Lecture 18: 13th November 2019 Flashcards Preview

CS4203 Computer Security > Lecture 18: 13th November 2019 > Flashcards

Flashcards in Lecture 18: 13th November 2019 Deck (51)
Loading flashcards...

What is Wifi?

= Wireless Fidelity = a family of wireless networking technologies, based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access.


What is cloud computing?

The practice of using a network of remote computers hosted on the Internet to perform computational tasks, rather than doing so locally.


What is RFID?

Radio-frequency identification = using the engineered electromagnetic fields of objects to automatically identify and track tags attached them. The tags contain electronically stored information.


What is WEP? What cipher does it use?

Wired Equivalent Privacy = an obsolete security algorithm for IEEE 802.11 wireless networks. It was designed to provide a wireless local area network (WLAN) with a level of security, confidentiality, and privacy comparable to what is usually expected of a wired LAN.

it uses RC4.


What is RC4?

Rivest Cipher4 = an obsolete stream cipher used for encrypting data. It is very simple and fast but is very insecure, having multiple vulnerabilities.


What is TKIP?

Temporal Key Integrity Protocol = an encryption protocol used in the IEEE 802.11 wireless networking standard to replace WEP in WPA. It was a temporary fix to WEP's vulnerabilities that extended its functionality without having to replace legacy hardware.


What is WPA?

Wi-Fi Protected Access = a security standard for 802.11 that has more sophisticated data encryption and better user authentication than WEP. The first version was designed to be backwards-compatible and able to be implemented on the same hardware as WEP to quickly fix its vulnerabilities.


What is WPA2?

The second version of the WPA which fixed issues in WPA arising from plugging the gaps of WEP - it made it a lot harder to exploit vulnerabilities but it was still possible. it did this with the introduction of the AES algorithm over TKIP.


What is a MIC?

Message Integrity Code = a digest of a hash algorithm applied to data that ensures its integrity and authenticity


What are the differecnes between WEP, WPA, and WPA2?

WEP was original, used RC4, and is very insecure. WAP was a WEP fix compatible on old hardware and introduced TKIP which extended WEP and made it a lot harder to exploit. WPA2 made a more robust and stable solution, using AES instead of TKIP (though it can also support TKIP).


What are the modes of WPA2?

personal and enterprise


What is personal mode in WPA2?

Uses a Pre Shared Key (PSK) and therefore does not require separate authentication. This is the same as WPA.

Aka WPA2PSK, a method of securing your network using WPA2 with the use of the optional Pre-Shared Key (PSK) authentication, which was designed for home users without an enterprise authentication server.


What is enterprise mode in WPA2?

uses IEEE 802.1X based authentication, the Extensible
Authentication Protocol (EAP) which has various levels such as Transport Level Security (EAP-TLS), or Tunneled TLS (EAP-TTLS), Protected EAP versions – some with token cards or an identity module.

greater level of security than personal mode. not just 1 password for everyone, makes encrypted tunnels for each device after authentication


What is an AP?

Access Point = WAP = a networking hardware device that allows other Wi-Fi devices to connect to a wired network. The AP usually connects to a router (via a wired network) as a standalone device, but it can also be an integral component of the router itself. An AP is differentiated from a hotspot, which is the physical location where Wi-Fi access to a WLAN is available.


What is RADIUS?

Remote Authentication Dial-In User Service = a networking protocol, operating on port 1812 that provides centralized Authentication, Authorization, and Accounting management for users who connect and use a network service. A RADIUS server utilizes a central database to authenticate remote users. RADIUS functions as a client-server protocol, authenticating each user with a unique encryption key when access is granted.


What is a PAE?

Port Access Entity = The protocol entity associated with a port. May support functionality of Authenticator, Supplicant or both. A conceptual controller to allow or drop network traffic ingress and egress to/from a controlled port.


What is EAPoL?

Extensible Authentication Protocol (EAP) over LAN (EAPoL) = a network port authentication protocol used in IEEE 802.1X (Port Based Network Access Control) developed to give a generic network sign-on to access network resources.

Extensible Authentication Protocol (EAP) over LAN (EAPoL) is a network port authentication protocol used in IEEE 802.1X (Port Based Network Access Control) developed to give a generic network sign-on to access network resources.

It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.


How does WPA2 authentication work?

In WPA2 Personal mode, authentication is between the client and an Access Point (AP) with the AP generating a PSK from a plain text passphrase that is used for all devices.

In Enterprise mode, the AP provides access control to the authentication (RADIUS) server. The AP has 2 logical parts: service and authentication and Port Access Entity (PAE). The authentication PAE is always open. The service is opened after successful authentication using
EAPoL (EAP over LAN). Because each device is authenticated before it connects, a personal, encrypted tunnel is effectively created between the device and the network.


What is a PTK?

Pairwise Transient Key = a key containing keys that are used to encrypt unicast data frames that traverse the wireless medium. Used for the broadcast/multicast of neighbour-to-neighbour keys.


What is a GTK?

Group Transient Key = a key used to decrypt multicast and broadcast traffic. Used for the broadcast/multicast of neighbour-to-neighbour keys.


How does key generation work in WPA2?

There are 2 sets of 2 handshakes to try and ensure fresh key generation and distribution, problems with previous WPA generations. The 4-way handshake is for Pairwise Transient Key (PTK) and Group Transient Key (GTK).

There are four EAPoL messages between the client and the Access Point (AP) to confirm the client knows the Pairwise Master Key. From this a PTK is generated which should be fresh for each transaction, nonces are generated by both client and AP.

GTK and MTK are used for the broadcast/ multicast neighbour-to-neighbour keys.


How do WPA2 handshakes work?

In a 4-way handshake:
- authenticator (A) to supplicant (S): EAPOL-KEY msg 1 => PTK made in S
- S to A: EAPOL-KEY msg 2 => PTK made in A
- GTK made in A then sent to S in E-K msg 3
- S to A: E-K msg 4 confirming temporal keys (PTK and GTK) installed in both


What are some vulnerabilities of WPA2?

DOS can be frequency jamming, data flooding, layer 2 session hijacking.

Deauthentication can happen by forcing the client to reauthenticate. The attacker could spoof MAC addresses.

Disassociation is when the authenticated client with multiple APs disassociate from some of them.


How does RFID work?

An RFID (dumb) tag is read from an EM field by a reader to get its info; in shops, they are searched against a database to locate and monitor goods.


What are some vulnerabilities of RFID? What are some defensive measures?

Tags can be eavesdropped, traffic analysed, spoofed or even subjected to DoS.

Tag memory can be password protected or locked with a unique ID. Special readers or detectors can be used to read/ detect groups of RFID tags.

Some tags can have a kill command embedded to protect privacy or shielded within a Faraday Cage to stop scanning. A Hash-lock integrity value could be added to the RFID memory. Active jammers could be used to protect against reading.


What are some security issues with cloud computing?

- Many users, operating systems, servers, clients, and applications
- Many transactions using Virtual Machines and Virtual Networks
- Separation of VMs, VNs
- Storage issues, Insecure APIs
- Service Level Agreements (SLAs)


What are some services provided on the cloud? (xaaS)

infrastructure, software, platform, network, storage, data, desktop, mobile backend, security, etc


How can you defend cloud-based systems?

- Firewall (inc. IDS)
- AntiVirus
- Authentication
- Access Control
- Application/ Web
- Monitoring/ Response etc.

Be sure to apply defence in depth and have a multilayered approach: no 1 tool can protect against all vulnerabilities


What are the 5 top threats facing cloud computing systems in 209 according to the Cloud Security Alliance?

1. Data Breaches
2. Misconfiguration and inadequate change control
3. Lack of security architecture and strategy
4. Weak or Insufficient Identity, Credentials, Access and Key Management
5. Account Hijacking


What steps can be taken to defend cloud-based systems from their top threats?

- Reinforce internal security
- Demand transparency
- Consider legal and commercial implications

Gartner considers the following security concerns:
- User / privileged access
- Compliance
- Data location
- Data segregation
- Disaster recovery
- Long term Viability
- Investigative support (for any nefarious activity