1.2 Defensible Network Architecture

Question 1

What ethernet uses to:

• listen before transmitting, ensuring only one station transmits at a time
• monitor transmissions to detect collisions

Answer 1

CSMA/CD - carrier sense with multiple access and collision detection

Question 2

Principle that states that access and software should only be what’s necessary to perform a job and nothing more.

Answer 2

Principle of least privilege

Question 3

method enforcing the idea that devices should not be allowed to communicate with one another simply by the nature of being connected.

Answer 3

Network segmentation

Question 4

networking concept that can observe the entirety of an environment and maintain segmentation in the face of a dynamically changing network, and it’s not hardware dependant.

Answer 4

SDN - software defined networking

Question 5

The idea that no single failure of any single part of the environment will result in a total catastrophic failure of the entirety of the environment. Provided through a tiered architecture.

Answer 5

Defense in depth

Question 6

A tier of the network (network section) used for organizational systems that intend to be public facing such as web servers, email servers and domain name service.

Answer 6

DMZ / semi public

Question 7

Network section that separates DMZ from the private internal Network.

Answer 7

Middleware or proxy

Question 8

Network design that is a high level design overview. Represents internal and external systems, data flow, and overall system behavior.

Answer 8

Conceptual Network design

Question 9

Network design that maps the components of the conceptual design via the use of a network diagram. Includes all identified devices that connect to the network.

Answer 9

Logical network design.

Question 10

Network design that includes detailed aspects of the network components. Including OS versions, patch levels, hardening configurations, risk categorization, etc. Also includes physical risks such as network cable locations, etc

Answer 10

Physical Network design

Question 11

A security control that can attempt to discover sensitive data on our Network systems, monitor for the misuse of that data, and potentially prevent exfiltration.

Answer 11

DLP - data loss prevention

Question 12

Basic devices that connect our systems together to form a network.

Answer 12

Switches

Question 13

Devices that connect networks to networks.

Answer 13

Routers

Question 14

Threat agents that must maintain persistent access to an organization for perhaps an extended period of time, in order to achieve a longer term goal.

Answer 14

APT - advanced persistent threat

Question 15

An attack against a router that results in the service of the device being denied.

Answer 15

DoS - denial of service

Question 16

An attack against a router, where the attack is distributed not originating from a single machine but from a large number of machines, and results in denial of service.

Answer 16

DDoS - distributed denial of service

Question 17

Capture and analysis of the traffic on a network.

Answer 17

Packet sniffing

Question 18

Router attack where the adversary convinces a router to update the routing table resulting in traffic reduction.

Answer 18

Routing table poisoning

Question 19

Router attack where the routers configuration is manipulated so that the traffic is no longer routed properly.

Answer 19

Packet Misrouting

Question 20

Used on switches, these are protocols that are used to aid devices in discovering other devices that also exist on a network.

Answer 20

CDP - Cisco Discovery protocol, or network discovery protocol.

Question 21

Attack against a switch where the attacker floods the MAC address table with fake or non-existent MAC addresses.

Answer 21

MAC flooding

Question 22

Attack against a switch where it downgrades the switches functionality to that of a hub, granting and attacker access to the overall internal network communication.

Answer 22

MAC flooding attack

Question 23

this networking concept defines the interrelationship of network-based components, and can be defined as physical or logical.

Answer 23

Network topologies

Question 24

Common term that refers to a series of standards that allow us to structure a standard communication form prior to physical transmission and to construct and adapt physical cabling related to performance capabilities for wired networks.

Answer 24

Ethernet

Question 25

the idea that the network as a whole is not a single trusted entity. That within the architecture are areas of differing capability, criticality, and security risk.

Answer 25

Network segmentation

Question 26

These separate the two ends of a communication. these will analyze requests to verify that they are expected. That they match the characteristics of an expected request. And that they do not appear to be malicious.

Answer 26

Proxy or middleware.

Question 27

Three key rules to tiered Network architecture design:

Answer 27

1. Any system visible from the internet must be on the DMZ and cannot contain sensitive data
2. any system that has sensitive data must reside on the private Network and must not be accessible from the internet
3. the only way a DMZ system can communicate with the private system is through a middleware or proxy.