Module 16: Network Security Fundamentals

Question 1

Als een dreigende actor toegang heeft tot een netwerk kan dit het volgende betekenen voor een bedrijf

Answer 1

• Information Theft
• Data Loss and manipulation
• Identity Theft
• Disruption of Service

Question 2

De primaire types zwakheden van een netwerk

Answer 2

• Technological Vulnerabilities might include TCP/IP Protocol weaknesses, OS Weaknesses, and Network Equipment weaknesses.
• Configuration Vulnerabilities might include unsecured user accounts, system accounts with easily guessed passwords, misconfigured internet services, unsecure default settings, and misconfigured network equipment.
• Security Policy Vulnerabilities might include lack of a written security policy, politics, lack of authentication continuity, logical access controls not applied, software and hardware installation and changes not following policy, and a nonexistent disaster recovery plan

Question 3

The four classes of physical threats

Answer 3

• Hardware threats - This includes physical damage to servers, routers, switches,
  cabling plant, and workstations.
• Environmental threats - This includes temperature extremes (too hot or too cold) or
  humidity extremes (too wet or too dry).
• Electrical threats - This includes voltage spikes, insufficient supply voltage
  (brownouts), unconditioned power (noise), and total power loss.
• Maintenance threats - This includes poor handling of key electrical components
  (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling.

Question 4

De 3 types Malware

Answer 4

• Viruses - A computer virus is a type of malware that propagates by inserting a copy of
  itself into, and becoming part of, another program. It spreads from one computer to
  another, leaving infections as it travels.
• Worms -Computer worms are similar to viruses in that they replicate functional copies
  of themselves and can cause the same type of damage. In contrast to viruses, which
  require the spreading of an infected host file, worms are standalone software and do
  not require a host program or human help to propagate.
• Trojan Horses - It is a harmful piece of software that looks legitimate. Unlike viruses
  and worms, Trojan horses do not reproduce by infecting other files. They self-replicate.
  Trojan horses must spread through user interaction such as opening an email
  attachment or downloading and running a file from the internet.

Question 5

Network attacks can be classified into three major categories

Answer 5

• Reconnaissance attacks- The discovery and mapping of systems, services, or vulnerabilities.
• Access attacks- The unauthorized manipulation of data, system access, or user privileges.
• Denial of service- The disabling or corruption of networks, systems, or services

Question 6

Access attacks can be classified into four types

Answer 6

• Password attacks - Implemented using brute force, trojan horse, and packet sniffers
• Trust exploitation - A threat actor uses unauthorized privileges to gain access to a
  system, possibly compromising the target.
• Port redirection - A threat actor uses a compromised system as a base for attacks
  against other targets. For example, a threat actor using SSH (port 22) to connect to a
  compromised host A. Host A is trusted by host B and, therefore, the threat actor can
  use Telnet (port 23) to access it.
• Man-in-the middle - The threat actor is positioned in between two legitimate entities
  in order to read or modify the data that passes between the two parties.

Question 7

Wat zijn de eigenschappen van DoS

Answer 7

• DoS-aanval: het hoofddoel is altijd het verstoren van services voor geautoriseerde gebruikers.
• Preventie: Het up-to-date houden van besturingssystemen en applicaties met de nieuwste beveiligingsupdates.
• Risico’s: DoS-aanvallen kunnen ernstige schade veroorzaken, zoals verstoring van communicatie en verlies van tijd en geld.
  Eenvoud: Deze aanvallen zijn relatief eenvoudig uit te voeren, zelfs door onervaren aanvallers.
  DDoS-aanval: DDoS aanval is vergelijkbaar met een DoS-aanval, maar komt van meerdere, gecoördineerde bronnen.
  Botnet en zombies: Een netwerk van geïnfecteerde hosts (zombies) wordt gebruikt om een DDoS-aanval uit te voeren. De aanvaller bestuurt dit netwerk via een command-and-control (CnC) systeem.

Question 8

Wat is een mitigerende maatregel die je kan nemen tegen netwerk aanvallen

Answer 8

Beveilig devices** zoals routers, switches, servers, and hosts.
**Defense-in-Depth Aproach (layered) security: This requires a combination of networking devices and services working in tandem.
*Implement various security devices and services, including:
VPN
ASA Firewall
IPS (Intrusion Prevention System)
ESA/WSA (Email Security Appliance / Web Security Appliance)
AAA Server (Authentication, Authorization, and Accounting)

Question 9

Wat zijn de backup considerations

Answer 9

Frequency
* Perform backups on a regular basis as identified in the security policy.
* Full backups can be time-consuming, therefore perform monthly or weekly backups with
frequent partial backups of changed files.

Storage
* Always validate backups to ensure the integrity of the data and validate the file restoration
procedures.

Security
* Backups should be transported to an approved offsite storage location on a daily, weekly, or monthly rotation, as required by the security policy.

Validation
* Backups should be protected using strong passwords. The password is required to restore the data.

Question 10

Wat zijn de belangrijkste stappen om netwerkaanvallen te mitigeren via upgrades, updates en patches?

Answer 10

• Houd antivirussoftware up-to-date om nieuwe malware te bestrijden.
• Mitigeer wormaanvallen door beveiligingsupdates van de OS-leverancier te downloaden en kwetsbare systemen te patchen.
• Zorg ervoor dat alle eindsystemen automatisch updates downloaden om kritieke beveiligingspatches te beheren.

Question 11

Wat valt er te doen tegen dataverlies

Answer 11

Redundantie; backups maken van data en device configuraties. Doe regelmatig en sla deze op op een vertrouwde locatie weg van de main facility

Question 12

Wat is het punt van Authentication, authorization, and accounting (AAA, or “triple A”)

Answer 12

provide the primary framework to set up
access control on network devices.
* AAA is a way to control who is permitted
to access a network (authenticate), what
actions they perform while accessing the
network (authorize), and making a record
of what was done while they are there
(accounting).
* The concept of AAA is similar to the use
of a credit card. The credit card identifies
who can use it, how much that user can
spend, and keeps account of what items
the user spent money on.

Question 13

Wat is het doel van een Firewall

Answer 13

Network firewalls reside between two or more
networks, control the traffic between them, and
help prevent unauthorized access.

A firewall could allow outside users controlled
access to specific services. For example,
servers accessible to outside users are usually
located on a special network referred to as the
demilitarized zone (DMZ). The DMZ enables a
network administrator to apply specific policies
for hosts connected to that network.

Question 14

Firewall products come packaged in various forms. These products use different techniques for determining what will be permitted or denied access to a network. They include the following:

Answer 14

* Packet filtering - Prevents or allows access based on IP or MAC addresses
* Application filtering- Prevents or allows access by specific application types based
on port numbers
* URL filtering- Prevents or allows access to websites based on specific URLs or
keywords
* Stateful packet inspection (SPI)- Incoming packets must be legitimate responses to
requests from internal hosts. Unsolicited packets are blocked unless permitted
specifically. SPI can also include the capability to recognize and filter out specific
types of attacks, such as denial of service (DoS).