CySec Foundations Teil 2
CySec Foundations Teil 2
CySec Foundations Teil 2
Fichier Détails
| Cartes-fiches | 210 |
|---|---|
| Langue | Deutsch |
| Catégorie | Informatique |
| Niveau | Université |
| Crée / Actualisé | 31.07.2020 / 10.08.2020 |
| Lien de web |
https://card2brain.ch/box/20200731_cysec_foundations_teil_2
|
| Intégrer |
<iframe src="https://card2brain.ch/box/20200731_cysec_foundations_teil_2/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
Which 2 important things does symmetric cryptography not implement?
- nonrepudiation
- message integrity
What is the major strength of symmertic key cryptography?
- speed
=> often 1000-10000 times faster than asymmetric algorithms
What are the steps of the Diffie-Hellman algorithm?
1. A and B agree on a set of base params (p & g)
2. A and B select random numbers as private keys (between 1 and p)
3. A and B calc public key (A -> g^a mod p, B -> g^b mod p)
4. A and B swap public keys
5. A and B combine private key with others public key, creating shared secret
How does Alice calc the shared secret (given p, B as Bobs public key and a as Alices private key)?
B^(a) mod p = shared secret
What does AEAD stand for?
Authenticated Encryption with associated data
Give an example for a AEAD protocol
ChaCha20_Poly1305
Chacha20 is the stream cipher
Poly1305 is the MAC
Which two ciphers are allowed in TLS1.3?
Chacha20
AES
Name a password derivation function
PBKDF2
What does ECDHE stand for?
Elliptic curve Diffie Hellman in epheremal mode
Which parts does the following suite consist of?
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ECDHE = kex exchange mechanism
RSA = authentication of server certificate
AES_128 = encryption with a 128 bit key
GCM = mode of operation; Galois Counter mode
SHA_256 = hash function
What happens in the TLS1.3 handshake if the client does not support it keyshare?
The server sends a HelloRetryRequest and falls back to the regular key exchange in TLS1.2
Which two messages in the TLS handshake work together to prove the identity of a server?
The Certificate message and the ServerKeyExchange message
Think of reasons to hack network devices
- used a stepping stones
- not monitored as closely
- no malware detection
- old protocols
What does OWASP stand for?
Open Web Application Security Project
How does one mitigate the risk of A3: Sensitive Data Exposure?
- verify architecture
- protect with mechanisms, e.g. file encryption
- verify implementation
What are possible reasons for A6: Security Misconfiguration?
- default admin passwords
- verbose error messages
- weak cache-control
- loose cookie domain
Name a Key Distribution System
Kerberos
How does the communication between a client and a server roughly work within Kerberos?
1. authenticate user (at Kerberos authentication)
2. access control for server (at ticket granting service)
3. communication (with server)
What does EAP stand for?
Extensible authentication protocol
Name some security events
1. Logging an operator into our out of a system
2. Performing a cryptographic operation, e.g. singing a cert
3. Receiving a key compromise notification
4. Receiving an improper certification request
5. Detecting an alarm condition reported by a cryptographic module
What are the 4 actions to analyze and generate alerts?
- Pattern matching
- scan detection
- threshold detection
- event correlation
Which four things are best practise for Security Event Management?
- Plan
- assess
- simplify
- deploy
What are the top 5 red team skills?
1. Think outside the box
2. Deep knowledge of systems
3. Software development
4. Penetration testing
5. Social engineering
What are the top 5 skills of the blue team?
1. Organized and detail oriented
2. Cybersecurity analysis and threat profile
3. Hardening techniques
4. Knowledge of detection systems
5. SIEM (Security Information and Event Management)
How are linux file permissions structured?
- 3 sections
- each section consists of rwx
- each r/w/x results in a bit
- able to calc binary value
What is a DNS Zone transfer attack?
- attacker pretends to be slave
- master provides copy of zones
- attacker has access to relevant information / network architecture
What is a reverse shell?
- victim connects to attacker on listening port
What is a bind shell?
Attacker connects to victim on listening port
What is Scapy used for?
- send
- sniff
- dissect
- forge
IP packets
What is the Ephemeral mode?
ephemeral = flüchtig
e.g. Diffie-Hellman in ephemeral mode forces a new key exchange for every new session
this is known as PERFECT FORWARDING SECRECY
Why isn't perfect forwarding secrecy guaranteed when using 0-RTT resumption in TLS 1.3?
Because the keys have been preshared in a previous session.
This is a 'violation' of the ephemeral mode.
What does RSA stand for ;)?
Rivest-Shamir-Adleman
What will RSA be replaced by?
DSA = Digital Signature Algorithm
Can DSA be used for encryption?
No, it only works one way and is used mainly for signing
What are the 2 very useful cases for RSA?
1. Encryption that only the owner of the public key can read
2. Signing that must have been performed by the owner of the private key
Describe the process of siging using RSA?
1. message is hashed
2. hash is signed and sent with message
3. receiver hashes message, decrypts signature, checks that hashes match
How does challenging with RSA work?
1. client sends message to server
2. server signs message with its private key
3. client decrypts response using public key
4. if message matches, server has successfully proves itself
How many bits will a 128bit hash function return when giving an input with the length of 1 bit?
128bit string
128bit hash functions always return an 128bit string, regardless of input length
What is the avalanche effect?
when one bit is changed in the input for a hash function, it causes changes through the entire output
Name important quailities for a strong hash function
1. quick, but not too quick
2. diffusion
3. non-reversability
4. no 2 messages result in the same hash
