chapter 8 - Security in computer networks

Question 1

What are the main goals of network security?

Answer 1

confidentiality
authentication
message integrity,

Question 2

What are common attacks in network security?

Answer 2

Eavesdropping
impersonation
message injection
hijacking, denial of service

Question 3

What is symmetric key encryption?

Answer 3

Sender and receiver share the same secret key for encryption/decryption

Question 4

what is DES

Answer 4

older symmetric encryption standard with a 56-bit key

Question 5

what replaced DES

Answer 5

AES - more secure, uses 128 bit blocks

Question 6

What is public key encryption?

Answer 6

Uses a public key to encrypt and a private key to decrypt
no shared secret needed

Question 7

What is RSA?

Answer 7

public key encryption algorithm

Question 8

What is a digital signature?

Answer 8

sender “signs” a message using their private key so others can verify authenticity

Question 9

What does non-repudiation mean?

Answer 9

The sender can’t deny they sent the message

Question 10

What is a message digest?

Answer 10

fixed-size fingerprint of a message created by a hash function

Question 11

What are MD5 and SHA-1?

Answer 11

Popular hash functions that create 128-bit and 160-bit digests, respectively

Question 12

What is a certification authorities (CA)?

Answer 12

rusted third party that issues digital certificates to verify the identity of websites

Question 13

How does Alice get Bob’s public key using CA?

Answer 13

She verifies Bob’s certificate signed by a trusted CA

Question 14

eavesdropping

Answer 14

Intercepting and reading private messages

Question 15

What is impersonation?

Answer 15

Pretending to be someone else by faking an identity or IP/MAC address

Question 16

What is message injection?

Answer 16

Inserting fake messages into a data stream

Question 16

What is hijacking?

Answer 16

Taking over an active connection by replacing a sender or receiver

Question 17

What is a DoS attack?

Answer 17

Flooding a service so that legitimate users can’t access it

Question 18

How is e-mail encrypted for confidentiality?

Answer 18

encrypted with a symmetric key -> then encrypted with the recipient’s public key

Question 19

How is e-mail authenticated and protected for integrity?

Answer 19

Sender -> signs the message hash with private key
receiver -> verifies with sender’s public key

Question 20

What happens in a TLS handshake?

Answer 20

client - hallo + TLS versjon
server - hallo + sertifikat
client - sjekker sertifikatet med CA
begge - lager felles hemmelig key
begge - sender finished msg kryptert med felles key

Question 20

Why does TLS break data into records?

Answer 20

So each chunk can be encrypted, MAC-checked, and processed immediately

Question 21

what is a VPN

Answer 21

encrypted tunnel over the public Internet for private traffic between sites

Question 22

What does Internet Protocol Security (IPsec) provide?

Answer 22

Encryption, authentication, and integrity at the network layer

Question 23

How is a mobile authenticated in 4G LTE?

Answer 23

MME sends the IMSI (identity) to HSS HSS creates * A random challenge (RAND) * An expected response (XRES) * A session key (KASME) UE uses session key -> computes a response MME compares response

Question 23

What are the two IPsec protocols?

Answer 23

AH: Authenticates source and checks integrity ESP: Adds confidentiality (encryption) too

Question 24

What’s the difference between transport and tunnel mode in IPsec?

Answer 24

Transport mode: encrypts only the payload Tunnel mode: encrypts the entire datagram

Question 25

How does 802.11 authentication work? 4steps

Answer 25

* **discovery** The access point (AP) advertises its capabilities * **Mutual Authentication & Key Derivation** device and external Authentication Server authenticate each other using a shared secret + both compute same shared symmetric session key * **Key Distribution to the AP** AS securely tells AP the session key so it can encrypt/decrypt frames for this device * **Encrypted Communication Begins** its encrypted

Question 26

How is 5G authentication different from 4G?

Answer 26

5G uses public key crypto to protect IMSI and shifts control to the home network

Question 27

What is the purpose of a firewall?

Answer 27

isolates a private network and controls which packets can enter or leave

Question 28

What does a stateless firewall check?

Answer 28

Packet headers only: IP addresses, ports, flags (e.g. SYN)

Question 29

What does a stateful firewall do?

Answer 29

Tracks TCP connection state and blocks unexpected or inactive packets

Question 30

What is an application gateway?

Answer 30

A firewall that filters based on application-layer data

Question 31

What is an AS (Authentication Server)?

Answer 31

network server that handles user authentication by verifying credentials and helping derive session key