EXAM PAPER
(1) Data Integrity
Integrity is violated when a message is actively modified in transit. Information security systems typically provide message integrity in addition to data confidentiality
(2) Information Security Audit
An information security audit is an audit on the level of information security in an organization
(3) PKI
PKI provides well-conceived infrastructures to deliver security services in an efficient and unified style. PKI is a long-term solution that can be used to provide a large spectrum of security protection.
(4) X.509
The ITU-T recommendation X.509 defines a directory service that maintains a database of information about users for the provision of authentication services...
(5) Denial-of-Service Attack
DoS (Denial of Service) is an attempt by attackers to make a computer resource unavailable to its intended users.
(6) SOA(Service-Oriented Architecture) is a set of principles and methodologies for designing and developing software in the form of interoperable services. These services are well-defined business functionalities that are built as software components (discrete pieces of code and/or data structures) that can be reused for different purposes. SOA design principles are used during the phases of systems development and integration
(7)ARP PoisoningHow to carry out an ARP Cache Poisoning Attack.
ARP协议包分为ARP请求和ARP回复,当发送ARP请求的时候,符合对应IP地址的电脑发送ARP回复包。但是如果有一台黑客的电脑也发送经过伪装之后的ARP回复包,那么之后数据就会发送给这台黑客的电脑。由于ARP的表经常需要更新,所以很容易遭到攻击。
(8) Vulnerabilities of Firewall: How to penetrate a firewall, illustrated with at least 3 examples.
• Attacking Packet Filtering Firewall
IP Address Spoofing Attack
IP 地址欺骗修改数据包的源、目的地址和端口,模仿一些合法的数据包来骗过防
火墙的检测。
例如:外部攻击者将他的数据报源地址改为内部网络地址,获得防火墙的放行。防火墙结合接口、地址进行匹配可以防范这类攻击。
Denial-of-service Attack
简单的包过滤防火墙不能跟踪 TCP 的状态,很容易受到拒绝服务攻击。受到 DoS 攻击的防火墙一直处于繁忙状态,规则选择不当的话有可能被绕过。
Tiny Fragment Attack
攻击者可以通过先发送第一个合法的 IP 分片,骗过防火墙的检测,接着封装了恶意数据的后续分片包就可以穿透防火墙,直接到达内部网络主机,从而威胁网络和主机的安全。
Trojan Attack
包过滤防火墙一般只过滤低端口(1-1024),高端口因为一些服务需要必须打开,因此无法过滤。预先植入的木马会在高端打开等待。
• Attacking Stateful Inspection Firewall
Protocol Tunneling
(工具Loki)协议隧道的攻击思想类似于 VPN 的实现原理,攻击者将一些恶意的
攻击数据包隐藏在一些协议分组的头部,从而穿透防火墙系统对内部网络进行攻击。
Trojans Rebound
攻击者内部网络安装的反弹木马定时地连接外部攻击者控制主机,由于连接是从内部发起的,防火墙不能区分木的连接,而都认为是一个合法的连接,因此可以实现透。
• Attacking Proxy
Unauthorized Web Access
早期WinGate 版本误配置情况下,允许外部主机完全匿名访问因特网。外部攻击者可以利用WinGate 主机对 Web 服务器发动各种 Web 攻击。攻击报文都从80号 TCP 端口穿过,难追踪攻击者来源。
Unauthorized Socks Access
WinGate缺省配置中,Socks 代理(1080号 TCP 端口)存在漏洞。与打开Web 代理(80端口)一样,外部攻击者可以利用 Socks 代理访问因特网。
Unauthorized Telnet Access
通过连接到一个误配置的 WinGate 服务器的 Telnet 服务,攻击者可以使用别人的主机隐藏自己的踪迹,随意地发动攻击。
(9)Security in Cloud Computing: How to discern the Security in Cloud
Computing in your point of view. example.
The responsibility goes both ways, however: the provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected while the user must take measures to fortify their application and use strong passwords and authentication measures.
Identity management
Physical security
Personnel security
Availability
Application security
(10)Discuss some PORT SCAN Software you ever used, including the usage and the running result analysis.
NMap 是主流 OS 下的网络扫描和嗅探工具包。其基本功能包括:
• 探测一组主机是否在线;
• 扫描主机端口,嗅探所提供的网络服务;
• 推断主机所用的操作系统 。
命令行: nmap -PN -sS -O Scanme.Nmap.Org
结果:常用端口是否开放,操作系统的类型甚至内核版本范围,设备种类,显示扫描时间
(11)Select one from the OWASP’s Top Ten Threatens of Web Applications 2010 and discuss the mechanisms, citing in illustration.
NOTES
(1) What is Authentication (认证)? What about Identification (身份识别) and Authorization (授权)?
• Identification aims at determining whether an individual is known to the system.
• Authorization is the process of granting the user access to specific system resources based on his/her profile and local/global policy controlling the resource access.
• Authentication is to prove or show (something, especially a claim or an artistic work) to be true or genuine.
(2)Kerberos
Kerberos is an authentication service developed at MIT which allows a distributed system to be able to authenticate requests for service generated from workstations.
(3))The Attack to Authentication
Impersonation attacks (假冒攻击)
Replay attacks (重放攻击)
Forced delay attacks (强迫延时攻击)
Interleaving attacks (交错攻击)
Oracle session attack (Oracle 会话攻击)
Parallel session attack (并行会话攻击)
(4)What PKI can do
generate digital certificates.
manage the certificates, certificate statuses, and the business element.
involve symmetric key cryptography for different purposes
other security purposes.
(5)What is Kerberos
Kerberos (ITU‐T) is a computer network authentication protocol which works on the basis of “tickets” (票据) to allow nodes communicating over a non‐secure network to prove their identity to one another in a secure manner.
(6) Kerberos 的局限性
1.单点失败
2.Kerberos 要求参与通信的主机的时钟同步
3.管理协议未标准化(RFC 3244 描述了一些更改)。
4.所有用户使用的主密钥都存储于中心服务器(KDC)中,危及服务器的安全的行为将危及所有用户的密钥。
5.一个危险客户机将可能危及用户密码安全。
(7)X.509
Security problems
• Specification: Complexity and lack of quality
• Architectural flaw
• Commercial certificate authorities
• Implementation
Applications
S/MIME (Multipurpose Internet Mail Extensions)
SSL (Secure Socket Layer)
TLS (Transport Layer Security )
SET (Secure Electronic Trade)
PKI (Public Key Infrastructure)
