8. Network Defense Flashcards

1
Q

layers of network defence

A

defences are layered as attacks are also layered

  1. first level
    - firewall to control access to/from unauthorised network
  2. second level
    - intrustion detection/protection against malicious network activity
  3. third level
    - VPM provides encryption over public IP network
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

firewall

A

can be implemented as hardware/software
monitor and filter traffic

zero trust model

  • don’t trust external
  • don’t trust employees
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

attacks that firewall can prevent

A
  1. port scanning(limited)
  2. wardriving
  3. DDoS (limited)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

packet filtering

A

stateless firewall

  • look at each packet
  • does not look connection

stateful firewall

  • look at connections and maintain state table
  • use table to maintain security policies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

intrusion detection system IDS

A
  1. detects unauthorised access to network without traffic through it
  2. HUB: promiscuous mode
  3. SWITCH: port mirroring
  4. can be extended to host based IDS
    - inspect contents on the endpoints
    - deep packet inspection
    - covers larger scope
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

intrusion protection system IPS

A
  1. does what IDS does + protection

2. located between firewall and internal network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

proxies

A
  1. protects by redirecting requests at application layer
    - dedicated checks for each service protocol in application layer
    - not suitable for real time service
  2. scans incoming traffic and conduct DPI
  3. compute intensive
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

virtual private network

A
  1. authentication
    - user must be authenticated before secure tunnel is established
  2. tunneling
    - encapsulation using own protocol
  3. encryption
    - data is protected when using tunnel
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

security protocols for VPN

A
  1. IPSec
    - encryption takes place in 2 stages IKEv1
    - need keys
    - able to guess keys based on the error response from server
    - IKEv2 fix error but prone to dictionary attack
  2. TLS
    - faster and better security
    - the closer the guess is to the actual password, the shorter the error message
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

honey pots

A
  1. deliberately weakened endpoint
  2. decoy
  3. setup in VM and isolated
  4. need to change often to look convincing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

network attacks

A
  1. port spoofing
  2. port scanning
  3. router
    - evil twin
  4. hotspot hijacking
    - evil twin
  5. DoS
  6. packet sniffing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

port spoofing

A
  • SSH usually assigned to port 22
  • security tools used to lock down port 22
  • SSH commands can be embedded to other protocols for different port
  • can be spotted by DPI
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

port scanning

A

check ports to see which are open, closed, filtered
find the application running behind the port
1. TCP scan
- send SYN to ports
- if port open, port will reply with SYN ACK
- if port closed, port will reply with RST ACK

  1. half open scan
    - immediately remove connection by sending RST if port is open.
    - port remains open
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

TCP scan pro/con

A

advantages

  • no special privileges
  • accurate in determining TCP services
  • can distinguish between open, close, filtered

disadvantages

  • time consuming
  • easily detected by IPS/IDS
  • recorded in target’s log
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

half open scan pro/con

A

advantages

  • faster than tcp
  • stealthy (no target log)
  • able to differentiate open, close, filtered

disadvantage

  • require privilege access
  • some firewall watch out for half open scans
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

advance port scanning techniques

A
  1. random scan
  2. slow scan
    - take a few days
  3. fragmented scan
  4. decoy scan
    - many decoys, dk which one is real attacker
  5. coordinated scan
    - each person scan a range of ports
17
Q

packet sniffing

A
  1. passive sniffing use sniffer to monitor network packets
  2. difficult to detect but does not work well with switched network
  3. HUB: promecuous mode
  4. SWITCH: active sniffing, ARP poisoning to route all traffic to attacker
18
Q

ARP poisoning

A
  1. request
    - when nodes request for IP address, attacker replies
    - may cause conflicts if legit also replies
  2. solicitation
    - attacker sends out its credentials to make other nodes update their routing table