Scribd Logo
Upload

Welcome to Scribd!

  • Advanced Networks and Security Part 2 - Partial Exam 19 December 2018

    Uploaded by

    diegoantivirus
    4 views3 pages
    Examen advanced security

    Original Title

    ANS PartialExam2Solution 20181219

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Examen advanced security

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views3 pages

    Advanced Networks and Security Part 2 - Partial Exam 19 December 2018

    Uploaded by

    diegoantivirus
    Examen advanced security

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Name and Surname(s): ____________________________________ NIU: ____________

    Advanced Networks and Security


    Part 2 – Partial Exam
    19 December 2018
    Duration: 1 hour

    1. Briefly explain the Ping of Death attack and its prevention mechanisms.

    POD attack is based on the possibility of building, through the ping command, an IP
    datagram exceeding 65535 bytes, fragmented into N pieces, with the aim to lead to
    inconsistencies in the reassembly. When reconstructing the original packet to the
    destination, errors will occur if there are deficiencies in the implementation of the system
    TCP/IP stack that could cause degradation or crash of the system attacked.

    Prevention:
    - Control size of IP fragmentation data
    - Blocking ping: You prevent people from pinging you at all. This could possibly break
    some things that rely on ping

    2. Very briefly explain (only an overview, with no much details) how IPv6 implements
    security, including the security provided, and how it has been adapted to be used in IPv4.

    IPSec is based on the use of 2 main security protocols:


    - AH (IP Authentication Header): authentication + integrity (incl. IPv6 header)
    - ESP (IP Encapsulating Security Payload): authenticity, integrity and confidentiality (excl.
    IPv6 header)

    IPv6: AH & ESP already included as 2 of the optional IP extension headers


    IPv4: AH & ESP between IP and TCP/UDP headers

    3. Briefly explain what a Virtual Private Network (VPN) at network layer is and how it is
    implemented. What relationship is there between IPSec and VPNs?

    VLAN+Security = VPN (Virtual Private Network) => “Tunnelling + Security = VPN”


    Joining remote subnets at network layer
    Through tunnels
    Internal IP datagrams encapsulated within IP datagrams through another remote subnet
    All computers see computers from the remote network as if they are in the own network.

    It can be implemented using IPSec in Tunnel mode

    4. Briefly explain the TCP RST attack, including 1 of its 2 prevention mechanisms.

    DoS and finishes active connections. Segments with the RST bit set are sent to a host.
    As packets can arrive out of order, the TCP stack will accept packets out of sequence, as
    long as they are within a certain 'distance' or 'window' from the most recent ACK seq
    number. The established connections are finished at once.

    4
    - Verify that the sequence number of RST packets is either the next expected sequence
    number, or the last acknowledged sequence number.
    - For an RST attack to succeed, attacker must guess an approximate sequence number,
    resulting in a flood of RST packets. Protection: detection of RST floods, and dropping of
    consecutive RST packets for a certain penalty period.

    5. Taking into account the features and the main fields in the PDUs, briefly describe the
    security provided by SSH.

    Packet eavesdropping: Confidentiality (Encryption)


    Client/Server supplanting: Client/server authentication
    Packet modification: Integrity (MAC)
    Packet reply, removing or reordering: MAC, sequence number

    6. Briefly explain the two Linux tools that provide firewall functionality.

    - netfilter: It is a set of routines present in the GNU/Linux operating system kernel that
    handle data traffic, both inbound and outbound, that access to the operating system or
    applications.
    - iptables: It is the name of the user tool with which the administrator can create NAT and
    packet filtering rules.

    7. Briefly explain what social engineering is. Briefly describe 2 types of social engineering
    attacks.

    Social Engineering: Act of manipulating people into performing actions or divulging


    confidential information. While similar to a confidence trick or simple fraud, the term
    typically applies to trickery or deception for the purpose of information gathering, fraud, or
    computer system access;

    Types of attacks: Non-innocuous information (when innocuous information isn't); Direct


    attacks (ask for information); Building trust; “Let me help you”; “Can you help me?”; False
    sites and dangerous attachments; Sympathy, Guilt, and Intimidation; Reverse sting
    Direct network attacks: Phishing and Pharming.

    8. Briefly explain the 3 main components of an Intrusion Detection Systems (IDS) and their
    functionality.

    - Sensors: Monitor the host and/or network to detect suspicious activity and send
    information to analyzers.
    - Analyzers/correlators: Analyze the information sent by the sensors and produce alerts
    based on information from a database.
    - Response Units: According to the received alarms activate countermeasures to stop or
    prevent attacks (block connections, closing ports, blocking user accounts, etc.).

    -----

    5
    9. Briefly explain the Replay attacks against Mobile IP and the basic prevention
    mechanisms.

    Bad guy saves the old valid Registration Request / Binding Update message of Mobile
    Node, and re-send it to Home Agent.
    Then the Home Agent will forward packets to the old Care-of-address, rather than the
    new allocated Care-of-address of the Mobile Node.

    Solution: Identification Domain in registration messages: Time Stamp; Nonces (arbitrary


    number that may only be used once)

    10. Briefly discuss the security requirements in Wireless Sensor Networks (WSN) vs Ad hoc
    networks.

    Same Issues as Ad hoc networks (when applicable), plus:


    - Even more limited resources: memory, storage & power
    - Even more unreliable communication:
    - Unreliable Transfer, Conflitcs and Latency
    - Also unattended operation: Exposure to Physical Attacks, Managed Remotely, No
    Central Management Point.

    11. Briefly give an overview of the Big data security challenges.

    3 major big data security best practices or rather challenges:


    - Incoming data: could be intercepted or corrupted in transit.
    - Data in storage: can be stolen or held hostage while resting on cloud or on-premise
    servers , including while being processed.
    - Data being outputted: could provide an access point for hackers or other malicious
    parties.
    Etc.

    12. Briefly explain how Bitcoin mining works.

    The Bitcoin miners propose new blocks for the block chain when they mine new Bitcoin.
    Take several unverified transactions T,
    plus the digest of the most recent block in the ledger D,
    plus a random guess R,
    and do the following SHA-256 calculation: sha-256(T, D, R) = digest
    The miners keep guessing different values of R until they find a digest with the required
    number of leading zeroes.

    -----

    You might also like