a secure database detects unauthorized modifications, file tampering.
• Administrators can use Tripwire's reporting and alerting features to investigate activities, identify security incidents, and take appropriate actions.

Network Security Management - COPS

• COPS (Computer Oracle and Password System) is a set of programs designed to assess and evaluate the security posture of UNIX-based systems.
• COPS checks important system files, user configurations, permissions settings, and other critical parameters to identify potential security flaws or weaknesses that could contribute to undesirable events.
• To use COPS, administrators typically run the tool on target systems to perform security audits and vulnerability assessments.
• COPS generates detailed reports listing security issues, misconfigurations, and vulnerabilities discovered during the assessment, allowing administrators to prioritize remediation efforts and strengthen the overall security of the system.

Network Security Management - SATAN

• SATAN (Security Analysis Tool for Auditing Networks) is a collection of network analyses tools designed to audit and assess the security of networked systems and services
• To use SATAN, administrators deploy the tool to scan networked host, servers, and services for potential security vulnerabilities, misconfigurations, and weaknesses.
• SATAN performs various security test and checks against target systems including port scanning, service enumeration, version detection, and vulnerability identification.
• Administrators can analyze the results generated by SATAN to identify security gaps, prioritize remediation efforts, and implement appropriate security measures to protect against potential threats and attacks.

Computer Emergency Response Team

• CERT was formed because the Internet worm incident exposed no central source of information for security incidents involving Internet hosts.
• The U.S. Department of Defense established CERT at the Software Engineering Institute at Carnegie Mellon University.
• CERT monitors reports of incidents and security flaws, helps manufacturers, develops fixes to security problems and issues notices of problems and solutions

Risk Analysis

• Security planning begins with risk analysis.
• Risk analysis determines the exposures and their potential harm.
• Reasons to perform risk analysis: improve awareness, identify assets and vulnerabilities, improve basis for risk decisions, and justify security expenditure

Risk Analysis - Steps

• Identify assets
• Determine vulnerabilities
• Estimate likelihood of exploitation
• Compute expected annual loss
• Survey applicable controls and their costs
• Project annual savings of control.

Security Planning

• A security plan describes how an organization will address its needs.
• The plan is subject to revision as changes in requirements happen

Six Issues Security Plans must Address

• Policy
• Current state
• Recommendations and requirements
• Accountability
• Timetable
• Continuing attention

Security planning - Policy

• A policy defines the overarching security policies and principles which guide an organization's method to security
• This includes rules, standards, and guidelines for protecting assets as well as managing risks and compliance
• The policy statement addresses who should be allowed access, what resources, and how should access be regulated

Security Planning - Current Security Status

• Risk analysis can form the basis of a description of the current security status.
• The assessment will include existing security measures, controls and practices (listing the assets of the organization, security threats to the assets and the controls in place to protect the assets).

Security Planning - Recommendations and Requirements

• The heart of the security plan is action that will be taken.
• Create recommendations for enhancing security and specify requirements for implementing new security measures, controls, and protocols to address identified risks and vulnerabilities.
• Include requirements are being imposed and over what period they are being instituted.
• Plans must be extensible over time

Security Planning - Responsibility for Implementation

• Define roles, responsibilities, and accountability mechanisms for personnel involved in security management and enforcement
• Assign responsibilities for implementing security measures, monitoring compliance, and responding to security incidents
• All individuals will understand what can be done and who to coordinate with.

Security Planning - Timetable

• Develop a timetable for implementing the recommended security measures, set deadlines and milestones
• If the controls are expensive or complicated, they may be acquired and implemented

Security Planning - Continuing Attention

• Establishing an evaluation and review date of the security situation that includes regular reviews, updates, and revisions to the security plan to adapt to evolving threats, changes in the organization's environment, and emerging security challenges
• The security plan should arrange periodic reviews.

Contingency Planning - Backup

• Includes copying all or part of a file for recovering data loss
• It requires performing periodic backups of the entire system in storage.
• Maintain a rotating set of backups, retaining recent backups
• Save only the files have been modified or created since the last backup

Off- site Backup

• Requires taking completed backups and physically transporting it to designated locations
• Reduces data loss if primary systems are damaged

Networked Storage - Contingency planning

• Services offer storage space data remotely.
• Ideal for backing up critical data, as you can select a storage provider whose physical location is separate from your processing facility.
• Ensures data integrity and availability if backups are separated.

Cold Site - Contingency planning

• Facility with power and cooling infrastructure to install systems for operations
• Some use their facilities while others lease from disaster recovery providers
• Organizations restore operations at a cold site within a week

Hot Site - Contingency Planning

• Facilities are equipped with a fully operational computing system, telecommunications lines, power supplies, trained personnel.
• Utilized for mission-critical applications needing minimal downtime
• Can be owned by leased from the organization or disaster recovery providers
• Activation of a hot site requires loading software and data from offsite backup sources

Good Security Policy - Coverage

• The security policy must be comprehensive
• It should also be sufficiently broad to accommodate new situations as they may arise

Good Security Policy - Durability

• Durability is necessary to adapt policies over time.
• Policies must be flexible to changes over time.
• However, it should be amendable overtime to effectively address new conditions

Good Security Policy - Realism

• The policy must be realistic, stated security requirements have to be feasible to implement with current tech
• The implementation should practically benefit users in terms of saving time ,cost-effectiveness, and convenience.

Good Security Policy - Usefulness

• The usefulness of a security policy hinges on its clarity and comprehensibility.
• Policies are obscure if it is discarded if incorrectly
• Written in a way that can be understood and followed that must be concise and direct.