Midterm Review

Darth wants to digitally sign a message he's sending to Jabba so that Jabba can be sure the message came from him without modification in transit. Which key should he use to encrypt the message hash?

*Darth's private key. Darth should encrypt the message digest with his own private key. When Jabba receives the message, she will decrypt the digest with Richard's public key and then compute the digest herself. If the two digests match, she can be assured that the message truly originated from Richard.

An attack in which a target machine or a site is made unavailable to its legitimate users, either because the target machine's resources are exhausted or because the bandwidth of the attacked site is saturated.

Denial of Service Attack (DOS Attack)

Asymmetric encryption algorithms

Diffie-Hellman, RSA, ECC, ElGamal, DSA, PKCS

All of the following are symmetric encryption algorithms EXCEPT

ECC

Keep it simple

After performing a default installation, all services that are not needed are removed.

What is a certificate authority?

An entity that generates a digitally signed identification certificate. In PKI, a third party that manages users' digital certificates.

Security through obscurity

An internal web server is configured to use port 8080, instead of the usual port 80.

A Linux system has the following file listing:(EXAMPLE) -rwxr----- 1 larry development 190 Mar 29 06:01 main.cpp This file listing indicates that: main.cpp is owned by a user identified as larry. main.cpp is owned by the group development. User jane is not a member of the development group. What is jane allowed to do with main.cpp?

Answer: Nothing

A Linux system has the following file listing:(EXAMPLE) -rwxr----- 1 larry development 190 Mar 29 06:01 main.cpp This file listing indicates that: main.cpp is owned by a user identified as larry. main.cpp is owned by the group development. User laura belongs to the development group. What is laura allowed to do with main.cpp?

Answer: Read.

Ensuring that an individual is who they claim to be is the function of _________.

Authentication

Jar Jar inadvertently disconnects the cable from the company email server. This creates a problem of ________.

Availability

In the context of information security, CIA stands for Confidentiality, Integrity, Availability. Explain what availability is and give an example of an availability violation.

Availability: The information is available for use when an authorized user wants it. A violation is someone unplugging or taking a harddrive full of sensitive data. Someone deleting a file by mistake.

Fail securely

The authentication service of the company is down. As a consequence, no employee can access his/her network resources.

Encrypting a message by simply rearranging the order of the letters is a function of the

Transposition Cypher

Symmetric encryption algorithms

Blowfish, AES, RC4, DES, RC5, and RC6

Separation of duties

In order for equipment to be purchased, both the department head and the project manager must sign the procurement form

All of the following are asymmetric encryption algorithms EXCEPT:

3DES

Consider the following scenario: Alice receives a message, a digital signature and a certificate from Bob. In order to verify the signature, Alice does the following: 1. Hashes the received message using the same hash algorithm that Bob used, that's your calculated hash 2. Decrypts the signature using the public key contained in the certificate, that your decrypted hash 3. Compares the calculated hash and the decrypted hash 4. Because the 2 hashes are identical, Alice goes on and: 5. Checks the validity period on the certificate 6. Because certificate is still valid according to its validity period, Alice goes on and identifies the issuer of the certificate. 7. She looks for a certificate for the issuer on the Internet and finds one on a forum page. 8. She uses the issuer's certificate to verify the signature on Bob's certificate. Because the signature is valid, Alice concludes that the message was indeed written by Bob and that the message was not tampered with during its transit over the network. What do you think about Alice's conclusion? Did she miss any step into the verification?

?

The term "hacktivist" refers to

A hacker who seeks to interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency

When selecting a symmetric encryption algorithm, the size of the secret key does matter because

A larger keyspace (set of all possible key) would mean a longer time for the attacker to generate all the keys, and thus a greater security: The keyspace for an algorithm with a defined key size of 32 bits is 232, and it would take only a few milliseconds to crack on a modern machine. The keyspace for an algorithm with a defined key size of 56 bits is 256, and it would take only a few hours to crack on a modern machine. The keyspace for an algorithm with a defined key size of 128 bits is 2128, and it would take a few billion years to crack on a modern machine.

A ping sweep:

A ping sweep (also known as an ICMP sweep) is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers). Whereas a single ping will tell you whether one specified host computer exists on the network, a ping sweep consists of ICMP (Internet Control Message Protocol) ECHO requests sent to multiple hosts. If a given address is live, it will return an ICMP ECHO reply. Ping sweeps are among the older and slower methods used to scan a network. (Tools: fping, gping, and nmap for UNIX systems) (Tools: Rhino9 and Ping Sweep from SolarWinds for Windows systems)

What is a port scan?

A port scan is a method for determining which ports on a network are open. A port scanner are tools used both by attackers and defenders to identify or fingerprint active computers on a network, the active ports and services on those computers, the functions and roles of the machines, and other useful information.

Han is in the marketing department. Although he should not be able to view files or folders from the finance department, he can, and does. This is a problem of ___________.

Confidentiality

In the context of information security, CIA stands for Confidentiality, Integrity, Availability. Explain what confidentiality is and give an example of a confidentiality violation.

Confidentiality ensures that only those with the rights and privileges to access information are able to do so. It ensures that sensitive information is accessed only by an authorized person and kept away from those not authorized to possess them. It is implemented using security mechanisms such as usernames, passwords, access control lists (ACLs), and encryption. It is also common for information to be categorized according to the extent of damage that could be done should it fall into unintended hands. Security measures can then be implemented accordingly. When unauthorized individuals or systems can view information, confidentiality is breached.

The objective of the Bell-LaPadula security model is

Confidentiality.

" Asymmetric cryptography " and "public key cryptography" are two different terms for the same thing.

FALSE

Discretionary access control is an approach whereby the organization specifies use of resources based on the assignment of data classification schemes to resources and clearance levels to users.

FALSE

Hashing functions require the use of keys.

False (Hashing functions do not require the use of keys.)

Luke wants to send a confidential message to Han. Which key should he use to encrypt the message?

Han's public key

Luke is a developer. Although he should not be able to change configuration files on the production server, he can and does. This is a problem of ___________.

Integrity

What is the biggest drawback to symmetric encryption?

It requires a key to be securely shared. In symmetric encryption, the key must be securely shared. This can be complicated because long keys are required for good security.

Hash functions

Mathematical algorithms that generate a message summary or digest (sometimes called a fingerprint) to confirm message identity and integrity. *Convert variable-length messages into a single fixed-length value *Message authentication code (MAC) may be attached to a message *Used in password verification systems to store passwords and confirm the identity of the user It is infeasible to modify a message without changing its hash. Even small changes in the message should change the hash drastically. It is practically infeasible to find 2 different messages with the same hash (The hashing algorithm should be collision resistant, that is, they should resist birthday attacks)

Swiping a card and entering a PIN to authenticate is an example of

Multifactor Authentication

Padme sends an order to her stock broker. A few days later, she realizes that the stocks she had bought have plunged and she denies having sent the order. This is a problem of ________.

Nonrepudiation

Establish secure defaults

Password aging is enabled on all the machines of the organization. To get rid of this feature, a special request must be made to the CIO.

The redirection of legitimate user Web traffic to illegitimate Web sites with the intent to collect personal information is known as __________

Pharming

A hashing algorithm

Public functions that create a hash value, also known as a message digest, by converting variable-length messages into a single fixed-length value. A special mathematical function that maps data of arbitrary size to data of fixed size, is a hashing function

A table of hash values and their corresponding plaintext values that can be used to look up password values if an attacker is able to steal a system's encrypted password file is known as a(n) __________.

Rainbow table

A Linux system has the following file listing:(EXAMPLE) -rwxr----- 1 larry development 190 Mar 29 06:01 main.cpp This file listing indicates that: main.cpp is owned by a user identified as larry. main.cpp is owned by the group development. What is larry allowed to do with main.cpp?

Read, Write and Execute.

The only data center of an organization is destroyed by a tornado and a subsequent flood. All the backups were kept in the data center, so all the data is lost. This is a failure of which element of the operational model of computer security?

Response or Layered Security

Requiring one employee to place an order and another employee to authorize the sale is an example of which principle?

Separation of duties

Nowadays, many organizations understand the need to protect their assets by implementing a security program. One of the first steps in implementing a security program is to perform a threat analysis. A threat analysis is a process in which an organization identifies and characterizes the threats attached to its assets. Perform a threat identification for the following scenario: You have been hired by a startup company that offers online 3D printing. Their business concept is easy to understand: The website has a single form, that allows a user to enter his information (including his address and credit card information), and to upload his 3D design. Upon reception of the form's data and after processing the payment, the company prints the design and delivers it to the indicated user's address. Because this is a young company, your colleagues run the unique server that hosts the web application in their garage. Because they are fresh out of college, they are not knowledgeable about security and haven't implemented any security controls yet. Please note that this scenario is not detailed. Please include in your response any assumption that you have used.

Several security threats can be recognized from the given case study. The developers of the web application, which accepts credit card information, are young fresh college, and since they have not implied any security controls, there is every possibility that an attacker can eavesdrop through communication lines and capture the sensitive credit card information. Customer details should be secured. Failing in which would lead to disclosing the details to the near competitors and would attract them by some special offerings. As the web server is a single system, it might not be capable of baring all the customer requests. It might result in a crash server and will cause deterioration in business prospects. Since the server is placed in a very insecure place, a garage, anyone could have access to the server. This would lead to losing owner specific customized 3D designs or since no security controls are placed, it might also lead to losing bank related information that can thwart. The form that accepts the user information, to be printed in 3D, might not be secured. This might also allow in release of customer's information which the customer would not appreciate. Since, server is not securely located, printing technology could be captured and duplicated by the insiders to become a mere competitor in future.

Which items are included in the x.509 certificate?

Signature of the Certificate Name of the issuing CA Validity period of the certificate Public key of the subject

A person who manipulates people into performing actions they should not perform or into divulging information they should not divulge is a(n) __________.

Social Engineering

A member of a terrorist organization copies the location and the time of their next attack into a text file and then hides the text file in an image file. The image file is then posted on his blog for others who know where to look to extract the information. This is the example of the use of

Steganography

Removing unnecessary services and applying service packs is an example of what?

System Hardening

Kerberos __________ provides tickets to clients who request services.

TGS

Symmetric encryption algorithms are in general faster than asymmetric encryption algorithms.

TRUE

Least privilege

The data entry employees are given basic user accounts because it's all that is required for their tasks to be completed.

Keyspace refers to

The location where keys are stored The number of keys needed to encrypt or decrypt a message All possible key values The portion of the algorithm that the key connects with to encrypt or decrypt a message

Defense in depth

The network is protected with a firewall, packet filtering router, IDS, and personal firewall

Minimize attack surface area

The organization's website does not have a Comments section anymore, due to XSS threats.