Secure Communications and Application Vulnerabilities

Question 1

How are secure communications achieved?

Answer 1

Through the design and implementation of protocols

Question 2

What is the layered model of networking?

Answer 2

Each layer is an abstraction of networking.

Each layer has one or more associated protocols and vertical interfaces.

Question 3

Where are security protocols implemented?

Answer 3

At each layer of the model

Question 4

What protocols are implemented at the application layer?

Answer 4

FTP, SMTP, HTTP, DNS, IMAP

Question 5

What security protocols are applied at the application layer?

Answer 5

PGP

Question 6

What protocols are implemented at the Transport layer?

Answer 6

TCP, UDP

Question 7

What security protocols are implemented at the Transport layer?

Answer 7

SSL/TLS

Question 8

What protocols are implemented at the Network layer?

Answer 8

IPv4, IPv6, ICMP

Question 9

What security protocols are implemented at the Network layer?

Answer 9

IPSec

Question 10

What protocols are implemented at the Link layer?

Answer 10

ADSL, Ethernet, WiFi

Question 11

What security protocols are implemented at the Link layer?

Answer 11

Wireless: WEP, WPA, WPS

Question 12

What is SSL?

Answer 12

Provides secure programming interface to applications, inserted between the application and transport layers and secures communication.

Question 13

When is SSL applied to communications?

Answer 13

TCP connection is followed by the SSL protocol handshake and data exchange.

Question 14

How does the SSL handshake work?

Answer 14

Client sends list of algorithms it supports and a nonce

Server chooses algorithms from list, sends choice + cert + server nonce

Client verifies the cert, extracts the server’s piblic key and generates a pre_master_secret which is encrypted and set to the server.

Server computes encryption and MAC keys from pre_master_secret and nonces

Client and server sends MAC of all handshake messages

Question 15

What is a cookie?

Answer 15

Text file stored on the client-side after being generated and transmitted from server.

Question 16

What is a form and what do they do?

Answer 16

Forms are online inputs that allow users to pass parameters to web pages.

Use GET and POST commands.

Question 17

When should validation be done on input?

Answer 17

Client-side before sending the information

Server-side before processing the information.

Question 18

How can input be restricted on a web page?

Answer 18

Dropdown menus, radio buttons etc.

Question 19

What do forms allow users to input into web pages?

Answer 19

Snippets of code by escaping the html.

Question 20

How can session-hijacking occur?

Answer 20

MITM attacks
Cross Site Scripting (CSS)
Session Sniffing

Question 21

How is session-hijacking done?

Answer 21

By reusing an old URL’s session ID, SID, Value.

Question 22

How does Cache poisoning work?

Answer 22

HTTP response splitting injects code into the web cache through the HTTP header which is executed if there’s no validation. This can change the DNS mappings of a site in order to serve the wrong content to the requesting user.

Question 23

How are web services assessed?

Answer 23

Identify running services

Identify subsystem and enabled components

Investigate known vulnerabilities in web services

Identify poorly constructed or protected sensitive data

Assess CGI, ASP etc scripts. Looking for parameter manipulation, patch regularity etc.

Question 24

What are the problems with emails?

Answer 24

Delivery systems for malware.

Encryption can be done through PGP and/or S/Mime

Question 25

How many bits does an S/Mime key have?

Answer 25

40 bits

Question 26

How is PGP used in email?

Answer 26

Uses PKI including X.509 certificate. Can use keys such as 3DES of 168 bits, and IDEA 128 bits

Question 27

How does S/Mime work?

Answer 27

Receive message Separate the message from the header info Decrypt the message Retrieve the message body Retrieve the digital signature and sender information Compare the digital signatures Allow or deny the message.

Question 28

Why are emails monitored?

Answer 28

To review business patterns and detect information disclosure

Question 29

What other issues does email face?

Answer 29

Anonymisation Interception Remailers forwarding information to the recipient and other servers. TOR setup can hide sender details using PKE SMTP doesn't check for the legitimacy or accuracy of emails.

Question 30

What did Baumgartner et. al. investigate and conclude?

Answer 30

Wanted to investigate connections between email servers to determine if email could be read. Found they could trick emails to be sent in plaintext. Also found that some organisations denied the connection but then opened another connection to send the plaintext version.

Question 31

What is STARTTLS?

Answer 31

Encrypts email session once the SMTP session has been initiated and STARTTLS is supported by the email server. In the absence of STARTTLS a plaintext transmission is done.

Question 32

What is STARTTLS Stripping?

Answer 32

Takes advantage of the fail-open design of STARTTLS by making the encrypted transmission fail and then intercepting the plaintext.

Question 33

What are databases?

Answer 33

Data collected in tables with fields and elements with a describing schema.

Question 34

What are the benefits of using databases?

Answer 34

``` Shared resources Reduced redundancy Data integrity/internal consistency Authenticated access Accuracy Recovery ```

Question 35

What is the problem of inference?

Answer 35

Sensitive information shouldn't be able to be gleaned from public data. This can be done directly or indirectly. Direct: User queries records to determine values Indirect: Only stats are used to determine information

Question 36

What are inference attacks mitigated?

Answer 36

Suppression of stats when the identification of individuals is possible Place controls on queries.

Question 37

What is multi-level security?

Answer 37

Data is protected with a number of different controls, such as partitioning, encryption, integrity checking.

Question 38

What is SQL injection?

Answer 38

Use SQL in the input form on the frontend to run SQL code on the backend.