Network Security: Chapter 9

Questions and Answers

A network, at its most basic, consists of what?

• Two or more devices connected to facilitate communication. (correct)
• A single client connected to multiple servers.
• A complex system of hardware and software without physical connections.
• Multiple servers interacting with each other.

Why are wired networks often considered vulnerable to interception?

• Because wired networks are not susceptible to inductance.
• Because signals in Ethernet cables can be intercepted, and cables can be spliced to copy data. (correct)
• Because physical access to the network is strictly controlled.
• Because they rely on advanced encryption that can be easily compromised.

What makes microwave communication particularly accessible to outsiders?

• It requires direct physical contact for interception.
• It broadcasts through the air, making it easier to intercept. (correct)
• It uses highly secure encryption protocols.
• Its signals are contained within physical cables preventing external access.

Which of the following is a weakness of satellite communication regarding security?

Its broadcast footprint allows any antenna within range to intercept the signal. (A)

What is a key security advantage of optical fiber compared to traditional cable?

It is immune to signal emanation. (D)

What makes wireless networks particularly vulnerable?

Signals are broadcast, making them more exposed and easier to intercept. (B)

What is the primary function of a MAC address in network communication?

To uniquely identify a network interface card (NIC). (A)

Why is the expandability of a network considered a security concern?

Because the unknown parameters introduced can create uncertainty about the network boundary. (A)

Which of the following best describes a 'sequencing attack' in network communications?

Packets arriving in an unintended order. (D)

What is the main purpose of a 'replay attack'?

To reuse intercepted legitimate data to gain unauthorized access. (D)

In the context of network security, what does 'inductance' refer to?

A phenomenon where signals radiate from wires, allowing intruders to read them without physical contact. (C)

What is the key characteristic of a Denial of Service (DoS) attack?

Disrupting access to services or data for authorized users. (C)

What distinguishes a Distributed Denial of Service (DDoS) attack from a regular DoS attack?

A DDoS attack originates from multiple compromised machines. (D)

How does a SYN flood attack work?

Filling the SYN_RECV queue with incomplete connection requests. (D)

What vulnerability does the 'teardrop' attack exploit?

The system's algorithm for reassembling fragmented IP packets. (B)

What is a primary goal of link encryption?

Encrypting data at each communication link to protect it during transit. (C)

How does end-to-end encryption primarily enhance security?

By providing security for a transmission from one end to the other. (D)

What is a key characteristic of Kerberos, a network authentication protocol?

It employs a trusted Key Distribution Center (KDC) to authenticate users and services. (A)

What is a limitation of Kerberos in distributed systems?

It requires continuous availability of a trusted ticket-granting server. (A)

What is the primary purpose of the SESAME protocol in distributed systems?

Providing secure authentication and access control mechanisms. (C)

A network is defined as three or more devices connected by hardware and software to facilitate communication.

False (B)

Data communication over a wired connection is generally more vulnerable than wireless communication.

False (B)

Optical fiber cables are highly susceptible to tapping without detection due to the electrical signals they transmit.

False (B)

A MAC address is a unique physical address assigned to a network interface card (NIC).

True (A)

Routing involves directing network traffic toward a destination, and manipulation of routing protocols cannot be exploited for malicious activities.

False (B)

Examining each packet as it goes by on a network (packet sniffing) cannot be used to intercept data.

False (B)

In a replay attack, intercepted data is always modified before being reused.

False (B)

In a sequencing attack, packets arrive out of order.

True (A)

A 'SYN flood' attack aims to overwhelm a victim by exploiting vulnerabilities in hardware components, causing a physical system failure.

False (B)

A 'Smurf attack' involves broadcasting ping packets, spoofing the victim's address, without involving unwitting accomplices.

False (B)

In denial-of-service attacks, the primary goal is to compromise the integrity of the data rather than the availability of the service.

False (B)

Networks of compromised computers (botnets) cannot be used for DDoS attacks.

False (B)

A denial of service (DoS) attack specifically targets routing protocols to misdirect network traffic.

False (B)

A wireless access point's SSID is a long, complex encryption key used to secure the network.

False (B)

In end-to-end encryption, data is decrypted at each intermediate node between the sender and receiver.

False (B)

Data is encrypted just before the communication enters sending system in link encryption.

False (B)

The Digital Distributed Authentication (DDA) typically does not make use of digital signatures.

False (B)

Kerberos relies on symmetric-key cryptography to secure client-server interactions.

True (A)

The Kerberos server is optional for strong application security.

False (B)

Kerberos is not suitable for client-server situations.

False (B)

Flashcards

What is a network?

Two devices connected by hardware and software for communication.

What is packet sniffing?

Examining each packet as it travels, often using tools like Wireshark.

What is a sequencing attack?

An attack that manipulates packet sequences to disrupt communication.

What is a Substitution Attack?

Replacing part of a data stream with malicious content.

What is an Insertion Attack?

Injecting malicious data values into a data stream.

What is a Replay Attack?

Legitimate data is intercepted and then reused.

What is a Physical Replay Attack?

Hiding malicious activity by feeding innocent images to security cameras.

What is a Flooding Attack?

Denying access to a service that consumes excessive capacity or resources.

What is 'Blocked Access'?

Preventing a service from functioning correctly.

What is the Ping of Death?

A simple attack using the 'ping' command to overload a host.

What is a Smurf Attack?

Spoofing the victim's address and sending ping packets in broadcast mode.

What is a SYN Flood?

Overwhelming victims by filling the SYN_ RECV queue with SYN requests.

What is an IP Fragmentation (Teardrop) attack?

Sending overlapping fragments of data that the system cannot reassemble.

What is Traffic Redirection?

Misleading routers to disrupt network communication.

What is a DNS Attack?

Attacks on name servers that causes hijacking and cache poisoning.

What is a Distributed Denial-of-Service (DDoS) attack?

Attacker infects multiple machines with trojans and uses them to bombard a chosen victim.

What are botnets?

Networks of bots that are used for massive DoS attacks.

What is wiretapping?

Intercepting communications, either passively or actively.

What is impersonation?

An attacker pretends to be someone they are not to gain access.

What is Message Exposure?

This involves the unauthorized disclosure of confidential information.

Communication Medium

The medium through which network data travels.

MAC Address

A unique hardware address assigned to a network interface card (NIC).

Network Analysis

Examining network traffic to identify patterns and potential security issues.

Signal Degradation

Degradation of signal strength over distance in wireless networks.

SSID

A string used to identify a wireless access point.

Interruption

Loss of a network service function due to events.

Mis-delivery

When transmitted messages end up being delivered to the wrong recipient.

Message Falsification

Modifying content of message while in transit.

Hacking

Hacker develops tools to find vulnerabilities and exploit them.

Link Encryption

A type of encryption where data is encrypted and decrypted at each hop.

End-to-End Encryption

Encrypting from sender to receiver hiding data from intermediate components

Host Authentication

Ensuring communicating hosts are authentic.

User Authentication

Ensuring network users are authentic.

Kerberos

A network authentication protocol using tickets to authenticate the app.

Client-Server Applications Authentication

Ensuring client-server applications are authentic.

Study Notes

• Chapter 9 discusses security in networks and distributed systems
• Dr. Sayed Elsayed is the author

Chapter Outline

• Brief review of network terms and concepts are covered
• Definitions, communication media, and protocols are included
• Vulnerabilities in networks are covered
• Threats like wiretapping, modification, and addressing are described
• Interception, association, WEP, and WPA in wireless networks are covered
• Denial of service and distributed denial of service explained
• Protections for vulnerabilities are explained
• Cryptography for networks using SSL, IPsec, and virtual private networks is included
• Firewalls, intrusion detection, and protection systems are detailed
• Managing network security, security information, and event management are covered

Introduction to Networks

• A network involves two devices connected via hardware and software to facilitate communication
• Networks include computers, printers, storage devices, and the necessary connecting wires
• Networks typically involve many clients interacting with multiple servers

Network Concepts

• Data communications travel via wires or wirelessly
• Both wired and wireless networks are vulnerable to attacks
• Data can be intercepted through eavesdropping, wiretapping, or sniffing

Network Transmission Media

• In cable networks, Ethernet or LAN signals are susceptible to interception
• LAN connectors, such as NICs, have unique MAC addresses
• Packet sniffing involves examining each packet using tools like Wireshark
• Wires radiate signals that intruders can read
• Cable splicing involves attackers cutting and splicing cables to copy data
• Optical fiber is not tappable without detection and is immune to inductive tapping
• Microwaves broadcast through the air and are easily accessible to outsiders
• Satellite communication footprints allow antennas within range to intercept signals
• Other radio wave technologies like cellular, Bluetooth, and near field communication are used

Microwave Transmission

• Microwaves are broadcast through the air, making them easier for outsiders to access

Communication Media Strengths and Weaknesses

• Wire is widely used, inexpensive, but susceptible to emanation and physical wiretapping
• Optical fiber is immune to emanation and difficult to wiretap, yet exposed at connection points
• Microwave signals are strong but exposed to interception along the transmission path
• Wireless networks are available and built into devices, signal degrades and is intercepted
• Satellite communications are strong and fast but have delays and signal exposure over a wide area

Addressing and Routing

• Intercepting communications media is one way to strike a network
• Integrity and availability threats apply
• Addressing and routing is fruitful for attackers
• Protocols, addressing, routing, and ports are potential vulnerabilities

Addressing and Routing Details

• A protocol is a set of conventions for computer interaction, allowing a high level view of communications
• Addressing uses the network interface card (NIC) with a MAC address for each computer
• Routing involves routers directing traffic along a path to a destination
• Ports are numbers associated with application programs

Threats to Network Communications

• Concepts include interception, modification, fabrication, and interruption
• Interception includes eavesdropping and wiretapping
• Modification and fabrication refer to data corruption or integrity failures
  • A sequencing attack occurs when packets arrive out of order
  • Substitution replaces a piece of the data stream
  • Insertion adds data values into a stream
  • Replay attack reuses intercepted data
  • Physical replay attack feeds fake visuals to security cameras
• Interruption involves loss of service or DoS attacks, affecting routing or causing component failure

Data Corruption Sources

• Data corruption includes typing errors, malicious code, hardware failure, noise, software flaws, and hacker activity

Wireless Network Security

• Wireless communication is less secure than wired due to signal exposure
• The 802.11 protocol suite governs wireless communication
• Described is how devices communicate in the 2.4 GHz radio signal band allotted to WiFi
• Wireless signals degrade due to interference and distance
• Poor signals may cause connection drops
• WiFi data units are called frames
• Management frames handle beacon, authentication, and association requests
• SSID identifies a wireless access point

Denial of Service (DoS)

• A DoS attack attempts to defeat availability by denying users access
• Flooding attacks occur from demand exceeding capacity
• Blocked access involves preventing a service from functioning
• Access failure includes: insufficient capacity, blocked access, and unresponsive component
• A Ping of Death attack floods pings to the victim
• A Smurf attack spoofs the victim's address

DoS continued...

• SYN flood overwhelms victims by filling SYN_RECV queue
• IP Fragmentation or Teardrop attack sends unreassembled datagrams
• Traffic redirection misleads routers
• DNS attacks target top-level domains, hijack sessions, and poison caches.

Distributed Denial-of-Service (DDoS)

• DDoS attacks infect multiple machines with Trojan horses (bots or zombies)
• Attackers signal zombies to bombard a chosen victim with traffic
• DDoS attacks are launched from scripts
• Bots consume computing and network resources
• Botnets are used for massive DoS attacks
• Botnet operators rent compromised hosts

Network Security Issues

• Networks share resources and workload
• System complexity is an issue
• Expandability creates network boundary uncertainty
• Many points of attack exist
• Anonymity allows attacks without touching the system
• Unknown paths are possible

Network Security Threats

• Common security threats include wiretapping, impersonation, and message confidence violations
• Also, message integrity violations, hacking, and DoS attacks are potential network security threats

Wiretapping Threats

• Wiretapping is intercepting communications
• Approaches include passive and active
• Packet sniffers can retrieve all packets on the net
• Inductance enables tapping wires without physical contact
• Microwave and satellite communications are prone to interception
• Optical fiber offers security, as the entire network is checked
  • It carries light energy, preventing magnetic field-based tapping
• Wiretappers target weaknesses in repeaters, splices, and connecting equipment

Impersonation

• Impersonation involves pretending to be someone or something with the attacker having several choices
  • These choices are include guessing identity, picking up identity details, circumventing authentication, using a non-authenticated target

Message Confidentiality Violations

• Includes misdelivery, exposure, or traffic flow analysis

Message Integrity Violations

• Includes falsification (changing, replacing, redirecting, or deleting messages) or noise interference

Hacking

• Hacking is a significant security threat
• Hackers can develop tools to search vulnerabilities
• Hackers analyze, plan, code, simulate, and test future attacks

DoS

• Includes connectivity, flooding, routing problems, and disruption of service

Network Security Control through Encryption

• Encryption involves link encryption and end-to-end encryption
• Link Encryption encrypts data before it's placed on communication links
• Decryption occurs as communication enters the receiving computer

End-to-End Encryption

• Provides security from one end of transmission to the other

Link Encryption versus End-to-end Encryption

• Link Encryption is applied by sending host, is transparent to user, done in hardware
• End-to-end Encryption is applied by sending process, uses software, and is user's choice

Authentication Issues in Distributed Systems

• Main concerns are ensuring authenticity of communicating hosts and users
• Authentication mechanisms address security concerns in distributed systems

Authentication Mechanisms

• Digital Distributed Authentication (DDA) uses digital signatures
• Distributed Computer Environment (DCE) provides distributed services, uses crypto techniques
• Kerberos uses a trusted Key Distribution Center (KDC) to authenticate users and services
  • It is designed for client-server applications, uses symmetric-key

Authentication Mechanisms continued...

• SESAME: aimed at secure authentication in multi-vendor systems, supporting auth techniques
• CORBA: a middleware standard, authenticates by integrating security mechanisms provided by protocols
  • CORBA apps use auth and access control by protocols

Kerberos

• Kerberos authenticates in distributed systems and was designed at MIT
• A central server provides authenticated tokens to applications

Kerberos Design

• Kerberos is designed to withstand attacks
• No passwords are communicated through the network
• Cryptographic protection guards against spoofing
• There are validity and timestamps prevent replay
• It relies on mutual authentication

Kerberos Imperfections

• Continuous availability of KDC is necessary
• Authenticity of servers is required
• Kerberos requires timely transactions
• Subverted workstations can replay passwords
• Weak passwords can be guessed
• Kerberos may not scale or address security concerns in systems