Lecture main points
pdf
keyboard_arrow_up
School
James Cook University *
*We aren’t endorsed by this school
Course
110
Subject
Information Systems
Date
Nov 24, 2024
Type
Pages
20
Uploaded by HighnessSquirrelPerson357
Topic 1 –
Computer Security
Principles of CIA Triad, Non-repudiation, and Accountability: Confidentiality: Prevents unauthorized disclosure of information. Integrity: Ensures that data has not been improperly modified, tampered with, or corrupted. Availability: Ensures that data and services are available for legitimate users when needed. Non-repudiation: Provides proof of a person's identity linked to specific actions, preventing individuals from denying their actions. Accountability: Involves keeping records of security-relevant events and user identities, establishing a link between actions and individuals. Risk vs Threat vs Vulnerability: Risk: The possibility or likelihood of a threat exploiting a vulnerability, resulting in loss. Threat: Any circumstance or event that potentially compromises security. Vulnerability: Weakness in hardware or software configuration. Aspects of Information Security: Prevention, Detection, Response: Prevention: Actions taken to prevent security incidents. Detection: Identifying security incidents when they occur. Response: Taking action once a security incident is detected. Access Control: Authentication, Authorization, Auditing: Authentication: Validating the identity of a subject prior to accessing a resource. Authorization: Granting authenticated users permission to use certain resources. Auditing: Keeping logs of all access requests. Authentication and Factors of Authentication: Authentication involves verifying a user's identity, often using three factors: something the user knows, something the user has, and something the user is. These can be combined for multifactor authentication (MFA). Attack Surface: The attack surface of a system includes all the components with which an attacker can interact. Fundamental Components of Security Systems: Reference Monitor: An abstract machine that mediates all accesses to objects by subjects. Security Kernel: Hardware, firmware, and software elements that implement the reference monitor concept. Trusted Computing Base (TCB): The totality of protection mechanisms within a computing system, responsible for enforcing security policy. Hardware Architecture and Modes of Operation: Security is typically placed in lower system layers to provide higher assurance and minimize performance overheads. Systems can operate in dual modes: user mode for non-critical instructions and supervisor mode for privileged instructions. Controlled Invocation and System Calls: Controlled Invocation: Invoking a function to execute privileged instructions and then returning to user mode. System Calls: Used for services like opening a file, where an application in a user mode (ring 3) needs services from an OS routine in supervisor mode (ring 0). Confused Deputy Problem and Capabilities: This problem occurs when an outer-ring process asks an inner-ring procedure to perform an action it shouldn't, like copying an object to the outer ring. The solution involves bundling object designation with permissions (capabilities). Memory Protection: Segmentation and Paging:
Memory protection involves logical separation of users to prevent interference and is achieved through segmentation (dividing data into variable-length logical units) and paging (dividing memory into equal-sized pages). Important Security Principles: Includes defense in depth, diversity of defense, implicit deny, least privilege, separation of duties, avoiding security through obscurity, avoiding unnecessary complexity, and considering user behavior Topic 2 –
Access Control
Access Control and Its Primitives: Users/Subjects: Active entities requesting access. Objects: Resources like files or directories to which access is requested. Authentication and Authorization: Authentication: Verification of identity. Authorization: Determines what actions the authenticated entity is allowed to perform. Basic Access Modes: Unix: Read, write, execute. Windows: Full control, modify, read + execute, read, write, create/delete. Bell-LaPadula model (BLP): Execute, read, append (blind write), write. Access Control Techniques: ACMs (Access Control Matrixes): Rows are subjects (users), columns are objects (resources), but can be inefficient with large numbers of users and resources. ACLs (Access Control Lists): Store access control matrix by column, specifying access rights of each user to various resources. Capabilities: Store access control matrix by row, representing what operations a user can perform on various objects. Confused Deputy Problem: Occurs when a program mistakenly uses its authority on behalf of an unauthorized user. Solved by maintaining association between authority and intended purpose; easier to prevent with capabilities. MAC (Mandatory Access Control): System controls access based on a centralized policy, often used in government systems. DAC (Discretionary Access Control): Control is at the discretion of the object owner, widely implemented in most operating systems. RBAC (Role-Based Access Control): Access based on user's job function within an organization, assigning permissions to roles. ABAC (Attribute-Based Access Control): Access control based on user/subject attributes, resource/object attributes, and environmental conditions, offering flexibility and complexity. Bell-LaPadula Model: Formal description of mandatory access control with properties like no read-up and no write-down, ensuring system security. Windows Access Control: Principals: Include local users, domain users, and groups, managed by Security Accounts Manager (SAM) or Domain Controller (DC). Objects: Passive entities like files or devices with a Security Descriptor (SD) containing DACL (Directory Access Control List) and SACL (System Access Control List). Kerberos Protocol in Active Directory: A network authentication protocol using ticket-granting service for secure user authentication and service access
Topic 3 –
Authentication
Identification, Authentication, Authorization: Identification involves a user claiming an identity. Authentication is the process of proving that identity. Authorization grants access based on authenticated identity. Three Types of Authentication Factors: Something You Know: Passwords, PINs. Pros: Nothing to lose, works remotely, cheap. Cons: Can be leaked or guessed. Something You Have: Physical tokens like smartcards. Pros: Noticeable when lost, familiar. Cons: Can be lost/stolen, expensive. Something You Are: Biometrics like fingerprints, faces. Pros: Direct, secure. Cons: Expensive, no remote operation, reliability issues. Two Additional Authentication Factors: Location Factor: Authentication based on user's current location. Time Factor: Authentication contingent on the current time. Issues Around Password Authentication: Passwords are often reused, leading to security risks. Other issues include failure to change default passwords, susceptibility to social engineering, and vulnerability to spyware. Password Storage Techniques: Cryptographic Hash Functions: Passwords are hashed for storage. Salts: Random strings added to passwords before hashing to enhance security. Lockout Policy: Accounts locked after a certain number of failed attempts. Attacks Against Password Databases: Dictionary Attacks: Using a list of common passwords. Brute Force Attacks: Trying all possible combinations. Hybridization: Creating new words or adding numbers to common passwords. Calculating Key Space and Work for Password Cracking: Example: 8 character passwords, 128 choices per character, requires 2^56 attempts on average without a dictionary; less with a dictionary. Password Security Recommendations: Use random passwords stored in a safe. Choose long passphrases. Regularly test for weak passwords. Educate users and enforce rules. Implement a reasonable lockout policy. Physical Tokens and Phone Apps for Authentication: Physical tokens include keys, smart cards, and devices. Phone apps often generate one-time passwords or codes. Criteria for Ideal Biometrics: Universal: Applicable to almost everyone. Distinguishing: Able to distinguish individuals with certainty. Permanent: Unchanging over time. Collectable: Easily collectable data. Biometrics: Enrollment vs Recognition: Enrollment: Biometric data is collected and stored.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Recognition: Biometric data is used for identification or authentication. Popular Types of Biometrics: Fingerprint: Analyzed based on ridge characteristics. Facial Recognition: Involves analyzing facial features, with newer methods using 3D depth scans. Challenge-Response Protocols: Involves shared secrets and cryptographic computations to authenticate parties. SSO (Single Sign-On) and Auth Tokens: SSO allows users to authenticate once for multiple services. Auth tokens maintain user authentication across sessions. 2FA and MFA (Two-Factor and Multi-Factor Authentication): Combines multiple independent credentials for enhanced security. CAPTCHA Authentication: Automated tests that distinguish humans from bots. Kerberos Protocol: A network authentication protocol using private-key cryptography for secure client/server applications. Differences Between Kerberos and SSL/TLS: Kerberos relies on a third party (KDC); SSL/TLS uses certificates and PKI. Kerberos uses private key encryption; SSL/TLS often uses public key encryption. Kerberos requires pre-registered users; SSL/TLS does not. Topic 4 –
Cryptography 1 Cryptography Terms: Cryptography: Creating encrypted messages. Cryptanalysis: Analyzing encrypted messages. Encryption: Scrambling messages using a cryptographic algorithm. Plaintext: Message before encryption. Ciphertext: Encrypted version of the message. Cipher: Algorithm that performs encryption. Types of Assurance: Empirical Security: Proven secure over time against attackers with finite processing power. Provable Security: Secure if breaking the algorithm is as hard as solving a difficult problem. Unconditional Security: Secure against attackers with unlimited processing power, e.g., one-time pad. Conventional/Symmetric Encryption: Uses the same key for both encryption and decryption. Kerckhoff's Principle: The security of an encryption system should only depend on the secrecy of the key, not the algorithm. Historic Ciphers: Transposition Cipher: Reorders letters of plaintext without changing them. Cryptosystem Mathematical Notation: Defined as a five-tuple (P, C, K, E, D), representing plaintexts, ciphertexts, keys, encryption rules, and decryption rules. Letter Frequency Analysis:
Used against monoalphabetic substitution ciphers, exploiting letter frequency in a language to decipher messages. Breaking Simple Ciphers: Classic ciphers can be broken using computers through various attacks, with modern computers capable of breaking most pre-1976 ciphers. Block vs Stream Ciphers: Block Ciphers: Encrypt fixed-size blocks of data. Examples: DES, Triple DES, AES. Stream Ciphers: Encrypt data bit by bit or byte by byte. S-boxes and P-boxes: S-boxes: Invertible lookup tables dependent on the key, used in block ciphers for confusion. P-boxes: Reorder bits, also used in block ciphers for diffusion. Modern Ciphers: DES: Older standard, now considered less secure. AES (Advanced Encryption Standard): Current standard, fast and efficient with variable key lengths (128, 192, 256 bits). Key Schedule: Determines how the main key is used and transformed during different rounds of a block cipher. One-Time Pad: Unconditionally secure, requires key of the same length as plaintext, completely random, and never reused. Cipher Modes: ECB (Electronic Codebook): Simple, but reveals patterns. CBC (Cipher Block Chaining): Each block XOR'd with the previous ciphertext block. CTR (Counter): Treats a block cipher as a stream cipher, uses nonce value for each block. Importance of Randomness: Essential for unpredictability in keys, nonces, and IVs. Cryptographic PRNGs produce unpredictable outputs except for their seed. Cryptographic Hash Functions: Ensure integrity of messages, cannot be inverted to reveal original data, resistant to collisions. Properties of Cryptographic Hash Functions: Easy to compute, non-invertible, collision-resistant, computationally infeasible to find two different inputs with the same hash output. Modern Cryptographic Hash Functions: MD-5: Broken, 128 bits. SHA-1: Attacked but not fully broken, 160 bits. SHA-2: Secure, with variations (256/384/512 bits). SHA-3 (Keccak): Latest standard, different construction from SHA-2. Message Digest and MAC (Message Authentication Code): Message Digest: Hash over plaintext for integrity. MAC: Keyed hash function for integrity and authenticity Topic 5 –
Cryptography 2 Issues with Symmetric Encryption and Need for Public Key Encryption:
Symmetric encryption requires a shared secret key, which is challenging when parties have never met. Public key encryption solves this by using different keys for encryption and decryption. How Public Key Cryptography Works and How It Differs from Private Key Cryptography: Public key cryptography uses a public key for encryption and a private key for decryption. Unlike symmetric encryption, it doesn't require sharing a secret key. Basic Functions and Properties of RSA: RSA is a public key cryptosystem based on the difficulty of factoring large prime numbers. It involves key generation, encryption, and decryption processes. Digital Signatures: How They Work and How They Differ from Encryption: Digital signatures use the sender's private key for signing and the public key for verification. They differ from encryption as they are used for authentication rather than confidentiality. Issues with Public Key Cryptography and Hybrid Approach: Public key cryptography is slower than symmetric encryption and vulnerable to chosen plaintext attacks. The hybrid approach combines both for efficiency and security. Forward Secrecy: Forward secrecy ensures that session keys are not compromised even if long-term secrets are. It protects past communications even if private keys are later compromised. Basic Functionality and Properties of DH (Diffie-Hellman): DH is used for establishing session keys over insecure networks with forward secrecy. It's efficient for session key generation but requires additional authentication mechanisms. Public Key Impersonation Attack and Need for PKI: In a public key impersonation attack, an attacker pretends to be another user by providing a false public key. PKI (Public Key Infrastructure) is needed to verify the authenticity of public keys. PKI and Its Building Blocks: PKI involves a trusted third party (Certification Authority) certifying key ownership to ensure the authenticity of public keys. Issues with PKI Approach and Mitigation: Issues include assignment of certificates, unique naming, and CA distribution problems. These issues are mitigated by measures like certificate hierarchy and distribution management. Differences between PGP and X.509/PKI: PGP uses a web of trust where users sign each other’s certificates, allowing more flexibility and user control. X.509 is simpler but more inflexible and relies on a hierarchical trust model. Different Attacks on Encryption: Types include ciphertext-only, known plaintext, chosen plaintext, and chosen ciphertext attacks, each with varying degrees of severity and methodology. Impact of Quantum Cryptography on Modern Crypto Algorithms: Quantum computing poses a threat to classical encryption algorithms, potentially breaking them efficiently. However, quantum cryptography offers new secure techniques. Idea of Quantum Cryptography / QKD: Quantum Cryptography, especially Quantum Key Distribution (QKD), provides a secure method for key exchange, leveraging principles of quantum mechanics for security Topic 6 Network Security
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Why Security is Needed on Data Link Layer: To address issues like broadcast transmission and indeterminate perimeters in wireless networks like GSM/UMTS and Wi-Fi. Approaches to Security on Data Link Layer: GSM/UMTS/LTE and Wi-Fi employ encryption and authentication to protect against interception and unauthorized use. Zero Knowledge Proof: A cryptographic protocol enabling one party to prove knowledge of a secret to another party without conveying any information other than the fact that they know the secret. Security on Network Layer: IPSec: IPSec provides security at the network/internet layer, covering all IP datagrams and offering end-to-end security transparent to upper layers. Difference Between IPSec Transport and Tunnel Modes: Transport mode provides host-to-host security with IPSec processing at endpoints. Tunnel mode encrypts the entire IP packet, with IPSec processing performed at gateways, for hosts that are not IPSec-aware. Difference Between IPSec AH and ESP Services: AH (Authentication Header) protocol offers authentication-only services. ESP (Encapsulating Security Payload) provides both authentication and encryption. Concepts of IPSec SA and SPD: SA (Security Association) is a one-way relationship specifying processing for packets from a sender to a receiver. SPD (Security Policy Database) contains rules for processing packets, like encryption requirements and key selection. Principle of IPSec Key Management (IKE): IKE manages the negotiation and establishment of secure channels and SAs, operating in two phases: establishing a management secure channel and then establishing custom secure channels for each application. Security Concepts on Transport Layer: SSL/TLS and SSH: SSL/TLS and SSH provide security at the transport layer, with SSL/TLS used in web browsers and servers for secure communication, and SSH for secure remote login and file transfer. SSL/TLS Features, Services, and Operation: SSL/TLS operates between the TCP and application layers, providing authentication, confidentiality, integrity, and reliable transport. SSL/TLS Authentication: Utilizes X.509 certificates for server authentication, with optional client authentication. SSL/TLS Handshake Protocol: Involves agreeing on algorithms, authenticating the server, and establishing keys. Difference Between IPSec and SSL/TLS: SSL/TLS typically involves one-sided authentication using certificates, operates at the transport layer, and is application-implemented. IPSec offers mutual authentication, operates at the network layer, and is integrated into the OS/kernel. SSH Features:
SSH is a standard for secure remote login, secure file transfer, and creating secure tunnels for other protocols, offering perfect forward secrecy. SSH Authentication and Handshake: Involves version exchange, cryptographic primitive negotiation, key exchange (usually ECDH), and server authentication, followed by client authentication using username/password or public key. DNS and Security Issues: DNS is crucial for mapping host names to IPs but was originally designed with basic authentication, leading to serious attacks such as DNS cache poisoning. Mitigations Against DNS Attacks: Techniques include using challenge-response protocols for authentication and implementing DNSSEC for authenticity and integrity of resource records. DNSSEC (Overall Principles): DNSSEC protects the authenticity and integrity of DNS resource records using digital signatures, introducing new resource record types like RRSIG, DNSKEY, and DS Topic 7 –
Firewalls, IDS/IPS, Honeypots Firewalls: Serve as a network's first line of defense, managing access between the trusted internal network and the untrusted Internet. They enforce security policies and control traffic flow based on authorization. Network vs. Host Firewalls: Network firewalls filter traffic between entire networks (e.g., internal network and Internet), usually as hardware devices. Host firewalls are software applications on individual systems, offering additional defense, especially against insider threats. Types of Firewalls: Packet filtering firewalls inspect packets based on IP and transport layer attributes. Application gateways relay application traffic, and circuit-level gateways operate at the transport layer. Stateless vs. Stateful Firewalls: Stateless firewalls evaluate each packet independently based on header fields. Stateful firewalls track network flows' state, allowing context-aware traffic filtering. Firewall Rules: Based on security policies, they specify what traffic is allowed or blocked, often following a 'least privilege' approach, where any traffic not explicitly permitted is denied. Weaknesses of Firewalls: Limited in application-level filtering, vulnerable to protocol tunneling, IP spoofing, and fragmentation attacks. Countermeasures include discarding suspicious packets and checking before reassembling fragmented packets. Firewall Deployment Types: Ranging from simple packet filtering routers in home networks to more complex setups like DMZs with bastion hosts, and distributed configurations in large organizations. WAF and DB FW: Web Application Firewalls (WAFs) protect against HTTP traffic-based attacks like SQL injection. Database Firewalls (DBFs) guard against database-specific attacks such as SQL injection and buffer overflows. IDS/IPS: IDS detects intrusion activities, while IPS extends this by taking preventive actions. They use signature/heuristic and anomaly detection to protect against malware and insider attacks. Intrusion Examples: Include unauthorized remote access, web server tampering, password cracking, and exploiting unsecured network points. IDS/IPS Components: Use audit records as input and employ signature and anomaly detection techniques, focusing on network traffic, system calls, and anomaly behaviors.
IDS/IPS Variants: Network-based systems analyze traffic, host-based focus on individual systems, and distributed IDS/IPS combine data from multiple sources for comprehensive analysis. IDS vs. IPS: IDS detects intrusions, while IPS also takes actions to block or prevent them. Rule-based vs. Behavior-based Detection: Rule-based uses predefined patterns, while behavior-based focuses on deviations from normal behavior. Honeypots/Honeynets: Decoy systems designed to attract attackers away from critical assets, collecting data for refining defenses. They vary in interaction level and can be implemented physically or virtually. DoS Attack Types and Defenses: Includes network and application-level attacks, using exploits or brute force. Defenses involve specific mitigation measures, fixing vulnerabilities, and using firewalls, IDS/IPS, and honeypots Topic 8 –
Secure Programming
Secure Programming Concept: Designing software to function safely under attack by executing securely or failing gracefully. Mitigation includes thorough error checking and assumption validation. Threat Model: Identifies vulnerabilities at user-system interfaces and among different privilege modules. Mitigation involves removing unnecessary boundaries and securing the necessary ones. Quality/Reliability vs. Security: Focuses on random inputs and incorrect code for quality, while security targets deliberately exploitable bugs. Mitigation includes structured design and rigorous testing for both aspects. Important Principles and Mitigations: Least Privilege: Assign minimal necessary privileges; limit access to reduce damage. Economy of Mechanism: Simplify trusted components; separate privileges to reduce vulnerability. Open Design: Use public, verifiable designs over secrecy; avoid security by obscurity. Complete Mediation: Thoroughly scrutinize all requests for policy compliance. Failsafe Defaults: Deny all actions not explicitly permitted; use implicit deny policies. Separation of Privilege: Employ multiple independent controls; use defense in depth. Least Common Mechanism: Minimize shared resource access; avoid common mechanisms for multiple subjects. Psychological Acceptability: Make secure operations intuitive and user-friendly. Least Astonishment: Align system behavior with user expectations to avoid confusion. Software Flaws and Mitigation: Involves addressing issues like SQL injection, buffer overflows, and weak authentication through robust input validation and secure coding practices. Program Input Handling: Treat all input as potentially dangerous; mitigate through proper input validation and size checks to prevent buffer overflows. Fuzzing vs. Normal Testing: Fuzzing uses random data to test abnormal input handling; complement with normal testing for comprehensive coverage. Regular Expressions: Validate input against specifications and extract data from text inputs. Ensure patterns are accurately defined for security. Injection Attacks: Occur when input affects program execution flow. Mitigate by sanitizing input, checking input rigorously, and avoiding direct execution from user input. XSS Attacks: Arise from user input output to other users in web applications. Mitigate by removing or escaping executable code in input.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Writing Correct Code: Ensure algorithm implementation correctness and valid data manipulation. Focus on secure coding practices and thorough testing. Dynamic Memory and Bounds Checking: Handle dynamic memory allocation carefully, including initialization and avoiding memory leaks. Implement bounds checking to ensure buffer sizes are adequate. Race Conditions: Result from unsynchronized concurrent execution. Mitigate with synchronization techniques, balancing security with performance. OS Interaction and Environment Variables: Address concerns of shared resource access in a multi-user environment. Use proper access control and execution environment setup. System Calls and Libraries: Examine assumptions about system call operations, considering potential optimizations that might conflict with program goals. Temporary File Security: Use secure methods for temporary file creation, like random naming, to prevent predictability and exploitation Topic 9 –
Analysis, Auditing, Incident Response Security Awareness Importance: Key for all employees to handle security threats, ranging from basic awareness to advanced training for IT specialists. Security Auditing and Audit Trail: Ensures system security compliance and generates data for post-attack analysis, with an audit trail recording system activities for forensics. Audit Trail Data: Records system, user, and application activities, balancing detail and system efficiency. Logging in Auditing: Captures essential audit data, with features like robust filtering, event response, and log file encryption. System-Level Logging: Windows logs include user authentication and system events; Linux uses Syslog for kernel and authentication logs. Application-Level Logging: Enhances system/user-level logs with additional techniques like interposable libraries. Data Analysis Techniques: Involves alerting, baselining, and using methods like anomaly detection for analyzing events. SIEM Systems: Process and analyze large volumes of security data, crucial for continuous monitoring in large organizations. Incident Response: Addresses actions threatening security services and includes systematic mitigation and compliance measures. Incident Response Procedures: Involves detecting, categorizing, and documenting security incidents for future reference. Incident Detection: Utilizes user reports and automated tools like log analysis and intrusion detection systems. Triage in Incident Response: Centralizes incident information, categorizing and informing about vulnerabilities. Legal Compliance in Incidents: Laws like Australia's NDB Act mandate specific actions following security incidents.
Organizational Incident Handling: Integrates risk analysis, technology monitoring, and security tool development for effective incident management. Topic 10 –
Cloud and IoT Security Advantages of Cloud: Cloud computing offers cost and time efficiency, high reliability especially for disaster recovery, scalable elastic capacity, and eliminates capital expenditure. Cloud Service and Deployment Models: Includes Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), with deployment models like public, private, community, and hybrid clouds. Cloud Computing Elements: Involves cloud service consumers, providers, auditors, brokers, and carriers, each playing a distinct role in the cloud ecosystem. Cloud Security Challenges: Include shared infrastructure issues in multi-tenancy environments, loss of control over data and security, and trust concerns. Privacy Preserving Operations in Cloud: Focuses on encrypting data and using techniques like homomorphic encryption for secure computations and privacy-preserving data operations. Security Tasks Depending on Cloud Service Model: Security as a Service (SecaaS) encompasses identity and access management, data loss prevention, web and email security, security assessments, intrusion management, and network security. Internet of Things (IoT) Concept: IoT involves physical devices embedded with sensors, actuators, and processing capabilities, connecting via the internet or other networks, including non-traditional computing devices like home appliances and security systems. Fog Computing: Focuses on processing massive data from IoT sensors near their source, converting data flows into useful information, and offloading processing from centralized network locations. IoT Security Challenges: IoT security is complex, with constrained devices often lacking security features, and the need for gateways to provide secure communication. IoT Security and Privacy Requirements: Include secure, trusted communication, data management, service provision, integration of security policies, mutual authentication, and comprehensive security audits. IoT Security Model: Cisco's model includes role-based security, anti-tamper and detection measures, data protection and confidentiality, and internet protocol protection across all levels of the IoT architecture.
Revision MCQ 1.
With regards to access control, match the entities to their descriptions: Agent of one or more principals –
User/Process Resource for which access is requested –
Object/Data Identify to whom abstract policy records specified rights –
Principle 2.
The security of RSA is based on Select one: O a. Extended Euclidean algorithm b. Euler theorem C. Euclidean algorithm Ans d. Integer factorization problem
3.
For each category of software flaws, select one flaw that belongs to the category: Insecure interaction between components Chec Porous defences sky resource management Insecure Interaction Between Components: Ans SQL Injection Porous Defenses: Ans Missing Encryption Skewed Resource Management: Ans Buffer Overflows 4.
The separation of duties principle refers to:. Ans O d. Access information and resources must only be accessible if required for legitimate purposes. 5.
With regards to a Java program that is executed in the Java Interpreter, where is the reference monitor located?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
AnsO b. Services layer 6.
Which problem was Kerberos designed to address? Ans: Impersonation 7.
The functionality of a honeypot is best described as:
Ans O b. Collect information about attackers activity 8.
The purpose of digital certificate is to certify Ans O b. Public key of a user 9.
With regards to symmetric encryption techniques, encryption and authentication are done with: Private key and private key
10.
Which access control model is a static model that uses a predefined set of access privileges for resources/files on the system? Ans; MAC 11.
Which of the following is NOT a major type of cloud service model? Ans O d. Hardware as a Service 12. Match the types of firewalls with their descriptions 1. Filtering of network traffic - Packet Filtering firewall 2. Relay for web traffic - Application gateway/proxy 3. Relay for TCP connections - Circuit level firewall 13 The security requirement of ensures that information can't be altered by unauthorised parties.
Ans O b. Integrity 14. The functionality of interposable libraries can be best described as: Enable dynamic binary rewriting 15. SSL/TLS is designed to provide the security at Ans O a. Transport layer 16. With regards to IDS/IPS, what is a signature - c attack-specifc pattern or byte sequence Q1. This question is related to different protocols used for network security. a)
Explain the two different modes of IPSec ESP with regards to the scope of encryption. For implementing a VPN, which mode should be used? (6 marks) In IPsec, the Encapsulating Security Payload (ESP) protocol provides two modes of operation: tunnel mode and transport mode. Transport mode encrypts only the payload of the IP packet, leaving the header untouched. This mode is typically used for end-to-end communication between two parties. On the other hand, tunnel mode encrypts the entire IP packet, including both the payload and the header, and then encapsulates the result into a new IP packet with a new header. This added layer of abstraction enhances security, making it suitable for VPNs as it prevents traffic analysis and secures communications across different network architectures. Tunnel mode is therefore the recommended choice for VPN implementations because it provides comprehensive protection for data as it travels across insecure networks like the internet. b)
Explain why the typical one-sided authentication with SSL/TLS is not a problem for the integrity of secure web applications. (4 marks) SSL/TLS often uses one-sided authentication where only the server is authenticated to the client, and not vice versa. This approach is generally secure for web applications because the primary goal is to ensure the client is talking to the legitimate server, preventing man-in-the-middle attacks. The server's identity is confirmed via a digital certificate issued by a trusted Certificate Authority (CA). Even if an attacker intercepts the communication, without the server's private key, they cannot decipher the encrypted data. This ensures the integrity and confidentiality of the client-server communication, which is critical for secure web applications. c) Related to SSL, explain one advantage of public key authentication over password authentication. (4 marks) Public key authentication in SSL has a significant advantage over password authentication: it is immune to replay attacks. When using passwords, if an attacker captures a password, they can use it to gain unauthorized access. With public key authentication, the client proves its identity by using a private key to encrypt a nonce or challenge that the server has provided. Only the holder of the private key can respond correctly to the server's challenge, ensuring that even if the communication is intercepted, an attacker cannot use the captured data to impersonate the client. This method also mitigates the risks of brute-force attacks, as the attacker would require the private key, which is not transmitted over the network and is computationally infeasible to guess or derive from the public key Q2.
Explain why choosing a proper encryption mode is very important even when using a symmetric block cipher that is secure, such as AES. Your explanation must clearly describe the problem and a secure mode that solves the problem. Choosing a proper encryption mode is crucial even with a secure cipher like AES because modes like ECB can lead to security vulnerabilities. ECB encrypts identical plaintext blocks into identical ciphertext blocks, which can reveal patterns in the plaintext, making the encryption susceptible to pattern analysis attacks. A more secure mode, such as CBC, addresses this by using an Initialization Vector (IV) and chaining blocks together. In CBC, each plaintext block is XORed with the previous ciphertext block before being encrypted. This means even identical plaintext blocks will produce different ciphertext blocks, thus obscuring patterns and enhancing security. Moreover, advanced modes like GCM provide both encryption and authentication, which ensures data integrity and protects against tampering. GCM uses a nonce for each encryption operation, ensuring that the same plaintext will yield different ciphertext for each instance. In conclusion, the encryption mode determines the overall security effectiveness of a cipher like AES. Secure modes such as CBC and GCM solve the problems of basic modes like ECB by preventing pattern analysis, ensuring data integrity, and providing authentication, making them suitable for diverse security needs and different operational environments. Proper mode selection is vital for leveraging AES's robust encryption capabilities effectively. Q3. You are maintaining a forum web site. Recently, a user reported that their account was hijacked. You check the web server logs and indeed there are indications that requests were send with a valid session cookie authenticating the user but these originated from suspicious IP addresses that are on various black lists and are different from the addresses normally used by the user. a) Explain the most likely attack scenario. (3 marks) b) Explain how the attack can be mitigated. (3 marks) c) Write and explain one line of Javascript code based on a regular expression and the Javascript function replaceAll() which can be applied to the forum post to prevent the attack. Any other solutions to the problem will NOT be accepted. The regular expression must not filter out any text that could occur in a legitimate forum post. The regular expression must be syntactically and semantically correct. (6.5 marks) a) Likely Attack Scenario: The scenario suggests a session hijacking attack. The attacker likely obtained the user's session cookie, possibly through techniques like Cross-Site Scripting (XSS), and used it to impersonate the user on the forum. b) Mitigation Strategies: Implement Secure and HttpOnly flags on cookies. Regularly refresh session cookies. Monitor and validate user's IP address and browser user agent. Use HTTPS to encrypt data transmission. c) c) JavaScript Code postContent.replaceAll(/<script[\s\S]*?>[\s\S]*?<\/script>/gi, ""); postContent: This is a variable that presumably holds the content of a forum post, which is a string. replaceAll() Function: This is a JavaScript string method that replaces all matches of a pattern (defined by a regular expression) in a string with a specified replacement string. Regular Expression (/<script[\s\S]*?>[\s\S]*?<\/script>/gi):
/.../: Delimiters that mark the beginning and end of the regular expression. <script[\s\S]*?>: This part matches the opening <script> tag. <script is a literal match for the opening of a script tag. [\s\S]*? is a character set and quantifier combination. [\s\S] matches any character, including whitespace and newline characters. The *? is a non-greedy quantifier that matches as few characters as necessary until the next part of the pattern is found. [\s\S]*?: This again matches any character (including newlines), capturing everything inside the script tag. Being non-greedy, it stops at the first instance of the following pattern. <\/script>: A literal match for the closing script tag. The forward slash (/) is escaped (\/) because the forward slash is used as the delimiter for the regular expression. gi: These are flags for the regular expression. g stands for global, meaning the pattern will be searched for and replaced throughout the entire string, not just the first occurrence. i stands for case-insensitive, making the match insensitive to the case of letters. This code removes script tags from forum posts to prevent XSS. Note: This is a client-side measure and not a comprehensive solution for session hijacking. Server-side security measures are crucial. Q4 Cryptographic hash functions are used to store passwords securely in a password DB. a) Explain the THREE important properties that a cryptographic hash function must satisfy. (4.5 marks) b) In the context of using cryptographic hash functions for protecting passwords, explain why each of these three properties is important. (4.5 marks) c) Discuss whether hash functions can protect weak passwords from being guessed. (3 marks) d) Explain an additional element of security that is applied in practise to make it harder for the attacker. (3 marks) a) Three Important Properties of Cryptographic Hash Functions: Preimage Resistance: It should be computationally infeasible to reverse the hash function - to find the original input given its hash output. Second Preimage Resistance: Given an input and its hash, it should be computationally difficult to find another input that has the same hash. Collision Resistance: It should be nearly impossible to find two different inputs that produce the same hash output. b) Importance in Protecting Passwords: Preimage Resistance: Essential for ensuring that if a hash is exposed in a data breach, it remains impractical to retrieve the original password from the hash. Second Preimage Resistance: Prevents an attacker from finding an alternative string (password) that, when hashed, would match the hash of a legitimate user's password, thus averting unauthorized access. Collision Resistance: Protects against the scenario where two users’ passwords could produce the same hash, preventing potential security breaches and ensuring individual accountability. c) Protection Against Weak Passwords: Hash functions, regardless of their strength, cannot prevent weak passwords from being guessed. Weak or commonly used passwords can be easily guessed and hashed to compare against the stored hashes. This is why additional measures, like enforcing strong password policies, are essential. d) Additional Security Element - Salting:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Salting involves adding a unique random string to each password before hashing. The salt ensures that even if two users have the same password, their hashes will be different. This significantly increases the difficulty of using precomputed hash tables (like rainbow tables) for cracking passwords, as an attacker would have to compute a hash table for each possible salt. Q5 This question is about firewalls and firewall rules. a) Explain the difference between a packet filtering firewall and bastion host and how the two can be used in combination. (6 marks) b) Explain TWO issues with the firewall configuration shown below. (4 marks) c)
Explain how to fix both issues. You must provide both, the fixed ruleset (no html table required, text is sufficient) and a rationale for the fixes. (4 marks) a) Packet Filtering Firewall vs. Bastion Host (6 marks): a) Packet Filtering Firewall vs. Bastion Host (6 marks): Packet Filtering Firewall: This is like a security guard that checks the details of each packet trying to get into a network, like where it's coming from and going to, and what kind of packet it is. It uses rules to say yes or no to each packet. Bastion Host: Think of this as a specially guarded gate that only lets certain people in for specific tasks, like secure remote login. It's well-protected and watches over the connections that come through it. Combined: Using both means you have a guard checking packets and a secure gate for special entries, which together make the network safer. b) Issues with the Firewall Configuration (4 marks): Rule Problem: The first rule says to stop all packets from a certain place, but the second rule says to let some of those packets through. Since the stop rule comes first, it blocks the packets that the second rule wants to allow. Too Open: The last rule lets everything in, which makes the network unsafe because it ignores all the other rules that are trying to protect it. c) Fixing the Issues (4 marks): New Set of Rules: Allow packets for secure login (SSH) from 102.102.4.123 to 192.168.10.100. Allow web packets (HTTP) from anywhere. Stop all other packets. The revised Rule 1 explicitly allows SSH traffic, which is typically secure, from a known IP to the specified destination, while removing the conflicting general deny rule. Rule 2 is unchanged, as HTTP traffic is common and necessary for web services. A new default deny all rule is added at the end, following the security best practice of 'default deny'
—
only allowing traffic that has been explicitly permitted and denying all other, which closes the security gap left by the previous Rule 4. This ensures that the network is not exposed to unnecessary risks and that only specified traffic is allowed. A modified Kerberos protocol has been created including the Client and Server exchange as illustrated in the figure below. a) Explain an attack that may be applied against the modified the Kerberos protocol. (4 marks) b) Explain how to fix the security issue in the modified Kerberos protocol. Your solution must be justified and refer to details of the protocol. (6 marks) c) Discuss a practical requirement for this fix to work. (3 marks)
a) Possible Attack (4 marks) An attacker could try a "replay attack" on the modified Kerberos protocol. This is where someone secretly watches the communication between the user (client) and the server, and then later sends the same messages again to trick the server into thinking it's the legitimate user trying to log in. b) Security Fix (6 marks) To stop replay attacks, the protocol can be updated to include: Timestamps: Each time a user tries to log in, the message includes the current time. The server checks this time, and if it's too far off from the server's time, it knows the message is old and shouldn't be trusted. Nonces: These are unique numbers that the server expects to see in each login attempt. If it sees the same number twice, it knows something's wrong, like a replay attack. The system would need to make sure each message has a fresh timestamp or nonce to prove it's a new, legitimate login attempt. c) Practical Requirement (3 marks) For timestamps, the user's computer and the server need to have their clocks set very closely together, which can be done using time synchronization software like NTP. For nonces, both the user's computer and the server need a way to remember which unique numbers (nonces) have been used so they don't accept them more than once. This could mean they need to store more information and handle more complex checks. *** Advantages of counter mode over CBC: Counter mode is more efficient to implement, especially in hardware. Counter mode is less susceptible to padding errors. Counter mode provides both confidentiality and integrity protection, while CBC only provides confident Revision test Mock test 2 MCQ 1.
A firewall determines what traffic is allowed through it based on Rule base
2.
In the transposition cipher with a keyword, the permutation determined by the keyword “privacy” is ___.
4536127
3.
The Diffie-Hellman key exchange protocol is vulnerable to Man-in-the-middle attack 4.
A substitution box (S-Box) of DES takes ______ and outputs ______. 6 bits, 4 bits 5.
Which is true of a signature-based IDS? It only identifies on known signatures. 6.
The AES uses a ____________ bit block size and a key size of __________ bits.
128; 128, 192, or 256 7.
Which of the following files defines all users on a Linux system? /etc/passwd 8.
The key of the Caesar cipher is 3
9.
A collision-resistant hash function can provide . data integrity 10.
An Intrusion Prevention System (IPS) is commonly placed: a. In line with the firewall 11.
If it detects a threat, an IPS can - all of the above 12.
The type of access control system that uses predefined rules and does not have the concept of a resource owner is: MAC
13.
The protocol designed to create security associations, both inbound and outbound, is:
d. IKE (Internet Key Exchange) 14.
Which of the following options lists all the seven fields of the </etc/passwd> file in the correct order? correct answer is: Username, UID, GID, comment, home directory, command.
15.
Authentication is needed to prevent impersonation Q1.
Design a two-factor authentication system. Explain why it is securer than the traditional password-based authentication. Two-Factor Authentication (2FA):
2FA is a security method that requires users to provide two different types of verification before accessing a system or application: Knowledge Factor: Something the user knows (e.g., a password). Possession Factor: Something the user has (e.g., a smartphone). Advantages of 2FA: Enhanced Security: 2FA adds an extra layer of protection beyond passwords. Mitigates Password Risks: It reduces the risk associated with stolen or weak passwords. Phishing Protection: Even if a password is phished, the attacker can't access the account without the second factor. Protects Against Data Breaches: Stolen password databases are useless without the second factor. Flexible Options: Users can choose from various authentication methods, such as SMS codes, security questions, or biometric features (like fingerprints or facial recognition). Harder to Forge: Biometric features, in particular, are challenging for attackers to replicate. In essence, 2FA significantly improves security by requiring two forms of verification, making it much harder for unauthorized users to gain access. The use of biometric features further enhances security as they are difficult to forge. Q2. There are three ways to generate 8-character passwords. Assume that that there are 200 characters to choose from. A: randomly chooses 8 characters from 200 characters. B: uses a passphrase of 8 characters to produce the password. C: creates a password with numbers, special characters but not randomly. Whose password is the strongest? Whose passwords is the weakest? Why? C's password is weak because it lacks randomness and complexity. A's password (randomly generated) is typically the strongest due to its unpredictability. B's password (passphrase-based) can also be strong if a strong passphrase is used. Random passwords (A) are generally the best for security but might be harder to remember. Passphrase-based passwords (B) strike a balance between security and practicality, as they can be both strong and easier to remember Q3. In the cryptographic world, how to protect the passwords? In the cryptographic world, to protect passwords: Hashing: Store passwords as hash values using strong cryptographic hash functions to prevent storing them in plain text. This irreversible process converts passwords into secure representations. Salting: Add unique salts to passwords before hashing to thwart rainbow table attacks and ensure that even identical passwords result in different hash values. Key Strengthening: Use algorithms like bcrypt to make hashing deliberately slow and resource-intensive, deterring brute-force attacks. Secure Storage: Store hashed passwords and salts securely with strict access controls to prevent unauthorized access.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
HTTPS: Encrypt password transmission over the internet with HTTPS to safeguard against eavesdropping. MFA: Encourage Multi-Factor Authentication for added security, even if passwords are compromised. Regular Updates: Encourage users to change passwords periodically and avoid password reuse. User Education: Inform users about strong, unique passwords and the risks of sharing or reusing passwords. Monitoring and Alerts: Implement monitoring for unusual login activities and respond to multiple login failures. Password Policies: Enforce strong password policies with a mix of characters and avoid easily guessable passwords. Security Audits: Regularly audit and assess password storage and handling procedures to identify vulnerabilities. Q4 Suppose that “XU” is the ciphertext of “OF” under an affine cipher. Determine the
plaintext corresponding to the ciphertext “YCKQPMHJ” under the same affine
cipher? Justify your answer Feedback c = k1p+k2 (mod 26) 14k1+k2 (mod 26) = 23 (mod 26) 5k1+k2 (mod 26) = 20 (mod 26) K1 = 9 K2 = 1 9p+1 = 24,2,10,16,15,12,7,9 (mod 26) p=17,3,1,19,16,7,18,24 Plaintext: RDBTQHSY Q5. What kind of attacks IPSec can protect against? Why? Psec (Internet Protocol Security) safeguards against various network-level attacks, including: Man-in-the-Middle (MitM) Attacks: IPsec employs authentication to ensure the identity of communication endpoints, preventing MitM attacks. Denial-of-Service (DoS) Attacks: IPsec mitigates DoS attacks through anti-replay mechanisms and rate limiting. Replay Attacks: IPsec protects against replay attacks using sequence numbers and timestamps in packets. Data Interception (Eavesdropping): IPsec encrypts data in transit, thwarting eavesdropping attempts. Key security features of IPsec include authentication, encryption, data integrity, and access control. For detailed information, refer to lecture slides or additional resources. Q6 How does the IKE protocol work? The IKE protocol operates in two phases, each with a specific purpose in establishing secure communication channels for VPNs:
Phase 1: Establishing an Auxiliary Secure Channel Objective: To negotiate and establish a secure, end-to-end channel, used for subsequent Phase 2 negotiations. Key Features: Utilizes Diffie-Hellman key exchange to establish a shared key. Authentication can be through digital certificates, pre-shared keys, or Kerberos. This phase is established only once between two endpoints. Outcome: A secure channel known as the IKE SA (Security Association) is established for Phase 2 negotiations. Phase 2: Establishing Custom Secure Channels Objective: To negotiate and establish the IPsec SAs (Security Associations) used for the actual secure data transmission. Key Features: Also uses Diffie-Hellman for key exchange. Negotiates parameters like encryption and authentication algorithms, key lifetime, etc. Can occur multiple times to establish various IPsec SAs. Outcome: Establishment of IPsec SAs for secure data transmission. Summary IKE is crucial for setting up secure VPN connections, ensuring both the authentication of communication parties and the confidentiality of data transmitted. Phase 1 establishes a primary secure channel for negotiations, and Phase 2 uses this channel to establish multiple secure data transmission channels. Q7 What are drawbacks of Kerberos? Password Security: Vulnerable to breaches if user passwords are weak. KDC as Single Failure Point: If the KDC is compromised, the entire system's security is at risk. Complexity: Setting up and managing Kerberos can be complicated. Time Synchronization: Requires precise clock alignment across the network. Scalability Issues: KDC can become a bottleneck in large networks. Limited Offline Use: Needs constant access to the KDC for authentication. Interoperability Challenges: Difficult to integrate in mixed or non-Unix environments. Q8 DES and AES a. AES has been introduced to replace DES. What is the major reason for this? Why AES (not other encryption schemes) was chosen to replace DES? The primary reason for replacing DES with AES was the need for a more secure and efficient encryption standard: Inadequate Key Length of DES: DES's 56-bit key was not long enough to ensure security against brute-force attacks, making it increasingly vulnerable as computational power grew. Efficiency of AES: AES was chosen because of its superior efficiency in processing, particularly important for hardware and software implementations across various platforms. In short, the combination of enhanced security due to longer key lengths and improved efficiency in encryption processes made AES the preferred replacement for DES.