L11 Security in Networks I

Question 1

What defines a system as ‘secure’?

Answer 1

• A system is secure if its resources are used and accessed as intended under all circumstances
• However, total security cannot be guaranteed

Question 2

What is a threat in cybersecurity?

Answer 2

• A potential security violation
• May or may not happen
• Can lead to attacks on systems or networks

Question 3

Who is an intruder in the context of system security?

Answer 3

• Someone attempting to gain unauthorized access
• May try to damage or disrupt data

Question 4

What are the main types of security violations?

Answer 4

• Breach of confidentiality
• Breach of integrity
• Breach of availability
• Theft of service
• Denial of service

Question 5

What is a breach of confidentiality?

Answer 5

• Unauthorized access to or theft of data (e.g., credit card data)

Question 6

What is a breach of integrity?

Answer 6

• Unauthorized modification of data (e.g., altering website content)

Question 7

What is a breach of availability?

Answer 7

• Destruction or disruption of data (e.g., website defacement)

Question 8

What is denial of service (DoS)?

Answer 8

• Preventing legitimate users from accessing system services by overwhelming them

Question 9

What is masquerading in network security?

Answer 9

• Pretending to be another user or system to gain unauthorized access

Question 10

What is a replay attack?

Answer 10

• Maliciously repeating a valid data transmission to gain advantage (e.g., money transfer)

Question 11

What is session hijacking?

Answer 11

• Taking over an active communication session to bypass authentication

Question 12

What are the four levels of effective security measures?

Answer 12

• Physical
• Human
• Operating System
• Network

Question 13

What is a Trojan Horse in cybersecurity?

Answer 13

• A program disguised as something benign
• May delete/modify data or install backdoors

Question 14

What is a trap door in software?

Answer 14

• A hidden access point (e.g., hardcoded credentials) left by the developer

Question 15

What is a logic bomb?

Answer 15

• Malicious code triggered under specific conditions (e.g., a date/time)

Question 16

What is a worm?

Answer 16

• A standalone, self-replicating program that spreads and consumes resources

Question 17

How did the Morris Worm work?

Answer 17

• Exploited UNIX vulnerabilities
• Used a ‘grappling hook’ and main program
• Conducted attacks via rsh, finger, and sendmail

Question 18

What is the purpose of cryptography?

Answer 18

• Ensure secure communication without trusting the network
• Encode messages so only parties with the correct key can decode

Question 19

Define: Cipher, Plaintext, Ciphertext.

Answer 19

• Cipher: Algorithm for encryption/decryption
• Plaintext: Original message
• Ciphertext: Encrypted message

Question 20

What is symmetric encryption?

Answer 20

• Uses the same key for both encryption and decryption
• Requires secure key sharing between sender and receiver

Question 21

Name some symmetric encryption algorithms.

Answer 21

• DES, Triple DES, AES (block ciphers)
• RC4 (stream cipher)

Question 22

What is asymmetric encryption?

Answer 22

• Uses different keys for encryption and decryption (public/private)
• Public key is shared openly; private key is secret

Question 23

How does RSA encryption work?

Answer 23

• Based on factoring large prime numbers
• Public key for encrypting; private key for decrypting
• Often used to securely share symmetric keys

Question 24

What does the macro in the diagram do?

Answer 24

• Runs a Visual Basic script that silently formats the C: drive
• Exploits the FileSystemObject and Shell to execute the command

Question 25

Why is this script dangerous?

Answer 25

* It causes irreversible data loss by reformatting the hard drive * Can be embedded in a macro-enabled document for stealth execution

Question 26

What does the 'Man-in-the-middle' diagram show?

Answer 26

* An attacker intercepting communication between sender and receiver * Appears legitimate to both ends

Question 27

What does the 'Normal' communication diagram illustrate?

Answer 27

* Direct communication between sender and receiver without interception

Question 28

How does a man-in-the-middle attack differ from session hijacking?

Answer 28

* Man-in-the-middle maintains ongoing interception * Session hijacking takes over after authentication has occurred

Question 29

What security threat is depicted in the masquerading diagram?

Answer 29

* An attacker pretending to be a trusted sender to deceive the receiver

Question 30

Why is masquerading considered a breach of authentication?

Answer 30

* It allows access to resources or privileges under false identity

Question 31

What attack method is illustrated with the 'grappling hook' and 'worm'?

Answer 31

* The Morris Worm attack * Uses a grappling hook to exploit vulnerabilities (e.g., rsh, sendmail) and downloads the worm

Question 32

What services were exploited in the Morris Worm?

Answer 32

* rsh, finger, sendmail

Question 33

What does this encryption diagram represent?

Answer 33

* Symmetric key encryption over an insecure channel

Question 34

What are the key components shown in the diagram?

Answer 34

* Key exchange * Encryption algorithm (E) and Decryption algorithm (D) * Attacker attempting to intercept ciphertext

Question 35

How is secure communication maintained despite an insecure channel?

Answer 35

* Only the intended recipient with the correct key can decrypt the message

Question 36

What is a breach of availability?

Answer 36

Unauthorized destruction or disabling of data or services, e.g., website defacement or DoS attacks.

Question 37

How does theft of service occur in a system?

Answer 37

Unauthorized use of system resources like CPU or network bandwidth, often through rogue processes.

Question 38

What is confidentiality in the context of security?

Answer 38

Ensuring that information is only accessible to those authorized to view it.

Question 39

What example best illustrates a breach of integrity?

Answer 39

Modifying the content of a trusted website or falsifying database entries.

Question 40

Why is a DoS attack considered a serious security violation?

Answer 40

It disrupts availability, preventing legitimate users from accessing system resources.

Question 41

Why must physical security be part of cybersecurity?

Answer 41

Unauthorized physical access can bypass digital safeguards completely.

Question 42

What are examples of human-level threats to security?

Answer 42

Phishing, social engineering, careless password handling.

Question 43

Why is network-level security crucial?

Answer 43

Data in transit can be intercepted, spoofed, or altered.

Question 44

What is the weakest link principle in security?

Answer 44

The overall system security is only as strong as its least protected component.

Question 45

What is the goal of defense in depth?

Answer 45

To use multiple layers of security to protect against different types of threats.

Question 46

What is a Trojan horse in cybersecurity?

Answer 46

A malicious program disguised as a useful one that grants unauthorized access.

Question 47

How does a trap door threaten a system?

Answer 47

It provides a hidden way to access the system, often without authentication.

Question 48

What is a logic bomb?

Answer 48

A code segment that triggers a malicious function when specific conditions are met.

Question 49

What distinguishes a virus from a worm?

Answer 49

A virus requires a host file to propagate; a worm does not and can self-replicate.

Question 50

How does buffer overflow pose a security risk?

Answer 50

It can overwrite memory, allowing attackers to execute arbitrary code.

Question 51

What is port scanning used for by attackers?

Answer 51

To find open ports that may have exploitable services.

Question 52

What are zombie systems in the context of network threats?

Answer 52

Compromised machines used to launch attacks like DDoS without the owner's knowledge.

Question 53

How does a worm exploit network systems?

Answer 53

By self-replicating and spreading across connected devices, consuming resources.

Question 54

What kind of services might be abused in a system attack?

Answer 54

Email servers, open ports, and default login credentials.

Question 55

What is a hybrid threat involving both system and network vectors?

Answer 55

A worm that installs a Trojan horse through a network exploit.

Question 56

What is the difference between encryption and cryptography?

Answer 56

Cryptography is the study of secure communication; encryption is one of its methods.

Question 57

Define the term ‘cipher’.

Answer 57

An algorithm used for encryption and decryption.

Question 58

What is plaintext in cryptography?

Answer 58

The original readable message before encryption.

Question 59

What does ciphertext mean?

Answer 59

The encrypted, unreadable version of a message.

Question 60

What is cryptanalysis?

Answer 60

The study of breaking or analyzing encryption to reveal plaintext without a key.

Question 61

Why is encryption used in network communication?

Answer 61

To prevent unauthorized users from reading transmitted data.

Question 62

What is the function of a decryption algorithm?

Answer 62

To transform ciphertext back into readable plaintext using a key.

Question 63

What makes an encryption function secure?

Answer 63

Its output cannot be deciphered without the correct key.

Question 64

What does key management involve in encryption?

Answer 64

Generating, distributing, and securely storing cryptographic keys.

Question 65

What is a cryptosystem?

Answer 65

A suite of algorithms and keys used for secure communication.

Question 66

Why is key secrecy fundamental to encryption?

Answer 66

If the key is compromised, the security of all encrypted data is lost.

Question 67

What does it mean for decryption to be infeasible without a key?

Answer 67

It should not be computationally practical to decrypt data without knowing the key.

Question 68

Why is public-key infrastructure needed in asymmetric encryption?

Answer 68

To ensure the authenticity and trustworthiness of shared public keys.

Question 69

What ensures encryption resists brute-force attacks?

Answer 69

The key length and algorithm complexity.

Question 70

Can encryption be secure if the algorithm is public? Why?

Answer 70

Yes, as long as the key remains secret, public algorithms can still be secure (Kerckhoffs's principle).

Question 71

What is the main advantage of symmetric encryption?

Answer 71

It is computationally efficient and fast.

Question 72

What is AES?

Answer 72

Advanced Encryption Standard — a widely used symmetric block cipher.

Question 73

Why is secure key exchange a problem in symmetric encryption?

Answer 73

Both parties must already share a secret key, which is hard to do securely.

Question 74

How does DES differ from Triple DES?

Answer 74

Triple DES applies the DES algorithm three times for improved security.

Question 75

What is RC4?

Answer 75

A stream cipher previously used in SSL; now considered insecure.

Question 76

What are the two keys used in asymmetric encryption called?

Answer 76

Public key (for encryption) and private key (for decryption).

Question 77

What is RSA based on?

Answer 77

The difficulty of factoring large prime numbers.

Question 78

Why is asymmetric encryption slower than symmetric?

Answer 78

It uses more complex mathematical operations and larger keys.

Question 79

When is asymmetric encryption typically used?

Answer 79

For securely exchanging symmetric keys or in digital signatures.

Question 80

How does a recipient know a message came from a trusted source in asymmetric encryption?

Answer 80

Using digital signatures verified by the sender’s public key.