network security

Question 1

\what are the security processes (AAA)

Answer 1

authentication
authorisation
accounting

Question 2

authentication def

Answer 2

(deploys robust MFA multi-factor authentication process to) verify that users are who they claim to be

Question 3

authorisation

Answer 3

(deploy processes to) verify that users have permission to access/modidfy the resources they are attempting to access/modify

Question 4

accounting

Answer 4

• processes that track & rec activities & actions taking place on the network/its comp systems & detects suspicious activity (IDS)
• these activity logs can facilitate investigation in the case of network/data breach & aid accountability

Question 5

authentication methods

Answer 5

• password (‘smth uk’)
• MFA, multi-factor authentication (‘smth u hv’, like security token, OTP one-time pw)
• biometrics (‘smth u are’)
• digital certificates

Question 6

firewall (authorisation)

Answer 6

• blocks unauthorised access to network
• checks all inbound & outbound data packets against a set of rules

Question 7

eg of how firewall works

Answer 7

• to disallow HTTP traffic into/out of network, firewall can block all packets using TCP transport protool w destination port (HTTP port num, 80)
• to prevent comp within the network frm communicating w eo, firewall can block all packets w private IP addresses as destination IP address
• to prevent comp outside network frm sending packets on unauthorised ports, firewall can block all packets, w public IP addresses as source IP & w destination port >1023

Question 8

IDS (intrusion detection system)

Answer 8

device/software app that monitors network/systems for malicious activity/policy violations

BUT (unlike firewall)
IDS X prevent possible intrusions, only signals an alarm upon detection

Question 9

IPS (intrusion protection system)

Answer 9

system that actively takes steps to prevent an intrusion/atk when it identifies one

Question 10

why IPS > firewall

Answer 10

• IPS hv greater capabilities than firewall: firewall can only filter packets based on info in packet headers BUT IPS can filter packets based on their payload (content) as well
• a more capable IPS can even analyse pattern of data packets to determine if atk is occurring (esp impt for DDoS)

Question 11

asymmetric key encryption (cryptography) purpose

Answer 11

ensures only intended recipient of msg can read it

Question 12

digital signature

Answer 12

(context: how to ensure data transmitted is secure against cyber threats)

• produced by sender of document to verify that contents are approved
• verifies authenticity of digital msg & gives confidence that msg came frm stated sender & X altered in transit

Question 13

transport/socket layer security (TSL/SSL)

Answer 13

(context: how to ensure data transmitted secure against cyber threats)

• protocols that provide secure communication by using encryption to protect data transmitted
• once secure connection established, any data transmitted btwn client & server is encrypted & can be decrypted by intended recipient

Question 14

explain how digital signature works

Answer 14

(context: explain what sending and receiving devices can do to detect any malicious alteration of a message, 4m)

• the sender hashes the message
• and encrypts the message hash using the sender’s private key to produce the -digital signature
• the digital signature is included with the original message
• recipient decrypts the digital signature using the sender’s public key
• recipient hashes the message using the same hash function
• recipient verifies that the hash message from the decrypted digital signature and the message hash are the same

(‘visualisation’)
sender
message hash = hash(message)
digital signature = encrypt(message hash, sender’s private key)
digital signature + org message (sent)

recipient
decrypted digital signature = decrypt(digital signature, sender’s public key)
message hash = hash(message)
verify that decrypted digital signature == message hash (same)