Info Sec Final
Briefly explain how a SYN flood attack works. In your answer tell what a SYN packet is, resource is attack and what the effect of that attack is.
A SYN packet is a synchronize message sent to a server to establish a connection between the client and server. The resource attacked is the network which is bogged down with bogus requests making it unusable to regular users and legitimate traffic.
Describe the function of a firewall.
A firewall has both an internal and external interface. It uses these interfaces to control what traffic is allowed to go through the network from internal to external and vice versa. The primary mechanism firewalls use to allow or deny network traffic is ports and services.
Distinguish between a vulnerability and an exploit
A vulnerability is a weakness that can be used to do harm. An exploit makes use of said vulnerability.
Kerckhoffs' principle
Assume the attack knows the algorithm used
Tell what is "common" about the common cirteria.
At the lower levels it just illustrates common practices for engineering and security specific design approaches. It doesn't even mention a review of the source code until EAL 4.
Distinguish between authentication and authorization.
Authentication is ensuring that the person whose account is tyring to access the data is indeed who they say they are. whether that be by password, biometrics, or even a smart card. Authorization is a check done on the password or other security measure making sure you have the rights to that system
Of the 3 properties of information resources, what property of security is attacked in a DDOS attack. (one word is enough)
Availability
Explain the difference in operational use for backing up data and archiving data.
Backups are used for operational recoveries, so that information is quickly and easily restored. Archives are where information is stored in a format that won't be changin and shouldn't change. Making them hard to retrieve and meant to be stored for long periods of time.
Why is an error in implementing a default deny policy likely to be less severe than an error in implementing a default-permit policy?
Because everything that isn't expressly forbidden will get through to the network. Rather than than, if you use a default deny, where everything that isn't expressly allowed is denied entry to the network.
Name and briefly describe the properties of information resources with respect to info security. These are attributes of information that together describe a secure system. The McCumber Model refers to these as components of information security. (It's a 3 letter acronym)
CIA; Confidentiality, availability, and integrity.
Distinguish between computationally secure and absolutely secure encrypted messages.
Computationally secure means that the password or other security measure is able to be cracked, but it would take so long that the information wouldn't be worth the effort. Absolutely secure, implies that it is impossible to break the encryption.
Name and briefly describe the three properties of a secure information system. These are attributes of information that together describe a secure system. (Hint: three-letter initialism.)
Confidentiality; Securing information from unauthorized users Integrity; making sure the information is not tampered with by unauthorized users Availability; making sure data is accessible in an easy way when the information is needed.
Describe how distinguishing between data and instructions in the computer's memory can serve as a defense against malicious software.
Data can be set to not be executable so hackers can hides instructions in data.
Explain in detail why a public key embedded in a digital certificate is much harder to tamper with than the public key alone.
Digital certificates have 4 main properties, the principles identity, the public key, identity of the signer, and digital signal. You would have to access the private key without the owner knowing about it.
What is one security benefit of network address translation.
It allows you to hide ip addresses within a private network from the public network.
A firewall can block outgoing packets based on source address. How does blocking outgoing packets not having a source address in one's own address space improve security?
It prevents an insider from intentionally involving the organization by using the source address in a spoofing attack
What would be the effect on public key cryptography if mathematicians discover an easy way of finding the prime factor of large numbers? Explain why.
It would make it easier to crack the key. Public key cryptography relies on prime numbers and the fact that prim factorization takes a long time. Your public key is generally the product of two large prim numbers, which can encrypt a message and you private key consists of those two prime numbers which decrypt the message.
In the US, organizations sometimes use SSNs or a part of it as an authenticator. Is this a good or a bad idea? Explain.
It's a bad idea, because this is something that will need to be added into a database, which can be easily retrieved by an attacker. Given that, it's something that should be secured.
What is a default deny policy?
It's a security policy that unless you specifically allow something, it gets denied entry to the network.
The Bell-LaPadula confidentiality model includes the *-property, also described as "no write down." What kind of security breach is the *-property intended to prevent? Explain how such a breach could occur without the *-property and how the *-property prevents it.
It's intended to prevent someone that's not privy to confidential information doesn't have the ability to look at it. If a malicious person passes classified information along by putting it into a place labeled a lower security classification than the information itself. Allowing others to access said information. The *-Property prevents this by only allowing someone with higher security clearance or equal clearance.
Name the three things related to security that the McCumber Model is inteded to cause us to think about.
It's to force us to understand the relationship between security, the available tools, and the limitations of people.
What is the purpose of a key exchange algorithm? With what type of cryptosystem is such an algorithm needed?
It's to keep your information secure from unauthorized users, by sharing a key with someone so that they can decrypt your data, assuming they're an authorized user. This algorithm is needed in a public key cryptosystem.
Signature-based virus detection programs have a major security shortcoming, what is it?
It's unable to flag malicious files for signatures that haven't been developed.
A one-time pad cryptosystem have a provable property that no other cryptosystem has. What is it?
It's unbreakable
What is social engineering.
It's when you attempt to get someone to release personal information through deception and manipulation.
Distinguish between mandatory access control and discretionary access control.
Mandatory access gives control to externally-enforced policies. Discretionary access control gives access at the desecration of the objects owner.
What is the chinese wall integrity model intended to prevent?
Prevent conflicts of interest.
Name the three things related to security that the McCumber Model is intended to cause us to think about
Properties triad, Technical safeguards of information security, and the secure states of information
Name the three goals of information security
Response and recover, prevention, and detection
How does a SQL injection attack work? (not the definition, but how)
SQL code is injected as user input inside a query. Allowing the attacker to exploit a security vulnerability occurring in the database layer of the application, and hide data.
Symmetric key cryptography
Security depends on a secret key shared between sender and recipient.
Distinguish between the principle of least privilege and seperation of duties.
Seperation of duties is when critical network tasks are divided among several administrators. The principle of least privilege is when a user's access is tied to their work tasks and is limited so they have enough acces to perform the tasks necessary for their job.
What kinds of servers are placed in a DMZ in a corporate network?
Servers that handle mail, external DNS, FTP, and VoIP systems.
Bill's public key is "wrapped" in a digital certificate signed by a certificate authority. Assume that Eve replaces Bill's public key with her own in the certificate, but makes no other changes to the certificate. If Alice then uses the certificate to get Bills public key, she will be warned of a problem. Explain how. (Assume Alice makes no mistakes and takes no shortcuts.)
She will be warned because when Eve replaced Bill's public key with her own in the certificate, it was then signed by Eve. Alice would know that someone else viewed the document because it isn't "signed" by Bill's public key.
What are the three factors that can be used in authentication?
Something you know, something you have, or something you are.
Explain the difference between symmetric key encryption and asymmetric (public) key encryption
Symmetric encryption utilizes the same key for both decryption and encryption. Asymmetric key encryption utilizes two keys. One to encrypt and the other to decrypt. One is public and available, the other is private and is the only key that can decrypt the data.
Of symmetric key cryptography and public key cryptography, which is less computationally intensive?
Symmetric key cryptography.
For most operation systems in ordinary operation, what happens to the contents of a file that deleted?
The bits and bytes are recycled, but until they are overwritten the deleted data is still there completely in tact.
What vulnerability (software error) must exist in order to enable a buffer overflow attack.
The code written must check for buffer boundries to prevent these types of attacks.
We discussed that one should not use a computer account with admin privileges for routine work. This is an example of what principle of computer security.
The principle of least privilege.
What is the principle of least privilege?
The user is given the bare minimum rights that are need to complete the task at hand, and no more beyond that.
What can a proxy firewall do that a packet filtering firewall cannot do?
They can look at the contents of packets that pass through them.
Briefly describe how a VPN is implemented. In your answer, be sure to tell what makes it private.
To implement VPNs, a VPN gateway is needed. This could be a router, firewall, or a Cisco ASA. It's secure due to the use of the technologies listed allows you to encrypt traffic from end to end, so that someone could connect securely to your private network over an otherwise insecure network.
Cryptographic hash functions
Transform an input into a fixed-size output with properties that depend on the function.
A cryptographic hash algorithm is a one-way function; information processed with such a hash algorithm cannot later be recovered. Name one use for a cryptographic hash and briefly explain how the hash is used in your example.
Using a password. you can enter your password, and the hash value is then compared to the stored hash value to be authenticated.
breaches of information security involve one or more of the following
disclosure, alteration, or disruption
What is the difference between identification and authentication
identification is something like your username. Where authentication needs something more to prove who you are, like a password.
What are the two most important factors in determining the strength of a cryptographic key
length and randomness
Whether and how much to protect an information asset is determined
using cost-benefit analysis
In the context of information security, accountability means?
we can tie actions to ap articular entity or person
Explain why using a computationally intensive hash algorithm is important when storing password data.
with intensive algorithms, the time to crack takes a lot longer, slowing down the attacker.
