Network Security Concepts

Question 1

Reasons for Network Security

Answer 1

1. Directly related to business continuity
2. breaches disrupt e-commerce and cause loss of data
3. breaches can result in lost revenue

Question 2

5 Security terms in Risk Management

Answer 2

Asset
Vulnerability
Threat
Risk
Countermeasure

Question 3

Traffic Light Protocol (TLP)

Answer 3

is a set of designations used to ensure that sensitive information is shared with the correct audience. It employs four colors to indicate different degrees of sensitivity
(red, amber, green, white) = (dont share outside of group, dont share outside of organization, dont share outside of partnered organizations, share whenever you want)

Question 4

Network Vulnerabilities can stem from:

Answer 4

Policy flaws, Design errors, protocol weaknesses, misconfiguration, software vulnerabilities, human factors, Malicious Software, Hardware Vulnerabilities, Physical access to network resources.

Question 5

Common control methods that are used to implement countermeasures in network security:

Answer 5

Administrative: Written bolicies, procedures, guidelines and standards
Physical: Physical security for network equipment and servers.
Technical or Logical: Controls used to provide access to data in a manner that conforms to management policies. passwords, firewalls, intrusion prevention systems, access lists, VPN tunnels, etc.

Question 6

3 network security objective categories (CIA triad)

Answer 6

Confidentiality
Integrity
Authentication

Question 7

Confidentiality

Answer 7

Different methods of confidentiality are put in place to prevent sensitive information from reaching the wrong people, while making sure that only the right people can access it. (data at rest and data in motion)

Question 8

Methods of implementing confidentiality:

Answer 8

• Data encryption
• User IDs and passwords
• two-factor authentication
• biometric verification
• security tokens
• key fobs
• soft tokens

Question 9

Integrity

Answer 9

• involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle.
• all about data not being changed, and the steps that must be taken to ensure that data cannot be altered by unauthorized people.
• can include checksums or even cryptographics checksums for verification of integrity

Question 10

Availability

Answer 10

-Availability is all about making sure that your data is always available with a minimum of downtime

Question 11

Factors that pertain to availability

Answer 11

• maintaining all hardware
• maintaining a correctly functioning OS environment
• keep current with all necessary system upgrades
• adequate communication bandwidth and preventing the occurrence of bottlenecks
• redundancy
• railover
• RAID
• High-availability Clusters

Question 12

Security Information Event Management (SIEM)

Answer 12

• is a technology used in enterprise organizations to provide real time reporting and long-term analysis of security events.
• evolved from Security Information management(SIM) and Security Event Management(SEM)
• can be implemented as software, integrated with Cisco Identity services engine (ise) or as a managed service

Question 13

SIEM provides details on the source of suspicious activity, Including:

Answer 13

1. User information (name, authentication status, location, authorization group, quarantine status)
2. Device information (manufacturer, model, OS version, MAC address, network connection method, location)
3. Posture information (device compliance with corporate security policy, antivirus version, OS patches, compliance with mobile device management policy)

Question 14

Using the information provided by SIEM what questions can network security engineers answer??

Answer 14

1. Who is associated with this event?
2. is it an important user with access to intellectual property or sensitive information?
3. is the user authorized to access that resource?
4. does the user have access to other sensitive resources?
5. what kind of device is being used?
6. does this event represent a potential compliance issue?

Question 15

Internet of Things (IoT) Privacy

Answer 15

• is about special considerations that are required to protect the information of individuals from exposure in the IoT environment
• in this environment almost any physical or logical entity or object can be given a unique identifier and the ability to communicate autonomously over the internet or a similar network

Question 16

IoT Security

Answer 16

• is a special challenge because the IoT consists of so many internet-enabled devices other than computers which often go unpatched and are often configured with default or weak passwords
• these devices must be protected, or IoT could be used as a seperate attack vector or part of a thingbot

Question 17

Attack Vector

Answer 17

• is a path or other means by which an attacker can gain access to a server, host, or network.
• can originate from inside or outside a network
• internal threats also have the potential to cause greater damage because they have direct access to the building and its devices

Question 18

Campus Area Network (CAN)

Answer 18

is a computer network that links the buildings and consists of two or more local area networks within the limited geographical area

Question 19

Securing Hosts:

Answer 19

End points are secured using various features including antivirus, anti-malware software, host intrusion protection system features, and 802.1X authentication features

Question 20

Securing Layer 2 Switches:

Answer 20

Access layer switches are secured, and they connect user-facing ports to the network. Several different features can be implemented, such as port security, DHCP, snooping, and 802.1X user authentication.

Question 21

Securing Layer 3 Switches:

Answer 21

Distribution layer switches are secured and provide dsecure redundant trunk connections to the layer 2 switches. Several different features can be implemented, such as: ACLs, DHCP Snooping, Dynamic ARP Inspection (DAI), and IP source guard

Question 22

Mobile Device Management (MDM) Security:

Answer 22

• Industry term for the administration of mobile devices, such as smartphones, tablets, laptops and desktops
• MDM is usually implemented with the use of a third part product that has management features for particular vendors of mobile devices

Question 23

Intrusion prevention System (IPS)

Answer 23

a Cisco intrusion prevention system device continuously monitors incoming and outgoing traffic for malicious activity. it logs information about the activity and attempts to block and report it.

Question 24

AAA Server

Answer 24

an authentication, authorization, and accounting server authenticates users, authorizes what they are allowed to do, and tracks what they are doing. These can be a RADIUS server, or a TACACS+ server.

Question 25

Firewall

Answer 25

A Cisco adaptive security appliance (asa) firewall performs stateful packet filtering to filter return traffic from outside network into the campus network

Question 26

VPN

Answer 26

The border router is secured. it porotects data in motion that is flowing from the CAN to the ouside world by establishing Virtual Private Networks (VPNs). VPNs ensure data confidentiality and integrity from authenticated sources.

Question 27

Small office/Home office Security (SOHO)

Answer 27

- Networks regardless of size need to be protected. attackers are interested in SOHO networks. - SOHOs are typically protected using a consumer grade router such as a linksys home wireless router

Question 28

Wireless Hosts Security

Answer 28

Wireless Hosts connect to the wireless network using Wireless Protected Access 2 (WPA2) data encryption technology. Hosts typically have antivirus and antimalware software installed.

Question 29

Wide Area Network

Answer 29

- Wide area networks (WANs) span a wide geographical area, often over the public internet. - organizations must ensure secure transport for the data in motion as it travels between sites

Question 30

Mobile Worker

Answer 30

This is a teleworker that can use the Cisco anyconnect VPN client to establish a secure VPN connection to the main site ASA

Question 31

SOHO site

Answer 31

This is a small branch site that connects to the corporate main site using a cisco wireless router. The wireless router can establish a permanent always-on VPN connection to the main site ASA Alternatively the internal SOHO users could use the Cisco anyconnect VPN client to establish a secure VPN connection to the main site ASA

Question 32

Regional Site

Answer 32

This is larger than a branch site and connects to the corporate main site using an ASA. The ASA can establish a permanent always-on VPN connection to the main site ASA

Question 33

Branch Site

Answer 33

This site connects to the corporate main site using a hardened ISR. the ISR can establish a permanent always-on VPN connection to the main site ASA

Question 34

Data Center Networks

Answer 34

Typically housed in an off-site facility to store sensitive or proprietary data. These sites are interconnected to corporate sites using VPN tech. - data centers store vast quantities of sensitive business critical info; therefore, physical security is critical to its operation. - phys security isn't just preventing access but safety/protection: fire alarms, sprinklers, seismically-braced server racks, and redundant heating, ventilation, AC, and UPSs

Question 35

Data Center Security 2 areas

Answer 35

Outside perimeter security: this can include on-premise guards, fences, gates, continuous video surveillance, and alarms. Inside Perimeter Security: this can include video surveillance, electronic motion detectors, security traps, and biometric access and exit sensors

Question 36

Mantraps

Answer 36

``` Various ways to implement a mantrap: - all doors normally unlocked - opening one door causes others to lock - all doors normally unlocked - unlocking one door prevents others from being unlocked - one door opened/other locked - one at a time - controlled groups - managed control through an area ```

Question 37

Network Closet

Answer 37

- if you can touch a device you can gain access: this is why devices are locked away - maximizes uptime and availability: secured and temperature and humidity controls - control and auditing

Question 38

Video Monitoring

Answer 38

``` CCTV (Closed Circuit Tlevision) - cen replace guards Camera properties are important - focal length - shorter = wider angle - depth of field - how much is in focus - illumination requirements - see in the dark Often use many different cameras -different purposes require different camera types ```

Question 39

Door Access Controls

Answer 39

- lock and key - deadbolt - electronic/keyless - token based: magnetic swipe or proximity reader - biometric: hand, fingers, or retina - multi-factor: smart card and pin

Question 40

Clouds and Virtual Networks

Answer 40

- Cloud computing separates the application from the hardware, virtualization separates the OS from the hardware. - the cloud network consists of physical and virtual servers which are commonly housed in data centers

Question 41

Virtual Machines are prone to specific targeted attacks (3)

Answer 41

1. Hyperjacking 2. Instant on activation 3. antivirus storms

Question 42

Hyperjacking

Answer 42

An attacker could hijack a VM hypervisor (VM controlling software) and then use it as a launch point to attack other devices on the data center network.

Question 43

Instant on Activation

Answer 43

When VM that has not been used for a period of time is brought online, it may have outdated security policies that deviate from the baseline security and can introduce security vulnerabilities.

Question 44

Antivirus Storm

Answer 44

This happens when all VMs attempt to download antivirus data files at the same time

Question 45

Bring Your Own Device (BYOD)

Answer 45

a trend that involves more and more people using not company provided computers to access enterprise information.

Question 46

Critical functions of MDM on a BYOD network

Answer 46

- data encryption - PIN Enforcement - Data Wipe - Data loss prevention (DLP) - Jailbreak/root Detection

Question 47

Hacker Meanings

Answer 47

- a clever programmer capable of developing new programs and coding changes to existing programs to make them more efficient - a network professional that uses sophisticated programming skills to ensure that networks are not vulnerable to attack - a person who tries to gain unauthorized access to devices on the internet - individual;s who run programs to prevent or slow network access to a large number of users, or who corrupt or wipe out data on servers.

Question 48

5 Modern Hacking Titles

Answer 48

1. Hacktivists 2. Script Kiddies 3. Vulnerability Broker 4. State Sponsored 5. Cyber Criminals

Question 49

Hacktivists

Answer 49

These are grey hat hackers who rally and protest against different political and social ideas. Hacktivists publicly protest against organizations or governments by posting articles, videos, leaking sensitive info, adn performing DDoS attacks

Question 50

Cyber Criminals

Answer 50

These are black hat hackers who are either self-employed or working for large cybercrime organizations. Each year, cyber criminals are responsible for stealing billions of dollars from consumers and businesses.

Question 51

State Sponsored

Answer 51

Depending on perspective are white or black hats. who steal government secrets, gather intelligence, and sabotage networks. Their targets are foreign governments, terrorist groups, and corporations. Most countries in the world participate in some degree of state-sponsored hacking.

Question 52

Vulnerability Broker

Answer 52

These are usually grey hat hackers who attempt to discover exploits and report them to vendors, sometimes for prizes or rewards.

Question 53

Script Kiddies

Answer 53

The term emerged in the 1990s to refer to teenagers or inexperienced hackers running existing scripts, tools, and exploits, to cause harm, but typically not for profit.

Question 54

Penetration Testing Tools

Answer 54

- Ethical hacking involves many different types of tools to test and keep the network and its data secure - Password crackers - Wireless hacking tools - Network scanning and hacking tools - packet crafting tools - packet sniffers - rootkit detectors - fuzzers to search vulnerabilities

Question 55

Fuzzers

Answer 55

are tools used by hackers when attempting to discover a computer system's security vulnerabilities: ex: skipfish, wapiti, w3af

Question 56

Rootkit Detectors

Answer 56

This is a directory and file integrity checker used by white hats to detect installed root kits ex: AIDE, Netfilter, PF: OpenBSD Packet Filter

Question 57

Packet Sniffers

Answer 57

These tools are used to capture and analyze packets within traditional ethernet LANs or WANs ex: Wireshark, Tcpdump, Ettercap,Dsniff, EtherApe, Paros, Fiddler, Ratproxy, SSLstrip

Question 58

Packet Crafting Tools

Answer 58

These tools are used to probe and test a firewall's robustness using specially crafted forged packets ex: Hping, Hping3, Scapy, Socat, Yersinia, Netcat, Nping, Nemesis

Question 59

Network Scanning and Hacking Tools

Answer 59

Network scanning tools are used to probe network devices, servers, and hosts for open TCP or UDP ports ex: Nmap, SuperScan, Angry IP Scanner, NetScanTools

Question 60

Wireless Hacking Tools

Answer 60

Wireless networks are more susceptible to network security threats. ​ Wireless hacking tools are used to intentionally hack into a wireless network to detect security vulnerabilities. ex: Aircrack-ng, Kismet, InSSIDer, KisMAC, Firesheep, Netstumbler​

Question 61

Password Crackers

Answer 61

Passwords are the most vulnerable security threat. Password cracking tools are often referred to as password recovery tools and can be used to crack or recover the password. This is accomplished either by removing the original password, after bypassing the data encryption, or by outright discovery of the password. Password crackers repeatedly make guesses in order to crack the password and access the system. EX: John the ripper, Ophcrack, L0phtcrack, THC Hydra, RainbowCrack, and Medusa

Question 62

Forensic Tools

Answer 62

These tools are used by white hat hackers to sniff out any trace of evidence existing in a particular computer system. EX: sleuth kit, Helix, Maltego, Encase

Question 63

Debuggers

Answer 63

These tools are used by black hats to reverse engineer binary files when writing exploits. ​ They are also used by white hats when analyzing malware. ​ Debugging tools include:​ -GDB​ -WinDbg​ -IDA Pro​ -Immunity Debugger​

Question 64

Hacking Operating Systems

Answer 64

These are specially designed operating systems preloaded with tools and technologies optimized for hacking. ​ Ex: Kali Linux, SELinux, Knoppix, BackBox Linux

Question 65

Encryption Tools

Answer 65

These tools safeguard the contents of an organization’s data at rest and data in motion. ​ Encryption tools use algorithm schemes to encode the data to prevent unauthorized access to the encrypted data. ​ EX: Veracrypt, Ciphershed, OpenSSH, OpenSSL, Tor, OpenVPN, Stunnel

Question 66

Vulnerability Exploitation Tools

Answer 66

These tools identify whether a remote host is vulnerable to a security attack. ​ Ex: Metasploit, Core Impact, SQLmap, Social Engineer Toolkit, Netsparker

Question 67

Vulnerability Scanners

Answer 67

These tools scan a network or system to identify open ports. ​ They can also be used to scan for known vulnerabilities and scan VMs, BYOD devices, and client databases EX: Nipper, Secunia PSI, Core Impact, Nessus v6, SAINT, Open VAS