Computer Security (ch 10-ch15)
Tell me two applications of sequence numbers in TCP.
-makes spoofing more difficult -reorders packets -TCP uses a sequence number to identify each byte of data. -An attacker who is able to eavesdrop a TCP session and redirect packets can hijack a TCP connection. To do so, the attacker learns the sequence number from the ongoing communication and forges a false segment that looks like the next segment in the stream. -Sequence numbers allow receivers to discard duplicate packets and properly sequence reordered packets.
Which is a MAC address?
00:17:F2:00:C3:F9
What is the bandwidth (in bits per second) of gigabit Ethernet? Please use scientific notation
1 x 10^9 bits
How many IPv6 addresses are possible?
2^128
How many IPv4 addresses are possible?
2^32
How long is an IPv4 address?
32 bits
What is NAT? (Network Address Translation)
A method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device.
What is Dynamic Host Configuration Protocol?
A network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given network. Also assigns DNS and subnet
Give an example of masquerade in a cyber-security situation.
A person tricks the network into sending messages claiming to be originated by someone else. In the networking environment, this behaves like a particular type of forgery. A person uses someone's computer and pretends to be that person, sending embarrassing emails or whatever
What is a "ping flood"?
A ping flood is a simple denial-of-service attack where the attacker overwhelms the victim with ICMP Echo Request (ping) packets Takes millions to flood the server
What is the role of a port number?
A port number is a way to identify a specific process to which an Internet or other network message is to be forwarded when it arrives at a server.
ACK
Acknowledge
ARP
Address Resolution Protocol
Why is computer security a harder challenge in a company of 100,000 employees than in a small family or a small company of 15 employees?
An enterprise is a larger community of people with different backgrounds, motivations, and desires.
What is a logic bomb?
Attacks implemented by employees that take effect unless the employee deactivates them on a regular basis. The bomb triggers if the employee is fired and is not present to deactivate it
Briefly explain the structure and components of a three-part domain name, like www.amawig.com.
Before the dot: local subdomain: "www" - World Wide Web Between the dots: subdomain: "amawig" - the name (can be up to 63 characters long) After the dot: top level domain: "com" - commercial
Framing refers to what layer of the OSI model?
Data Link layer (layer 2)
My network is getting flooded with endless hordes of useless packets coming from numerous machines scattered about the internet. What attack am I falling victim to?
Denial of service
DDOS
Distributive Denial of Service
DNS
Domain Name System
DHCP
Dynamic Host Configuration Protocol
What does the "internet" layer do in the OSI model?
For outgoing packets, select the next-hop host (gateway) and transmit the packet to this host by passing it to the appropriate link layer implementation; For incoming packets, capture packets and pass the packet payload up to the appropriate transport layer protocol, if appropriate. Provide error detection and diagnostic capability.
What is special about the first three bytes of a MAC address?
ID number of the manufacturer, which is assigned by an Internet standards body
How do Ethernet networks avoid collisions? [Hint: exponential backoff]
If the host detects a collision, it randomly picks a wait time, but doubles the possible range of the wait time. Thus, if it collides again and again, it will wait longer and longer before it tries again. Eventually it will find the network idle, and it will transmit its packet
Why does the transport layer (in TCP) occasionally repeat packets?
If the network delays the ACK packet for some reason, the sender doesn't receive the ACK within the timeout interval, it retransmits the packet. This yields the right result if the packet was actually lost. If the ACK was lost or simply delayed, the retransmission created a duplicate packet. Packet lost --> resend Packet damaged --> resend
Imagine following a recently-generated application datagram throughout all the code running in a computer, on its way out being transmitted. In terms of the physical/data-link/network/transport layers, which is encountered first?
In order: Physical, data link, network, transport
Imagine following a recently-received application datagram throughout all the code running in a computer, on its way in being received. In terms of the physical/data-link/network/transport layers, which is encountered first?
In order: Physical, data link, network, transport
Imagine that I intercept an application datagram in transit. In terms of the physical/data-link/network/transport layers, which will be found at the start of the bit-stream?
In order: Physical, data link, network, transport
How does TCP achieve retransmissions?
In the case a sender infers that a packet has been lost and retransmits the packet. The retransmitted packet will have a sequence number that is smaller than previously observed packets at the measurement point and hence will be deemed "out-of-sequence."
What is ICMP?
Internet Control Message Protocol one of the main protocols of the internet protocol suite. It is used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached.
IP
Internet Protocol
What does it mean to "ping" a server?
It means can you communicate with the server Sends data packet to a server and if it receives a data packet back, then you have a connection
Give an application where retransmissions wouldn't make any sense.
Live streaming
Why does a computer need to have both a MAC address and an IP address? Why can't we just get by with only one?
MAC addresses are used to identify machines within the same broadcast network on layer 2, while IP addresses are used on layer 3 to identify machines throughout different networks. Even if the computer has an IP address, it still needs a MAC address to find other machines on the same network (especially the router/gateway to the rest of the network/internet), since every layer is using underlying layers
MAC
Media Access Control
What happens if the DNS server of an institution falls victim to a DDOS?
Might interfere with internet traffic for a short time However, most DNS queries are answered with cached response, so many internet users might not even notice
NAT
Network Address Translation
Why do we need retransmissions?
Networks are usually 'unreliable', meaning they offer no guarantees that they will not delay, damage, or lose packets, or deliver them out of order.
Can we ever run out? (Hint, earth's population is 7 billion people.)
No
If you're using DHCP, is always the case that you're using NAT?
No because you could just be using a router on the internet
If the transport layer (in TCP) on a sender repeats a packet, it is necessarily because the previous transmission of that packet was lost in transit?
No, the ACK packet could've just been delayed by the network and missed the timeout window
Is the IT department of an enterprise entirely responsible for the computer security of the enterprise?
No, they also depend on the users themselves to use the computers responsibly
What three competing factors must be balanced against each other, in enterprise security?
Objectives of the enterprise, risks, costs of security measures
Give an example of forgery in a cyber-security situation.
Someone constructs a bogus message or modifies a legitimate message as part of an attack. A bogus order could send merchandise without collecting payment
Give an example of subversion in a cyber-security situation.
Someone modifies or otherwise takes over part of the network so that it enables an attack. An attacker might reroute traffic to allow its interception. Note that in networking, this threat involves physical or logical changes to network components. It does not involve changes to network traffic
Give an example of physical theft in a cyber-security situation.
Someone stealing network hardware, like wires, hubs, or other equipment that keeps the network running
What four numbers represent a socket?
Source IP address, destination IP address, port, other person's port
Give an example of a tree network
Star networks linked together
SYN
Synchronize
What is the principle distinction between UDP and TCP?
TCP is connection oriented - once a connection is established, data can be sent bidirectional. UDP is a simpler, connectionless Internet protocol.
Let's say that someone steals an executive's corporate laptop while he is using the restroom at lunch. If he is using an operating system with all the security patches, and has a great password, is everything going to be okay?
rip apart the laptop and take out the hard drive (it's probably not encrypted) and just take the files could just boot from USB or CD and view files that way
What did the nation of Tuvalu do that was really good for revenue?
sale and royalties of .tv domain
Why is the DNS network distributed?
so we don't rely on just one server the server responsible for a particular name's meaning can update the information itself without having to update other systems. by distributing authority to different servers, DNS decentralizes management of different parts of domain names
Why is it that logic bombs detonate in the absence of a daily or weekly "do not attack" signal, instead of in the presence of a "start attacking" signal?
to screw over the company if they're fired they can also say "it wasn't me, I don't work there anymore"
Why do we need DNS?
used to resolve human-readable hostnames like www.amawig.com into machine-readable IP addresses like 204.13.248.115 also provides information about domain names, such as mail services
What is insider trading, and how does it relate to computer security?
using secret company information to anticipate changes in its publicly traded stock price and buying and selling stock accordingly
How long is an IPv6 address?
128 bits
What are the seven layers of the OSI model?
1. Physical 2. Data Link 3. Network 4. Transport 5. Session 6. Presentation 7. Application
If you were to divide the surface of the earth into a roughly square shape for each IPv6 address, how big would each square be in area? (Hint: the surface area of the earth is 510.1 trillion m²)
1.5 x 10^-24 m^2 (510.1 trillion m^2) / (2^128)
If you were to divide the surface of the earth into a roughly square shape for each IPv4 address, how big would each square be in area? (Hint: the surface area of the earth is 510.1 trillion m²)
118766.91 m^2 (510.1 trillion m^2) / (2^32)
What is a collision, in terms of a computer network?
A collision occurs if two or more hosts try to transmit a packet at once
What is a SYN flood?
A form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic. Takes several thousand to flood the server
What else can a household network gateway do for a household?
A gateway provides a simple and convenient way to construct a small LAN. A typical low-cost gateway automatically configures Internet addresses and routes traffic between the LAN and the Internet. Also contains an event log and firewall.
In the context of network security, what is "spoofing"?
A spoofing attack is when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware, or bypass access controls.
What is ransomware?
A type of malicious software designed to block access to a computer system until a sum of money is paid
Give an example of denial-of-service in a cyber-security situation.
An attack that makes some or all of the network unusable. Typical attacks either flood parts of the network with traffic or render network components unusable.
Give an example of disclosure in a cyber-security situation.
An attacker's computer intercepts copies of network data intended for others. Eavesdropping may yield passwords or other data that enables a more serious attack
BCP
Border Control Protocol
BIA
Business Impact Analysis
Give an example of a mesh network
City phone network with interconnected local exchanges modern day example: walking around on stout campus, connecting to different routers but still connected to the internet
What is the distinction between Class A, Class B, and Class C addresses?
Class A. There were 128 of these; each supporting over 16 million hosts on the network. Class B. There were over 16,000 of these; each supporting over 65,000 hosts on the network. Class C. There were over 2 million of these; each supporting 254 hosts on the network.
Give an example of a star network
Phone service where phones are connected to a single central exchange Modern example: computers connected to one router
PGP
Pretty Good Privacy
RAID
Redundant Array of Independent Disks
Give an example of a bus network
Rural phone systems Phones sharing the same link
What is the handshake process in TCP?
SYN, SYN/ACK, ACK
SSL
Secure Sockets Layer
What is bandwidth?
The bandwidth is the maximum data rate
What is baud?
The data transmission rate was expressed in baud, which counts the number of symbols transmitted per second
What is a "hop count"?
The hop count refers to the number of intermediate devices (like routers) through which data must pass between source and destination, rather than flowing directly over a single wire The TTL field effectively counts the number of "hops" the packet takes through routers.
How do wireless networks avoid collisions? [Hint: RTS/CTS]
The wireless protocol takes two steps to address this problem. First, the transmitter and intended recipient both transmit messages to warn away other traffic. Second, the recipient will immediately request a retransmission if a transmission fails
TTL
Time to live
What is a TTL field in an IP packet?
Time to live A router leaves everything past the IP header unchanged. It makes exactly one change to the IP header: It subtracts one from the time to live (TTL) field.
What is Wireshark/Ethereal?
Tool that collects network traffic and displays it as a sequence of packets
TLD
Top Level Domain
TCP
Transmission Control Protocol
What is an example of packet switching?
Used by modern computer and cell phone networks. Packets are blocks of digital data that are neither too large nor too small to handle efficiently. Similar to sending messages on postcards. Ex: computer network
What is an example of message switching?
Used by postal and telegraph networks. When we send an email, the system handles and delivers the message as a single unit. We never receive part of an email; the system only handles and delivers complete messages. Ex: postal service
What is an example of circuit switching?
Used by traditional telephone networks. Ex: Phone calls.
UDP
User Datagram Protocol
What is ARP? (Address Resolution Protocol)
When a host needs to send a packet to another host on the same LAN, its protocol stack must convert the destination's IP address into the correct MAC address
How does TCP achieve reordering?
When a sender generates a traffic stream it generates an in-order sequence of data packets. Due to any number of causes (retransmission, network duplication, in-network reordering), there may be a chance that the ordering of the packets received at the destination is different from that which the sender generated
WEP
Wired Equivalent Privacy
WPA
Wireless Protected Access
What happens if you don't use DHCP?
You have to manually reconfigure your IP address because it's static
What is DNS cache poisoning?
a resolver receives a bogus response to a DNS query. All subsequent queries will receive the wrong information and redirect connections to the wrong IP address
Give an example of a point-to-point network connection
a tin can telephone
Why is DNS data cached?
data stored so future requests for that data can be served faster
What common UNIX tool will tell me the IP address for a DNS address, or the DNS address for an IP address?
domain name resolver software "nslookup"
Give me an example of multi-person control in a non-military context.
finance: one person makes a list of checks, one person prints the checks, one person signs the checks bank using multiple people to open the safe