CS458 Final Cheat Sheet(s) PDF

Preview

Summary

Finals Cheat Sheet 2...

Description

Key Distribution: Key establishment: deals w/ establishing a shared secret between 2+ parties Key (kAB) fed into (KDF) with a nonce => kSES Key Distribution Center: Central trusted third party shares KEK w/ all users KDC sends session keys to users encrypted w/ KEK Kerberos: protects against replay/key confirmation attacks Certificate Authority (CA): public key w/ identity of the key’s owner, signed by trusted third party User can present public key to the authority to get a certificate, can now publish certificate or send to others User Authentication: providing identity to a system: Knowledge/possession based, static/dynamic biometrics Salt: Adding random data to password and then hashing it. Choose random salt s and compute y = h(password,s) and store (s,y). Prevents duplicate passwords Remote User Authentication: User transmits id to remote host, host generates r(nonce) and returns it to user, this transmission from host to user is the challenge, User’s response: f(r’,h(P’)) where r’=r and P’ is user’s pass Host stores a hash function of each registered users’ passwords, compares f(r’,h(P’)) to f(r,h(P(U))) Kerberos: Authentication Service Exchange: KDC gives client logon session key and a ticket-granting-ticket (TGT), Ticket Granting Service Exchange: KDC distributes service kSES, ticket for service Ticket: proof of user’s id encrypted w/ secret key for the service Client/Server Exchange: Client presents ticket for service admission Database Security: Inference Attacks: Able to reconstruct the info by sending particular requests (payload) and observing the resulting behavior of the website/database server. Illegal/logically incorrect queries: info about the type & structure of the backend db, error msgs can reveal vulnerable injectable parameters Blind SQL injection: infer data present in a db system that’s secure, boolean based (content-based) time based Database Access Control: Centralized administration: small # of privileged users may grant/revoke rights Ownership-based administration: owner grants rights, decentralized administration: owner may grant/revoke rights, other users grant/revoke rights Malicious software: Classification: how it spreads/propagates to reach desired targets & the actions/payloads preformed once target is reached. Needs host program?, independent, self-contained programs, malware that does/doesn’t replicate Propagation mechanisms include: Infection of existing content by viruses that is subsequently spread to other systems, exploit of software vulnerabilities locally or over a network by worms or drive-by-downloads to allow replication, social engineering attacks to convince users to bypass security Payload actions include: corruption of system or data files, theft of service to make system a zombie agent (bot), theft of info from system especially logins, passwords, personal details via keylog/spyware, stealthing where malware can’t detect/block it Data Destruction, Real-World Damage, Logic Bomb Countermeasures: policy, awareness, vulnerability mitigation, threat mitigation, detection, identification, removal. Characteristics: Generality, timeliness, resiliency, minimal DoS costs, transparency, global/local coverage Anti-Virus Software: malware sig req to id malware, limited to detection of known malware Heuristic Scanners: integrity checks (checksum), DoS Attacks: attack on the availability of service, network bandwidth, system/application resources Flooding Ping command: Overwhelm capacity of network connection to the target org

Countermeasure: ISP’s block ping (ICMP) packets, target can id source, inform ISP, take action, ICMP responses sent back to attacker Source Address Spoofing: Attacker sends packets w/ fake source addy, responses not sent to attacker Countermeasure: ISPs filter (drop) packets from invalid source addys Client send SYN (seq=x), Server receive SYN, send SYN-ACK (seq=y, ack=x+1), client receive SYN-ACK, send ACK (ack = y+1), Server receive ACK Multiple systems attack (DDoS, Reflector, Amplifier) (Reflector/Amp use network systems functioning normally) Reflection: Attacker sends packets to a known service w/ a fake addy of the actual target system, response is sent to target and is flooded Amplification: generates multiple response packets for each original packet sent, direct original request to the broadcast addy for some network, all hosts on that network can potentially respond to the request generating a flood towards target addy DoS Prevention: prevention & preemption (before), detection & filtering (during), source traceback & id (during/after), reaction (after)...