SB 19: Network Security Flashcards
What is and end-to-end protocol vs a link protocol and how do the cryptographic version work?
End-to-end: intermediate hosts parts play no part in the handling of the information other than forwarding it to its (eventual destination). End-to-end encryption: the cryptographic process occurs only at the start and destination of the message being sent. Each starting host shares a key with its destination. An attacker cannot read the message only the routing information.
Link: describes how each pair of intermediate hosts process information. Link encryption: the cryptographic process occurs at each host along the path from start to destination. Each host shares a key with its neighbor. An attacker can thus read the messages as they are traveling.
What is traffic analysis?
When you can deduce the contents of the data based on the sender, receiver and other information like timestamps.
What is a firewall?
A host that mediates access to a network by either allowing or disallowing certain traffic (based on a security policy).
What is a DMZ?
Separates a purely internal network from an external network. Like separating non-critical servers from critical infrastructure like databases.
What (3) different types of firewalls are there?
Filtering: access control is based on attributes of packet headers. Requires manual input. Access is based on a created ACL that allows or disallows packets from certain IP-addresses. Problem is that it implies trust in IP-addresses. Not all threats comes from malicious addresses.
Stateful: Also uses ACLs. But in addition it also inspects packet traffic, logs the relevant data — originating address, packet type, destination, and so on — and compares future traffic against that log to validate it. If it was safe before, it is safe now. Vulnerable to DDoS attacks because it is process intensive which can lead to bottlenecks. MITM
Proxy: A proxy server combined with a firewall. Gives greater inspection of incoming and outgoing traffic.
A firewall should exist as a standalone machine in order to be as effective as possible.
What is a proxy server?
An intermediate agent/server that acts on behalf of an endpoint without allowing direct connection between the two endpoints. Can optimize network traffic for large organization by caching frequently visited websites, thus preventing the need to access the internet every time. Can anonymize traffic by preventing the internet from knowing what person is trying to access what information. Cannot hide IP-addresses. You send a request to the proxy and the proxy accesses the internet to fetch the request or deny the request based on access control settings in the proxy.
