Network Security

Question 1

Define

Network Protocol

Network Security

Answer 1

Transports data between nodes of a network and defines the syntax/semantics (how)

Question 2

Define

Layering

Network Security

Answer 2

Stacks of protocols for modularization (separation)

Question 3

What is the TCP/IP Layering?

Network Security

Answer 3

Link (data transfer)
Transport (process to process transport)
Netowrk (source to dest route)
Application (supporting network applications)

Question 4

Define

Internet Protocol

Network Security

Answer 4

Connectionless, unreliable, best-effort datagram delivery between any nodes on the Internt with reliance on lower-level layer protocols

Question 5

Define

IP Address

Network Security

Answer 5

4 byte value unqiue to each network separated by .

Question 6

Components of IP Datagram

Network Security

Answer 6

• Expiration
• Protocol
• Source Address
• Destination Address

Question 7

Describe

Delivery of an IP datagram: same physical network

Network Security

Answer 7

Direct delivery in lower-level

Question 8

Describe

Delivery of an IP datagram: different physical networks

Network Security

Answer 8

Pass through devices of intermediate networks

Question 9

What are the two intermediate networks?

Network Security

Answer 9

Inter-networks: routers
Intra-networks: switches

Question 10

Define

Ethernet

Network Security

Answer 10

Link-layer protocol that includes dest address, source address, and type

Question 11

Define

Switches

Network Security

Answer 11

• Connects machines in the Local Area Networks (LAN)
• Stores/forwards Ethernet
• Examines incoming MAC addresses
• Maintains a table that maps MAC addresses and their respective ports

Question 12

Types of Network Attacks

Network Security

Answer 12

• Local Area Network (LAN) Attacks
• Network Layer Attacks
• Transport Layer Attacks

Question 13

Describe

Local Area Network (LAN) Attacks

Network Security

Answer 13

• Impersonate host
• Denial of service
• Access information
• Tamper with delivery mechanisms

Question 14

Define

Sniffing/Eavesdropping

Network Security

Answer 14

Gathering traffic from a local traffic (promiscuous mode) to collect credentials/emails/files, etc.

Question 15

Can sniffing go undetected?

Network Security

Answer 15

Mainly yes but can be detected by software

Question 16

Define

Address Resolution Spoofing

Network Security

Answer 16

Sniffing all traffic between two hosts in a switched environment (intra-network)

Question 17

How is Address Resolution Spoofing possible?

Network Security

Answer 17

Replies in a switched environments don’t need requests to be accepted

Question 18

Define

Address Resolution Protocol (ARP)

Network Security

Answer 18

Mapping a host’s IP address to its link-layer address associated with peer’s hardware for direct delivery and sends messages through the underlying link-layer

Question 19

Defenses against Address Resolution Spoofing

Network Security

Answer 19

• Static ARP entities
• Cache poisoning resistance
• Monitor changes and report sus mappings

Question 20

Describe

Defense to Address Resolution Spoofing: Static ARP Entities

Network Security

Answer 20

Ignores dynamic updates
Limitation: difficult to manage in a large system

Question 21

Describe

Defense to Address Resolution Spoofing: Cache Poisoning Resistance

Network Security

Answer 21

Ignoring unsolicited ARP replies and updates based on timeouts
Limitations: susceptible to hijacking, timeouts have limited usefulness

Question 22

Hijacking is the product of

Network Security

Answer 22

Sniffing and spoofing

Question 23

Describe

Process of hijacking

Network Security

Answer 23

Once the attacker sniffs and spoof the necessary information, they are racing against the legit host to reply to the client’s request

Question 24

Define

Rogue Gateway

Network Security

Answer 24

First hop for all Internet traffic

Question 25

What happens if an attacker gains control of a rogue gateway?

Network Security

Answer 25

Attacker can sniff, intercept, block, and modify traffic

Question 26

Define

Broadcast Protocol

Network Security

Answer 26

Enables transmission of messages

Question 26

Securing LAN Mechanisms

Network Security

Answer 26

• Do nothing and assume that it is secure
• Smart switching/active monitoring

Question 27

Define

Smart switching/active monitoring

Network Security

Answer 27

• Don’t broadcast traffic
• Forward Ethernet to the right path
• Filter requests to limit listening/filtering replies to limit replying

Question 28

Define

Dynamic Host Configuration Protocol

Network Security

Answer 28

Dynamically allocates the IP address to hosts of a network and provides information about DNS server, gateway, and period of lease

Question 29

Threats against Dynamic Host Config Protocol

Network Security

Answer 29

• Fake DNS server => redirection of DNS lookups
• Fake gateway router => interception of traffic, relay/modification of contents between host and remote machine

Question 30

Define

Network Layer Attack

Network Security

Answer 30

Gaining access to a system that is isolated from other networks

Question 31

What are the two types of Network Layer Attacks?

Network Security

Answer 31

IP Spoofing and Blind Spoofing

Question 32

Define

IP Spoofing

Network Security

Answer 32

Impersonating sources of security-critical information to exploit address-based authentication

Question 33

Define

Blind Spoofing

Network Security

Answer 33

Attacker sends IP packet and forges source IP with another host’s IP => receiver sends a response back (unaccessible by attacker)

Question 34

What are the two types of Internet spoofing?

Network Security

Answer 34

On-path and off-path spoofing

Question 35

What can an on-path Internet spoofer do?

Network Security

Answer 35

See all traffic

Question 36

What can an off-path Internet spoofer do?

Network Security

Answer 36

Has to blind spoof and guess header values/use brute force because they can’t see traffic

Question 37

Define

Autonomous System (AS)

Network Security

Answer 37

Network that manages its internal routing and is interconnected to form the Internet

Question 38

What does an Autonomous System (AS) do?

Network Security

Answer 38

Determines where its packets should be sent

Question 39

Who specifies the routing of an Automous System (AS)?

Network Security

Answer 39

Border Gateway Protocol

Question 40

What makes blind-spoofing and IP spoofing possible?

Network Security

Answer 40

Lack of edge-AS restricting IP spoofing or blocking packets with a different source IP address

Question 41

Define

User Datagram Protocol (UDP)

Network Security

Answer 41

Transport layer protocol that is connectionless, unreliable, best-effort datagram delivery service; best suited for multi-media and services based on requests

Question 42

Cons of User Datagram Protocol (UDP)

Network Security

Answer 42

No delivery, integrity, ordering, or non-duplication guaranteed

Question 43

What does User Datagram Protocol (UDP) introduce?

Network Security

Answer 43

Port abstraction

Question 44

Define

Port abstraction

Network Security

Answer 44

One can communicate with different components of the same IP address

Question 45

User Datagram Protocol (UDP) Packet components

Network Security

Answer 45

• Length
• Destination port
• Source port (optional)
• Checksum (error detection, optional)

Question 46

Types of User Datagram Protocol (UDP) Attacks

Network Security

Answer 46

• UDP Spoofing ~ IP Spoofing
• UDP Hijacking ~ UDP Spoofing variant
• UDP Port Scan - finding vulnerable/open ports
• Denial of Service

Question 47

Define

Transmission Control Protocol (TCP)

Network Security

Answer 47

Transport layer protocol that provides connection-oriented, reliable stream delivery service

Question 48

Guarantees of a Transmission Control Protocol (TCP)

Network Security

Answer 48

Ordering, delivery, non-duplication

Question 49

What are the ports associated with in UDP and TCP?

Network Security

Answer 49

OS Processes

Question 50

Function of TCP

Network Security

Answer 50

Allows 2 hosts to establish a connection identified by IP address/ports of source and destination (socket)

Question 51

Describe

TCP Window

Network Security

Answer 51

Performs flow control and is dynamic

Question 52

Describe

TCP Packet

Network Security

Answer 52

Includes source/dest ports, seq #, ack #, data

Question 53

Define

Sequence Number (Seq #)

Network Security

Answer 53

Relative position of TCP segment in stream

Question 54

Define

Acknowledgement Number (ACK #)

Network Security

Answer 54

Position of next byte expected from stream

Question 55

List TCP flags

Network Security

Answer 55

• SYN
• ACK
• FIN
• RST
• PSH

Question 56

Define

TCP Flag: SYN

Network Security

Answer 56

Set only in the 1st packet to request sync of syn/ack nums and kickstart connection request

Question 57

Define

TCP Flag: ACK

Network Security

Answer 57

Validates ACK # in all packets except 1st

Question 58

Define

TCP Flag: FIN

Network Security

Answer 58

Indicates a request to terminate a stream in last packet from sender

Question 59

Define

TCP Flag: RST

Network Security

Answer 59

Request to reset a connection

Question 60

Define

TCP Flag: PSH

Network Security

Answer 60

Push buffered data request

Question 61

List TCP Threats

Network Security

Answer 61

• Port Scan
• Disruption
• SYN Flooding

Question 62

Define

TCP Threat: Port Scan

Network Security

Answer 62

Finds vulnerable/open ports

Question 63

Types of TCP Port Scans

Network Security

Answer 63

• Normal
• SYN
• FIN

Question 64

Describe

Port Scan: Normal

Network Security

Answer 64

Establish a connection with an arbitrary port and follows the TCP connection setup/shutdown (giveaway: lots of logs/connections)

Question 65

Describe

Port Scan: SYN

Network Security

Answer 65

If a port is available, server/target will return an ACK packet (unavailable = RST packet) => scanner sends RST packet to “terminate” connection

Question 66

Why is a SYN port scan not logged?

Network Security

Answer 66

A connection was never fully established

Question 67

Describe

Port Scan: FIN

Network Security

Answer 67

Scanner sends a FIN packet to a host/target => open port: FIN ignored, closed port: RST

Question 68

Define

TCP Threat: SYN Flooding

Network Security

Answer 68

Overload of connections

Question 69

What does SYN Flooding cause?

Network Security

Answer 69

Denial of Service (DoS)

Question 70

Defenses against SYN Flooding

Network Security

Answer 70

• Filtering
• Small time-outs for 1/2 open connections
• Limiting the number of 1/2 open connections
• Recyling oldest 1/2 open connections
• Requesting a SYN cookie to finish connection (set up and validate => reconstructed state)

Question 71

Why can attackers spoof victim’s IP and SYN Flood?

Network Security

Answer 71

ACK packets are not needed

Question 72

Describe

TCP Threat: Disruption

Network Security

Answer 72

Abrupt termination request with RST packet and acceptance with correct seq #

Question 73

Two Injections following TCP Disruption

Network Security

Answer 73

RST and Data Injection

Question 74

Define

RST Injection

Network Security

Answer 74

MITM with port and sequence #

Question 75

Describe

Data Injection

Network Security

Answer 75

Control hijacking with port and sequence #

Question 76

Requirement to execute TCP Disruption

Network Security

Answer 76

TCP spoofing

Question 77

How to guess the sequence number?

Network Security

Answer 77

Establish a legit connection with target and predict based on information

Question 78

Describe

TCP Connection Setup Process

Network Security

Answer 78

1. Server listens to ports
2. Client sends requests (SYN packet) wtih initial sequence number (Sc)
3. Server accepts and responds (SYN-ACK packet) with initial sequence number (Ss) and ACK # (Sc + 1)
4. Client acknowledges with sequence number (Sc + 1) and acknowledgement number (Ss + 1)
5. Data is sent

Question 79

Describe

TCP Connection Shutdown Process

Network Security

Answer 79

1. End A sends FIN packet (Sc)
2. End B replies with ACK packet (seq # = Ss, ACK # = Sc + 1)
3. End B sends FIN packet to close stream (seq # = Ss, ACK # = Sc + 1)
4. A replies with ACK packet (seq # = Sc + 1, ACK # = Ss + 2)

Question 80

If a TCP segment is accepted, what’s the order of the ack/seq/window?

Network Security

Answer 80

ACK # <= Seq # <= ACK # + Window