Questions and Answers
Match the following security-enhanced application protocols with their respective base protocols:
FTPS = FTP HTTPS = HTTP SMTPS = SMTP DNSSEC = DNS
What are the two primary applications of IPSec mentioned in the content?
Secure branch office connectivity over the Internet and secure remote access over the Internet.
What benefits does IPSec provide according to the content?
Both a and b
IPSec can assure that a router or neighbor advertisement comes from an authorized source.
Signup and view all the answers
In IPSec, SA uniquely identified by ______.
Signup and view all the answers
Match the IPSec protocols with their descriptions:
Signup and view all the answers
What are some examples of passive attacks? (Select all that apply)
Signup and view all the answers
How can passive attacks be defended against?
Signup and view all the answers
What best describes active attacks?
Signup and view all the answers
Spoofing attack involves successfully imitating another person or program.
Signup and view all the answers
What is the purpose of the Sequence Number in TCP?
Signup and view all the answers
How often does the RFC suggest incrementing the Initial Sequence Number (ISN)?
Signup and view all the answers
What is DNS spoofing?
Signup and view all the answers
What is the purpose of cookies set by web servers?
Signup and view all the answers
What can malicious scripts in interactive web sites potentially do?
Signup and view all the answers
What is IP spoofing?
Signup and view all the answers
What is DNS spoofing?
Signup and view all the answers
What is URL spoofing/Webpage phishing?
Signup and view all the answers
What is session hijacking in network security?
Signup and view all the answers
What group of users was TCP/IP initially designed for?
Signup and view all the answers
What does ARP spoofing involve?
Signup and view all the answers
Why are IP packets vulnerable to interception?
Signup and view all the answers
What is the purpose of IP security (IPSec)?
Signup and view all the answers
Study Notes
Network Security
- Network security is a crucial aspect of today's highly networked world, focusing on internet and intranet security (TCP/IP-based networks).
- It involves protecting against attacks that use security holes in the network protocol and their defenses.
Security Services
- Confidentiality: ensuring data is only accessible to authorized parties.
- Authentication: verifying the identity of users or devices.
- Integrity: ensuring data is not modified or tampered with.
- Non-Repudiation: ensuring a sender cannot deny sending a message.
- Access Control: controlling access to resources.
- Availability: ensuring data is accessible and usable.
Network Security Model
- Trusted third-party model: involves a trusted third party to provide security services.
Types of Attacks
- Passive attacks:
- Listening to the network and making use of the information without altering it.
- Examples: passive wiretapping, traffic analysis.
- Active attacks:
- Threatening the integrity and availability of data being transmitted.
- Examples: modifying, extending, deleting, or playing back data.
- Denial of Service (DoS) attacks:
- Preventing authorized access to resources.
- Examples: email bombing, smurf attacks, distributed denial of service attacks.
Spoofing Attacks
- Spoofing: successfully imitating another person or program by falsifying data.
- Examples: IP spoofing, DNS spoofing, URL spoofing/webpage phishing.
Session Hijacking
- Hijacking a TCP connection between a client and a server.
- Exploiting the clear transmission of information to hijack the session.
TCP/IP Networks and Vulnerabilities
- TCP/IP was designed for use by a trusted group of users, but it is now used by various people.
- The protocols are not designed to withstand attacks, and vulnerabilities can be exploited by attackers.
Link Layer: ARP Spoofing
- ARP (Address Resolution Protocol) spoofing: sending fake ARP requests to manipulate the ARP cache.
Network Layer: IP Vulnerabilities
- IP packets can be intercepted and modified.
- IP packets are not protected, and they can be easily read or modified.
- IP packets are not authenticated, making them vulnerable to traffic analysis attacks.
Network Layer: IP Security (IPSec)
- IPSec is a set of security algorithms and a general framework that allows communicating entities to use various algorithms for security.
- IPSec provides confidentiality, authentication, and integrity of data.### IPSec Applications
- Secure branch office connectivity over the Internet
- Secure remote access over the Internet
- Establishing extranet and intranet
Benefits of IPSec
- Transparent to applications (below transport layer)
- Provide security for individual users
IPSec Assurance
- Ensures that router or neighbor advertisements come from an authorized router
- Ensures that redirect messages come from the router to which the initial packet was sent
- Ensures that routing updates are not forged
IPSec Services
- Access control
- Integrity
- Data origin authentication
- Rejection of replayed packets
- Confidentiality (encryption)
IPSec Security Associations (SA)
- One-way relationship between a sender and a receiver that provides security services
- Uniquely identified by:
- Security Parameters Index (SPI)
- AH: Authentication Header (Authentications)
- ESP: Encapsulating Security Payload (both authentication and confidentiality)
- IP Destination address in the IPv4/IPv6 header
IPSec Modes
- Transport mode: protection for upper-layer protocols (TCP, UDP)
- Tunnel mode: protection for the entire IP packet
IPSec Encryption and Authentication
- Provides authentication, confidentiality, and key management at the level of IP packets
- IP-level authentication is provided by inserting an Authentication Header (AH) into the packets
- IP-level confidentiality is provided by inserting an Encapsulating Security Payload (ESP) header into the packets### Transport Layer: TCP
- The Sequence Number is a monotonically increasing 32-bit counter that provides an anti-replay function.
- The Sequence Number is initialized with a "random" value during connection setup.
- The RFC suggests that the Initial Sequence Number (ISN) is incremented by 1 at least every 44 ms.
- In many implementations, it is computationally feasible to guess the next ISN number.
Transport Layer: TCP SYNC Attack
- A 3-way handshake is used in TCP connections: SYN, SYN-ACK, ACK.
- An attacker can impersonate a trusted host (T) by sending a SYN packet with a spoofed IP address.
- The server responds with a SYN-ACK packet, which the attacker can then respond to with an ACK packet, allowing the attacker to send malicious data.
Application Layer: DNS
- DNS spoofing occurs when an attacker has access to a name server and modifies it to provide false information.
- An example of DNS spoofing is redirecting www.ebay.com to the attacker's own IP address.
- The cache of a DNS name server can be poisoned with false information using simple techniques.
Application Layer: Web Browsers
- Web browsers can be a threat if malicious code is inserted into the browser.
- Informing an attacker of a user's activities and passwords is a potential problem.
- Cookies can be used to track what sites a user visits, leading to serious privacy violations.
Application Layer: Web Browser Security
- Interactive web sites are based on forms and scripts.
- Malicious scripts can be used to crash a server or gain control over it.
- Server security can be improved using security-enhanced application protocols.
Application Layer: E-mail Security
- E-mails transit through various servers before reaching their destinations, making them visible to anybody with access.
- The SMTP protocol itself has security holes.
- E-mail security can be improved using tools and protocols.
Application Layer: Security-Enhanced Application Protocols
- Security-enhanced application protocols can solve most application layer security problems.
- Examples of security-enhanced protocols include FTPS, HTTPS, SMTPS, and DNSSEC.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
