8 - 4: Network Security Techniques

Question 1

Two major objectives

Answer 1

Perimeter security and limit physical access to authorized users and devices

Question 2

Perimeter security

Answer 2

Keeping unwanted users out of the network entirely

Question 3

Access Control Lists

Answer 3

ACLs, the records of users allowed past a firewall

Question 4

Network Access Control

Answer 4

Intercepts network traffic coming from unknown devices and verifies authorization before beginning communication

Question 5

Rules

Answer 5

The simplest form of restriction, expressed as technical terms or business logic

Question 6

NAC Authentication protocol

Answer 6

802.1x

Question 7

Three systems in NAC protocol

Answer 7

1) Device attempting to connect to NAC network, must be running a supplicant 2) a switch that the device connects to, if a wired network 3) back-end authentication server

Question 8

Supplicant

Answer 8

Performs all NAC duties on behalf of user and system

Question 9

Authenticator

Answer 9

On wireless systems, the device/switch which receives credentials from the end user

Question 10

Back-end authentication server

Answer 10

In NAC, performs authentication for all authenticators on the network

Question 11

Additional NAC capabilities

Answer 11

Role-based access and posture checking

Question 12

Role-based access

Answer 12

Once the authenticator knows user identity, it decides where they are placed

Question 13

Posture checkers

Answer 13

Verify that systems connecting to the network meet certain criteria, such as current antivirus software

Question 14

Inbound NAC

Answer 14

NAC device is directly involved with making and enforcing access control

Question 15

Outbound NAC

Answer 15

NAC device makes enforcement decisions, everything else makes the networking decisions

Question 16

Firewall errors

Answer 16

Shadowed rule, promiscuous rules, orphaned rules

Question 17

Shadowed rule

Answer 17

A rule base contains a rule that will never be executed because it is placed in the rule base. Occurs when rules are executed from general to specific

Question 18

Promiscuous rules

Answer 18

Violate the rule of least privilege

Question 19

Orphaned rules

Answer 19

When a system or service is decommissioned but the rules are not removed from the firewall

Question 20

Standard Access Control List entries

Answer 20

access-list [number] [permit/deny] [source] [mask]

Question 21

Extended Access Control Lists

Answer 21

Block addresses based on source and destination addresses, protocols, and ports

Question 22

Why firewalls over routers?

Answer 22

1) purpose specific and efficient 2) advanced rule capability 3) integrate with and have advanced security function

Question 23

VLAN pruning

Answer 23

The least privilege rule applied to the amount of VLANS

Question 24

VLAN hopping

Answer 24

Moving from one VLAN to another with more access/resources, typically by impersonating a switching

Question 25

VLAN hopping

Answer 25

Moving from one VLAN to another with more access/resources, typically by impersonating a switching

Question 26

Mitigating VLAN hopping

Answer 26

Deny automatic VLAN trunk negotiation and only trunk when a net admin allows

Question 27

Port security

Answer 27

Limits MAC addresses to prevent disconnecting devices from switches and replacing them with a rogue device

Question 28

Port security modes

Answer 28

Static and dynamic

Question 29

Static port security

Answer 29

admin manually configures each switch port with the allowable MAC address. Slower but safer

Question 30

Dynamic port security

Answer 30

Admin enables port security then has it remember the first MAC address it sees then restrict access to that one. Faster but riskier

Question 31

DHCP snooping

Answer 31

Blocks malicious DHCP traffic, checking it for proper format and origination

Question 32

SYN flood

Answer 32

An attack sending thousands of partially opened TCP connections of only the initial SYN packets but not answering the SYN-ACK packets

Question 33

MAC flooding

Answer 33

Attackers send large numbers of different MAC addresses to a switch hoping to overflow a switches MAC address table, causing it to forget where devices are, then flood traffic, enabling eavesdropping

Question 34

Flood guard protection

Answer 34

Controls the number of open connections that each source system may have

Question 35

Routing loops

Answer 35

Occur when there are multiple physical paths between two network devices which begin mistakenly routing broadcast traffic redundantly

Question 36

Broadcast storm

Answer 36

When a routing loop occurs and no capacity is left for legitimate use

Question 37

Spanning tree protocol

Answer 37

Prevents loops by allowing multiple physical connections between devices, but restricts logical connections preventing the final links forming a loop

Question 38

Bridge Protocol Data Units

Answer 38

Status massages spanning tree protocols use

Question 39

Firewall log details

Answer 39

Connection attempts, timestamps, relevant firewall rule deployed

Question 40

Firewall log use

Answer 40

1) incident response 2) connectivity issues 3) regular monitoring for anomalous connections

Question 41

Network flow data

Answer 41

Keeps records of network traffic as summary details, but not packet contents or enclosed data

Question 42

SNMP

Answer 42

Simple Network Management Protocol, capable of automating many of the tasks related to administration

Question 43

SNMP components

Answer 43

Managed devices, SNMP agent

Question 44

Managed devices

Answer 44

Any networking devices overseen by SNMP

Question 45

SNMP agent

Answer 45

Software on the managed device allowing communication with the SNMP service

Question 46

Network management system

Answer 46

Central system responsible for communicating with SNMP agents and managing the network

Question 47

Get request

Answer 47

When the network management system wants information from a managed device

Question 48

Current SNMP version

Answer 48

SNMP version 3

Question 49

SNMP trap

Answer 49

Communication sent when a managed device has information to report to the management system

Question 50

Jump boxes

Answer 50

Allow administrative connections for facilitating connection, or jumping, between security zones in a segmented system. Can be a powerful tool to circumvent network segmentation. Have a bunch of different names

Question 51

Darknets

Answer 51

IP address space that is not legitimately used but monitored for attacker activity

Question 52

Honeyfiles

Answer 52

Files intended to look like legitimate data/filters, but actually keep garbage

Question 53

Honeypots

Answer 53

Fake networks intended to lure attackers, but immediately alerts security staff

Question 54

Honeynets

Answer 54

Large-scale, multiple honeypots used to lure attackers

Question 55

DNS sinkhole

Answer 55

Altered DNS records used to reroute malicious botnet traffic