Network Security Exam 1
In Unix/ Linux file systems, which directories are referred to by "/", "." and ".."?
"/" is the root directory "." working directory ".." working directory's' parent
Which of the following is NOT a valid netmask value?
255.255.108.0
What is the private IP address and give an example of private IP address?
3 portions of IP address set aside for a private use. Ex: 10.0.0.0-10.255.255.255 172.16.0.0- 172.31.255.255 192.168.0.0 - 192.255.255
What is the use of ARP protocol?
ARP: determining the MAC address of a computer given its IP address. To map a particular IP address to a given MAC address so that the packers can be transmitted across a LAN. ARP can be applied to LAN technologies besides Ethernet.
What is the daemon process on Unix?
Always-on program running in background. A background process runs "behind the scences" (i.e. in the background) and without user intervention.
What security services are provided to applications by the SSL/TSL protocol? How are those services implemented in the SSL/ TSL protocol?
Authenticated and encrypted communication. Confidentiality, authentications (digital certificate) widley deployed security protocol. HTTP on top of SSL, supported by almost all browers. Digital certificate adn variety of encryption algorithms.
What are the meaning of those three security goals: Confidentiality, Integrity, and Authentication?
Confidentiality - the assurance to an entity that no one can read a particular piece of data except the receivers explicitly intended. Integrity- the assurance to an entity that data has not been altered (intentionally or unintentionally) between "there" and "here" or between "then" and "now". Authentication - the assurance to one entity that another entity is who/he/she/it claims to be.
What type of network applications may prefer UDP to TCP?
DNS (Domain Name System) Streaming of audio/video
What are the length in bits of the Ethernet MAC address, wireless MAC address, IPv4 address, and TCP/UDP port number, respectively?
Ethernet MAC address - 48 bits in length. Wireless MAC address - 48 bits in length. IPv4 address - 32 bits. TCP?UDP are 16 bits in length.
Explain the following terms in the context of network security.
Hacker-someone who breaks into computers; clever programmers. Cracker-people who attacks computer systems with evil intent. Black Hat- malicious hacker White Hat- ethical hacker Script kiddie- runnning tools
When you are using the network tool "ping" to test whether a remote host on the network is alive, which kind of the following packets are sent out from your machine?
ICMP, IP
What is the difference between NAT (Network Address Translation) and PAT( Port Address Translation)?
NAT is enabled router that sits between private/public network. Outgoing datagram change source IP address; Incoming datagram: change destination IP address. PAT is enhancement on NAT; allows all computers of a private network to be mapped to single public address.
What is the role of routers in network communications? Which three layers in the 5-layer TCP/IP network architecture model does a router process?
Network, Link, and Physical Layer
Reckoning with NAT, can we still claim that each computer on the Internet has a unique IP address? Can we still claim that each computer with an Ethernet card has a unique MAC address? Why or why not?
No, many private networks use the same private address space; not unique or not routable on global Internet. Yes, a unique 48-bit address hardwired into every Ethernet card. Manufacturers buy portion of MAC address space to assure uniqueness.
Because of the dramatic increase of computer attacks in recent years, the textbook calls today "Golden Age of Hacking". Try to explain the main causes for the increase in computer attacks.
Our lives are increasingly reliant on computers and networks(Personal information, finanical transactions). More and more flaws in computer systems: more complexity, more vulnerabilities (analogy: bigger building has more entrance) Example: web-page, static HTML applets. Computer technology is continuing its advance into our live(Example: medical care)
Cyber-attackers come from all walks of life. Please explain the difference between outsider attackers and insider attackers.
Outsider attackers are without legitimate access to the system. Insider attackers are with legitimate access to the system. Outsider: Organized Crime, Terrorists, Governments, the competition, Hacktivists, and "hired guns". Insider: Disgruntled employees, clueless employees, customers, suppliers, vendors, business partners, contractors, temps, and consultants.
Consider than an IP datagram is fragmented into multiple IP fragments at a router. In which of the following IP header fields do all the IP fragments have the same value?
Source IP address , Identification
In which layer of the TCP?IP network architecture model does each of the following protocols reside?
TCP- Transport Layer UDP-Transport Layer IP- Network Layer ICMP-Network Layer
In the context of TCP protocol, explain the following terms.
open port- accepting incoming packet closed port- not accepting packet high-numbered - >=1024
Which of the following is a valid IP address?
123.231.1.166
What is the name of each layer of the 5-layer TCP/IP network architecture model? What are the major functions of each 5 layers?
1. Physical Layer- is the transceiver that drives the signals on the network. (receives bits) 2. Data Link Layer(MAC)- responsible for creating the frames that move across the network. 3. Network Layer- responsible for creating the packets that move across the network. 4. Transport Layer- establishes the connection between applications on different hosts. 5. Application Layer- group of applications requiring network communications.
What is the full name of each of the following protocols?
1. TCP - Transmission Control Protocol 2.UDP - User Datagram Protocol 3. IP- Internet Protocol 4. ICMP- Internet Control Message Protocol
What is the minimum and maximum size in bytes of each of the following protocol headers?
1. TCP header - 20 bytes min. 60 bytes max 2. UDP header - 8 bytes min. 65,000 bytes max 3. IPv4 header - 20 bytes min. 60 bytes max.
Suppose Host A sends a ping request message (ICMP message of type 8) to Host B. The ping message is encapsulated in an IP datagram. When Host B receives the IP datagram, how does the IP entity (the software component in charge of IP protocol) know it should pass the ICMP message (that is, the payload of IP datagram) to the ICMP entity rather than to TCP, UDP, or something else? What type of ICMP message should Host B send back to Host A on receiving the ICMP message of type 8?
1. The "protocol" filed in IP header defines the protocol used in the data portion of the IP datagram. In other words, what type of upper layer packet is carried by this IP datagram. 2. One system can use ICMP to determine whether another system is alive by sending it a ping, which is an ICMP Echo message. If the pinged system is alive, it will respond by sending an ICMP Echo Reply message.
What is the size in bits of each of the following protocol header fields?
1.IPv4 address - 32 bits 2. IPv6 address - 128 bits 3.TCP port - 16 bits 4.UDP port- 64 bits
Typically what network services ae running on the following TCP/UDP ports , respectively?
1.TCP port 25-SMTP 2.TCP port 80- Web 3. UDP port 53 - DomainNameSystem
4. Why is an ARP query sent within a broadcast frame? Why is an ARP response sent within a frame with a specific destination MAC address?
An ARP query is sent in a broadcast frame because the querying host does not know which MAC address corresponds to the IP address in question. So sending out ARP query within a broadcast frame will make all computers on the same Ethernet receive and process the query. The computer having the queried IP address will send back ARP response announcing its MAC address. For the response, the sending node knows the MAC address to which the response should be sent (from the header of ARP query frame), so there is no need to send a broadcast frame.
If we want to modify the example to show the same kind of communication between another computer (IP addr: 10.0.0.2) and the server, what will be the values of the source IP addr and destination IP addr in the four packets displayed in the example?
Change the IP address value in the 1st and 4th packets from 10.0.0.1 to 10.0.0.2
Suppose you are using a computer right now. How could you figure out whether that computer you are using is on a network served by a NAT-enabled router?
Check whether that computer's IP address is a private IP address. If so, that computer in on a network served by a NAT-enabled router.
What is the relationship between Secure Socket Layer (SSL) protocol and Transport Layer Security (TSL) protocol?
Security service between application layer and transport layer. SSL- security protocol designed by Netscape. TSL - successor to SSL.
By convention, we refer to data packets in different layers as different names. Which layer's packet referred to as each of the following terms?
Segment- Transport Layer Datagram- Network Layer Frame-Data Link/Physical Layer
What is the difference between Ethernet hubs and switches regarding frame forwarding?
The hub broadcast device- frame coming in link go out all other links at the same rate. The switch is smarter than the hub - examine incoming frame's MAC address, selectively forward frame to one-or-more outgoing links; store, forward Ethernet frames.
A freshman student saw "https" in the URL address displayed at his browser address bar when he was trying to log into his email account. He was wondering what it stands for and came to ask you for the answer. What's your answer?
The hypertext transfer protocol (HTTP) is a worldwide web used communication and an application for hypermedia and information systems.
Suppose nodes A, B, and C each attach to the same broadcast Ethernet LAN (through their network adapters). If A sends thousands of IP datagrams to B with each encapsulating frame addressed to the MAC address of B, will C's adapter receive these frames? If so, will C's adapter pass the IP datagrams in these frames to the network layer of node C? How would your answers change if A sends frames with the MAC broadcast address?
The node C's adapter will receive and process the frames, but the adapter will not pass the datagrams up the protocol stack. If the LAN broadcast is used, then C's adapter will both receive the frames and pass the datagrams up the protocol stack.
In order to establish a TCP connection between two machines on the Internet, at least how many TCP segments should be exchanged between those two machines?
Three TCP segments for the (3 handshake)
The SSL/TLS protocol can provide one-way authentication of a server to a client, e.g., authenticating a website to a browser. One major security concern of SSL/TLS is that the attacker provides a bogus server certificate but the client still accepts it. Enumerate the possible reasons why the client accepts bogus certificates.
Trick certificate authority to get certificate. Exploit the flaw of certificate-checking software (browser), so that bogus certificate can pass verification. Keep fingers crossed, unsuspecting users will ignore warning message of unrecognizable certificate.
Which of the following network applications utilizes TCP protocol?
Web, Email, SSH
2. With the source routing technique, the sending computer of a packet can specify partially or completely the route the packet should take through the network. The sender specifies the route through putting into an IP packet a list of router IP addresses that the packet will travel through. Which fields of IP header can be used to contain that list of router IP addresses?
With source routing, the source machine generating the packet determines which route the packet will take as it traverses the network. each individual IP packet contains the IP addresses of a list of routers is no other space available in IP header for storing those IP addresses.
What are the commonalities and differences between TCP and UDP protocols?
both are process(the same layer same service), both deliver message to a network layer = IP protocol UDP- connectionless, unreliable TCP- connection-oriented, reliable