3.3 Implement secure network design

Question 1

Load balancing: what is load balancing ?

Answer 1

A way to distribute the load that is incomming across multiple devices. Thereby, making the resource available to more user than having a single server in place.

Question 2

Load balancing: what is one of the advantage of load balancer ?

Answer 2

Fault tolerance: if a server fail, the others ones can be use.

Question 3

Load balancing: how load balancer work ?

Question 4

Load balancing: can load balancer perform encyption ?

Answer 4

Yes, using SSL offload

Question 5

Load balancing: how to configure a load balancer ?

Answer 5

• Round-robin
• Weighted round-robin
• Dynamic round-robin
• Active/active load balancing
• Active/passive load balancing

Question 6

Load balancing: what is round robin way to configure load balancer?

Answer 6

The traffic is distributed turn by turn: each server is selected in turn
Ex: user1 get server1, user2 get server2 …

Question 7

Load balancing: what is weighted round-robin way to configure load balancer?

Answer 7

The traffic is prioritize on one server over another.
Ex: one of the server will receive half of the available load and the other server would make up the rest of that load

Question 8

Load balancing: what is dynamic round-robin way to configure load balancer?

Answer 8

Monitor the server load and distribute to the server with the lowest use

Question 9

Load balancing: what is active/active load balancing way to configure load balancer?

Answer 9

All of the server are active simutaneously

Question 10

Load balancing: what is “affinity” for load balancer?

Answer 10

Certains application may need to communicate through a load balancer will always be distributed to the same server.
This is done by tracked through IP address or sessions IDs

Question 11

Network segmentation: what is network segmentation ?

Answer 11

Network segmentation is a network security technique that divides a network into smaller, distinct sub-networks that enable network teams to compartmentalize the sub-networks and deliver unique security controls and services to each sub-network.

Question 12

Network segmentation: why network can be segmented ?

Answer 12

For performance (application with banwidth), security and compliance

Question 13

Network segmentation: what are the different types of network segmentation ?

Answer 13

• Physical
• Logical
• Virtual

Question 14

Network segmentation: what is network physical segmentation?

Answer 14

Devices are physically separate. Also refered as “air gap” as the 2 devices are not physically connected and need to be connected if they want to communicate

Question 15

Network segmentation: what is the disadvantage of network physical segmentation?

Answer 15

Each device needs to be configured, updated and interface managed separately

Question 16

Network segmentation: what is network logical segmentation?

Answer 16

Devices are logically separated using VLAN

Question 17

Network segmentation: what is a screened subnet (DMZ)?

Answer 17

It refers to a network architecture where a single firewall is used with three network interfaces. It provides additional protection from outside cyber attacks by adding a perimeter network to isolate or separate the internal network from the public-facing internet.

Question 18

Network segmentation: what is a extranet?

Answer 18

An extranet is a private network similar to an intranet, but typically open to external parties, such as business partners, suppliers, key customers, etc. The main purpose of an extranet is to allow users to exchange data and applications, and share information.

Question 19

Network segmentation: what is an intranet?

Answer 19

A private network contained within an enterprise that is used to securely share company information and computing resources among employees

Question 20

Network segmentation: what is zero trust principle?

Answer 20

Zero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.

Question 21

VPN: what is a VPN?

Answer 21

Establish a protected network connection when using public networks. VPNs encrypt your internet traffic and disguise your online identity.

Question 22

VPN: what is a VPN concentrator ?

Answer 22

VPN concentrators are used to connect many remote networks and clients to a central corporate network. They are used to protect the communications between remote branches or remote clients – such as workstations, tablets, phones and IoT devices – to corporate networks.

Question 23

VPN: what is SSL VPN ?

Answer 23

VPN that uses common SSL/TLS protocol to communicate (port 443)

Question 24

VPN: is a VPN always secure ?

Answer 24

No. VPNs expose entire networks to threats like distributed denial-of-service (DDoS), sniffing and spoofing attacks. Once an attacker or malware has breached a network through a compromised user device connected to it, it can bring down an entire network.

Question 25

VPN: what is IPsec ?

Answer 25

An IPsec VPN is a VPN that uses the IPsec protocol suite to establish and maintain the privacy of communication between devices, apps or networks over the public internet. IPsec VPN uses a technique called “tunneling” to encrypt the data that is being sent between the device and the VPN server.

Question 26

Port security: what are the different types of ports that exist ?

Answer 26

There are two classes of ports – physical and virtual. Physical switch interfaces is an example of a physical port while a TCP/IP port is an example of a virtual port. Virtual ports outnumber physical ports.
The logical (or virtual) port is the software port the link is made to from the other side of the internet.

Question 27

Port security: what is the goal of physical port security ?

Answer 27

Control and protect the network by limiting overall traffic, watch for unusual or uwanted traffic

Question 28

Port security: what are the different ways to bring physical port security ?

Answer 28

• Broadcasts
• Loop prevention
• Port fast
• DHCP snooping

Question 29

Port security: what is broadcasts ?

Answer 29

Sends information to everyone at once so that every device examine the broadcast. However this is limited to the broadcast domain (ex: vlan)

Question 30

Port security: what is loop ?

Answer 30

A loop occurs when 2 switches are connected to each other and send traffic bacl & forth forever. Leading to network down

Question 31

Port security: what is 802.1D standard ?

Answer 31

A loop protection standard to prevent loops in switched network using a spanning tree protocol (STP)

Question 32

Port security: what is STP ?

Answer 32

Spanning Tree Protocol is a network protocol that builds a loop-free logical topology for Ethernet networks.

Question 33

Port security: what is port fast?

Answer 33

The PortFast feature is introduced to avoid network connectivity issues. These issues are caused by delays in STP enabled ports moving from blocking-state to forwarding-state after transitioning from the listening and learning states.

Question 34

Port security: what is DHCP snooping?

Answer 34

The DHCP snooping feature determines whether traffic sources are trusted or untrusted.

Question 35

Port security: what is MAC filtering?

Answer 35

It allows the administrator of this device to either allow or disallow traffic based on the MAC address communicate on the network

Question 36

Port security: what is the disadvantage of MAC filtering?

Answer 36

There is no security mechanism at layer 2 that can obscure or encrypt MAC addresses. So anyone can connect and listen to the network to collect a list of MAC address allowed on the network. Then simply change their MAC address to match one of the MAC addresse that’s allowed

Question 37

Secure networking: what is DNSSEC ?

Answer 37

Domain Name System Security Extensions validate DNS responses: origin authentication and data integrity.

Question 38

Secure networking: how DNSSEC validates the responses ?

Answer 38

It is done thanks to public key cryptography: DNS records are signed with a trusted 3rd party then signed DNS recors are published in DNS

Question 39

Secure networking: why DNS security is important ?

Answer 39

Using DNS security can stop end users ftom visiting dangerous sites.
For ex by using a sinkhole address

Question 40

Secure networking: what is DNS sinkhole ?

Answer 40

DNS Sinkholing is a mechanism aimed at protecting users by intercepting DNS request attempting to connect to known malicious or unwanted domains and returning a false, or rather controlled IP address.
Dummy explaination: a query to a known malicious address can be identified by the DNS and it will take action for you not to visit it

Question 41

Secure networking: what is QoS ?

Answer 41

Quality of Service is the process of controlling traffic flow: you prioritize traffic performance for certains devices, applications etc.
For ex; VoIP has priority over web-browsing in a call center. You can also priotitize bandwidth, traffic rate, VLAN etc

Question 42

Secure networking: what is IPv6?

Answer 42

It helps identify and local endpoint systems on a computer network and route online traffic while addressing the problem of IPv4 address depletion (diminution) due to prolonged internet use worldwide

Question 43

Secure networking: why IPv6 is more secure than IPv4 ?

Answer 43

More difficult to IP/port scan (but not impossible).
Some attacks disappear like APR which is removed in IPv6 so there will be no APR spoofing

Question 44

Secure networking: what is port mirror ?

Answer 44

It is used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port. This is used for network monitoring by IDS system for ex.

Question 45

Secure networking: what is FIM?

Answer 45

File Integrity Monitoring: monitor important OS and application files and identify when changes occurs: if those files are modify, the admin will get an alert

Question 46

Firewalls: what is a firewall?

Answer 46

Control the flow of network traffic

Question 47

Firewalls: why is a firewall important ?

Answer 47

Control of inappropriate content (not safe for work, parental control etc)

Question 48

Firewalls: what are the differents type of firewall ?

Answer 48

• Stateless firewall
• Stateful firewall
• NGFW
• WAF

Question 49

Firewalls: what is a network-based firewall?

Answer 49

Layer3 device. A network firewall is hardware or software that restricts and permits the flow of traffic between networks. Network firewalls help prevent cyberattacks by enforcing policies that block unauthorized traffic from accessing a secure network.

Question 50

Firewalls: what is a stateless firewall ?

Answer 50

Firewall that doesn’t store information about the current state of a network connection. Instead, it evaluates each packet individually and attempts to determine whether it is authorized or unauthorized based on the data that it contains.

Ex: For each communication, you need to create 2 rules one from the user to the server, an one from the server to the user

Question 51

Firewalls: what can be the security issue with stateless firewall?

Answer 51

For ex, in a client-server communication. If an attacker take advantage of the server and wants to communicate with a user, the firewall won’t stop it (because it just follow the rule set)

Question 52

Firewalls: are stateless firewall used a lot ?

Answer 52

No. Old generation of firewall.

Question 53

Firewalls: what is a stateful firewall ?

Answer 53

Stateful firewall is a network-based firewall that individually tracks sessions of network connections traversing it.

Question 54

Firewalls: what is a stateless vs stateful firewall ?

Answer 54

• Stateless Firewall works by treating each packet as an isolated unit,
• Stateful firewalls work by maintaining context about active sessions and use “state information” to speed packet processing

Question 55

Firewalls: are stateful firewall more secure than stateless ?

Answer 55

Yes. Because if an attacker infect a server, he will not be able to send packets to a user because the rule will not match

Question 56

Firewalls: what is UTM ?

Answer 56

Unified Threat Management also called web security gateway is a all-in one device: it provides URL filter, content inspection, malware inspection, SPAM filter, firewall, IDS/IPS functionnality…
This is the ancient NGFW

Question 57

Firewalls: what is NGFW ?

Answer 57

Application layer device.
A next-generation firewall (NGFW) is a network security device that provides capabilities beyond a traditional, stateful firewall. While a traditional firewall typically provides stateful inspection of incoming and outgoing network traffic, a next-generation firewall includes additional features like application awareness and control, integrated intrusion prevention, and cloud-delivered threat intelligence.

Question 58

Firewalls: what are the different name for NGFW ?

Answer 58

• Application layer gateway
• Stateful multiplayer inspection
  -Deep packet inspection

Question 59

Firewalls: what features can be provided in a NGFW ?

Answer 59

• Blocking threats at network edge
• Geolocation
• Reverse proxy / web gateway
• IDS/IPS
• URL / content filtering

Question 60

Firewalls: what is a WAF ?

Answer 60

Web application firewall (WAF) is a firewall for HTTP/HTTPS communication. Instead of allow/deny traffic based on the IP/port, it does it based on the input to that particular application.

Ex: it will recognize a SQL injection

Question 61

Firewalls: what is a ACLs ?

Answer 61

Access control lists: allow/deny traffic based on tuples (= grouping of information such as source, destination IP, port nb, time of day etc)

Question 62

Firewalls: how to managed firewall rules ?

Answer 62

• Analyzing rule anomalies that affect the performance of the firewall.
• Reordering existing rules to improve rule performance.
• Identifying and removing unused rules.
• Analyzing the impact of a new rule on the existing rule set before making it live in the firewall.

Question 63

NAC: how to control the access to a network ?

Answer 63

• Control at the edge: firewall, setting up rules
• Access control: control the access to the network based on a nb of != criteria (user, group, location, application)

Question 64

NAC: what is a posture assessment ?

Answer 64

A device health check is perform before connecting to the network: antivirus install? updated ? trusted device? mobile device? disk encrypted ?

This assessment needs to be perform no matter the type of device: windows, linux, macOS

Question 65

NAC: why posture assessment is important ?

Answer 65

Because you cannot trust everyone’s computer, espacially when the staff work with their own device (Bring Your Own Device)

Question 66

NAC: how to perform posture assessment ?

Answer 66

• Use persistent agents: software install on the laptop permanently and software run when connecting to the network.
• Use dissolvable agents: no software is permanently install, the software run only when the device try to connect to the network and perform the posture assessment
• Agentless NAC: integrated with AD, checks are made during login and logoff

Question 67

NAC: what happens when a posture assessment fails ?

Answer 67

The device is not allow to access the network because the security requirements are not met. And often, it is put in a quarantine network and the admin is notify

Question 68

Proxy servers: what is a proxy server ?

Answer 68

A proxy server acts as a gateway between you and the internet. It’s an intermediary server separating end users from the websites they browse.

Question 69

Proxy servers: how proxy server works ?

Answer 69

Receives the user request and sends the request on their behalf (the proxy)

Question 70

Proxy servers: what is a NAT ?

Answer 70

Network Address Translation is a way to map multiple private addresses inside a local network to a public IP address before transferring the information onto the internet.

Question 71

Proxy servers: what is proxy vs. NAT ?

Answer 71

NAT works at the network layer while proxy at the application layer. NAT is transparent to various applications, whereas proxy must resort to the IP address of the proxy server specified in application programs. For example, to access a web page by using NAT, no configuration is required in the browser.

Question 72

Proxy servers: what is a forward proxy ?

Answer 72

Internal user => Proxy => web server

Question 73

Proxy servers: what is a reverse proxy ?

Answer 73

User from the internet => proxy => web server

The request come from the internet user to the web server. The proxy will examine the requests and make sure none of the request are malicious

Question 74

Proxy servers: what is a forward vs reverse proxy ?

Answer 74

A traditional forward proxy server allows multiple clients to route traffic to an external network. For instance, a business may have a proxy that routes and filters employee traffic to the public Internet. A reverse proxy, on the other hand, routes traffic on behalf of multiple servers.

Question 75

Intrusion prevention: what are the different intrusion system and what are they using for ?

Answer 75

IDS/IPS are used to detection intrusion on a system, host, network

Question 76

Intrusion prevention: how an IPS/IDS know what is malicious ?

Answer 76

• By looking at the signature (siganture-based)
• Anomaly-based: analyse the network to identify what is abnormal
• Behavior-based: observe and report unusual behavior (eg. SQL injection etc)
• Heuristics: use AI to identify

Question 77

Other network security: what is a jump server?

Answer 77

A jump server is a hardened and monitored device that provides an access to a protected network. Often use with SSH, VPN, RDP that will go trhough the jump server

Question 78

Other network security: what is a HSM?

Answer 78

Hardware Security Module: high-end cryptographic hardware

Question 79

Other network security: what is a sensors and collector?

Answer 79

Aggregate info from network devices:
- Sensors: built-in sensor or separate devices integrated into switches, router etc. It gather data on the firewall logs, auth logs, DB log etc and send it to the collector
- Collectors: console that display the data gathered by the sensor and display it in a screen