Summary Endterm (lecture 10-13) | 2024 | Information security (INFOB3INSE) | Information Science
12 views 0 purchase
Course
Information security (INFOB3INSE)
Institution
Universiteit Utrecht (UU)
This summary contains all subjects from lecture 10-13 from Information Security 2024 for Informatiekunde. The summary is made based on my lecture notes and the lecture slides, with additions from the book.It contains the lectures after the midterm, but for the endterm you need to study everything, ...
Information Security Endterm
Summary Lectures 10-13
Glossary
Lecture 10: Firewalls and tunnels
Additional costs (unintended harms): costs can outweigh the original harm.
Amplification (unintended harms): intervention backfires, causing increase of behavior that
was actually targeted for prevention.
Anomaly-based IDS: ML catching outliers as intruders.
Application-level filters: different customized filters, specifically for application-level protocols.
Bastion host: attack surface is reduced (‘hardened’) by removing all services but the
‘bastion’.
Circuit-level proxy firewall: single point as firewall; outside server connects with this. Internal
hosts are safe, transparent.
Cloud: interconnected machines, shared pool of resources usable by anyone (who pays)
Community cloud: cloud owned by multiple organizations with the same goals / objectives.
Dedicated firewalls: devoted firewall to users’ hosting environment. Custom-built for each
node.
Default deny: if none of the firewall filters apply, connection should always be denied.
Displacement (unintended harms): crime moves to other locations.
Disruption (unintended harms): countermeasure interrupts other (more effective)
countermeasures
Distributed firewall: firewall for enterprise environments, from centrally defined policies
Dual-homed host: firewall with 2 network interfaces, sits between trusted & untrusted
network. Connected to both at the same time.
Economic Denial of Sustainability (EDoS): attacker exploits elasticity by increasing
necessary resources. cloud customer has to pay huge bill (remember for exam!!)
Elasticity (cloud): automated scaling, more resources allocated when needed e.g. when
many clients need access to your cloud-hosted service. different from scalability.
Erasure coding (cloud security): encode data you can use to recover other data if lost.
Federated identity management: single identification service. authentication happens not
with 3rd party service provider but with identity management system
Firewall: gateway to control access. Filter incoming packets and outgoing packets.
Host-based IDS: IDS monitoring events on a single host (app logs, system-specific logs)
Host-to-host (transport mode): end-to-end security from host to host
Host-to-network (tunnel mode): secure connection between remote host & enterprise
gateway.
Hub: central point in network, sends packets from host to all other hosts.
Hybric firewall appliance: combination of firewall / intrusion detection, etc.
Hybrid cloud: combination of public & private cloud, benefits of both.
Infrastructure as a Service (IaaS): cloud service: CPUs, machines. most control, except
hardware.
Insecure norms (unintended harms): implementation encourages insecure behavior
Intrusion: incident that violates security policy.
Intrusion detection: monitoring system events to identify intrusions.
, Intrusion Detection System (IDS): automates intrusion detection. monitors events, and
reports to humans, does not take action by itself!
Intrusion Prevention System: automated real-time responses, may take action itself.
Mitigates known attacks.
Misclassification (unintended harms): erroneous classification by system, classifies
non-malicious content as malicious.
Misuse (unintended harms): intentional misuse by actors to create new harms.
Network-based IDS: IDS that detects intrusions across a wider network, gathers information
from network packets.
Network-based reconnaissance: send probes to addresses to find hosts.
Network-to-network (tunnel mode): secure connection between 2 network gateways
NIC (Network Interface Card) (in a hub): can collect all passing frames.
Nishant: INSE greatest lecturer ever
OAuth: authorized 3rd party apps on users behalf.
OS fingerprinting / Remote OS fingerprinting: find OS of remote machine.
Packet sniffing: passive network monitoring. logs traffic details.
Penetration testing / exploitation toolkits: vulnerability test: exploit live systems, test attacks.
Personal firewall: host-based firewall for end user machine (built-in OS)
Platform as a Service (PaaS): cloud service: handles everything you need to develop &
deploy software.
Private cloud: cloud only accessible to 1 organization.
Public cloud: cloud service owned by large company (e.g Amazon), open to everyone
Reconnaissance tools: vulnerability assessment: explore the system by automated port
scanning.
Replication (cloud security): split data into chunks, copy those, store in different cloud places
SAML (Security Assertion Markup Language): exchange user identity / privileges securely.
Scalable (cloud): manual scaling if you need more resources e.g. if you need additional
processes. different from elasticity!
Security as a Service (SecaaS): cloud provider provides security applications.
Signature-based IDS: IDS that recognizes systems they know (signature = characteristic).
Software as a Service (SaaS): cloud service: you only access the service / software. least
control of all.
SPAN port / port mirror (Switched Port ANalyser): only 2 ports, duplicates traffic from other
ports.
Specification-based IDS: IDS recognizing systems based on predefined allowed behaviors
SSH: secure shell, encrypted tunnel, through which you can send message traffic
Stateful packet filter: firewall filter, track sessions for future processing
Stateless packet filter: firewall filter, in which each packet is considered independent
Switch: sends received information only to specified host (unlike hubs)
TAP (Test Access Port): dedicated device for passive monitoring. minimal 3 ports: 2 for
router & firewall, 1 for 3rd party to monitor traffic.
TNO (Trust No One): lastpass tool, password manager
Tunnel: 1 protocol is encapsulated by another, for confidential and safe data traffic.
VMsprawl: attacker estimated IP addresses, which he can use for attack
VPN (Virtual Private Network): data encryption: create private encrypted tunnel.
Vulnerability scanners: produce comprehensive report of vulnerabilities in a system.
‘Blunt’ cyber controls: reduces malicious behavior, but also impacts legitimate behaviors.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller danielgeelhoed. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $5.39. You're not tied to anything after your purchase.