1. What is Wireless Application protocol (WAP) security?
- WAP is a protocol stack for wireless communication networks, specified by the WAP forum. The WAP forum is currently part of the Open Mobile Alliance.
- WAP is essentially a wireless equivalent to the Internet protocol stack (TCP/IP).
- A big advantage of WAP is that it is bearer independent.
- The most common bearer is currently GSM, but also a PDA or a third generation mobile phone can be used.
2. Which Algorithms using in the WAP security?
The elliptic
curve cryptography (ECC) Algorithms used
in the WAP security.
3. List the Advantages and Disadvantages of WAP Security?
Advantages:
- A big advantage of WAP is that it is bearer independent.
- The most common bearer is currently GSM, but also a PDA or a third generation mobile phone can be used.
Disadvantages:
WAP
does not offer end-to-end security.
WAP
rely on Higher layer Security.
4. List the Security services in GSM?
GSM offers
several security services using confidential information stored in the AuC and
in the individual SIM
The security
services offered by GSM are explained below:
·
Access
control and authentication
·
Confidentiality
·
Anonymity
5. Define the terms Confidentiality,
Anonymity
Confidentiality:
All user-related data is encrypted. After authentication, BTS and MS
apply encryption to voice, data, and signaling. This confidentiality exists
only between MS and BTS, but it does not exist end-to-end or within the whole
fixed GSM/telephone network.
Anonymity: To provide user anonymity,
all data is encrypted before transmission, and user identifiers (which would
reveal an identity) are not used over the air. Instead, GSM transmits a
temporary identifier (TMSI), which is newly assigned by the VLR after each
location update. Additionally, the VLR can change the TMSI at any time.
6. How many algorithms are using in the GSM Security?
Three algorithms
have been specified to provide security services in GSM. Algorithm A3 is used for authentication, A5 for encryption, and A8 for
the generation of a cipher key.
7. What are the security issues in 3G?
Infrastructure
Enumeration
Subscriber
Intercommunication
Attempts
to send packets in traffic
8. List the different levels of security in 3G.
·
Privacy
·
Data integrity
·
Authentication
9. What are the problems in the 3G Networks?
·
Hijacking outgoing/incoming calls in networks
with disabled encryption is possible. The intruder poses as a man-in-the-middle
and drops the user once the call is set-up.
·
The transmission of IMEI is not protected
· Microsoft has developed comprehensive
cryptographic software, called Microsoft cryptography Application Programming
Interface.
·
It is Free ware
·
It is enabled with Windows Dynamic Linking
Library
11. What is the Role of Operating systems?
The operating
system can be considered in various ways:
- An intermediary between the user software and the hardware
- An abstraction layer providing an idealized view of the computer hardware
- A virtual machine
- A set of services
12. What Security Services are provided by the Operating System?
•
Resource security
•
Service security
•
Communication security
•
Authentication of users
•
Authentication of resources
•
Privacy
•
Anonymity
•
Other security services
13. What is VPN?
Virtual Private
Network is a type of private network that uses public telecommunication, such
as the Internet, instead of leased lines to communicate.
14. List the Functions of VPN.
- Authentication – validates that the data was sent from the sender.
- Access control – limiting unauthorized users from accessing the network.
- Confidentiality – preventing the data to be read or copied as the data is being transported.
- Data Integrity – ensuring that the data has not been altered
15. State the Advantages and Disadvantages.
Advantages
- Cost Savings
- Scalability
Disadvantages.
·
Immature standards
·
VPNs need to accommodate protocols other than IP
and existing internal network technology
16. What is Single Sign On (SSO)?
Single sign-on is
a user/session authentication process that permits a user to enter one name and
password in order to access multiple applications. The process authenticates
the user for all the applications they have been given rights to and eliminates
further prompts when they switch applications during a particular session.
17. List the Advantages of SSO?
- Reduced operational cost
- Reduced time to access data, e.g. ER
- Improved user experience, no password lists to carry
- Advanced security to systems
- Strong authentication
- One Time Password devices
- Smartcards
- Ease burden on developers
- Centralized management of users, roles
- Fine grained auditing
- Effective compliance (SOX, HIPPA)
18. Classify the SSO Types.
- Password Synchronization
- Legacy SSO (Employee/Enterprise SSO)
- Web Access Management (WAM)
- Cross Domain (realm) SSO
- Federated SSO
19. What is the Denial of Service (DOS) Attacks?
The Basic purpose
of a DOS attack is simply to flood/overhaul a network so as to deny the
authentic users services of the network.
20. What is the purpose of scripting technologies on the internet?
- Cross Site Scripting Vulnerability (CCSV) is a relatively new form of attacks that exploits inadequate validations on the server side.
- It takes advantage of Web servers that return dynamically generated Web pages or allow users to post viewable content in order to execute arbitrary HTML and active content such as JavaScript, ActiveX, and VBScript on a remote machine browsing the site within the context of a client-server session.
21. State the
Advantages of the CCSV
·
Cross-site
scripting is a Web-based attack technique used to gain information from a victim
machine or leverage other vulnerabilities for additional attacks.
The fact that this technique could be used to
specifically target and gain access to control system environments has been
described in a detailed hypothetical attack scenario.
No comments:
Post a Comment