How can we classify threats?
-Software (Maleware)
-Hardware (USB-Sticks)
-Social Engineering
-Pattern (DDOS)
-Structural (Botnets)
What is a CVE?
A Common Vulnerability and Exposure (CVE) is an existing vulnearbility or exposure in a specific software or hardware version/reversion.
What is a CWE?
A Common Weakness Enumeration (CWE) is a potential weakness in software or hardware.
Which two different strategies of vulnerability reporting are there?
full disclosure
coordinted disclosure (responsible disclosure)
What is the full disclosure process and what are its advantages?
The finder of the vulnerability publishes all the available information about the vulnerability to everone as soon as possible.
Advantages:
-useres can request patches from vendors
-users can provide an informed risk assessment
-because of user intervention reduced time of exploration
What is the coordinated disclosure process and what are its advantages?
The finder of the vulnerability informs a coordinating authority. This authority informs the vendor, tracks the vendors progress in fixing the vulneability and organizes the publiction of the vulnerability after a successfull fix.
-only vendor knows about the vulnerabilty
-vendors have “time” to fix it
-structured way to report
What does CIA stand for?
Confidentiality
Integrity
Availability
What is the difference between MAC and IP address?
The physical address -- which is also called a media access control, or MAC, address -- identifies a device to other devices on the same local network. The internet address -- or IP address -- identifies the device globally. A network packet needs both addresses to get to its destination.
How are the schemes for dividing IP addresses into subnets called?
IPv4 Network Classes (not used anymore)
Classless Inter Domain Routing (CIDR)
How is the IPv4 Network organized?
What are MTUs?
The Maximum Transfer Units is the maximum size in bytes an individual data link layer frame can transfer en bloc.
What is fragmentation?
If an IPv4 packet is received from one data link layer and forwarded to another data link layer with smaller MTU the IPv4 packet has to be split into mulitiple ones.
These packetes will only be recombined at the destination.
What is peering?
Peering is the task of exchanging IPv4 packets for different IP networks between large network operators like hosting companies and Internet Service Providers (ISPs).
What are the different parts of the IPv4 packet structure?
Version (the used IP protocol version)
header length (total length of the header)
differentiated services (for quality of service)
total length (total packet length header + payload)
identification (uniquely identify a group of fragments)
DF (do not fragment bit)
MF (more fragments are coming)
fragment offset (for ordering IPv4 packets)
TTL (time to live - number is reduced by every router, if 0 packet is dropped)
protocol (identifinying the transport layer protocol)
header checksum (for error correction)
source address
destination address
options (for organizing packet managment)
payload
What is ICMP?
The Internet Control Message Protocol is used every time the Internet network layer needs to transmit any information.
Typical application are ping and trace route.
What is DHCP?
The Dynamic Host Configuration Protocol is an important managment protocol of IPv4 to automatically configure devices already connected to through an Ethernet.
It is a client/server protocol.
What are the two types of network threat mitigation?
Preventive
Preventive measures do not mitigate existing threats but try to harden a system against vulnerabilities, which might become a threat in the future. They also increase the resiliance of a system against successful attacks
Reactive
What are preventive threat mitigation techniques?
Network Policies
Centralized Authentication
Firewall
Demilitarized Zone
Network Segmentation
What are the basic mesures of cyber security?
authentication
authorization
backup
cryptographic signing
encryption
redundacy
What is the difference between network and system security?
Network security:
Only focuses on the information transmitted through the network.
System security:
Only focuses on the information processed in one system.
What does DSL stand for?
Digital subscriber line
What does FTH stand for?
Fiber to The Home
What does NAT stand for?
Network-Address-Translation
What is spoofing?
Spoofing is a sophisticated method to circumvent certain authentication methods or more specific identification methods.
What does ARP stand for?
Address Resolution Protocol
What is DNS poisoning?
DNS Poisoning is an attack on the application layer to spoof the identiy of some network service like mail or web server.
What is a Machine-In-The-Middle-Attack?
Machine-In-The-Middle attacks aupport circumventing the authentication if the attacker controls one infrastructure device between two communicating partners and other security features are not enabled.
In general this threat is a deployment, configuration or awarness problem.
What are the most important tasks of the Network layer?
Addressing
pathfinding / routing
fragmentation
For the internet these task are described by:
-Internet Protocol Version 4 (IPv4)
-Internet Protocol Version 6 (IPv6)
What does DNS stand for?
Domain Name System
What are reactive threat mitigation techniques?
Multi Factor Authentication
Awarness training
Last changed2 years ago