Network Segmentation

Question 1

What are the 3 types of firewalls and what are the differences?

Answer 1

Stateless Packet-Filtering: Has a set of rules for in- and outbound traffic, that are blindly followed.

Stateful Packet-Filtering: Also has a set of rules of in- and outbound traffic, but if I send a request out, the firewall knows that and lets the incoming response in, even if it otherwise would have been blocked.

Next-Gen Firewalls (NGFW): Runs on Layers 5-7 and thus can do way deeper packer inspections and be way more precise. They mostly use ACLs.

Question 2

What is a UTM?

Answer 2

A Unified Threat Management Device (UTM): Combines all types of protection into one device. It includes firewall, router, IDS/IPS, anti-malware etc.
It can be software, hardware, on premise or in the cloud.

Question 3

What are 4 basic best practices for ACL rules?

Answer 3

1. Block all requests from internal/private loopback IPs and multicast IPs that come from the internet.
2. Block incoming traffic from protocols that should be only used locally
3. If youre not using IPv6, block all IPv6 traffic.
4. Include a deny all entry at the end of the ACL to only allow what is specifically allowed in the rules above.

Question 4

What are the 3 most important segmentation zones?

Answer 4

1. The trusted Zone: Inside the LAN, inbound traffic only allowed if requested.
2. Screened Subnet: In-between zone with mail- and webservers etc. Some inbound traffic is allowed, but because of that its separated from the trusted zone.
3. Untrusted zone: The internet and other external networks. No inbound traffic from there unless requested from the trusted or screened zone.

Question 5

What is a Bastion Host and a Jumpbox?

Answer 5

Bastion Host: A host running on the screened subnet and is NOT running anything serving the local network.

Jumpbox: A server in the screened subnet that works as entry point from the local network to connect to devices in the screened subnet. As the only entry point, it needs to be well hardened.

Question 6

What are the 4 main categories of IoT devices?

Answer 6

• Hub & Control Systems
• Smart devices
• Wearables
• Sensors

Question 7

What are the 7 steps to remain secure with IoT devices?

Answer 7

• Understand endpoints
• Track & Manage devices
• Patch vulnerabilities
• Conduct a pentest
• Change default creds
• Use encryption
• Segment IoT from the rest

Question 8

What are ICSs & SCADA?

Answer 8

Industrial Control Systems (ICS) are used to control Operational Technology (OT) like manufacturing machines etc. separated from the IT network.
SCADAs are a type of ICS that is used to manage large scale multi-site devices, spread over many geographical locations, controlled from a computer.

Question 9

What are the Control and the Data Plane in Zero Trust?

Answer 9

Control Plane: Framework responsible for defining, managing and enforcing policies.

Data Plane: Used to properly implement zero trust architecture.

Question 10

What are the 4 integral parts of Zero Trust?

Answer 10

1. Subject System
2. Policy Engine
3. Policy Admin
4. Policy Enforcement Point

Question 11

Whats the difference between Full & Split Tunnel VPN?

Answer 11

Full Tunnel: All traffic gets encrypted and routed through the VPN.

Split Tunnel: Only traffic which is for the office you want to connect to with the VPN gets encrypted and routed through the VPN tunnel & all other traffic goes out directly.

Question 12

What are the 3 older VPN protocols and whats the main protocol?

Answer 12

Layer2 Tunneling Protocol (L2TP): Lacks security and encryption features.

Layer2 Forwarding (L2F): Provides tunneling for P2P protocol. No encryption.

Point to Point Tunneling Protocol (PPTP): Supports dial up networks but lacks security by default.

The best and most secure protocol is IPSec.

Question 13

What are the 6 main remote access management protocols and their ports??

Answer 13

1. Telnet, Port 23
2. SSH, Port 22
3. Remote Desktop Protocol (RDP), Port 3389
4. Remote Desktop Gateway (RDG), Gateway for secure RDP connections
5. Virtual Network Computing (VNC), Port 5900, like RDP but cross platform
6. Virtual Desktop Infrastructure (VDI), delivers virtual desktop over network

Question 14

What is In/Out of Band management?

Answer 14

With In Band Management you are configuring devices from inside the network.

Out of Band Management has a separate network for configuring devices, so regular users cannot connect to management consoles. Using the console port on a device also counts as Out of Band.