Computer Security Final Ch5 Network Security
Can two network interfaces have the same MAC address? Why or Why not?
yes by manufacturing error or spoofing but it's not supposed to happen. Every network interface should have its own MAC address. If the MAC address is duplicated then the sender of information won't be able to recognize the network of the person who should be receiving the information.
What is an ACK storm and how does it start?
A possible side effect of a blind injection attack, it can cause a client and server to become out-of-synchronization with respect to sequence numbers, since the server got a synchronization message the client never actually sent. The client and server might start sending ACK messages to each other, each trying to tell the other to start using correct sequence numbers. This back and forth is known as an ACK storm.
Show why installing static ARP tables on the machines of a local area network does not prevent a malicious machine from intercepting traffic not intended for it.
An ARP request for an IP address is sent to all machines on the local area network, there is no authentication scheme so anyone can claim to have the requested address. Installing an ARP tables on the machine of a local area network does not prevent another machine from looking through the data since there's no authentication so the data that was meant for someone else can be caught by someone else.
Jill lives in a large apartment complex and has a Wi-Fi access point that she keeps in her apartment. She likes her neighbors, so she doesn't put a password on her Wi-Fi and lets any of her neighbors use her Wifi from their near by apartments if they want access to the internet.What kind of security risk is jill setting herself up for?
Jill is setting herself up for a Blind injection attack because an attacker can temporarily use the IP address of Jill's neighbor to inject a packet containing a command.
What is the difference between a MAC address and an IP address?
MAC address is 48-bit identifier to a network interface and IP address is 32-bit if its IPv4 or 128-bit if itsIPv6. MAC address is assigned to a network by manufacturer and IP address is assigned by ISP. MAC address is used in the link layer to identify the device in a network. IP is an internet protocol that causes the routing of packets from source to destination.
What is a distributed denial of service attack and how is it possible for a single person to orchestrate one?
Malicious users leverage the power of many machines to direct traffic against a single web site in an attempt to create denial of service conditions. A single person can orchestrate this by using botnets, large networks of machines that have been compromised and are controllable remotely.
Explain how IP broadcast messages can be used to perform a smurf DOS attack.
Many networks feature a broadcast address by which a user can send a packet that is received by every IP address on the network. Smurf attacks exploit this property by sending ICMP packets with a source address set to the target and with a destination address set to the broadcast address of a network. When sent packet is received by every machine on the network then ICMP packets are sent by the receivers that results in amplification that results in smurf attack. To prevent this attack, administrators should configure hosts and routers on their networks to ignore broadcast requests.
How is it that a machine of a private network behind a NAT router can make a connection with a web server on the public internet?
NAT allows all private machines to share same public network or IP address.
Can two network interfaces have the same IP address? Why or why not?
No, it can confuse the computer that sent a message, it won't know if the message was received.
Describe how sequence numbers are used in the TCP protocol. Why should the initial sequence numbers in the TCP handshake be randomly generated?
Sequence numbers are used to ensure reliability. The client sends a packet with a SYN flag and server replies with a packet containing an initial sequence number and both the SYN and ACK flag. The initial sequence numbers in the TCP handshake should be randomly generated because without using any randomness, it is easy to predict the next sequence number since the counter only increments by 1 with each transmission. Modern TCP stack implementation use pseudorandom numbers which make prediction attack more difficult but not impossible.
Describe the difference between a switch, hub, and IP router, including their respective security implications.
Switch: transfers all frames to appropriate destination and are a better way to connect machines in a small local area network as it reduces congestion and flooding. This reduces the risk of network eaves dropping. Hub: A device that connects multiple devices together, allowing them to act as a single network segment. Hubs generate large amounts of unnecessary traffic and increases risk of network eavesdropping. IP router: routes a data packet from source node to destination node. It is very secure since the IP address of sender and destination are verified.
Explain why web sites and file transfers are nevertheless typically transmitted over TCP instead of UDP.
TCP is more secure since data won't get lost. TCP uses sequence numbers and acknowledgement which make this more secure then UDP which doesn't use this.
In the three way handshake that initiates a TCP connection, if the SYN request has sequence number 156955003 and the SYN-ACK reply has sequence number 883790339, what are the sequence and acknowledgement numbers for the ACK response?
The sequence number for the ACK response is 156955004. The acknowledgement number is 883790340.
How many IP addresses are available under IPv6? Is it realistic to say that IPv6 will never run out of addresses?
There are 2^128 = 3.4x10^38 Ip addresses available under IPv6. No, it's not realistic because IPv6 has an address limit.
Why is it that packet sniffing can learn so much about the content of IP packets?
This is possible because packet sniffers can see the sequence number of the packets being used to establish TCP connections. If the packet sniffers find this information, it's easy for them to hack the complete session. This allows easy access for an attack of blind injection or other attacks.
Explain why audio and video streams are typically transmitted over UDP instead of TCP.
UDP is often used in time-sensitive applications where data integrity is not as important as speed. TCP is used for applications where data order and data integrity is important. UDP provides connectionless service, TCP provides connection oriented service. UDP is used for audio and video streaming instead of TCP because speed matters more the data integrity and the data is stored in buffers which is a connectionless service.