Lesson 9: Internet Security

Question 1

What are the four properties of secure communication?

Answer 1

1. Confidentiality
2. Integrity
3. Authentication
4. Availability

Question 2

What does confidentiality in secure communication protect against?

Answer 2

Eavesdropping attacks

Question 3

What countermeasure protects confidentiality?

Answer 3

Encryption

Question 4

What does integrity in communication ensure?

Answer 4

That the message has not changed in transit

Question 5

What countermeasure helps ensure integrity?

Answer 5

Checksumming techniques

Question 6

Why is authentication important in secure communication?

Answer 6

To verify the identity of the communication partner

Question 7

What does availability mean in secure communication?

Answer 7

Ensuring information is accessible on demand, even during failures or attacks

Question 8

How does Round Robin DNS distribute load?

Answer 8

By cycling through DNS A records in responses

Question 9

How does a CDN choose the nearest edge server?

Answer 9

Using network topology and current link characteristics

Question 10

What is the purpose of Fast-Flux Service Networks (FFSN)?

Answer 10

To rapidly rotate DNS A records using compromised machines as proxies

Question 11

What is the role of flux agents in FFSNs?

Answer 11

They relay traffic between users and the control node

Question 12

What are the three main data sources FIRE uses?

Answer 12

1. Botnet C&C hosts
2. Drive-by-download sites
3. Phishing page hosts

Question 13

What are the two phases of ASwatch?

Answer 13

1. Training Phase
2. Operational Phase

Question 14

What feature families are used in ASwatch?

Answer 14

• Rewiring Activity
• IP Space Fragmentation
• BGP Routing Dynamics

Question 15

What does the operational phase of ASwatch do?

Answer 15

Assigns a reputation score to unknown ASes

Question 16

What are the three classes of breach prediction features?

Answer 16

1. Mismanagement symptoms
2. Malicious activities
3. Security incident reports

Question 17

What is exact prefix hijacking?

Answer 17

An attacker announces a route to an existing prefix owned by another AS

Question 18

What is sub-prefix hijacking?

Answer 18

Announcing a more specific prefix to hijack traffic from a larger prefix

Question 19

What is squatting in BGP?

Answer 19

Announcing a prefix not currently announced by its rightful owner

Question 20

What is Type-0 hijacking?

Answer 20

Announcing a prefix not owned by the announcing AS

Question 21

What is Type-N hijacking?

Answer 21

Inserting fake links in the AS-path to falsify routing paths

Question 22

What is Type-U hijacking?

Answer 22

Changing the prefix without modifying the AS-path

Question 23

What is a blackholing (BH) attack?

Answer 23

Traffic is intercepted and dropped before reaching its destination

Question 24

What is a man-in-the-middle (MM) attack?

Answer 24

Intercepted traffic is eavesdropped or manipulated

Question 25

What is an imposture (IM) attack?

Answer 25

Hijacked traffic is impersonated and responded to by the attacker

Question 26

What are the causes of BGP attacks?

Answer 26

* Human error * Targeted attacks * High-impact attacks

Question 27

What does ARTEMIS use to track owned prefixes?

Answer 27

A configuration file maintained by the network operator

Question 28

What are the two ARTEMIS mitigation techniques?

Answer 28

1. Prefix deaggregation 1. MOAS announcements

Question 29

What are two findings from ARTEMIS?

Answer 29

1. Third-party BGP announcements are effective 1. Filtering is less optimal

Question 30

What is the structure of a DDoS attack?

Answer 30

Botnets flood the victim with traffic, exhausting resources

Question 31

What is spoofing in a DDoS attack?

Answer 31

Setting a false IP address in the source field of packets

Question 32

What is a reflection attack?

Answer 32

Spoofed requests trigger replies from reflectors to flood the victim

Question 33

What is an amplification attack?

Answer 33

Large replies from reflectors further increase traffic to the victim

Question 34

What is a traffic scrubbing service?

Answer 34

Filters malicious traffic before sending clean traffic to the target

Question 35

What are ACL filters?

Answer 35

Rules on border routers that drop unwanted traffic

Question 36

What is BGP Flowspec?

Answer 36

A BGP extension to deploy fine-grained filtering rules

Question 37

What is BGP blackholing?

Answer 37

Dropping all traffic to a target prefix to stop a DDoS attack

Question 38

What is provider-based blackholing?

Answer 38

Edge providers implement blackhole rules for customers

Question 39

What is IXP blackholing?

Answer 39

Route servers at IXPs propagate blackhole rules to member ASes

Question 40

What is a drawback of BGP blackholing?

Answer 40

Legitimate traffic to the target is also dropped

Question 41

Which property of secure communication is primarily violated in the event that a third party pretends to be another entity on the network?

Answer 41

Authentication

Question 42

Which property of secure communication is primarily violated in the event that Trudy is able to access (but not modify) the contents of a message between Alice and Bob?

Answer 42

Confidentiality

Question 43

True or False: Round Robin DNS (RRDNS) is one of the 'tools' that malicious parties can use to extend the time their content is accessible/hosted on the Internet.

Answer 43

True

Question 44

True or False: Fast-Flux Service Networks (FFSNs) can be leveraged by malicious actors to extend the availability of a scam.

Answer 44

True

Question 45

True or False: The FIRE system takes primarily a reactive approach to infer network reputation, relying on monitoring IP blacklists.

Answer 45

True

Question 46

True or False: ASwatch takes primarily a proactive approach to infer network reputation by monitoring the routing behavior of networks.

Answer 46

True

Question 47

How can a rogue network remain undetected by ASwatch (stay under the radar)?

Answer 47

By maintaining a stable control plane behavior.

Question 48

Which system monitors routing behavior to determine the legitimacy of a network?

Answer 48

ASwatch

Question 49

Which system uses routing behavior to detect BGP hijacking attacks?

Answer 49

ARTEMIS

Question 50

True or False: BGP Blackholing is a defense against prefix hijacking.

Answer 50

False

Question 51

True or False: The BGP blackholing technique can only be applied for traffic related to specific applications.

Answer 51

False

Question 52

When designing a system to identify DNS reflection and amplification attacks, which network operation plane(s) is essential to monitor for effective detection?

Answer 52

Data Plane

Question 53

To effectively identify BGP hijacking incidents, specifically targeting BGP path and prefix manipulations, which network operation plane(s) should you primarily monitor?

Answer 53

Control Plane

Question 54

Which techniques can help an attacker to attract more traffic when attempting to hijack a prefix?

Answer 54

* Advertise a more specific prefix than the original owner AS * Advertise a shorter path to the prefix.