Ch 4. Securing Your Network

Question 1

HIDS

Answer 1

host based intrusion detection system; software installed on a system to detect attacks. It protects local resources on the host. A HIPS is an extension of HIDS and detects and blocks attacks.

Question 2

NIDS

Answer 2

network based intrusion detection system; a device that detects attacks and raises alerts. A NIDS is installed on network devices, such as routers or firewalls. and monitors network traffic.

Question 3

Port Mirror

Answer 3

a monitoring port on a switch. All traffic going through the switch is also sent to the port mirror.

Question 4

Taps

Answer 4

monitoring ports on a network device. IDSs use taps to capture traffic.

Question 5

Signature Based Detection

Answer 5

a type of monitoring used on intrusion detection and intrusion prevention systems that detects attacks based on known attack patterns documented as attack signatures

Question 6

Heuristic/Behavioral/Anomaly Based Detection

Answer 6

a type of monitoring that can detect unknown anomalies. They start with a performance baseline of normal behavior and then compare network traffic against this baseline. When traffic differs significantly from the baseline, the IDS sends an alert.

Question 7

inline

Answer 7

an IPS is inline with traffic. All traffic passes through the IPS and the IPS can block malicious traffic.

Question 8

out-of-band

Answer 8

an IDS is out-of-band. It monitors the network traffic, but the traffic doesn’t go through the IDS.

Question 9

RAT

Answer 9

Remote Access Trojan; malware that allows an attacker to take control of a system from a remote location

Question 10

SSL/TLS Accelerator

Answer 10

device used to handle TLS traffic. Severs can off-load TLS traffic to improve performance.

Question 11

SSL Decryptor

Answer 11

device used to create separate SSL (or TLS) sessions. They allow other security devices to examine encrypted traffic sent to and from the internet.

Question 12

SDN

Answer 12

software defined network; a method of using software and virtualization technologies to replace hardware routers. SDNs separate the data and control planes.

Question 13

Honeypot

Answer 13

a server that’s left open or appears to have been sloppily locked down, allowing an attacker relatively easy access. Diverts the attacker away from the live network.

Question 14

IEEE 802.1x

Answer 14

a server that provides port-based authentication, ensuring that only authorized clients can connect to a network. It prevents rogue devices from connecting.

Question 15

AP

Answer 15

access point; a device that connects wireless clients to wireless networks. Sometimes called a wireless access point (WAP)

Question 16

Fat AP

Answer 16

includes everything needed to connect wireless clients to a wireless network. Typically includes features such as a routing component, NAT, DHCP, ACLs, etc. Must be configured separately.

Question 17

Thin AP

Answer 17

managed by a wireless controller who configures the AP

Question 18

SSID

Answer 18

service set identifier; the name of a wireless network. SSIDs can be set to broadcast so users can easily see it. Disabling it hides it from casual users

Question 19

WPA/WPA2

Answer 19

Wi-Fi Protected Access; a wireless security protocol. Supports CCMP for encryption, which is based on AES.

Question 20

PSK

Answer 20

Pre-shared Key; a wireless mode that uses a pre-shared key for security.

Question 21

Enterprise

Answer 21

a wireless mode that uses an 802.1x server for security. It forces users to authenticate with a username and password

Question 22

Captive Portal

Answer 22

a technical solution that forces clients using web browsers to complete a specific process before it allows them access to a network

Question 23

Disassociation Attack

Answer 23

removes a wireless client from a wireless network; a disassociation frame is sent to the AP to terminate the connection, the client must then reauthenticate

Question 24

WPS Attack

Answer 24

discovers the eight-digit WPS pin and uses it to discover the AP passphrase

Question 25

Rogue AP

Answer 25

an AP places within a network without official authorization

Question 26

Evil Twin

Answer 26

a rogue AP with the same SSID as a legitimate AP.

Question 27

Jamming

Answer 27

the transmission of noise or another radio signal on the same frequency used by a wireless network

Question 28

IV Attack

Answer 28

a wireless attack that attempts to discover the initialization vector

Question 29

NFC Attack

Answer 29

an attacker uses an NFC reader to capture data from another NFC device. Near Field Communication is a group of standards used on mobile devices that allow them to communicate with other mobile devices when they are close

Question 30

Bluejacking

Answer 30

the practice of sending unsolicited messages to nearby Bluetooth devices

Question 31

Bluesnarfing

Answer 31

refers to the unauthorized access to, or then of information from, a Bluetooth device.

Question 32

Replay Attack

Answer 32

an attacker captures data sent between two entities, modifies it, and then attempts to impersonate one of the parties by replaying the data

Question 33

Split Tunnel

Answer 33

a VPN administrator determines what traffic should use the encrypted tunnel

Question 34

Full Tunnel

Answer 34

all traffic goes through the encrypted tunnel while the user is connected to the VPN

Question 35

NAC

Answer 35

Network Access Control; provide continuous security monitoring by inspecting computers and preventing them from accessing the network if they don’t pass the inspection

Question 36

Permanent Agent

Answer 36

is installed on the client and stays on the client

Question 37

Dissolvable Agent

Answer 37

downloaded and run on the client when the client logs on remotely

Question 38

PAP

Answer 38

Password Authentication Protocol; used with Point-to-Point (PPP) to authenticate clients. A weakness is that it sends passwords over a network in cleartext

Question 39

CHAP

Answer 39

Challenge Handshake Authentication Protocol; uses PPP and authenticates remote users because it does not send passwords with cleartext

Question 40

MS-CHAPv2

Answer 40

Microsoft CHAP; performs mutual authentication, the client authenticates the server and the server authenticates the client

Question 41

RADIUS

Answer 41

Remote Authentication Dial-In User Service; a centralized authentication service

Question 42

TACACS+

Answer 42

the CISCO alternative to RADIUS; it encrypts the entire authentication process and uses multiple challenges and responses between the client and the sever

Question 43

Diameter

Answer 43

an extension of RADIUS that supports many additional capabilities, including securing transmission with EAP