What is a zone and what role does trust have in zones?
A zone is an area where all hosts have the same level of trust.
Trust depends largely on which devices, user accounts, services and how traffic is managed and monitored.
ex. A zone with hosts that are highly trusted will have a minimal attack surface, because permitted traffic is strictly defined and extensive security controls are deployed to minimize threats and vulnerabilities.
Low trust host would be the opposite.
What are the general security zones to use as a basis for writing security policies and rules?
Private server administrative networks: Devices are subject to strict hardening and configuration management policies. Hosts, user accounts, and traffic with permission to operate in the zone are continually monitored to ensure compliance with security policies.
Private client network: Devices are subject to security policies and monitoring, but the diverse range of technologies and permissions to use public networks make the zone less than fully trusted.
Guest: Unmanaged devices are allowed to connect, subject to some restrictions and monitoring. This zone is typically untrusted and would not be allowed access to trusted networks.
Public server network: Devices are fully managed but accept connections from unmanaged public clients. Consequently, hosts within this zone are only partially trusted.
Public: The zone is unmanaged and therefore untrusted.
What does it mean for a host to be internet facing?
A Internet-facing host accepts or initiates connections from or to hosts on the public Internet. Internet-facing hosts are placed in a perimeter network zone.
What is the basic principal of a perimeter network zone?
Is that traffic cannot pass through it directly. A perimeter network enables external clients to access data on private systems, such as web servers, without compromising the security of the internal network.
What kind of servers should be placed in a perimiter network?
Typically web servers, mail and other communications servers, proxy servers, and remote access servers.
Servers that provide public access services.
What is a screened subnet?
AKA a DMZ or perimeter Network.
A secure, isolated subnetwork that acts as a buffer between a trusted internal network (intranet) and an untrusted external network (the internet), hosting public-facing services.
What 2 different security configurations must be enabled to configure a perimeter network?
One on the external interface and one on the internal interface.
What are some ways of implementing a perimeter network as a topology?
A screened subnet: It uses two firewalls placed on either side of the perimeter network zone. The screening firewall restricts traffic on the external/public interface and allows permitted traffic to the hosts in the perimeter zone subnet. The internal firewall filters communications between hosts in the perimeter and hosts on the LAN. This firewall is often described as the choke firewall. A choke point is a purposefully narrow gateway that facilitates better access control and easier monitoring.
triple homed: Established using one router/firewall appliance with three (or more) network interfaces. One interface is the public one, another is the perimeter subnet, and the third connects to the LAN. Routing and filtering rules determine what forwarding is allowed between these interfaces.
Can achieve the same sort of configuration as a screened subnet.
What is IDS?
Intrusion Detection System.
Performs real-time analysis of either network traffic or system and application logs.
IDS is configured with signature patterns. Each pattern represents a known type of malicious activity.
It must be kept up to date with the latest signature patterns.
May also be capable of anomaly based detection.
Must be configured with a sniffer to read frames from a mirrored port or TAP.
Typically, an IDS is positioned behind a firewall to monitor traffic entering and exiting a security zone. The aim is to detect suspicious traffic that the firewall has not blocked, providing defense in depth.
What is a IPS?
Intrusion Prevention System.
Can provide an active response to any network threats that it matches.
One typical preventive measure is to end the session by sending a TCP reset packet to the attacking host.
Another measure is for the sensor to apply a temporary filter on the firewall to block the attacker’s IP address (shunning).
IPS functionality is now very commonly built into firewall appliances and proxy servers.
What is anomaly based detection?
First it defines a baseline of normal network traffic and then monitors it. It then looks for anything that falls outside that baseline. The main drawback is that anomaly-based detection generates high levels of false positives, where legitimate traffic is flagged as malicious.
What is a embedded system?
A complete computer system that is designed to perform a specific, dedicated function.
These systems can be as contained as a microcontroller in an intravenous drip-rate meter or as large and complex as the network of control devices managing a water treatment plant.
Can be characterized as static environments (Not able to add or remove programs or data files or update the OS etc.)
What is IOT?
internet of things.
Describes a global network of embedded systems used as or in personal devices, home appliances, home control systems, vehicles, and other items that have been equipped with sensors, software, and network connectivity. They are able to communicate and pass data between themselves and other traditional systems like computer servers. This is often referred to as machine to machine (M2M) communication.
What types of components will a IoT smart device network generally use?
Hub/control system: They usually require a hub for wireless networking. Most IoTs are headless so a headless hub could be implemented as a smart speaker operated by voice control or use a smartphone/PC app for configuration.
Smart Devices: These devices are capable of compute, storage, and network functions that are all potentially vulnerable to exploits.
What are PACS and BAS?
PACS (Physical access control system)
A network of monitored locks, intruder alarms, and video surveillance cameras.
BAS (building automation system) A smart building for offices and datacenters can include PACS, but also network-based configuration and monitoring of heating, ventilation, and air conditioning (HVAC); fire control; power and lighting; and elevators and escalators.
These subsystems are implemented by programmable logic controllers (PLCs) and various types of sensors that measure temperature, air pressure, humidity, room occupancy, and so on.
What is a ICS?
Industrial Control System.
Controls machinery used in critical infrastructure, such as power suppliers, water suppliers, health services etc.
An ICS comprises plant devices and equipment with embedded programmable logic controllers (PLCs).
What is a ICS that processes automation within a single site called?
A distributed control system (DCS).
What is SCADA?
Supervisory Control and Data Acquisition.
It takes the place of a control server in large-scale, multiple-site ICSs. SCADA typically run as software on ordinary computers, gathering data from and managing plant devices and equipment with embedded PLCs, referred to as field devices.
Typically use WAN communications, such as cellular data networks, to link the SCADA server to field devices.
What is a cabled network for industrial systems is referred to as?
An operational technology (OT) network.
What is a OT network?
A communications network designed to implement an industrial control system rather than data networking.
Optimized for real time transfers.
What are some baseband radio technologies?
Narrowband-IoT (NB-IoT): A low power version of the LTE 4G cellular standard. Data rates are limited (20–100 kbps).
Has greater penetrating power, making it more suitable for use in inaccessible locations, such as tunnels or deep within buildings.
LTE Machine Type Communication: This is another low-power system but supports higher bandwidth (up to about 1 Mbps).
What are the 3 principal groups for IoT and embedded systems.
Consumer-grade devices, smart building technology, and industrial systems.
What makes smart devices vulnerable to standard attacks?
Their compute, storage, and network functions.
Smart devices are effectively running mini-computers with compute, storage, and network capabilities.
What is a “data historian” in the context of an ICS?
A database generated by the control loop.
-
Topologies15
-
OSI Model15
-
SOHO Networks7
-
Troubleshooting methodology2
-
Ethernet3
-
Wiring Implementation11
-
Ports6
-
Fiber Optic Cables17
-
Common acronyms4
-
Physical installation factors.. Racks etc12
-
Cable Troubleshooting18
-
Network interfaces8
-
Network Threats and Attacks5
-
Authentication2
-
Hubs Bridges and Switches8
-
Cat cables9
-
switch port configuration and troubleshooting33
-
IP47
-
routing techniques50
-
Headers2
-
Transport and application layer protocols52
-
application services32
-
Supporting Network Management99
-
Explaining Network security concepts53
-
Applying Network Security Features56
-
Supporting Network Security Design30
-
Configuring Wireless networks67
-
Comparing remote access methods25
-
Summarizing cloud concepts9
