个人技能树搭建V1.0

1.CONCEPTS TO REVIEW

1.1RISK GENERALITIES

- Concepts of DOS/DDOS, sniffing, spoofing, botnet

1. DOS, Denial of Service consists to make inaccessible a service offered by a system. 【resource freezing：Bandwidth attacks、Protocol attacks：SYN flood saturates a target equipment on sending a series of TCP SYN packets】
2. DDOS，Distributed Denial of Service)，consists on launching DOS since multiple equipments.
3. Sniffing consists to catch a traffic image on network. For the hacker, the goal is to get information to prepare his attack. When data is transmitted across networks, if the data packets are not encrypted, the data within the network packet can be read using a sniffer.
4. Spoofing，a spoofing attack is a situation in which a person or program successfully masquerades as another by falsifying data, to gain an illegitimate advantage.
   • ARP spoofing consists on emitting fake ARP answers, giving the hacker MAC address for the requested IP address.
5. Botnet a network of bots working together，network of zombies A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack(DDoS attack), steal data,[1] send spam, and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software.

- Fighting against Virus/worms, key loggers, phishing（countermeasures）

• Fighting against Virus
  • Enduser equipment security ，Analyze equipment weaknesses in front of viruses
  • User awareness ，User is the main corner for virus struggle
  • Antivirus ，Classical method by «scanner»，Behavior analysis in sandboxes
  • Watch Information on antivirus editors servers
  • Patch and signature updates organization
  • Alerts and Infection organization & reactivity
• Fighting against key loggers 键盘记录器
• • Software keyloggers are Trojan for this reason they can be fought as virus
  • Firewalls may be a mean to detect keylogger through network activity when data is sent to the malicious恶意的.
  • Physical access protection permits to fight against hardware key loggers
  • Keyloggers search for passwords, avoid to use passwords with mechanisms that doesn’t require them.
  • In all cases, users awareness remains essential
• Fighting against phishing 钓鱼
• • Knowing that phishing principle is to abuse cybernauts’s credulity
  • Since customers are advised to be careful with links sent by emails
  • Watch also matching between DNS names and company IP addresses
  • React with an appropriated way. Many contacts are possible

- Security recommendations to use cloud computing, BYOD

• BYOD is the practice of employees bringing personally-owned mobile devices (e.g., smartphones, tablets, laptops) to the workplace, and using those devices to access company resources such as email, file servers, and databases.
• cloud computing
  • IaaS + Paas+Saas

- DICP characteristics concepts

• Disponibility (Availability),
• Integrity,
• Confidentiality,
• Proof (Traceability).

- ISMS goal and phases （information security Management system）

goal

• An SMSI is intended to choose adapted security means to protect and keep protected sensitive assets on a defined perimeter of the company.

phases

• Phase Plan plan security actions to undertake
• Phase Do realize what has been planed
• Phase Check assess that there is no gap between what was planed and what is realized
• Phase Act undertake corrective actions plan for gaps

2.SECURITY NETWORK ARCHITECTURE & FILTERING

- Basic knowledge of TCP/IP : localisation of IP addresses, port numbers, connection flags

• TCP: Transmission Control Protocol,
• IP: Internet Protocol address
• port numbers:

- Technical actions to follow in order to protect a web server faces Internet risks

• Router filtering examples
• Firewall policies
• lDS/IPS：Intrusion Detection systems入侵检测系统，
• Internet Access Points

- Security aspects to consider when connecting a company network to Internet

- Denial by default, DMZ concept

DMZ：DeMilitarized Zones : are networks with more or less public accesses

- Port scanning usage, NIDS concepts

• Port scanning,used to identify open ports and services available on a network host. It is sometimes utilized by security technicians to audit computers for vulnerabilities, however, it is also used by hackers to target victims.

• NIDS (Host and Network Intrusion Detection System)

  • on host : components behavior analysis
  • on the network : network traffic analysis

- Aspects to consider to assume WiFi security

3.CRYPTOGRAPHY 密码使用法

• Symmetrical and asymmetric ciphering, private and public keys, Hash, DH, PKI concept, components对称加密和非对称加密，私钥和公钥

• Digital certificate concept and use, Digital signature how it works数字证书概念和使用，数字签名工作原理

• TLS/SSL protocol goals and security offered, PreMasterSecret and MasterSecret concepts

---

TWO DOCUMENTS TO RETURN

You must choose to answer the exam either in english or french.

By the end of the exam, you must give back TWO documents :

- 1/ Your copies answering the set of 35 questions,

- 2/ The multiple-choice questionnaire completed.

考试形式

---

1/ 第一部分 CONCERNING THE QUESTIONS PART

Questions examples

1. In security terms, what can bring TLS/SSL ? 在安全条目里，TLS/SSL 有什么作用？

   • Using encryption to protect the transfer of data and information.It uses encryption algorithms to scramble data in transit, preventing hackers from reading it as it is sent over the connection.

   • Protecting exchanges over the network, Transport Layer Security (TLS) is the successor protocol to SSL (Secure Sockets Layer).

2. What element coming from the server must have a client to authenticate this server with the TLS/SSL protocol ?

   • Security certificates

3. Within a PKI, what is the function of the CA ? of the OCSP ?

   A PKI (Public Key Infrastructure) offers a frame to deploy security functions：

   📚 The function of CA（Certificate Authority ）：

   • Entity in the PKI who generates and signs the certificates.Certificates contain the public keys

   • The CA is the trusted third party whose signature appears
     on the certificate.

   • The CA is globally responsible for the certification process.

   📚 The function of OCSP(Online Certificate Status Protocol)：

   • OCSP requests concern a specific certificate, answers are of binary types. So exchanges are of reduced size on the network for the application

     • OCSP gives the way to manage certificates revocation without waiting for CRL repository updates,Online verification concept approach.

4. What specific risks will be considered when envisaging to use cloud computing ?

   📚 Cloud computing = IaaS（Infrastructure as a Service） + PaaS（Platform as a Service） + SaaS（Software as a Service）

   • Loss of mastering or governance
     IS mastering renouncement, data processing opacity
   • Non-conformance or conformance unmaintained
     Geographical data localization, data and processing responsibilities, legal and juridical authorities cooperation, right to undertake audit and assessment
   • Environment and data isolation default
     Lack of waterproofness between various business resources
   • Unmastered data elimination, suppression “ Difficulty for retrieving all data to be deleted
   • All data non-recovered
     By end or interruption of service delivery
   • Malevolent use
     Data processing actors with elevated privileges

5. What can do a company to fight against phishing ?

   • Knowing that phishing principle is to abuse cybernauts’s credulity
   • Since customers are advised to be careful with links sent by emails，Companies must not deliver email campaigns offering links to their sites. Such emails are easy to forge.
   • Watch also matching between DNS names and company IP addresses
   • React with an appropriated way. Many contacts are possible
   • Services are offered to help companies to resolve technically and legally such appearances.

6. Explain how are employed asymmetrical algorithm and hashing function to realize a digital signature.

   

   

   « Symmetrical » also said with a «secret key»

   • Symmetrical algorithm : the same key is shared between the sender and the receiver.

   • fast

   • employed for data ciphering

   « Asymmetrical » also said with «public keys»

   • Algorithm using a pair of keys : a public key and a private key . “
   • more heavy on resources than symmetrical algorithms；
   • employed to exchange «secret keys» and for digital signature.

   📚 Digital signatures employ asymmetric cryptography. To realize a digital signature needs to use asymemetrical algorithm to genrate a pair of keys: a public key and a private key, then sender sent message hashed with a private key, receiver will decrypt the hash using A’s public key.

   简单说：公钥和私钥是成对的，它们互相解密。公钥加密，私钥解密。私钥数字签名，公钥验证

   

   Digital signature is the fusion of the above two technologies to achieve a very secure information transmission mechanism.

   If A wants to send a message to B with a digital signature, the process is apparently as follows:

   • The message being sent has a public hashing algorithm applied to it to create a hash
   • The hash is encrypted using A’s private key, and is then appended to the message which will also be encrypted. This encrypted hash is the digital signature
   • B will then decrypt the hash using A’s public key
   • The original message is then decrypted and put through the same hashing algorithm to produce a hash
   • If the two hashes are the same, the message is authenticated, otherwise it cannot be authenticated

   • Asymmetrical algorithms protect/unprotect data using a different key for each way (protect / unprotect)

   阮一峰：数字签名是什么？

7. In terms of security, which aspects must be considered when installing WiFi for a company ?

   

8. Explain what means botnet decapitation.

   

   It means Botnets fighting ,Consists on separate the infected machines (bots) from their Command & Control servers
   Then bots can’t get instructions from their brain

9. In security terms, what can bring TLS/SSL?(The same question I think)

10. What element coming from the server must have a client to authenticate this server with the TLS/SSL protocol ?

    

11. Within a PKI, what is the function of the CA ?

    

12. Within a PKI, what is the function of the OCSP?

    

13. What specific risks will be considered when envisaging to use cloud computing ?

    

14. Why can TCP spoofing be difficult to achieve ?

    

15. What are the goals of the latest rule in a firewall rule base ?

    

16. Draw a scheme showing sequential phases of a digital signature using asymmetrical ciphering AND hashing. You literally describe each step followed by the signatory and the addressee.

2/ 第二部分 CONCERNING THE QCM (about cryptography) PART**

- The multiple-choice questions will contain 30 questions to answer

- CHECK ONLY THE PROPOSAL OR THE PROPOSALS YOU BELIEVE TO BE TRUE for the question..

Questions examples

1. An X509 digital certificate contains the public key of the certificate’s holder (True, False)

2. Within a public keys cryptographic system, a user who lost his private key may still sign with this system messages he wishes to send (True, False)

3. Within a public keys cryptographic system, sign a message permits to achieve also its content confidentiality without the necessity to cipher it (True, False)

4. Applying the same hash function to two different messages (… gives as a result two different digests, … gives as a result digests with different sizes)

You do not have to revise the pages specified (lectures AND pages) in the attached document below

---

转载请注明来源，欢迎对文章中的引用来源进行考证，欢迎指出任何有错误或不够清晰的表达。可以在下面评论区评论，也可以邮件至 jyzh@yahoo.com