IA Test 3

  1. when you break one thing you break the whole network
    Single point of failure
  2. in a network, something takes place at the failure
    Resilience/Fault tolerance
  3. one computer talking to other computer
    simple network
  4. Clients(nodes) talk to a host, or hosts- they communion through some communication medium
  5. in a network applications says give me all data
  6. network - not doing any work
  7. network of networks
  8. sits on top of the internet - http
  9. a network characteristic - social loafing, flaming, avatars(psuedonymity) social risks and benefits -
  10. machines do most, and sometimes all the communication
  11. network characteristic - we can have it - a lot of it
  12. network characteristic - you have no clue about where, physically, other nodes are. And you don't need to care
  13. network characteristic - many paths, circuit vs. packet switching
    routing diversity
  14. in a computer - an mp3 would be borken down into many of these, get cut into millions of pieces and send rout that is fastest and then they get put back toegether
  15. shape and size of a network- physical vs logical - star vs ring vs bus
  16. A simple hub looks like a star but acts like a
  17. a ______ ____ network looks like a star but works like a ring
    token ring
  18. the internet blurs this - networks of networks
  19. who owns the network vs who owns the hosts and clients - net nuetrality
  20. no one person made the internet and no one should get to control it
    net neutrality
  21. if ownership is fuzzy, so must ____ be fuzzy
  22. fast, huge bandwidth, difficult to intercept, cannot bend much, this to desktop is awesome, almost no attenuation
    optical fiber
  23. bounced from receiver to receiver, limited to about 30 miles, affected by rain, ducks, almost no attenuation
  24. short distances(9 miles max), needs clear line of sight, typically used between peripherals and laptops, pretty much old/dead tech
  25. use in geosynchronous orbit, abou 22,300 miles up - footprint, propagation delay- has horrid lag
  26. in a satelite - the area of dispersion
  27. in a satelite - the time it takes a signal to go up and bounce back
  28. agreed upon rules for how we will do something, like communicate electronically
  29. all people seem to need data processing
    osi model
  30. network communication - 1s and 0s
  31. network communication - bits are points in a wave
  32. modems convert between digital and ____ - MOdulator-DEModulator
  33. UTP or twisted pairs of copper wire - twisting reduces crossover between wires, high attenuation(weaker and fuzzier signals over distance) - CAT 5 cable is four pairs of twisted wire
    cable - easy to intercept
  34. like for cable tv- less attenuation than cable - used to be common in LANs until CAT 4/5
    coaxial cable - easy to intercept
  35. Application layer takes your input, formats it into a header and a body, puts it in a standard email format - presentation layer may compress that message, encrypt it, do some character conversions - no session layer as e-mail is a oneway trip - transport layer will handle error detection or correction
    OSI Model - E-mail Example
  36. OSI Model Addressing: destination address, source address, data
    Network layer adds
  37. OSI Model Addressing: Together a destination address, source address, and data form a
  38. OSI Model Addressing: MAC addresses of sender and receiver ( every network device has a mac address permanentrly attached to it, all of this comprises a frame
    Data Link Layer adds
  39. OSI Model Addressing: defines the mechanical aspects of electronic communication - what power level is o and what is 1
    Physical layer
  40. Is a protocol stack, four layers: application, host to host transport, internet, physical
    TCP/IP Model
  41. connected communications session on top of IP
  42. basic transport protocol
  43. takes variable length messages from the application layer and makes packets
    Transport layer
  44. moves packets in datagrams
    Internet layer
  45. ensures proper sequencing retransmission of lost packets
    TCP protocol
  46. has sequence numbers, acknowledgement number, flags source destination ports
    TCP packet
  47. 80- HTTP, 23- TELNET, 25 SMTP, 161 SNMP
    Source and destination ports
  48. no error checking, smaller, faster protocol, good for time-senstivie communication where some packet loss is ok, used for SNMP, time, etc
    UPD Packets
  49. 32 bit address in 8 byte groups, URL, DNS servers translate from domain name up, your systems keep a small lookup table or recently translated URLs too
    IP address
  50. LAN, WAN(CAN MAN), SAN, Intranets, Internet
    Network Types
  51. anonymity, many points of attack, sharing, system complexity, unknown perminter, unknown path
    Network Vulnerabilities
  52. we can't see who or from where we are being attacked
  53. targets and origins, many hosts along the way
    many points of attack
  54. networks lead to networks
  55. computer O/S is complex, even the most simple network is doubly so, middleware
    Network Vulnerability
  56. hosts access multiple networks, creating unknown connections and security rule clashes
    unknown permimeter
  57. It's not as simple as A to B, you may pass through many other nodes
    Unknown path
  58. Challenge, Money and Espionage, Organized crime, Ideology (hactivisim, cyberterrorism)
    Attacker Motives
  59. tells what ports are open on what computers, Nmap is a great tool
    Port Scan
  60. Learn about system architecture, Learn about physical layout
    Social Engineering
  61. Collecting information, Eavesdropping, dumpster diving
  62. Intelligence, Port Scan, Social Engineering, O/S application fingerprinting, Bulletin boards, chats, Google, Documentation
  63. Eavesdrop or monitor traffic, Wiretapping, Microwave, Satellite, Optical Fiber, Wireless
    Transit Threats
  64. passive and active, cable - packet sniffers, Inductance
  65. guessing passwords, defualt passwords, dead accounts, eavesdropping, avoidance, nonexistent authentication, spoofing, masquerade
  66. Cain and Abel is greaet for this
  67. Avoid authentication entirely(overflow, find old, bad O/S still in use)
  68. Piggyback on a trusted authentication , use guest accounts
    Nonexistent Authentication
  69. Spoof IP address, MAC address, MITM attacks
  70. Think Phishing, Register similar or mistyped URLs
  71. Makes for fun emails - reply al
  72. message travel through many nodes, each one is a point of attack
  73. good reason to use pgp, reusing messages, reusing official gifs
  74. Malformed packets, Protocol failures
    Format Failure
  75. Can crash services
    Malformed packets
    Protocol Failures
  77. Defacement, Buffer Overflows, Dot-Dot-Slash. Application Code Errors, Server side include, Denial of Service, Syn Flood, Teardrop, Traffic redirection, DNS attack, Distributed Denial of Service Attack, Plant trojans on tons of computers,
    Web Site Vulnerabilities
  78. Web Site Vulnerability: IIS was and is a nightmare
  79. Web Site Vulnerability: If you let me enter a file name, I can transverse your directpry structure
  80. Web Site Vulnerability: altering the code shown in the URL
    Application Cod Errors
  81. Some web pages do functions automatically, like send an e-mail address in contact us, exec is the worst possible include
    Server-side include
  82. Web Site Vulnerability: connection flooding - ICMP, Ping of death, Smurf attack
    Denial of Service
  83. I send more pings than your bandwidth can respond to, or I send a huge ping packet
    Ping of Death
  84. Web Site Vulnerability: Send SYN requests, but no ACK, Crashes the SYN_RECV queue, Uses a different spoofed address for each request
    Syn flood
  85. Web Site Vulnerability: send fragmented IP datagrams that cannot possibly be put back together, Locks up the O/S
  86. Web Site Vulnerability: Get a router to advertise itself as the best path to every address in the network, It gets slammed ,dies
    Traffic redirection
  87. Can get a DNS server to point to nonexistence entries or rerout it maliciously
    DNS attack
  88. Active/Mobile Code: Not really a big threat except in aggregation
  89. Active/Mobile Code: CGI scripts, asp, php, etc.
  90. Active/Mobile Code: Java, Active X Controls
    Active Code
  91. Active/Mobile Code: embedded into video files, flash, basically anything that runs in your browser
  92. Local nodes conntected via
    Local communication links to a
    Local area network, which also has,
    Local data storcage
    Local processes, and
    Local devices
    Local Network
  93. Network gateway, which give access via
    Network communication links to
    Network control resources,
    Network routers, and
    Network resources, like databases
    Local Network is connected to
  94. Threats: on local machine, anywhere in the network
    Read communications
  95. Threats: at any place in the network
    Modify communications
  96. Threats: at any point in the netwrok
    Forge Communications
  97. Threats: Local machines, Routers in the network, Communication links, Disrupting the network
    Inhibit communications
  98. Threats: MITM Attack - convnce up stream device that I am you and that you are upstream
    Read data
  99. Threats: at any node between the sender and receiver
    Modify or destroy data
  100. Network Architecture: allows for separate access, keeps risks localized to one area
  101. Network Architecture: raid arrays, servers in failover mode, check with one another periodically, take over if one doesn't respond, avoid single points of failure
  102. Protects message in transit from host to host, no protection while on a host, works at the data link or physical layer, invisible to the user, done with hardware, requires one key per host pair
    link encryption
  103. encrypted at the highest OSI layers, protected at each host, user applies the encryption, hardware or software implementation, requires one key per user pair
    end to end encryption
  104. users link encryption between the client and a firewall, VPN connections can have different security privileges for each user or user class
    virtual private networks
  105. provides authenticate and encrypted path to the shell (the O/S command interpreter) - allows for safe management of servers over a network
    SSH Encryption
  106. AKA TLS - Designed by Netscape for secure communication btween a web broswer and a server, Asymmetric encryption to pass the key, Symmetric encryption for the session
    SSL Encryption - Secure Sockets Layer
  107. Part of the IPv6 suite - running out of IP addresses, Implemented at the IP layer so it affects TCP and UDP, like SSL
  108. Set of security parameters for a secured communication channel - sepected by a secuirty parameter index, just a pointer to a table of security associations, Authentication Header, Encapsulated Security Payload
    Security Association
  109. Packet Sequence number is incremented by one for each packet sent to the same address using the same SPI - this precludes packet replay attacks , Uses ISAKMP
    Encryption - IPSec
  110. A distict key is generated for each secuity association -Implemented throuhg IKE
    ISAKMP - Internet SEcurity Association Key Management Protocol
  111. done with a digital signature, doesnt do much for small software shops
    signed code
  112. used by commerail mail programs- Microsoft exchange
    S/MIME - Encrypted e-mail
  113. Parity check - extra bit added to a bunch of bits, 0 if they sum to an even number 1 if they sum to an odd number, Only sinle bit erros
    Error detection
  114. Your RAM may have it, for example Message digests, hashing
    Error Correction Codes
  115. Error detection, Error correction codes, message digests
    Content Integrity
  116. One time password, Password token
    Strong Authentication
  117. physical device that frequently generates a new, random password - User types in password, server checks to see if it is the right one
    Password token
  118. Strong Authentication: like a password token, but you also input your PIN, Prevents unauthorized use of the physial token device
    Challenge Response System
  119. Strong Authentication: for authentication between two non-human entities - server A sends a message to Server B, encrypted with Server B's public key - server B sends a message back to server A, encrypted with Server a's public key - then either can send a password to start symmetrci encryption
    Digital Distributed Authentication
  120. Strong Authentication: SSID, basically the network name of the access point - WEP 63 to 128 bit encryption , easily broken
    Wireless Security
  121. The network name of the access point
    Service Set Identifier - SSID
  122. 64 or 128 bit encryption - easily broekn WEPCrack, AirSnort
    WEP - Wired Equivalent Privacy
  123. Uses TKIP changes the encryption each packet, WEP never changed the key unless the user did so at the access point and the client - Weak keys still make for vulnerabilities, WPA uses stronger encryption
    Wireless Security
  124. Hardware or Software - Packet Filter Firewall, Stateful Inspection Firewall, Application Proxy
  125. Soley on the basis of IP addresses and ports, cannot see inside the packet, can black what goes out and what goes in
    Packet Filter Firewall
  126. tracks packets putting them together, stops attacks that hide in many small packets
    Stateful Inspection Firewall
  127. Runs psuedoapplications, Looks inside packets, only passes on accepted requests to the real applcation
    Application Proxy
  128. like an application prozy with lots of rules
  129. Intrusion detection systems - looks for patterns matching a known attack
    signature based
  130. Intrusion Detection Systems - look for anomalies, odd behavior. must be trained - like a puppy
  131. Intrustion Detection Systems - runs on a single client or host
    host based
  132. Intrustion Detection Systems - a computer on the network whose sole function is to act as an IDS
    Network Based
  133. Most ___ run in stealth mode, to prevent them from being attacked
  134. Current Computers use
    Bits - 1 or 0
  135. Quantum computers use - 1 or 0 or a statistical combination of both, stored in sub-atomic particles
  136. 3 buts cane be in one of 2^3 states
    3 qubits are in ___ states at onces
  137. the property that 3 quibits are in all states at onces allows for
    massive parallelism
  138. can theoretically perform trillions of operations per second - today's computers run billions
    a quantum computer
  139. MIT and Los Alamos create a stable qubit
  140. Los Alamos makes a 7 qubit quantum computer in a single drop of liquid & IBM makes a 5-qubit computer
  141. 2000
  142. IBM and Stanford make a 7-qubit computer that finds the factors of 15
  143. 2001
  144. University of Innsbruk makes a qubyte - series of 8 qubits
  145. 2005
  146. Waterloo and Massachusetts scientists make a 12 cubit computer
  147. Photons can spin in one of three basis- rectilinear basis of vertical 0 degress and horizontal 90 degrees - diagonal basis of 45 degrees and 135 degrees - circular basis of left and right handedness
    Quantum Cryptography
  148. Los Alamos/NIST get it to work over 148.7km of optical cable - European scientists have achieved the same distiance in open air
    March 2007
  149. has an active 10 node quantum crypto network running
    since 2004
  150. is not currently hackable through social engineering rules still apply
    Quantum computing
Card Set
IA Test 3
IA Test 3