14.1 Network Threats

Question 1

Describe (AAA) Authentication Authorization Accounting

Answer 1

describes the three components that are used to protect network access and communications.

Authentication is the act of identifying a network user (i.e., asking for a username and password).
Authorization is permitting or denying of network resources (e.g., allowing users to access files or commands needed to perform their specific role, but denying access to everything else).
Accounting is the process of documenting user actions and collecting user data (e.g., how many resources the user uses, which files the user accesses, etc.).

Question 2

Describe TACACS+

Answer 2

refers to a family of related protocols handling remote authentication and related services for networked access control through a centralized server

Question 3

Describe (RADIUS) Remote Authentication Dial-in User Service

Answer 3

RADIUS is used by Microsoft servers for centralized remote access administration.

Question 4

Describe a Threat actor

Answer 4

a person or organization that poses a threat to an organization’s security. This can be an internal or an external threat. Some threats aren’t even malicious; they can be caused by internal negligence.

Question 5

Describe a White Hat hacker

Answer 5

This is a skilled hacker who uses skills and knowledge for defensive purposes only. White hat hackers interact only with a system that they have explicit permission to access. These are the ethical hackers.

Question 6

Describe Black hat Hacker

Answer 6

This hacker is also very skilled, but uses knowledge and skills for illegal or malicious purposes. A black hat is also known as a cracker. These hackers are highly unethical.

Question 7

Describe Gray Hat Hacker

Answer 7

The gray hat hacker falls in the middle of the white hat and black hat hackers. The gray hat may cross the line of what is ethical, but usually has good intentions and isn’t being malicious like a black hat hacker.

Question 8

Describe Suicide Hacker

Answer 8

A hacker who is concerned only with taking down the target for a cause. This hacker has no concern with being caught or going to jail. The only concern is the cause.

Question 9

Describe Cyber Terrorist

Answer 9

This hacker is motivated by religious or political beliefs and wants to cause severe disruption or widespread fear.

Question 10

Describe State Sponsored Hacker

Answer 10

A hacker who works for a government and attempts to gain top-secret information by hacking other governments.

Question 11

Describe Hacktivist

Answer 11

A hacker whose main purpose is to protest and get views and opinions out there. Hacktivists often deface websites or use denial-of-service attacks.

Question 12

Describe Script Kiddie

Answer 12

This person is extremely unskilled and uses tools and scripts that real hackers have developed.

Question 13

Describe an Advanced Persistent Threat

Answer 13

a stealth attack that gains access to a network or computer system and remains hidden for an extended period of time.

Question 14

Describe Threat Modeling

Answer 14

the process of analyzing the security of the organization and determining security holes

Question 15

Describe Active attack

Answer 15

Active attacks are a perpetrator’s attempt to compromise or affect the operations of a system in some way. For example, a brute force root password attack on a web server is an active attack. A distributed denial of service (DDoS) attack is also an active attack.

Question 16

Describe Passive attack

Answer 16

Passive attacks occur when perpetrators attempt to gather information without affecting the flow of that information from the targeted network. For example, sniffing network packets or performing a port scan are both types of passive attacks. The goal isn’t to immediately compromise a system, but to learn about that system.

Question 17

Describe External attack

Answer 17

External attacks are attempted breaches of a network by unauthorized individuals, typically from off-site. It’s key to remember that the perpetrator in an external attack is unauthorized for any level of access to the network.

Question 18

Describe Inside attack

Answer 18

Inside attacks, on the other hand, are initiated by authorized individuals inside the network’s security perimeter who attempt to access systems or resources and handle them in an unauthorized way. For example, an inside attack is a disgruntled employee accessing confidential company documents and leaking them to the public.

Question 19

Describe Entry Points

Answer 19

Recognize all vulnerabilities and entry points of possible attacks. This includes public-facing servers, workstations, Wi-Fi networks, and personal devices. You must account for anything that connects to the network as a possible entry point.

Question 20

Describe Inherent vulnerabilities

Answer 20

Identify inherent vulnerabilities or systems that lack proper security controls. For example, if your organization uses an older version of Windows for a particular application, then you must identify that system as a vulnerability. IoT and SCADA devices are both systems that lack proper security controls, and therefore must be dealt with appropriately.

Question 21

Describe Documentation

Answer 21

Document all network assets in your organization and create a suitable network diagram that you can use as a reference. This is probably one of the most important components of knowing your system. If you don’t know the underlying infrastructure of your network, then you can’t adequately secure it. Proper network documentation and diagrams will not only help you identify a weak network architecture or design, but protect against system sprawl and unknown systems.

Question 22

Describe Network Baseline

Answer 22

Identify a network baseline. This means that you need to know your systems’ normal activity, such as its regular traffic patterns, data usage, network activity, server load, etc. Mainly, you need to know what your network looks like in normal day-to-day usage. Knowing this allows you to identify unusual or atypical activity that can indicate an attack in progress or a compromised network. To identify a network baseline, you can use network tools that monitor network traffic and create a graphical representation of the collected data, such as Cisco’s NetFlow tool.

Question 23

Describe Network Segmentation

Answer 23

imiting network damage from a compromised system or systems.

Question 24

What is the most common way to implement network segmentation

Answer 24

is to create multiple VLANs for each network zone. These zones can also be separated by firewalls to ensure only specific traffic is allowed. You can categorize systems into different zones (for example, a no-trust zone, low-trust zone, medium-trust zone, high-trust zone, and highest-trust zone).