3-Network Security

Question 1

Networks based threats

Answer 1

a threat may have the ability to disrupt network communications, or be able to intercept communications in order to acquire sensitive information.

Question 2

spoofing

Answer 2

This is the act of changing the configuration of a device or system in an attempt to masquerade as a different, known, and trusted system.

Question 3

Access bypass

Answer 3

An individual can attach an unauthorized access device, such as a Wi-Fi access point or a dial-in modem, to the network, thereby permitting himself (or others) to access the network while bypassing security controls.

Question 4

Man-in-the-browser attack

Answer 4

This attack involves the installation of a malicious “browser helper object” (BHO) onto a victim’s browser. The malicious BHO alters communication between the browser and the Internet without the victim’s knowledge.

Question 5

Drive-by-attack

Answer 5

malware loaded on websites, that are in turn installed on site’s visitor computer

Question 6

What attacks are propagated via email

Answer 6

Spam, phishing, pharming, and malware

Question 7

What is a pharming attack

Answer 7

Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or consent. Pharming has been called “phishing without a lure.”

Question 8

Phishing

Answer 8

The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers

Question 9

Network Security Countermeasures - NSC

Answer 9

Controls to ensure the integrity and security of a network as one layer of defense in the protection of valuable or sensitive information.

They include: User authentication controls/Machine authentication controls/Anti-Malware/Encryption/ switched networks/IDS/IPS etc.

Question 10

Machine Authentication controls

Answer 10

Ensure that only organization-managed devices can attach to the network.

IEEE 802.1X technology is used to enforce machine authentication controls.

Question 11

Encryption controls

Answer 11

Tunnels between pairs of servers can be established at the OS level using IPsec or SSH

Tunnels between networks can be established using IPsec between pairs of routers

Question 12

switched networks controls

Answer 12

With switched networks, only traffic that a node sees are packets sent explicitly to or from the node, as well as some broadcast traffic. This greatly reduces the risk of eavesdropping, since it may not be practical to encrypt all communications.

Question 13

IDS

Answer 13

Systems used to detect anomalous activities on the network, sending alerts to appropriate personnel when these alerts occur.

Question 14

Type os IDS

Answer 14

• Network based IDS - Usually takes the form of network appliances
• Host based IDS - Software agent installed on each host and a separate managemnet console

Question 15

Snort

Answer 15

An Open source IDS, a software istalled on a server to monitor incoming tarffic.

Question 16

Snort modes

Answer 16

• Sniffer
• Packet logger
• Network intrusion detection

Question 17

IPS

Answer 17

These systems, like IDSs, detect anomalies on the network. However, IPSs are also able to block (internally and externally) malicious traffic

Question 18

Drawback with IPs

Answer 18

A false positive can result in legitimate traffic being blocked.

Question 19

Website filtering

Answer 19

Design to block users’access to categories of website. It limits employees’ access to non business related webiste, and also it block access to known vulnerable websites

Question 20

Data leakage prevention

Answer 20

These systems are designed to detect the transmission of potentially sensitive information into or out of an organization’s network.

Question 21

Application Whitelisting

Answer 21

They examine each executable that is launched; if the executable matches an entry in the tool’s whitelist, it is permitted to run. Otherwise, its execution is blocked.

Question 22

Netwflow

Answer 22

Netflow systems are typically used to troubleshoot network issues (because they can reveal every packet transmitted on the network), but they are handy for security purposes as well, because they can show anomalous network traffic that could be a sign of an intrusion, malware, or data exfiltration.

Question 23

What is a client-server application

Answer 23

A piece of software that runs on a client computer and makes a request to a remote server

Question 24

Security countermeasure to threats and vulnerability in client-server environments.

Answer 24

• Access controls
• Encryption of communication between client-server
• Change management protocol
• Disruption of client software update - Use countermeasure such as synchronization of client-server with server software.
• Stealing of data - use countermeasure such the blocking the use of external storage devices