Lesson 6 MT | Security

Question 1

Common security attacks and countermeasures

Answer 1

• Firewalls & Intrusion
• Detection Systems
• Denial of Service Attacks
• TCP Attacks
• Packet Sniffing
• Social Problems

Question 2

1. Freedom from risk or danger; safety
2. Freedom from doubt, anxiety, or fear; confidence.
3. Something that gives or assures safety, as;
   - A group or department of private guards
   - Measures adopted by a government to prevent espionage, sabotage or attack
   - Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault.

Answer 2

Security

Question 3

Why do we need security?

Answer 3

• Protect vital information while still allowing access to those who need it
• Provide authentication and access control for resources
• Guarantee availability of resources

Question 4

Who is vulnerable?

Answer 4

• Financial institutions and banks
• Internet service providers
  -Pharmaceutical companies
• Government and defense agencies
• Contractors to various government agencies
• Multinational corporations
• ANYONE ON THE NETWORK

Question 5

What is the countermeasures with;

• Finding a way into the network.

Answer 5

Firewall

Question 6

What is the countermeasures with;

• Exploiting software bugs, buffer overflows

Answer 6

Intrusion Detection System

Question 7

What is the countermeasures with;

Denial of Service

Answer 7

Ingress filtering, IDS

Question 8

What is the countermeasures with;

• TCP hijacking

Answer 8

IPSec

Question 9

What is the countermeasures with;

• Packet sniffing

Answer 9

Encryption (SSH, SSL, HTTPS)

Question 10

What is the countermeasures with;

• Social problems

Answer 10

Education

Question 11

Basic problem – many network applications and protocols have security problems that are fixed over time

Answer 11

Firewalls

Question 12

A ____ is like a castle with a drawbrigde
- Only one point of access into the network
- This can be good or bad

Answer 12

Firewall

Question 13

T or F

Firewall can be hardware or software

Answer 13

True

Question 14

Used to filter packets based on a combination of features

Answer 14

Firewall (Packet filtering firewalls)

Question 15

Used to monitor for “suspicious activity” on a network.
- Can protect against known software exploits, like buffer overflows

Open Source IDS: Snort, www.snort.org

Answer 15

Intrusion Detection

Question 16

We can run a _____ on the passwords
- the passwords in /etc/passwd are encrypted with the crypt(3) function (one-way hash)
- Can take a dictionary of words, crypt() them all, and compare with the hashed passwords

Answer 16

Dictionary attack

Question 17

T or F
is “sdfo84f9f” a good password

Answer 17

True

Question 18

Make the network service unusable, usually by overloading the server or network.

Many different kind of ____ attack
- SYN flooding
- SMURF
- Distributed attacks
- Mini Case Study: Code-red

Answer 18

Denial of Service

Question 19

• Source IP address of a broadcast ping is forged
• Large number of machines respond back to victim, overloading it

Answer 19

SMURF

Question 20

• Same techniques as regular DoS, but on a much larger scale
• Infect a large number of machines with a “zombie” program
• Zombie rogram logs into an IRC channel and awaits commands

Answer 20

Distributed Denial of Service

Question 21

• July 19, 2001: over 359,000 computers infected with Code-Red in less than 14 hours
• Used a recently known buffer exploit in Microsoft IIS
• Damages estimated in excess of $2.6 billion

Answer 21

Mini Case Study -CodeRed

Question 22

• If the source IP of a packet comes in on an interface which does not have a route to that packet, then drop it
• RFC 2267 has more information about this

Answer 22

Ingress filtering

Question 23

If an attacker learns the associated ____ state for the connection, then the connection can be hijacked

Answer 23

TCP

Question 24

Attacker can insert malicious data into the ____, and the recipient will believe it came from the original source

Answer 24

TCP stream

Question 25

How can you prevent TCP attacks?

Answer 25

- Provide source authentication, so people can't pretend to be someone else - Encrypt data before transport.

Question 26

- When someone wants to sent a packet to someone else - They put the bits on the wire with the destination MAC Address - And remember that other hosts are listening on the wire to detect for collisions - It couldn't get any easier to figure out what data is being transmitted over the network

Answer 26

Packet sniffing

Question 27

T or F Does packet sniffing works for any broadcast-based medium

Answer 27

True

Question 28

What kind of data hacker can get doing packet sniffing

Answer 28

Anything in plain text. Passwords are the most popular

Question 29

How can we protect ourselves from packet sniffing

Answer 29

- SSH, not Telnet - HTTP over SSL - SFTP, not FTP - IPSec

Question 30

Provides network-layer confidentiallity

Answer 30

IPSec

Question 31

T or F SSL is better especially when making purchases with credit cards.

Answer 31

False. HTTP over SSL

Question 32

____ can be configured to look for internal inconsistencies in traffic patterns

Answer 32

IDS

Question 33

___ can be configured to block off one part of a corporate network from another part to further restrict access

Answer 33

Firewalls

Question 34

Can also use _____ with strong encryption to identify who is doing what

Answer 34

Identification tokens

Question 35

What are the Security principles

Answer 35

- Confidentiality - Integrity - Availability

Question 36

Ensuring data is only accessible to authorized users

Answer 36

Confidentiality

Question 37

Protecting data from unathorized modification

Answer 37

Integrity

Question 38

Ensuring systems and data are available when needed

Answer 38

Availability

Question 39

The foundation of all security

Answer 39

CIA Triad

Question 40

Users should only have the minimum access necessary to perform their jobbs

Answer 40

Principle of Least Privilege

Question 41

Using multiple layers of security (physical, network, and data security) to protect assets

Answer 41

Defense in Depth

Question 42

The process of verifyring a user's identity. Example: Passwords, Biometrics (finger, faceID), and security tokens

Answer 42

Authentication (Who are you?)

Question 43

Requiring two or more verification methods for increased security

Answer 43

Multi-Factor Authentication (MFA)

Question 44

The process of grantingt permissions to an authenticated users Examples: Accessing specific files, editing a database, or enteringg a restricted area

Answer 44

Authorization (What can you do?)

Question 45

Focused specifically on fixing security flaws on "plugging holes" in your defense

Answer 45

Security Patches

Question 46

Often include bug fixes, performance improvements, and new features alongside security patches

Answer 46

Software Updates

Question 47

How to update all packages

Answer 47

yum update -y

Question 48

How to update security only

Answer 48

yum update --security -y

Question 49

How to check for updates

Answer 49

yum check-update

Question 50

Restricts which resources (like scripts) the browser is allowed to laod

Answer 50

Content Security Policy (CSP)

Question 51

Forces the browser to use secure HTTPS connections only.

Answer 51

Strict-Transport-Security (HSTS)

Question 52

Prevents "Clickjacking" by controlling whether a site can be rendered in an iFrame.

Answer 52

X-Frame-options

Question 53

Prevents the browser from "guessing" the content type, which can lead to script execution.

Answer 53

X-Content-Type-Options