5.2 Network Security

Question 1

Computer networks enable __________ ________ and are essential for many daily activities and devices. Network threats can come from attackers, __________, or ________.

Answer 1

resource sharing;
misconfigurations; outages

Question 2

How can networks be protected? (two ways)

Answer 2

secure design (e.g. segmentation, choke points, redundancies) and implementing devices like firewalls and intrusion detection systems.

Question 3

Network segmentation divides networks into _________, allowing traffic control between segments and localizing issues.

Answer 3

subnets;

Question 4

It can boost performance and prevent unauthorized access to sensitive areas.

Answer 4

Network segmentation

Question 5

Choke points are what? ( 3 things) _____________ in network design can help mitigate issues from failures or attacks.

Answer 5

Locations where network traffic can be inspected, filtered and controlled.
Redundancies

Question 6

_____________ control traffic flow in and out of networks, typically placed at trust boundary points. They examine _______ ________ to allow or disallow traffic based on various factors.

Answer 6

Firewalls;
network packets

Question 7

________ ________ _________s look at individual packet contents to allow/disallow based on source/destination addresses, port numbers, and protocols. This method can be vulnerable to _________________.

Answer 7

Packet filtering firewalls;
attacks spanning multiple packets.

Question 8

What mechanism tracks traffic at a more granular level, monitoring connections over time. They can prevent some intentionally disruptive attack traffic.

Answer 8

Stateful packet inspection firewalls

Question 9

Deep packet inspection firewalls can analyze ________________________, providing more intelligence but also raising____________________.

Answer 9

the actual content of network traffic;
privacy concerns.

Question 10

Proxy servers are _________ _________ ________ that provide security and performance features. They can act as _________ _________and allow traffic logging.

Answer 10

APPLICATION-specific firewalls; choke points

Question 11

________________________uses multiple firewall layers to separate devices from the rest of the network, allowing controlled public access while protecting internal systems.

Answer 11

A demilitarized zone (DMZ)

Question 12

Intrusion detection systems (IDS) ______________, hosts or applications for unauthorized activity.

Answer 12

monitor networks;

Question 13

What are the two types of Intrusion detection systems?

Answer 13

They can use signature-based or anomaly-based detection methods.

Question 14

How does Signature-based IDS work?

Answer 14

compare traffic to known attack signatures. Good except when there is a new attacker whose name is not recognized.

Question 15

How does anomaly-based IDS work?

Answer 15

Looks for deviations from normal traffic patterns. Can produce a large amount of false positives because during normal activity due to unusual amount of traffic.

Question 16

Network IDS placement requires careful consideration to avoid ____________. Putting them behind other _____ devices can help ___________________________.

Answer 16

overload; filtering; reduce obviously unwanted traffic.

Question 17

Host-based IDS monitor individual hosts for _________ _________ __________, looking at __________________, ____________, and other indicators of compromise.

Answer 17

signs of intrusion; system logs, file integrity,

Question 18

Intrusion prevention systems (IPS) are similar to IDS but can do what?

Answer 18

Actively block or prevent detected intrusions, not just detect and alert.

Question 19

__________ _____________ _______________ ___________verify that devices meet security requirements before allowing them to connect to the network.

Answer 19

Network Access Control (NAC) systems

Question 20

Virtual Private Networks (VPNs) do what?

Answer 20

create encrypted tunnels for secure communication over untrusted networks like the Internet.

Question 21

How can VPN be implemented?

Answer 21

VPNs can be implemented using various protocols like IPsec, SSL/TLS, or PPTP, each with different security characteristics.

Question 22

Wireless networks face unique security challenges due to their _______ and ease of .

Answer 22

broadcast nature; interception

Question 23

encryption for wireless networks is considered insecure and should not be used; ________ and __________ are recommended instead.

Answer 23

WEP; WPA or WPA

Question 24

Secure protocols like ___________, ____________, ______________should be used instead of their insecure counterparts to protect data in transit.

Answer 24

HTTPS, SSH, and SFTP

Question 25

Network security tools like Nmap, Wireshark, TCPdump, Kismet, and Metasploit can be used for what?

Answer 25

To test and verify network security measures.

Question 26

__________ and ___________ are _________ systems used to detect, deflect, or study attacker behavior.

Answer 26

Honeypots and honeynets, decoy

Question 27

You can test the security of your firewalls and how they respond using scanning tools such as _______.

Answer 27

Scapy

Question 28

For what might you use the tool Kismet?

Answer 28

To detect wireless devices on a network

Question 29

Explain the concept of segmentation.

Answer 29

Network segmentation creates SUBNETS - you can then control the flow of information between the subnets. Can help with productivity by containing traffic and localizing network issues.

Question 30

What are the two main categories wireless encryption?

Answer 30

WEP(Wired equivalent Privacy and WPA(2,3), wifi protected access

Question 31

What tool might you use to scan for devices on a network?

Answer 31

A port scanner - Nmap

Question 32

Which tools can you use to sniff traffic on a wireless network?

Answer 32

Wireshark, Kismit

Question 33

What would you use if you needed to send sensitive data over an untrusted network?

Answer 33

VPN

Question 34

What would you use a DMZ to protect?

Answer 34

Internal servers behind a public facing website.

Question 35

What is the difference between a stateful firewall and a deep packet inspection firewall?

Answer 35

Stateful firewall examines the structure of the network traffic and filters out undesirable content. Deep packets inspection firewall can reassemble the individual packets to see what is being sent to the destination application.

Question 36

Why are there privacy concerns over deep packet firewall protection?

Answer 36

Someone in control can read all your emails, instant messaging.

Question 37

What can a company use to keep SPAM and malware from reaching employees?

Answer 37

Proxy Server

Question 38

What is a packet crafting attack?

Answer 38

When an attacker uses traffic packets designed to avoid detection by IDS, firewalls and carry malicious code.

Question 39

What is a SSH and why is it useful?

Answer 39

Secure Shell. A safer protocol and you can send many different types of traffic over it.

Question 40

whats a ZERO DAY ATTACK?

Answer 40

A new or unpublished attack or vulnerablility.

Question 41

What is a protocol for securing communications? POP HTML SSH FTP

Answer 41

SSH does secure communications.