Lesson 11 - Network Security Flashcards
What are 2 types of attacks common in Network security?
- Routing Attacks
- Naming Attacks
Reflection & Phishing
“Reflection”
generating large amounts of traffic at a victim causing a DDOS attack. Extremely common type of attack.
“Phishing”
attempt to trick user into revealing sensitive info
What is wrong with the Internet’s design and why?
- It is fundamentally insecure
- It was designed for simplicity
- “On by default” - reachable by any other host by default
- Hosts are insecure
- Attacks can look like normal traffic - especially in DDOS attacks were no one request is the problem, but rather a large volume can cause potential problems
- Federated design - the internet is not run by one person so it is difficult to coordinate security
What is the problem with packet switch networks?
- They are inherently vulnerable to resource exhaustion attacks
- Particularly prone to DDOS attacks
What are the 4 Components to Security?
- Availability
- Confidentiality
- Authenticity
- Integrity
What is Availability in Internet Security?
Ability to use a resource
What is Confidentiality in Internet Security?
Concealing information from prying eyes successfully
What is Authenticity in Internet Security?
It assures the correct origin of the information
What is Integrity in Internet Security?
Prevents unauthorized changes to packets/etc
In Security, what is considered a Threat?
Any potential violation of Availability, Confidentiality, Authenticity or Integrity
In Security, what is considered an Attack?
Any action that violates either Availability, Confidentiality, Authenticity or Integrity
What is an example of a threat to Confidentiality?
Eavesdropping with Wireshark and TCPdump in promiscuous mode
What is an example of a threat to Authenticity?
- Man-In-The-Middle - If the person can suppress the original packet, modify it and send it out again, essentially impersonating Alice
- ALSO an attack on Integrity
What is an example of a threat to Availability?
DDOS attack
What is DOS attack vs a DDOS attack?
A regular DOS attack comes from just one origin or host. A DISTRIBUTED DOS attack comes from multiple hosts.
In Security, what are the negative impacts of Attacks?
- Theft of confidential info
- Unauthorized use of info
- Spreading false info
- Disruption of service
Routing Security (BGP)
- Control plane authentication
- Session authentication: point-to-point between routers
- Path authentication: protects AS path routes
- Origin authentication: ensures that AS advertising prefix is the owner of that AS
- Data plane security - determining if data is traveling to the intended locations
What is the goal of control plane authentication?
To determine the veracity(accuracy) of routing advertisements
What is the goal of Data plane security
Determining if data is traveling to the intended locations
How do routing attacks occur?
- Configuration errors (AS 7007 attack)
- Routers can be compromised
- Unscrupulous ISPs
- These attacks all can happen by tampering with the Config, Software or Routing Data
Why do hijacks matter?
- DNS masquerading
* Man In The Middle Attacks
What type of IP protocol connects ASes together?
TCP connections
What is sent over TCP between ASes?
We send a message and a hash of the message and the secret key
