Network Security: Standard System Attacks

Questions and Answers

Which of the following best describes a computer virus?

• A tool used to intercept and steal sensitive information
• A self-replicating program that spreads across a network
• A program that hides inside a harmless-looking file
• A small program that alters how a computer operates and causes damage (correct)

Which type of virus replicates itself and spreads to other machines, often via email?

• Trojan horse
• Polymorphic virus
• Worm (correct)
• Boot sector virus

What is the primary characteristic of a polymorphic virus?

• It changes its encryption key to avoid detection. (correct)
• It hides inside macro files.
• It attaches itself to executable files.
• It resides in the boot sector of a hard drive.

What is the primary goal of a Denial of Service (DoS) attack?

To disable a particular server (B)

Which attack involves exploiting IP broadcast addressing operations to amplify the impact on a target network?

Smurfing (C)

What is the main purpose of 'spoofing' in the context of network security?

To create a packet that appears to be from someone else (D)

Which type of attack involves redirecting a user to a fake website that mimics a legitimate one?

Pharming (A)

What is the primary function of a keylogger?

To record a user's keystrokes (D)

Why is physical security important for network security?

All of the above (D)

What is the purpose of a 'honeypot' in network security?

To serve as a decoy to attract and monitor attackers (A)

Which access control measure restricts access based on the time of day?

Limiting time of day access (B)

When referring to access rights, what does 'execute' typically allow a user to do?

Run a program or script (B)

What is a key principle for creating strong passwords?

Change password often and using a combination of characters (A)

Which of the following is an example of biometrics used for authentication?

Fingerprint scan (C)

What is the primary purpose of auditing in network security?

To detect wrongdoing (B)

In cryptography, what is 'plaintext'?

Unencrypted data (C)

What is the purpose of a 'key' in encryption?

To decrypt the ciphertext back into plaintext (B)

In a monoalphabetic substitution cipher, how are characters replaced?

Characters are replaced systematically based on a key. (B)

How does a polyalphabetic substitution cipher differ from a monoalphabetic cipher?

It uses multiple alphabetic strings or keys to encode the plaintext. (B)

In a transposition-based cipher, what is altered to encrypt the message?

The order of the characters (A)

In public key cryptography, what is the purpose of the public key?

To encrypt messages (A)

What characteristic is essential for public key cryptography?

One key cannot be deduced from the other. (C)

How do digital signatures provide authentication?

By using a hash encoded with the owner's private key (A)

What action occurs when a digitally signed document is opened?

The document's authenticity and integrity are verified (C)

Which of the following is a primary function of a firewall?

To support an access control policy between two networks (B)

How can firewalls be used to restrict specific applications?

By filtering based on TCP port numbers (A)

What is a packet filter firewall primarily based on?

Examining IP addresses and TCP port numbers (A)

What is the main advantage of a proxy server firewall?

It provides enhanced security by acting as an intermediary. (B)

What additional functionality does an application layer firewall offer compared to packet filtering?

Inspection of packet content based on application (D)

What makes WLANs inherently more vulnerable to intrusion compared to wired networks?

The wireless medium is not contained. (A)

Why is hardware theft a significant security risk for WLANs?

The hardware may store sensitive network information. (D)

What security risk does rogue AP pose?

They can impersonate a valid device. (A)

Which action is an example of 'passive monitoring' in WLAN security?

Capturing and analyzing data transmissions (A)

What is the main goal of a Denial of Service (DoS) attack on a WLAN?

To prevent legitimate users from accessing the network (B)

What does the process of 'authentication' verify in WLAN security?

That user has permission to access the network (A)

How can turning off SSID broadcast enhance WLAN security?

By hiding the network from unintentional discovery (C)

What is the primary goal of privacy measures in WLAN security?

To encrypt network traffic (A)

What is considered a major weakness of WEP (Wired Equivalent Privacy)?

It's encryption key is too short. (B)

Why was WPA (Wi-Fi Protected Access) developed?

To address the vulnerabilities in WEP (C)

Which feature does TKIP (Temporal Key Integrity Protocol) add to wireless security?

Per-packet key-mixing (C)

What is a key feature of WPA2 that distinguishes it from WPA?

Compatibility with the IEEE 802.11i standard (D)

What is the purpose of Push-Button Wireless Security?

To automatically configure security settings (B)

Besides encryption, what other strategies can improve additional WLAN security?

Reducing WLAN transmission power (A)

Flashcards

Computer Virus

Malicious program that alters computer operation, often damaging data and system components.

Computer Worm

A program that copies itself across a network without human help, often via email.

Trojan Horse

Hiding malicious code within harmless-looking files, like in an email.

Socially Engineered Attack

An attack using social skills to trick users into revealing sensitive information.

Exploiting Known Vulnerabilities

Exploiting weaknesses in software to compromise a system.

Denial of Service (DoS) Attack

Sending excessive messages to overwhelm and disable a server.

Ping Storm

Using the Internet ping program to flood a server with packets.

E-mail Bombing

Sending someone a large volume of unwanted emails, overwhelming their inbox.

Smurfing

Attacking a network using IP broadcast addressing operations to amplify the attack.

IP Spoofing

Creating a network packet that appears to originate from a fake IP address.

Spoofing (General)

Creating a packet that appears to be something or someone else to gain trust.

Phishing

Creating emails that look legitimate but are designed to steal personal information.

Pharming

Redirecting users to a fake website that imitates a legitimate one.

Botnets

Malicious programs controlling operations on a compromised computer.

Rootkit

A program installed deep within a system to remotely take control and avoid detection.

Keylogger

Software that secretly captures and records keystrokes from a user's keyboard.

Environmental Protection

Protecting systems from environmental threats such as floods and earthquakes.

Physical Security

Securing facilities by locking rooms and devices to prevent unauthorized physical access.

Surveillance

Using cameras to deter theft and document activities for security purposes.

Honeypot

An indirect surveillance method using traps to detect and observe malicious activity.

Access Control

Restricting who can access specific resources to protect sensitive data.

Access Rights

Rights granted to users determining what actions they can perform on a resource.

Authentication

The process of verifying a user's identity to grant access to a system or network.

Password Rotation

Regularly changing passwords to prevent unauthorized access and protect accounts.

Biometrics

Using fingerprints, face scans, or voice prints for identification.

Multifactor Authentication

Combining multiple identification methods for increased security.

Auditing

A record that lists who accessed what resources and when, to detect wrongdoing.

Cryptography

The study of encryption and decryption techniques to secure communications.

Plaintext

Unencrypted data, readable by anyone.

Ciphertext

Encrypted data, unreadable without the decryption key.

Encryption Key

Unique information used to encrypt and decrypt data.

Monoalphabetic Substitution

Replacing characters with different characters based on a key.

Polyalphabetic Substitution

Using multiple alphabetic strings to make encrypted message more secure.

Transposition Cipher

Encrypting data by altering the order of characters in the plaintext.

Public Key Cryptography

An system that uses two keys, one public for encryption and one private for decryption.

Digital Signature

Attaching a unique, encrypted identifier to a document to verify authenticity.

Firewall

A system that controls network access between two networks based on security rules.

Packet Filter Firewall

A firewall that filters traffic based on IP addresses and TCP port numbers.

Proxy Server Firewall

A firewall that acts as an intermediary, forwarding requests between networks.

Application Layer Firewall

A firewall that inspects the content of packets at the application layer.

Hardware Theft (WLAN Security)

Attackers stealing wireless hardware to gain network access.

Study Notes

• Week 9 focuses on Network Security.

Introduction

• Computer systems are increasingly vulnerable despite having better security systems.
• Vulnerability comes from worldwide Internet access to computer systems.
• Encryption algorithms, access controls, digital signatures, and biometrics are forms of computer and network security.

Standard System Attacks

• Viruses are small computer programs that alter computer operation, deleting and corrupting data, program files or operating system files
• Parasitic viruses attach to files
• Macro viruses reside in macro files attached to applications and install when executed.
• Stealth viruses attach to the operating system.
• Boot sector viruses reside in removable media; these can infect a computer when it is started.
• Polymorphic viruses mutate, changing their encryption keys, making them difficult to detect.
• Computer worms copy themselves from one system to another over a network without human intervention.
• Worms often propagate through email.
• Viruses and worms are typically transported as Trojan horses, disguised inside harmless code.
• Social engineering and exploiting known vulnerabilities in operating systems or application software are two popular forms of attacks.
• Software companies issue patches for vulnerabilities; these can either fix the vulnerability or create more holes which can then be exploited.
• Common attack vectors include email attachments and scanning computer ports connected to the Internet.
• Denial-of-service (DoS) attacks disable a server by overwhelming it with requests.
• A ping storm is a condition in which the Internet ping program sends a flood of packets to a server.
• E-mail bombing is when one sends an excessive amount of unwanted e-mail.
• Smurfing is a technique using IP broadcast addressing operations to attack a network.
• Smurfing relates to spoofing and is often used in denial of service attacks.
• A user creates a packet that appears to be something else or from someone else when spoofing
• Phishing involves hackers creating emails that look as if they are coming from a legit source but are trying to get the user to give up ID and password info.
• Pharming redirects unknowing users to bogus look-alike websites.
• Stealing, guessing, and intercepting passwords is a tried and true form of attack.
• Botnets are malicious programs that take over operations on a compromised computer.
• Rootkits are programs that have been installed deep within a user's operating system and defy detection.
• Keyloggers secretly capture and record keystrokes made at a user's keyboard.

Physical Protection

• Physical protection is needed from environmental damage and from physical security breaches.
• Electrical protection and noise protection are needed.

Physical Protection (continued)

• Surveillance and proper placement of security cameras can deter theft and vandalism as well as provide a record of activities.
• Intrusion detection is a field of study in which specialists try to prevent intrusion and try to determine if a computer system has been violated by dataflow monitoring
• Honeypots are an indirect form of surveillance where network personnel create a trap, watching for unscrupulous activity

Controlling Access / Access Rights

• Controlling access involves deciding who has access to what, limiting time of day access, Limiting day of week access and Limiting access from a location
• Access rights include being able to Read, write, delete, print, copy, and execute Most network operating systems have a powerful system for assigning access rights

Passwords and ID Systems

• Passwords are the most common form of security and the most abused.
• Simple rules help support safe passwords, including changing password often, picking a good random password of at least 8 characters, not sharing passwords or writing them down and Don't select names and familiar objects as passwords
• Many new forms of "passwords" are emerging, including fingerprints, face prints, retina scans and iris scans, voice prints, ear prints and combinations of forms of identification called multifactor identification

Auditing

• Creating a computer or paper audit can help detect wrongdoing and also be used as a deterrent
• Many network operating systems allow the administrator to audit most types of transactions
• Criminals have been caught because of computer-based audits

Basic Encryption and Decryption Techniques

• Cryptography creates and uses encryption and decryption techniques.
• Plaintext is the clear, unencrypted data before any encryption is performed.
• Ciphertext is the encrypted data after encryption has been performed.
• Keys are unique pieces of information used to create ciphertext and decrypt it back into plaintext.

Monoalphabetic Substitution- Based Ciphers

• Monoalphabetic substitution-based ciphers replace a character or characters with a different character or characters, based upon some key
• Example replacement from abcdefghijklmnopqrstuvwxyz to POIUYTREWQLKJHGFDSAMNBVCXZ so that "how about lunch at noon" becomes "EGVPO GNMKN HIEPM HGGH"
• If someone intercepts a simple key, they can decrypt the whole conversation

Polyalphabetic Substitution- Based Ciphers

• Polyalphabetic ciphers are similar to monoalphabetic ciphers except multiple alphabetic strings are used to encode the plaintext
• A matrix of strings uses 26 rows by 26 characters or columns.
• A key such as COMPUTERSCIENCE is placed repeatedly over the plaintext COMPUTERSCIENCECOMPUTERSCIENCECOMPUTER thisclassondatacommunicationsisthebest
• To encode the message, take the first letter of the plaintext, t, and the corresponding key character immediately above it, C. Look in the 26x26 matrix where the row C intersects column t where the ciphertext character V is present and then continue with the other characters in plaintext

Transposition-Based Ciphers

• Transposition-based ciphers do not preserve the order of the plaintext.
• For a the key COMPUTER, number the letters in alphabetical order: 14358726
• The read the ciphertext down the columns, starting with the column numbered 1, followed by column number 2

Public Key Cryptography

• Public key cryptography is a robust encryption technique using two keys.
• Public Key encrypts the message and another private key decrypts.
• It is not possible to deduce one key from the other
• Secure Sockets Layer on the Internet is an example

Digital Signatures

• Used to authenticate the owner of the document
• Document to be signed goes through a complex mathematical computation that generates a hash
• The hash is encoded with the owner's private key, and then stored
• In future, hash is decoded using the owner's public key and both are compared to prove the document belongs to the owner
• Some countries accepts digitally signed documents as legal proof.

Firewalls

• A system that supports an access control policy between two networks.
• Limit the types of transactions that can enter or leave a system.
• Can be programmed to control IP addresses and TCP port numbers.

Three Basic Types of Firewalls

• Packet filter firewall – essentially a router that has been programmed to filter out or allow certain IP addresses or TCP port numbers, and can scan viruses or detect spoofing
• Proxy server – more advanced firewall that acts as a doorman into a corporate network with Any external transaction requesting something from the corporate network must enter through the proxy server but makes accesses slower
• Application layer – inspects all packets coming into or leaving a connection using the application layer of the TCP/IP protocol suite and the the most advanced fire wall, operating at packet filtering

Wireless LAN Security

• Broadcasting network traffic over the airwaves has created new security issues for data transmissions with WLANs are far more exposed to intrusion because the medium is not contained.
• Attacks include hardware theft, AP impersonation, passive monitoring and Denial of service (DoS)

802.11 Security

• Authentication is when the Process verifies that the client device has permission to access the network is verified, and each WLAN client can be given the SSID of the network manually or automatically plus Turning off SSID broadcast can also protect your network against someone finding it unintentionally
• Privacy ensures that transmissions are not read by unauthorized users using data encryption

802.11 Security (cont.)

• Wired Equivalent Privacy (WEP) is a Data encryption specification for wireless devices with two versions: 64-bit and 128-bit encryption although the 128 is easy to decrypt and seldom used today
• Wi-Fi Protected Access: Standard for network authentication and encryption, uses a 128-bit pre-shared key (PSK) and PSK uses a different encryption key for each client device, for each packet, and for each session
• Wi-Fi Protected Access 2: version of WPA that has been certified by the IEEE to be compatible with IEEE 802.11i
• Define a robust security network association (RSNA) and Provide Mutual authentication between client devices and AP • Controlled access to the network, Establishment of security keys and Key management

Additional WLAN Security Strategies

• Reduce WLAN transmission power.
• Change the default security settings on the APs.
• Employ antivirus and antispyware software.
• Separate WLAN transmissions from wired network traffic.
• Put a firewall between the WLAN and the wired LAN.