Shared Flashcard Set

Details

Chapter 4 - secure networks
N/A
108
Computer Science
Graduate
02/02/2014

Additional Computer Science Flashcards

 


 

Cards

Term
What are the four goals in creating a secure network environment
Definition
availability
confidentiality
functionality
access control
Term
Ensuring network ___ means authorized users have access to information services and network resources
Definition
availability
Term
What is the most common type of network attacks against corporations?
Definition
DoS
Term
IN the context of network security, ___ means preventing unauthorized users from gaining information about the network's infrastructure, data flowing across it, protocols used or packet header values
Definition
confidentiality
Term
___ = identify based on known characteristics
Definition
fingerprint
Term
___ means preventing attackers from altering the capabilities or operation of the netwrok
Definition
Functionality
Term
policy driven control of access to systems data and dialoguses
Definition
access control
Term
State the reasons securing corporate networks is difficult
Definition
New attack vectors emerge
old attack vectors that were fixed are repurposed
Term
___ are ways of attacking networks
Definition
attack vectors
Term
___ model of network defense had good guys inside and attackers on the outside. There was a well guarded ___ point of entry.
Definition
Castle
single
Term
a phrase used by network administrators to convey the idea that creating a 100% secure network is impossible
Definition
death of the perimiter
Term
the ___ model of a network has no distinct perimeter and has multiple ways of entering.
Definition
city model
Term
for a city model, you must have more ___
Definition
intrusion detection systems
virtual LANs
central authentication servers
encrypted internal traffic
Term
a ___ attack attempts to make a server or network unavailable to legitimate users
Definition
Denial of Service (DoS)
Term
Hackers primarily target ___ and ___ with DoS attacks
Definition
Corporations
government
Term
Are all service interruptions attacks?
Definition
No
Term
A common nonattack loss of service happens when a larger site ___
Definition
links to a much smaller site
Term
The ultimate goal of a DoS attack is to ___
Definition
cause harm
Term
DoS attacks cause harm by ___ or ___
Definition
stopping critical service
degrading service over time
Term
at attack that ___ services is harder to detect because ___
Definition
slowly degrades
there isn't an abrupt change in network quality
Term
The main DoS attack methods are
Definition
indirect/direct
intermediary
reflected
sending malformed packets
Term
A ___ occurs when an attacker tries to flood a victim with a stream of packets directly from ___
Definition
direct attack
the attackers computer
Term
___ tries to flood the victim with a spoofed IP.
Definition
Indirect attack
Term
___ or ___ attacks can only succeed if the attacker can flood the victim with more requests than the victim can handle
Definition
direct or indirect attacks
Term
___ attacks are rare because ___
Definition
direct
attackers dont like their IP shown on the incoming packets
Term
___ occurs when a victim sends responses to the spoofed IP address used by the attacker, thus flooding an unintended victim
Definition
backscatter
Term
Name the types of packets that can be used in a DoS attack
Definition
SYN: victim is flooded with SYN packets to use all the memory to respond to the packets

Ping" victim is flooded with ICMP, aka Echo requests, that appear to be normal traffic. Bandwidth and CPU is allocated until crashing

HTTP: a victim, normally a webserver, is flooded with application layer web requests
Term
The second primary DoS method is to use ___ to attack the victim.
Definition
intermediary
Term
___ are typically referred to as ___ which are compromised hosts running malware controlled by the attacker
Definition
intermediaries
bots
Term
A botmaster can send updates that give ___ to bots
Definition
new functionality
Term
___ are an additional layer of compromised hosts that are used to manage large groups of bots
Definition
handlers
Term
Similar to a DDoS attack, a ___ attack uses many hosts to overwhelm a victim using normal P2P traffic
Definition
Peer to Peer redierect
Term
A P2P redirect differs from a DDoS because
Definition
the attacker doesn't have to control each host (make them bots), just convince them to redirect their legitimate P2P traffic
Term
Similar to a P2P redirect, a ___ uses responses from legitimate service to flood a victim
Definition
reflected attack
Term
in a reflected attack the attacker sends ___ to existing legitimate servers. All ___ are sent to the victim.
Definition
spoofed requests
responses
Term
Using a botnet in a reflected attack is known as a
Definition
Distributed reflected denial of service (DRDoS)
Term
___ is a variation of a reflected attack that takes advantage of an indirectly configured network device to flood a victim
Definition
smurf flood
Term
in a smurf flood, the attacker sends a ___ to a network device that forwards the request to ___.
Definition
spoofed ICMP echo request
all internal hosts
Term
___ is a well known older attack that uses an illegally large IP packet to crash the victim's operating system
Definition
ping of death
Term
Malformed SMS messages can be used to crash cell phones in an attack called ___
Definition
SMS of death
Term
___ is dropping all IP packets from an attacker to stop a DoS attack
Definition
black holing
Term
A firewall can create a ___. This is done when an SYN segment arrives, the firewall itself sends back a SYN/ACK agreement without passing traffic to the server
Definition
false opens
Term
___ can be used to reduce a certain type of traffic to a reasonable amount
Definition
rate limiting
Term
DoS attacks are community problems that can only be stopped with the help of ___ and ___
Definition
ISPs
organizations whose computers are bots
Term
___ is used to resolve 32 bit IP addresses into 48 bit local MAC adresses
Definition
Address Resolution Protocol (ARP)
Term
___ is a network attack that manipulates host ARP tables to reroute LAN traffic
Definition
ARP poisoning
Term
An attacker uses ARP poisoning to reroute traffic for a ___
Definition
man in the middle attack
Term
ARP poisoning only works on ___ traffic
Definition
LAN
Term
rerouting traffic using ARP poisoning is an attack on both ___ and ___
Definition
functionality and confidentiality
Term
an ARP DoS attack is an attack on the ___ of the network
Definition
availability
Term
Describe normal ARP operation
Definition
a router receives a packet to an IP.
it sends an ARP request to every host asking if they have that IP
Only the host with the requested IP responds with an ARP reply that contains the MAC address.
The switch records the MAC and sends the packet for the IP to that MAC. It doesn't use the IP
Term
ARP requests and replies don't require ___ or ___
Definition
authentication or verification
Term
___ uses false ARP replies to map any IP address to any MAC address
Definition
ARP spoofing
Term
With modification spoofed ARP replies can be used to stop all traffic on the LAN as part of a ___
Definition
ARP DoS attack
Term
ARP poisoning can be prevented by using ___ and ___
Definition
Static IP tables and Static ARP tables
Term
A ___ can sit outside of corporate walls and attack a wireless LAN
Definition
drive by hacker
Term
A ___ can be used to intercept and read legitimate traffic
Definition
packet sniffer
Term
the ___ standard provides access control to prevent illegitimate clients from associating with a network
Definition
802.1X
Term
802.1X makes the Ethernet workgroup switch the ___ to the network
Definition
gateway
Term
the 802.1X standard is ___
Definition
port based access control
Term
A switch isn't burdened with heavy authentication work. For that a switch relies on ___
Definition
central authentication server
Term
A central authentication server has ___
Definition
credentials checking authentication data and the processing power needed to check passwords biometrics and other credentials
Term
What are the advantages in using a central authentication server instead of each workgroup switch doing the work?
Definition
Cost savings: reduces the cost of each workgroup switch

Consistency: checking is always the same no matter what workgroup switch the attacker connects to.

Immediate Changes: can immediately access control changes
Term
802.1X relies on another protocol, the ___ to govern the specifics of authentication interactions.
Definition
Extensible Authentication Protocol (EAP)
Term
For EAP, authentication messages go between the authentication server and the supplicant. The autheticator switch passes the message through. This is ___
Definition
pass-through operation
Term
EAP is called ___ becuase it is easy to add new authentication methods
Definition
extensible
Term
With pass through operation means once a firm's switches run EAP there is no need to ___ whenever authentication methods change
Definition
upgrade them
Term
___ is a client/server protocol with the authenticator being the client and the central authentication being the server
Definition
RADIUS standard
Term
the RADIUS protocol provides ___ and ___
Definition
authentication and authorization
Term
Users connect to wireless LANs via radiowaves to a ___ using ___ standards developed by the ___
Definition
wireless access point (AP)
802.11
IEEE 802.11 Working Group.
Term
Wireless attacks focus on ___
Definition
the access point
Term
Name the three types of wireless network attacks:
Definition
unauthorized network access
man in the middle using an evil twin
wireless DoS
Term
___ are unauthorized access points set up by individuals or departments with little or no security
Definition
rouge access points
Term
Reasons to prevent unauthorized users from accessing WLAN:
Definition
prevent harm to internal resources
prevent external harm that appears to come from your network
Term
___ is used in order to pick up wireless packets addressed to other hosts.
Definition
radio frequency monitoring (RFMON)
Term
An attacker can pick up packets in ___ which allows him to receive messages addressed to other users
Definition
promiscuous mode
Term
Focusing electronic attacks on specific high value targets is known as ___
Definition
whaling
Term
An ___ is simply a PC that has software to allow it to masquerade as an access point
Definition
evil twin access point
Term
To address an evil twin threat, some companies require clients coming in via remote access to establish a ___ as well
Definition
VPN connection
Term
wireless DoS attacks are designed to affect the ___ of the network
Definition
availability
Term
Wireless 802.11 networks transmit on a ___ and/or ___
Definition
2.4-GHz
5-GHz
Term
Attackers can alter wireless devices to flood frequency bands with ___, AKA ___. This extra ___ damages packages
Definition
electromagnetic interference (EMI)
radio frequency interference (RFI)
Noise
Term
An attacker can send attack commands to clients, APs or both. These attack commands are actually 802.11 ___ or ___ used to manage the connection of hosts and transmission signals.
Definition
Management
control frames
Term
___ tell other wireless clients that you want to transmit for a given amount of time.
___ tell other clents that you have received an RTS frame and they shouldn't transmit until the designated time expires.
Definition
Request to send (RTS) frame
Clear to send (CTS) frame
Term
802.1X cant't be applied directly to 802.11 wireless LANs. It had to be extended and it is called ___.
Definition
802.11i
Term
EAP has a serious security limitation. What is it?
Definition
It assumes the connection between the supplicant and the authenticator is secure
Term
To provide security between the wireless client and the access point, and prevent and EAP attack, 802.1X was enhanced to a new standard called ___
Definition
802.11i
Term
The 802.11i enhancement comes through ___ to add security.In this new security, the authenticator establishes an SSL/TLS secure connection to the wireless client. In this ___, the access point has a digital certificate used to authenticate itself to the client.
Definition
extending EAP standards
outer authentication
Term
After the outer authentication, the next step is the wireless client authenticates itself via EAP. This is called ___
Definition
inner authentication
Term
There are two extended EAP standards that are common. What are they and what are they used for.
Definition
EAP-TLS: the inner authentication also uses TLS. This requires the supplicant to have a digital certificate. Secure but expensive.

Protected EAP (PEAP): For inner authentication using PEAP, the client can use any method specified in the EAP standard, ranging from passwords through digital certificates
Term
for 802.11 WLANs, ___ protect communication between the wireless client and the access point.
Definition
core wireless security protocols
Term
the ___ standards provides basic security between wireless access points and the wireless clients. This turned out to be ___.
Definition
wired equivalent privacy (WEP)
fatally flawed
Term
Using WEP is worse than no security because it provides a ___
Definition
false sense of security
Term
WEP mandates ___ meaning the access point and all stations using it use the same key for all cryptographic communications
Definition
shared keys
Term
If an attacker reads two messages encrypted with the same key using RC4, the attacker can find___ immediately.
Definition
key
Term
WEP encrypts each frame with a ___ that consists of the shared RC4 key plus a ___ that is different for each frame.
Definition
per-frame key
24 bit initialization vector (IV)
Term
WPA extends teh security of RC4 primarily by increasing the IV from ___ to ___
Definition
24 bits
48 bits
Term
Nearly all wireless access points and wireless network interfaces cards today can support ___
Definition
802.11i
Term
___/___ was created for homes or small businesses that only have a single access point
Definition
Pre Shared Key (PSK)/personal mode
Term
all wireless clients authenticate themselves to the access point using a ___ used by all clients. They are bad for security because people ___
Definition
shared initial key
give them to unauthorized people
Term
After authentication, the access point sends the client an ___
Definition
unshared session key
Term
in 802.11i or WPA in PSK/Personal mode, passphrases must be at least ___ characters long
Definition
20
Term
companies that have central management for their many access points can purchase
Definition
centralized wireless intrusion detection system software
Term
There are two alternatives to using centralized wireless IDS: Name them . Neither are ___.
Definition
Not worry about intrusion detection
walk around with a laptop that has wireless IDS software
effective
Term
All 802.11 wireless LAN standards use ___ which spreads the signal over a wide range of frequencies
Definition
spread spectrum transmission
Term
To work with an access point, a station must know the access point's ___.
Definition
Service Set Identifier (SSID)
Term
Turning of ___ would seem to offer security. However, even if it is off, the ___ will still be transmitted in the clear in the header of each transmitted ___.
Definition
SSID broadcasting
SSID
Frame
Term
Changing WEP keys is ___.
Definition
prohibitively expensive
Supporting users have an ad free experience!